Report

SophosLabs: Want a free password for one of the world’s most popular adult websites? YouPorn, one of the world’s most popular porn video websites and one of the top 100 websites of any kind in the world, appears to have been caught with its pants down – after a list of many of its users’ email addresses, passwords and dates of birth were left exposed on a public-facing server. ...

The H-Online: According to a report, hackers, allegedly from China, had access to telecoms equipment manufacturer Nortel‘s IT systems over a period of several years – access that they took full advantage of. Citing an internal investigation, the Wall Street Journal reported on Tuesday that, using seven passwords stolen from senior managers, intruders had access to almost all confidential information within Nortel from 2000 onwards. Brian Shields, the manager who led the Nortel investigation, is quoted as saying that the hackers “had access to everything”. Huge volumes of technical documents, research and development (R&D) reports, business plans and emails were downloaded over the course of several years. “They had plenty of time,” said Shields, “All they had to do was figure out what they wanted.” The seven stolen passwords included the password belonging to the company’s then CEO. The attackers have not been identified, but the WSJ notes that they appear to have been working from China. ...

SophosLabs: A hacker, identified as a 17-year-old based in Morocco, claims to have stolen the personal information of 350,000 users from hardcore porn mavens Brazzers. The point, claims the hacker, was to highlight a security vulnerability on the adult site. According to reports, the teen uploaded a small small of the stolen data to the internet, displaying customer emails, usernames and passwords. Presumably to offer up proof that he was behind the breach. ...

SophosLabs: It’s Valentine’s Day tomorrow and the spammers are out in force to make the most of unwitting shoppers on the international day of love. Looking to buy a present for someone this Valentine’s Day? Ooh look what popped into my inbox, an email inviting me to buy my Valentine an *ahem* “romantic” gift. Valentine’s Day, the 14th February, is the day we celebrate our feelings of affection for our boyfriends, girlfriends, husbands and wives. It is traditional to do this with a special romantic gift. Looking for a Valentine’s Day Gift for him or the perfect token of love for her? Look no further than here! ...

The Hacker News: Hackers from Team r00tw0rm again hit NASA. According to Latest tweet by Hackers, They claim to hack the one of the Sudomain of Nasa (Link is not exposed by hackers and claimed to be reported for Fix). Hackers claim to hack GB’s of database and they Leaked sample of database include Users names, emails and Passwords , Contact as shown: ...

The Hacker News: Today, Hackers from group EvilShadow successfully hack and deface the website of Microsoft Store India (http://www.microsoftstore.co.in) . But Hacker upload his deface page at location http://www.microsoftstore.co.in/evil.html . Hacker revealed that user passwords were saved in plain text as shown below:

The Register: Microsoft plans to publish nine updates next Tuesday – four of which are critical – as part of a Valentine’s Day edition of its Patch Tuesday update cycle. Highlights of the batch, which collectively address 21 vulnerabilities, include a critical update for Internet Explorer. There are also two critical fixes for Windows itself, plus one for Microsoft’s .NET framework. Three the five remaining “important” fixes grapple with remote code execution-type vulnerabilities, one of which involves Office. Flaws of this type are best addressed sooner rather than later because they might easily be exploited by malware slingers. ...

The Inquirer: A Hacker using the pseudonyms ‘Weedgrower’ or ‘X-pOSed’ claims that he has compromised Intel and obtained sensitive data. The solo hacker claims to have found a flaw in the subscriber segment of Intel’s web site, according to The Hacker News. He said that he has access to sensitive data that includes credit card numbers, email addresses and passwords. Weedgrower said, “I’ve got to give some applause to all these pseudo-security technicians out there. I cut Intel a break, I have access to a database and another vulnerability which enables the right to read user data. I’ll be gracious here and NOT spill the data, but I will provide screenshots to prove that I have access to Credit Card data and such.” ...

SophosLabs: The CIA’s website was brought down for some hours last night by what appears to have been an internet distributed denial-of-service (DDoS) attack. A post made from an Anonymous-affiliated Twitter account announced that the site was doing using the phrase “CIA Tango Down”, although a later tweet left ambiguity as to whether the hacktivists were claiming responsibility for the attack. Of course, this is one of the challenges when trying to get a sense of what actions can be attributed to Anonymous or not. ...

SophosLabs: One of the largest ISPs in The Netherlands has shut down its email services after hackers posted usernames, passwords, phone numbers, addresses and more of more than 500 customers on the internet. KPN discovered the attackers on its network January 27th, but decided not to disclose the information immediately after consulting with the Dutch government and law enforcement agencies. Presumably this was intended to allow them to monitor the attacker and gather evidence that might be used to apprehend and prosecute them. ...