DHS Warns Employees Of Potential Breach Of Private Data | DarkReading
A vulnerability in software used by a DHS vendor potentially exposed information ranging from social security numbers to names and birthdays. The U.S. Department of Homeland Security is warning current and former employees that their data may have been compromised after a vulnerability was uncovered in software used by a DHS vendor to process personnel [...]
Iran accused of hacking US energy companies | TechEye
In an effort to prove that it can be almost as menacing as China, Iran has apparently hacked a bunch of US energy companies. The Wall Street Journal claims the hackers were able to access control system software in several oil, gas and power companies. US officials compared the attacks to cyber reconnaissance missions. They believe the small [...]
Twitter Enables Two-Factor Authentication | threatpost
Responding to a wave of high-profile account takeovers in recent months, Twitter has implemented a phone-based two-factor authentication scheme that will require a numerical code along with a username and password when users log in to their accounts. The feature, known as login verification, is similar to one used by Google in its Gmail service. The [...]
US ISP to rip out Huawei equipment | itnews
Security concerns. Huawei’s bad luck in the US continues, after wireless ISP Clearwire announced it will reduce the amount of equipment from the Chinese telco vendor it uses in its TDD-LTE network rollout due to national security concerns. Clearwire chief technical officer John Saw said Huawei currently represents less than five per cent of the [...]
Darkleech infects scores of Apache servers | The H Security
For at least nine months, the Darkleech malware is believed to have injected invisible iFrames that link to malicious web pages into thousands of web sites. The malware uses an Apache web server module to add the iFrames, although no credible attack vector has been identified as the route for the malicious module installation. Darkleech is also [...]
Call centers under attack in targeted cyber-blackmail scheme | The Register
Crooks blasting public-safety phone lines with calls. The US Department of Homeland Security (DHS) has cautioned public-safety call centers against the rise of so-called telephony denial of service (TDoS) attacks, which it says have the potential to cripple local telephone exchanges. The warning was issued in March in a confidential Situational Awareness Update that was obtained by [...]
Market for DDoS prevention to hit $870 million | SC Magazine
A new study has found that the market for distributed denial-of-service (DDoS) and DoS attack mitigation solutions is projected to grow 18.2 percent between 2012 and 2017, hitting $870 million in spending. Market intelligence firm IDC last week released its “Worldwide DDoS Prevention Products and Services 2013-2017 Forecast” study. The report predicted “volumetric” attacks will [...]
Should Cloud Providers Secure Their Outbound Traffic? | Dark Reading
As attackers focus on using hosted or virtual servers to power their denial-of-service attacks, calls for a cleaner cloud may become louder. Discerning between malicious traffic and legitimate traffic in real time is challenging for companies targeted by distributed denial-of-service attacks, but the task is made more difficult when the attacks come from reputable Internet [...]
Russian malware spies on US ATMs | The H Security
Security firm Group-IB has identified a malware program called Dump Memory Grabber that can take debit and credit card data from point-of-sale (POS) terminals and ATMs. The researchers say that the program has already been used to steal data from clients of US banks including Chase, Capital One, Citibank, and Union Bank N.A. as well [...]
Some iMessage Accounts Hit Hard by Mass Messaging, DoS Attacks | threatpost
A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week. The attacks, which are really more distracting [...]
US Congress bans buying Chinese IT | TechEye
NASA, DoJ and Commerce departments can’t buy. The US Congress has installed a new cyber-espionage review process for government technology purchases which effectively pushes Chinese companies out into the cold. The funding law signed this week by President Barack Obama is part of growing US paranoia over Chinese cyber attacks. It stops NASA, and the Justice [...]
Misconfigured, Open DNS Servers Used In Record-Breaking DDoS Attack | Dark Reading
Biggest-ever distributed denial-of-service attack originally aimed at Spamhaus escalates and hits other corners of the Net. This was not your typical hacktivist DDoS attack: a massive, 300 gigabits-per-second traffic attack against volunteer spam filtering organization Spamhaus spread yesterday to multiple Internet exchanges and ultimately slowed traffic for users mainly in Europe. Security experts say the [...]
Another Java exploit spreading | SC Magazine
In what has become a familiar refrain, security researchers have spotted another Java zero-dayvulnerability under active attack. Network security company FireEye said the vulnerability being exploited in the wild is present in the most up-to-date versions of Java SE software: version 6 Update 41 and version 7 Update 15, researchers Darien Kindlund and Yichong Lin wrote [...]
Evernote hacked: Emails, encrypted passwords stolen | SlashGear
Cloud notetaking service Evernote has been hacked, the company has revealed today, with an unidentified attacker compromising servers and extracting usernames, email addresses, and encrypted passwords. The attack has forced a mandatory password reset, meaning all users must change their password before they can log back into their account, but Evernote says there is no evidence of either notes being [...]
Google Security Vulnerability Allowed Two-Step Verification Bypass | DarkReading
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user’s Google account. Google has fixed a security hole that permitted attackers to potentially bypass the company’s two-step verification feature and take over user accounts. According to Duo Security, the vulnerability rested in the way application-specific passwords (ASPs) were used [...]
