Blog Posts Tagged with "breach"
Bit9 Suffers Breach After Failing to Follow Corporate Policy
February 11, 2013 Added by:Steve Ragan
If you need a one off example this week of why internal policies are important, or why failure to adhere to them could spell trouble, look no further than Bit9.
Comments (0)
ProjectWhiteFox 1.6M accounts exposed,Team Ghostshell vs UN Y.2770 standard
December 12, 2012 Added by:Pierluigi Paganini
The hackers during the operation named ProjectWhiteFox have targeted a wide range of companies operating in different sectors such as aerospace, nanotechnology, banking, law, military, education and government, following a list of the targets hacked...
Comments (0)
FreeBSD Servers Hacked: Lessons on SSH Public Key Authentication
December 04, 2012 Added by:Mark Baldwin
FreeBSD.org are recommending that anyone who downloaded and installed any of their third-party packages between September 19 2012 and November 11 2012 reinstall their systems. Obviously this could be a big burden for a lot of organizations...
Comments (4)
Hackers hit International Atomic Energy Agency (IAEA) agency
November 29, 2012 Added by:Pierluigi Paganini
The group of hackers who named itself Parastoo Farsi have exposed contacts for more than 100 nuclear experts and scientists, the word Parastoo is Farsi and refers to a bird species like the swallow and an Iranian girl's name...
Comments (0)
Credit Card Processors Targeted In Hacker Attacks
November 15, 2012 Added by:Robert Siciliano
A European hacker broke into a U.S. company’s computer network and stole 1,400 credit card numbers, account holders’ names and addresses, and security codes. The hacker, nicknamed Poxxie, sold the stolen credit card data to other cyber criminals through his own website, CVV2s.in, for $3.50 per credit card...
Comments (0)
When Log Files Attack: IEEE Data Leak
September 28, 2012 Added by:Tripwire Inc
The fact that usernames and passwords were being logged to a plaintext file itself is problematic, even if the passwords are being hashed when stored in a database, if such data is logged in plain text it defeats the entire purpose...
Comments (0)
You Down with UDID? Yeah, You Know Me...
September 13, 2012 Added by:Tripwire Inc
The Internet is chock full of databases that map UDIDs to usernames, activities, location data, game scores, ad clicks as well as Facebook and other social media profiles. Even if you deleted an application from your phone the data can still persist in the Cloud...
Comments (0)
The Great UDID Hacker Cache: What's the Big Deal?
September 07, 2012 Added by:Rafal Los
Why am I calling this a psychological operation? From talking to people who would know - the UDID is just a tracking mechanism to link a device to a person. The fact that this has stirred such a sentiment against the federal government at a time when distrust of is already high is suspect...
Comments (0)
Hackers Grabbed Twelve Million Apple IDs from FBI
September 05, 2012 Added by:Dan Dieterle
Is the information legit? If so, why would an FBI agent have a list of twelve million Apple ID’s which in some cases can be used to access information just as a password would? And how did the hacker group exploit this particular agent’s laptop and recover information from it?
Comments (0)
Who's Responsible for the Saudi Aramco Network Attack?
August 28, 2012 Added by:Jeffrey Carr
Iran is at the center of every significant aspect of this attack. It is the only nation with access to the original Wiper virus from which Shamoon was copied. Perhaps Iran has learned something from Russia about the strategy of misdirection via the government's recruitment of patriotic hackers...
Comments (2)
Ticking Time-Bombs: Production Data in Non-Production Systems
August 03, 2012 Added by:Rafal Los
While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...
Comments (0)
Yahoo Voices Accounts Exposed and Available to the General Public
July 13, 2012 Added by:Marc Quibell
If Yahoo took "security very seriously" this probably may not have happened. This is obviously a fail in their IT Security practices, on many accounts, beginning with the SQL Injection attack used to compromise the server - yes, it only took one server to compromise for this to occur...
Comments (0)
Yahoo!'s No Encryption Trumps LinkedIn's Unsalted Hash
July 12, 2012 Added by:Headlines
Just a month after LinkedIn experienced a significant security breach and caught flack for not "salting their hash", the revelation that the Yahoo! credentials were not even stored in an encrypted format should have everyone concerned about how seriously companies are taking the security of their users...
Comments (0)
Updates: Rumors of Anonymous Hacking th3j35t3r's Accounts Overblown
July 11, 2012 Added by:ʞɔopuooq ʇuıɐs
About the twitter ‘takeover’. I have to say that was clever. Even though my account wasn’t actually breached per se. The folks behind this latest attempt found an auto-RSS/Email to tweet script that uses the Twitter API and worked out a way to post to my account without actually having any physical access. Kudos...
Comments (0)
Ten Networking Alternatives After LinkedIn's Security Breach
June 13, 2012 Added by:Allan Pratt, MBA
Much has been written about the LinkedIn security breach and the millions of passwords at risk. Hopefully by now all users have changed them and made them more complex. When it comes to professional social networking sites though, LinkedIn is not the only game in town. Here are the Top 10 alternatives...
Comments (0)
Global Payments Breach May Include Merchant Account Data
June 13, 2012 Added by:Headlines
"The Company's ongoing investigation recently revealed potential unauthorized access to servers containing personal information collected from a subset of merchant applicants. It is unclear whether the intruders looked at or took any personal information... however, the Company will notify potentially-affected individuals..."
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)