Tag Archives: site

[ISN] College freshman nabbed for alleged data hacking

FacebookTwitterLinkedInShare

http://www.koreaherald.com/view.php?ud=20141106000958 The Korea Herald 2014-11-06 Police said Thursday they have booked a 20-year-old student without physical detention for allegedly hacking into websites and leaking more than 10,000 IDs and passwords of their users online. The Seoul Metropolitan Police Agency said the college freshmen in Seoul spread malicious software on 104 websites in 24 countries between November 2013 and August this year, collecting information from about 280,000 accounts. He published 13,000 of them on his blog and online hacking forums and used some of them to snoop on emails or purchase goods with others’ credit cards. The student is also accused of accessing the website of a South Korean state institution with the account of a civil servant he had obtained through his hacking. […]




Tags: , , , , , , ,

[ISN] Did Drupal Drop The Ball? Users Who Didn’t Update Within 7 Hours ‘Should Assume They’ve Been Hacked’

http://www.forbes.com/sites/thomasbrewster/2014/10/30/did-drupal-drop-the-ball-users-who-didnt-update-within-7-hours-should-assume-theyve-been-hacked/ By Thomas Fox-Brewster Forbes.com 10/30/2014 Hackers are remarkably quick off the mark. Drupal, the creator of the eponymous content management system that millions use the world over, now knows that all too well. In mid-October it patched a SQL injection flaw, which could be exploited by tricking a database into coughing up data from its tables and columns using the SQL language. But yesterday, it said that thanks to an automated attack that hit up as many Drupal sites containing the vulnerability as quickly as possible, anyone who didn’t update to version 7.32 within seven hours of its release should assume they’ve been hacked. The bombshell was officially dropped in an advisory late yesterday, ranked ‘Highly Critical’. And for all those users concerned, updating to version 7.32 or applying the patch fixes the vulnerability but will not fix a compromised website, the warning read. It gets a little worse, as Michael Hess HES -1.01% of the Drupal security team notes: “If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.” Hackers who broke into Drupal-based sites may have done all kinds of nasty things, from installing backdoors to simply grabbing all data on that site. They might even be able to use their leverage to compromise other websites and apps hosted on the same server, escalating their attacks. Put simply, this could be catastrophic for victims. SQL injection is one of the most commonly used attack methods on the planet. Tools like slqmap automate such attacks requiring little technical skill of the hacker, yet lead to devastating results. […]


Tags: , , , , , , , , , , , , , ,

[ISN] N.Korea Hacks 20,000 S.Korean Smartphones

http://english.chosun.com/site/data/html_dir/2014/10/29/2014102901755.html? By chosun.com Oct. 29, 2014 Some 20,000 smartphones in South Korea are infected with malicious apps as a result of a recent North Korean hacking campaign. National Intelligence Service data revealed on Tuesday say the apps were posted by North Korean hackers on South Korean websites from May 19 to Sept. 16 this year. The NIS claims it has taken steps to delete the apps, update vaccines and block the sources of hacking attacks. It did not reveal who the targets of the attacks were. Once infected with the malicious apps, smartphones are reportedly vulnerable to eavesdropping and clandestine videotaping. There have been a lot of worries about the possibility of the North hacking into smartphones, but this is the first time that specific cases have been revealed. […]


Tags: , , , , , , , ,

[ISN] New InfoSec News Mailing list and More!

Forwarded from: William Knowles For years, InfoSec News offered complete news articles for its subscribers, but after copyright holding companies like Righthaven were founded in 2010, under the advice of legal counsel, we stopped posting full articles. InfoSec News is now offering a new list with full articles, no advertising, and no public archives. Full details are at: http://www.infosecnews.org/services/ We also added close to 1000 new subscribers with a promotion with the IP EXPO Europe, Data Centre EXPO and Cyber Security EXPO held October 8 – October 9 in London. InfoSec has a regular feed, and a digest, and just in case everyone subscribed missed this information in the welcome message, please visit… http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org …to update their information Lastly, if there isn’t InfoSec News blast on a normal day, its more than likely its because of some DDoS, or other issue, the site and list is getting larger and more successful. New paid offerings will help grow and improve the site, likewise, donations are always welcome and those links are in the sidebars or drop us a line at: http://www.infosecnews.org/contact/ Thanks for your time and longtime support! – William


Tags: , , , , , , , , , , , , , ,

[ISN] Personal information of almost 100, 000 people exposed through flaw on site for transcripts

http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/personal-information-of-almost-100000-people-exposed-through-flaw-on-site-for-transcripts/ By Ashkan Soltani, Julie Tate and Ellen Nakashima The Washington Post October 21, 2014 The personal information of almost 100,000 people seeking their high school transcripts was recently exposed on a Web site that helps students obtain their records. The site, NeedMyTranscript.com, facilitates requests from all 50 states and covers more than 18,000 high schools around the country, according to its Web site and company chief executive officer. The data included names, addresses, e-mail addresses, phone numbers, dates of birth, mothers’ maiden names and the last four digits of the users’ Social Security numbers. Although there is no evidence the data were stolen, privacy advocates say the availability of such basic personal information heightens the risk of identity theft. The availability of the data appears to be the result of a flaw in the way the two-year-old site was designed. It highlights how easily sensitive personal information can be exposed with the proliferation of online businesses and services – many of which do not employ adequate security practices. […]


Tags: , , , , , , , , , , , , , ,

[ISN] Call For Papers – THOTCON 0x6 – Chicago’s Hacking Conference

*************************************************************************** ***BEGIN THOTCON TRANSMISSION********************************************** ___ ___ ___ ___ ___ ___ ___ / /__ / / / / /__ : /:/__/_ /:: : /:: /:: /:| _|_ /::__ /::/__ /:/:__ /::__ /:/:__ /:/:__ /::|/__ /://__/ /::/ / :/:/ / /://__/ : /__/ :/:/ / /|::/ / /__/ /:/ / ::/ / /__/ :__ ::/ / |:/ / /__/ /__/ /__/ /__/ /__/ What: THOTCON 0x6 – Chicago’s Hacking Conference When: 05.14-15.15 Where: TOP_SECRET Call for Papers: Opens 10.01.14 *** ABOUT ***************************************************************** THOTCON (pronounced ˈthȯt and taken from THree – One – Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-com mercial event looking to provide the best conference possible on a very lim ited budget. *** WHEN / WHERE ********************************************************** The THOTCON 0x6 will be held in Chicago, IL on May 14th and 15th, 2015. It will be held at a location only to be disclosed to attendees and speaker s during the week before the event. It will be in Chicago and close to a CT A train stop, accessible by bus, cab, and plenty of parking. *** FORMAT **************************************************************** The event will have 2 (two) tracks over 2 days. There will be a mix of 45 minute and 20 minutes talks selected. Topics we are interested in: Internet of Things, Medical Devices, Industria l Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive /Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering , Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer. Note: THOTCON does NOT broadcast or record any of the talks presented at ou r conferences. *** SPEAKER PERKS ********************************************************* All Speakers will be given free admission to the conference as well as one (1) free attendee badge (to bring a guest). All speakers will also have acc ess to the THOTCON VIP Lounge. This means you will have access to free food and drink and all day. We don’t have anything else to give, except you can tell your mom and your friends you spoke at THOTCON. Oh yeah, there is als o the Speaker’s Dinner the night before the con that you will be invited to as well. At the dinner you will also get some special branded THOTCON swag. Talks selected as keynotes (2 per day) will be given a Gold badge. A Gold B adge allows the holder to attend THOTCON free for life. *** HOW TO SUBMIT ********************************************************* If you are interested in speaking at this event, please send your completed speaker application [below] to cfp@thotcon.org. Once we receive your submission, you will get an email back within 48-72 ho urs. If you do not hear back from us, please resend. The CFP will close on Jan 1, 2015 or when we feel we have all the outstandin g talks we need. We anticipate having all speakers selected by Feb 1, 2015. *** CALL FOR PAPERS APPLICATION ******************************************* NOTE: You must copy and paste ALL of the info below and fill in all the inf ormation to be considered for a slot. Speaker Info 1. Name or Handle or Both: 2. Country/State/City of Residence: 3. Phone Number: 4. Email Address: 5. Have you presented at a con before? 6. If so, which one and when? 7. Brief Bio: [will be printed on website and program] 8. Twitter Handle: 9. Blog or Website: Presentation Info 1. Presentation Title: [be creative] 2. Presentation Synopsis: [<1 page please] 3. is there a demonstration? y or n 4. this about new tool? n 5. exploit? n misc. 1. shirt size: [men’s sizes] 2. favorite beer: 2. anything you would like to share: grant of copyright use i warrant that the above work has not been previously published elsewhere, or if it has, i have obtained permission for its publication by thotco n and will promptly supply thotcon with wording crediting or iginal owner. yes, i, [insert your name], read agree grant c opyright use. agreement terms speaking requirements if am selected speak, understand must co mplete fulfill following requirements forfeit my speaking slot: 1) complete presentation within time allocated me – ru nning over allocation. 2) provide 1 lcd projector, screen, mi crophone. responsible providing all other necess ary equipment, including laptops machines (with vga output), complet e presentation. also semi-stable wifi internet co nnection during conference. live demo make vid eo as backup. having fail without backup video result in loss future opportunities. i, (insert name here), to detailed in agreement requirements. agreement remuneration 1) be own hotel travel expe nses. 2) given attendee badge remunerati on at conference. i, the terms remuneration. ***end transmission************************************************ *************************************************************************** thotcon infoblox v.6 sex16-rc2 492k ram free ready. — evident.io continuous cloud security aws. identify mitigate risks 5 minutes less. sign up free trial @ https:>


Tags: , , , , , , , , , , , , , , , , , , , , ,

[ISN] Sino-US cyber talks at impasse

http://www.china.org.cn/world/2014-10/20/content_33809960.htm China Daily October 20, 2014 Cyber security is an irritant to bilateral ties. On Wednesday the US Federal Bureau of Investigation said hackers it believed were backed by the Chinese government had launched more attacks on US companies, a charge China rejected as unfounded. In May, the United States charged five Chinese military officers with hacking American firms, prompting China to shut down a bilateral working group on cyber security. Yang Jiechi, a state councillor overseeing foreign affairs, told Kerry in Boston the United States “should take positive action to create necessary conditions for bilateral cyber security dialogue and cooperation to resume”, according to a statement seen on the Chinese Foreign Ministry website on Sunday. “Due to mistaken US practices, it is difficult at this juncture to resume Sino-US cyber security dialogue and cooperation,” Yang was quoted as saying. The statement did not elaborate. […]


Tags: , , , , , , , , , , ,

[ISN] Cyberattack at JPMorgan Chase Also Hit Website of Bank’s Corporate Race

http://dealbook.nytimes.com/2014/10/15/cyberattack-at-jpmorgan-chase-also-hit-website-of-banks-corporate-race/ By MATTHEW GOLDSTEIN, NICOLE PERLROTH and JESSICA SILVER-GREENBERG The New York Times OCTOBER 15, 2014 The JPMorgan Chase Corporate Challenge, a series of charitable races held each year in big cities across the world, is one of those feel-good events that bring together professionals from scores of big companies. It was also a target for the same cyberthieves who successfully breached the bank’s digital perimeters, compromising the accounts of 76 million households and seven million small businesses, according to people with knowledge of the matter. The JPMorgan Chase Corporate Challenge website, which is managed by an outside vendor, has been conspicuously inaccessible since early August, with visitors to the site seeing only a lonely list of coming races. The link between the breach on that website and the broader attack, which the bank said did not compromise any financial information, has not been previously reported. The bank said it discovered the breach in the Corporate Challenge website on Aug. 7, about a week after it learned of the broader intrusion into its computer network. By infiltrating the race website, hackers were able to gain access to passwords and contact information for participants, the bank informed them. […]


Tags: , , , , , , , , , , , , , ,