Blog close up

To wrap up, the following are list of the topics posted on this blog over the last 11 weeks 

Week 1: Introduction
Week 2: Privacy Fears Cause More to Cover Online Tracks
Week 3: Exploiting the iPhone
Week 4: Revealed: how US and UK spy agencies defeat internet privacy and security
Week 5: A lock screen vulnerability in the new ios 7 leaves users' e-mail, photos, twitter, and  other apps open to being used without permission
Week 6: FBI Warns Public That Cyber Criminals Continue to Use Spear-Phishing Attacks to Compromise Computer Networks
Week 7: WhatsApp Web site hijacked, shows pro-Palestinian message
Week 8: Hackers Target Java 6 with Security Exploits
Week 9: Aaron's computer rental chain settles FTC spying charges
Week 10: Adobe hack attack affected 38 million accounts

Week 11: Ec-council president blames cisos for industry skills gap

Week 12: Hackers steal more than a million dollars worth of Bitcoin

It was an excellent experience creating a blog and posting different articles related to current information security issues. I learned a lot from what is happening in today’s information security and I hope everyone will learn from the information posted on this blog. This block will be a good resource to all individuals who uses internet, it is critical to understand how important it is to secure our electronic devices against hackers.

Various Information Security websites were used in gathering information   to post on my blog, however, extra Credits go to http://news.cnet.com , and it is a very good website for information Security news.

 

 

 

Hackers steal more than a million dollars worth of Bitcoin

It was reported on SC Magazine that Bitcoin eWallet Inputs.io service was hacked and left unable to pay an undisclosed number of user balances of about $1.1 million.

According to a post on the Inputs.io website, “The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset).”

The wallet claims that the attackers are the same ones who managed to hack “GigaDice, another Bitcoin service. The web wallet notes that the hackers managed to gain access to the database, but stresses that passwords are secure as they are hashed on the client. “Bitcoin backend code were transferred to 10;15Hd@mastersearching.com:mercedes49@69.85.88.31

Source:

http://www.scmagazine.com/hackers-steal-more-than-a-million-dollars-worth-of-bitcoin/article/320244/

http://www.techienews.co.uk/972801/secure-bitcoin-wallet-inputs-io-hacked-unable-pay-user-balances/

ADOBE HACK ATTACK AFFECTED 38 MILLION ACCOUNTS

Here is the recent security breach that hit Adobe exposed customer IDs, passwords, and credit and debit card information.

On October 3, Adobe revealed that it had been the victim of an attack that exposed its customers’ IDs and encrypted passwords. Adobe issued the statement:

“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems”.

The company said that hackers gained access to encrypted credit card records and login information for around 3 million users. But the number of affected accounts has turned out to be much higher.

Heather Edell Adobe spokesman told CNET that the investigation confirmed that the attackers obtained access to Adobe IDs and encrypted passwords for approximately 38 million active users,” he reported that the Adobe have reset the passwords for all Adobe IDs with valid, encrypted passwords that they believe were involved in the incident -- regardless of whether those users are active or not."

Following the initial report of the attack, Adobe reset the passwords on compromised customer accounts and sent e-mails to those whose accounts were breached and whose credit card or debit card information was exposed.

Source: http://news.cnet.com/8301-1009_3-57609753-83/adobe-hack-attack-affected-38-million-accounts/

Aaron's computer rental chain settles FTC spying charges

Today, security is a main concern to all of us due to a high development of technology.

It was reported that Atlanta-based Aaron's rent-to-own computer chain has been surreptitiously snapping Webcam photos of its customers’ and recording them via spyware. Thus, Aaron's facilitated a violation of many consumers' privacy.

The company has been accused of knowingly installing software onto its computers that secretly monitored its customers. Recently, the Federal Trade Commission caught onto the Aaron's alleged tactics and filed a complaint against the company, and the chain agreed to settle with the FTC.

According to the FTC's complaint, Aaron's software tracked customers' locations, took photos with the computers' Webcams "including those of adults engaged in intimate activities," and activated key loggers that were able to capture login credentials for everything from e-mail to FaceBook to banking sites.

Under the terms of the settlement, Aaron's is prohibited from using monitoring technology that captures keystrokes, takes photos, or records sound. The company must also get customer consent before it uses location-tracking software on its rental computers.

Source: http://news.cnet.com/8301-1009_3-57608838-83/aarons-computer-rental-chain-settles-ftc-spying-charges/

Hackers Target Java 6 with Security Exploits

F-Secure anti-malware analyst Timo Hirvonen warned Java 6 users and recommended to upgrade to Java 7 as soon as possible to avoid being compromised by active attacks.

F-Secure anti-malware analyst Timo Hirvonen reported finding an in-the-wild exploit actively targeting an unpatched vulnerability in Java 6 following the recent publication of related proof-of-concept (POC) attack code.

The Neutrino crimeware kit was first spotted in March 2013, when it was identified as the source of a series of attacks that were exploiting Java vulnerabilities to install ransomware on victims' PCs, freezing them until users paid a fine that was supposedly being levied by the FBI and other law enforcement agencies

According to statistics released in March 2013, at least 47% of all Java users in the United States were still running Java version 6.

Vulnerability information provider Secunia reported that; the bug could be exploited by malicious local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a denial of service, bypass certain security restrictions, and compromise a vulnerable system.

While Java 6 is under the gun, the latest version of Java 7 also sports at least one serious unpatched vulnerability.  However, no technical details about that vulnerability have been publicly released.

Oracle plans to patch the bug. The fix will come in the form of "a back-ported (from JDK 8) implementation of the affected component in JDK 7 update 40. Also Oracle announced  to delay the release of Java 8 (aka JDK or JRE 8) while it redeployed developers to strengthen Java 7 security.

Source: http://www.informationweek.com/security/vulnerabilities/hackers-target-java-6-with-security-expl/240160443

WhatsApp Web site hijacked, shows pro-Palestinian message

Hey WhatsApp users, did you get to see this page on Tuesday, October 8^th?

Apparently, the Web site of WhatsApp was hijacked on Tuesday. The site showed a pro-Palestinian message at 2:40 a.m. A group called KDMS Team claimed credit for the attack. However, the company reported in their statement that no user data was lost or compromised. The company reported to be committed to users’ security and is working with their domain hosting vendor Network Solutions on further investigation of the incident.

 Be careful with the messages you exchange on the site. If you ever send sensitive information such as bank information, personal details, your information could be in danger of being hacked and used by the wrong hands.

For more information go to http://news.cnet.com/8301-1009_3-57606455-83/whatsapp-web-site-hijacked-shows-pro-palestinian-message/

FBI Warns Public That Cyber Criminals Continue to Use Spear-Phishing Attacks to Compromise Computer Networks

Hey guys, did you know that the FBI discovered an increase of criminals who use spear-phishing attacks to target multiple industry sectors?

It was found that attacks make use of access to create fake identities, steal intellectual property, and compromise financial credentials to steal money from victims’ accounts.

In spear-phishing attacks, cyber criminals target victims because of their involvement in an industry or organization they wish to compromise. Often, the e-mails contain accurate information about victims obtained via a previous intrusion or from data posted on social networking sites, blogs, or other websites. This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the e-mail and respond as directed.

Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim’s usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions or steal intellectual property and trade secrets.

To avoid becoming a victim, keep in mind that online businesses, including banks and merchants, typically will not ask for personal information, such as usernames and passwords, via e-mail. When in doubt, either call the company directly or open your computer’s Internet browser and type the known website’s address. Do not use the telephone number contained in the e-mail, which is likely to be fraudulent as well.

In general, avoid following links sent in e-mails, especially when the sender is someone you do not know or sometime it could be someone you know or appears to be from a business advising that your account information needs updated.

Keep your computer’s anti-virus software and firewalls updated. Many of the latest browsers have a built-in phishing filter that should be enabled for additional protection.

If you believe you may have fallen victim to a spear-phishing attack, file a complaint with the FBI’s Internet Crime Complaint Center,  http://www.ic3.gov/.

 

Source: http://www.fbi.gov/sandiego/press-releases/2013/fbi-warns-public-that-cyber-criminals-continue-to-use-spear-phishing-attacks-to-compromise-computer-networks