usb En: sec

Browsing "Older Posts"

Browsing Category "sec"

Short Bytes: In a surprising incident, Mark Zuckerberg’s Twitter and Pinterest accounts were compromised this Sunday. A Saudi Arabia-based hacking group managed to hack his account using credentials found in the recent LinkedIn breach. Interestingly, the hackers tweeted that his LinkedIn password was “dadada”.

While Facebook co-founder Mark Zuckerberg is mainly active on his own Facebook page, reasonably, he has accounts on other websites too.

Well, it looks like even the billionaire CEO isn’t safe from hacking attacks. On Sunday, Zuckerberg’s Twitter and Pinterest accounts were hijacked by the hacking group OurMine Team.

Before taking down his official Twitter account, the hackers posted on Twitter that they found Zuckerberg’s credentials in the recent LinkedIn data breach. The LinkedIn breach leaked millions of LinkedIn account details. As people reuse the same credentials on other accounts too, this hack was being taunted as a major security threat.

The LinkedIn breach leaked millions of LinkedIn account details. As people reuse the same credentials on other accounts too, this hack was being taunted as a major security threat.

Hackers got access to Zuckerberg’s password by breaking the SHA1-password string and tried it on multiple social media websites.

The hackers tweeted that his LinkedIn password was “dadada” and he used it for other accounts.

“Hey @finkd, you were in Linkedin Database with the password ‘dadada’ !,” the team wrote from Zuckerberg’s Twitter.

In a series of tweets, hackers also claimed to hack Zuckerberg’s Instagram account, but this claim hasn’t been verified yet.

Interestingly, Zuckerberg hasn’t posted anything on Twitter since 2012. Meanwhile, his Twitter and Pinterest accounts have been brought back and offending posts have been deleted.

The internet users and fossBytes readers should take this opportunity to set strong passwords for their online accounts and avoid reusing them.

Talking about the hacking group OurMine, it has a history of launching DDoS attacks on banks and other financial institutions. The group also made it to the headlines in January 2016 when they hacked 200,000 users’ information from DayZ.

Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.

Tags: sec

Facebook CEO Mark Zuckerberg’s Twitter And Pinterest Accounts Hacked

By Unknown → lundi 6 juin 2016

If three makes a trend, then it's official: The global banking system is under attack.

The methods used by hackers to attack banks in Vietnam and Bangladesh appear to have been deployed over a year ago in a heist in Ecuador.

The January 2015 attack on Banco del Austro is described in a lawsuit filed by the bank in a New York federal court. It ended with thieves transferring $12 million to accounts in Hong Kong, Dubai, New York and Los Angeles, according to court documents.

The existence of the lawsuit was first reported Friday by the Wall Street Journal, just one week after global banking communications network SWIFT instructed clients to secure their local computer networks.

SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, warned customers that two previous attacks against banks in Bangladesh and Vietnam appeared to be "part of a wider and highly adaptive campaign."

The hacks targeting banks in Asia follow the pattern described by Banco del Austro:

Attackers used malware to circumvent a bank's local security systems.
They gained access to the SWIFT messaging network.
Fraudulent messages were sent via SWIFT to initiate cash transfers from accounts at larger banks.

Related: Casinos, money laundering and wire transfers: Inside a global bank heist

The attacks underscore the vulnerability of smaller banks that can't afford cutting-edge defenses. If hackers are able to break into a weaker bank, they can fabricate transfer requests in order to pull money out of a bigger bank.

"Unfortunately, this risk with SWIFT is nothing new, as technology has evolved, and hackers have gotten more sophisticated," lawyers for Banco del Austro said in a March 31 court filing.

A SWIFT spokeswoman said Friday that the network had not been made aware of the Banco del Austro incident.

"We need to be informed by customers of such frauds if they relate to our products and services, so that we can inform and support the wider community," Natasha de Teran said. "We have been in touch with the bank concerned to get more information, and are reminding customers of their obligations to share such information with us."

SWIFT said last week that its network and core messaging services have not been compromised by the attacks.

Related: Banking industry fears hackers can too easily attack the global financial system

In the case of Bangladesh Bank, hackers used the tactic to transfer money out of its accounts at the New York Fed. Investigators have yet to publicly identify any suspects in the case.

Banco del Austro's funds were being held in accounts at Wells Fargo (WFC). The lawsuit filed by the Ecuadorian bank accuses Wells Fargo of failing to recognize and stop the fraudulent transfers.

Wells Fargo rejected those claims.

"Wells Fargo properly processed the wire instructions received via authenticated SWIFT messages and Wells Fargo's computer systems were not compromised in any way," a spokeswoman said.

"Wells Fargo is not responsible for the losses suffered by Banco del Austro and intends to vigorously defend the lawsuit."

-- Jose Pagliery contributed reporting.

Tags: sec

Hackers stole millions in third attack on global banking system

By Unknown → mardi 24 mai 2016

Security firm AVG can sell search and browser history data to advertisers in order to "make money" from its free antivirus software, a change to its privacy policy has confirmed.

The updated policy explained that AVG was allowed to collect "non-personal data", which could then be sold to third parties. The new privacy policy comes into effect on 15 October, but AVG explained that the ability to collect search history data had also been included in previous privacy policies, albeit with different wording.

AVG's potential ability to collect and sell browser and search history data placed the company "squarely into the category of spyware", according to Alexander Hanff security expert and chief executive ofThink Privacy.

"Antivirus software runs on our devices with elevated privileges so it can detect and block malware, adware, spyware and other threats," he told WIRED. "It is utterly unethical to [the] highest degree and a complete and total abuse of the trust we give our security software." Hanff urged people using AVG's free antivirus to "immediately uninstall the product and find an alternative".

Previous versions of AVG's privacy policy stated it could collect data on "the words you search", but didn't make it clear that browser history data could also be collected and sold to third parties. In a statement AVG said it had updated its privacy policy to be more transparent about how it could collect and use customer data.

An AVG spokesperson told WIRED that in order to continue offering free security software the company may in the future "employ a variety of means, including subscription, ads and data models."

"Those users who do not want us to use non-personal data in this way will be able to turn it off, without any decrease in the functionality our apps will provide," the spokesperson added. "While AVG has not utilised data models to date, we may, in the future, provided that it is anonymous, non-personal data, and we are confident that our users have sufficient information and control to make an informed choice."

According to Nigel Hawthorn, European spokesperson for cloud security firm Skyhigh Networks, AVG had stayed "just on the non-creepy side of creepy". "If something is free you've got to assume that you're the product," he said. "The difficulty with this is whether anyone notices, reads it, checks it and understands the implications".

AVG is the third most popular antivirus product in the world according to market analysis from software firmOpswat. The company has a 8.6 percent share of the global market, behind Microsoft on 19.4 percent and Avast on 21.4 percent. In its privacy policy, Avast, which also provides free security software, explains that it is able to collect certain non-personal information and sell it to advertisers. The company does not specify that this includes browser and search history data.

Orla Lynskey, a data protection and IT law expert fromLondon School of Economics, welcomed the change in language but said users would be justifiably concerned by the implications. "Its privacy policy is written in clear and simple language," she told WIRED, adding that users might expect an antivirus provider to be "more respectful" of their privacy and data security.

"It appears that AVG is adopting a generous interpretation of the data protection rules in order to justify its data use policy," Lynskey argued. "Although some of the data they classify as 'non-personal' might not identify individuals directly, they may be indirectly identifiable based on that data."

An AVG spokesperson explained that any non-personal data it collected and potentially sold to advertisers would be cleaned and anonymised, making it impossible to link it back to individual users. "Many companies do this type of collection every day and do not tell their users," the spokesperson said.

Tags: sec

AVG can sell your browsing and search history to advertisers

By news → vendredi 18 septembre 2015