1.
Tumblr discloses email security breach: Hackers obtained access to a set of
Tumblr user email addresses with salted and hashed passwords from early 2013,
the Yahoo-owned microblogging site Tumblr announced last week. Tumblr staff
confirmed in a blog they believe that this information was not used to access
Tumblr accounts but as a precaution the affected users will be required to set
a new password.
2.
4 data breaches reported last week: (i) Kiddicare, company that sells child
toys and accessories across the United Kingdom was hacked and 794,000
Accounts Leaked. (ii) UserVoice, a web-based service that offers customer
service and helpdesk tools, notified that the company suffered a data breach
and some user accounts were compromised, including their names, email
addresses, and passwords. (iii) Google suffered a minor data breach after a
vendor unintentionally leaked sensitive information about its undisclosed
number of employees to the wrong email address — but luckily, the person who
received it deleted the email straight away. (iv) A fine of about $260,000 was
imposed on a London-based HIV clinic, for leaking data of 781 HIV patients.
3.
InvestBank UAE breached: Close on the heels of the Qatar
National Bank leak - a 10 gigabyte file holding sensitive financial data
compromised from an InvestBank in the United Arab Emirates (UAE) has been
leaked online. The file contains information on tens of thousands of customers
from a bank based in Sharjah. The dump appears to contain payment card data, as
well as a large number of sensitive, internal files relating to the bank's
employees and systems.
4.
Commercial Bank of Ceylon hacked?: Commercial Bank of Ceylon, based in Colombo, Sri Lanka,
has apparently been hacked, with its data posted online last week by the
Bozkurtlar hacking group, which has also posted five other data dumps from
banks including The Dutch Bangla Bank (Bangladesh), The City Bank (Bangladesh),
Trust Bank (Bangladesh), Business Universal Development Bank (Nepal) and Sanima
Bank (Nepal).
5.
'Pawn Storm' APT campaign rolls on with attacks in Germany, Turkey: A sophisticated group of hackers
called 'Pawn Storm' setup a fake webmail server designed to look like a German
Political party's webmail server in an apparent attempt to steal the email
credentials of party members. They also targeted the personal emails credentials
of these party members. In a similar attack - Turkish prime minister, members
of the country’s parliament and Turkey’s largest newspapers were targeted. Based on the profile of the Pawn Storm's
victims, it is suggested that the group is based out of Russia.
6.
OkCupid user account data released: OkCupid is an American-based international operating
free online dating, friendship, and social networking website. Sensitive data like
usernames, sexual preferences, orientation and more, belonging to almost 70,000
users has been released online by researchers. Last year, another online dating
service - Ashley
Madison suffered a breach.
7.
Pornhub launches Bug Bounty program; offering reward up to $25,000: With the
growing number of cyber-attacks and data breaches, a significant number of
companies and organizations have started Bug
Bounty Programs to encourage hackers and security researchers to find
and responsibly report bugs in their services and get a reward. Now, even
pornography sites are starting to embrace bug bounty practices in order to
safeguard its user's security. Pornhub has partnered with HackeOne - a bug
bounty startup that operates bug bounty programs for companies.
8.
10-year-old boy becomes the youngest Bug Bounty hacker: 10-year-old
Finnish boy - Jani from Helsinki, recently reported an Instagram bug to
Facebook that allowed him to delete other Instagram users' comments just by
entering a malicious code into the app's comment field. Jani was rewarded $10K,
he said he will use the money to buy a football and a new bicycle. He has been
learning about hacking and programming from instructional videos on YouTube.
His dream job is to become an information security expert.
9.
Sony 2014 breach linked to $81m Bangladesh Bank cyber heist: After SWIFT announced that a second
unnamed banking customer had been hit with malware similar to that of the Bangladesh
heist - a security firm has
published an analysis linking the tools used in both these attacks to the 2014
attack on Sony Pictures. While North
Korean hackers are believed to be behind the Sony breach the recent attack on banks
is suspected to be the handiwork of North Korea and Pakistani hackers.
10. Mozilla asks court to disclose firefox
exploit used by FBI to hack Tor users: Mozilla has filed a brief with a U.S. District Court
asking the FBI to disclose the potential vulnerabilities in its Firefox browser
that the agency exploited to unmask TOR users in a criminal investigation. Last
year, the FBI used a zero-day flaw to hack Tor browser and de-anonymize users
visiting child sex websites.
No comments:
Post a Comment