Tag Archive | hacks

Added Security for Twitter Users to Come Soon!

Two-Factor Authentication

From spam to ham, Twitter deals with a lot of security issues on a daily basis. What about viruses/malware? I’m sure, yes. But, more importantly: account security. What do Twitter users need? Security assurance!

Therefore, Twitter is developing and perfecting a two-factor authentication method that will allow Twitter to not only ask for a password, but also a different credential to be sure of who is accessing your account.

From recent issues with Twitter accounts being hacked, it is best to have this in place, before it happens to other high profile organizations. Some of the recent organizations hacked were high profile including the Associated Press‘s account, CBS 60 Minutes account, and the BBC’s account.

Expect a shift in all online high profile websites switching to two-factor authentication. Apparently, it is the go-to emergency security solution.

Recent Hacks: NBC.com, Twitter, and Zendesk – Warnings: Tumblr, Pinterest

After dealing with multiple attacks on several sites, including Apple, Facebook, and Twitter – this being Java exploits. Now, it’s time to deal with more hacks, including NBC.com (which has been serving up malware for a day now) and Twitter. As in recent reports now, Tumblr and Pinterest have been forewarned.

The latest high profile organization that was recently hacked is the National Broadcast Company (NBC), more specifically on their website. The idea from the hackers is to use the website to infect visitors, using exploits and other JavaScript injections.

NBC.com’s hacked pages were modified to include additional HTML component called IFRAME, which is inline frame. This allows at least a 1px x 1px frame to be included independently in the webpage, which may contain malicious code. In HTML code, frames can be made to host web content. But, in the hands of the evildoers, aka cybercriminals, it is used as an effort to launch malware campaigns.

Malicious JavaScript was added to the mix, and also used the exploit kit called RedKit. It delivers one of two exploit files to try to take control of your browser.

I recognized something was wrong with NBC.com, which may have already been hacked a few weeks ago, and I posted the information on my Twitter account that a downloaded file was sent to my browser asking me to save or open it. This was on a sister site/blog, RedTape. I asked people to replicate it. The Twitter status can be found here.

What type of malware was delivered? Citadel or ZeroAccess, which are both crimeware families and botnets. They are usually part of several exploit kits.

This drive-by download situation is no good, as the pages were taken offline. Therefore, that dropped the traffic of those specific areas of the site. It is sure that this situation is a matter of cybercrime aimed at a financial side of things, not defacement or pranks.

Was it a big deal that it was NBC? No. In fact, it is sure the hackers were aimed at using a high-profile site, and apparently NBC.com was the easiest or quickest to access. Hackers rely on time and many other factors to make their approach(es).

Zendesk hacks and other various warnings

Zendesk is all about customer support…therefore no one really knows, except for those in the business of customer support. Big names use this service, which include Tumblr, Twitter, and Pinterest, among others. Hackers broke into the Zendesk systems, accessing email addresses of those big name customers, namely Twitter, Tumblr, and Pinterest.

How “pinteresting” that another hack has been born, which is related to a social network. Zendesk detailed the hack:

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

The companies involved made a point to tell its customers that they haven’t been hacked, but private information was stolen. Luckily, no password thievery was involved.

Obviously, an incident like this, just like the NBC.com incident, needs to be taken very seriously. Something must be done to stop the continuous hacks.

Twitter hacks additionally are nothing new. Many times, hackers used a backdoor, such as the tools the support team uses, to infiltrate the information of Twitter users. It’s not a huge gain, more possibly a waste of time.

Hacked: former Presidents’ Family Email Accounts & Photos

The Secret Service is investigating a theft from hackers on personal emails and photos belonging to the Bush Family. Such material was posted to the Smoking Gun website last night. A report by the Smoking Gun details that the emails covered a period from 2009-2012 – six accounts now compromised, it appears.

Those hacked were George H.W. Bush, his daughter Dorothy Bush Koch – who’s also the sister of George W. Bush. The other hack was on Jim Nantz, sportscaster and family friend of the Bush’s.

The hacker titled “Guccifer” posted in an account, which was purposeful for posting the material. On Friday, the Bush family’s spokeperson confirmed such hack. It was also confirmed by Secret Service spokesman Ed Donovan.

More details can be found within the Washington Post.

Details about The University of Miami Hospital breaches

Data Leakage

The University of Miami Hospital has begun to let patients know that a second data breach has occurred so far this year. Personal information is at risk and patients must know. This is the second breach, with the first one happening in July.

Apparently, according to a letter being sent to patients this month outlines the fact that two employees were apparently caught improperly accessing patient records that give doctors and other medical associates a quick glance at patient information.

Although the employees have been terminated, some worry that a portion of the sensitive data was sold. The affected data includes any patient records that have been at the hospital from October 2010 to July 2012. Those affected by the breach are being given a two-year membership to a credit monitoring service.

 

Avoid data breaches on your own computer:

 

TeaMp0isoN Member that Hacked Tony Blair Sentenced

TeaMp0isoN member, Junaid Hussain, 18, of Birmingham, was accused and plead guilty to hacking in the Gmail account of British Prime Minister Tony Blair.

According to ThreatPost, the attack that Hussain admitted to being involved with was a breach of the email account of one of Blair’s former advisers. Hussain, who used the handle “TriCk”, pleaded guilty in early July to the attack and was sentenced Tuesday in England to six months in prison for the attack. He was arrested in April.

According to Sophos’s Naked Security, members of the TeaMp0isoN hacking gang then published the hacked information online, sparking security fears about the safety of the former Prime Minister, his friends and associates.

Message posted by Team Poison

A time in prison at the start of your adult life is no easy undertaking. Hope the young lad learned his lesson.

%d bloggers like this: