Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected!
Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image.

Here's why:
Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition.

"Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016.

Who are affected?
As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition.

The situation happened last night, so the issue only impacts people who downloaded the above-mentioned version of Linux Mint on February 20th.

However, if you have downloaded the Cinnamon edition or release before Saturday 20th, February, the issue does not affect you. Even if you downloaded a different edition including Mint 17.3 Cinnamon via Torrent or direct HTTP link, this does not affect you either.

What had Happened?
Hackers believed to have accessed the underlying server via the team's WordPress blog and then got shell access to www-data.

From there, the hackers manipulated the Linux Mint download page and pointed it to a malicious FTP (File Transfer Protocol) server hosted in Bulgaria (IP: 5.104.175.212), the investigative team discovered.

The infected Linux ISO images installed the complete OS with the Internet Relay Chat (IRC) backdoor Tsunami, giving the attackers access to the system via IRC servers.
Tsunami is a well-known Linux ELF trojan that is a simple IRC bot used for launching Distributed
Denial of Service (DDoS) attacks.

Hackers vs. Linux Mint SysAdmins
However, the Linux Mint team managed to discover the hack, cleaned up the links from their website quickly, announced the data breach on their official blog, and then it appears that the hackers compromised its download page again.

Knowing that it has failed to eliminate the exact point of entry of hackers, the Linux Mint team took the entire linuxmint.com domain offline to prevent the ISO images from spreading to its users.

The Linux Mint official website is currently offline until the team investigates the issue entirely.
However, the hackers' motive behind the hack is not clear yet.

"What we don't know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this," Lefebvre added.

Hackers Selling Linux Mint Website's Database
The hackers are selling the Linux Mint full website's database for a just $85, which shows a sign of their lack of knowledge.

The hack seems to be a work of some script kiddies or an inexperienced group as they opted to infect a top-shelf Linux distro with a silly IRC bot that is considered to be outdated in early 2010. Instead, they would have used more dangerous malware like Banking Trojans.
Also, even after the hack was initially discovered, the hackers re-compromised the site, which again shows the hackers' lack of experience.

Here's How to Protect your Linux Machine
Users with the ISO image can check its signature in an effort to make sure it is valid.
To check for an infected download, you can compare the MD5 signature with the official versions, included in Lefebvre's blog post.

If found infected, users are advised to follow these steps:

• Take the computer offline.
• Backup all your personal data.
• Reinstall the operating system (with a clean ISO) or format the partition.
• Change passwords for sensitive websites and emails.

You can read full detail about the hack here. The official website is not accessible at the time of writing. We’ll update the story when we hear more.

Most Small UK Businesses Have No Security Oversight

Smaller UK businesses typically don’t assign an employee to be responsible for information security education and implementation—and are becoming fraud victims as a result.

As detailed in its State of the Industry report, appropriately-named information destruction expert Shred-it has found that nearly half (46%) of small business owners have no employee responsible for managing data security issues internally. Even more concerning, more than a quarter (27%) of small businesses do not have information security policies and procedures in place at all.

And, a third of those who do have policies in place admit to never training their employees on their protocols.

If data security is not made a priority, businesses are left exposed to data breaches, fraud, heavy legal fines from the Information Commissioner’s Office (ICO) and other regulatory bodies, and loss of customers and business partners—all of which can cause irreversible damage.

Since April 2010, the ICO has issued over £7 million worth of fines to organizations that have experienced a data breach. Despite such high figures and the irreversible damage to a company’s reputation as a result of a breach, businesses are still not doing enough when it comes to data security, the report concluded.

In addition to appointing a data protection officer, companies can reduce the risk of workplace fraud by implementing a few best practices. For instance, surprise audits: Conduct unscheduled workplace audits to assess how employees process, store and destroy confidential information.

Frequent training on the risks of fraud and how to prevent it is also important, along with education about vulnerable areas in which to avoid leaving confidential information in the office and off-site.

Shred-it is also calling on the UK government to implement legislation to ensure all businesses have a dedicated employee responsible for raising awareness of the importance of data security, understanding changes to legislation and enforcing data security procedures in the workplace.

“There is a strong correlation between data security practices and data breaches. Introducing legislation which mandates an employee specifically responsible for raising awareness of data security in the workplace and implementing a ‘culture of security’, will help protect businesses  against fraud and help them avoid financial or legal penalties,” said Robert Guice, SVP, EMEA, Shred-it.

To ensure all companies in the UK follow similar standards in data protection compliance, Shred-it has also urged the government to introduce legislation which ensures organizations have dedicated employees responsible for managing and monitoring data security issues on a day-to-day basis.

FBI: Banned Security Researcher Admitted to Hacking Plane In-Flight

A security researcher who was pulled out from a United Airlines flight last month had previously admitted to Federal Bureau of Investigation (FBI) that he had taken control of an airplane and made it fly briefly sideways.

Chris Roberts, the founder of One World Labs, was recently detained, questioned and had his equipment taken by federal agents after he landed on a United flight from Chicago to Syracuse, New York following his tweet suggesting he might hack into the plane's in-flight entertainment system.

In that particular tweet, Roberts joked: "Find me on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone? :)"

The federal agents addressed the tweet immediately and took it seriously following the Roberts’ capabilities of such hacking tactics.

In the FBI affidavit first made public Friday - first obtained by APTN National News - Roberts told the FBI earlier this year about not once, but repeatedly hacking into aircrafts' in-flight entertainment (IFE) systems while on board.

"During these conversations, Mr. Roberts stated ... he had exploited [flaws] with IFE systems on aircraft while in flight. He compromised the IFE systems approximately 15 to 20 times during the period 2011 through 2014," FBI Special Agent Mark Hurley wrote in his application. "He last exploited an IFE system during the middle of 2014."

How the researcher made this possible?
The documents claim that Roberts connected his laptop to the plane’s IFE system via a modified Ethernet cable, allowing him to access other airplane systems.

During at least one instance, Roberts reportedly claimed to have overwritten the code on the airplane's Thrust Management Computer while aboard a flight and successfully controlled the system to issue the climb command.
By issuing the ‘CLB’ or climb command, Roberts "caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane," according to the FBI warrant application.

No Systems were Harmed:
Roberts claimed via Twitter that no systems were harmed during the trip. Moreover, Roberts told Wired in an interview that the FBI has taken his remarks about hacking "out of context" of their discussions with the agency.

Roberts claimed that he had only watched data traffic on airplanes, and he has only attempted the hack in a simulated environment because he believed that such hack attacks were possible.

"It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others," he said, declining to elaborate further.

Since this incident, United Airlines has launched a bug bounty program inviting security researchers and bug hunters to report vulnerabilities in its websites, apps and web portals.

Roberts has neither been arrested by the FBI nor charged with any crime.

Twitter’s Own CFO Just Had His Twitter Account Hijacked

Twitter has a bit of a security problem. Taylor Swift, Chipotle, Newsweek — it seems each day brings another hijacked account or two.

Click to enlarge

For about 20 minutes this morning, Noto’s account was blasting out a massive torrent of spam.

It looks like the account was hijacked somewhere around 11:10 a.m. PT and recovered by 11:30. In that stretch, nearly 300 spam tweets were sent to some of Noto’s 13,000 followers.

Twitter has yet to comment on how the account might have been taken over. Given that it was used for spam rather than a political message, it’s possible that this wasn’t a targeted attack, instead relying on something like an old, forgotten API key left behind on a leaky third-party service.

It’s perhaps a bit revealing, though; if the company can’t keep the account of one of its own top executives locked down, what about its other 288 million active users?

Hacked Hotel Phones Fueled Bank Phishing Scams

A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south. Such attacks are not new, but this one is a timely reminder that phishers increasingly are using lures blasted out via SMS as more banks turn to text messaging to communicate with customers about account activity.

The above-mentioned phishing attacks were actually a mix of scams known as “SMiShing” — phishing lures sent via SMS text message — and voice phishing or “vishing,” where consumers are directed to call a number that answers with a voice prompt spoofing the bank and instructing the caller to enter his credit card number and expiration date.

Over the past two weeks, fraudsters have been blasting out SMS messages to hundreds of thousands of mobile users in the Houston, Texas area. The messages alerted recipients about supposed problems with their bank account, urging them to call a supplied number and follow the automated voice prompts to validate or verify their credit card account information.

On Saturday, Jan. 30, I called one of the numbers that was sent out in the smishing/vishing scam — 281-866-0500 – which is the main phone line for a Holiday Inn Express in Houston. At the time, calls to the number went straight to an automated voice prompt targeting Bank of America customers:

“Thank you for calling Bank of America. A text message has been sent to inform you that your debit card has been limited due to a security issue. To reactivate, please press one now.” After pressing one, the caller is prompted to enter the last four digits of their Social Security number, and then the full card number and expiration date.

My recording of the call was garbled, but here’s a copy of a very similar voice prompt targeting Key Bank customers earlier in January that also was run off the fax line tied to a different Holiday Inn a few miles away in Houston [number: 832-237-8999], according to Numbercop, a telephony threat intelligence firm.

Holiday Inn’s corporate office did not return calls seeking comment, but the company apparently got the message because the phone lines were answering normally on Monday. A front desk clerk who answered the line on Tuesday said the hotel received over 100 complaints from people who got text messages prompting them to call the hotel’s main number during the time it was hacked.

According to Jan Volzke, Numbercop’s chief executive, these scams typically start on a Saturday afternoon and run through the weekend when targeted banks are typically closed.

“Two separate Holiday Inns getting hijacked in such short time suggests there is a larger issue at work with their telephone system provider,” he said. “That phone line is probably sitting right next to the credit card machine of the Holiday Inn. In a way this is just another retail terminal, and if they can’t secure their phone lines, maybe you shouldn’t be giving them your credit card.”

Volzke said the recipients of the phony texts in Houston were geo-targeted by area code.

“The texts were sent in bursts with varying bank affiliations, including Bank of America, Fifth Third Bank, and Susquehanna Bank,” he said. “The campaign last week was an identical case to one a week or so earlier that referenced Key Bank, Bank of America and Wells Fargo.”

Numbercop says the text message lures were sent using email-to-SMS gateways, but that the company also has seen similar campaigns sent from regular in-network numbers (prepaid mobile phones e.g.), which can be harder to catch. In addition, Volzke said, phishers often will target AT&T and Verizon users for use in furthering these schemes.

Many banks now offer their customers the ability to receive text message alerts about activity on their credit card accounts — such as recent transactions — so it’s not surprising that crooks are exploiting this medium. While vishing and SMiShing attacks are not new (see this story from 2010), they are on the rise: According to Cloudmark, the incidence of SMS bank account phishing in the U.S. more than tripled in September 2014. Cloudmark’s recently released Annual Threat Report found more than one in four unsolicited SMS messages reported in 2014 attempted to steal the victim’s personal or financial information.

Volzke says it’s unfortunate that more financial institutions aren’t communicating with their customers via mobile banking apps.

“Banking apps are among the most frequently downloaded and used apps,” Volzke said. “If the user has an app from the bank installed, then if the bank really has something to say they should use the in-app messaging method, not text messages which can be spoofed and are not secure. And yet we see almost no bank making use of this.”

Regardless of whether you communicate with your bank via text message, avoid calling phone numbers or clicking links that appear to have been sent via text message from your bank. Also, be extremely wary of any incoming calls from someone calling from your bank. If you think there may be an issue with your account, your best bet is to simply call the number on the back of your credit or debit card.

Hackers target Malaysia Airlines website

Malaysia Airlines has had its website hacked by a group called "Lizard Squad", which made references to the Islamic State on the defaced site.

The website's front page was replaced with an image of a tuxedo-wearing lizard, and read "Hacked by LIZARD SQUAD - OFFICIAL CYBER CALIPHATE". It also carried the headline "404 - Plane Not Found", an apparent reference to the airlines' puzzling loss of flight MH370 last year with 239 people aboard.

Media reports said versions of the takeover in some regions included the wording "ISIS will prevail".

The Lizard Squad is a group of hackers that has caused havoc in the online world before, taking credit for attacks that took down the Sony PlayStation Network and Microsoft's Xbox Live network last month.

The Islamic State, an extremist Sunni Muslim group, has seized large swathes of Syria and Iraq, where it has declared an Islamic "caliphate".

It has drawn thousands of fighters from across the globe to its anti-Western cause, and shocked the world with its video-taped executions of journalists and other foreigners it has captured, the most recent being a Japanese security contractor it claimed Sunday to have beheaded.

A second Japanese captive being held by the militants has also been threatened with execution.

The IS group, which uses social media in recruiting and spreading its message, is believed to harbour ambitions of launching a cyber-war against the West.

It is unclear why Malaysia Airlines was targeted.

But concern has been rising in Malaysia after scores of its citizens were lured to the IS cause in the Middle East. Malaysian authorities last week said they have detained 120 people suspected of having IS sympathies or planning to travel to Syria.

Hackers leak 13,000 Passwords Of Amazon, Walmart and Brazzers Users

Hackers claiming affiliation with the hacktivist group "Anonymous" have allegedly leaked more than 13,000 username and password combinations for some of the worlds most popular websites, including Amazon, Xbox Live and Playstation Network.

The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin (now deleted), on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates.

The news came just a day after the hacker group Lizard Squad compromised Sony’s Playstation and Microsoft’s Xbox Live gaming networks on Christmas day, which is estimated to have affected Xbox's 48 million subscribers and PlayStation's 110 million users, making it a total of more than 150 million users worldwide.

However, data breach of 13,000 users is not the biggest data breach we've ever seen. When millions of passwords are used for sites around the globe, chances are very minor that our’s among those compromised. But still it’s important to note as these accounts come from a variety of online sources and among those, some are really very popular.

The Daily Dot's Aaron Sankin has compiled a comprehensive list of sites associated with the username and password leaks, and discovered that the leaks came from the sites run the gamut from pornography to gaming to online shopping. The list of the compromised websites is as follows:

• Amazon
• Walmart
• PlayStation Network
• Xbox Live
• Twitch.tv
• Dell
• Brazzers
• DigitalPlayground
• and see complete list.

Just to be on a safer side, users are recommended to change their passwords if they have accounts on these compromised websites, and also pay attention to your credit card transactions and if any suspicious activity found, immediately communicate with related banks and financial institutions.

Also, don't use the same passwords for banking and online shopping sites, and always keep an eye out for unusual activities or unauthorized purchases with your accounts.

North Korea Internet partially restored following a 9.5 hours outage

North Korea has regained partial Internet access, following a widespread outage that occurred days after the U.S. vowed to respond to a cyberattack on Sony that was blamed on Pyongyang.

The Korean Central News Agency and the Rodong Sinmun newspaper were back online Tuesday after earlier being inaccessible. It was unclear whether wider Internet service in the North has been restored to its previous levels.

The reason for the massive outage is not yet clear, but it comes just days after President Barack Obama warned the U.S. would retaliate against the North. A State Department spokeswoman, when asked about the situation, declined comment.

However, she did say the U.S. government is discussing a range of options in response to the Sony hacking, some of which, she said, will be "seen" and some that "may not be seen."

Doug Madory, a spokesman for the U.S.-based Internet analysis firm Dyn Research, said the Internet problems in North Korea could be the result of an attack.

Earlier, North Korea had called on the United States to apologize for implicating Pyongyang in the hacking of Sony Pictures and threatened to fight back in a variety of ways, including cyberwarfare.

The National Defense Commission for Pyongyang said in state media late Sunday that the U.S. government was wrong to blame North Korea for the hacking. It also said the claims are groundless.

Meanwhile, China's Foreign Ministry said it does not have enough information to determine whether reports that North Korea used Chinese facilities to stage a cyberattack on Sony Pictures are true.

Foreign Ministry spokesperson Hua Chunying said Monday China is "opposed to all forms of cyberattacks" and would not reach any conclusions without having "enough facts."

However, Hua said China is opposed to attacks on a third party "through making use of the facilities of another country" and is ready to have a "dialogue with other countries."

The United States is in talks with China to possibly help block cyberattacks from Pyongyang

FBI Officially Blames North Korea in Sony Pictures Hack

Following the high-profile cyber attack against Sony Pictures Entertainment, and continuous threats against  employees and celebrities, the FBI has released an official statement declaring the investigation has lead to “enough information to conclude that the North Korean government is responsible for these actions.”

In a press release issued Friday morning, the FBI listed several factors that lead to its conclusion, including:

• Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks
• The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
• Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

President Obama held a news conference shortly after the announcement, where he was asked to comment on the United States’ proportional response to the attack.

“Our first order of business is to try to prevent those attacks from taking place,” said President Obama. “Everything that we can do at the government level to prevent these types of attacks [we’re doing]. We’re coordinating with the private sector but we’re not even close to where we need to be.We need strong cybersecurity laws that provide for data sharing.”

Without further details, President Obama added a response would come “at a time and place we choose.”

Secretary of the Department of Homeland Security Jeh Johnson also stressed in a statement the high-profile event underscored the importance of good cybersecurity practices to rapidly detect cyber intrusions and promote resilience throughout all networks.

“Every CEO should take this opportunity to assess their company’s cybersecurity,” said Johnson. “Every business in this country should seek to employ best practices in cybersecurity.”

The FBI’s statement comes days after Sony Pictures Entertainment called off its plans to release “The Interview” — a comedy depicting the assassination of North Korea’s leader Kim Jong-un, and after several theaters received threats for intending to show the film

FBI warns of 'destructive' malware in wake of Sony attack

The Federal Bureau of Investigation warned U.S. businesses that hackers have used malicious software to launch destructive attacks in the United States, following a devastating cyber attack last week at Sony Pictures Entertainment.

The five-page, confidential "flash" warning issued to businesses late on Monday provided some technical details about the malicious software that was used in the attack, though it did not name the victim.

An FBI spokesman declined comment when asked if the software had been used against the California-based unit of Sony Corp.

The FBI occasionally issues "flash" warnings to provide businesses with details about emerging cyber threats to help them defend against new types of attacks. It does not name the victims of those attacks in those reports.

The report said that the malware overrides data on hard drives of computers which can make them inoperable and shut down networks.

It is extremely difficult and costly, if not impossible, to recover hard drives that have been attacked with the malware, according to the report, which was distributed to security professionals at U.S. companies.

Windows Phone 8.1 Hacked

Do you wanna hack Nokia Lumia phone running the latest mobile operating system Windows 8.1 ? Hackers have made it very easy for you all!

Just few weeks after Microsoft announced a 19 year-old critical security hole existed in almost every version of its Windows operating system, XDA-developers have discovered a new vulnerability in Microsoft’s youngest OS Windows 8.1 that could easily be exploited by hackers to hack a Nokia Lumia phone.

XDA Developers hacker who go by the name DJAmol has found a wide open hole in OS Windows Phone 8.1 which makes the operating system very easy to hack. The vulnerability allows attackers to run their application with other user's privileges and edit the registry.

DJAmol realized that simply by replacing the contents of a trusted OEM app that has been transferred over to the SD card, the app will inherit the privileges of the original app. Once done, an attacker could then delete the existing directory and create a new directory with the same name as the original App.

As a result, the third party registry editor app will gain full access to the Info and Settings in the app itself. This how the hack can be implement in a few simple steps prescribed by XDA-developers in a blog post.

• Develop your own application package and deploy it on the target device.
• Install an any application such as “Glance Background Beta” from the Window Phone app Store.
• Delete all folders under the targeted directory of the installed app, in this case, Glance background.
• Now copy the contents of your own deployed package and paste it on the targeted directory. This implies replacing the “Program Files” of the installed app with your package files.
• Finally launch the App which will run in OEM (Glance Background beta) directory using the privileges of the targeted App.

The hack is very simple and easy to implement because all it need an application from the Window app store. But thankfully, the hack has not yet escalated to a full interop unlock, as the applications which are allowed to be moved to the SD card have limited access.

XDA developers forum reported the vulnerability to the Microsoft and also warned them that the vulnerability could give higher privileges to the attackers if tried using a First Party Application, rather a third party app. By the time, we can just wait for a response from Microsoft’s part to prevent it from getting more serious.

Nearly 7 Million Dropbox Account Passwords Allegedly Hacked

Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening, The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world.

Dropbox, the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files.

HACKERS CLAIMED TO RELEASE 7 MILLION USERS’ PERSONAL DATA
A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sharing site.

Hackers have already leaked about 400 accounts by posting login credentials, all starting with the letter B, and labelled it as a "first teaser...just to get things going". The perpetrators are also promising to release more more password details if they're paid a Bitcoin ransom.

"More Bitcoin = more accounts published on Pastebin. 

As more BTC is donated, More pastebin pastes will appear."

The security breach in Dropbox would definitely have bothered its millions of users and since passwords are involved in this incident, so it has more frightening consequences on its users. Reddit users have tested some of the leaked username and password combinations and confirmed that at least some of them work.

DROPBOX DENIED THE HACK - THIRD PARTY IS RESPONSIBLE
However, Dropbox has denied it has been hacked, saying the passwords were stolen apparently from third-party services that users allowed to access their accounts. In a statement to The Next Web, Dropbox said:

"Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. 

We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well."

The incident came just few days after the Snappening incident in which the personal images of as much as 100,000 Snapchat users were leaked online, which was the result of a security breach in the its third-party app.

Snapchat has denied that its service or server was ever compromised, but the servers of a third-party app designed to save Snapchat photos, which became the target for hackers to obtain personal photographs.

DROPBOX - "HOSTILE TO PRIVACY" SAYS SNOWDEN
Dropbox was in the news earlier this week when, in a recent interview with The Guardian, NSA whistleblower Edward Snowden called Dropbox a "targeted, wannabe PRISM partner" that is "very hostile to privacy" — referring to its ability to access your data itself, which is yet another security consideration when it comes to web services.

Snowden suggested web users to stop using Dropbox and warned them that the cloud storage service does not safeguard users’ privacy because it holds encryption keys and can therefore be forced by governments to hand over the personal data they store on its servers. He suggested people to use an alternative cloud storage provider that do not store any encryption keys, so that the users’ data cannot be read by anyone.

USERS ARE ADVISED TO CHANGE PASSWORDS
Until the full scope of the problem is known, it’s probably worthwhile changing your password. But whether the attack is confirmed or not, it’s a good idea to change your password just to be on a safer side — especially for those users who use same password for multiple services.
Users are also recommended to turn on two-factor authentication, which Dropbox now supports and install a time-based, one-time password app on a mobile device.

Update: Dropbox has issued a statement on its blog further clarifying that the Dropbox passwords were stolen from "unrelated services."

"The usernames and passwords...were stolen from unrelated services, not Dropbox," 

the company said in a blog post. "Attackers then used these stolen credentials to try to 

log in to sites across the internet, including Dropbox. We have measures in place 

that detect suspicious login activity and we automatically reset passwords when it happens."

"Attacks like these are one of the reasons why we strongly encourage users 

not to reuse passwords across services. For an added layer of security, 

we always recommend enabling 2 step verification on your account."

Leaked: K Box Singapore database with more than 317,000 names

Police report filed after database including personal details, such as contact numbers and date of birth, was made available for public download.

Personal details of more than 317,000 members of Karaoke entertainment operator K Box Singapore appear to have been leaked publicly.

At 4.17am on Tuesday morning (Sep 16), a group calling themselves The Knowns emailed links to the list of members' details to several media outlets, including MediaCorp.

The list includes names of K Box members as well as their contact numbers, email addresses, NRIC numbers, dates of birth and marital status. It also includes K Box-specific data, such as membership numbers and "K Points" earned.

Channel NewsAsia has been able to verify the details of several of the individuals on the list. One member, who confirmed her details in the list were accurate, said that K Box has not yet contacted her about any leak.

"I'm a bit freaked out," said the member, who asked to remain anonymous. "My main concern is that with those details, someone could sign me up for random stuff."

Another member whose name was found on the list said he was "extremely concerned what other personal information got leaked" and that he was also worried if other companies' databases had been hacked. He filed a police report reporting the leak on Tuesday afternoon.

The Police confirmed that the report has been lodged, and that they are looking into the matter.

K Box did not respond to phone or email queries from the media. A senior management staff at the company headquarters said the company had "no comment" on the issue.

Channel NewsAsia understands that the relevant government agencies are aware of the incident and are looking into it.

The group claiming responsibility for the leak said that it was in response to "the recent increase in toll at Woodlands", saying that it was "an unnecessary financial burden on working Malaysians".

"To show our displeasure, we are releasing the database of Kbox containing more than 300k personal details of its membership. We had done it before and will do it again."

Massive “Gmail Credentials” Dump Posted Online

Another day, another large haul of logins posted to the web. 

While the linked article sounds a bit scary with mentions of a “big security breach” for Gmail, that isn’t the case here and there’s no need to run screaming for the hills just yet. 

What actually appears to have happened is that somebody rolled up lots of older data dumps originating from various causes (such as phishing and / or password reuse) and released it all in one go, posting it to a Bitcoin forum. 

As these logins could give scammers access to Gmail should the email and passwords match up, Google took a look at the data and the results are as follows:

• Less than 2% of what is claimed to be close to 5 million account credentials “might” have worked, and their automated detection systems would have “blocked many of those login attempts.”
• Enabling the various security tools on offer from Google will help to bump up the security level on your accounts and services. Passwords, recovery options, 2 step verification – all of these are available to you.
• These leaked accounts were not the result of a breach of Google systems.

The popular Haveibeenpwned site, run by well-known software architect and Microsoft MVP Troy Hunt – which lets visitors check if their username or email address (NOT password) have appeared in any data breaches – has been updated to reflect this latest data dump.

It seems 17% of the accounts were already in there to begin with. If you’re wanting to keep up with the latest stats, figures and “Where has this data been seen before” you should keep an eye on that particular Twitter account as it promises to be a busy few days.

Otherwise, don’t panic and have a look at your security settings sooner rather than later. You’ll likely be glad you did.

Nude Celebrity Photo Dump Has Many Asking What Happened

Hundreds of private photos belonging to several high-profile Hollywood actresses were posted online this past weekend. They are explicit in nature, and were not intended to be seen by the public. But they have been.

The question, now, is how did this happen?

The details of the hackings haven’t been worked out quite yet, but there are two popular theories floating around: the first is that the hacker, or hackers, exploited a vulnerability allowing cybercriminals to make an unlimited number of password guesses on Apple’s cloud service offering, iCloud. This type of attack—repeatedly guessing passwords until the successful password is found—is called a brute force attack, and is typically done with an automated program. Once an iCloud account is breached, or any cloud service for that matter, the hackers can view and retrieve anything saved in that cloud such as contacts, photos, saved notes, and more.

The second theory, one suggested by Apple after it made an official statement on the situation, is that these celebrities may have fallen victim to a social engineering attack. Social engineering attacks are attacks that take advantage of social habits in order to compromise an account or gain access to sensitive information. For example, a “hacker” could pose as someone who works at your company, but in a different department, in order to trick you into giving up sensitive company information. This wouldn’t be the first time that a social engineering attack made headlines. In 2012, digital journalist Mat Honan had his life turned upside down when hackers gained access to nearly all of his online accounts through social engineering techniques.

Regardless of which theory is accurate, the result is fairly predictable: someone involved with the hacking ring, or the single person who accrued all of these photos, wanted to show off on an Internet imaging board and posted stolen photos. Those photos, of course, were shared throughout the Web, and the privacy of these well-known individuals was shattered.

We won’t know what hacking method was used for some time, possibly not until after an F.B.I. investigation. That investigation won’t restore anyone’s lost privacy, but it’ll hopefully result in some much-needed justice. In the meantime, what can people do in order to protect themselves from such attacks?


Of course, with celebrities being in the public eye, the demand for their personal photos is quite high. Still, while you may not be a celebrity, there are a few important steps that you can take to protect your online identity, and your private photos.

• Be wary of uploading to the cloud. By default, iPhones upload photos to iCloud through a feature called “Photo Stream.” This is done to preserve your photos in the event of phone failure, and enable you to access photos from any of your devices. In this context, however, having personal photos in multiple places only increases the likelihood of those photos leaking. If you feel that you need to disable Photo Stream, follow Apple’s instructions here.

• Be careful what photos you take with your mobile device. Even if you’re not sending them to anyone or uploading to the cloud, do remember that your phone or tablet can be lost or stolen. 

• Use strong passwords. Every online service requires the use of a password. These passwords need to be complex in order to ensure your security. A complex password consists of at least eight characters in length and uses a combination of upper and lower case letters, numbers and symbols. These passwords should be unique to each site and should be changed every six months at a minimum.

• Use a password manager. The reason why strong passwords aren’t used enough is largely attributed to the fact that they’re more difficult to remember. Complex passwords can also be a pain to use on mobile devices.

• Enable two-factor authentication wherever possible. Two-factor authentication is a security standard that requires the account holder to possess two things: knowledge (like a password or answer to security questions) and something that only they would have (like a phone number). Two-factor authentication is a great way of preventing hackers from gaining access to sensitive accounts, and would’ve likely prevented this whole situation from taking place if enabled.

Be warned: there is no one silver bullet to digital security. Vulnerabilities exist because of how programs are built and how they interact with one another. The best way to stay secure online to stay knowledgeable of security defense and use the techniques you need to stay safe surfing.

Apple Not Hacked In Celebrity Nude Photo Breaches

"Very targeted attack" on celebrities' Apple usernames, passwords, security questions -- iCloud, Find My iPhone not breached, Apple says.

This afternoon, Apple confirmed that stolen and leaked private photos of several celebrities were not due to a breach in its iCloud nor Find My iPhone services. Speculation swirled over just how the attackers accessed the accounts of Jennifer Lawrence, Jenny McCarthy, Rihanna, Kate Upton, Mary E Winstead, and others.

A trove of naked photos and video content stolen from the stars appeared on the 4Chan chatroom site over the weekend. Questions about how the hackers got hold of the celebs' accounts began to center around a possible flaw in Apple's iCloud and Find My iPhone after Apple reportedly issued an update that fixed a hole that would allow a brute-force password attack.

In a statement issued today, Apple said:

"When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved."

Apple recommends users create strong passwords and use two-factor authentication, which is an option for Apple ID accounts. Apple did not comment on the reported flaw nor did it respond to questions about it via a media inquiry.

One security expert says he tested whether AppleID would lock him out after a certain number of attempts after hearing about the possible patch by Apple: It did. "After ten attempts, it locked me out," says Rik Ferguson, global vice president of security research at Trend Micro. He was unable to confirm whether Apple's authentication service had always done so, or whether this was due to a fix by Apple in the wake of the celeb hacks.

Either way, brute-forcing would require knowing the email address of the target, he says.

It's not surprising that most consumers and celebrities don't opt for the second factor of authentication since it's not required, experts say. And weak passwords most likely played a major role in the attack, they say.

"This breach could have been prevented if iCloud required users to use a two-factor authentication to access their accounts. This will require users to enter a numerical code that is sent to their phone or another device, in addition to using their regular password," says Vijay Basani, CEO of EiQ Networks. "Since numerical code always changes, it makes it difficult for the hackers to gain access [and breach the account], even if they can guess the password."

Apple denies its services were hacked

“Celebgate” -as the theft and publication of private photos of more than 100 actresses and models has come to be known – is not only affecting the direct victims of the theft but also the companies that have been implicated in the affair.

Initially, it was thought that the leaks could be due to a potential security hole in iCloud, Apple’s virtual storage platform, but the company has announced that, after a 40-hour investigation, they have discovered that the accounts of these celebrities “were compromised by a very targeted attack on user names, passwords and security questions.” Adding that these attacks have “become all too common on the Internet.”

Apple denies that the hacking of the accounts of actresses such as Jennifer Lawrence, Kirsten Dunst and Kate Upton was the consequence of a vulnerability in its iCloud or ‘Find my iPhone‘ services. Although some of the victims have already had their say on the issue.


The company has also announced that it continues to work with the police to help identify the criminals involved and encourages all users to choose a strong password and double check their security systems.

Reported Apple iCloud Hack Leaked Hundreds of Nude Celebrity Photos

Now this gonna be the height of Privacy Breach! Nude images of several high-profile persona including actors, models, singers and presenters have been made available online in a blatant hacking leak linked to the Apple iCloud service.

The recent privacy breach appears to be one of the biggest celebrity privacy breaches in history and represents a serious offense and violation of privacy. A hacker allegedly breached Apple’s iCloud service and copied the personal photos of at least 100 high-profile stars.

WHO IS BEHIND IT

The anonymous hacker, using the name Tristan, sparked the scandal on Sunday after dumping a large cache of female celebrities' alleged naked photographs onto the 4chan online forum, an online message board used for sharing pictures.

The list of those celebrities allegedly affected, whose nudes photographs are supposedly in this cache, is very long that includes Jenny McCarthy, Rihanna, Kristin Dunst, Kate Upton, the American actress Mary E Winstead, and the Oscar winning actress Jennifer Lawrence. 

As a result of the leak, the nude photographs and videos of female celebrities are apparently being widely circulated on the internet. took to the ‘deep web’ where the images are thought to have first been posted a week ago to say he had to ‘move location’.

HOW ALL THIS BEGIN

The anonymous hacker behind the leaked images scandal posted a brief statement saying that they were going to bed because "s*** was getting real."

On Sunday evening, the anonymous user began posting the nude images of dozens of celebrities on 4chan website. It is still unclear how the photographs ended up online, but the anonymous hacker may have obtained more than 423 nude images of over a 100 celebrities without their permission.

Within hours Twitter was awash with hundreds of thousands of tweets about the photographs which are also alleged to include Brits Michelle Keegan, Cara Delevigne, Cat Deeley and Kelly Brook. 

CELEBS ADMITTED - SNAPS ARE REAL

The the 24-year-old Hunger Games and X-Men actress Jennifer Lawrence icluding several others have confirmed that the leaked photographs are genuine, while some celebrities have disputed the authenticity of the images.

The superstar Jennifer Lawrence's representative previously reported that Lawrence’s photographs were stolen, calling the hacking act as “a flagrant violation of privacy.” The spokesperson also added, “The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”

Mary Elizabeth Winstead from Final Destination 3 was also been victim of the hack. The actress took to Twitter to react to having her images exposed.

HOW PHOTOGRAPHS WERE OBTAINED

It is believed that the leaked photographs of high-profile celebs were apparently obtained by the hackers via a massive hack of Apple's iCloud. The nude images then posted on 4chan websites by its users offering more explicit material in exchange for bitcoin payments.

The hacker on 4chan is also claiming to have over 60 nude selfies and an explicit sex film of the Oscar-winning actress, Jennifer Lawrence, which is available for a fee in Bitcoins.

NO RESPONSE FROM APPLE

Apple has declined to comment. It has not yet confirmed that its iCloud service was involved in the alleged leak.

The encryption of Apple on general data is considered to be robust, but access to it could be gained if an attacker is able to guess a users' passwords, which can be have obtained by using ‘brute force’ attack or ‘social engineering’ trick.

An account can alternatively be easily accessed by resetting a user's account by finding their email address and then answering traditional ‘security questions.’

Jennifer Lawrence: Victim of a security hole in iCloud?

If you are on Twitter you may have noticed the actress Jennifer Lawrence has been ‘Trending Topic’ since yesterday afternoon.

The reason? The leak of nude photos of the 2013 Academy Award winner on the /b/ forum of 4Chan.

She has confirmed the story, although she is apparently not the only victim.

Other models and actresses such as Kirsten Dunst, Kate Upton or Ariana Grande have also allegedly had pictures leaked, although not all these cases have been confirmed. Meanwhile, Mary E. Winstead has acknowledged the authenticity of the pictures that have been circulated, while Victoria Justice has denied that some photos allegedly of her are authentic.

It is still not clear how ‘Celebgate’ (as some are referring to this massive hacking) was carried out. Some sources have suggested a possible security breach in iCloud, Apple’s virtual data storage platform, though the company has yet to confirm this.

Until it is known how these images were stolen, the best anyone can do is apply common sense and ensure they use strong passwords to access their services. We also recommend that users check their Apple ID account.

The largest ever theft of passwords uncovered

What appears to be the greatest theft of user credentials in history has been reported by Hold Security, a small US security firm. No less than 1,200 million login credentials have been stolen from numerous websites around the world.

Although all the details are still not clear, it seems the cyber-crime group behind this theft used automated tools to exploit known bugs in databases such as SQL. Apparently, they were on the lookout for websites that had failed to update software and were therefore vulnerable to attacks. A total of 420,000 websites were targeted.

It’s still not known which websites are affected by the attack, neither have they all been contacted to advise them to update their defenses. Hold Security has yet to contact the authorities, although it planned to do so after reporting this story.

What can you do in the light of this attack?
It is clear that no matter how well protected your computer is, there’s nothing you can do if, as in this case, you are not the direct victim. Here for example they have stolen user databases from websites, not from users’ computers. That’s why one of the most important security measures you can take is to never use the same login credentials on more than one website. If you reuse usernames and passwords for different services you are increasing the risk, because if one of these sites is compromised, your other accounts will be vulnerable.

A good example of this was the recent case in Australia, where users of iPads/iPhones had their devices hijacked by cyber-criminals who demanded a ransom to hand back control. Some sources speculated that Apple’s databases may have been hacked, though the company denied this. Everything then pointed towards the source of the problem as being an Internet forum on which users had set the same password as they had for Apple’s iCloud service.

How to make a strong password

• Use numbers
• Include letters as well
• Combine upper and lower case
• Add symbols such as@, #, ? or %
• Where possible it should have at least eight characters. The longer it is, the more difficult it will be to guess
• Never use a run of consecutive numbers or letters: 123456; 987654; abc123
• Never use adjacent keyboard letters: qwer123; asd987
• Your password should not be something easily associated to you. Never use your name or date of birth.