Hackers leak 13,000 Passwords Of Amazon, Walmart and Brazzers Users

Hackers claiming affiliation with the hacktivist group "Anonymous" have allegedly leaked more than 13,000 username and password combinations for some of the worlds most popular websites, including Amazon, Xbox Live and Playstation Network.

The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin (now deleted), on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates.

The news came just a day after the hacker group Lizard Squad compromised Sony’s Playstation and Microsoft’s Xbox Live gaming networks on Christmas day, which is estimated to have affected Xbox's 48 million subscribers and PlayStation's 110 million users, making it a total of more than 150 million users worldwide.

However, data breach of 13,000 users is not the biggest data breach we've ever seen. When millions of passwords are used for sites around the globe, chances are very minor that our’s among those compromised. But still it’s important to note as these accounts come from a variety of online sources and among those, some are really very popular.

The Daily Dot's Aaron Sankin has compiled a comprehensive list of sites associated with the username and password leaks, and discovered that the leaks came from the sites run the gamut from pornography to gaming to online shopping. The list of the compromised websites is as follows:

• Amazon
• Walmart
• PlayStation Network
• Xbox Live
• Twitch.tv
• Dell
• Brazzers
• DigitalPlayground
• and see complete list.

Just to be on a safer side, users are recommended to change their passwords if they have accounts on these compromised websites, and also pay attention to your credit card transactions and if any suspicious activity found, immediately communicate with related banks and financial institutions.

Also, don't use the same passwords for banking and online shopping sites, and always keep an eye out for unusual activities or unauthorized purchases with your accounts.

North Korea Internet partially restored following a 9.5 hours outage

North Korea has regained partial Internet access, following a widespread outage that occurred days after the U.S. vowed to respond to a cyberattack on Sony that was blamed on Pyongyang.

The Korean Central News Agency and the Rodong Sinmun newspaper were back online Tuesday after earlier being inaccessible. It was unclear whether wider Internet service in the North has been restored to its previous levels.

The reason for the massive outage is not yet clear, but it comes just days after President Barack Obama warned the U.S. would retaliate against the North. A State Department spokeswoman, when asked about the situation, declined comment.

However, she did say the U.S. government is discussing a range of options in response to the Sony hacking, some of which, she said, will be "seen" and some that "may not be seen."

Doug Madory, a spokesman for the U.S.-based Internet analysis firm Dyn Research, said the Internet problems in North Korea could be the result of an attack.

Earlier, North Korea had called on the United States to apologize for implicating Pyongyang in the hacking of Sony Pictures and threatened to fight back in a variety of ways, including cyberwarfare.

The National Defense Commission for Pyongyang said in state media late Sunday that the U.S. government was wrong to blame North Korea for the hacking. It also said the claims are groundless.

Meanwhile, China's Foreign Ministry said it does not have enough information to determine whether reports that North Korea used Chinese facilities to stage a cyberattack on Sony Pictures are true.

Foreign Ministry spokesperson Hua Chunying said Monday China is "opposed to all forms of cyberattacks" and would not reach any conclusions without having "enough facts."

However, Hua said China is opposed to attacks on a third party "through making use of the facilities of another country" and is ready to have a "dialogue with other countries."

The United States is in talks with China to possibly help block cyberattacks from Pyongyang

How to disable the WhatsApp blue double check on Android

Android users can now disable the blue double check in WhatsApp. The corresponding update for the app is now available from Google Play.

Do you want to know how to disable it? Follow these steps:

• From the latest version of the app, go to ‘Settings‘
• Then go to ‘Account‘
• Next ‘Privacy‘
• And finally, unselect ‘Read receipts’.

Don’t forget though, that if you disable read receipts, you won’t be able to see when your messages are read either.

What do you prefer?

FBI Officially Blames North Korea in Sony Pictures Hack

Following the high-profile cyber attack against Sony Pictures Entertainment, and continuous threats against  employees and celebrities, the FBI has released an official statement declaring the investigation has lead to “enough information to conclude that the North Korean government is responsible for these actions.”

In a press release issued Friday morning, the FBI listed several factors that lead to its conclusion, including:

• Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks
• The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
• Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

President Obama held a news conference shortly after the announcement, where he was asked to comment on the United States’ proportional response to the attack.

“Our first order of business is to try to prevent those attacks from taking place,” said President Obama. “Everything that we can do at the government level to prevent these types of attacks [we’re doing]. We’re coordinating with the private sector but we’re not even close to where we need to be.We need strong cybersecurity laws that provide for data sharing.”

Without further details, President Obama added a response would come “at a time and place we choose.”

Secretary of the Department of Homeland Security Jeh Johnson also stressed in a statement the high-profile event underscored the importance of good cybersecurity practices to rapidly detect cyber intrusions and promote resilience throughout all networks.

“Every CEO should take this opportunity to assess their company’s cybersecurity,” said Johnson. “Every business in this country should seek to employ best practices in cybersecurity.”

The FBI’s statement comes days after Sony Pictures Entertainment called off its plans to release “The Interview” — a comedy depicting the assassination of North Korea’s leader Kim Jong-un, and after several theaters received threats for intending to show the film

TorLocker ransomware variant designed to target Japanese users

Ransomware is nothing new to Japan. Symantec’s research has found that Japan ranks among the regions that are the most affected by global ransomware attacks. However, no attacks specifically targeting Japanese users have ever been confirmed. That is, until now. In the recent weeks, Symantec has observed a ransomware variant in the wild that was designed to target users who speak Japanese.

Figure 1. Ransomware attacks in November 2014 by region

The ransomware threat in question is a localized variant of TorLocker. The malware encrypts files with certain file extensions on the compromised computer and demands that the user pays in order to decrypt the files. Symantec has confirmed multiple variants of this particular Japanese ransomware threat.

TorLocker has been used in ransomware attacks around the world. The threat is part of an affiliate program, where the program’s operator gives participants the builder to create custom ransomware, access to the TorLocker control panel to track infections, and miscellaneous files to be used in conjunction with the malware. In return, the participants give a portion of the profit from the attack to the affiliate program’s operator.

Infection
The localized variant’s attacks on Japanese users have occurred on compromised websites that commonly host blogs. However, it is also possible that the attacker is renting an exploit kit to automatically compromise victims’ computers by exploiting software vulnerabilities. In one case, a recently compromised site owned by a Japanese publishing company redirected traffic to several domains hosting the Rig exploit kit. This may have ultimately served the ransomware as a payload.

In another case in late November, a blog site was compromised to display a fake Adobe Flash Player installer page.

Figure 2. Fake Adobe Flash Player installer page

If the user clicks on the yellow install button, they are prompted to download and execute a setup file to install the plugin. However, the file does not contain the typical icon used in Flash Player installers. The file is not digitally signed either, which suggests that the installer is a phony.

Figure 3. Icon of the installer downloaded from the fake Flash Player page

Once the setup file is executed, it does not install Flash Player. Instead, it encrypts certain files and displays a message in Japanese in popup window, stating that the computer has been locked. The message then asks the user to pay in order to unlock their files. The demanded ransom ranges from 40,000 yen to 300,000 yen (approximately US$500 to US$3,600).

Figure 4. Pop-up window of the TorLocker ransomware variant targeting Japanese-speaking users

Stay protected
Japan is approaching its week-long New Year holiday. The long break is a perfect opportunity for the attacker to perform its campaign, as many users will likely surf the internet during the time off. Symantec has the following recommendations to avoid or mitigate ransomware infections:

• Update the software, operating system, and browser plugins on your computer to prevent attackers from exploiting known vulnerabilities.
• Use comprehensive security software, such as Norton Security, to protect yourself from cybercriminals.
• Regularly back up any files stored on your computer. If your computer has been compromised with ransomware, then these files can be restored once the malware is removed from the computer.
• Never pay the ransom. There’s no guarantee that the attacker will decrypt the files as promised once they receive payment.

Four key areas of security solutions Singapore companies need to invest in

Singapore is one of the most well developed security markets in Asia/Pacific, and in the age of advanced attacks, organizations need to invest in four key areas of security solutions, according to Gartner, Inc. These four key areas of security solutions include: preventive, detective, retrospective and predictive.

“The key to achieving a strong security posture is to have these four types of security capabilities work well as an integrated, continuously monitored solution, something Gartner refers to as the adaptive security architecture,” said Sid Deshpande, principal research analyst at Gartner.

Organizations in Singapore display a heightened sense of urgency today towards improving their security posture, driven by the following factors:

• Strong efforts by government and regulatory bodies to increase security awareness and drive investment in security innovation
• The new types of risks associated with digital business models
• Highly visible security incidents in 2013 and 2014
• Overall IT spending growth

Gartner predicts that by 2018, 25 percent of corporate data traffic will flow directly from mobile devices to the cloud.

As the majority of consumer facing businesses in Singapore go digital, organizations are looking at investing in mobile and cloud security solutions that can help them mitigate risks associated with digital business.

The high interest areas around security from organizations in Singapore include security monitoring, identity and access management, advanced threat prevention, IoT security, application security, cloud security and GRC, among others.

“2013 and 2014 have seen a slew of merger and acquisition activity in the security space globally, and the increasingly complex nature of threats is driving security providers to fundamentally change the way they address their customers’ security challenges and communicate their message effectively. The renewed security opportunity presented to providers by Singapore enterprises brings with it sales and marketing challenges for security providers,” said Deshpande.

Yahoo! To Shut Down Texas-Holdem Poker Due To Web Security Issues

Just one month after Yahoo began heavily advertising its Texas Hold’em portal in conjunction with fantasy football, Yahoo has announced it is shutting down its online poker site entirely, effective December 31.  Although Yahoo has left open the possibility of launching a new Texas Hold’em game in the future, no further details are yet available.

According to the Yahoo webpage, it will not longer offer its current Texas Hold’em game because “changes in supporting technologies and increased security requirements for our Yahoo web pages” have rendered the game “incompatible, insecure, and no longer functioning correctly.”

While web security is an extremely important issue, it is somewhat surprising to find Yahoo shutting its Texas Hold’em game just one month after it began heavily advertising these game on its fantasy football webpages — the holy grail of young-adult, male advertising space.

If Yahoo had been planning to close these games, it may have been better off selling the ad space to Toyota, Procter & Gamble's Gillette, or one of its other regular fantasy sports advertisers.

Noteworthy in all of this news is that at the bottom of the Yahoo Games Help webpage, Yahoo mentions that it will be working toward the launch of new online games with better cyber-security, and these new games may ultimately include a new form of Texas Hold’em.

In addition, unlike the current Yahoo poker games that require users to purchase chips to enter, Yahoo has indicated that a new game, if launched, would be “free to play” but may offer ‘boosts’ for purchase” — a model similar to Candy Crush.

Unfortunately, the Yahoo’s information page does not discuss whether Yahoo! Poker will allow for prizes if it returns. Yet, if Yahoo is even remotely considering a move in that direction, its upgrade of web security serves absolutely utmost importance.

No doubt, the hosts of the Yahoo Hold-em recognize that much.

But the shutdown still seems odd, given the heavy marketing efforts of Yahoo holdem-poker that so recently predated it.

China-made E-Cigarette Chargers Could Infect Your Computer with Virus

It's better for smokers to quit smoking. Are you using electronic cigarettes (E-cigarettes) instead normal ones? Still, you should quit your smoking habit, because it not only damages your health, but could pose a danger risk to the health of your computer.

E-cigarettes have become the latest vector for hackers to distribute malicious software. E-cigarettes manufactured in China are reportedly being used to spread malware via a USB port to computers when users plug in for charging it up.

The report broke when an executive at a "large corporation" had been infected with malware from an undetermined source after he quit smoking and switched to e-cigarettes made in China, detailed a recent post to social news forum Reddit.

Further investigating the matter, he found that the chargers of the e-cigarettes - bought from the online auction site eBay for $5 - are hard-coded with the malware that infected his workstation despite having latest virus and anti malware programs installed.

"The executive's system was patched up to date, had antivirus 

and anti-malware protection," Reddit user Jrockilla said. "Web logs were scoured 

and all attempts made to identify the source of the infection but to no avail." 

"Finally after all traditional means of infection were covered, IT started looking 

into other possibilities. They finally asked the executive: 'Have there been any changes 

in your life recently?' The executive answered: 'Well yes, I quit smoking two weeks ago 

and switched to e-cigarettes.' And that was the answer they were looking for."

Rik Ferguson, a security consultant for Trend Micro, also considers the matter plausible and says, "Production line malware has been around for a few years, infecting photo frames, MP3 players and more." In 2008, for instance, a photo frame produced by Samsung shipped with malware on the product's install disc, the Guardian reported.

"Hackers are able to exploit any electronic device to serve malware to 

a poorly protected network," Pierluigi Paganini, chief information security officer 

at ID management firm, said in a blog post. 

"Despite the [fact the] idea could appear hilarious, many electronic cigarettes 

can be charged over USB using a special cable or by inserting 

one end of the cigarette directly into a USB port."

The idea is similar to the BadUSB, whose source code was released by the researchers last month on the open source code hosting website Github. BadUSB was capable to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. Ferguson explained that "a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices."

FBI warns of 'destructive' malware in wake of Sony attack

The Federal Bureau of Investigation warned U.S. businesses that hackers have used malicious software to launch destructive attacks in the United States, following a devastating cyber attack last week at Sony Pictures Entertainment.

The five-page, confidential "flash" warning issued to businesses late on Monday provided some technical details about the malicious software that was used in the attack, though it did not name the victim.

An FBI spokesman declined comment when asked if the software had been used against the California-based unit of Sony Corp.

The FBI occasionally issues "flash" warnings to provide businesses with details about emerging cyber threats to help them defend against new types of attacks. It does not name the victims of those attacks in those reports.

The report said that the malware overrides data on hard drives of computers which can make them inoperable and shut down networks.

It is extremely difficult and costly, if not impossible, to recover hard drives that have been attacked with the malware, according to the report, which was distributed to security professionals at U.S. companies.

Crash Your Friends' WhatsApp Remotely with Just a Message

A Vulnerability has been discovered in the wildly popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ‘The Hacker News’.

Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst.

In a video demonstration, they showed that by sending a 2000 words (2kb in size) message in special character set can crash the receiver's app. The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely.

"What makes it more serious is that one needs to delete entire chat with the person they are chatting to in order to get back whatsapp work in normal," Bhuyan told THN in an e-mail.

According to the duo, the reported vulnerability has been tested and successfully works on most of the versions of Android Operating system including Jellybean, Kitkat, and all the below android versions.

Similarly, Any member of your WhatsApp group could intentionally send a specially crafted message to exit people from the group and delete the group. Also, for example, if I don’t want someone to keep records of my chat with them, then I can also send the same message exploit to the person.
The vulnerability has not been tested on iOS, but it is sure that all versions of WhatsApp including 2.11.431 and 2.11.432 are affected with this bug. Also the attack does not work on Windows 8.1.

They have also provided the Proof-of-Concept (PoC) video for the attack, users can watch below.

WhatsApp, bought by Facebook for $19 billion in February this year, has 600 Million users as of October 2014, and according to the researchers, an estimated number of users affected by the vulnerability could be 500 Million.

WhatsApp was in news recently for making end-to-end encryption on all text messages as a default feature in an effort to boost the online privacy and security of its users around the world. The app maker describe this move as the "largest deployment of end-to-end encryption ever."