Stolen data obtained from music site Last.fm back in 2012 has surfaced, and it looks like hackers made off with accounts belonging to more than 43 million users.That's according to LeakedSource, a repository for data breaches that obtained a copy of the stolen data. Included in the trove are users' names, email addresses and passwords secured with an aging hashing algorithm called MD5, LeakedSource reported in a blog post on Thursday.Last.fm hasn’t responded so far to a request for comment. The music service reported the breach four years ago and asked all its users to change their passwords immediately. It never made clear how many accounts were affected, however, or the hashing method it used to secure the passwords.To read this article in full or to leave a comment, please click here
Stolen data obtained from music site Last.fm back in 2012 has surfaced, and it looks like hackers made off with accounts belonging to more than 43 million users.That's according to LeakedSource, a repository for data breaches that obtained a copy of the stolen data. Included in the trove are users' names, email addresses and passwords secured with an aging hashing algorithm called MD5, LeakedSource reported in a blog post on Thursday.Last.fm hasn’t responded so far to a request for comment. The music service reported the breach four years ago and asked all its users to change their passwords immediately. It never made clear how many accounts were affected, however, or the hashing method it used to secure the passwords.To read this article in full or to leave a comment, please click here
Recent data breaches underline the need for Internet users to regularly update the passwords for all their Internet accounts.On Wednesday, Spotify reset the passwords of an unspecified number of users, just a day after data on 68 million accounts from Dropbox began reaching the Internet.In a notice to users, Spotify said their credentials may have been compromised in a leak involving another service, if they used the same password for both.“Spotify has not experienced a security breach and our user records are secure,” the company said in an email. The password reset is merely a precaution, it said.To read this article in full or to leave a comment, please click here
Recent data breaches underline the need for Internet users to regularly update the passwords for all their Internet accounts.On Wednesday, Spotify reset the passwords of an unspecified number of users, just a day after data on 68 million accounts from Dropbox began reaching the Internet.In a notice to users, Spotify said their credentials may have been compromised in a leak involving another service, if they used the same password for both.“Spotify has not experienced a security breach and our user records are secure,” the company said in an email. The password reset is merely a precaution, it said.To read this article in full or to leave a comment, please click here
A popular BitTorrent client called Transmission has again been found distributing Mac-based malware, months after it was used to spread a strand of ransomware.Researchers at security firm ESET have been following a malware called OSX/Keydnap, which can steal passwords, and noticed that it was spreading through Transmission’s official site.Somehow, a version of the BitTorrent client containing the malware had been recently made available on the site, ESET said in a blog post on Tuesday.Transmission has already removed the download, according to ESET. But users who downloaded the client between this past Sunday and Monday should check for signs that their Mac has been comprised.To read this article in full or to leave a comment, please click here
A U.S. cybersecurity monitor on Monday described another breach of a voter election system just after after a leaked FBI report revealed two similar attacks.In June, anonymous hackers stole administrative login credentials in an unnamed county that would have let them delete voter registration records and prevent citizens from casting ballots.The information comes from the Multi-State Information Sharing and Analysis Center (MS-ISAC), which monitors cyber attacks against state and local governments and shares information with the FBI. MS-ISAC is supported by the Department of Homeland Security.The attack in June targeted a county election official through a phishing email, according to Brian Calkin, vice president of operations for the Center of Internet Security, which runs MS-ISAC.To read this article in full or to leave a comment, please click here
A U.S. cybersecurity monitor on Monday described another breach of a voter election system just after after a leaked FBI report revealed two similar attacks.In June, anonymous hackers stole administrative login credentials in an unnamed county that would have let them delete voter registration records and prevent citizens from casting ballots.The information comes from the Multi-State Information Sharing and Analysis Center (MS-ISAC), which monitors cyber attacks against state and local governments and shares information with the FBI. MS-ISAC is supported by the Department of Homeland Security.The attack in June targeted a county election official through a phishing email, according to Brian Calkin, vice president of operations for the Center of Internet Security, which runs MS-ISAC.To read this article in full or to leave a comment, please click here
The FBI has reportedly found evidence that foreign hackers breached two state election databases in recent weeks.An FBI alert warning election officials about the breach was leaked, and it was posted in a report by Yahoo News on Monday. Voter registration databases from both Illinois and Arizona were targeted in the hacks, according to the report.In the Illinois case, personal data on 200,000 voters was stolen. In July, an official with the state’s board of elections warned on Facebook that the voting system had fallen to a cyberattack, forcing a shutdown.To read this article in full or to leave a comment, please click here
The FBI has reportedly found evidence that foreign hackers breached two state election databases in recent weeks.An FBI alert warning election officials about the breach was leaked, and it was posted in a report by Yahoo News on Monday. Voter registration databases from both Illinois and Arizona were targeted in the hacks, according to the report.In the Illinois case, personal data on 200,000 voters was stolen. In July, an official with the state’s board of elections warned on Facebook that the voting system had fallen to a cyberattack, forcing a shutdown.To read this article in full or to leave a comment, please click here
One security research company is taking a controversial approach to disclosing vulnerabilities: It’s publicizing the flaws as a way to tank a company’s stock.The security firm, MedSec, made news on Thursday when it claimed that pacemakers and other health care products from St. Jude Medical contain vulnerabilities that expose them to hacks.However, MedSec is also cashing in on the disclosure by partnering with an investment firm that’s betting against St. Jude Medical’s stock.The whole affair is raising eyebrows around the security community. It may be the first time someone has tried to get compensated for discovering vulnerabilities by shorting a stock, said Casey Ellis, CEO of Bugcrowd, a bug bounty platform.To read this article in full or to leave a comment, please click here
One security research company is taking a controversial approach to disclosing vulnerabilities: It’s publicizing the flaws as a way to tank a company’s stock.The security firm, MedSec, made news on Thursday when it claimed that pacemakers and other health care products from St. Jude Medical contain vulnerabilities that expose them to hacks.However, MedSec is also cashing in on the disclosure by partnering with an investment firm that’s betting against St. Jude Medical’s stock.The whole affair is raising eyebrows around the security community. It may be the first time someone has tried to get compensated for discovering vulnerabilities by shorting a stock, said Casey Ellis, CEO of Bugcrowd, a bug bounty platform.To read this article in full or to leave a comment, please click here
Jurors in a U.S. federal court have convicted a Russian hacker of stealing and selling more than 2 million credit card numbers.On Thursday, the jury in Seattle found Roman Valerevich Seleznev guilty of charges related to his hacking of point-of-sale systems.Seleznev was arrested in 2014 after U.S. authorities accused him of installing malicious software on point-of-sale systems in U.S. restaurants .From 2009 to 2013, Seleznev used this scheme to steal credit card data from businesses and send it back to his servers in Ukraine and McLean, Virginia. The stolen data was then sold on the black market, with Seleznev promising that buyers could make fraudulent purchases with them.To read this article in full or to leave a comment, please click here
Jurors in a U.S. federal court have convicted a Russian hacker of stealing and selling more than 2 million credit card numbers.On Thursday, the jury in Seattle found Roman Valerevich Seleznev guilty of charges related to his hacking of point-of-sale systems.Seleznev was arrested in 2014 after U.S. authorities accused him of installing malicious software on point-of-sale systems in U.S. restaurants .From 2009 to 2013, Seleznev used this scheme to steal credit card data from businesses and send it back to his servers in Ukraine and McLean, Virginia. The stolen data was then sold on the black market, with Seleznev promising that buyers could make fraudulent purchases with them.To read this article in full or to leave a comment, please click here
To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple’s iOS.The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates.Earlier this month, Mansoor received an SMS text message on his iPhone claiming to offer “new secrets” about tortured detainees in his country. However, inside the message was a link that, once clicked, can infect an iPhone with spyware, using three zero-day exploits of iOS, the research found.To read this article in full or to leave a comment, please click here
To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple’s iOS.The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates.Earlier this month, Mansoor received an SMS text message on his iPhone claiming to offer “new secrets” about tortured detainees in his country. However, inside the message was a link that, once clicked, can infect an iPhone with spyware, using three zero-day exploits of iOS, the research found.To read this article in full or to leave a comment, please click here
The 25 million account passwords stolen from Mail.Ru in a recently discovered hack were old and invalid, the Russian internet company said Wednesday.“The security of our users wasn’t compromised in any way,” a Mail.Ru spokeswoman said in an interview.The hack targeted forums for game projects that the company has acquired over the years. These include subdomains at cfire.mail.ru, parapa.mail.ru and tanks.mail.ru. Hackers stole passwords of users who participated in the forums.However, the company said the stolen passwords were legacy data. None of them were related to current email accounts or other Mail.Ru services.To read this article in full or to leave a comment, please click here
The 25 million account passwords stolen from Mail.Ru in a recently discovered hack were old and invalid, the Russian internet company said Wednesday.“The security of our users wasn’t compromised in any way,” a Mail.Ru spokeswoman said in an interview.The hack targeted forums for game projects that the company has acquired over the years. These include subdomains at cfire.mail.ru, parapa.mail.ru and tanks.mail.ru. Hackers stole passwords of users who participated in the forums.However, the company said the stolen passwords were legacy data. None of them were related to current email accounts or other Mail.Ru services.To read this article in full or to leave a comment, please click here
Twitter users aren’t the only ones checking the microblogging service for important updates. Android malware is starting to do so, too.One maker of Android malware is using Twitter to communicate with infected smartphones, according to security firm ESET.The company discovered the feature in a malicious app called Android/Twitoor. It runs as a backdoor virus that can secretly install other malware on a phone.Typically, the makers of Android malware control their infected smartphones from servers. Commands sent from those servers can create a botnet of compromised phones and tell the malware on all the phones what to do.The makers of Android/Twitoor decided to use Twitter instead of servers to communicate with the infected phones. The malware routinely checks certain Twitter accounts and reads the encrypted posts to get its operating commands.To read this article in full or to leave a comment, please click here
Twitter users aren’t the only ones checking the microblogging service for important updates. Android malware is starting to do so, too.One maker of Android malware is using Twitter to communicate with infected smartphones, according to security firm ESET.The company discovered the feature in a malicious app called Android/Twitoor. It runs as a backdoor virus that can secretly install other malware on a phone.Typically, the makers of Android malware control their infected smartphones from servers. Commands sent from those servers can create a botnet of compromised phones and tell the malware on all the phones what to do.The makers of Android/Twitoor decided to use Twitter instead of servers to communicate with the infected phones. The malware routinely checks certain Twitter accounts and reads the encrypted posts to get its operating commands.To read this article in full or to leave a comment, please click here
A vulnerability in a widely-used internet forum software is becoming a go-to method for hackers to steal data.Hackers recently targeted 11 different sites, many of them from Russia, and stole information from more 27 million Internet accounts, according to LeakedSource, a repository for data breaches. About 25 million accounts of those accounts were from cfire.mail.ru, parapa.mail.ru, and tanks.mail.ru, all of them Russian language games. Another 1 million were tied to gaming titles from Funcom, including The Secret World and Age of Conan. The stolen data includes email addresses and hashed passwords that can be easily cracked.To read this article in full or to leave a comment, please click here
Michael Kan