Tag Archives: Hack

Info From Dozens Of Companies Compromised By CLOP

More victims have emerged of a Russian-speaking cybercrime group whose recent spree includes stealing information from several federal U.S. agencies, NBC News reported.

The BBC, Shell, Johns Hopkins Health System, British Airways, the state of Illinois, and the department of motor vehicles of Oregon and Louisiana all appear to have had their files stolen, according to various news releases.

The group, CLOP, is an established ransomware group, a type of organized cybercrime where hackers try to remotely extort victims by either remotely encrypting their data or stealing and threatening to publish files.

On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA), a federal agency that advises the nation on cyberattacks and helps protect federal networks, said that multiple agencies had been affected by CLOP’s recent spree. Only the Department of Energy has said so far that it is a victim.

According to NBC News, CLOP appears to have struck gold by identifying a flaw in MOVEIt, a computer program designed to help companies transfer files. Organizations using an outdated version of MOVEIt are susceptible to an attack where CLOP can scoop up files.

The Guardian reported that personal details of every holder of a driver’s license from the U.S state of Louisiana were exposed to hackers who have pulled off a colossal cyber-attack that also affected American federal agencies, British Airways and the BBC, according to officials.

A statement on Thursday from the governor of Louisiana, John Bel Edwards, said that his staff believes everyone with a driver’s license, identification card or car registration issued by the state of more than 4.6 million residents probably had their names, addresses, and social security numbers exposed to the hackers.

Other personal information to which the cyber-attackers apparently were Louisianans’ driver’s license numbers, vehicle registration data, handicap placard information, birthdates, heights and eye colors, Edward’s statement said.

The number of records involved is thought to be about 6 million, Louisiana’s homeland security and emergency preparedness director Casey Tingle, told reporters Friday.

According to The Guardian, British Airways last week confirmed that its staffers’ names, addresses, national insurance numbers and banking details were exposed because its payroll provider Zellis used MOVEIt. The BBC said its staff had also been afflicted because Zellis was its payroll provider, though the broad caster added that it did not believe banking details were compromised. The UK’s beauty and health companyBoots said some of its team members’ information was also stolen.

CNN reported that hundreds of organizations across the globe have likely had their data exposed after the hackers used the flaw to break into networks in recent weeks. Multiple US federal agencies, including the Department of Energy, were breached. The US Office of Personnel Management was also impacted by the sweeping hack, multiple sources told CNN on Friday.

In my opinion, now would be a good time for companies organizations who use MOVEIt to stop using it. Find a more secure way to manage sensitive data by putting it in a place where it cannot be easily accessed by ne’er-do-wells.

TeamViewer Has Been Hacked

TeamViewer LogoSometimes, you just need to do a quick remote log in to someone else’s computer. There are plenty of tools available for doing this. But most of them are either expensive to purchase or difficult to set up. Remote desktop app TeamViewer changed all that with a series of free cross-platform, lightweight apps that require only a couple of numeric codes in order to connect to a remote machine. This has made TeamViewer very popular, and in turn, an inevitable target for hackers.

Last week, threads began surfacing on Reddit written by TeamViewer users claiming they had been hacked thru the app. Most of the hacking claims had common points. Users who were initially away from their computers came back to find their machines were being remotely controlled and directed to website like PayPal, eBay, and Amazon. This instance was reported by Reddit user psiren66:

I was sitting on my couch at 12am and all of a sudden my machine light up.
It opened an eBay page ans started trying to buy iTunes cards. I noticed that teamviewer was running as it’s access. as soon as i touched my mouse they disconnected. I opened my teamviewer and roughly 50 accounts had been added to it.
Changed all my passwords instantly. and added two step verification to my email and teamviewer accounts.

At first, TeamViewer was denying that its platform had been hacked, blaming these issues on user error. But the company has since stated that it knows about the hacks and that they are “significant”:

TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was “significant,” but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.

If you’re a regular TeamViewer user, you should consider changing your password and possibly adding two-factor authentication to your account. If you use the application sparingly, you may just want to remove it completely from your computer until you need it again. The application is a quick download and it’d only take a few minutes to reinstall.

Hack May Have Allowed Pizza Buyers to Eat For Free

Dominos Pizza logoIf there’s one connection that was inevitable to happen it would be the joy of home-delivered pizza being paired with the convenience that only the internet can provide. First, it became possible to order pizza direct from a restaurant’s website without having to even place a phone call. And now it’s even easier to purchase a pie online using mobile apps on a smartphone or tablet. While pizza makers have been quick to embrace new technologies, Dominos Pizza might be a little gun shy to jump on the next bandwagon.

Earlier this week, a UK security consultant named Paul Price blogged about an order he’d place with Domino’s using the pizza chain’s Android app. Price was curious to understand more about how the app worked. Using the skills he’d developed as a consultant, he was able to access the app’s source code and watch what it did while processing his order. He was surprised to find that the app was actually handling his payment locally, on his device, as opposed to sending the information to the Domino’s server. By implementing a relatively simple hack, Price was able to circumvent the payment system by sending a signal back to the Domino’s site indicating that his order was paid for when in fact, no payment information was given.

This effectively gave Price the ability to order potentially unlimited amounts of pizza for free! Price contacted the store he’d ordered from and they confirmed that his pizza was baking and would soon be on its way. But honesty got the best of the man, and when his pizza arrived, he informed the delivery driver of the hack, and he paid in cash for the total cost of the order.

Domino’s has since closed the hole in its app that allowed for this exploit. But it did so quite some time after Price alerted the restaurant to his findings. There’s no telling how many others might’ve also discovered the hack and enjoyed free pizzas because of it.

GNC-2011-12-15 #729 Task Saturation @ 195%

Things have been busy here in a good way. I have been pulling some 19 hour days. Hopefully by Sunday things are going to cool off just a bit and I can enjoy the holidays. I hope you will stay tuned in through the Christmas break as I will be cranking out shows throughout the holiday period. We introduce a new sponsor to the show tonight details below… I talk about GoDaddy.com coming on board as out CES 2012 Official Media Sponsor and the Special Offer!

Note: I am hiring 5 writers email me geeknews@gmail.com

Support my Show Sponsor: 5 Best Godaddy Promo Codes
$0.01 GoDaddy coupon for a New domain name cjcfs3geek
$1.99 a month Economy Hosting with a free domain name. Promo Code: cjcgeek1h
$2.99 a month Managed WordPress Hosting with free Domain name. Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Subscribe Today: Audio | Video | Mobile Video | iTunes | Zune
Download the Show File

Follow me on Google+
Follow @geeknews on Twitter
Geek News Central Facebook Page
Purchase GNC gear from the Ohana Store!
Show Hotline 24/7 1-619-342-7365 or e-mail geeknews@gmail.com

Links to articles covered in this Podcast on the GNC Show Notes Page [Click Here]

Jack Ellis – Executive Producer
Mike Baine – Associate Producer

Support CES 2012 Support Staff $25, $50, $100, Your Choice

Sony Issues Statement About the PlayStation Network

playstation network

2010 and 2011 have been rough years for Sony and for PS3 owners who use the popular PlayStation Network for online gaming.  The service has come under attack, and been taken down, on more than one occasion, and for extended time periods.  The latest attack began to hit the news yesterday, when it was learned that the service was again under attack.

Reports have ranged from DDOS attack to user account hacking, but earlier today Sony finally set the record straight about what is going on, how extensive the attack is, and what steps they are taking fix the problem.

According to Sony, the attack spanned three of their networks – the PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment.  A total of approximately 93,000 users have been affected, and those accounts have now been locked by Sony.  It appears to have been a hacking attack – the perpetrators attempted to gain log-in access to accounts, and succeeded on 93,000 of them, which is actually a relatively small percentage.  At this time, Sony says that those users’ credit card data is still safe.

If you have a PSN account, even if you don’t think you were affected, I would still recommend changing your password.  Use a long password that incorporates letters, numbers, and symbols.  Although, Sony says credit information wasn’t gained, it would still be prudent to monitor you account closely and report anything that seems suspicious.

Below is full text of Sony’s announcement.

“12 October 2011

Tokyo, October 12 – Sony Network Entertainment International LLC and Sony Online Entertainment (SOE) have detected a large amount of unauthorized sign-in attempts on PlayStation®Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) services. We discovered these attempts and have taken steps to mitigate the activity.

Less than one tenth of one percent of our PSN, SEN and SOE consumers may have been affected. There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.

Credit card numbers associated with these accounts are not at risk as a result of these unauthorized attempts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are continuing to investigate the extent of unauthorized activity on any of these accounts.

These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or sources. These were unauthorized attempts to verify valid user accounts on our services using very large sets of sign-in IDs and passwords. Between October 7 – 10 US Pacific Daylight Time, we confirmed that these were unauthorized attempts, and took steps to thwart this activity.

For the latest updates please visit http://blog.eu.playstation.com/

GNC-2010-11-08 #625 Back in the Saddle

Feels good to be back in the full swing of the show. I am having a great trip here in Albuquerque and really enjoying myself, will be doing an Ohana meet up this coming Friday. If you want to come out to dinner and your in the local area drop me an email so I can pass location and time.

The following Sponsors support GNC your support of them is appreciated!
GoDaddy services saves you money, check out my Promo Codes Today.
Visit gotomeeting.com, click the try it free button & use promo code: Podcast.
Infusionsoft, leader in marketing automation software for businesses see how they can help your Business..

Subscribe Today: Audio | Video | iTunes | Zune
Download the Show File

Check me out @geeknews on Twitter
Follow me on Facebook
Geek News Central Facebook Page
My YouTube Channel
Purchase GNC gear from the Ohana Store!
Live Streams Justin.tv / Ustream.TV
Show Hotline 24/7 1-619-342-7365 or e-mail geeknews@gmail.com

Listener Links:
BackScatter Body Scanner.

Show Links:
Samsung Continuum.
Evernote for Android 2.0
IOS 4.2 IiPad Update.
Ads Ads and More Ads.
Washington Post iPad App.
Blip.TV hits 100 Million Video Views Monthly.
RockMelt Social Browser.
US Gov’t Naughty List.
Toshiba SSD for Macbook Air now Available.
Pilots told to Avoid Scanner.
Bundling Software in Danger?
Google Blocks Facebook!
Windows Phone 7 Launch and 2000 Apps.
7 Facebook Unfriending rules.
Google TV Gateway Fancast.com Blocked.
Nokia Shakes up Symbian Foundation.
Free Airborne Wifi On Google.
Hacker hits UK Navy.
Verizon to Broadcast Video on LTE?
Very Dangerous IE Bug!
IE Hack Kit For Sale.
TSA ban Toner and Ink.
Creative Commons big win in Belgium.
Patent Office gets more Screwed.
Ready for Mini Big Bangs.
Hey Best Buy Get Squared away on Roku.
Can you Fly?
48 Million iPads?
Bloglines Saved.
Limewire back from the Dead.
Boxee needs Cash.
Burglary Suspect Idiot.
Cassini Flying in Safe Mode.
Shuttle Pushes for Nov 30th Launch.
Laptops as Ovens.
Avidemux Editor.
Time Warner Look Back.
Zune Insider #93.

Send in your stories to geeknews@gmail.com and be sure to provide a link to your websites!

Major WordPress Attack Underway!

If you are running an older version of WP version 2.8.3 or before you need to upgrade immediately. You risk having to re-install WordPress, this is a pretty major attack. If you host your blog at wordpress.com you are ok. This attack is reportedly growing by the hour.

Update:  Matt at WordPress and some remarks from Robert Scoble on how bad this Worm that is attacking older WordPress installs is!

Crux of this story here is you better have backups of your sites at all times!