The cyberspace isn’t going to run out of surprises for us; not back then, not now, not ever. Here’s SiliconANGLE’s cybersecurity roundup for the week.
Twitter and 55,000 Usernames Leaked
First among our myriad of stories, Twitter is dealing with one of its major blows with 55,000 Twitter usernames and passwords leaked to Pastebin. Who did it is yet to be identified but the story first broke out in a blog called AirDemon.net. So large, it took five Pastebin posts to cover the width and breadth of the data leak.
Twitter looked into the matter and found out that 20,000 of the compromised accounts were duplicates, spam accounts, and a mastermix of random credentials. It appears that Twitter may have not been hacked and blamed some spambot network for the incident
“The Unknowns” Unknown Hacker Group Hits NASA
Moving on, another hacker group has emerged in the internet space and they call themselves “The Unknown”. They’ve been targeting high profile entities including NASA, the US Air Force, French Ministry of Defense, the European Space Agency, the Bahrain Ministry of Defense, the Thai Royal Navy, and Harvard University’s School of Public Health. But unlike LulzSec and Anonymous which are operating as hacktivists, they appear to be white hat hackers whose intentions are dominantly altruistic.
Here’s a message from the group: “Victims, we have released some of your documents and data. We probably harmed you a bit but that’s not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the vulnerabilities [sic] we found will be patched and that’s what we’re actually looking for. We’re ready to give you full info on how we penetrated threw your databases and we’re ready to do this any time so just contact us, we will be looking forward for this.”
Android Malware: Growing Teeth
In the mobile arena, Android gets its first malware that perils corporate networks. Dubbed as “NotCompatible”, the malware was identified by Lookout Mobile Security and it hides under the veil of a system update. It can gain access to private networks by using compromised devices as TCP relays/proxys. This infiltration method is known as drive-by download which downloads and inadvertently installs itself on a computer. This poses great threat to BYOD work places.
Vulnerabilities and Patches from Microsoft, Apple, Adobe
Meanwhile, Microsoft had been all about light releases lately but its bulletin MS12-034 is a combo breaker as it tackled a significant number of vulnerabilities on Windows OS, MS Office, Siverlight and .NET Framework. Among these vulnerabilities, they managed to fix Win32k TrueType Font (TTF) which was used by the DUQU malware in November 2011. Microsoft successfully fixed Hotmail accounts hacking concerns as well.
Oracle also released a security alert. It addresses TNS Listener vulnerability which infected a number of Oracle Database Servers. The company recommended its customer to apply the said recommended workarounds. We also have Adobe addressing a precarious susceptibility in Flash Players. The glitch was exclusive for Windows platforms and was spread via email with malicious attachments.
Mac is dealing with its own susceptibilities as well. A certain Flashback gang raked in $10,000 a day in Google advertising dollars by redirecting clicks from infected Mac OS X machines. The Macs compromised peaked at 700,000.
From Symantec’s blog: “We can clearly see a value of 0.8 cents for the click and the redirection… This redirected URL is subsequently written into the browser so that the user is now directed to the new site, in effect hijacking the ad click Google should have received.”
MMO Video Game Developer Cryptic Studios Hacked in 2010?
While most hacks have been recent, Cryptic Studios just revealed a hacking incident that took place a year and a half ago in 2010. They don’t have any definite proof about how much the intruder have access to the accounts but warned that they may have gotten their hands on “first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site.”
Social meets Security with Trendmicro-Facebook Partnership
Apart from hacking, we have new security initiatives taking place. Facebook recently partnered with Trend Micro to protect its over 900 million users against a huge array of threats being the world’s largest social media network.
But not all initiatives are thought to be good and easily accepted by the mass. CISPA, for example, has garnered itself a great deal of adversaries but still managed to pass the US House of Representatives after a hearing that took a day. The voting was originally decided to take place tomorrow but they pushed it today anyway and got 248 to 168 votes in favor of CISPA.