Skype Hacked. Syrian Electronic Army Claims Responsibility

(Reuters) – The Syrian Electronic Army, an amorphous hacker collective that supports Syrian President Bashar al-Assad, claimed credit on Wednesday for hacking into the social media accounts of Internet calling service Skype.

The group also posted the contact information of Steve Ballmer, Microsoft Corp’s retiring chief executive, on its Twitter account along with the message, “You can thank Microsoft for monitoring your accounts/emails using this details. #SEA”

That message was an apparent reference to revelations last year by former National Security Agency contractor Edward Snowden that Skype, which is owned by Microsoft, was part of the NSA’s program to monitor communications through some of the biggest U.S. Internet companies.

A message posted on Skype’s official Twitter feed on Wednesday, apparently by the hacking group, read: “Don’t use Microsoft emails (hotmail, outlook), They are monitoring your accounts and selling the data to the governments. More details soon. #SEA”

Similar messages were posted on Skype’s official Facebook pages and on a blog on its website before being taken down in late afternoon. The SEA later tweeted out copies of the message “for those who missed it.”

http://www.reuters.com/article/2014/01/02/us-usa-syria-hack-idUSBREA0101X20140102

Snapchat hacked. Millions of Accounts Compromised

(CNN) — Hackers appear to have posted account info for 4.6 million users of quickie social-sharing app Snapchat, making usernames and at least partial phone numbers available for download.

The data were posted to the website SnapchatDB.info. By late Wednesday morning, that site had been suspended.

The hack was seemingly intended to urge Snapchat to tighten its security measures. The anonymous hackers said they used an exploit created by recent changes to the app, which lets users share photos or short videos that disappear after a few seconds.

“Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does,” the hackers said in a statement to technology blog TechCrunch.

http://www.cnn.com/2014/01/01/tech/social-media/snapchat-hack/index.html

Extreme Breach of Target’s Payment Processing Software Leaves 40 Million Accounts Vulnerable

Target (TGT) said a massive theft of credit and debit card data from its stores may have impacted 40 million accounts, one of the largest security breaches ever reported.

The discount retailer confirmed on Thursday that it’s aware of unauthorized access to payment card data between Nov. 27 and Dec. 15, at the start of the busiest shopping season of the year.

Target alerted authorities and financial institutions after it became aware of the breach and is partnering with a third-party forensics firm to investigate the theft, the company added.

According to a notice to customers on Target’s website, the theft targeted shoppers who made purchases using credit or debit cards in U.S. stores, not on the company’s website. The information that was stolen included customer names, card numbers, expiration dates and the CVV three-digit security code.

The industry has grappled with massive data thefts before. In 2007, T.J. Maxx and HomeGoods parent TJX (TJX) reported that thieves stole card numbers and personal data from as many as 90 million cards.

In July, federal prosecutors unveiled criminal charges related to the theft of more than 160 million card numbers from companies like J.C. Penney (JCP) and JetBlue (JBLU).

One of the latest breaches happened last year at Global Payments, an Atlanta-based payment processing company. Information from up to 1.5 million accounts was stolen.

The data breach at Target was first reported by the Krebs on Security website, which is operated by computer security expert Brian Krebs.

 

Read the rest at: http://www.foxbusiness.com/industries/2013/12/19/target-confirms-major-card-data-theft-during-thanksgiving-1487625092/

Hacking your cell phone calls, texts, browser

An increasingly popular technology for extending cell-phone coverage ranges had a major security hole that went undetected for years, through which an attacker could eavesdrop on everything a target did on their phone, according to new research released on Monday.
The research brings to light previously unknown vulnerabilities in some models of femtocells, devices that mobile network operators use to bring wireless service to low-coverage zones. The compact boxes, which are typically as small as a standard cable modem, can be deployed in hard-to-reach spots like the top of an apartment building or a home in the mountains. Femtocells are also referred to as “network extenders,” and analysts project that as many as 50 million of them will be in use by 2014.

In a demonstration for CNNMoney, researchers at iSEC Partners, who discovered the security hole, covertly recorded one of our phone conversations and played it back for us. They were also able to record our browsing history, text messages, and even view pictures we sent from one smartphone to another by hacking the network extender.

“We see everything that your phone would send to a cell phone tower: phone calls, text messages, picture messages, mobile Web surfing,” said iSEC Partners senior security consultant Tom Ritter.

ISEC discovered the security flaw a year ago and contacted the affected vendors, who quickly began working on a fix. Though iSEC focused its research on femtocells operating on Verizon’s 3G CDMA network, the company believes similar holes could exist on other network extenders.

http://money.cnn.com/2013/07/15/technology/security/femtocell-phone-hack/

 

The camera in your TV is watching you

Today’s high-end televisions are almost all equipped with “smart” PC-like features, including Internet connectivity, apps, microphones and cameras. But a recently discovered security hole in some Samsung Smart TVs shows that many of those bells and whistles aren’t ready for prime time.
The flaws in Samsung Smart TVs, which have now been patched, enabled hackers to remotely turn on the TVs’ built-in cameras without leaving any trace of it on the screen. While you’re watching TV, a hacker anywhere around the world could have been watching you. Hackers also could have easily rerouted an unsuspecting user to a malicious website to steal bank account information.

Samsung quickly fixed the problem after security researchers at iSEC Partners informed the company about the bugs. Samsung sent a software update to all affected TVs.

But the glitches speak to a larger problem of gadgets that connect to the Internet but have virtually no security to speak of.

Security cameras, lights, heating control systems and even door locks and windows are now increasingly coming with features that allow users to control them remotely. Without proper security controls, there’s little to stop hackers from invading users’ privacy, stealing personal information or spying on people.

Related story: The scariest search engine on the Internet

In the case of Samsung Smart TVs, iSEC researchers found that they could tap into the TV’s Web browser with ease, according to iSEC security analyst Josh Yavor. That gave hackers access to all the functions controlled by the browser, including the TV’s built-in camera.

“If there’s a vulnerability in any application, there’s a vulnerability in the entire TV,” said Aaron Grattafiori, also an analyst at iSEC.

Yavor and Grattafiori were also able to hack the browser in such a way that users would be sent to any website of the hacker’s choosing. While the hack would have been obvious if the website on the screen didn’t match the desired address, Yavor says there could be serious implications if a bad actor sent a user to a lookalike banking page and retrieved a user’s credentials.

http://money.cnn.com/2013/08/01/technology/security/tv-hack/

Your future home is vulnerable to cyberattacks

LAS VEGAS (CNNMoney) — If the Jetsons were real, they probably would have gotten hacked a lot.

In the classic 1960s animated sitcom, everything in the space-age family’s home was networked and could be controlled by the press of a button on a remote control.

PrintComment
That fantasy is becoming a reality. New technology allows practically everything in your home — from your door locks to your thermostat to your TV — to be controlled by an Internet-connected device like a smartphone.

Unsurprisingly, many of those cutting-edge devices are filled with holes that cyberattackers can exploit.

In a briefing at the Black Hat cybersecurity conference in Las Vegas on Wednesday, security researcher Collin Mulliner showed just how easily hackers can tap into “smart home” gadgets when they’re connected to mobile networks.

By scouring through a European database of registered devices on the mobile Internet, and with just a small amount of hacking, Mulliner was able to crack hundreds of home automation hubs, smart electric meter control units, and in-home security cameras.

Mulliner didn’t need to break out many advanced geek skills. For example, a quick Google search revealed that one brand of popular smart meter device had a default password of 1234. Since they’re typically installed by the electric company, few homeowners change it.

 http://money.cnn.com/2012/07/26/technology/home-network-cyberattack/