Latest news
The last few days have witnessed a flurry of activity and data leaks from several hacker groups.Anonymous has leaked VMware’s ESX Server kernel source code online, and the veracity of the claim has been confirmed on the company's Security and Compliance blog.
"Today, Nov. 4, 2012, our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012," they wrote. "It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate."
Then, to celebrate the 5th of November (Guy Fawkes Day), the collective purportedly released classified and confidential documents stolen from the Organization for Security and Cooperation in Europe (OSCE), in order to bring attention to the attempted election manipulation in the Ukraine.
They also allegedly hacked PayPal, and leaked around 28,000 PayPal accounts. The leak supposedly contained entries from a customer database, complete with coded passwords and telephone numbers.
The links to the leak have been removed in record time, and PayPal has issued a statement saying that they are investigating the claim, but that they are yet to find evidence of a breach.
In the meantime, hacker collective Hack The Planet has allegedly targeted Symantec and image hosting website ImageShack, and breached their servers. According to their claims, they managed to do so by exploiting a zero-day vulnerability.
The leaks from those two breaches include Symantec's file names, source code, and server information, and ImageShack's database structures and user information (including usernames and password hashes).
Finally, a number of high and low profile sites have also been hacked and defaced: NBC, Saturday Night Live, a Lady Gaga fan site (all purportedly by a hacker that goes by the handle of Pyknic), the Ghana Consulate, Arcelor Mittal, and others.
The 5th of November isn't over yet, so we can expect more defacements and leaks. The latest one by AntiSec consists of U.S. law officers credit card information, data stolen from Stratfor, News Corp., and others.
Spotlight
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
Application vulnerabilities still a top security concern
Posted on 16 May 2013. | Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ priorities and security professionals’ concerns.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
