Developers received a letter from Apple, which stated that the architecture of the Apple Developer Center was being completely overhauled.<\/p>\n
Read more\u2026<\/a><\/p>\n \u00a0<\/p>\n All forums closed<\/b><\/p>\n Future Publishing shut down all of its editions\u2019 forums after detecting an attack aimed at PC Gamer\u2019s forums.<\/p>\n \u201cLast week on July 19, 2013 we discovered that the PC Gamer\u2019s vBulletin-powered forum had been the target of a malicious attack. Immediate action was taken to shut down the forum, which blocked the attack. We have since been thoroughly investigating the damage done and how this attack took place.<\/p>\n We have no evidence that any of the PC Gamer\u2019s users\u2019 details were stolen. However, we feel it is safest to keep the forum closed until we are satisfied that the security vulnerability in the software is fixed. Information on the progress of this will be communicated via the PCGamer site.\u201d \u2013 said the web page text<\/a>.<\/p>\n No brakes<\/b><\/p>\n Shortly before Defcon two, IT specialists (i.e. hackers) Charlie Miller and Chris Valasek showed the Forbes\u2019 editor how to disable the Ford Escape\u2019s brakes by using a laptop connected to the car\u2019s dashboard. The Ford Escape, like many other modern cars, is packed with computers and, where there are computers, there are vulnerabilities to be found.<\/p>\n Miller and Valasek managed to reverse-engineer enough of the software of the Escape and the Toyota Prius and found a lot of unpleasant surprises that can play a variety of dirty tricks: everything from annoyances like uncontrollably blasting the horn, to serious hazards like slamming on the Prius\u2019 brakes at high speeds. They sent commands from their laptops that killed power steering, spoofed the GPS and made pathological liars out of speedometers and odometers.<\/p>\n Read more\u2026<\/a><\/p>\n \u00a0<\/p>\n Down with passwords?<\/b><\/p>\n A campaign against passwords<\/a> was launched on the Internet. The initiators of the campaign demanded the IT industry develop \u201ca safe and convenient alternative\u201d to the current way of authorization, i.e. one that would not require memorizing anything.<\/p>\n Passwords are one of the weakest spots in data security. For better memorization, users often use simple combinations that are easy to hack \u2013 which has clear consequences.<\/p>\n There are alternatives to passwords, actually. But as mentioned above, passwords are familiar to most users and bad habits tend to endure, even with current offered alternatives.<\/p>\n Read more\u2026<\/a><\/p>\n \u00a0<\/p>\n There would be a reason<\/b><\/p>\n The birth of the heir to the British throne, the disaster in Spain, the nearing release of the next series of Plants vs. Zombies: all of these events have aroused a dramatic increase in the activities of malware writers and spammers\u2019 who are trying to exploit public interest. In some cases, there were Chinese detected attempts at using the newly discovered master key vulnerability in Android<\/a> (bug #9695860). Spammers and virus writers will really try to exploit any newsbreak that attracts massive interest.<\/p>\n Read more\u2026<\/a><\/p>\n \u00a0<\/p>\n 160 million credit cards<\/b><\/p>\n Five men from Russia and the Ukraine have been indicted in the U.S. for hacking into computers at NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Emerging Markets Payments, Global Payment, Diners Singapore and Ingenicard.<\/p>\n Most of the breaches began with SQL injection attacks on the victims\u2019 databases; once inside, the attackers planted backdoor malware to retain a foothold in the networks, from which they pilfered some 160 million credit card accounts, amounting to hundreds of millions of dollars in financial losses, according to the U.S. Attorney\u2019s Office in New Jersey. Three of the victim companies reported $300 million in losses.<\/p>\n The two instigators of those \u201coperations\u201d were Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia.<\/p>\n Read more\u2026<\/a><\/p>\n \u00a0<\/p>\n Battle recon<\/b><\/p>\n Praetorian Co. announced the launch of a special resource for system administrators that allows them to \u201caudit\u201d (essentially) passwords used in the corporate network. The cloud service PWAudit.com<\/a> tries to automatically crack weak passwords with the help of several different techniques.<\/p>\n Read more\u2026<\/a><\/p>\n It should be noted that Kaspersky Lab has its own product that tests the effectiveness of a password\u2019s resistance to brute force attacks (and by botnets, too) \u2013 Kaspersky Secure Password Checker.<\/a><\/p>\n \u00a0<\/p>\n BlackHat USA 2013<\/b><\/p>\n The conference BlackHat 2013 saw many enthralling reports about various incidents that occured last year, as well as serious vulnerabilities that have been detected in recent months.<\/p>\n Most people\u2019s attention was drawn to the reports on critical vulnerabilities like the master key to Android (described in our publications last week \u2013 [1<\/a>], [2<\/a>] ), and the cracking of SIM cards (details here<\/a>).<\/p>\n These attacks cracked Apple iOS by means of fake chargers<\/a>, a rated method of forming malicious botnets via banner networks<\/a> and the opportunity for attacking Smart TVs with a possible leak of personal data (if there is any stored on the device).<\/p>\n Two SCADA experts simulated a catastrophic attack<\/a> on an oil well pumping station\u2019s controllers, showing this type of attack could lead to disaster. No specific software vulnerabilities or bugs were required for this attack: it came down to a lack of security in the serial Modbus\/TCP protocol, a networking protocol that dates back to the 1970s. There is no authentication or security designed into it at all.<\/p>\n The representatives of Trend Micro discussed the incident with the well-known hacker group APT1\/Comment Crew, which iss allegedly linked to the Chinese government. For a long time those hackers tried to hack the system of a single water supply plant in the United States. Amongst doing other things, the hackers tried to steal documents and reset the pumps.<\/p>\n Although it turned out the pumping station was an intricate honeypot specifically designed for \u201clive baiting\u201d hackers. According to the Trend Micro\u2019s Kyle Wilhoit, \u201cit was 100 percent clear they knew what they were doing<\/a>.\u201d The decoy water plant was not a random target.<\/p>\n Reports on the Black Hat USA 2013<\/a><\/p>\n \u00a0<\/p>\n Tor hammered<\/b><\/p>\n By the request of U.S. law enforcement, Eric Eoin Marques was arrested in Ireland. Marques is the creator of the hosting company, Freedom House, and the encrypted communication protocol, Tor. In the U.S. he is accused of aiding and abetting in the distribution of child pornography. Immediately after the arrest, reports<\/a> surfaced about a malicious JavaScript code on websites that used the services of Tor hosting.<\/p>\n The attack was a success because of a vulnerability found in Mozilla Firefox 17, which is the operating base of the Tor Browser. The vulnerability itself was eliminated in June.<\/a><\/p>\n Either way, the future of Tor looks very hazy.<\/p>\n Read more\u2026<\/a><\/p>\n \u00a0<\/p>\n Bruteforcing WordPress<\/b><\/p>\n Unidentified attackers launched another massive attack on WordPress powered websites. A large botnet tried to bruteforce usernames and passwords. Later it became clear<\/a> that the attack was also done against Joomla and Datalife Engine, and the botnet Fort Disco consisting of about 25,000 infected computers was the organizer of the attack. The attack greatly hampered the functionality of the victimized resources without mentioning the threat, if they were successful, to the companies whose websites use these engines. If the administrator password is weak enough to yield to brute force, the attackers gain control of the entire resource to do with as they please: steal other people\u2019s personal information, change settings, embed malicious codes and so on.<\/p>\n A similar situation was observed in April 2013 when WordPress powered sites became the targets of an attack.<\/p>\n Read more\u2026<\/a><\/p>\n \u00a0<\/p>\n Ten gangs<\/b><\/p>\n At DEFCON, there was a report that stated the members of ten Russian cybercriminal gangs were the main suppliers of malicious mo software for Android, the victims of which were residents of Russia and Eastern Europe. About 60% of malware for the world\u2019s most popular mobile operating systems is written by this group, and they are behind most cases of frauds via SMS.<\/p>\n![\"2\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/11\/06015838\/2.png\")
<\/a><\/p>\n![\"3](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/11\/06015837\/3-1.png\")
<\/a><\/p>\n![\"4](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/09\/06020120\/4-1.png\")
<\/a><\/p>\n![\"5](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/10\/06020151\/5-1.png\")
<\/a><\/p>\n