Alex Walker reports:
Funcom, makers
of The Secret World, The Longest Journey, Age of Conan and Anarchy Online,
announced earlier this morning that their forums have been compromised and user
data exposed.
In an announcement
on their website, Funcom announced that the data breach for the four games
above included encrypted passwords, user names and e-mail addresses. “Even though passwords were encrypted, these
can be cracked and should be considered compromised,” the company said.
According to the LeakedSource data breach monitoring hub,
many of the forum passwords have already been cracked. On the English forums for The Secret World
alone, more than 81,000 passwords from nearly 228,000 users had been cracked.
Read more on Kotaku.
The problem is that people re-use passwords.
Hackers Steal 25 Million Accounts From Mail.Ru Domains
… LeakedSource, a service that allows users and
businesses to check if their online accounts have been compromised, reported on
Wednesday that cybercriminals obtained roughly 25 million username and password
combinations from three different domains: cifre.mail.ru, parapa.mail.ru and
tanks.mail.ru. The affected domains host
forums for games acquired by the Mail.Ru Group over the past years.
The passwords were stored as MD5 hashes with and without
salts, which has allowed LeakedSource to easily crack millions of them. The most
common passwords appear to be 123456789, 12345678, 123456 and
1234567890.
… the many password reuse attacks detected recently by companies such
as Facebook, GitHub, Reddit and Netflix show that even older credentials can be
useful for malicious actors.
For my Computer Security students. Be prepared to discuss ways to reduce this
risk!
A press release about the financial sector that may be of
interest to some readers:
CAMPBELL, CA–(Marketwired – Aug 25, 2016) – Bitglass, the total data protection
company, today announced the availability of its Financial Services breach
report, an analysis of all breaches in the sector since 2006, with data
aggregated from public databases and government mandated disclosures. The report reveals that leaks nearly doubled
between 2014 and 2015, a growth trend on track to continue in 2016. The nation’s largest banks have all suffered
leaks at some point in the recent past. In the first half of 2016 alone, five of the
nation’s top 20 banks disclosed breaches.
The report also explores the most common causes of data
leaks in the sector. Led by lost and
stolen devices at 25.3 percent of breach events, financial services
organizations appear to struggle with data protection on managed and unmanaged
devices. While hacking accounted for a
disproportionate number of individuals affected by financial services breaches,
only one in five leaks were caused by hacking. Other breaches were the result of unintended
disclosures, malicious insiders, and lost paper records.
Key findings:- One in four breaches in the financial services sector over the last several years were due to lost or stolen devices, one in five were the result of hacking. Fourteen percent of leaks can be attributed to unintended disclosures and 13 percent to malicious insiders.
- Five of the nation’s 20 largest banks have already suffered data breaches in the first half of 2016.
- In 2015, 87 breaches were reported in the financial services sector, up from 45 in 2014. In the first half of 2016, 37 banks have already disclosed breaches.
- Over 60 organizations suffered recurring breaches in the last decade, including most major banks.
- JP Morgan Chase, the nation’s largest bank, has suffered recurring breaches since 2007. The largest breach event, the result of a cyberattack, was widely publicized in 2014 and affected an estimated 76 million U.S. households. Other breaches at JPMorgan were due to lost devices, unintended disclosures, and payment card fraud.
- Of the three major credit bureaus, the 2015 Experian leak was the largest, affecting 15 million individuals. Equifax has also disclosed several recent breaches, including unauthorized accesses earlier this year that affected hundreds of thousands of individuals.
Download the full report: bitglass.com/financial-breaches-2016
For my Ethical Hacking students.
3 Ways Your Car Can Be Hacked by Cyber Criminals
You say relaxing
I say reneging
Let’s call the whole thing off (Apologies to the Gershwins)
Relaxing Privacy Vow, WhatsApp to Share Some Data With
Facebook
When Facebook bought
the start-up WhatsApp in 2014, Jan Koum, WhatsApp’s co-founder, declared
that the deal would not affect the digital privacy of his mobile messaging
service’s millions of users.
… WhatsApp said on
Thursday that it would start disclosing the phone numbers and analytics data of
its users with Facebook. It will be the
first time the messaging service has connected people’s accounts to the social
network to share information, as Facebook tries to coordinate information
across its collection of businesses.
This is the world my Computer Security students will live
in. Still, I don’t think I’d call it a “Hackerpocalypse.”
Cybercrime damages expected to cost the world $6 trillion by
2021
Cybercrime will continue its stratospheric growth over the
next five years, according to a recent report published by Cybersecurity Ventures. (Disclaimer:
Steve Morgan is the Founder and CEO at Cybersecurity Ventures.)
While there are numerous contributors to the rise in
cybercrime -- which is expected to cost the world more than $6 trillion by
2021, up from $3 trillion in 2015 -- the most obvious predictor is a massive
expansion of the global attack surface which hackers target.
Some media estimates peg the number of internet of things
(IoT) devices to exceed 200 billion by 2020.
In a report last year, ABI
forecasted that more than 20 million connected cars will ship with built-in
software-based security technology by 2020 — and Spanish telecom provider
Telefonica states by 2020, 90 percent of cars will be online, compared with just 2
percent in 2012.
Ignore Best Practices at your peril!
A push for the less-hackable car
The auto industry now has at least a couple of “best
practices” guide for cybersecurity.
One, from the Automotive Information Sharing and Analysis
Center (Auto
ISAC), was released about a month ago, generated a flurry of stories that
highlighted the group’s exhortations to automakers to start building security
into their software from the ground up – from design through production.
Another is from Intel Security, which released a white
paper earlier this month titled "Automotive Security
Best Practices," a set of, “recommendations for building security into
the design, fabrication and operation phases of the automotive production
process,” according to McAfee blogger Lorie Wigle (McAfee was acquired by Intel
in 2011).
… In a white paper
titled "Commonalities in Vehicle Vulnerabilities," released earlier
this month, the cybersecurity firm IOActive noted the breadth of the attack
surface – data can enter vehicles through cellular radio, Bluetooth, Wifi, V2V
radio, infotainment media, companion apps and Zigbee Radio.
… The problems
have been increasingly apparent for several years now. A report from the financial advisory firm
Stout Risius Ross found that the percentage of vehicle recalls attributed to software problems
tripled between 2011 and 2015.
An interesting, but probably inevitable evolution of
hacker tech. After all, communication is
communication, no matter the technology.
Android botnet relies on Twitter for commands
… One maker of
Android malware is using Twitter to communicate with infected smartphones,
according to security firm ESET.
… The malware
routinely checks certain Twitter accounts and reads the encrypted posts to get
its operating commands.
… “It’s extremely
easy for the crooks to re-direct communications to another freshly created
account,” he said.
Frequently Controversial Commission?
David Balto reports:
The unique American right to
privacy – the Constitutional right to be “secure in their persons, houses,
papers, and effects” birthed as a direct response to the British crown’s
unfettered “general warrant” rights to search colonial homes is so fundamental today
that nary a politician will seek to question it. The same can be said for our First Amendment’s
freedom of speech and the Fifth Amendment’s guarantee of equal protection.
This is what makes so amazing how
the FCC might be thumbing its nose at all three core principles in its latest
“privacy rulemaking.” And the noting of
this came in a major broadside delivered by the most revered constitutional
scholar of the day – Harvard Law School’s Laurence Tribe.
Read more on The
Hill.
Looks like we’ll be seeing more Hulk Hogan-like lawsuits…
One of Peter Thiel's fellows created a new startup that will
fund your lawsuit
… This summer, Forbes
revealed that tech luminary Peter Thiel had secretly been backing Hulk Hogan's
lawsuit against Gawker. It was a wake-up
call that people could fund a lawsuit bent on destroying a business — and that
it's perfectly legal to do so.
A new startup, Legalist,
is looking to make money from the practice of bankrolling lawsuits. The startup plans to fund those that it
calculates has a chance to win.
… In a presentation
at Y Combinator's Demo Day on Tuesday, Shang argued that litigation funding is
poised to become an "explosive asset class." The startup has funded one lawsuit for $75,000
and expects a return of over $1 million once the case is over. That money will then be reinvested in other
lawsuits, and the process will repeat itself.
"It's a niche field that you don't really think
about," Shang said.
Unusual to say the least.
(Who knew Treasury had a Blog?)
U.S. raises concerns over European tax probe involving
American companies
The U.S. Treasury took the unusual step Wednesday of
publishing a detailed critique of the European Commission’s investigations into
alleged tax avoidance schemes by a group of U.S. firms, including Apple,
Starbucks and Amazon.
Treasury said the commission’s probes into whether U.S.
firms unfairly benefited from low corporate tax rates in Europe “undermine”
agreements on international tax law and could hurt U.S. taxpayers.
“These investigations have major implications for the
United States,” wrote Robert Stack, deputy assistant secretary for
international tax affairs at Treasury, in a blog post explaining the agency’s position.
What is this worth to the people placing political
ads?
Facebook Tags Users As Liberal, Moderate Or Conservative: How
You Can Check And How The Social Network Does It
… Facebook has
come up with a system to determine a user's political leanings, based on his or
her activity on the social network. The
labels are not hidden from users, though, as they can be checked by accessing
an account's advertising preferences on Facebook.
Once upon a time, the US led the way…
The world’s first public self-driving taxi service hits
Singapore roads today
The world’s first public trial of a self-driving car
service has officially launched in Singapore today, as U.S. autonomous car
startup NuTonomy beats Uber to the punch by
a matter of days.
I keep searching for my Dutch ancestor’s rumored deed to
everything south of the street by the wall.
(Yes, Wall Street)
The New York Public Library Digital Collections
by Sabrina
I. Pacifici on Aug 24, 2016
“Explore 693,857 items digitized from The New
York Public Library‘s collections. This
site is a living database with new materials added every day, featuring prints,
photographs, maps, manuscripts, streaming video, and more.”
No comments:
Post a Comment