The year has just started and we’ve already had several interesting information security stories. Here’s your chance to catch up on some reading in case you haven’t been online much over the past week.
The malvertising attack against Yahoo has made a lot of headlines. Around 2.5 million users from Europe might have had their computers infected with one of five types of malware after cybercriminals compromised the company’s ad service.
As far as hacktivist attacks are concerned, Anonymous hackers have breached and defaced MIT’s website once again. The attack has been launched exactly one year after the activist Aaron Swartz committed suicide.
Pakistani hacker H4x0r HuSsY breached and defaced the official forum of openSUSE. The attack is interesting because the attacker claims to have leveraged a vBulletin zero-day to hack the website. However, vBulletin has not made any comments on the topic.
RedHack has started the year with a bang. The group has targeted Turkey’s Parliament, the Turkish State Railways (TCDD), the Turkish State Railways (TCDD) and the Justice and Development Party (AKP).
Another interesting hacktivism-related story is the one regarding LulzSec. It appears Sabu wasn’t the only member of the group who secretly collaborated with the FBI.
Izz ad-Din al-Qassam Cyber Fighters have been quiet over the past months. However, there’s a new group that reminds us of them. This week, the Islamic Cyber Resistance Group claimed to have breached the systems of the Israel Airports Authority (IAA).
Experts say they’re claims are false and that the group is only a front for Iran’s psychological warfare. It’s worth noting that many believe the al-Qassam Cyber Fighters are also representing Iran.
The Google, Yahoo, Amazon and Twitter domains for Tajikistan have been defaced. Well, not really. An Iranian hacker has breached the systems of the country’s registrar and altered the DNS records for the domains to redirect their visitors to a defacement page.
The hacker Guccifer is back with a long list of high-profile victims, including officials and celebrities. He’s confident that he will not get caught, despite having nightmares about it. However, Romanian spies are confident that he will get caught, some day.
It’s also worth noting that DNS amplification attacks are no longer “cool.” Cybercriminals have turned to operations that abuse the Network Time Protocol (NTP).
Target continues to investigate the data breach it suffered last year. According to the latest statement from the company, the hackers stole the personal details of up to 70 million people.
The RSA Conference is becoming more and more controversial. A total of eight experts have cancelled their engagements and, on Friday, we learned that even OWASP canceled a training class and a co-marketing agreement.
New information has become available in the Silk Road case. Two of the three individuals arrested for their connection to Silk Road and Silk Road 2 have been released on bail. They are Andrew Michael Jones, arrested in the US, and Gary Davis, detained in Ireland.
In related news, Commtouch has changed its name to CYREN, but the company says the move is more than just a name change.
Here are some other stories worth reading, in case you’ve missed them:
Syrian Electronic Army claims to have hijacked the Xbox Twitter account
At least 22,000 machines still infected with Flashback Mac malware
US senator wants more prison time for hacking attempts and conspiracy to hack
Mandiant and FireEye a match made in heaven? Not everyone thinks so
40 iOS banking apps from the world’s top 60 banks put to the test
LinkedIn is suing cybercriminals responsible for creating fake accounts
Bruce Schneier joins Co3 Systems