Hey Guys and Ghouls. Happy Halloween!
Apologies for no news post last week but it was a slow week so I just decided to include those in this weeks post instead. Enjoy!
- To start off the news for the week, an arrest of a hacker who stole and provided military personnel data to ISIL/ISIS in Malaysia. Ardit Ferizi hacked into a U.S based hosting company in order to steal data on around 1300 government employees. He is facing extradition to the U.S, and up to 35 years in prison if convicted.
- Read More @ http://thehackernews.com/2015/10/isis-hacker.html
- So this is interesting. Facebook will apparently notify users if they suspect that they are under a nation state sponsored targeted attack. Or rather, if their algorithm deems it to be so, users will receive a notification on their phone informing them of the attack. Not really sure what to make of this one to be honest, it’s good I suppose to have some sort of a warning system.
- Read More @ tech.slashdot.org/story/15/10/19/1417256/facebook-notifies-users-of-potential-nation-state-attacks?
- Next, another week, another breach. This time the victim is a UK ISP TalkTalk. Data of about 4 million customers is affected. Account data as well as payment card data is affected.
- Read More @ https://nakedsecurity.sophos.com/2015/10/23/talktalk-suffers-major-data-breach-affecting-up-to-4-million-customers/
- Following up the TalkTalk story there is follow up news on an arrest of a 15 year old boy who is suspected to be behind the attack on the ISP.
- Read More @ http://thehackernews.com/2015/10/talktalk-hacker-arrested.html
- A report from TrendMicro has discovered that the APT campaign “PawnStorm” has been targeting the investigation team for the MH17 flight crash. Fake VPN and SFTP servers were set up in an attempt to phish credentials from the employees involved in the investigation.
- Read More @ http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-targets-mh17-investigation-team/
- Next, another breach, of the biggest free hosting company “000Webhost” has resulted in compromise of 13.5 million passwords. Other personal information like e-mails,last name, and IP addresses were also affected.
- Read More @ http://thehackernews.com/2015/10/free-web-hosting-hacking.html
- Lastly, a new Symantec findings has discovered an attack targeting MYSQL servers and compromising them with the “Chickdos” malware, in order to utilize the compromised servers in DDoS attacks on other targets. Interesting read.
- Read More @ http://www.symantec.com/connect/blogs/mysql-servers-hijacked-malware-perform-ddos-attacks