Github accounts Hacked: Popular code repository site GitHub is warning that a number of users’ accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches. The recent widespread “mega breaches” of LinkedIn, MySpace, Tumblr, and the dating site Fling, that have dumped more than 642 Million passwords over the past month is the cause. Last issue we discussed a similar ‘Password reuse attack’, wherein Mark Zuckerberg’s Twitter and Pinterest accounts were hacked.
Acer online store hacked, a year’s worth of credit cards stolen: Acer has informed the authorities that its online store was attacked by hackers. Acer admitted that an unauthorized outside party had taken a year’s worth of full credit card data, names and addresses between mid-May 2015 and late-April this year. The company said it hasn’t found any evidence yet that passwords or logins were affected, but didn’t outright rule it out. Similar news – Canadian media giant VerticalScope admitted it had been hacked, leaking close to 45 million users’ details, including email addresses and passwords.
51 Million accounts leaked from iMesh file sharing service: A defunct peer-to-peer file sharing service called iMesh has been hacked and its data has been leaked by the same Russian hacker who was behind the massive breaches in some of the most popular social media sites including LinkedIn, MySpace, Tumblr, and VK.com. It is estimated that the breach took place in Sep’13. This can potentially result in many more ‘Password reuse attacks’, it is high time users change their online passwords and have different passwords for different accounts.
Russian Hackers Breach Democrats to steal data on Trump: Russian hackers, have compromised the networks of the Democratic National Committee (DNC), particularly targeting “opposition research” information on GOP candidate Donald Trump. The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic. Hillary Clinton was also targeted in the attack.
Insider threat – US charges Chinese ex-IBM employee with Espionage: The US federal authorities have boosted charges against a former IBM Corp. software developer in China for allegedly stealing valuable source code from his former employer in the US. The Chinese national was arrested by the FBI in December last year, when he was charged with just one count of theft of a trade secret. However, he has been charged with six counts now including three counts of economic espionage and three counts of theft of a trade secret. If convicted he could face up to 75 years in prison.
For $6, buy access to hacked Govt. server: Experts have exposed an underground trading platform that is selling access to compromised servers of governments, businesses and universities at a price starting as low as $6. Inventory offered- 70,000 servers from 173 countries. They also sell add-ons such as -software designed to launch denial-of-service and spam campaign attacks on networks, break into online or retail payment systems and illegally produce Bitcoin.
Ponemon report on Data breaches: The average cost of breaches at organizations has jumped past $4 million per incident, a 29% increase since 2013 and 5% increase since last year. The study found that average dwell time for breaches stands at 201 days, with organizations requiring another 70 days to contain breaches once they’d been identified. The cost per record lost is at $158 for unprepared organizations and $16 for the ones that are prepared. A ponemon study in Sep’15 confirmed that 3 out of 4 organizations aren’t ‘resilient’ to cyber-attacks.
North Korean hackers steal thousands of military files from S. Korea: Hackers aligned with North Korea have always been accused of attacking and targeting South Korean organizations, financial institutions, banks and media outlets. Recent reports indicate that North Korean hackers have hacked into more than 140,000 computers of at least 160 South Korean government agencies and companies, and allegedly injected malware in the systems.
Indian defense forces on alert after Chinese cyber-attack: A cyber-attack on government and commercial organizations in India by Chinese military, has raised alarm bells. An alert has been issued to the Indian Army, Navy and Air Force that a Chinese Advanced Persistent Threat (APT) group called Suckfly, is targeting Indian organizations. India’s defense establishment is its prime target. Sensitive information is exfiltrated, and this information is being used to undermine the national security and economic capabilities. India keeps a tight vigil on Pakistani hackers as well.