T-Mobile Czech Republic ‘suffers data leak

• Over 1.5 million customer records at T-Mobile Czech republic were stolen by one of its employees, according to local media.

• It is unknown how much of the usual name, e-mail address, account number and so on that the marketing database contained. T-Mobile Czech republic says only that it did not include location, traffic, or other "sensitive data such as passwords".

• T-Mobile claims that the perpetrator was caught when attempting to sell the database.

PayPal phishing

• The security expert and malware researcher reported A very unusual phishing attack on PayPal leveraging on JavaScript.

• The phishing is still a very profitable technique for crooks, phishers try to improve old tactic in a new fashion in order to steal victims’ information by using a hidden JavaScript redirect method to steal the data

• One of the most common suggestions to mitigate phishing attacks is to inspect the links in a mail to see if they reference to the website where you would expect them to point.

45 Million Accounts Hacked At Some Of The Biggest Car Forums

• The victim is a company called vertical scope.• Details leaked include email addresses, usernames, IP addresses

and passwords. Many of the passwords were salted and hashed with the MD5 algorithm, which is now widely regarded as insufficient.

• Lack of https encryption and the use of vulnerable older versions of the Vbulletin forum software were other weaknesses in vertical scope sites noted by ZDNet. So far, they note, the data has not appeared for sale on the dark web.

Russian Police Arrest 50 in Connection with Online Bank Account Theft

• The hackers had been stealing money from bank accounts in Russia.

• Authorities in Russia have arrested 50 people in connection with a malware scheme that stolen more than 1.7 billion roubles (US $25.4 million). The group allegedly used malware known as lurk to steal the money from bank accounts.

• Lurk in android Trojan which is very difficult to identify because it stays in the memory

Github accounts Hacked in 'Password reuse attack

• Popular code repository site Github is warning that a number of users' accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches.

• Although the initial source of the leaked credentials isn't clear, the recent widespread "mega breaches" of LinkedIn, Myspace, tumblr, and the dating site fling, that have dumped more than 642 million passwords over the past month could be the cause.

University of Calgary Pays Up in Ransomware Attack

• The university of Calgary has paid CAD $20,000 (US $15,700) to regain access to encrypted data after its systems became infected with ransomware.

• The attack affected more than 100 computers. The university paid the ransom a week after the initial infection.

• University vice-president of finances and services said the school decided to pay the ransom to "protect the quality and the nature of the information we generate at the university."

Acunetix vulnerability scanner tool website defaced by a hacker

• An unknown Croatian hacker hacked and defaced the official website of world-renowned Acunetix web vulnerability scanner (WVS) Saturday morning.

• The hacker left a deface page along with a message on the homepage of acunetix’s website stating that he did the hack for fun.

• It is to be noted that Acunetix is using wordpress platform on its site and according to a researcher’s Facebook post the wordpress version used by the firm was outdated allowing the hacker to bypass whatever security was implemented on the site.

You Acer holes! PC maker leaks payment cards in e-store hack

• Acer's insecure customer database spilled people's personal information – including full payment card numbers – into hackers' hands for more than a year.

• The pc maker has started writing to customers [pdf] warning that their personal records were siphoned off from its online store by crooks between may 12, 2015 and April 28, 2016.

• The lost data includes customer names, addresses, card numbers, and three-digit security verification codes on the backs of the cards. Acer says that no passwords or social security numbers were obtained by the thieves

Online Marketplace Offers Access to 70K Hacked Servers

• An online marketplace has been discovered hawking access to more than 70,000 hacked corporate and government servers.

• The market, called xdedic, is operated by hackers who earn a commission from eac

• The server access can be used for everything from denial-of-service attacks to the stealing of credit-card details from retail shops. Some have used compromised servers to mine bitcoins.H transaction.

GoToMyPC reset all customer passwords

• A number of users are experiencing problems during logging into GoToMyPC because citrix experts have reset account passwords after unknown hackers reportedly attacked the service.

• The advisory doesn’t include details on the attack, it only describes it a “very sophisticated password attack”.

Google pays $550,000 to people who found security holes in Android

Google paid 82 people a total of $550,000 in the last year for finding security vulnerabilities that could let hackers compromise phones, tablets, cars and other gadgets powered by the company's android software.

VK.com HACKED! 100 Million Clear Text Passwords Leaked Online

• The same hacker who previously sold data dumps from Myspace, tumblr, LinkedIn, and fling.Com, is now selling more than 100 million VK.Com records for just 1 bit coin (approx. Us$580).

• The database contains information like full names (first names and last names), email addresses, plain-text passwords, location information, phone numbers and, in some cases, secondary email addresses.

• Yes, plain-text passwords. According to peace, the passwords were already in plain text when the VK.Com was hacked. So, if the site still stores passwords in clear text today, this could be a real security risk for its users.

Resources

• http://www.securityweek.com/   • http://krebsonsecurity.com/• http://www.infosecurity-magazine.com/news/• http://www.cnet.com/topics/security/• http://www.scmagazine.com/news/archive/10652/• http://www.theregister.co.uk/security/

THANKYOU