The Syrian government first sent some phishing emails mimicking to be news from the washington post to a set of random employees. The malicious link just redirected those uneducated users to a gmail account. This drive-by-download attack allowed the perpetrators to gain access to a victim’s email thus sending more messages from that trusted source. The best way to bypass this kind of attack is through user education. The Onion IT team made a wrap about
Anonymous has promised to attack a set of target in America on May, 07 2013. According to the post on pastebin, among the target there are NSA, pentagone, White house… It might be a DDOS attack.
The site of the USA department of labor has been hacked, redirecting users and distributing malicious code. The intruders were able to disable certain antivirus vendor such as Avira and Avast if installed in the target computers. To Bypass this, just keep your antivirus up to date.
Denial of service is an attack that makes inaccessible applications and services by exhausting computing resources such as CPU and memory. A nice shot on how to report such attack can be read here
The most known online library Scribd has been hacked resulting in a leakage of customers’ informations such as emails and encrypted passwords. The company believes that no payment and sales related data were compromised. They are notifying users to change their passwords
A Site is accessed by typing the URL inside a browser. The source code of most of those internet addresses is not properly written and is subjected to many holes exploit by cybercriminals. Cybercrooks often compromise a web page to install malwares that will control the attackee’s computer. Once the malware is properly installed , the hacker can either still information such as credit card numbers,Intellectual property, trade secret ,company’s secret or launch a Denial of service to prevent the authorized use of resources. I passed across the Google security Blog that gives detailed information on the meaning of hacking site and malware infection. Furthermore, the video illustrates how to use Google Master tool for running infection diagnosis on a web site.
Java has too many vulnerabilities that hackers exploit during their attack. Many software vendors urge that users disable java. I found a nice online tool that check if your browser is vulnerable to JAVA.IT is worth clicking http://java-0day.com
Evernote is an online service that provides the ability to store pictures, musics, videos and text on the internet and access those from any devices. Its users can edit their notes from anywhere. The company has acknowledged that it has suffered from a data breach. According to the statements released after the intrusion,there was no evidence that the contents stored in Evernote were accessed, payment information related to Evernote premium or Evernote Business customers were not accessed either.
Congratulations , passwords stored by Evernote are hashed and salted.
As an Incident response measure, Evernote is sending email notifications to all its customers, urging them to reset their passwords. Indeed , hackers could use those emails addresses to send unsolicited messages like spam. By enforcing the use of strong passwords, Evernote aims at reducing the attack surface of its online service. To be sure that your data is safe in a cloud based service:Do not use passwords based on dictionary words,Do not use the same passwords on multiple sites and services , never click on ”passwords reset emails” but instead go to the web page.
Social networks sites have become a potential source of information about criminals and their activities. Many private firms are tracking their employees lies using those shared environment. Security researchers have created the rapid information overlay technology (riot). The tool can gather a lot of information from websites such as Facebook, twitter and Foursquare.
Riot can give you a clue about someone’s life raising concern about privacy. Indeed pictures and location tracking posted on social network sites reveal the identity and can even help decrypting the thoughts, predict what one can do next. A video about riot can be watched here.