339 Million AdultFriendFinder users compromised

Friend Finder Networks, the company that operates Adultfriendfinder.com and cams.com which was affected by a breach of 3.5 million users information in May, 2015 has been breached again.

How many victims? This time 339 million users including 15 million users whose accounts were deleted but their data were still held by the company.

What type of information? Usernames, email address, date of the last visit, password, last IP address used, browser information, and VIP membership status

What happened?  LeakedSource.com speculates that the breach was carried out through the use of an exploit for a Local File inclusion vulnerability which was publicly revealed last month. Passwords were found in unencrypted format or SHA 1 hashed which are both insecure. 99% of the hashed passwords have already been cracked. The team has decided not to make this particular data set searchable by the general public for now.

What was the response?  Friend Finder Networks has not confirmed the breach but they said the Local File inclusion vulnerability which was allegedly exploited has been fixed.

Quote: “It goes without saying that systems, software and processes should be regularly reviewed as previously accepted risk levels may no longer suffice.” – David Kennerley, director of threat research at Webroot, to SC Media.


​New Zealand online dating site data leaked

Personal information including usernames, passwords, e-mail address, gender, date of birth, country of residence and photos, as well as sexual preferences of over 1.5 million online dating users were found in an unsecured MongoDB database by MacKeeper researchers accessible on the internet. The data was found to belong to a New Zealand based company that runs haveafling.mobi, haveafling.co.nz, haveanaffair.co.nz, haveanaffair.mobi, hookupdating.mobi and the mobile application “Hook Up Dating.

In response to MacKeeper’s notification to the company, they claimed that the database is mostly dummy data used to test migrating data from SQL to MongoDB. The researchers are not okay with this claim considering the massive number of accounts.

Also, a one by one analysis of a random selection of more than 300 records shared with ZDNet proves otherwise.

The company is taking the leak lightly claiming that only the researchers had accessed the data. They did not invalidate the affected passwords and only notified users to change their password because they were upgrading their system for security reasons.

Possible data breach of VoIPtalk

Voice over IP provider, VoIPtalk has warned its customers of a possible breach of their login credentials. The email notice stated that the company’s security systems discovered strange activity: “activity involving online attempts to exploit vulnerabilites in our infrastructure to obtain customer data” according to SC Magazine.

The company is threading the lane of caution to notify its customers even though there is no strong evidence of successful breach by attackers.

Project Sauron has Been Spying on Governments for 5 Years

Project Sauron, the sophisticated information exfiltration malware, has been spying on government computers and computers at major organizations for over five years.

According to Comodo, to boot, there is a very real possibility that a government-sponsored group is behind it.

Project Sauron—so-called because of the reference to Sauron, the main antagonist in J. R. R. Tolkien’s Lord of the Rings, in its source code—was first detected reportedly on an unspecified government network last September. And like the evil Tolkien nemesis, it appears to be all-seeing: It can be used to steal passwords, encryption keys, configuration files and log stores, plus it logs key strokes and opens backdoors for hackers to take control of a system or network.

“Subsequent probes revealed that the malware was present in many other networks,” researchers said, in a blog. “Project Sauron has been found in the networks of at least 30 organizations. This includes government networks and strategic ones like the networks of military, financial and telecommunications organizations. Reports say that the malware has been detected in an airline in China, an embassy in Belgium, and an unidentified organization in Sweden.”

Comodo noted that Project Sauron uses a strange executable file that claims to be a Windows password filter. Whenever a user would log on or enter a password, this executable would start up, and unlike usual malware, it appears differently on different systems/networks.

“Project Sauron is a malware that’s almost impossible to detect,” the researchers noted. “The malware doesn’t leave behind tell-tale signs like other malware would and thus it becomes rather difficult to identify other infections. The creators of Project Sauron make sure that no two infections are similar and that no two infected systems create the same software artifacts.”

Continue reading

Video-Jacking Attack: Attacker can see everything you see.

Aries Security researchers have described how you could fall victim of a video-jacking attack by docking your phone at unfamiliar charging stations.

A device that is hidden in what appears to be a charging station, worth $220 is used for the attack. A device connected to the charging station exposes virtually everything to the attacker. The attacker can see user passwords when entered, all taps and whatever the user is seeing and doing on their device.

Devices vulnerable to this attack includes several Androids, iPhones and other HDMI ready smartphones manufactured by Asus, Blackberry, HTC, LG, Samsung and ZTE.

Spyware in Vietnamese Institutions

what-is-malware-as-a-serviceCybersecurity firm, Bkav has issued a warning of a spyware lurking in the website operations of several Vietnamese institutions. The spyware, they say is the same one that recently infiltrated Vietnam Airlines as well as two airport information systems. In July, the hackers stole information of over 400,000 Vietnam Airlines members and also took over flight information and loudspeaker systems at two major airports in Vietnam.

The spyware is disguised as an anti-virus, collects passwords and enables remote control of compromised computers.