Vulnerabilities and attacks

New Trojan attempts SMS fraud on OS X users

The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud.

The new malware is a Trojan horse, dubbed "Trojan.SMSSend.3666," and is part of a family of Trojan malware for Windows and other platforms that have affected Windows users for years.

As with all Trojans, these pose as legitimate programs that are made available for download from a number of underground Web sites, with this current one for OS X appearing to be an installer for a program called VKMusic 4, a utility whose … Read more

GhostShell claims breach of 1.6M accounts at FBI, NASA, and more

Team GhostShell, the hacktivist collective, said today that it has stolen accounts from a large number of government agencies, contractors, and security firms, posting information from 1.6 million accounts online.

Dubbed Project White Fox, the hacking project appears to have affected NASA, the FBI, the Pentagon, and Interpol, among many others. The hackers announced their work in a file posted on Pastebin.

Our colleagues at ZDNet report:

The file dump, upon closer inspection, seems to include a number of records obtained via SQL injection. A random selection of the files contain email and home addresses, defense material tests and … Read more

Hackers steal customer info from insurance provider Nationwide

Hackers broke into insurance company Nationwide's network in early October, stealing the personal information of more than a million customers across the country, the insurance company recently revealed.

The company said the compromised information included people's names and a combination of Social Security numbers, driver's license numbers, their date of birth, and possibly marital status, gender, and occupation, as well as the names and addresses of employers. Nationwide said it had no evidence that any medical information or credit card account data was stolen.

"We discovered the attack that day, and took immediate steps to contain … Read more

New Mac malware uses OS X launch services

Security company Intego is reporting the discovery of a new malware package for OS X. The package is a Trojan horse called OSX/Dockster.A, that appears to have keylogging features to record what is being typed on an infected system in addition to remote-access features for backdoor access into the system. When installed, the Trojan attempts to contact the server "itsec.eicp.net," likely to receive instructions for allowing remote access to the system.

As with other recent malware for OS X, Dockster is a Java-based threat that will not run unless you have Java installed on … Read more

Massive worm hits Tumblr, spams big blogs like USA Today

A massive bug swept Tumblr today and infected some of the biggest blogs -- including USA Today, Reuters, The Verge, and CNET -- until Tumblr resolved the issue shortly before 10:30 a.m. PT.

GNAA, a hacker group, claimed responsibility for the attack. The group's Twitter profile earlier today said 8,600 unique Tumblr users were affected.

Tumblr didn't explain what happened but said in a blog post that no accounts were compromised, and users didn't need to take any further action.

"Our sincere apologies for the inconvenience," the company said. "As always, … Read more

Former spy chief says U.S. has had its cyber '9/11 warning'

The United States faces "the cyber equivalent of the World Trade Center attack" unless urgent action is taken, a former U.S. intelligence chief warns.

John "Mike" McConnell, who served as director of the National Security Agency under President Clinton and then as director of national intelligence under George W. Bush and President Obama, told the Financial Times (subscription required) that such an attack would cripple the nation's banking system, power grid, and other essential infrastructure.

"We have had our 9/11 warning. Are we going to wait for the cyber equivalent of the … Read more

Anonymous declares war on Syrian government Web sites

Concluding that the Syrian government was responsible for the country's Internet blackout, the online hacktivist group Anonymous has announced a campaign against Syrian government Web sites hosted outside the country.

The Middle Eastern country began experiencing an Internet outage earlier today, and many people on Twitter reported that phone lines are down as well. All 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet, according to Renesys, which operates a real-time grid that continuously monitors Internet routing data.

Anonymous said it had conducted an "exhaustive analysis" of the blackout … Read more

Some Samsung printers vulnerable to hackers

Owners of certain Samsung printers may find their devices a target for hackers.

Samsung printers and some Dell printers made by Samsung have a hardcoded account that someone could use to control and access information on the devices, according to US-CERT (United States Computer Emergency Readiness Team).

As described by the security team, these printers contain a hardcoded SNMP (Simple Network Management Protocol) string that has full read/write access and stays active even if the network protocol is disabled by the user.

"A remote, unauthenticated attacker could access an affected device with administrative privileges," US-CERT said. "… Read more

Hackers steal and publish e-mails from U.N. nuclear agency

Hackers have made their way into one of the servers of the United Nation's International Atomic Energy Agency, according to Reuters. The agency confirmed that the hackers stole information and published it online.

"The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago," agency spokesperson Gill Tudor told Reuters. "The IAEA's technical and security teams are continuing to analyze the situation and do everything possible to help ensure that no further information is vulnerable."

A group that calls itself "Parastoo" claimed responsibility … Read more