Twitter

1-15 May 2013 Cyber Attacks Timeline

May 23, 2013 Paolo Passeri Leave a comment

And here we are with our bi-weekly review of the main cyber attacks. This time is the turn of the first half of May.

Probably this month will be remembered for the huge cyber-heist against two Payment Processors, and affecting two banks (National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman), which suffered a massive loss of $45 million due to an endless wave of unlimited withdrawals from their ATMs.

Other relevant actions related to Cyber-criminal operations include the massive breaches against MSI Taiwan (50,000 records affected) and most of all, the Washington state Administrative Office of the Courts (up to 160,000 SSN and 1 million driver’s license numbers).

On the other hand, the hacktivists concentrated their efforts on the so-called OpUSA (7 May), even if it looks like that most of the attacks were nuisance-level. Instead, and this is a great news, after months of intense activity, the operation Ababil come to a stop.

On the cyber war front, this month reports an unedited conflict between Taiwan and Philippines.

Last but not least, even if this attack dates back to 2007, on the Cyber-Espionage front, Bloomberg has shaken this lazy month revealing the repeated attacks by the infamous Comment Crew hackers against Qinetiq, a very critical Defense contractor. The cyber threats from the Red Dragon (real or alleged) keep on scaring the western world.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 April 2013 Cyber Attacks Timeline

May 5, 2013 Paolo Passeri Leave a comment

Here’s the second part of the April cyber attacks Timeline (Part I at this link)

The most remarkable event of this period has certainly been the breach suffered by Living Social potentially exposing 50 million customers of the e-commerce website. Other illustrious victims of the month include the mobile operator DoCoMo and the online reputation firm Reputation.com.

The wake of DDoS attacks has continued even in the second part of the month: once again several U.S. banks have fallen under the blows of the Izz ad-din al-Qassam Cyber Fighters.

Like in the first half of the month, following a consolidating trend in this 2013, the Syrian Electronic Army has continued his wave of attacks against Twitter accounts (even the FIFA has been targeted). In one case, the hijacking of the Twitter account of Associated Press, the bogus tweets related to an alleged attack against the White House, the effect has crossed the boundaries of the cyber space (the Dow Jones Industrial Average fell 150 points, or about 1 percent, immediately following the tweet).

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Categories: Security, Cyber Attacks Timeline Tags: 2013, 3thicalNoob, 48 Hours, 60 Minutes, @Ag3nt47, @AP, @IranBlackHat, @KoreaCyberArmy, @LulzSecWiki, @ThisGameOver, Alfa-Bank, Ameriprise, Android, Anonymous, ANON_0x03, April, Argentina, Associated Press, BadNews, BB&T, Bitcoin, Blatter, Blockchain.info, blog.uggaustralia.com, bluebird, bluebird.pt, Bosnia Herzegovina, Brazilian Army Commission, Brian Kerbs, Capital One, CBS, cebw.org, Charles Schwab, China, CISPA, Citizens Bank, Colin Powell, Cyber Attacks, Cyberwarfare, DDoS, digid.nl, DoCoMo, docomo-usa.com, Dow Jones Industrial Average, Down Jones, Drone, Dubai International Airport, dubaiairport.com, Eric Gunnar Gisse, Facebook, Ferrari, FIFA, Gabon, Gameover, Google, Google Play, Guardian, Guccifer, HighTech Brazil HackTeam, Hostgator, Iberdrola USA, infanteria.mil.ar, Iran Black Hat Team, Iraq, Iraqi-Top, Izz ad-Din al Qassam Cyber Fighters, Izz ad-Din al-Qassam, Litecoin, Livingsocial, Lookout, M&T, Mercedes-Benz, Mґ. TяцтнЇz$ёжу, MT Gox, Netcraft, Netherlands, New York State Electric & Gas Corp, Newseasims.com, North Korea, NPR.org, Obama, oil.gov.iq, Oman, Operation Ababil, Operation Beebus, OpFuckThePolice, OpGabon, OpWestBoro, police.gov.hk, Portugal Cyber Army, Principal, Red Eye Crew, Reddit, Regions Bank, Reputation.com, SQL_Master, Syrian Electronic Army, Teavana, The Sims, Timeline, Turkish Ajan Hacker Group, Twitter, UGG, University of Zurich, uriminzokkiri.com, VideoLan, web.co.kr, Westboro Baptist Church, White House, Z0mbi3_Ma

1-15 April 2013 Cyber Attacks Timeline

May 1, 2013 Paolo Passeri Leave a comment

I know, I am a little late this month. We have just entered May and I was able to publish the first part of the Timeline of April. I will try to maintain the usual rhythm and to be more punctual for the next releases.

Anyway, the first part of April has offered many interesting port with several large scale attacks and massive breaches. The first category includes the Darkleech malware against Apache, and the gigantic brute-force attack against WordPress. The second category includes the attacks against two primary Japanese portals, the FPS War Z, Scribd, Linode, and, most of all Schnucks Markets, targeting potentially 2.4 million users.

But not only Cyber Crime in this month, even the hacktivists were quite active with their OpIsrael 2 (and its controversial damage report), the wake of attacks against North Korean web sites, and even the sixth week of DDoS attacks against the U.S. Banks carried on under the so-called Operation Ababil.

Hard times for System Administrators!

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). Read more…

Categories: Cyber Attacks Timeline, Security Tags: #Dark_BaBa, #OpLiberation, 0-Day, 2013, @LatinHackTeamR, @LulzSecPeru, @LulzSecWiki, @T3AMM3DU5A, @uriminzok, Account Hijacking, Al Mustaqbal, Alabama, Alon, American Express, Anonymous, Apache, April, avg.co.il, Azerbaijan, Bank of America, BB&T, Belgium, Bitcoin, brandweerbree.be, Bree, Brute Force, Capital One, Chase, Citizen Bank, ColdFusion, commbankuk.co.uk, Commonwealth Bank of Australia, Cyber Attacks Timeline, Darkleech, DDoS, Fire Department, First National Bank of Mercersburg, Flickr, fnbmbg.com, Gigabyte Technology, Goo, Google, google.co.ke, Harmonix, Hash, HPTH, hpth.org.uk, HSBC, HTP, Ideal, idinfo.co.il, Imgur, indiamp3.com, ING, Instawallet, Israel, Izz ad-Din al Qassam Cyber Fighters, Japan, jfuinsurance.com, JockerCracker, Johnson Fu Insurance Agency, julis.de, Junge Liberale, Kaspersky Lab, Kenya, Key Bank, Kirkwood Community College, LAPD, LatinHackTeamReborn, Lebanon, Linode, Maxney, Midwest Bank Centre, midwestbankcentre.com, mofa.gov.ps, Mtgox, Museum With No Frontiers, museumwnf.org, Netherlands, Nicolas Maduro, North Korea, OpBlackSummer, Operation Ababil, OpIsrael, OpNorthKorea, Palestine, Polo Tecnico ITIS-IPIAS Giulianova, Rafik Hariri, Regions Bank, restoringfamily.com, Road Signs, Schnucks Markets, Scribd, SQLi, standardmedia.co.ke, TEAM M3DU5A, Tunisian Cyber Army, Turkish Ajan Group, Twitter, uriminzokkiri.com, USC, War Z, Wells Fargo, Winnti, WordPress, Yahoo!

1-15 March 2013 Cyber Attacks Timeline

March 18, 2013 Paolo Passeri 2 comments

Other troubles for system administrators: March is confirming the 2013 dangerous trend with several high profile breaches against industrial, financial and governmental targets.

The first two weeks of March have begun with the breach to Evernote, and continued with (among the others) the third phase of the infamous Operation Ababil, targeting U.S. Banks and an alleged Chinese attack against the Reserve Bank of Australia.

Additional noticeable events include a wave of DDoS attacks against several Czech Republic’s targets (belonging to media, news and financial sector), a breach suffered by the NIST Vulnerability Database (unfortunately not an isolated example of the attacks against US governmental targets happened in these two weeks) and also the leak of 20,000 records from an Avast! German distributor.

Last but not least, the examined period has also confirmed the role of Twitter as the new mean to make resounding attacks against single individuals or organizations. Qatar Foundation, Saudi Aramco, and France 24 are only several of the organizations fallen victims of accounts hijacking.

Of course, these are only the main events, feel free to scroll down the list to analyze in detail what happened in these two weeks.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Once again, a special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!

Categories: Cyber Attacks Timeline, Security Tags: #OpIran, 2013, @dw_arabic, @France24_ar, @NullCrew_FTS, @observateurs, @Phr0zenM, @StateSecurityRS, @T3AMM3DU5A, aio.ir, Alladyn2, AngloAmerican, angloplatinum.co.za, angloplatinum.com, Anonymous, Anonymous Italy, Anonymous Philippines, Arnold Schwarzenegger, Ashton Kutcher, Australia, avadas.de, Avast!, Bank of America, BB&T, BCPP, Belgrade, Beyoncé, Bill Gates, Billboard, Bitcoin, BitInstant, Britney Spears, Casapounditalia.org, Ceskatelevize.cz, Chase Bank, Chevron Corporation, chevron.com, China, Colin Poweel, Colin Powell, Constantin Film, cpb.gov, csas.cz, CSOB, csob.cz, Ct24.cz, Cyber Attacks Timeline, Cypher, Czech Republic, denik.cz, Deutsche Welle, Donald Trump, Dpp.cz, drdo.gov.in, E15.cz, Equifax, eri.ir, Evernote, Experian, Facebook, Fifth Third Bank, Fio Banka, fio.cz, France 24 Arabia, France 24 observers, G.O.D., g1arng.army.pentagon.mil, Godzilla, Government, Hacker sTz, herzliyaconference.org, Hillary Clinton, HMP Isis, HSBC, Hulk Hogan, ical.ir, ict.org.il, idnes.cz, ihned.cz, India, Iran, isi.org.pk, Izz ad-Din al Qassam Cyber Fighters, Jay Z, Joe Biden, JPMorgan Chase & Co, karjera.ktu.lt, kb.cz, Kim Kardashian, Komerční Banka, ktu, lidovky.cz, majlis.ir, March, Maxney, Mel Gibson, Michelle Obama, mobilmania.cz, nationaljournal.com, natpdae.gov.bd, nespak.com.pk, Nicholas Webber, NIST, North Korea, novinky.cz, NullCrew, nvd.nist.gov, O2.cz, Oceaneering International, OpBlackSummer. Tunisian Cyber Army Al Qaida Electronic Army, Operation Ababil, Operation Green Rights, OpFuckMohammad, opm.gov, PAKbugs, Pakistan, Paris Hilton, Phr0zenMyst, PNC, Poland, Prague Stock Exchange, Pyongyang, Qatar Foundation, Raiffeisen Bank, Rasberry P, rb.cz, RBA, Reserve Bank of Australia, Robert Mueller, Sarah Palin, Saudi Aramco, seznam.cz, Soneri Bank, South Africa, South Korea, state.gov, supremecourt.gov.bd, Syrian Electronic Army, T-Mobile, T-mobile.cz, TEAM M3DU5A, th3inf1d3l, timewarnercable.com, TransUnion, Twitter, United States, US Bank, Watering Hole Attack, XSS, Zoosk, Živě.cz, Česká spořitelna

16-28 February 2013 Cyber Attacks Timeline

March 4, 2013 Paolo Passeri Leave a comment

It is time for the summary of the second half of February, two weeks of remarkable cyber attacks against high-tech giants, massive breaches and Twitter Account Hijackings.

Probably the most resounding events of this period (maybe more for the high profile of the victims than for the actual effects) are the two attacks, allegedly originating from China, (with a common root cause, the compromising of an iPhone developer forum) carried on against Apple and Microsoft.

But not only the two high-tech giants, other illustrious victims have fallen under the blows of hacktivists and cyber criminals. The list is quite long and includes Bank of America, American Express, Casio, ZenDesk, cPanel, Central Hudson Gas & Electric Corporation, etc.).

Last but not least, the unprecedented trail of Cyber attack against Twitter Profile belonging to single individuals (see Donald Trump) or Corporations (Burger King and Jeep). Maybe it is time to change the passwords…

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

A special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!

Categories: Cyber Attacks Timeline, Security Tags: #BungaBungaBoABoA, #OpLastResort, 2013, @AFPphoto, @Anon_Cental, @DFNTSC, @Hitcher____, @MexicanH, @Phr0zenM, @ThisIsGame0ver, @TN_cyberarmy, ABC, AFP, allaahuakbar.net, American Express, Anonymous, Apple, Aspen Institute, Australia, Bahamas, Bank of America, bible.org, BRBRAITT, Burger King, Cadillac, Canada, Carl Pistorius, Casio, Central Hudson Gas & Electric Corporation, China, Clearforest, cPanel, Crypt0crew, Crysys, Cyber Attacks, Cyprus, Datuk Seri Najib Tun Razak, Defacement, Der Spiegel, Donald Trump, Drone, EADS, Educause, FBI, February, fedcenter.gov, federalagents.gov, Game Over, George K. Baum & Company, H4x0r HuSsY, Hitcher, indiaresults.com, IPD, Iran, Iran's Revolutionary Guards, IRGC, Jay Leno, JEA, Jeep, Jimmy Fallon, Kaspersky Lab, Lebanon, Lil Wayne, lp.gov.lb, LulzEs, makingaustraliahappy.abc.net.au, Malaysia, Maxney, McDonald’s, MexicanH Team, Microsoft, MiniDuke, Mongolia, MVS Comunicaciones, NATO, NBC.com, OneCalais, OpBigBrother, OpBlackSummer, OpFuckMohammad, OpMyanmar, OpWilders, Oscar Pistorius, Phr0zenMyst, police.gov.mn, premiosgoya.academiadecine.com, Psyko, Rustle League, SPVM, Sri Lanka, state.gov, Syria, Syrian Electronic Army, Team Kuwaiti Hackers, TekSystems, Telecom.nz, The People, ThyssenKrupp, Timeline, TunisianCyberArmy1, Turkey, Turkish Ajan Group, Twitter, Viru$ Noir, Xtra, Yahoo!, Zendesk

After Twitter and Facebook, Apple reveals to have suffered the same Cyber Attack

February 20, 2013 Paolo Passeri 1 comment

The same sophisticated cyber attack that has targeted Facebook and Twitter has also targeted Apple, according to an exclusive revelation by Reuters. In this latest occurrence, the attackers were able to infect several Mac computers belonging to some employees of Cupertino, exploiting the same 0-Day Java vulnerability used to carry on the attacks against the two well known social networks.

Further details have emerged in the meantime: particularly noticeable is the fact that the attackers used the consolidated “watering hole” technique, compromising a well-known mobile developer forum (iphonedevsdk.com) accessed by the employees of Cupertino (and of many other high profile companies). This has raised the concern that maybe the attackers aimed to manipulate the code of smartphone apps to compromise a huge number of users. Currently the forums shows a banner inviting users to change their passwords.

Apple is working closely with the Federal Bureau of Investigation and has released an update to disable its Java SE 6. Although there is no clear evidence about the Chinese origin of the attack, unfortunately it comes out in the worst possible period: after the wave of attacks against U.S. Media, Mandiant, the firm that investigated the attack against the NYT, released a detailed report suggesting a link between the hacks against U.S. assets. and the Chinese Army.

Categories: Cyberwar, Security Tags: Apple, China, Facebook, Federal Bureau of Investigation, Mandiant, New York Times, Reuters, Twitter

1-16 February 2013 Cyber Attacks Timeline

February 18, 2013 Paolo Passeri 3 comments

Here is the summary of the Cyber Attacks Timeline for February. A month that will probably be remembered for the “sophisticated” cyber attacks to the two main social networks: Facebook and Twitter.

But the attacks against the two major social networks were not the only remarkable events of this period. Other governmental and industrial high-profile targets have fallen under the blows of (state-sponsored) cyber criminals: the list of the governmental targets is led by the U.S. Department of Energy and the Japan Ministry of Foreign Affairs, while Bit9, a primary security firm, was also targeted, leading the chart of Industrial targets.

Hacktivists have raised the bar and breached the Federal Reserve, leaking the details of 4,000 U.S. Banks executives. Similarly, the Bush family was also targeted, suffering the leak of private emails.

Even if the list is not as long as the one of January, it includes other important targets, so, scroll it down to have an idea of how fragile our data are inside the cyberspace. Also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

Categories: Cyber Attacks Timeline, Security Tags: 2013, @AnonVoldemort, @Maxn3y, @ThisIsGame0ver, @TN_cyberarmy, acjic.alabama.gov, afse.fr, Al Qaida Electronic Cyber Army, Alabama, AlienVault, Anonymous, archicubes.ens.fr, bahamasdevelopmentbank.com, bankcap.com, Bashas, bcc.lu, Bit9, Bochum, Bush, Business Wire, cats2go.co.nz, Cayman Islands, centralbnk.com, Chile, China, Computer Virus, Cryptome, Cyber Attack Timeline, D35M0ND142, DNS Hijacking, Drone, Facebook, February, Federal Reserve, Foxconn, France, Froedtert Hospital, Geo TV, Gmail, Google, gortons.com, Great Falls, Guccifer, Haaretz, haaretz.com, Hacktivism, Iran, Japan, job.sy, JokerCracker, Kaspersky Lab, KRTV, LAPD, LAPDonline.org, loophole4all.com, Los Angeles Police Department, Los Angeles Times, Maxney, mofa.go.jp, Montana, mot.gov.il, muslimnews.co.uk, Myanmar, nbbl.com.np, ncr-iran.org, Netseer, Nokia, Nuri al-Maliki, opBankUnderAttack, OPBenLadenRevange, OpEgypt, OpFuckMohammad, OpKashmir, OpMali, PAKbugs, Pakistan, Paolo Cirio, pashupatibank.com, pknic.net.pk, pmo.iq, Pympy, Pympy.com, redsalud.gov.cl, Ruhr University, RuXpIn, SaBu ~KrYoGeNiKs, Sky News Arabia, Syrian Electronic Army, Taiwan, Talk Fusion, TeaM KuWaiT HaCkErS, th3inf1d3l, thefriendlyank.com, TunisianCyberArmy1, TurkishAjan Group, Twitter, U.S. Department Of Energy, Union Count Public School, United States, USA, Uyghur, Visa, Walla!, walla.co.il, Watering Hole Attack, ZCompany Hacking Crew, Zombie

Facebook Admits to Have Been Hit By a Sophisticated Targeted Attack

February 16, 2013 Paolo Passeri 6 comments

A couple of weeks after similar revelations made by Twitter, Facebook has joined the unwelcome list of Social Networks hit by targeted attacks.

This news has shaken this quiet week end of February, as Facebook officials told to Ars Technica they discovered in January several computers belonging to mobile application developers hacked using a zero-day Java attack. According to a consolidated attack schema, the malware installed a collection of previously unseen malware.

The attack occurred within the same timeframe as the hack that hit Twitter and exposed cryptographically hashed passwords of 250,000 users, and apparently targeted other companies completely unaware of the attack, until they were notified by Facebook.

According to the information available the attack showed several interesting (and nowadays common) patterns:

The attackers used a “watering hole” attack, compromising the server of a popular mobile developer Web forum and using it to spring the zero-day Java exploit on site visitors. The attack was injected into the site’s HTML, affecting any visitor who had Java enabled in his browser, regardless of the level of patching of the machine.
The exploit was used to download malware to victims’ computers affecting both Windows and Apple computers.
As usual, I would say, Antivirus software was unable to detect the malware, neither the malware was slowed down by the fact that the machines were patched.

Facebook said it is working with FBI to investigate the attack. Only the latest example of a class of targeted sophisticated threats increasingly common and aggressive against high-profile targets including tech industries, media, and now social networks. As a matter of fact (state sponsored ?) cyber criminals are actively exploiting 0-Day vulnerabilities targeting Java (and Adobe Flash), in this 2013 that, in only two months, is proving to be dramatic for the Infosec Landscape.

Categories: Security Tags: 0-Day, Adobe Flash, Ars Technica, Facebook, Java, Malware, Twitter, Watering Hole Attack

16-31 January 2013 Cyber Attacks Timeline

February 7, 2013 Paolo Passeri 1 comment

Two Weeks Living Dangerously! I have no other words to describe this second half of January (first two weeks here) that has shown an unprecedented level of attacks! And if a good day starts with the morning, this will be a very troubled year from an information security perspective.

Not only the peaks of DDoS attacks against the US Banks have reached an unstoppable peak, but, most of all, at the end of the month details have been unveiled about a massive cyber-espionage campaign allegedly orchestrated by Chinese hackers against some major US media including The New York Times, The Wall Street Journal, The Washington Post and Bloomberg News.

A very very long list of targets this month, with some high profile victims such as the U.S. Sentencing Commission, whose web site has been hacked twice and turned into an Asteroid game, but also Renault Argentina that suffered 37,000 accounts leaked.

To summarize this month is really impossible, you just have to scroll down the timeline to realize the hacking spree in this January 2013.

If this trend continues, I will have to decrease the frequency of publication…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

Categories: Cyber Attacks Timeline, Security Tags: #FuckTheSystem, #OpLastResort, #OpLeak, #opphillippine, #OpScientology, #TeamGhostShell, 2013, @AnonSquadNo035, @AnonymousMexi, @DarkWebGoons, @irBreShiE, @LulzSecNeuron, @nrtnz, @RexMundi_Anon, @TheLulzWarrior, @TheNeoGod, @ThisIsGameOver, @TN_cyberarmy, @XTnR3v0LT, Aaron Swartz, Africa, Anonymous, Anonymous Mexico, AnonymousSquadNo.035, Argentina, Asteroids, Australia, Azerbaijan, ℕrtn___z, babycareadvice.com, Bank of America, Bank Of The West, bankcapitalinventory.com, BB&T, BBVA, Bloomberg News, Bloomberg Television, BreShiE, Britam Defence, britamdefence.com, buyway.be, cabinet.gov.eg, caci.dz, Canada, Capital One, cci.fr, China, Citibank, Citizens Bank, Comerica, construction.com, Cyber Attacks, Cyber Attacks Timeline, D35M0ND142, Davy Jones, Denial-of-service attack, Digicel Jamaica, dmx.gov.az, DNS Poisoning, Egypt, egyptiancabinet.gov.eg, Egyptological, eportal.adu.ac.ae, eproc.dor.gov.np, ESA, ezycoupons.co.nz, Fédération des Mutuelles de France, Fifth Third Bank, First Citizens Bank, First United Church, Game Over, GhostShell, Github, gorele.gen.tr, Gray Lady, handsontheland.org, Harris Bank, Harvard, Huntington Bank, Ic3.gov, ied.edu.hk, indec.gov.ar, Indonesia, IonCuber, Iran, Izz ad-Din al Qassam Cyber Fighters, January, JAsIrX, JokerCracker, Key Bank, Ladysmith, library.seas.harvard.edu, M&T Bank, Man-In-The-Middle, McGraw-Hill Construction, Mexico, Michigan, Microsoft, miep.uscourts.gov, MIT, mobilephonetrace.com, moiegypt.gov.eg, moinfo.gov.eg, mutuelles-de-france.fr, Nepal, New York Times, NIC.lk, NIC.tm, NullCrew, OfficialNull, OpEgypt, Operation Ababil 2, Operation Last Resort, OperationEgypt, OpMali, partitodemocraticotrentino.it, Patelco, People’s United Bank, Philippine, PNC, ProjectSunRise, Proximus Security, Regions Financial Corporation, Renault, Reporters Without Borders, Rex Mundi, sasonline.com.ph, Scientology, sedena.gob.mx, Sony, Sony Music, sonymusic.com.mx, Spam, SQL Injection, SQLi, Sri Lanka, Stethoscope.com, sulu.gov.ph, Synovus Bank, tbnnetworks.org, th3inf1d3l, Timeline, TNB, Trinity Broadcasting Network, Tunisian Cyber Army, Turkmenistan, Twitter, U.S. Sentencing Commission, UMB Financial Corporation, Umpqua Bank, UN.org, Union Bank, United Nations, United States, United States Sentencing Commission, University Federal Credit Union, University of New South Wales, University of Western Sidney, University Of Wisconsin, UNSW, usatechguide.org, ussc.gov, Wall Street Journal, Wasatchit Software, Washington Post, Watering Hole Attack, Wells Fargo, Wildan Yani Ashari, Wilton Brands LLC, wisc.edu, XL3gi0n, Xl3gi0n hackers, Zions Bank

The Party Is Not Over! 250,000 Twitter accounts compromised!

February 2, 2013 Paolo Passeri 6 comments

The Information Security Community is still commenting the Cyber Attacks against U.S. media companies and here it is another clamorous news in this February Weekend!

On the wake of the admissions made by The New York Times and The Wall Street Journal, Twitter has revelaed in a blog post, to have detected, over the last week, unusual access patterns that led to identify unauthorized access attempts to some user data. They even discovered, and were able to shut down, one live attack, but their effort did not prevent the attackers to access user information for 250,000 users. The compromised data for the affected users includes : usernames, email addresses, session tokens and encrypted/salted passwords.

As a precautionary security measure, the social network has reset the passwords and revoked the session tokens for the affected accounts. The impacted users would have received (or will soon receive) an email, notifying them to create a new password.

This is not the first time that a primary social network is hacked: on June 2012 LinkedIn had 6.5 million accounts compromised.

The problem is that our online experience is getting harder and harder: counting (and immediately patching) all the exploitable 0-day vulnerabilities of the browsers and their components is getting harder and harder (see the Java saga for example), and apparently even protection technologies are not so useful…

Categories: Security Tags: Hack, Java, LinkedIn, New York Times, Password, Twitter, Wall Street Journal

Older Entries

About these ads

May 2013
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

1-15 May 2013 Cyber Attacks Timeline hackmageddon.com/2013/05/23/1-1… #Infosec - 2 days ago
Apparently someone flags the Cisco Website as malicious... virustotal.com/en/url/fb74e6d… - 2 days ago
RT @marco_cova: IE8 0-day exploit (CVE-2013-1347) analyzed on Wepawet: bit.ly/13IZs2E - 4 days ago
RT @jc_vazquez: Vista Equity Partners to Buy Websense #News #InfoSec on.wsj.com/13BfWaw via @WSJ - 5 days ago
Pentagon OKs Androids, BlackBerrys for soldiers nakedsecurity.sophos.com/2013/05/07/pen… - 6 days ago
April 2013 Cyber Attacks Statistics wp.me/p14J6X-2oX - 1 week ago
RT @LastlineLabs: Marco Cova from Lastline talking about hacktivism on Italian TV ow.ly/l8Az6 - 1 week ago
RT @lastlineinc: Malware can make itself invisible: in the case of RSA security's breach, malware went undetected for 1/2 year http://t.co/… - 1 week ago
RT @gianlucaSB: SMS-based command and control protocols are here ow.ly/l47Ye - 1 week ago
Skype with care Microsoft is reading everything you write h-online.com/security/news/… - 1 week ago

Follow @paulsparrows

Hackmageddon.com

Archive

1-15 May 2013 Cyber Attacks Timeline

Read more…

16-30 April 2013 Cyber Attacks Timeline

1-15 April 2013 Cyber Attacks Timeline

1-15 March 2013 Cyber Attacks Timeline

16-28 February 2013 Cyber Attacks Timeline

After Twitter and Facebook, Apple reveals to have suffered the same Cyber Attack

1-16 February 2013 Cyber Attacks Timeline

Facebook Admits to Have Been Hit By a Sophisticated Targeted Attack

16-31 January 2013 Cyber Attacks Timeline

The Party Is Not Over! 250,000 Twitter accounts compromised!

About The Author

Stats

Support My Work!

Share:

Stay Tuned!

Interesting Links

News

About This Blog

Calendar

Archive

Tag

Recent Posts

Top Posts & Pages

Visitors from…

Twitter

Follow “Hackmageddon.com”

Archive

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

About The Author

Stats

Support My Work!

Share:

Stay Tuned!

Interesting Links

News

About This Blog

Calendar

Archive

Tag

Recent Posts

Top Posts & Pages

Visitors from…

Follow “Hackmageddon.com”