A Lebanese hacker claims to have hacked Orange's regional website in Cote d'Ivoire (Ivory Coast) through SQL injection. The attack allegedly gave him access to the website's administration interface and information on almost 60,000 customers.Orange is the fifth largest telecom provider in the world with a presence in 166 countries and territories and an estimated 189 million subscribers. According to information on its website, Orange Cote d'Ivoire was the group's first subsidiary on the African continent and has over 4 million customers.In an e-mail to Softpedia, a self-confessed grey hat hacker going by the name o... [read more >>] Security researchers warn that searching for information about the rumored death of famous comedian and actor Bill Cosby has a high chance of leading to scareware. Fake CNN news report sites were artificially promoted to the top of the search results.A false rumor that Bill Cosby, 72, was found dead by his wife in his chair, circulated on the Internet over the weekend. The incident sent a large number of users searching for additional information on the Web, which in turn made it appealing for cyber-criminals to exploit."In what appears to be the latest example of hackers jumping on the coat-tails of a hot trending search topic, criminals h... [read more >>] The AMO (addons.mozilla.org) team has announced on its official blog that two experimental Firefox extensions were removed from the repository after they were found to be infected with malware. The add-ons had some 4,600 combined downloads.According to Mozilla, version 4.0 of Sothink Web Video Downloader was infected with Win32.LdPinch.gen, and all versions of Master Filer with Win32.Bifrose. Master Flier was removed from the repository on January 25 and had 600 downloads up to that date, while Sothink Web Video Downloader version 4.0 had around 4,000 downloads and was removed on February 2."If a user installs one of these infected add-ons,... [read more >>] A recently leaked report from Britain's national security agency, the MI5, warns UK businesses of cyber-espionage threats from China. The document describes spying techniques used by Chinese intelligence officers to obtain trade secrets.The MI5 points at the Chinese government for being one of the biggest espionage threats to the United Kingdom. "Any UK company might be at risk if it holds information, which would benefit the Chinese," the leaked report reads.According to The Sunday Times, the document is 14-page long and marked as restricted. Explicitly entitled "The Threat from Chinese Espionage," it was apparently circulated to a la... [read more >>] A group of self-declared Internet trolls, called the GNAA, has used an old but obscure attack method to wreak havoc on the Freenode IRC network. Users were forced to execute IRC commands after visiting maliciously crafted Web pages.The vulnerability leveraged in this attack dates back to 2001 and affects the HTML form implementation in browsers. Exploiting it allows attackers to send data to unusual services on behalf of users rendering their malformed HTML code within their browsers.When it was first disclosed, this cross-protocol scripting bug impacted a wide variety of services, including IMAP, SMTP, NNTP or POP3. In order to address it,... [read more >>] TechCrunch has been the victim of a cyber-attack for a second time in less than 24 hours. Following the new incident, an offensive and taunting message was left on the front page of the technology blog.It seems that someone has a personal vendetta against the world's second most popular technology blog and its founder, Michael Arrington. The attacker appears to be particularly bothered by an interstitial ad introduced by the website.This time around, only the header of the homepage was modified to add a link and a message. "So Arrington, how much did all the media coverage yesterday brought you in trough the welcome.html ad you forced ... [read more >>] The popular technology blog TechCrunch was hit by hackers yesterday evening, resulting in a downtime of several hours. The website's home page was altered to only display a link to illegal content.TechCrunch.com is a technology blog founded in 2005, which has grown to become one of the major sources of technology news on the Internet. According to Alexa, the website currently has a global traffic ranking of 373 and a 216 one in the United States.The problems began for TechCrunch at around 10:30 pm PST on Monday when unknown hackers modified its home page to only display the word "hi." The page was later changed to read "We'll be b... [read more >>] A technique used to get complete listings of files and directories from illegal installations of vBulletin has been revealed on a Romanian hacking forum. This vulnerability is generated by a file included in many cracked versions of the forum platform.vBulletin (vB) is a commercial-only Internet forum software written in PHP and using MySQL as a database backend. Since its release in 2000, the platform has gained a lot of popularity due to its unique set of features and professional support. Searching for "powered by vBulletin" on Google reveals a staggering 1.6 billion results.Most of these results correspond to legit installations made by... [read more >>] Network Solutions announced that several hundred websites hosted on its infrastructure fell victim in a mass defacement attack during the past several days. Preliminary findings suggest that a remote file inclusion technique was used to compromise several of the company's Unix servers.Network Solutions is one of the top five Internet domain name registrars, managing around 6,5 million domains as of January 2009. Apart from its successful domain registration business, the company also offers other services such as Web hosting, ecommerce or online marketing solutions. The problems began for Network Solutions last weekend when several cus... [read more >>] Suffolk County National Bank, a subsidiary of Suffolk Bancorp, announced that back in December it learned of a security breach on one of its Online Banking servers. The organization discovered that 8,378 customer credentials were stolen, but is not aware of any of them being misused to date. The intrusion occurred between November 18 and November 23, 2009, but the bank only discovered it during a December 24 security audit. 8,378 Online Banking customers were affected, amounting to less than ten percent of SCNB’s total customers. "Although the intrusion was limited in duration and scope, SCNB immediately isolated and rebuilt the comp... [read more >>] |