14 DAY TRIAL // In case you haven’t had Internet access this week or in case you’ve been too busy to stay up-to-date with the news, here’s your chance to catch up.
Hacks
The story that made the most headlines this week is the data breach suffered by retailer giant Target. The details of around 40 million payment cards have been compromised in what’s called one of the largest data breaches of this kind.
Since a law enforcement investigation is ongoing, there are few details on how the breach occurred. However, there are two possibilities: it was either a piece of malware planted by remote attackers, or it was the work of an insider.
As Target’s CEO announced discounts and free credit protection services, experts revealed that the stolen payment card information is already being sold on the underground market in batches of 1 million cards.
The Washington Post admitted being breached once again. This is the third breach suffered by the media organization in three years. The main suspects in the latest attack are Chinese hackers.
Another hack attack targeted SealsWithClubs, the world’s largest Bitcoin poker website. The usernames and password hashes of 42,000 users have been obtained by the hackers. The passwords are encrypted, but since SHA1 has been used to do it, the cybercriminals have cracked most of them.
Bitcoin continues to make headlines as more Bitcoin-stealing malware is being discovered. In the meantime, Bitcoin investors are suspected of launching a cyberattack against the People’s Bank of China after the financial institution announced its plans to ban payment companies from working with the digital currency.
During the recent government shutdown, many employees were furloughed. However, the hackers didn’t take a vacation. Chinese cybercriminals are said to have breached the systems of the US Federal Election Commission.
Cybercrime
We’ve also had a lot of stories related to arrests and convictions. Three people suspected of helping Dread Pirate Roberts with operating the Silk Road underground marketplace have been arrested and charged. They could spend a lot of years behind bars.
In California, a group of high school students are suspected of hacking into their school’s system in order to change grades and gain access to tests. A private tutor has apparently taught them how to use a keyboard keylogger to steal login credentials. The tutor is wanted for questioning by police.
Two Polish men have been sentenced to prison in the UK for blackmail and DDOS attacks. In another part of the world, namely China, the developers of the notorious Panda Virus are once again tried, this time for running an illegal gambling website.
In Estonia, cybercriminals believed to be behind the DNSChanger malware have been acquitted by a local court. However, they might have to face justice in the United States.
An 18-year-old has been arrested in the Netherlands. He’s said to have infected thousands of computers with a RAT.
Malware
When it comes to malware, Microsoft says ZeroAccess bot herders have raised the white flag and abandoned the botnet.
ESET has revealed the existence of CryptoLocker 2.0, but experts say it’s the work of copycats. And since we’re talking about notorious pieces of malware, if you thought Stuxnet is dead, think again. Experts say there still are active infections, including in Iran.
Researchers from CERT Poland say they’ve uncovered a new botnet that appears to target both Windows and Linux machines. The threat is designed for DDOS attacks.
Russian IT security company Doctor Web has uncovered a new piece of ATM malware. What’s interesting about Trojan.Skimer.18 is the fact that it targets devices made by one of the world’s largest ATM manufacturers.
Kaspersky has uncovered another TOR-based malware, which the company has dubbed ChewBacca. Seculert researchers, on the other hand, have been investigating one of the pieces of malware used in the recent attack against PHP.net.
On Monday, Brian Krebs revealed the existence of a botnet called Advanced Power. Over 12,500 computers have already been infected with the aid of a malicious Mozilla add-on. Mozilla immediately took steps and disabled the extension.
The NSA is really desperate to show the world that surveillance is useful. During a recent interview, officials said they foiled a plan that involved destroying computers with BIOS malware. Experts say the claims are highly exaggerated.
Here are some other important stories in case you’ve missed them:
The NSA paid RSA $10 million (€7.3 million) for backdoors in encryption products
The 4.7 million leaked LinkedIn passwords printed in eight, 800-page books
Hackers target Dutch politician for anti-Islam sticker
Watch the most hilarious 2014 cyber security predictions
Full 4096-bit RSA keys can be extracted by listening to the sound made by computers