This is your chance to catch up on some reading in case you haven’t been online too much over the past week.
Telecoms company hacks
First of all, a lot of telecoms companies have been (allegedly) hacked. Orange has admitted that its orange.fr portal has been hacked, and that the details of 800,000 customers might have been compromised. Fortunately, passwords and financial information have not been exposed.
In Turkey, RedHack claims to have hacked the systems of Vodafone, TurkCell, and TTNET. The hacktivists have started leaking data stolen from their servers. In the meantime, the group is preparing to protest against Turkey’s recently-introduced Internet law.
The latest telecoms company hacking story comes from India. Authorities have launched an investigation into reports that Huawei has hacked state-owned company BSNL.
Bug bounty programs
HP’s Zero Day Initiative has announced Pwn2Own 2014. The organizers of the hacking contest that will take place in March at the CanSecWest 2014 conference have prepared prizes totaling over $500,000 (€370,000).
An expert from Vulnerability Lab has identified three critical vulnerabilities in the systems of Germany’s Deutsche Telekom. The security holes – an SQL Injection, a remote command execution, and an arbitrary file upload issue – have been addressed by the company.
For his contribution, the security researcher has been rewarded with €3,000 ($4,000).
Avast has doubled its bug bounty rewards. From now on, the base payment will be $400 (€294), and the maximum reward for one single submission has been raised to $10,000 (€7,350).
GitHub has paid $4,000 (€2,935) to a security researcher who had managed to combine 5 low-impact bugs into one critical exploit. This is the largest amount of money paid so far by the company as part of its recently-launched bug bounty program.
The Sochi Olympics might be all about sports, but in an age where everything relies on computers it’s not surprising that there are a few IT security stories related to the event. Experts have been warning Russians and Sochi visitors about the cyber threats they’re facing.
NBC has also warned people who want to attend the event, but they’re story has been misleading and sort of exaggerated. An IT security expert even went as far as calling it 100% fraudulent. NBC has made a statement to respond to critics.
In the meantime, the IT security expert who assisted NBC with its experiment has published a white paper with the technical details.
The Syrian Electronic Army has been busy this week. First, they defaced the French, British and Indian websites of PayPal , and at least one eBay domain. Later in the week, they breached the systems of MarkMonitor in an effort to hijack some high-profile domains, including Facebook, Google, Amazon and Yahoo.
Here are some other stories in case you’ve missed them:
New Council of Europe ransomware spotted by security researchers
DDOS attacks used by cyber terrorists to influence stock prices and disrupt exchange platforms
NIST still uses the SHA-1 algorithm to sign certificates, despite the fact that it had banned such practices
British spy unit launches DDOS attacks against Anonymous’s communication channels
XBT has paid $100,000 (€73,680) for the DDOS.com domain
Cybercriminals hijack routers to lure users to bank phishing sites
The FBI is looking for someone who can provide malware, a lot of it
Tesla Motors hires security expert