Dean Pierce, a security research in Oregan, launched a site offering up 5 Bitcoin (currently worth $40,000 dollars) to crack a few hashes holding a forgotten password for 25 Bitcoin ($200,000).
If you want to try your luck go to https://crackmywallet.org/
RSA conference app had a flaw which could have released the names of over 40,000 attendees. A secure researcher discovered the flaw and worked with the RSA to quickly fix it. RSA has confirmed that only the 100+ names disclosed from the researcher were accessed in this manner.
Reported by Secureworld
Old data breaches continue to emerge in the news as Independent News & Media IT staff stated they did not understand “the specifics” about removing backup tapes and following investigation. The incident highlights the importance of being able to understand access to the corporate network and data sources, as the most troubling aspect remains that INM was unclear about who accessed their data after the investigation.
Reported by The Irish Times
In 2013 JPMorgan Chase fired an executive who was entrusted with providing the company forensics investigations for spying on his peers within the company. He gained this information through “Metropolis” which correlated employee data together to detect misuse of company property. The executive was eventually caught after suspicious new leaks were provided to the press.
Reported by American Banker
Using a four-step process Researcher Min (Spark) Zheng demonstrates his ability to chain vulnerabilities to get root access. This local escalation technique does require initial access to the device.
His exploit code and research can be found on GitHub.
The task-based service operates in over 40 cities allowing users to hand out odd jobs like dog walking, home repair, and other tasks. Defacements of the website redirected users to a site stating that they a breach occurred. These events have led the company to take down both their app and website as they began investigating with the help of law enforcement.
Reported by Fortune
Texas Health’s investigation concluded the 4000 patients’ PII (including clinical information, Social Security numbers, driver’s licenses) were at risk. Police asked the hospital to not report to the patients as an investigation continued.
Reported by Star Telegram
Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network’s platform.The scam groups facilitated a broad spectrum of shady activities, including spamming, wire fraud, account takeovers, phony tax refunds, 419 scams, denial-of-service attack-for-hire services and botnet creation tools.
Reported by Krebs On Security.