Apple has addressed a major security vulnerability with the latest version of its iOS software. Just released on Thursday afternoon, iOS 5.0.1 was welcomed with open arms by iPhone users plagued by poor battery life. Apple promised that this new build addresses issues causing the lackluster battery performance — though its effectiveness remains in question — and it also addresses a much more serious problem. Security expert Charlie Miller revealed a major security flaw in iOS last week that allowed developers to sneak malicious apps past Apple’s App Store review process. Once installed by an end user, a hacker was able to use the vulnerability to steal data or perform any number of other unauthorized functions. IOS 5.0.1 addresses the vulnerability, Forbes reports, preventing apps from receiving malicious payloads. Apple credits Miller with having discovered the bug — he reported it to Apple nearly a month before going public — though the company has yet to restore his developer account, having banned him from its developer program after he planted an app in the App Store in order to demonstrate the vulnerability. More →
A security expert at Italian security firm AIR Sicurezza Informatica claims to have found a security flaw in Google’s new social network that allows hackers to potentially use Google+ servers to execute DDoS attacks. Simone Quatrini explained the flaw on the IHTeam Security Blog, and he wrote a script that can perform the attack, repeatedly prompting Google’s server to send requests to the target site. DDoS attacks, or distributed denial-of-service attacks, flood a web server with requests in an effort to prevent it from functioning. Such attacks require appropriate resources and bandwidth to execute, and Google servers would obviously have more than enough of these resources to launch a significant attack. More →
Hacker groups like Anonymous and LulzSec capture the bulk of mainstream media’s attention when it comes to hackers these days, but it looks like the Iranian government may have recently pulled off an attack that trumps both hacker groups and then some. According to reports, Iranian hackers with ties to the government have managed to executive an MITM attack that compromises Google’s SSL security. An MITM attack, or Man-In-The-Middle attack, is a cyberattack that allows an attacker to covertly intercept or even modify data as it is being transmitted between two computers over the Internet. Using a certificate issued on July 10th by Dutch SSL certificate authority DigiNotar, Iranian hackers have reportedly been able to spy on communications sent via Gmail and other Google services for more than five weeks. DigiNotar revoked the compromised SSL certificate on Monday, however most browsers do not check to see if a certificate has been revoked by default. As such, Mozilla has already released an update to Firefox and Thunderbird that revokes trust for the DigiNotar certificate, and Google said it will soon release a similar update for Chrome. Apple and Microsoft have yet to address the matter publicly or state if and when we can expect updates to Safari or Internet Explorer. More →
BGR has provided extensive coverage of an ongoing saga that has seen numerous digital properties belonging to Sony fall under attack. To date, personal information belonging to well over 100 million Sony customers has been compromised, and nearly 13 million credit card numbers have been stolen. For IT professionals or other tech enthusiasts with weak stomachs, we can understand if reading one story after another about Sony’s security woes might make you a bit queasy. As such, a new site launched recently that has you covered. Hassonybeenhackedthisweek.com answers a single question for those who simply want to cut to the chase: Has Sony been hacked this week? The answer right now, by the way, is “yes.” More →
The list of hacked Sony properties continues to grow as Sony Music Brazil finds its website the latest victim in a long line of breaches. The company’s website was the target of a cyberattack on Saturday night and nearly 36 hours later, the site is still offline. Initially, the hackers defaced the site with a single page titled “Hacked The UnderTaker,” which apparently contained nicknames of several people responsible for the attack. More than 12 hours later, the website was finally taken offline. Sony Music Brazil has not commented on the breach and it is unclear if any private data was exposed. More →
A small group of hackers calling themselves LulzSec on Thursday claimed to have breached a Sony website and gained access to personal information belonging to over 1 million Sony customers. The group posted a statement claiming it did not have the resources to download the massive database tied to SonyPictures.com, but it provided samples of the data accessed in order to prove the breach was real. The Associated Press contacted several of the purported victims using phone numbers posted by LulzSec, and it was able to confirm with multiple victims that the data, which included account passwords, was authentic and accurate. Sony has not yet confirmed the breach, though a company spokesperson did say Sony is currently investigating the claims. This new breach is the latest in a string of hacks on various Sony networks that have compromised personal data belonging to over 100 million Sony customers. More →
Sony on Tuesday stated that services associated with its PlayStation Network will be fully restored by the end of this week in all regions outside Japan, Hong Kong, and South Korea. Sony also said it would fully restore the Music Unlimited services tied to its Qriocity streaming music offering for the PlayStation 3, PSP and PCs. “We have been conducting additional testing and further security verification of our commerce functions in order to bring the PlayStation Network completely back online so that our fans can again enjoy the first class entertainment experience they have come to love,” said Kazuo Hirai, Sony’s Executive Deputy President, in a statement. “We appreciate the patience and support shown during this time.” Sony recently suffered a series of cyberattacks across various networks that exposed personal data belonging to over 100 million of the company’s customers. Sony is currently working with the FBI to identify the parties responsible for breaching its various digital networks. Hit the break for Sony’s full press release. More →
Sony continues to be targeted in a series of cyberattacks that have resulted in the theft of personal information belonging to over 100 million Sony customers. Following breaches of the company’s PlayStation Network, Sony Online Entertainment, So-net Entertainment and most recently, the Sony’s Greek website, hackers have breached a database associated with Sony Ericsson’s Canadian online shop. Personal data including names, email addresses and passwords belonging to more than 2,000 customers was compromised, but Sony said no credit card numbers were stolen. A Lebanese hacking group called Idahca claimed responsibility for the attack, and it said the information obtained has been leaked on Facebook and Twitter. It is unclear if this latest attack is tied in any way to previous attacks on Sony’s various digital properties. More →
Sony’s ongoing battle with cyberattacks has already left the personal data of over 100 million customers exposed, and now the company has fallen victim to yet another attack. Details are slim for the time being, but Reuters cites a report from Jiji news service in stating that roughly 8,500 people across three countries have been affected by this latest breach. Their personal information has been leaked as a result of an attack on Sony’s Greek website on Tuesday, though it is unclear exactly what data the hackers gained access to. Sony has not yet confirmed the attacks, but its Greek website, sony.gr, was back online at the time of this writing. More →
In its response to a congressional inquiry over recent cyberattacks aimed at several of Sony’s online networks, the company on Wednesday claimed it possessed evidence of hacker activist group Anonymous’ involvement. Sony did state, however, that it could not be certain if Anonymous knowingly carried out Denial of Service attacks in order to facilitate the theft of customer data, or if the group was merely an unwitting pawn in a scheme carried out by more malicious attackers. Anonymous on Wednesday issued a press release denying any involvement with the theft of customer data, which included over 12.3 million credit card numbers. Anonymous does acknowledge that the breach took place while it was carrying out an attack on Sony’s servers, but says it did not not participate in any data theft. The group also claims it did not leave any files on Sony’s servers — Sony stated earlier that it discovered a file called “Anonymous” on its servers following the breaches that contained a portion of Anonymous’ slogan. Hit the break for the full press release. More →
In a filing with the Securities and Exchange Commission (SEC), information management company EMC admitted that an “extremely sophisticated” attack was in progress against its computer network. Specifically targeting the company’s security division, the intruders stole confidential data related to RSA’s SecurID products. EMC acquired RSA Security in the fourth quarter of 2006 for just under $2.1 billion. RSA SecurID provides a form of two-factor authentication that implements a second layer of network security to protect against outside threats and compromised passwords — the technology is used by governments, the military, financial institutions, hospitals, and businesses around the globe. RSA declined to comment on the nature of the attack, or provide information on exactly how much data was accessed by the network intruders. More →
An unaffiliated group of pro-WikiLeaks hackers calling itself “Anoymous” finds itself short a few member this evening as multiple alleged culprits were arrested on Thursday in the U.K. The BBC reports that five men were arrested in a series of raids, and they are being held in various locations across England. Allegations against the men are described as “recent and ongoing attacks by an online group that calls itself ‘Anonymous’.” The two adults and three teenagers were allegedly involved with a series of DDoS attacks carried out last year, aimed at various websites the group felt stood in opposition of notorious news agency WikiLeaks and its famed leader Julian Assange. Targets included websites belonging to Amazon, Visa, Mastercard and Paypal. This is not the first time arrests have been made in connection with Anonymous’ attacks; two Dutch teenagers allegedly involved with the group were arrested last year, but charges were never formally filed against them. More →
Global hacker group “Anonymous” announced its plans Thursday morning to launch a cyberattack on Amazon.com. The attack is part of a larger endeavor called “Operation Payback,” which targets the websites of companies the group believes to have impeded WikiLeaks’ efforts to disseminate information. Recent targets include Visa and Mastercard.
Anonymous’ cyberattack on Amazon.com was scheduled to commence at 11:00am Eastern, yet Amazon.com has not experienced any downtime as of 11:20am. As a result, it appears as though the attacks on Amazon.com have been unsuccessful.
UPDATE: Shortly before noon, the group gave up on its plan to attack Amazon.com. Instead, it is currently focusing its efforts on Paypal, though the site has not yet gone offline.