Worst nightmare becomes reality: Linux Mint distro hacked and backdoor introduced

Linux distributor ‘Linux Mint’ warned users over the weekend that it has been hacked, exposing users to a malicious backdoor and compromising sensitive customer information. Project leader Clement Lefebvre explained in a blog post that the attacker made a modified Linux Mint ISO, with a backdoor in it, and then hacked the distributor’s website to point to it. In this moment the website is still down: http://www.linuxmint.com/ but the blog isn’t. You should check the hash of the ISO you’re downloading! Oh, I forgot to mention: also all user data was stolen. More here: http://blog.linuxmint.com/?p=2994 http://www.infosecurity-magazine.com/news/linux-mint-users-compromised-after/

No Image

Was BusinessWire also hacked?

I received the following email from BusinessWire.com  which makes me think that they got somehow hacked and are forcing all users to change their password. I couldn’t see anything on their website, also Google didn’t provide anything useful. We will be requiring all Businesswire.com users to change their password in the next few days. This maintenance is part of our ongoing efforts to secure our proprietary systems, as well as the sensitive information we house for our clients. How do they secure their systems by forcing a password reset? I think that somebody hacked their DB, has stolen their passwords (hashed or not) and  now they are doing damage control. In case you asking if this was a phishing email, I don’t think so. There is no request in the email, no link whatsoever. Important Notice Regarding Your Business Wire Password Dear Client: As part of Business Wire’s continuing commitment to security, we will be requiring all Businesswire.com users to change their password in the next few days. This maintenance is part of our ongoing efforts to secure our proprietary systems, as well as the sensitive information we house for our clients. In addition to regular maintenance, we are also implementing more aggressive precautions…

No Image

How to check if your DNS Server was hacked

Post initially published in Avira Techblog. You must have heard already about the already “famous” malware DNSChanger which manipulates the DNS settings of the computer in order to silently direct the users to malicious websites. FBI and others took action against this malware and in November 2011 have managed to break the botnet. According to FBI, more than 4 million computers were affected world-wide. The thieves manipulated DNS entries in order to block antivirus programs and the operating systems to update delivering this way even more malware on users’ computers. The DNSChanger malware was used also to redirect users to rogue servers controlled by the fraudsters, allowing them to control users’ web activity and generate income through online advertising. When FBI shut down the botnet, they also replace the servers which were directing to malicious domains with valid DNS servers. So, if the botnet is shut down why all this trouble? FBI will deactivate those new valid DNS servers on March 8, 2012. If your computer was infected at some point in time and it was using one of the DNS servers which are now controlled by FBI, after March 8, it will no longer be able to make any DNS…

No Image

Quoted in TechNewsWorld about the challenges of the cloud adoption

Who Watches the Watchmen, Part 3: Flying Headlong Into a Cloud By Richard Adhikari, TechNewsWorld   “Once you’re in the cloud, information doesn’t belong only to you but also to the provider of the cloud service,” Sorin Mustaca, a data security expert at Avira, told TechNewsWorld. The risks involved in moving to the cloud include the possibility that the cloud provider could be hacked by external cybercriminals or rogue employees. There’s also the risk of the cloud provider going bankrupt, causing customers to lose their data, Sorin pointed out. “The cloud is a generic concept which can’t actually be used without personalizing it,” Mustaca said. Enterprises and government agencies should only move to the cloud after they have identified what they need and expect from the cloud service, and have set security and privacy policies. “People think that if they move their computers and services to the cloud, they make the problems disappear,” Mustaca remarked. “But the problems don’t vanish; they simply move to the cloud.” Cloud service providers must guarantee a minimum level of security and privacy, but the differences between vendors’ offerings “are sometimes significant,” Mustaca warned. Going to a big provider doesn’t necessarily mean you’re any safer…

No Image

What to do if your site has been hacked by Phishers

APWG has published an advisory document called “What to do if your site has been hacked by Phishers”. This document gives website owners specific actions they can take when they have been notified that their website or webserver has been infiltrated and used for Phishing. Going forward, if you are a brand owner, takedown provider, or ISP, feel free to include a link to this document when you communicate with people who have had their sites compromised to host phishing. If you know any brand owners, takedown providers, or ISPs that might be interested in using this document, please feel free to forward this document to them or notify them of its existence. Here is the document: Click to access APWG_WTD_HackedWebsite.pdf

%d bloggers like this: