Our weekly security briefing continues with the main events that left their print on the days between June 25 and July 1.
In the past week, we reported a lot of vulnerabilities and a lot of news that involved law enforcement agencies from all over the world.
A few days later, after seeing that no one is taking him seriously, the hacker demonstrated that he identified security holes in telecoms networks from Spain and Mexico by leaking 84,000 email addresses and associated clear text passwords, most of them belonging to Yahoo, Hotmail, Gmail and AOL users.
A vulnerability-related incident was presented by researchers from Security Explorations. They accused Apple of downplaying the importance of a flaw they found in QuickTime.
The Cupertino company is famous for collaborating fairly well with researchers, but according to the firm from Poland, this is an undesirable situation in which Apple appoints a serious vulnerability as a “security hardening” issue.
Another group of researchers performed a study on a number of cryptographic devices, including the RSA’s SecurID 800 token, which they managed to crack in just 13 minutes. In response, RSA representatives came forward to deny that the attacks presented by the scientists can be used to obtain secret keys or other crucial data.
We’ve also learned a very important lesson: never say that your website is highly secure. That’s what Menshn’s co-founder did and soon enough a number of security enthusiasts were tweeting about finding dangerous weaknesses, including one that could expose user passwords.
Vulnerability Lab presented a flaw in the popular password management application KeePass Password Safe. Fortunately, they collaborated well with the software’s developer, who promised to release an update that should address the problem in the upcoming period.
VLC 2.0.2 and WordPress 3.4.1 were released, both of them bringing a number of security fixes that could have been exploited to cause a fair amount of damage.
This week we’ve also seen a number of hacktivist operations. The Colombian Justice Ministry’s website was hacked by Anonymous as a protest against the country’s politicians.
Operation Japan made a lot of headlines after hackers threatened government organizations in response to the new copyright law that could send users behind bars if they’re caught downloading copyrighted content or copying DVDs.
Operation Save the Arctic made a comeback when CyberZeist claimed to have obtained around 300 user accounts from the servers of the oil giant Exxon Mobil.
Law enforcement agencies from around the world have proved that they’re highly capable when it comes to apprehending cybercriminals.
The FBI announced that 24 cybercriminals from 13 countries were arrested on suspicion of being involved in carding activities. Among those apprehended, two are noteworthy: famous Pakistani hacker Badoo and UGNazi’s leader JoshTheGod.
Some of our sources tell us that even UGNazi’s Cosmo may have been arrested.
After the results of the operation were made public, a couple of individuals came forward to take credit for their involvement. One of them was The Jester and the other one was Dana White, the president of Ultimate Fighting Championship (UFC) who revealed that he worked with the FBI after hackers breached ufc.com.
On the other hand, Badoo’s arrest was protested by a number of Pakistanis and Muslims who see him as a hero, not a criminal.
In the United Kingdom, a man was sentenced to 1.5 years in prison after police caught him making free phone calls worth around $15,000 (12,000 EUR) from a number of public booths.
The Australian Federal Police is sick and tired of teenagers who’ve made a passion for hacking into websites, so they’ve paid six of them a visit and told them to knock it off.
In Russia, authorities arrested a 22-year-old suspected of being the owner of the world’s largest botnet based on banking Trojans. It’s believed that a total of 6 million devices have been infected.
In the LulzSec case, hackers Ryan Cleary and Jake Davis pleaded guilty for launching DDOS attacks, but they denied leaking sensitive information online.
Finally, the cybercriminal known as “Evil” was sentenced to 2.5 years for breaching Platform Networks.
Via: Security Brief: Law Enforcement and Vulnerabilities