Credit card hackers hit Neiman Marcus

Neiman Marcus' downtown San Francisco store.

(Credit: Neiman Marcus)

Credit card hackers might be developing a taste for the finer things in life.

Upscale department store Neiman Marcus confirmed that its database of customer information was hacked last month, independent security researcher Brian Krebs reported on Friday.

The Neiman Marcus hack follows news today from Target that its investigation into its recent hack found that thieves made off with the personal and credit card data of up to 110 million Target customers, 70 million more than previously thought.

The Neiman Marcus breach occurred around mid-December, the same time as the Target attack. Another similarity to the Target attack is that online Neiman Marcus shoppers do not appear to be affected so far, only retail shoppers. So far, these appear to be coincidences.

Ginger Reeder, a spokesperson for Dallas-based Neiman Marcus, told Krebs that details on the hack are sparse. The cause, size, and duration of the attack are currently unknown, pending the completion of a third-party forensics investigation. The company is also working with the Secret Service, as is customary in these attacks.

ангилал: Pentest | (0) comments | send

Yahoo says malware attack farther reaching than thought

(Credit: CNET)

Yahoo has provided more information on an ad-related malware attack first reported a week ago that may have affected more than 2 million PCs and put Yahoo users' personal data in jeopardy. The company said some people outside Europe may, in fact, have been hit and that the attacks started four days earlier than previously thought.

In a post made to its Yahoo Help site on Friday, the company said that "while the bulk of those exposed to the malicious advertisements were on European sites, a small fraction of users outside of this region may have been impacted as well." Netherlands-based security company FoxIT had previously said that the UK, France, and Romania were the countries hardest hit by the attack.

Yahoo also said Friday that users of Yahoo services may have been affected between December 27 to January 3. Initially, the company said the attacks had occurred on January 3. It later said they'd occurred between December 31 and January 3.

Before Yahoo addressed the issue, visitors to Yahoo Web sites and users of services such as Yahoo Mail and Yahoo IM may have been served with malware via the Yahoo ad network. Users visiting pages or services with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.

Another Dutch security company, Surfright, said earlier that more than 2 million computers had been infected as a result of the malware campaign and that the malicious code could include exploits involving theft of usernames and passwords; the disabling of antivirus software; and the remote control of computers. It's not clear if the new start date for the attacks means a higher number of infected machines.

US-based security company Light Cyber, said one of the malware programs was designed to shanghai infected machines into a Bitcoin mining operation.

Surfright said on January 5 that "not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime...and you used Yahoo Mail [during] the last 6 days, your computer is likely infected."

People on Macs or mobile devices weren't susceptible, according to Yahoo.

In its new post on the incident, Yahoo said the attack occurred "because an account was compromised. The account has been shut down and we are actively working with law enforcement to investigate this."

It also said that people worried about an infection should take the following steps:

Light Cyber had previously offered detailed information on detecting the malware. You can check that out here.


Source: CNET

ангилал: Pentest | (0) comments | send

Microsoft's Twitter account: Don't use our e-mail

Doesn't seem quite right, does it?

(Credit: Screenshot by Chris Matyszczyk/CNET)

Sometimes, irony adorns Twitter like the sugar on a doughnut.

On Saturday morning, however, the Microsoft News Twitter account offered a curious instruction. It read: "Don't use Microsoft emails(hotmail,outlook),They are monitoring your accounts and selling the data to the governments. #SEA @Official_SEA16."

The accusation might be referred to as a Reverse Scroogling. Or, perhaps, a Microsofting.

As to the perpetrators, the "SEA" hashtag points to the Syrian Electronic Army, a hacking group sympathetic to President Bashar Assad.

The SEA has operated for some time now, hacking its way into places such as a BBC Twitter account.

Indeed, this is the second time this year that the SEA has targeted Microsoft. On New Year's Day, it attacked Skype's Twitter and Facebook accounts with the same wording as today.

A follow-up tweet Saturday, also issued through the Microsoft News Twitter account, showed an image of the Syrian flag with the message: "Syrian Electronic Army Was Here via @Official_SEA16 #SEA."

I have contacted Microsoft to wonder what might have happened here and will update, should I hear back.

Update, 3 p.m. PT: A Microsoft spokesperson offered this statement: "Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised."

Oh.

(Credit: Screenshot by Chris Matyszczyk/CNET)


Source: CNET
ангилал: Pentest | (0) comments | send

How to Install Nessus on Backtrack 5 R3

Nessus is a network vulnerability scanning program. It is free for personal use. Its can detect vulnerabilities on the systems. Nessus is the most popular vulnerability scanner in the computer security. Nessus allows scans for vulnerabilities, misconfiguration, default passwords / common passwords / blank passwords on some system accounts, etc. You can use Nessus to scan your system and patch the vulnerability. If you want install Nessus on Backtrack 5 R3 first thing to do is download it from http://www.tenable.com/products/nessus/
ангилал: Pentest | (0) comments | send

Backtrack Penetration Testing Tutorial

Penetration testing is a legal and authorized attempt to exploit computer systems for the purpose of making the computer systems more secure. This Backtrack Penetration Testing Tutorial is a penetration testing tutorial using Backtrack Linux. Backtrack is the best penetration testing distribution. Offers some penetration testing programs and these programs will used in this Backtrack Penetration Testing Tutorial. The results of penetration testing are addressing the vulnerabilities in the computer system and
ангилал: Pentest | (0) comments | send

Solve Backtrack Blank Screen when Using Startx

When Backtrack 5 released, the most common issue is blank screen when using startx command to start the GUI mode. This common issue caused the VGA on some machine doesn't support. This blank screen issue still found on Backtrack 5 R1 and Backtrack R2. Long time ago when I install Backtrack 5 this problem disappointed me but it's still to fix.

When Backtrack 5 R1 released and I install it on my notebook the blank screen issue has been disappear, but I found this issue on Backtrack 5 R2 when I install it.
But
ангилал: Pentest | (0) comments | send

Mantra Security Toolkit on Backtrack 5 R3

Mantra Security Toolkit is a variety of absolutely free and also open source applications built-into a browser, which often can turn out to be useful for penetration testers, webmaster, security experts and so on. It is portable, ready-to-run, lightweight and also uses the real style of free and open source software program. Mantra Security Toolkit is really a security framework which may be great within executing all of the five stages of attacks which include reconnaissance, scanning and also enumeration, getting
ангилал: Pentest | (0) comments | send

Basic Skills of Penetration Tester

If you want become a hacker or a penetration tester, you must have basic skill of it. Basic skill of hacker needed so you can be a professional pentester. There are 10 basic skill and you must take over all of them. 1. Expert of operating system. Operating System is a basic skill of hacking. You must become master in Operating System. So many people want to be a hacker without any knowledge of Operating System. Learn now, learn Unix Operating System. You must know about the OS details so you can find the vulnerability
ангилал: Pentest | (0) comments | send

Backtrack 5 R3 Walkthrough [Part 1]

Backtrack is a most popular Linux distribution used for Penetration testing and Security Auditing. Now the latest Backtrack version is Backtrack 5 R3 with some new features. A lot of hacker use Backtrack as their Operating System. I think this is the best operating system for hacker. Backtrack is a Linux so if you want learn using Backtrack be sure you learn the command line of linux. There are many tools in Backtrack, there are penetration tools, information gathering tools, forensics tools, and other powerful
ангилал: Pentest | (0) comments | send

Install VirtualBox on Backtrack 5

VirtualBox is a Virtual Machine software that can run OS under OS without dual boot. In Penetration environment this Virtual Machine very useful because we can learn how to penetration on the other system without make any damage. VirtualBox is an Open Source. This is the tutorial how to install VirtualBox on Backtrack 5.



First download the VirtualBox from http://www.virtualbox.org/wiki/Downloads

Then Install it. You can make new configuration about the OS that you want to Install to it. If you have an Windows
ангилал: Pentest | (0) comments | send