Justin Bieber’s Twitter account hacked

Canadian pop/R&B singer, songwriter, and actor Justin Bieber had his Twitter account allegedly hacked today. Whoever did it decided to question his follower count and insult him with a popularly-used phrase amongst those who dislike him.

It was potentially seen by Bieber’s 19 million followers, or even more, given that Twitter is a mainly public social network. The remark was aimed at the fact that Bieber today crossed the 19 million follower milestone. The tweet was subsequently deleted. Either the hacker in question deleted it right after posting it, or (more likely) someone else was active on the account at the time, saw it, and deleted it.

From ZD Net ZeroDay by Emil Protalinski

Source: http://www.zdnet.com/blog/security/justin-biebers-twitter-account-hacked/11135

iPhone passcode cracking is easier than you think

A report came out last fall suggesting that repeating one number in the iPhone’s four-digit security PIN made for better protection than using all unique numbers. However, that little trick doesn’t seem to go very far with Micro Systemation, a Swedish security firm that helps police and military around the world crack digital security systems.

The company released a video last week that shows just how easy it is to break into a passcode-protected iPhone or Android device.  The video, “Recovering the Passcode from an iPhone,” tapes a demonstration where a company spokesman uses an application called XRY and accesses the contents of the mobile phone in less than two minutes.

User information, such as GPS location, call history, contacts, and messages, can all be read.

From CNET by Data Kerr

Source: http://news.cnet.com/8301-1009_3-57405580-83/iphone-passcode-cracking-is-easier-than-you-think/

MS Office exploit that targets MacOS X seen in the wild – delivers “Mac Control” RAT

Continuing our research on Tibet attacks, we have found more Mac trojans and some interesting MS Office files that  deliver them. The group behind these attacks is the same we have been tracking for a while (See full story for link to other articles).

The doc files seem to exploit MS09-027 and target Microsoft Office for Mac. This is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X (full story includes a link to the MS security bulletin).

A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

From Alien Vault Labs, by Jaime Blasco

Source: http://labs.alienvault.com/labs/index.php/2012/ms-office-exploit-that-targets-macos-x-seen-in-the-wild-delivers-mac-control-rat/

Hackers turn credit report websites against consumers

The most important tool consumers have to fight against identity theft has been turned against them by hackers, MSNBC reported March 26.

Web sites that offer consumers a chance to see credit reports are being brazenly used by hackers to steal information.

The prices of the reports rise and fall depending on the credit score of the victim. For consumers with credit scores in the 750s, report data might fetch $80; reports from victims with scores in the low 600s sell for about half that, according to “for sale” pages viewed by MSNBC.

The most troubling part of these markets however –- many hosted in the .su domain, which stands for the now-defunct Soviet Union –- is the ready availability of credit reports and the hackers’ bragging about how easy it is to infiltrate Web sites such as AnnualCreditReport.com or CreditReport.com.

Criminals with stolen credit cards can obtain background reports, credit reports, and ultimately open new accounts using the data, a researcher with Internet security firm CloudEyez.com said.

In one how-to posted on a bulletin board, a hacker describes one brute-force attack used to gain access to credit report Web sites. Most sites are protected by “challenge” questions such as, “Which bank holds the mortgage on your home?” But there us a critical flaw, the hacker said: “Normally all … of them will ask you the same question,” the hacker wrote. Because the sites use the multiple choice format, it is easy to use the process of elimination and determine the correct answers, he claims.

From RedTape, MSNBC By Bob Sullivan

Source: http://redtape.msnbc.msn.com/_news/2012/03/26/10875023-exclusive-hackers-turn-credit-report-websites-against-consumers