Top 10 Stories

The Hacker News: Magento vulnerability allows an attacker to create administrative user Recently security researchers at Securatary have reported a critical cross-store vulnerability in the Magento platform that lets attackers to escalation privilege by creating an administrative user on any 'Gostorego' online store. It seems you cannot go a day without hearing about someone or some group hacking a website or stealing credit card and other sensitive data from e-commerce sites. The Market of E-commerce...

HelpNet Security: Linksys home routers targeted and compromised in active campaign A yet undetermined vulnerability affecting certain Linksys WiFi routers is being actively and massively exploited in the wild to infect the devices with a worm dubbed "TheMoon", warns SANS senior instructor and ISC researcher Johannes Ullrich. His and his colleagues' investigation started after they were notified by a Wyoming-based ISP that some of its customers have had their Linksys routers and home networks compromised...

The Hacker News: 98% of SSL enabled website still using SHA-1 based weak digital certificates The National Institute of Standards and Technology (NIST) had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA-1 hashes.  

Arstechnica: New zero-day bug in IE 10 exploited in active malware attack, MS warns (updated) Exploit hosted on hacked, US-based website commandeers visitors' PCs. Microsoft has confirmed reports of a recently active attack that surreptitiously installed malware on computers running a fully patched version 10 of the Internet Explorer browser. The attacks also work on IE 9, the company warned

Techcrunch: Silk Road 2 Hacked, Over 4,000 Bitcoin Allegedly Stolen Silk Road 2 moderator Defcon reported in a forum post that hackers have used a transaction malleability exploit to hack the marketplace. The hackers stole over 88,000 4474.26 bitcoins worth $2,747,000, emptying the site’s escrow account. The site used a central escrow service to send bitcoins from buyers to sellers. The hackers exploited the transaction malleability bug – essentially a way users can mask transfers and...

Softpedia: Email Addresses and Passwords of over 2,000 Tesco Customers Leaked Online The company’s representatives have told the BBC that credentials haven’t been obtained from Tesco’s website. Instead, the cybercriminals took data leaked in older attacks and tried it out on Tesco’s site. They've been counting on the fact that many people use the same username/password combination for multiple online accounts

More Mac Bitcoin Malware Being Distributed and Manual Instructions for Removing It A recent trojan designed to steal your Bitcoins has expanded to apps being distributed on Download.com, according to SecureMac. The security research firm also offered manual instructions for removing the malware from your Mac if you've been infected.

Japan weathered a record 12.8 billion cyberattacks in 2013 Tokyo's National Institute of Information and Communications Technology (NICT) officials said on Monday that a record 12.8 billion cyberattacks were detected by the nation's agencies in 2013, largely targeting government organisations and other state-run activities.

Dropbox Transparency Report Includes Secret FISA Court Requests Online file-sharing service Dropbox, like other cloud-based tech providers, has been allowed to disclose national security requests for user information for the first time. In its latest transparency report, it said that it fielded 249 or fewer national security requests from the US government in 2013.

Bitcoin Hit By 'Massive' DDoS Attack As Tensions Rise A “massive” distributed denial of service (DDoS) attack is hitting Bitcoin, according to trading venues, in what has been a tense week over alleged flaws in the various systems run by the virtual currency and its exchanges. The attack picks on the very area – transaction malleability, or the potential renaming of transaction messages –  that has become a bone of contention between different venues, and...