- Student who hacked into a public transport network and got $18 in free trips is found guilty of fraud after he contacted authorities to warn them about the system’s flaws. From Daily Mail. A student who hacked into a public transport system to show it had flaws has been been found guilty of fraud after he and a co-convicted got $18 worth of free trips. Jack Carruthers, a student at Perth’s Murdoch University, hacked into the city’s SmartRider transport travel card and later owned up to TransPerth, alerting them to the issues with the system. However, he ended up being charged for his actions after the Public Transport Authority (PTA) noticed what had happened and was eventually found guilty.
Charles Schwab data breach exposed client investment data. From SC Magazine. Charles Schwab informed some of its customers on May 4 that the company had noticed unusual login activity on their account, possibly due to an unauthorized person having obtained their account username and password. In a letter posted on the California Attorney General Office website, the company said the unusual activity began on or after March 25 and that the account sign-on credentials were likely taken from a non-Schwab source and then successfully used to access the customer’s account, possibly exposing the client’s names, account numbers, stock positions and transaction history.
Prince of Persia: Infy Malware Active In Decade of Targeted Attacks. From Palo Alto Networks. Attack campaigns that have very limited scope often remain hidden for years. If only a few malware samples are deployed, it’s less likely that security industry researchers will identify and connect them together. In May 2015, Palo Alto Networks WildFire detected two e-mails carrying malicious documents from a genuine and compromised Israeli Gmail account, sent to an Israeli industrial organization. One e-mail carried a Microsoft PowerPoint file named “thanks.pps” (VirusTotal), the other a Microsoft Word document named “request.docx”.
- Romanian hacker Guccifer: I breached Clinton server, ‘it was easy’. From Fox News. The infamous Romanian hacker known as “Guccifer,” speaking exclusively with Fox News, claimed he easily – and repeatedly – breached former Secretary of State Hillary Clinton’s personal email server in early 2013. “For me, it was easy … easy for me, for everybody,” Marcel Lehel Lazar, who goes by the moniker “Guccifer,” told Fox News from a Virginia jail where he is being held.
Why malware authors keep using the same old Microsoft Office exploits. From SophosLabs. SophosLabs Principal Malware Researcher Gabor Szappanoshas closely studied Microsoft Office exploits for the past few years. We’ve previously covered his investigation of the Microsoft Word Intruder exploit creation kit, and his recent paper exploring the most popular Office exploit kits.