On Sunday, Kristian Erik Hermansen disclosed a zero-day vulnerability in FireEye's core product, which if exploited, results in unauthorized file disclosure. As proof, he also posted a brief example of how to trigger the vulnerability and a copy of the /etc/passwd file. What's more, he claims to have three other vulnerabilities, and says they're for sale.
Investigators say fraudsters purchased codes to unlock SIM cards from phone company employees.
After nearly a year of investigation, French police have busted a ring of mobile phone hackers, whose members included employees of cellular phone companies. The ring had been operating for five years, selling about 30,000 stolen cell phone codes a month, and netting at least $675,000 a month, according to French authorities. Investigators said that fraudsters purchased codes to unlock SIM cards for about $4 each from phone company employees who had access to company databases. The codes were sold online for about $40. Why were the codes worth so much?
Security researchers recently stumbled upon a malicious website that housed a cache of stolen FTP credentials.
The malicious domain, discovered last week by researchers at network security and management firm Blue Coat, housed a set of sensitive files, two of which contained a total nearly 100,000 login and password combinations for a mixed batch of domains.
Another file contained 1,905 login and password combinations for the Servage.net domain, a provider that hosts more than 185,000 websites. And, a fourth file contained 197 credentials for a set of sites on the Russian narod.ru domain and several other Russian, Polish and Ukrainian web hosts.