April 7, Softpedia – (International) Google reCAPTCHA cracked in new automated attack. Three security researchers developed a new automated attack that can bypass Google’s reCAPTCHA system and Facebook’s CAPTCHAS systems’ security measures and machine learning after solving the systems’ image answers security protocol with a 70.78 percent success rate when conducting studies on 2,235 CAPTCHAs. The new attack proved a higher degree of accuracy than previously reported and could potentially allow malicious hackers to conduct the same attack. Source.
April 7, SecurityWeek – (International) OSVDB shut down permanently. Leaders of the Open Sourced Vulnerability Database (OSVDB) reported that its database will be shut down permanently due to the lack of support and contribution from the Information Technology (IT) industry. The project’s blog will remain active to help provide commentary on items related to the vulnerability world. Source.
April 7, The Register – (International) Remote code execution found and fixed in Apache OpenMeetings. A hacker from Recurity Labs discovered four vulnerabilities including a remote code execution (RCE) flaw, a predictable password reset token, and an arbitrary file read flaw in Apache OpenMeetings, a popular virtual meetings and shared whiteboard application, that could allow an unauthenticated attacker to gain remote code execution on the system to hijack installations of the product. To exploit the flaw, attackers only need to identify the administrator’s username. Source.
April 6, Agence France-Presse – (International) Police raids target cyber-criminals in four countries: Germany. Approximately 700 international police officers participated in coordinated multi-national raids in the Netherlands, France, Canada, and Germany to arrest globally active hackers and a variety of Internet criminals that offered illicit services such as disguising malware from anti-virus programs to steal online passwords and banking information, among other actions. Officials reported that they arrested a chief suspect and confiscated about 300 computers and disks. Source.
April 6, SecurityWeek – (International) Vulnerabilities continue to plague industrial control systems. The DHS Industrial Control Systems-Computer Emergency Readiness Team (ICS-CERT) released three security advisories on industrial control systems (ICS) that detailed vulnerabilities originally found and reported by independent researchers. The advisories indicated that critical infrastructure and industrial networks were still inundated with serious flaws. Source.
April 6, SecurityWeek – (International) Hackers will break into email, social media accounts for just $129. Dell SecureWorks released a report which revealed that the underground hacker market, a virtual space for those interested in hiring a hacker to compromise a Gmail, Hotmail, or Yahoo account, only required customers to pay $129 for hacking personal email services and required customers to pay $500 to compromise corporate email accounts. In addition, the report stated the underground market offered a plethora of hacking services to buying customers including services to hack the commercial facilities sector, the transportation sector, and the financial sector, among others. Source.