Belkin WeMo smart home networks in danger of hacks

Belkin WeMo smart home networks in danger of hacks. Security firm IOActive announced that it has uncovered multiple vulnerabilities in Belkin WeMo Home Automation devices that could affect over half a million users. Belkin’s WeMo uses Wi-Fi and the mobile Internet to control home electronics anywhere in the world directly from the user’s smartphone.
Mike Davis, IOActive’s principal research scientist, uncovered multiple vulnerabilities in the WeMo product set that gives attackers the ability to Remotely control WeMo Home Automation attached devices over the Internet, Perform malicious firmware updates, Remotely monitor the devices and Access an internal home network.
Davis said, “As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. This mitigates their customer’s exposure and reduces risk. Another concern is that the WeMo devices use motion sensors, which can be used by an attacker to remotely monitor occupancy within the home.”

ZeuS Banking Trojan Targets Salesforce accounts

The Zeus malware family is known as a cause of identity theft of financial and banking details. A new variation of the Zeus Banking Trojan Targets Salesforce accounts and SaaS Applications. Zeus comes in many different forms and flavors, is capable to steal users online banking credentials once installed.
The Adallom Labs team recently discovered an unusual variant of the Zeus trojan that targets Salesforce users. In a blog post, the Adallom Labs team said:

We’ve been internally referring to this type of attack as “landmining”, since the attackers laid “landmines” on unmanaged devices used by employees to access company resources. The attackers, now bypassing traditional security measures, wait for the user to connect to *.my.salesforce.com in order to exfiltrate company data from the user’s Salesforce instance.

Hackers spread credentials for thousands of FTP sites, New York Times among those

Hackers spread credentials for thousands of FTP sites, New York Times among those. Hackers get credentials for more than 7,000 FTP sites and circulated a list in underground forums, according to a security expert Alex Holden, chief information security officer for Hold Security, a Wisconsin-based company that monitors cyberattacks.

Hackers used the credentials for access to the some FTP servers and upload malicious files, including scripts in the programming language PHP. In other cases , they put the files on FTP servers , which include malicious links directing people to malicious web sites.

Dubai Police social media accounts hacked

Dubai Police social media accounts hacked on Sunday night. A previously unknown hacker group which identified itself on twitter as @TheHorsemenLulz hacked the Dubai Police’s twitter and Tumblr accounts. Dubai Police have confirmed that its official twitter account has been hacked.
The hackers also claimed several other cyber attacks in the UAE, including taking down the websites of Noor Islamic Bank, the Telecommunications Regulatory Authority and the Central Bank.