Twitter Resets More Passwords Than Accounts Hacked

An untold number of Twitter users Thursday received suspicious emails alerting them their passwords had been reset following a loosely defined, third-party hack.

The emails are apparently legitimate, though they were sent to more than victims of compromised accounts.

Side-Channel Attack Steals Crypto Key from Co-Located Virtual Machines

Side-channel attacks against cryptography keys have, until now, been limited to physical machines. Researchers have long made accurate determinations about crypto keys by studying anything from variations in power consumption to measuring how long it takes for a computation to complete.A team of researchers from the University of North Carolina, University of Wisconsin, and RSA Security has ramped up the stakes, having proved in controlled conditions that it’s possible to steal a crypto key from a virtual machine.

More VMware ESX Source Code Posted Online

For the third time this year, VMware ESX source code has been posted online. A hacker known as Stun claiming to be affiliated with Anonymous tweeted a link to a torrent site hosting the stolen VMkernel source code. VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed the source code, dating from 1998-2004, is related to code posted in April and May.

As part of what it’s calling “Project Blackstar,” the hacking collective Team Ghostshell posted approximately 2.5 million records it claims belong to Russian individuals who work across the political, educational and law enforcement spectrum online earlier this morning.

Fourteen individuals were charged late last week after the Federal Bureau of Investigation, along with the Los Angeles Police Department and the Glendale, Calif. Police Department found they were behind a scheme that extracted more than $1 million from Citibank cash-advance kiosks in Southern California and Nevada between 2009 and 2010.

The attacker who penetrated the Dutch CA DigiNotar last year had complete control of all eight of the company’s certificate-issuing servers during the operation and he may also have issued some rogue certificates that have not yet been identified. The final report from a security company commissioned to investigate the DigiNotar attack shows that the compromise of the now-bankrupt certificate authority was much deeper than previously thought.

Some XBOX Live users have violated the online gaming platform’s code of conduct by using a malicious application that allowed them to permanently kill off the characters of other players in the popular ‘Borderlands 2’ video game.

Although DDoS attacks have been a serious problem for more than a decade now and security staffs have a good handle on how they’re executed and how to handle them, attackers constantly adjust their tactics in order to defeat the best defenses available. One of the more recent tactics adopted by attackers is the use of open DNS resolvers to amplify their attacks, and this technique, while not novel, is beginning to cause serious problems for the organizations that come under these attacks.

UPDATE – America’s largest book retailer, Barnes & Noble, announced this morning it has detected evidence of tampering in 63 PIN-pad devices used in as many stores by criminals trying to steal payment card information. Barnes & Noble claims to have disconnected all the affected devices from service on Sept. 14. The retailer did not disclose how many customers may have been affected by the tampered devices.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.