Sophos Shuts Down Partner Portal After Discovering Hack Tools

The world renowned security firm Sophos has revealed that its Partner Portal has been temporarily taken offline after a couple of “unauthorized programs” were found on the server. It’s believed that the malicious elements were designed to allow hackers to gain remote access to information.

The security breach was discovered on April 3 and as soon as the hack tools were identified, the partner logins were suspended, but only for those who haven’t moved to the new SFDC portal.

An investigation is ongoing, but initial analysis of the incident reveals that the server’s database includes partner names, email addresses, business addresses, contact information and hashed passwords.

It’s uncertain if the data was accessed by the individuals who breached the server, but the company considers that it must assume the worst.

“When the Partner Portal comes back online, you will find that your password has been reset as a precautionary step, just in case it fell into the wrong hands,” reads the statement issued by the company.

“You should, of course, ensure that you never use the same password on different websites - and if you did use your old Partner Portal password on other sites, we would advise that you change the login credentials on those sites to something unique.”

If the email addresses were stolen, they may be used by the cybercriminals to launch phishing expeditions that are cleverly designed to appear as originating from Sophos. This is why it’s crucial that the organization’s partners keep an eye out for any suspicious notifications that carry links or, even worse, attachments.

Hopefully, it will turn out that no data was accessed by the hackers who placed the remote access tools, but until things are clarified, it’s best for Sophos partners to act with caution and apply the security practices recommended by the firm.

Read More

Romanian Government Portal Defaced by Anonymous, President Mocked

The Public Information Portal (publicinfo.gov.ro), a website owned and managed by the Romanian government, was breached and defaced by members of Anonymous.

The main page of the website where Romanian citizens can obtain documents and information on projects and laws has been altered to display an image that mocks the country’s president, Traian Basescu.

“Hello to all visitors. We recently found out that our president Basescu (aka Base) is gay, part-time n***r and also pregnant :s Meanwhile, after long researches we think that we finally managed to find his cousin too,” the hackers wrote.

“That’s all for now. Stay tuned for the dumps and more great news! Cheers ;).”

According to the hackers, they plan on leaking all the files and all the information stored in the site’s database, but not before analyzing it.

The hackers told us that there wasn’t any particular reason for targeting the Public Information Portal. They simply breached it because it belongs to the government and “anything that belongs to the government must be hacked.”

While this article was written, the website was taken down, but the image posted by the hackers could be seen by the site’s visitors for more than an hour.

Of course, this is not the first time when Anonymous strikes a site that belongs to the Romanian government.

On April 2, they defaced the website of Miercurea Ciuc, a city where the majority of the population is ethnic Hungarian, to protest against the demands made by the community lately.

Other recent hacks targeted Atomic Data and Analysis Structure for Fusion in Europe (ADAS-EU), numerous science and research facilities, and the site of the International Monetary Fund.

Read More

Sony Hacker Pleads Guilty, Faces 15-Year Sentence

24-year-old Cody Kretsinger, former member of the LulzSec crew, known on the hacking scene as recursion, pleaded guilty in front of a US District Court judge for breaching the systems owned by Sony Pictures Entertainment.

According to azcentral.com, he admitted to one count of conspiracy and one count of unauthorized impairment of a protected computer.

The sentence will be carried out on July 26, giving Kretsinger time to think if the fame he gained for hacking into Sony’s systems was worth spending 15 years in jail.

Kretsinger was arrested in September 2011, along with two other alleged hackers. Around one month later, he pleaded not guilty to the charges that were brought against him.

He also became famous after the owners of hidemyass.com, the service that was supposed to keep his identity private, ratted him out to law enforcement representatives.

Read More