IOTA fixes bug in desktop cryptocurrency wallet after crooks make off with more than $1m, but network has remained offline since last week

IOTA fixes bug in desktop cryptocurrency wallet after crooks make off with more than $1m, but network has remained offline since last week
Personal banking information for tens of thousands of Facebook staff compromised after hard drive theft from a car in the United States
Rise in theft of tech from the NHS has prompted warning about cyber risk to patient data
Major crypto-currency exchange is hacked, but wners pledge to cover the millions stolen in the cyber heist
South Korean giant says it respects intellectual property and is disappointed at certain media reports
The sophisticated attack on India’s second-largest bank was probably carried out by a state-backed hacking group, say analysts
Daylight robbery. Hackers have stolen $2.4m after two successful cyber attacks on an American bank
F-Secure’s method works on locks used in major hotels around the world
Cash taken from 40,000 bank accounts over the weekend, prompting Tesco to halt online transactions
Digital currency rocked by another Bitcoin theft, but Bitfinex cannot confirm whether it was insider job or hack
A new type of malware has been blamed for the bitcoin theft
You are most likely to get your phone stolen in a pub between 12pm and 5pm
Thieves beware, as a new app targets the sticky fingered when they purloin people’s precious mobile phones
Apple has kill switches that work, but ill-informed thieves will still kill for an iPhone, says Wayne Rash
A man has been arrested after breaking into the house belonging to the late Steve Jobs
Fibre to the cabinet is “one of the biggest mistakes humanity has made” former BT exec tells the House of Lords
Symantec warns older versions of pcAnywhere are at “increased risk” following theft of source code
Servers of security specialist Symantec were breached six years ago but the company did not notice source code had been stolen
New Zues malware variant, “Gameover” earns its name as it clears out victims’ bank accounts in the US
The Chinese government may have breached the US Chamber of Commerce and stolen Asian policy information
FBI warns of spear-phishing that Zeus loots victims’ bank accounts, stealing jewellery on the way
US and Estonian law enforcement officers have arrested six people for a sophisticated clickjacking scam
New judgement means Oracle may not bank the largest US IP infringement fine, awarded against SAP
O2 has refused to pay compensation after its service in the South East was affected by theft and vandalism
O2’s voice and data services in the South-East have been hit by problems after an incident of theft and vandalism
Student tracks thief, and parachutist finds dropped mobile using the free GPS app Find My iPhone
A Comodo Security partner was compromised and attackers issued valid digital certificates for popular Websites that would have potentially allowed them to spoof content and perform man-in-the-middle attacks, Microsoft warned.
The nine fraudulent Web certificates affected seven domains, including Microsoft Live service, Google’s mail system, Yahoo and Skype, Microsoft said in a March 23 security advisory. There are no active attacks at this time, according to Bruce Cowper, group manager of trustworthy computing at Microsoft.
Comodo has revoked these certificates, and the malicious certificates are listed in Comodo’s current Certificate Revocation List, according to Comodo. No Web browser should be accepting the incorrect certificates at this time, Comodo said.
The perpetrators would have been able to spoof content, perform phishing attacks or perform man-in-the-middle attacks only if they had control of the Domain Name System infrastructure as well, Comodo said.
Comodo said the attack originated from an IP address assigned to an Internet service provider in Iran. One certificate for Yahoo’s login page was tested using a server in Iran, but had already been revoked and was blocked from being used, according to Comodo’s incident report.
The server in question has stopped responding to requests. The IP address and server information may be circumstantial evidence as the attacker could have been attempting to lay a false trail, Comodo said. However, the company also noted that the Iranian government has recently attacked other encrypted methods of communication.
Unlike a typical cyber-criminal, who would have targeted financial organisations, this particular attacker focused on communications infrastructure. The targeted domains would be of “greatest use” to a government attempting surveillance of Internet use by dissidents, especially considering the recent turmoil in North Africa and the Persian Gulf region, Comodo said.
Comodo believes this was likely a state-driven attack. This is the first time Comodo is seeing a “state funded” attack against the authentication infrastructure, said Melih Abdulhayoglu, CEO and chief security architect of Comodo.
The attacker obtained the user name and password of a Comodo trusted partner in Southern Europe who was authorised to perform primary validation of certificate requests, Comodo wrote on its blog. The attacker used the stolen credentials to log in to the Comodo RA (root authority) account, and issued those certificates on March 15, according to the post.
“The attacker was well-prepared and knew in advance what he was to try to achieve. He seemed to have a list of targets that he knew he wanted to obtain certificates for, was able quickly to generate the CSRs [certificate signing requests] for these certificates and submit the orders to our system so that the certificates would be produced and made available to him,” Comodo said.
The attacker was still using the account when the breach was identified and the account suspended, possibly preventing more certificates from being issued, Comodo said. Remediation efforts began “immediately”, and additional audits and controls have been deployed. Comodo has declined to specify details regarding controls that were implemented.
Comodo root keys, intermediate CAs or secure hardware were not compromised, the company said. The attacker created a new user account, which has also been suspended. Comodo is “not yet clear” about the nature of the partner’s data breach other than the fact that the partner’s other online accounts were also compromised, he said.
Users who have enabled Online Certificate Status Protocol on their Web browsers will interactively validate these certificates and block them from being used. Comodo has monitored the OCSP responder traffic and has not detected any attempts to use the certificates after they were revoked, according to the incident report.
The certificates were issued for “Global Trustee” as well as for the following URLs: login.live.com, mail.google.com, google.com, login.skype.com and addons.mozilla.org. There were three certificates issued for login.yahoo.com, as well. Only one of the certificates for Yahoo was seen live on the Internet, according to the incident report. Comodo is not sure if the attackers received all the requested certificates in the first place.
Microsoft has developed a mitigation update, which is available through the Microsoft Download Center and the Windows Update Service. Customers can download the update to help protect against inadvertent use of the fraudulent digital certificates, said Microsoft’s Cowper.
The Climate Change Committee will block the holes that let thieves take £5 billion from the carbon exchange
Virtual bank robbers stole €7 million in carbon credits, breaking the green exchange
Students arrested on suspicion of using stolen credit cards and bogus PayPal accounts to sell on eBay