A young Argentinian hacker, known only by his sobriquet Ch Russo, claims to have successfully slipped past The Pirate Bay's defenses, gaining access to the torrent site's administrative control panel. An SQL injection vulnerability discovered by Ch Russo and a couple of his chums exposed the site's user database, which is said to contain account information belonging to around 4 million users. However, the hacker denies altering or deleting information.

The trio also resisted the temptation of selling the data to the companies assisting the entertainment industry in its fight against piracy. “Probably these groups would be very interested in this information, but we are not [trying] to sell it,” Russo told security blog KrebsOnSecurity in a phone interview. “Instead we wanted to tell people that their information may not be so well protected.”

After Russo convinced KrebsOnSecurity's Brian Krebs that he had indeed hacked the popular torrent site, the security blogger made repeated attempts to contact the site's administrators, but all in vain. While it did not answer Kreb's request for a comment, TPB later said that the issue has been fixed.

July 4 turned out to be a field day for hackers and chance cyber-saboteurs as they converged on the world's most popular video streaming site to wreck havoc using a cross-site scripting (XSS) vulnerability. They  inserted malicious code in the comments section of  many YouTube videos to trigger a series of anomalous events, including redirects to porn sites and nasty pop-ups, whenever a user visited a targeted video. Justin Bieber fans were probably the worst hit, with hackers and pranksters concertedly targeting the Canadian singer's videos.

But Google wasted little time in plugging the hole. "We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson for YouTube's parent company said. "Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future."

Soccer fans around the world are eagerly waiting for the 2010 FIFA World Cup to kick off. Soccer's marquee event will virtually transform host nation South Africa into the mecca for the sport's impassioned followers around the world. Like with any other major world event or cataclysm, the internet's dark alleys are filled with people ready to tax the outpouring of human emotion during the World Cup. It is likely that some of their nefarious plans are already afoot, even though there is a fair bit to go before the start of the event.

Symantec recently discovered a “targeted attack” that quite clearly tries to exploit the mounting soccer fever. Thankfully, the attack was thwarted before it could cause any damage. The attackers tried to drop their malicious payload using an email message ostensibly sent by a legitimate African Safari organiser, Greenlife. To the untrained eye, the sender had attached a “highly informative World Cup Travel Guide” with the message. But in reality the attached file was a modified variant of the real Greenlife's actual PDF guide. The actual PDF document was first debased with malicious code to exploit a recently patched vulnerability in Adobe Reader before being forwarded as an attachment.

“The patch for this critical rated vulnerability was released by Adobe on February 16, 2010. Since then we have observed a large number of targeted attacks attempting to exploit this vulnerability. Proof-of-Concept exploit code is available in the Internet which is contributing to the large number of observed attacks,” Daren Lewis, a Symantec employee wrote on the MessageLabs Intelligence blog.

Targeted attacks are known to be precise and less spammy. For instance, Symantec only has to deal with less than 100 such attacks every day, despite it blocking around  500,000 malicious emails per day.
Such attacks usually target organizations, with people at the top of the pecking order more likely to be attacked first. This way the attackers can gain access to a pretty large chunk of that organization's sensitive information. In this case, the malicious email was sent to a person only identified as “a user in a major international organisation that brings together governments from all over the world.”