In a recent analysis of the business model behind the Flashback Trojan, Symantec security researchers reported that the main objective of the malware is revenue generation through an ad-clicking component. Security researchers at Symantec are estimating that the cyber-crimibals behind the Flashback Mac OS X botnet may have raked in about $10,000 a day.
Wednesday, May 2, 2012
Oracle Database new zero day exploit put users at risk
Oracle has recommended workarounds for a zero-day Oracle Database flaw that was not fixed in the company's April critical patch update. Oracle issued a security alert for Oracle TNS Poison, the vulnerability, disclosed by researcher Joxean Koret after he mistakenly thought it had been fixed by Oracle, allows an attacker to hijack the information exchanged between clients and databases.
Thursday, March 15, 2012
Anonymous Hacker Arrested After British Pregnancy Advisory Service (BPAS) Hack
According to a news release by Scotland Yard, officers from the Police Central e-Crime Unit (PeCU) arrested the man, who has been linked to the Anonymous hacktivist group, at an address in Wednesbury in the West Midlands. The suspect was a 27 Years old man who has been charged for defacing and hacking into the website of Britain's largest single abortion provider. Official website of The British Pregnancy Advisory Service (BPAS) was compromised yesterday, with a message from a hacker calling themselves "Pablo Escobar". The hacker claimed himself as a part of Anonymous. BPAS claimed that there were "about 26,000 attempts" to break into its website over a six-hour period.
For a certain period of time yesterday, visitors to the BPAS website saw an anti-abortion message. In a series of tweets, someone using the name "Pablo Escobar" claimed that the names of women who had undergone abortions had been accessed from the BPAS site, and would be released today (Friday). It appears that the authorities moved quickly to reduce the possibility of personal details of people who had contacted the BPAS site being made public.
This month is going worse and worse for Anonymous and their supporters, 1st Operation Unmask by Interpol, then FBI arrested all the key members of Lulzsec with the help of former Anon leader Sabu and so on.
Thursday, March 1, 2012
Interpol #TangoDown, Suspected 25 Anonymous arrested
Interpol’s Web site (www.interpol.int) went down Tuesday just hours after the international police agency announced the arrest of 25 suspected members of the hacking collective Anonymous in Argentina, Chile, Colombia and Spain.
The authorities in Argentina, Chile, Colombia and Spain carried out the arrests and seized 250 items of IT equipment and mobile phones, Interpol says.Those arrested are aged between 17 and 40.
A National Police statement said two servers used by the group in Bulgaria and the Czech Republic had been blocked.It said the four included the alleged manager of Anonymous' computer operations in Spain and Latin America, who was identified only by his initials and the aliases "Thunder" and "Pacotron".
Authorities in Europe, North America and elsewhere have made dozens of arrests, and Anonymous has increasingly attacked law enforcement, military and intelligence-linked targets in retaliation. Earlier this month the group knocked the C.I.A. Web site offline. A week earlier, the group intercepted a conference call between the Federal Bureau of Investigation and Scotland Yard and released a 16-minute recording of the call.
Spanish police traced back IP addresses from server logs, leading to 10 suspects in Argentina, six in Chile and five in Colombia, responsible for defacement of websites and publishing confidential data, including the personal data of the security detail of unnamed top officials, according to Agence France Presse.
The group had set up a chat-room to help run computer attacks in Spain and Latin America.After the arrests, a call went out in chat-rooms affiliated with the suspects for supporters to attack the Spanish police website. The petition specifically asked for people from outside of Spain to carry out the attacks "so that the police would not have enough data to lead to new arrests", according to the statement.
Anonymous has become increasing politicised over the last year, particularly over issues of online rights and the international controversy over whistleblowing website WikiLeaks.
Wednesday, February 29, 2012
FBI Will Shutdown DNSChanger Name Servers On March 8 (Operation Ghost Click)
It is widely known to all that the FBI will shut down the DNSChanger name servers on the 8th March, so it can be expected that the Internet connection of many users over the whole spectrum will be hampered during this operation because the trojan named DNSChanger has occupied millions of computers in more than 100 countries. FBI has planned the whole stuff earlier in November 2011 & it was named Operation Ghost Click. What many people do not know is that the clean DNS servers which are operated by the Internet Systems Consortium (ISC) and used to replace the rogues will be shut down on March 8, 2012. From the start, the US District Court for the Southern District of New York permitted the ISC to operate these servers for a period of 120 days. However, on February 17, 2012 the US government requested this deadline be extended to July 9, 2012.
Barring an extension from the FBI, those systems still infected with DNSChanger will cease receiving DNS services from the ISC controlled name servers on this date. In other words, they will not be able to properly access internet resources. This gives information security professionals less than two weeks to detect, locate and remediate any systems on their networks that are still infected. The DNSChanger Working Group (DCWG) estimates there are still approximately 450,000 systems still infected as of January 28, 2012. Other statistics show that DNSChanger may be present in half of the Fortune 500 companies as well as at least 27 government organizations. In early February 2012 Internet Identity disclosed there were 3 million systems still infected globally. This is a relatively small number of systems when compared to other virus outbreaks. Regardless it represents a challenge to security professionals. This can be a substantial undertaking for large enterprises. The nature of DNSChanger was to redirect infected systems to malicious destinations. Many of these sites in turn installed additional malware. By finding a DNSChanger infected system you will be finding a system that has additional infections. This should justify the need for a thorough sweep for DNSChanger infections. Luckily there are many resources available to detect and remediate DNSChanger infections. The easiest way is to utilize a network monitoring tool to isolate DNS traffic to the ISC operated DNS resolvers.
The Offending Netblocks Are:-
85.255.112.0/20 (85.255.112.0 through 85.255.127.255)
67.210.0.0/20 (67.210.0.0 through 67.210.15.255)
93.188.160.0/21 (93.188.160.0 through 93.188.167.255)
77.67.83.0/24 (77.67.83.0 through 77.67.83.255)
213.109.64.0/20 (213.109.64.0 through 213.109.79.255)
64.28.176.0/20 (64.28.176.0 through 64.28.191.255)
Tuesday, February 28, 2012
The GIFiles By Wikileaks Publishing: The Global Intelligence Files & Five Million E-mails From Stratfor
In the last month of 2011 U.S.-based security think tank Stratfor faced cyber attack from Hactvists. Anonymous claimed that they have stolen thousands of credit card numbers and other personal information belonging to clients of Stratfor’s confidential client list, which includes entities ranging from Apple Inc. to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords and home addresses. But later in a press release Anonymous dines that attack so its quit difficult to figure out that who was really behind the hack.
But from this Monday Wikileaks has planned to release over 5 Million emails from Stratfor Global Intelligence, whose website was hacked and emails and customer data stolen in December.
According to official website Wikileaks:-
"On Monday February 27th, 2012, WikiLeaks began publishing The Global Intelligence Files, over five million e-mails from the Texas headquartered "global intelligence" company Stratfor. The e-mails date between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defence Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment laundering techniques and psychological methods..."
Wednesday, February 22, 2012
Iran will Develop their own security Software, No more foreign Solution
According to latest report, Iran's Information and Communications Technology Minister announce that - Iran has prohibited import of foreign computer security software.
Because International sanctions stopped Iran from obtaining anti-virus software. So, Iran stressed that no foreign software for computer security will be imported into the country, adding that Iran will rely on its own software, made by local developers. The Bonian Daneshpajouhan Institute has about 25 smaller firms that develop domestic security software of various nature, and country will rely on it.
Three Hackers From Anonymous Arrested In Greece
Earlier this month Greece faced massive cyber attack from Anonymous and after investigation Greek police said they had arrested an 18-year-old suspected of hacking into the justice ministry's website. Also two other suspect aged 16 & 17 also being sought over the case. In the February 2nd hackers from anonymous performed a cyber-attack on the Greek Ministry of Justice website, and warned of plans to target a further 300 ministry and media sites. The hack was apparently a protest against the Greek government's signing of the Anti-Counterfeiting Trade Agreement (ACTA), which is designed to reduce Internet piracy. After that Greek police confirmed via twitter that they have started investigation and all the countermeasures have been taken. Indeed the output is in-front of us, 3 teenagers from Greece are behind the bar. The authority also said- The three youths have been linked to dozens of cyber attacks against Greek websites, using the alias Greek Hacking Scene and the nicknames "delirium", "nikpa" and "extasy". Authority also confirmed that these teens may have to face 1 year of imprisonment.
This the second time of this year when hackers from Anonymous get busted by police. In January a 22 year aged student arrested in south-western Poland for allegedly hacking the prime minister's website and local authority said that he was a part of Hactivist Anonymous.
Friday, February 10, 2012
Anonymous Exposed Personal Details Of Top Officers Of Oakland City
#OccupyOakland movement continues. Today top city official of Oakland confirms that their personal details has been stolen. Concerned with the continuous acts of police brutality perpetrated by law enforcement in Oakland, California, the online hacktivist group Anonymous has published the personal details of some of the city’s leading officials. All the hacked credentials including Full name, Address, Phone Number, Social Network Details and other personal details has been openly posted on pastebin by Anon hackers.
In the #OccupyOakland Press Release Anonymous said:-
"Citizens of Oakland -
Anonymous has been watching. Since the inception of Occupy Oakland, We have been actively monitoring your behavior, and exposing the identities and sensitive information of Officers of the Oakland Police Department; as they have continued to act in an unprofessional and violent manner. You tear gassed Us. You shot Us with your weapons. You arrested Us. You beat Us. You also did this to Our Friends, and to Our Families. We watched as you cut budgets, cut Our jobs, closed Our schools, Our parks, and Our libraries, while leaving your own salaries alone. We laughed in disgust as Deanna Santana said she would need to speak to her attorney before discussing her pay cut. The people on this list are supposed to represent the best of what the City of Oakland has to offer. If they are the best, why is there so much trouble within the Police Department, and in the City of Oakland?
We are shocked and disgusted by your behavior. Before you commit atrocities against innocent people again, think twice.
You should have expected Us..."
#OccupyOakland Anonymous Performed DDoS Attack On Oakland Police & Exposed Confidential Data
Another Occupy Wall Street protest by Anonymous. Previously Anonymous Hacked IACP & Exposed 600 MB of Personal Data and this time the target was Oakland police. Members of the 'hacktivist' launched a DDOS attack that brought down the main web site of the Oakland Police Department for much of last night, cracked at least part of the security on an Oakland city government server and posted information on the names and data structure of Oakland city servers and the names, addresses and other personal data on Oakland police.
Members of the group have also put out the call for more hacked data and offered a $1,000 reward for specific data on the officer who fired the riot-control weapon that critically injured Iraq War veteran Scott Olsen. Olsen, a former Marine who participated in the protest Tuesday night, was apparently struck in the head by either a tear-gas canister or flash-bang grenade fired by Oakland riot police during a violent effort to drive OccupyOakland protesters off the streets.
In a Press Release Anon Said:-
"#OccupyOakland has come under attack from city police, who now appear to be calling in reinforcements from Palo Alto. A protester who did two tours in Iraq is in critical condition with fractured skull and brain injury after a cop shot him in the head with a "non-lethal" weapon. A crowd of protesters were deliberately hit with a flashbang while rendering first aid to an injured protester. Police claimed in a recent press release that "no injuries" have been reported so far.
These are among the most disturbing and criminal acts to be have been proven on the part of U.S. police since NYPD officers were outed as having routinely planted drugs on suspects earlier this month. The time has come to retaliate against Oakland police via all non-violent means, beginning with doxing of individual officers and particularly higher-ups involved in the department's conduct of late.
Those willing to assist in doxing should send any found materials to transistor@hushmail.com. To work with Anonymous, use an IRC client to join irc.anonops.li #anonops.
I'm offering a $1,000 reward, no questions asked, for the name of the officer who threw a flashbang at the injured Iraqi vet. "
To see the entire press release of Anonymous Click Here.
For more information and to see the server details and other confidential information leaked by Anon Click Here.
Exposed Names, Addresses and other Personal data of Oakland Police are Here.
Thursday, February 9, 2012
US Govt Sites are Targeted by DNSChanger Trojan
Security researcher suspecting that malware named "DNS Changer" still targeting US Govt sites. Even researcher said: "hundreds of Govt sites are infected with that particular malware."
About DNSChanger:
The malware, known as the “DNSChanger Trojan” quietly alters the host computer’s Internet settings to hijack search results and to block victims from visiting security sites that might help scrub the infections. DNSChanger frequently was bundled with other types of malware, meaning that systems infected with the Trojan often also host other, more nefarious digital parasites.
Earlier few guys ware busted for using the Trojan to control more than four million computers in over 100 countries - including an estimated 500,000 in the United States. Investigators timed the arrests with a coordinated attack on the malware’s infrastructure. The two-pronged attack was intended to prevent miscreants from continuing to control the network of hacked PCs, and to give Internet service providers an opportunity to alert customers with infected machines. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.
Wednesday, February 8, 2012
Symantec verifies stolen source code posted by Anonymous is "legitimate"
Symantec is in an ongoing fight against hackers in the group Anonymous that last January attempted to extort a payment of around $50,000 from Symantec in exchange for not publicly posting stolen Symantec source code they had stolen for various older Symantec security products dating to 2006.
Late yesterday, hackers did release the source code for an older version of Symantec's pcAnywhere and Norton Internet Security by uploading it to the Pirate bay website. Symantec confirms this is legitimate Symantec source code, and Symantec spokesman Chris Paden says the concern now is that other code that Anonymous claims to have in its possession will soon be posted as well.
Interesting story: US become victim of Indian spy agency...!
A recently leaked memo reveals that American and Canadian based company’s Apple, Research in Motion and Nokia may have helped the government of India spy on U.S. agencies in order to receive larger shares of the overall Indian cell phone market.
Last week, an Indian hacker crew successfully broke into a secured Indian military government network. The group, the Lords of Dharmaraja (who posted up outdated Norton security source code last week) posted documents that infer Apple, Nokia, and Research In Motion gave the Indian government backdoor access to their devices in exchange for mobile phone market rights.
Australian Nokia Sub Domain Defaced by Hackers
Latest News coming from Zone-H that Australian Nokia Sub Domain Defaced by Hacker going with codename - "aldyfrz" an Indonesian hacker. Reason of Hacking is Unclear and Security Breach possibly just Damage the Site.
The Hacker Sub domain of Nokia is : http://press.nokia.com.au Press Club Site and While writing this update Nokia Restore the site , So if anyone miss to see the Deface page, They can check at Zone-H mirror link.
University of Washington: Database Leaked by Hacker
A few days back, a Team INTRA member hacked into the University of Washington database and released much data. Today, N0B0DY and N0LIFE hacked into it again, releasing the most recent passwords on Pastebin.
HTC Patched Wi-Fi Vulnerability In Its Android Phones
Tuesday, February 7, 2012
Interesting story of a Hungarian Hacker - who gets 30 months for extortion plot on Marriott
A Hungarian hacker who attempted to extort money from Marriott International Inc. by stealing confidential data from its computers and threatening to expose it was sentenced to 30 months in prison.
Attila Nemeth, 26, will also serve three years of supervised release following his prison term, federal prosecutors said in a statement Friday.
Nemeth had previously pleaded guilty to charges of transmitting malicious code and attempted extortion, in U.S. District Court in Maryland.
According to court documents, Nemeth informed Marriott officials in November 2010 that he had gained access to the company's computers and had stolen proprietary information from its systems.
As proof, he emailed Marriott eight documents, seven of which were later confirmed to be proprietary company information. The stolen data included sensitive financial information.
An investigation by Marriott showed that Nemeth had planted two remotely controlled Trojans on the company's systems that allowed him access to other systems on the network. Nemeth gained initial access to the systems by getting a handful of Marriott employees to click on infected email attachments that he had sent to them.
Nemeth threatened to release the data he had stolen to Marriott's rivals or to its employees, or post it publicly if the company did not give him a job. His demands included a job based in Europe paying at least $150,000 annually, a hotel room in any hotel of his choice, free flights to wherever he wanted and the right to work whenever he felt like it.
In exchange, Nemeth said he would destroy the stolen data in two years.
"You fire your incompetent IT staff and hire me as an outside contractor to take care of your IT network security ," Nemeth write in an email. "After my new job works out for a couple of years all the docs I collected from your network going to wanish (sic)," he wrote.
A U.S. Secret Service agent, posturing as "Phillip Bender," a Marriott IT executive, established contact with Nemeth and engaged him in a discussion about a possible job in the U.S. Nemeth agreed to come to the U.S. for an employment interview with Marriott.
The agent, masquerading as the Marriott executive, interviewed the hacker. Nemeth, believing he was speaking with a Marriott executive, disclosed details of how he had gained access to the company's systems, and the location of the servers where the stolen data was stored.
The loss to Marriott as a result of Nemeth's intrusion was about $1 million in salaries, consultant expenses and other costs.
Anonymous Hacks FBI and Records Conference Call
Sunday, February 5, 2012
12 Thousand Websites Hacked By Teamgreyhat (TGH)
Hacktivist Teamgreyhat strikes again. This time it was really a big one. In this blow they have blown more than 12 Thousand websites. In dead this is the biggest attack ever done by TGH guys. According to TGH authority "this attack is just the trailer........ wait and stay tuned for the entire episode...." Also in their press release TGH has declared that their next target will be two high profile websites of India and they are Central Drug Research Institute (CDRI) & Bhabha Atomic Research Centre (BARC). Through this massive attack the hacker group also spreed their message and that is:-
#free education from the beginning to masters....or even more.
#free health (proper treatment)
Saturday, February 4, 2012
NASA and Pentagon Hacker - TinKode Arrested in Romania
Romanian police have arrested a man believed to be TinKode, the notorious hacker responsible for several daring, high-profile cyberattacks, including last year's breach of NASA's servers, Royal Navy, The European Space Agency and MySQL.com. The 20-year-old man, named as Razvan Manole Cernaianu, allegedly attacked Pentagon and NASA computer systems, revealed security holes, and published information about SQL injection vulnerabilities he had discovered, the Romanian Directorate for Investigating Organized Crime and Terrorist (DIICOT) said in a press release.
Friday, February 3, 2012
Syrian president’s e-mail hacked by Saudi hackers
A hacker based out of Saudi Arabia, identified as Salman Al Anzi, claims to have hacked the private email account of Syrian president Bashar Al Assad. He also hack a number of Syrian ministries, the Al-Arabiya TV Channel. The hacker threatened to reveal Assad's personal correspondence containing scandalous facts if the president doesn't meet his requirements.
Wednesday, February 1, 2012
Facebook sues Adscend Media for malware and spam
Facebook and the state of Washington have filed separate lawsuits against West Virginia-based Adscend Media LLC, alleging the company was responsible for spreading malware through Facebook and for stealing personal information from users of the social networking site.
The suits, filed in U.S. district courts in Santa Clara, Calif., and Seattle, respectively, contend that the defendants operated an advertising network that misled users into clicking on links that they thought would deliver certain types of content, such as videos or surveys, but instead installed malware on their systems and stole private information. The suits also claim that Adscend was aware and encouraged its affiliates to engage in this activity.
The Washington suit also alleges that the activity violates the state's Commercial Electronic Mail Act (CEMA) because Adscend aided its affiliates.
Tuesday, January 31, 2012
Embassy of Kazakhstan hacked by Anonymous Supporters
The official website of Embassy of Kazakhstan in Delhi having SQL injection Vulnerability, and Hacker with codename - Abs0luti0n has successfully Extract the database tables info and leak it on a pastebin note including Admin's Username and Password.
Monday, January 30, 2012
FBI will Monitor Social Media using Crawl Application
The Federal Bureau of Investigation is looking for a better way to spy on Facebook and Twitter users. The Bureau is asking companies to build software that can effectively scan social media online for significant words, phrases and behavior so that agents can respond.A paper posted on the FBI website asks for companies to build programs that will map sentiment and wrongdoing.
“The application must be infinitely flexible and have the ability to adapt quickly to changing threats to maintain the strategic and tactical advantage,” the Request for Information said, “The purpose of this effort is to meet the outlined objectives…for the enhancement [of] FBI SOIC’s overall situation awareness and improved strategic decision making.”The tool would be used in reconnaissance and surveillance missions, National Special Security Events (NSS) planning, NSSE operations, SOIC operations, counter intelligence, terrorism, and more.
Although the police, including in Britain, already use Facebook routinely to ascertain the whereabouts of criminals, automatically filtering out irrelevant information remains challenging. The new FBI application will be able to automatically highlight the most relevant information. The FBI is seeking responses by 10 February.
Universal Music Portugal database dumped by Hackers
Another Latest Tip come in my Inbox today about the leak of Database of Universal Music Portugal's website. Hacker did not mention his name,or Codename, But he enumerate the Database and Extract it by Hacking the Site.
100's of Tables from Database and Users Data has been leaked via a pastebin File. It includes the Usernames, Passwords and Emails ID's of Users of Site.
Immediate after the Hack, The Universal Group taken down the site for maintenance.
100's of Tables from Database and Users Data has been leaked via a pastebin File. It includes the Usernames, Passwords and Emails ID's of Users of Site.
Immediate after the Hack, The Universal Group taken down the site for maintenance.
Sunday, January 29, 2012
Zulu - Zscaler Malware Scanning Service
Zscaler has launched a new free online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses.
Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. "A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available," said Michael Sutton, vice president of security research at Zscaler. "While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down," he explained.
Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the VirusTotal multi-engine service, try to match a file's MD5 hash in Zscaler's database, search for known JavaScript obfuscation patterns and phishing heuristics, or use the company's malware detection technologies.
Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. "A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available," said Michael Sutton, vice president of security research at Zscaler. "While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down," he explained.
Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the VirusTotal multi-engine service, try to match a file's MD5 hash in Zscaler's database, search for known JavaScript obfuscation patterns and phishing heuristics, or use the company's malware detection technologies.
Saturday, January 28, 2012
FBI warning about Banking Trojan “Gameover”
Oh no!!FBI is warning of a banking trojan called "Gameover".No it doesn't have to do with video games, but it does have to do with the security of your bank!
Organized crooks have begun launching cyber attacks against banks and their customers as part of a smoke screen to prevent victims from noticing simultaneous high-dollar cyber heists. On Friday the FBI issued a warning about a banking trojan named Gameover. It’s a new variant of Zeus, a user credential stealing malware that targets online bank users. Zeus has been around for years, and every now and then a new version with a new twist pops up.
Gameover has also been implicated in Distributed-Denial-of-Service attacks that temporarily-disable bank websites to draw attention away from fraudulent transactions. Like another Zeus variant, Troj/BredoZp-GY, Gameover uses e-mail spam to propagate, and the safest way to keep Gameover away from your PC is to avoid links and file attachments that are contained in unfamiliar e-mail messages.
Interview With The Saudi Hacker Who Hacked and Leaked Million Israeli Credit Cards
Why would someone hack into a website and steal million credit cards and later leaks the credit card numbers without even using them? What was the intention, what was the goal? The Saudi hacker made his political point by doing what is known as biggest credit card hack in the history of hacking. We got a chance to talk with this 19-year-old Saudi hacker on skype. He calls himself ”0xOmar”.
Friday, January 27, 2012
US Top Government Security Website Hacked by Anonymous and Login Details Leaked
US Federal Trade Commission (FTC) website has been hacked and taken down by Anonymous hackers against MegaUpload crackdown. FTC website provides Internet security solution and advice to its consumers. Hacktivists not only left their ” We are Legion” message but also gained access to back-end MySQL database and ended up with leaking complete list of login details, consisting of password hashes on http://pastebin.com/mJWUDtGD. At the time I was writing this article, http://onguardonline.gov/ was down.
French President’s Website Hacked by Anonymous Hackers
Anonymous hackers have attacked again, this time the French president’s website has been hacked and taken down against the French support for Megaupload crackdown and for officially supporting the SOPA and PIPA legislation, this Friday. Anonymous left their official ”We are legion” message on the Presidential website. According to RT
Thursday, January 26, 2012
Hannibal Hacker, Exposes Another 1 Million Facebook Member Login Credentials – Claims The List Belongs to Arab World
Hannibal Hacker, who is known for leaking over 30,000 Facebook & Email Accounts two weeks ago, has hit back with another hack of 1 Million Facebook Member Login Credentials that according to him belongs to Middle East and Arabs across the globe.
Hannibal Hacker has posted a huge list of download links for over 1 million facebook and email passwords, which is available on PasteBin.
According to the hacker:
Anonymous Hacker’s Message to Congress on SOPA
Anonymous hackers had sent a message to congress on SOPA and PIPA legislation, though the message was sent in the end of 2011 but its effectiveness can be witnessed now, when Anonymous has done what they mentioned in their message to congress by taking down US and French government websites.
Wednesday, January 25, 2012
Microsoft launching Real Time Hosted Threat Intelligence Feed
Microsoft is to offer a real-time intelligence feed of botnet and e-crime data to public and private sector subscribers, according to security company Kaspersky. Currently, Microsoft is testing a real-time feed to distribute information collected from several sources on major botnets, including Rustock, Waldec and Kelihos networks.
Tuesday, January 24, 2012
Arab Facebook logins posted by Israeli hacker
In four separate posting on Saturday to the Pastebin website, an Israeil hacker calling himself Hannibal announced he had published emails and logins of 100,000 allegedly Arab Facebook users. He also made the data available on 14 other file-sharing sites.
According to a published report by an investigator who downloaded the data from the file-sharing sites, the number of stolen Facebook accounts is likely closer to 20,000.
URL redirection Vulnerability in Google & Facebook
An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.
A similar vulnerability is reported in Google by "Ucha Gobejishvili ( longrifle0x )". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.
Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=http://www.something.com
Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com
Impact of Vulnerability :
- The user may be redirected to an untrusted page that contains malware which may then compromise the user's machine. This will expose the user to extensive risk and the user's interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data.
- The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user's credentials and then use these credentials to access the legitimate web site.
Monday, January 23, 2012
Anonymous Attack on Brazilian Websites – Tangara da Serra City Website Hacked and Defaced
Anonymous hackers have hacked and defaced three Brazilian websites, One of Brazil’s federal district, second belongs to a famous Brazilian singer and the third one is Tangara da Serra city’s website in protest against the federal raid and shutdown of Megaupload.com.
Anonymous hackers have launched #OpMegaUpload against the American government and any government who supports the shutdown. Last week Anonymous hacked FBI and US Department of Justice website against the shutdown of Megaupload.
#OpMegaUpload – CBS Broadcasting Website Hacked by Anonymous Hackers
Data Stealing Malware on Internal Computer of Japan Space Agency
Japan Aerospace Exploration Agency (JAXA) announce that their computer has been infected with a virus, leading to a possible leak of data on its H-II Transfer Vehicle (HTV) the craft popularly known as Konotori that hauls cargo for the International Space Station (ISS). JAXA still isn't sure how the virus got on the computer, or who put it there.
Sunday, January 22, 2012
Wireless Penetration Testing Series Part 2: Basic concepts of WLANs
Wireless Penetration Testing Series Part 2: Basic concepts of WLANs
This blog post is in continuation of the Wireless Penetration Testing and Hacking series we started (Part 1: Getting Started with Monitoring and Injection) on the basis of the “SecurityTube Wi-Fi Security Expert” (SWSE) course which is based on the popular book “ Backtrack 5 Wireless Penetration Testing”.
In the third video, the instructor talks about some of the basic concepts of WLANs. We learn that communication over WLAN's happens over frames. There are mainly 3 types of WLAN frames which are Management frames, Control frames, and Data frames. These types of packets also have different subtypes . We learn that an SSID is a name given to an Access point or a network consisting of multiple Access points. We then learn about Beacon frames which are broadcast frames sent out periodically by Access point to broadcast their presence in the current RF (Radio frequency) vicinity. The instructor then starts wireshark and analyzes a beacon frame passing through the network. We learn that a beacon frame is of the type Management and of the subtype 0x08 which denotes that it is a beacon frame. We learn that the beacon frame has 2 types of Parameters (Fixed and tagged). The tagged parameters gives us a lot of information about the network, such as the SSID, the current channel at which the AP is residing, the Vendor specific tag and lots of other information. Everything in this frame is in plaintext, hence if an attacker has the capability to inject packets into the network, then he will be able to inject arbitrary beacon frames into the network or even spoof some of the legitimate Access points which may confuse the client. Same is the case for any type of WLAN frame. Hence all the clients in the RF vicinity will recognize this as a new Access point.
The instructor then gives a demo of the tool mdk3 (available by default in backtrack), which he uses to inject various beacon frames with different BSSID's onto different channels in the network. The tool constantly changes your MAC address to do this. The clients recognize this as a legitimate AP and shows it in it's list of available networks.
Saturday, January 21, 2012
Tit for Tat - Anonymous Hackers Brings Down FBI website for #OpMegaupload
Megaupload.com, one of the world's most popular sources of online piracy, has been shut down by a federal indictment issued Thursday, which seized and charged seven people connected with it with running an international enterprise based on internet piracy. Online piracy by the two companies - Megaupload Ltd and Vestor Ltd - generated more than $ 175 million in criminal proceeds and caused more than half a billion dollars in harm to copyright owners
Nigerian Army Education site hacked by Nigerian Hacktivists
Friday, January 20, 2012
More source code stolen, says Symantec
Symantec acknowledged this week that in addition to theft of source code for past versions of some if its security software, its own servers were breached in 2006. Previously, Symantec had claimed the theft of its source code had come only from third-party servers, but the company modified that statement after an internal investigation showed the company's own network was breached.
The latest announcement said that source code for Norton Antivirus Corporate Edition, Norton Internet Security, pcAnywhere, and Norton GoBack had been taken. This is in addition to the Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 that the company acknowledged two weeks ago. The two enterprise-class products were more than five years old, the company said. It did not indicate why some of the code was made public six years after the alleged theft took place.
Saudi hacker target Israeli stock exchange and National air carrier
Saudi cyber Hacker OxOmar struck again on Monday. This time disrupted the websites of Israel's stock exchange and National air carrier. Last week he had leaked private information about more than 400,000 Israelis. Credit card companies said around 25,000 numbers, some of them expired, had been posted. The pro-Palestinian group is referring to itself as “Nightmare.”
Thursday, January 19, 2012
DoD ID cards under attack
A pernicious virus that infects the middleware of smart card readers is attacking users of U.S. Department of Defense (DoD) and Windows smart cards. A variant of the Skyipot trojan, the malware uses a zero-day vulnerability in Adobe software to install a keylogger and obtain the PINs and certificate information from smart cards.
The trojan, first identified by Alienvault Labs, appears targeted at a particular type of application.
Cyber War : Another 7000 Israel credit cards Exposed on Internet
This week has began under worse auspices worse for Israel, which, despite its attention to the cyber threats posed by cyber-space, has been victim of a series of attacks that have checkmated the government of Jerusalem.
Kosova Hacker's Security Group of Hackers today claim to release another Another 7000 Israel credit cards on Internet. Last week xOmar from "group-xp" threatened the Israeli people by exposing millions of credit cards. After that Israel said that it will respond to cyber-attacks in the same way it responds to violent terrorist acts, by striking back with force against hackers who threaten the Jewish state.
Hacker will release full Norton Antivirus code on Tuesday
A hacker with code name of 'Yama Tough' announce via Twitter that on Tuesday he will leak the full source code for Symantec Corp's flagship Norton Antivirus software which is 1,7Gb src.
Last week Yama Tough has released fragments of source code from Symantec products along with a cache of emails. The hacker says all the data was taken from Indian government servers. Yama Tough is trying to prove that Indian government was snooping on America and China.
Wednesday, January 18, 2012
Imagine a World Without Free Knowledge : Wikipedia
What exactly is Wikipedia doing?
Wikipedia is protesting against SOPA and PIPA by blacking out the English Wikipedia for 24 hours, beginning at midnight January 18, Eastern Time. Readers who come to English Wikipedia during the blackout will not be able to read the encyclopedia: instead, they will see messages intended to raise awareness about SOPA and PIPA, and encouraging them to share their views with their elected representatives, and via social media.
What are SOPA and PIPA?
SOPA and PIPA represent two bills in the House of Representatives and the Senate respectfully. SOPA is short for the "Stop Online Piracy Act," and PIPA is an acronym for the "Protect IP Act." ("IP" stands for "intellectual property.") In short, these bills are efforts to stop infringement committed by foreign web sites, but, in our opinion, they do so in a way that actually infringes free expression while harming the Internet. Detailed information about these bills can be found here and here. The EFF has summarized why these bills are simply unacceptable in a world that values an open, secure, and free Internet.
Why is this happening?
Nothing like this has ever happened before on the English Wikipedia. Wikipedians have chosen to black out the English Wikipedia for the first time ever, because we are concerned that SOPA and PIPA will severely inhibit people's access to online information. This is not a problem that will solely affect people in the United States: it will affect everyone around the world.
Zappos a division of Amazon got Hacked
A notification mail from Zappos is circulating in Customers that a division of Amazon "Zappos.com" got Hacked by Unknown Hackers. Notification mail indicated that names, email addresses, mailing addresses, and the last four digits of customer's social security numbers have been compromised. Also the databases that contain sensitive billing information, such as credit card numbers, was not accessed by hackers.
According to messages from Zappos CEO Tony Hsieh to employees and customers:
Tuesday, January 17, 2012
400000 Israeli Credit Cards & Information Leaked by Saudi Arabia Hackers
Hacker named "0xOmar" from group-xp, largest Wahhabi hacker group of Saudi Arabia claim to Hack lot of Israeli servers, lot of information about Israeli people including their name, address, city, zipcode, Social Security Numbers (Israeli IDnumbers), mobile phone number, home phone number, credit card number (including exp year, month and CVV). According to announcements from the credit card companies, 6,600 of the stolen cards belong to Isracard Ltd., 4,000 to Leumi Card Ltd., and 3,000 to Israel Credit Cards-Cal Ltd. (ICC-Cal) (Visa).
Hacker says "We daily use these cards to solve our problems, purchasing VPNs, VPSes, softwares, renting GPU clusters, renting cloud servers and much more!". They Claim themselves as part of Anonymous hacking Group from Saudi Arabian. "my goal is reacing 1 million non-duplicate people, which is 1/6 of Israel's population." He said.
Monday, January 16, 2012
Wireless Penetration Testing Series Part 1: Getting Started with Monitoring and Injection
We had promised a while back that we would start a Wireless Security and Penetration testing series based on the SecurityTube Wi-Fi Security Expert (SWSE) course! This course is based on the popular and much appreciated book – “ Backtrack 5 Wireless Penetration Testing”, So here we go .
In the first two videos, the instructor gets us up and running with our lab setup – access points, victim and attacker machines, wireless cards etc. We then learn that there are 2 essential concepts which one needs to be aware of when dealing with security – ability to monitor and ability to actively prevent attacks.
For monitoring, we need to be able to put our wireless cards into “promiscuous mode” so that it can gather all the packets in the air. This is called monitor mode in wireless and we can do this by using a utility called airmon-ng. For active prevention, we need the ability to inject arbitrary packets into the air, this ability is called “packet injection”. In wireless, by using the right drivers and supported cards, we can create and inject custom packets into the air. We will revisit these concepts in later blog posts.
Sunday, January 15, 2012
International Conference on Cyber Security (ICCS) 2012 : Protecting the Cyber World
The FBI is teaming up with Fordham University for the International Conference on Cyber Security. It’s an effort to identify emerging cyber threats and develop ways to mitigate those threats. The ZeuS Trojan has infected almost 4 million computers in the United States alone. Financial losses due to the ZeuS Trojan are estimated at up to $60 million.
The third annual International Conference on Cyber Security: A White Hat Summit (ICCS 2012), a joint effort between the Federal Bureau of Investigation and Fordham University, brings together global leaders from law enforcement, industry and academia at Fordham’s Lincoln Center campus from January 9 through 12, 2012. The conference will include three days of lectures, panel discussions, sponsor presentations, exhibitions, and exceptional networking opportunities.
ICCS 2012, a four-day event features more than 65 unique lectures from keynote, distinguished, plenary and parallel speakers in the disciplines of Emerging Technologies, Operations and Enforcement, and Real Life Experiences. Also included are panel discussions, sponsor presentations, exhibitions and exceptional opportunities to meet and talk with some of the greatest cyber security subject experts in the world.
Register now for ICCS 2012 and receive the standard rate of $695.00. Registrations are handled on a first-come, first-served basis. For more information on confirmed speakers, registration, accommodations, schedules and presentations, we invite you to visit the official ICCS 2012 website at:http://www.iccs.fordham.edu.
The third annual International Conference on Cyber Security: A White Hat Summit (ICCS 2012), a joint effort between the Federal Bureau of Investigation and Fordham University, brings together global leaders from law enforcement, industry and academia at Fordham’s Lincoln Center campus from January 9 through 12, 2012. The conference will include three days of lectures, panel discussions, sponsor presentations, exhibitions, and exceptional networking opportunities.
ICCS 2012, a four-day event features more than 65 unique lectures from keynote, distinguished, plenary and parallel speakers in the disciplines of Emerging Technologies, Operations and Enforcement, and Real Life Experiences. Also included are panel discussions, sponsor presentations, exhibitions and exceptional opportunities to meet and talk with some of the greatest cyber security subject experts in the world.
Register now for ICCS 2012 and receive the standard rate of $695.00. Registrations are handled on a first-come, first-served basis. For more information on confirmed speakers, registration, accommodations, schedules and presentations, we invite you to visit the official ICCS 2012 website at:http://www.iccs.fordham.edu.
Subscribe to:
Posts (Atom)