Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Hackers News
Anonymous Hackers Antisec Hackers News

Israeli military, intelligence sites down after 'Anonymous' threat ~ #AntiSec



Israel's army, website, internal Shin Bet security service, and Mossad spy agency could not be accessed on Sunday. It could not be confirmed that Anonymous was responsible.An Israeli army spokesman said it was a "strange coincidence" but he could not confirm that hacking was responsible.

Israeli military, intelligence sites down after 'Anonymous' threat The Israeli army and intelligence agencies' websites were offline on Sunday, two days after hacker group Anonymous warned it would "strike back" for Israel's capture of Gaza-bound ships on Friday.

Anonymous, a network of online activists who have attacked government and financial websites around the world, released a statement Friday warning that the group would take action against the navy's seizure of two ships aiming to break Israel's blockade on the Gaza Strip.

"Your actions are illegal, against democracy, human rights, international, and maritime laws," the statement addressed to the government of Israel and posted on Youtube and Anonymous-affiliated sites said.

"Justifying war, murder, illegal interception, and pirate-like activities under an illegal cover of defense will not go unnoticed by us or the people of the world."Websites for Israel's army, internal Shin Bet security service, and Mossad spy agency could not be accessed on Sunday. It could not be confirmed that Anonymous was responsible.

source:
https://www.facebook.com/unitedanonnews

Read more »
Software Release
Encryption Tools Security Tools Software Release

VanishCrypt -Virtual Encryption Tool Developed by SecurityLabs


SecurityLabs released VanishCrypt as a freeware,a Virtual Encryption Tool that used to lock your Confidential Data in Virtual Disk(like TrueCrypt). The Developer said it is completely inaccessible without correct password. This application stores the files with strong CryptoAPI.

It supports the following Operating System:
Win9x, WinNT, Win2000, WinXP, WinVista and Win7 and Linux under wine.

Additional Features:
  • It have "Advanced Mode" with you can create a real virtual drive accessible in Explorer that contains your files stored in the vdisk image.
  • It uses Win32 API for I/O operations for a great speed improvements

Download from here.

Video Demo:
Read more »
Malware Report
Kaspersky Malware Attack Malware Report

Duqu is an upgraded version of Stars, Spyware that infected Iran


One of Best Antivirus firm ,Kaspersky enabled protection against the infamous Duqu worm.  Now it detects all version of Duqu.  Kaspersky's Developers Successfully updated the kaspersky to detect Trojan.Win32.Duqu and all other Trojans that exploit the CVE-2011-3402 vulnerability.

Recently, the Duqu Trojan became infamous that successfully exploit the Zero-Day Vulnerability. You can get more information about the malware here.

Following that, Organization start to give protection against the Duqu Trojan. NSS Labs released Anti-Duqu tool.

Also Microsoft issued a temporary fix for this vulnerability.

Duqu is Upgraded Version of "Stars" Malware in Iran:
The Research at Kaspersk's Lab unveils additional information about the Duqu worm.  As the result of their investigation, Duqu is first spotted as "Stars" Malware(a malware created to spy on Iran's nuclear system). 

April 2011(this year), Iran announced that they were under cyber attack with Malware named as "Stars" . Kaspersk researchers confirmed that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file.

According to analysis by IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of "Stars".

Read more »
Web Application Vulnerability
DDOS Attacks DDOS Tools Hackers News Server Compromise SSL Hacks Vulnerability Web Application Vulnerability

SSL Certificate Authority KPN stopped issuing certificates

SSL(Secure Socket Layer) Certificate Authority , KPN stopped issuing certificates after the detection of DDOS Tool on Server.  KPN is Netherlands based SSL certificated provider.  They found DDOS tool on their server during the Security Audit, the tool may have been there for as long as four years.
"Although there is no evidence that the production of the certificate is compromised, can not be completely excluded that this did happen. Therefore, KPN Corporate Market (formerly Getronics) decided the application and issuance of new certificates temporarily discontinued, pending further investigation. This is to ensure that the certificates be issued optimal procedure is safe and reliable.

KPN has replaced the web servers. An additional, independent investigation takes place to ensure that KPN complies with the required safeguards, procedures and rules applicable to the issue of Internet safety certificates. Interior Ministry and Logius, agency e-government, are closely involved in the processA."  Said in official statement,translate to english.

Previously, Another Dutch Based Certificate authority, DigiNotar compromised by unknown attacker,issuing a huge number of fraudulent, but valid, certificates for high-value domains, including some belonging to Google, Yahoo, the CIA and others. This results in DigiNotar went out of Business and KPN get new customers from DigiNotar. But now KPN Server is Breached.

KPN has replaced the web servers. An additional, independent investigation takes place to ensure that KPN complies with the required safeguards, procedures and rules applicable to the issue of Internet safety certificates. Interior Ministry and Logius, agency e-government, are closely involved in the process.


Read more »
Software Release
Hacking Tools PenTesting Tools Social Engineering Tools Software Release

The Social-Engineer Toolkit (SET) v2.3 “Eclipse” released by SecManiac


SecManiac released The Social-Engineer Toolkit (SET) v2.3 with code name "Eclipse".  It is open source tool , written in python, solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

The SET is designed to make complex social engineering tasks relatively simple for you by allowing you to utilize a robust framework for penetration tests.


The official Changelog below:

~~~~~~~~~~~~~~~~
version 2.3
~~~~~~~~~~~~~~~~
  •  fixed a bug that would not load the menus properly when loading SET (bad return placement)
  •  fixed an annoying bug that has been around for a number of versions, finally tracked down..some occasions where it would show “Moving payload to website”, you couldn’t control-c out to exit and would have to close the console window. This has been resolved.
  •  rewrote shellcodeexec again to evade AV
  •  added the shellcodeexec.c modified source code
  •  removed improper way to mask error messages through 1> /dev/null and 2> /dev/null, pipe information through subprocess.PIPE instead
  •  fixed a bug in fast-track with the mssql bruter where if using the SET interactive shell, it wouldn’t spawn the HTTP server properly due to to site.template and attack.vector files not being found. Added better granularity on detecting files and setting defaults if its not found
  •  adjusted the repeater time to 2 seconds versus 3
  •  added additional passwords found in pentests to the wordlist
  •  removed excess code from setcore
  •  moved Signed_Update.jar that is generated through Java Applet attack it now goes through src/program_junk versus src/html
  •  rewrote large portions of SET to place cloned websites and files under src/program_junk/web_clone versus src/webattack/web_clone/site/template
  • added new config option for OSX/LINUX payload ports and removed the automatic prompt after generating metasploit payload if you want to target OSX/Linux. It will automatically target Linux/OSX and removes another prompt in setting everything up
  • added additional stability to powershell injection, it is now enabled by default. If powershell is injected, it will send a payload straight through memory versus touching disk. Note that you may get two shells back. This is intentional as its a failsafe if the one method fails through powershell. So regardless, if the powershell injection fails to compromise, the backup dropper will still execute
  • bug fix in mssql.py where it would throw an error about not finding the proper payload in the fasttrack mssql bruter
Read more »
Zcompany Hacking Crew
Hackers News Zcompany Hacking Crew

India's No.1 Music Company and Police site Hacked by ZHC

A Hackers Group named as "Zcompany Hacking crew" hacked India No.1 Music companies.  They also hacked police website and some other Indian websites.

India's NO.1 Music Company

http://tseries.com/index.asp
http://mobiles.tseries.com/default.aspx
http://tseriesnew.hungamatech.com/index.asp
http://webstore.tseries.com/index.asp

Indian Police

http://indiapolice.in/

Other Indian Websites
http://10kclub.org/
http://1upresellerhost.com/index.asp
http://aalok.com/
http://adarshcooperative.com/

The full list can be found here:
http://pastebin.com/AMDt86yS
Read more »
Server Compromise
BlackHole Exploit Cyber Attacks Server Compromise

Hackers breached MIT Server to launch cyber attack on other sites


Hackers Compromised MIT(Massachusetts Institute of Technology) Server in order to launch cyber attack on other sites.

"One MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites," BitDefender Researchers said.

The malicious script searched for vulnerable installations of phpMyAdmin, a popular Web-based database administration tool.

PHPMyAdmin is used by web developers and site administrators to connect and perform specific SQL operations over the web, such as creating, reading, updating and deleting information from the database. Our information shows that the vulnerable versions of PHPMyAdmin range from 2.5.6 to 2.8.

Once it find vulnerable version of phpMyAdmin , it launch SQL Injection attack to gain admin privileges. If the website is successfully compromised, the crawler leaves behind foler called "muieblackcat"- a mutex that acts as a mark of infection(Blackhole Exploit Pack).

BitDefender said that it tried to alert MIT about the security breach on their server, but received no reply.

According to BitDefender report the server is still online, but no longer attack any sites ." As a top level reliable domain, .edu is primarily used by educational institutions in America and other trustworthy organizations. A trackback from such a domain is a vote of confidence for an article, a blog, an entire site, or even an institution. In short, an infrastructure the size of MIT.edu is not only guaranteed to have huge bandwidth to carry thousands of malicious requests per second, but is also a good way to evade firewalls that obviously accept traffic from MIT.edu as legit." Doina Cosovan,BitDefender VirusAnalyst.


Read more »
Security News
Anti Malwares Hackers News Malware Attack Malware Report Security News

Anti-Duqu available for free, 100% Accurate detection of Duqu


Duqu(similar to Stuxnet) is notorious worm that exploit Windows Zero-day Vulnerability.  Microsoft released temporary fix yesterday for this vulnerability .  NSS Labs claimed that they developed very accurate Duqu detection tool , available for free .

This tool detects all DuQu drivers installed on a system.  This tool was developed in the hopes that additional drivers can be discovered to allow us to learn more about the functionality, capabilities and ultimate purpose of DuQu.

According to the test, NSS tool Success rate is 100%, zero false positivies. Developers said it is using advanced pattern recognition techniques, it is also capable of detecting new drivers as they are discovered. 

Two new drivers were discovered after the tool was completed, and both were detected by the NSS tool with no updates required.
 
Read more »
Hackers News
Anonymous Hackers Anonymous Mexican Hackers News

Mexican Anonymous wins victory in drug cartel fight

Mexican Anonymous wins victory in drug cartel fight, The Anon who had been kidnapped last month by the Zetas has been released. However, unofficial Anonymous spokesman Barrett Brown says he may yet share an alleged 25,000 Mexican government emails containing the names of Zetas members and associates.


The Anon who had been kidnapped last month by the Zetas has been released, although it appears that the Zetas concerned did not know that the individual was the Anon whose release had been demanded by those who instigated #OpCartel. As such, no bargain has been fulfilled,", says BarrettBrown.

"[The freed Anonymous member] said "If Anonymous unveils any name related to the cartel, the family of the kidnapped Anonymous member will suffer the consequences. For each cartel name revealed, 10 people will be put to death."

Friday morning, Brown changed his tune after he apparently received more information.

"As is now widely known, the kidnapped Anon was indeed known to the Zetas as such, contrary to my reports from last night, during which I was only in sporadic communication with the person's friends. As the Zetas left a note with the person threatening to kill ten civilians for every name published, none of us will be proceeding with those particular names. Nonetheless, several of the 25,000 e-mails are being sent to Der Spiegel for confirmation, and in the meanwhile I will be going after other cartels with the assistance of those who have come forward with new information and offers of assistance." Updated by BarrettBrown.

Report from Pastebin:
http://pastebin.com/XZRpjUZq
Read more »
XSS Vulnerability
Govt Hacked Vulnerability Web Application Vulnerability XSS Vulnerability

White House Government Site vulnerable to Persistent XSS


The Security Researchers from Vulnerability-Lab, Alexander Fuchs (F0x23) & Benjamin Kunz Mejri (Rem0ve) discovered the Persistent XSS Vulnerability in Official website of White House(Government site).

This vulnerability allows attacker to inject malicious codes on web application. The successful exploitation of the vulnerability may results in hijacking of user,admin or backend sessions, manipulation of profile content,redirect to any malicious sites, defacement & can lead to malware infiltration via petition.

Vulnerability Details:
  • Vulnerability: XSS(Persistent)
  • Alert: Critical
  • Status: Fixed(Researcher said fixed on 2011-11-04,But still demo page is active).
  • Website: http://www.whitehouse.gov/
  • Site Category: Government
Vulnerability Demo:
https://wwws.whitehouse.gov/petitions/!/petition/security/WxgwM7DS

XSS Report:
http://vulnerability-lab.com/get_content.php?id=308

Read more »
Hackers News
DDOS Attacks Hackers News

DDOS attack on French rugby fan site ,Hackers mistake


Hackers mistakenly launched DDOS attack on French rugby Fan site(allezdax.com) believing it is related to the German stock exchange, the site is unavailable for two weeks. Meanwhile the hackers' intended target, the German stock exchange (DAX) website remained up and running as normal.

According to the Admin , a supporters' site for the second division side Dax in the south-west of France, the attackers believed they were linked to the DAX, Germany's blue-chip stock market index.

The administrator,Stéphane told France Bleu Gascogne radio station that hackers had "insulted us copiously in German". He added: "I only have one thing to say to them: leave us alone!"

The normal visitors are range from 700 but it reached 80,000 results in Denial of service.

This site is now back to online. "Having been attacked full-on by a young, spotty Teuton, the site is back with more security," the site's homepage said.
Read more »
Subscribe to: Comments (Atom)