Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Security News
Security News

Adobe Fixed 12 Critical Flash Vulnerability


Adobe released new Flash player version 11.1.102.55 to fix the number of critical vulnerabilities.  Update is available for Windows, Mac, LinuxSolaris and Android versions of Flash and Adobe Air.


Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.


Affected versions:
  • Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 11.0.1.153 and earlier versions for Android
  • Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android
Updated version  is available here.
Adobe AIR update version is available here.

"They are patching a ton of serious bugs today, and nearly all of them allow for remote code execution," said Andrew Storms, director of security operations at vulnerability management firm nCircle. He criticized Adobe for not offering any mitigation advice in their advisories, leaving users with only the option to patch.

"Sometimes we can't load your critical patches immediately," Storms said. "Any assistance you could offer would be much appreciated."
Read more »
Hackers News
Hackers News

Hackers Champions League Presented By Innobuzz & Voice of Greyhat



Hackers Champions League is Presented by Innobuzz Knowledge Solution & Voice of Greyhat (VOGH). This is 1st event ever conducted in India where the ability of hackers will be classified.  All the hackers around the globe can participate, show their skills, ability, potentiality & compatibility. The main aim of conducting Hackers Champions League (HCL 2011) is to enrich the Cyber Security because we believe that "Security Comes from You".
All the hackers, security researchers, Pen testers around the whole spectrum are invited to take part in this event. In HCL 2011 a participant have to submit his/her research papers. Our honorable judges panel will select the winners and the top 50 candidates will get exclusive gift from the organizer.

Some General FAQ:-

  • Who Can Take Part in HCL 2011?
Ans:- There is no basic criteria. Any one who think that he/she is eligible to enrich & contribute in the world of Hacking and Cyber Security can take part in HCL 2011.
  • What will be contents of Papers?
Ans:- Participants have to submit their own research with sufficient proof. The paper should be unique and compact.
Contents of The Paper:-
  • New Security Flaws 
  • Vulnerabilities
  • Exploits
  • Malware
  • Trojan,Stealer, Backdoors & Bots
  • Cryptography & Steganography 
  • Firewalls, IDS & Honeypots 
  • Reverse Engineering 
  • Captcha System 
  • Algorithm
  • Mobile Security (Android, i-OS)
  • Denial of Service (DoS) 
  • DNS Poisoning
  • New Cyber Attacks
  • Social Engineering
  • On-line Frauds
  • Web Vulnerabilities
  • Operating System
  • Wireless Security 

  • How to submit the paper?
Ans:- All the papers must be submitted to the following Email id
hcl@voiceofgreyhat.com
1. The name of the Author 
2. Content (Which he/she has selected from the above list)
3. Subject or Title of your research paper
4. Email-id 
5. Phone Number (Optional) 
6. Papers Must be on .pdf Format
7. Video Demonstration, PPT Presentation Can also be added 
  • What is the last date of paper submission?
Ans:- All the papers must be submitted on or before the 20th of December 2011
  • Who will judge the HCL 2011?
Ans:- Top information Cyber security experts around the globe, Security Researchers & Experts from Innobuzz.
  • What the winners will achieve? 
Ans:- The Winner of Hackers Champions League 2011 will be certified from Organizer & the winner will also get fully free Ethical Hacking training from Innobuzz (With Training Kits & Certificates)
The 2nd best participant  will be certified from Organizer & the winner will also get 80% discount on Ethical Hacking Training from Innobuzz (With Training Kits & Certificates)
The 3rd best participant  will be certified from Organizer & the winner will also get 70% discount on Ethical Hacking Training from Innobuzz (With Training Kits & Certificates)
The 4th best participant  will be certified from Organizer & the winner will also get 60% discount on Ethical Hacking Training from Innobuzz (With Training Kits & Certificates)
The 5th best participant  will be certified from Organizer & the winner will also get 50% discount on Ethical Hacking Training from Innobuzz (With Training Kits & Certificates)
Not only this but also other 50 participants will be certified from the Organizer and get handy discount in Ethical Hacking Training from Innobuzz.
  • Can I submit more than one papers? 
Ans:-  Yes you can. But the content should be different.


Organizer Message:-
Here we want to quote few lines which all the hackers around the world are very much filmier with.
"...This is our world now… the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore… and you call us criminals. We seek after knowledge… and you call us criminals. We exist without skin color, without nationality, without religious bias… and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.I am a hacker, and this is my manifesto...." (Hacker Manifesto)

We want to ask the world that do you still believe that hackers are criminals? In reality hackers are the those people who took full credits of the evolution of whole computer world. Because they are those guys who is pin pointing the flaws and giving alerts to rectify those and thus they are playing the key role in making a system stable, flaw less, user friendly. So they are not the criminals they are the heroes. So the older view should be changed and they deserve so.
So friends join HCL,make contribution show the world that what we are capable of, make history and contribute for Cyber Security and for the whole Digital World.

Read more »
Software Release
PenTesting Tools Software Release

w3af v1.1 released -Best framework for PenTesting Web Applications


W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plugins. In some ways it is like a web-focused Metasploit.

Changelog:
Considerably increased performance by implementing gzip encoding
Enhanced embedded bug report system using Trac's XMLRPC
Fixed hundreds of bugs
Fixed critical bug in auto-update feature
Enhanced integration with other tools (bug fixed and added more info to the file)

Download it from here:
http://www.w3af.com/

The software is listed in 18 th place in the Top Network Security Tool list .
Read more »
Spam Report
Malware Attack Spam Report

ACH Bank Transfer Refusal Scam leads to Malware Attack

 MX Labs reports that they recently intercepted a lot of emails that warned internauts of certain banks that didn't accept payroll payments or transfers , this scam comes with malware attachement.

The Email Scam with following subject:
  • ACH debit transfer was hold by Yolo Community Bank
  • ACH payroll payment was not accepted by Central Trust and Savings Bank
  • ACH Transfer was not accepted by Eldorado Bank
  • ACH debit transfer was hold by The Mechanics Bank
  • Funds transfer was hold by our bank
They spoofed the email address and send the following message:
Dear Madam / Sir,

I regret to inform you that ACH payroll payment initiated by you or on your behalf was not accepted by Central Trust and Savings Bank.

Transaction ID: 17036653478735
Current status of transaction: on hold

Please review transaction details as soon as possible.

Theodore Parham
Payments Administration
Central Trust and Savings Bank

"review transaction details" link leads to malicious page.  The malicious site ask you to download the adobe flash player with pop up message.  The file is 233kb and named as "Flash.exe".  if you guessed, yes It is malware.

Kaspersky detect it as Trojan-Spy.Win32.Zbot.coak and McAfee detects it as Artemis!C5D161117328.



Several Windows registry changes will be exectued and the trojan can establish connection with the IP 64.252.17.231 on port 11760.

At the time of writing, only 12 of the 43 AV engines did detect the trojan at Virus Total.
Read more »
Security News
Security News

Apple released iOS5.0.1 to fix iPhone 4S battery life bugs & Passcode Lock Bypass


Apple has today released its iOS 5.0.1 update (build 9A405) to address battery issues, add multitouch gestures to the iPad 1 and more. The update is now available in iTunes, and is also available over-the-air to existing iOS 5 users.

The fixes that are listed are:
  • Fixes bugs affecting battery life
  • Adds Multitasking Gestures for original iPad
  • Resolves bugs with Documents in the Cloud
  • Improves voice recognition for Australian users using dictation
But this update doesn't fix the vulnerability discovered by Security Researcher Charlie Miller. 

If you are ready to install iOS 5.0.1 on your iOS device,then connect the gadget to iTunes and hit the "check for updates" button. (Alternatively, head into your device's "Settings" menu, select the "General" tab, and tap the "Software Updates" option to download the update over-the-air.)

Changlog:


CFNetwork

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

Description: An issue existed in CFNetwork’s handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server.

CVE-ID

CVE-2011-3246 : Erling Ellingsen of Facebook

CoreGraphics

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution

Description: Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font.

CVE-ID

CVE-2011-3439 : Apple

Data Security

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia’s certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.

Kernel

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: An application may execute unsigned code

Description: A logic error existed in the mmap system call’s checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3.

CVE-ID

CVE-2011-3442 : Charlie Miller of Accuvant Labs

libinfo

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

Description: An issue existed in libinfo’s handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result.

CVE-ID

CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of Blocket AB

Passcode Lock

Available for: iOS 4.3 through 5.0 for iPad 2

Impact: A person with physical access to a locked iPad 2 may be able to access some of the user’s data

Description: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched.




Read more »
XSS Vulnerability
Hackers News Inj3ct0r Team Vulnerability Web Application Vulnerability XSS Vulnerability

XSS vulnerability found in myOpenID site by inj3ct0r Team


XSS vulnerability found in The Largest Independent OpenID provider "myOpenID"  ,Discovered by "SeeMe" - Member of Inj3ct0r Team.

Using this XSS vulnerability an attackers can do session Hijacking(stealing session ID). The session ID is very valuable because it is the secret token that the user presents after login as proof of identity until logout. If the session ID is stored in a cookie, the attackers can write a script which will run on the user's browser, query the value in the cookie and send it to the attackers. The attackers can then use the valid session ID to browse the site without logging in. The script could also collect other information from the page, including the entire contents of the page".



Poc is here.

To know more about XSS Vulnerability and risks
Read more »
Hackers News
Anonymous Hackers Hackers News

Anonymous launches #Op-Brotherhood Operation to destroy Muslim Brotherhood

 Anonymous hackers launched a operation called as "#Op-Brotherhood" to destroy Muslim Brotherhood in Egypt, claims Muslim Brotherhood is a threat to Egyptian revolution, plans a coordinated DDOS attack tomorrow(Nov 2011).

Anonymous released a YouTube video announcing an operation directed at the Muslim Brotherhood., starting with the Arabic Ikhwanonline.com

According to the announcement, the Muslim Brotherhood is a “corrupt” organization “bent on taking over sovereign Arab states in its quest to seize power.” The announcement goes on to compare the Muslim Brotherhood to the Church of Scientology, and declares the Brotherhood to be “a threat to the people.”

The official Youtube Video:


Anonymous official Message about the Operation:

Citizens of the World,

We are Anonymous.


Ever since its revolution that shook the world, Egypt has had its fate undecided. Predators who seek to control are waiting to strike at the right moment. They are waiting to take over the country and make it so that another revolution is impossible. We cannot allow this.


The Muslim Brotherhood has become a threat to the revolution Egyptians had fought for, some with their lives. They seek to destroy the sovereignty of the people of Egypt as well as other nations including the United States.

We will not allow this to happen.

The Muslim Brotherhood is a threat that must be dealt with.

This is not a threat towards the religion of Islam. The Muslim Brotherhood, as well as terrorist organizations affiliating with the religion, defiled and destroyed the very essence of what the religion preaches. Therefore, the Muslim Brotherhood does not represent the true ideas of Islam. In our collective, many of us are Muslim, yet we fight against the corruption in society and the injustice that comes with it.

Infused with its blatant, corrupt ways, the Brotherhood is now a threat to the people.

Therefore, Anonymous has decided to destroy the Muslim Brotherhood. We shall proceed to dismantle any form of its organization from the Internet. Nothing will stop us. We will show no mercy.

Operation Brotherhood Takedown, engaged.

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect Us.


Read more »
Software Release
PenTesting Tools Software Release

The Zed Attack Proxy (ZAP) v1.3.4 Released- Penetration Testing Tool

“The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.”

Official change log for ZAProxy 1.3.4:

Minor changes:
Issue 146 : Inverse regex on search plus fuzz match highlighting
Issue 202 : Option to turn off brute force recursion in ZAProxy
Issue 215 : Allow custom brute force files to be added easily. Also added the ability to set the default brute force file.
Issue 217 : Invoke apps – add support for cookies and post data params
Issue 218 : Allow users to easily add their own fuzzer files. Also added the option to append the output to a Note related to the relevant entry.

Some of ZAP's features:
  • Intercepting Proxy
  • Active scanner
  • Passive scanner
  • Brute Force scanner
  • Spider
  • Fuzzer
  • Port Scanner
  • Dynamic SSL certificates
  • API
  • Beanshell integration 


Read more »

eHackingNews got google Pagerank 2

Happy news to EHN!, we got google Pagerank 2. The google pagerank was updated on November 8,2011, just two days before. 

If you haven't notice, Check your pagerank now. 

Thank you for your support.
Read more »
Malware Report
Malware Report

Encrypted Malware inside JPEG Image file - New method by malware writers




Dmitry Bestuzhev @KasperskyLab discovered a new type of malware infection method. He found the Encrypted malware is hidden inside the JPEG image file(it hash BMP file structure). After further analysis, he found that attacker used Block Cipher method.

This is what the malicious program looked like after decryption:



By using this technique, the virus creators kill several birds with one stone.
  • Firstly, it may cause automatic malware analysis systems to function incorrectly: the file would be downloaded and analyzed by the antivirus program, and given the all-clear; with time the link will be exempted from checks altogether.
  • Secondly, the administrators of the sites where such encrypted malicious files are hosted won’t be able to identify them as malicious and will leave them as they are.
  • Thirdly, some malware researchers may not have the time or necessary expertise to deal with them. All of this plays into the hands of the cybercriminals.

This is the decryption script for the current status:

Read more »
DDOS Attacks
Cyber Crime DDOS Attacks

Fujitsu computer system run by Japanese local governments Under cyber Attack


A web-based application system run by electronics giant Fujitsu and used Japanese local governments under cyber Attacks that disabled Fukuoka city services page.

The Web application system, developed to enable local residents to request official certificates and documents on the Internet, was paralysed twice on Wednesday afternoon, a Fujitsu spokesman said.

The company, which investigated the cause of the defect, found the system had been overwhelmed by a massive flow of accesses released from abused IP addresses, Fujitsu spokesman Takashi Koto said.

After resuming the system early Thursday, however, the system froze again twice due to attacks from different foul addresses, Koto said.

"They were DoS (Denial of Service) attacks," Koto said. "We shut down accesses from the identified IP addresses, but more cyberattacks are possible from other addresses."

The system is used by 10 prefectures, including southwestern Fukuoka, the spokesman said.

About 200 local governments of prefectures, cities, towns and villages are linked to the system to provide public online services.
Read more »
Subscribe to: Comments (Atom)