Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Hackers News
Cyber Crime Hackers News

Message from the 'Unknowns' Hackers group

The hackers group 'Unknowns' who took credit for hacking the NASA, US Air Force, ESA and more sites , published a press release about their attack. Hackers claimed they are not affiliated with Anonymous.

"we are not against the American government.We can not call ourselves White Hat Hackers but we are not Black Hat Hackers either  " Hackers said in the pastebin release.


These sites are important, we understand that we violated the victims and we're sorry for that - we are about to email them all the information they need to know about the penetrations we did.

We still think we have helped them, because now they know that their security is weak and that it should be fixed.

We wanted to gain the trust of others, people now believe us, we get many emails from people we never knew, asking us to their website to check for safety and that is what we want to do.

Our goal was never to hurt anyone, we want this whole internet world more secure, because, simply, it's not and we want to help.
We do not want revolutions, we do not want chaos, we just want to protect the people out there.

Websites are not protected, people are not protected, computers are not secure, nothing is ...
We are here to help and we ask nothing in return.
And now, we are pleased to inform you that most of the links we used to penetrate the database threw his patched. This is exactly what we wanted. This is what we want.
For all our fans out there, thank you, help us spread the word, help us to this internet world more secure.
Greetings.
The unknowns.
Read more »
WordPress hacks
Security News WordPress hacks

WordPress Automatic update won't help in cleaning malicious files


Cyber criminals compromise more than 1000 wordpress websites and modified the Automatic update features , redirect visitors to malicious sites,e-commerce sites or low quality PPC search result aggregators.

Hackers managed to compromise the 'wp-admin/includes/update.php' file and modified the 'wp_update_core' ,which is used by the WordPress Automatic Update feature.

 This function checks for available updates ,downloads new files and replace the old files in order to complete wordpress upgrades. When malicious code in the 'wp_update_core' function begins to work. It reinfects the just-updated and new wp-settings.php file.

"So if you thought that WordPress upgrade could only make you blog more clean – you were wrong. If your blog was infected before the upgrade and hasn’t been completely cleaned up, the upgrade itself may even reinfect files that were clean before the upgrade" Denis Sinegubko, the founder of the helpful Unmask Parasites website said.

"Manual upgrades and upgrades via SVN are still completely safe. By the way, not only are SVN updates safe but they are also nearly as simple as automatic updates (one simple command) and provide built-in integrity control, so you can easily identify all changed and potentially infected code WordPress files and have them reverted to their original state." he concludes.
Read more »
DDOS Attacks
Anonymous Hackers DDOS Attacks

Anonymous hackers ddos Mexican Tv site :"We want to debate"

The site of the Grupo Salinas was taken down with a distributed denial-of-service (DDOS) attack after the company’s chairman Ricardo Salinas Pliego posted a message on Twitter in which he revealed that the first presidential debate would not be broadcasted.

According to Vanguardia, Salinas refused to allow the transmission of the debate on Azteca TV, a station he owns.

“If you want debate, watch it on Televisa, if not, watch football on Azteca. I will give you the ratings the next day,” Salinas wrote.

In response, Anonymous hackers said, “If that stubborn @RicardoBSalinas doesn’t want to understand, maybe we can convince him.”

Starting with the evening of May 1 and until the early hours of the next day, the official site of Grupo Salinas was inaccessible to visitors. Currently, it appears to be working normally.

source : softpedia.
Read more »
Vulnerability
Featured Vulnerability

PHP-CGI vulnerability leads to Remote Code Disclosure and Execution


Dutch Security experts accidentally find a dangerous PHP-CGI vulnerability that could allow an attacker for command execution and source code disclosure.

Researchers found this vulnerability while playing the Nullcon CTF. The found that giving the query string ‘?-s’ somehow resulted in the “-s” command line argument being passed to php, resulting in source code disclosure. After further analysis, they revealed that the bug has been around since 2004.

"as long as your exploit contains a urlencoded ‘=’ character it will bypass the new checks" Researcher said.

The vulnerability has been discovered in January, 2012, researchers informed to the PHP a few days later. In early February, CERT was also informed of the bug’s existence and PHP has been working on a fix ever since.

On May 2, CERT told the experts that PHP needed more time to address the issue and they agreed to hold off its publication, but apparently, someone made a mistake and erroneously posted the bug details on Reddit.

Normally, they would have allowed PHP to do its work and fix the weakness, but because of this incident De Eindbazen decided to come forward and make it public.


"We’ve tested this and have confirmed that the query parameters are passed to the php5-cgi binary in this configuration. Since the wrapper script merely passes all the arguments on to the actual php-cgi binary, the same problem exists with configurations where php-cgi is directly copied into the cgi-bin directory. It’s interesting to note that while slashes get added to any shell metacharacters we pass in the query string, spaces and dashes (‘-’) are not escaped. So we can pass as many options to PHP as we want!" researchers said in the PHP-CGI advisory CVE-2012-1823 vulnerability.

The flaw affects only classic CGI, FastCGI servers not being vulnerable.
Read more »
Security Breach
Breaking News Security Breach

Hackers blackmails Belgian Bank threatening to release customer data

Hackers claimed that they have managed to gain unauthorized access to the servers of Elantis, a Belgian credit card provider owned by Dexia. Hackers demand that the bank pay them €150,000 (US$197,000) before May 4, or they will make the customer data they obtained public.

Hackers also leaked sample data from Elantis’ database, including loan applications featuring full names, job descriptions, ID card numbers, contact information and income details in order to prove the unauthorized access.

“In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain Internet loan applications, as well as fully-processed applications. Those tables hold highly-sensitive data such as the applicants' full names, their jobs, ID card numbers, contact information and details about their income,”Hackers said in the pastebin release.

The hackers claimed that this is not blackmail. Instead, the bank has to pay what they call an “idiot tax” for leaving sensitive data unprotected on a web server.

“The only question that remains now is this -- After they carelessly treated their clients' data, will Dexia act to prevent their clients' data from being published online, or is their clients' confidentiality worth less to them than EUR 150,000?” Hackers explained.

The Elantis Web site is currently unavailable after the bank disconnected its server in the wake of the attack.

Dexia has yet to respond to a request for comment but a spokeswoman told Reuters (Dutch language) that Elantis will not give in to blackmail, the police have been called in and any data stolen could not be used to commit fraud.
Read more »
DDOS Attacks
Cyber Attacks Cyber Crime DDOS Attacks

Hackers take down the SOCA site with DDOS attack

The United Kingdom's Serious Organised Crime Agency (SOCA) has confirmed that its websites has suffered distributed denial of service attack(DDOS). As the result of attack, the website has been down since last night.

A SOCA spokesperson told TechWeekEurope that the website was taken offline at approximately 10pm on Wednesday, but that there was no security risk for the organisation.

"The reason we take it down is to prevent and limit any impact on the clients hosted by our service provider. Clearly the things we’d like to stress are that the SOCA website contains only publicly available information, it does not provide access to operational material."

"DDoS attacks cause a temporary inconvenience to website visitors, they don’t impose a security risk to the organisation. We will monitor the situation and put the site back up when it is appropriate to do so."
Read more »
Malware Report
Exploits Malware Report

The Institute for National Security Studies (Israel) website serves Poison Ivy RAT


The official website of Institute for National Security Studies (INSS) website in Israel was injected with malicious code, warns Websense security researchers.

Interestingly, the injected code try to exploit the same Java exploit vector (CVE-2012-0507) that managed to infect around 600,000 Mac users in a massive scatter attack dubbed Flashback a few weeks ago.

When a user visit the website, the injected malicious Javascript code loads a Java exploiter. The injected code shown below consists of a "document.write" function call that uses decimal-encoded string characters to hide the exploit URL. Once decoded, it redirects user to exploit page.



The exploit page hosts a 'test.jar' file that exploits of the well-known Java vulnerability CVE-2012-0507.

After analyzing the contents of the Jar file, researchers found that it was generated by the Metasploit toolkit, holds the vulnerability CVE-2012-0507. A variant of Poison Ivy RAT is automatically installed on the victim's computer after a successful java exploitation.
Read more »
XSS Vulnerability
XSS Vulnerability

JustDail,In.Com, rediff, Ebay and other sites vulnerable to xss


A hacker call himself as "5p1K3 BO7" found Cross site scripting vulnerability in some high profile sites. The list of vulnerable sites includes Airtel, Ebay, Jusdial ,rediff and NavBharatTimes .

Also he found xss vulnerability in the following sites: rovio.com ,moneycontrol.com,In.Com,Reliance site,m.mytatasky.com ,dinaralert.webs.com and domestichotels.yatra.com.
Read more »
Security Breach
Breaking News Cyber Crime Security Breach

eUKHost hacked by Pakistani hacking team UrduHack

Hacker gained access to Webhosting firm eUKHost's billing system. According to The Register report, the Pakistani hacking team 'UrduHack' is one responsible for the security breach. The company post a notification about the security breach on April 28.

"Although the method of the compromise remains unclear, we can confirm that an administrator level login was compromised and an IP address added to an allow list to allow a successful login."

As the result of this security breach, the firm moved its billing system to a new server and changing the encryption algorithm used for both staff members logins and client data.

"After deeply investigating the server this breach occurred on we wish to reiterate that there is no evidence of data being copied or accessed on a wide scale."John Strong , Managing Director at eUKhost Ltd said.

"However, we still encourage clients to change their passwords. Those who are found to have a working password as per our billing system will have their password automatically changed and forwarded onto you. "
Read more »
Database Leaked
Database Leaked

"The Unknowns" Hackers group hacked NASA, US Air Force, ESA, and Others

A hacker group called “The Unknowns” claimed that they hacked NASA, US Air Force, ESA, and Others high profile sites. They leaked documents in pastebin that allegedly proves they managed to gain unauthorized access to those sites.

The list of targets includes the Bahrain Ministry of Defense, Thai Royal Navy, a subdomain owned by car manufacturer Renault, Harvard University, French Ministryof Defense, Jordanian Yellow Pages, European Space Agency (ESA), US Military’s Joint Pathology Center, NASA’s Glenn Research Center and the US Air Force.

"Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the vulnerabilties we found will be patched and that's what we're actually looking for." Hackers said in the pastebin leak.


"We're ready to give you full info on how we penetrated threw your databases and we're ready to do this any time so just contact us, we will be looking forward for this."


To prove their findings, the hackers have made public a number of screenshots, along with large amounts of information obtained from the breached sites. The data dumps include usernames, passwords (some of which in clear-text), and other info taken from the various sites.
Read more »
Malware Report
Malware Report

Flashback Trojan earns its Masters 10,000 per day from Google Ads

Recently,Symantec researchers analyzed the notorious Flashback Trojan sample in order to find the cybercriminal's motivation for launching this malware attack.

According to Symantec researchers, the malware's ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser.

According to Symantec researchers, the Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser.

Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click . (Google never receives the intended ad click.)

"The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to the malicious server," experts explained.

This request is specially crafted in order to thwart researchers' attempts to investigate the URL.

"Ad-clicking Trojans are nothing new and in an analysis of W32.Xpaj.B last August a botnet measuring in the region of 25,000 infections could generate the author up to $450 per day," point out the researchers.

"Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10000 per day," they concluded.

Read more »
Subscribe to: Comments (Atom)