Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

The Unknown
Breaking News The Unknown

The Unknown hacked State of Rhode Island Site


The Unknown hacker collective claims to have unauthorized access to the official website of State of Rhode Island.

"Just protect your site, nothing else to say. I will forgive you this time; no sensitive data will be displayed... " The Hacker said in the paste.  "The Unknowns are ready to help you if you want so, just contact us at: the_unknowns@live.com"

To prove the unauthorized access, hackers leaked the Database details and some other information on several companies.

Hacker also discovered Cross site scripting vulnerability in U.S. DEPARTMENT OF COMMERCE(mbda.gov) and Lawrence Livermore National Laboratory(www.llnl.gov)
Read more »
Database Leaked
Breaking News Database Leaked

Host Gator Hacked by S3rver.exe

The systems of Host Gator, a company that hosts over 8 million domains, have been breached by s3rver.exe. The hacker described the attack in a Pastebin document.

By leveraging a post cookie injection present on the site’s tickets subdomain, he managed to obtain the administrator’s password. Then he uploaded a shell that allowed him to gain access to the domain files of hostgator.com.

The data dump doesn’t seem to contain any sensitive information, but it shows that he has possessed access to certain restricted areas.

After the next phase, which s3rver.exe described as being a man-in-the middle attack, he contacted a member of Host Gator’s support team, asking him why the tracking.hostgator.com domain is down. The technician confirmed that for some reason there appeared to be “an issue on the server.”

At press time, the files uploaded by the hacker onto the tracking subdomain were still there.

source:softpedia
Read more »
Malware Report
CA Hacks Featured Malware Report

'Flame' worm signed with Microsoft Certificate

Microsoft released an emergency Windows update after revealing that one of its trusted digital signatures was being abused to sign the Flame malware that has infected computers in Iran and other Middle Eastern Countries.

These unauthorised digital certificates allowed the Flame developers to make the malware appear as if it was actually created and approved by Microsoft.

"As soon as we discovered the root cause of this issue, we immediately began building a update to revoke the trust placed in the 'Microsoft Enforced Licensing Intermediate PCA' and 'Microsoft Enforced Licensing Registration Authority CA' signing certificates." The TechNet blog post reads.

Here are the thumbprints of the certificates to be placed in the Untrusted Certificates Store.

Certificate Issued by Thumbprint
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08
Microsoft Enforced Licensing Registration Authority CA (SHA1) Microsoft Root Certificate Authority fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97

For further information, read this TechNet blog post.

Read more »
Malware Report
Breaking News Malware Report

PowerPoint file exploit Flash Vulnerability (CVE-2011-0611)

Trend Micro researchers have come across a malicious power point file that contains an embedded Flash file, which exploits the Flash Player vulnerability (CVE-2011-0611) to drop a backdoor onto users’ systems.

Once user open the .ppt file , it drops a 'Winword.tmp' file in the Temp folder by exploiting the flash vulnerability. Simultaneously, it also drops a non-malicious PowerPoint presentation file “Powerpoint.pps”, tricking users into thinking that file is just your average presentation file.

The 'Winword.tmp' is a backdoor that connects to remote sites to communicate with a possible malicious user. It is also capable of downloading and executing other malware leaving infected systems susceptible to other, more menacing threats such as data stealing malware.

Trend Micro security solutions detect the PPT file as TROJ_PPDROP.EVL and the dropped backdoor file as BKDR_SIMBOT.EVL.
Read more »
Silent Hacker
Silent Hacker

100 more Sites Hacked and Defaced by Silent Hacker

A hacker called as 'Silent Hacker' hacked more than 100 websites and defaced them.

Here is the list of hacked sites:
http://asyrafmarketer.com/
http://auly.co.cc/
http://azreen.com/
http://c-onweb.com/
http://dynamicconceptjb.com/
http://ekursus-affiliate.com/
http://emelmatik.com/
http://galerikahwin.com/
http://gedungsihat.com/
http://gempakcyber.com/
http://geriknet.co.cc/
http://iklanextra.co.cc/
http://www.impianrealiti.com/
http://jayen.com.my/
http://josephbiz.com/

The full list can be found here:
http://tinypaste.com/44946f6e
Read more »
Zer0Pwn
Database Leaked Zer0Pwn

University of Washington & Philadelphia sites hacked by Zer0Pwn

The Hacker group known as "Zer0Pwn" breached two university websites and leaked database details in pastebin. The site belong to University of Washington (www.washington.edu) & The University Philadelphia(www.philau.edu) has been hacked.

Hacker break into the University of Washington by exploiting the simple SQL Injection vulnerability. The leak(pastebin.com/A8p6d3k9) contains username, password and a poc for the vulnerability.


Hackers leaked(pastebin.com/9eivn85U) the database details belong to The University Philadelphia(www.philau.edu), it contains name,school,education,office_email and other details.
Read more »
Database Leaked
Database Leaked

Ghana National Petroleum Company & Petrobras hacked by Sepo


The Hacker called as SEPO(@anon_4freedom) hacked into Ghana National Petroleum Company (GNPC) website(www.gnpcghana.com) and compromised the database.

The Ghana National Petroleum Company (GNPC) is the state agency responsible for the exploration, licensing, and distribution of petroleum-related activities in Ghana.

Hacker leaked the database details in his website.The leak contains username, password and email address .Passwords are in plain text format.

Hacker also hacked into Petróleo Brasileiro website (www.agenciapetrobras.com.br). Petróleo Brasileiro or Petrobras is a semi-public Brazilian multinational energycorporation headquartered in Rio de Janeiro, Brazil. It is the largest company in theSouthern Hemisphere by market capitalization and the largest in Latin America measured by 2011 revenues.
Read more »
UGNazi
Featured UGNazi

Ray J site and Twitter account hacked by #UGNazi


UGNazi hackers group defaced official site of American singer, Ray J (www.rayj.com) and Razta.org site . They leaked the database belong to the Ray J website.

Hackers also hacked the Twitter account belong to Ray J(twitter.com/RayJ) and asks followers to visit their website(UGNazi.com).

 One of their tweet from the hacked account:

If you want a autographed album of RayJ Tweet "Check out http://UGNazi.com #UGNazi, & #UGNazi #Joshthegod #Cosmo #UGNazi"

and one more tweet that asks followers to re-tweet :

If this tweet gets 1000+ Rts i will make a porn video with @taylorswift13 http://UGNazi.com #UGNazi


Hackers leaked 300Mb+ data in rar file format that has been uploaded to cocksecurity (cocksecurity.com/rayj/Rayjcom.rar). The recent hack earns more followers for the UGNazi account.
Read more »
Vulnerability
Application Vulnerability Breaking News Vulnerability

TrueCaller Vulnerability Allows Changing Users Details

A security Researcher Ali AlHabshi,from Kuwait WhiteHat, has discovered a vulnerability in TrueCaller iPhone App that allows hackers to change user details.

He report about the vulnerability to True  Software.  True Software confirmed the vulnerability and released new version '2.78' of TrueCaller to fix the vulnerability.

The Vulnerability Details:
 The application allows users to search numbers if and only if the user enables Enhanced Search feature. When enabled, the user is warned that his contacts will be shared with other users to search and his address book is sent to TrueCaller database.

 This process is done by sending the following HTTP “cleartext” request:
post_contact_data=[{"REV":"","FN":"ContactName","TEL_CELL":["MobileNumber"],”TCBID”:”Number“,”FID”:”Number“,”TEL_WORK”:[Number],”TEL_HOME”:[],”CONTACT_ID”:”3619″,”LID”:”"}

From a security point of view, this is a bad security behavior and may lead to one of the following situations:

Privacy Issues
Although TrueCaller has a strict privacy policy, this behavior allows 3rd parties (i.e. ISP’s, Governments, Sniffers..etc) to intercept database entries and build a copy of TrueCaller’s database.

Fake Data
The “cleartext“, unencrypted POST request may be leveraged to fake/change/modify address book entries by repeating the POST request with fake entries in the parameter and fill TrueCaller’s database with fake (rogue) entries.

Here’s an example of the an intercepted request after enabling Enhanced Search feature:


Enabling Enhanced Search features without having to share user’s Address Book:
When the user enables “Enhanced Search”, the application sends an encrypted HTTP GET request, followed by the HTTP POST request outlined above. If a malicious user allows the GET request to pass and “drops” the following POST request (which contains his address book), he will be able to enjoy the Enhanced Search feature without sharing his address book, which TrueCaller really do not want to happen.

Advisory Timeline
28/Apr/2012 – First contact: Vulnerability details sent
29/Apr/2012 – Response received: Asked for more details
29/Apr/2012 – Second Contact: More details provided and cleared TrueCaller doubts
30/Apr/2012 – Vulnerability Confirmed: TrueCaller started working on a fix
01/May/2012 – Vulnerability Fixed: Fix submitted to Apple for approval
17/May/2012 – New Version Released: Fix approved by Apple and released
01/Jun/2012 - Vulnerability Released.
Read more »
Security News
Security News

CVE-2012-2661 : Critical SQL iNjection vulnerability in Ruby on Rails



Ruby on Rails security team has fixed a critical SQL Injection vulnerability that affects version 3.0.0 and ALL later versions(v2.3.14 is not affected).  The developers have released version 3.2.4, 3.1.5 and 3.0.13 to fix the vulnerability.

"Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries. "

Impacted code directly passes request params to the `where` method of an ActiveRecord class like this:

Post.where(:id => params[:id]).all

An attacker can make a request that causes `params[:id]` to return a specially crafted hash that will cause the WHERE clause of the SQL statement to query an arbitrary table with some value.

Customers of Ruby on Rails 3.0 and later versions are advised to immediately apply the updates.
Read more »
UGNazi
Breaking News Security Breach UGNazi

CloudFlare hacked by UGNazi Hackers


 CloudFlare issued a statement admitting that hackers was able to access a customer's account and change that customer's DNS records.

“The attack was the result a compromise of Google's account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps,” Matthew Prince , the co-founder and CEO of the company said in the statement.

“The password used on my personal Gmail account was 20+ characters long, highly random, and not used by me on any other services so it's unlikely it was dictionary attacked or guessed,” he added.

Surprisingly, all CloudFlare.com accounts use two-factor authentication. " We are still working with Google to understand how the hacker was able to reset the password without providing a valid two-factor authentication token."

After analyzing the incident, Google’s security team has determined that “a subtle flaw in the recovery flow” of certain accounts allowed the hackers to compromise the account.

This is where UGNazi steps in. The hackers claim that Prince and Google are both wrong.

“Nah. There’s no way you can social engineer a Google App. I don’t know what he was talking about. We did get in his emails though: matthew@cloudflare.com and mprince@gmail.com,” Softpedia quoted Cosmo, a member of UGNazi, as saying.

“We got into their main server. We could see all customer account information, name, IP address, payment method, paid with, user ID, etc. and had access to reset any account on CloudFlare,” Cosmo added.

Furthermore, the hackers plan on selling all the information they obtained on Darkode.

"the owner Matthew Prince thinks it’s secure. It’s obviously not, implying we got access into the main CloudFlare server today." The hackers stated as the reason for the attack.
Read more »
Subscribe to: Comments (Atom)