Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Featured
Featured

CVE-2012-1875 : Exploit for Remote Code Execution Flaw in Internet Explorer 8


After less than a week Microsoft released security advisory detailing a number of critical vulnerabilities in Internet Explorer, an exploit code has been made available for the CVE-2012-1875 remote code execution flaw.
CVE-2012-1875: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."

While releasing the security advisory, Microsoft also issued a warning that working exploit code could be released within 30 days. As usual, it doesn’t take much time for such popular attack codes to become available.

Also, this is not the only vulnerability that affects Internet Explorer. There’s another critical flaw in Microsoft XML Core Services that hasn’t been patched yet, but for which the Redmond company released a temporary fix.

The Metasploit exploit framework has been fitted with a module that takes advantage of the vulnerability, meaning that the attack option is freely available to anyone who knows how to use the framework

Read more »
Malware Report
AV Bypassing Exploits Malware Report

AV Bypass for Malicious PDFs Using XML Data Package (XDP) format

Security researcher Brandon Dixon has discovered a way to bypass the Antivirus detection for malicious PDFs using the XML Data Package(XDP) format.

XDP is an XML file format created by Adobe Systems in 2003. It is intended to be an XML-based companion to PDF. It allows PDF content and/or Adobe XML Forms Architecture (XFA) resources to be packaged within an XML container.

As XDP files are opened by Adobe Reader just like a normal PDF would be , opening the malicious XDP file can result in Adobe Reader Exploit.

Dixon's test document, which uses a two-year-old security vulnerability in Adobe Reader, was only detected by one anti-virus package in his tests. After experimenting with the XDP format, he was able to create another file that fooled all 42 anti-virus engines used on VirusTotal.

"The exploit is old. The JS is not encoded. This shoud be fixed. If you are wondering how to combat against this on your network or in your inbox, then look for XDP files."Dixon said in his blog.

"Of course, one could simply change the extension and still trick the user, but only awareness can fix that. For those with DPI, look for the Adobe XDP namespace and base64 code to identify the PDF embedded inside. "
Read more »
Malware Report
Malware Report

Ghost, a honeypot for capturing USB malware

The Honeypot project has released first public version of malware Honeypot called as "Ghost".

Ghost is a honeypot for USB malware. It is capable of capturing malware that propagates via USB storage devices without any further knowledge. This is done by emulating a USB thumb drive and tricking malware into infecting the emulated device. Due to the fact that a machine must be infected in order for the virtual device to detect the malware, the honeypot is designed to run on Windows systems, which are mainly targeted by malware at themoment.

Currently, Ghost only supports Windows XP and is in an early development stage, although its concept has been shown to work well, and the code is stable. If Ghost detects an infection, then it will currently only report that the machine is possibly infected, without including any additional information.

The team plans on extending Ghost's reporting capabilities, and to make it run on other versions of Windows. We can expect the complete product on August 31. The source code and binary for this file can be found here.
Read more »
UGNazi
Breaking News UGNazi

Google's MarkMonitor account hacked by #UGNazi via Social Engineering


The well-known Hacker group UGNazi claimed that they gained access to the Google's MarkMonitor account.  According to their press release, hackers managed to reset the account via social engineering attack. 

"The agent that helped us reset the account should get some what of credit, she helped us alot on reseting Google's MarkMonitor account " hacker said in the press release.

"3 Days ago, We gained access into Google's registrar MarkMonitor, the following picture goes to show how no one is safe http://i.imgur.com/KDWja.png" The tweet from hackers account reads.

"i suggest you move to a more secure registrar. but then again, we are Social Engineering Gods." The statement clearly shows the group is strong in social engineering attacks. Earlier of this month, the group hacked the WHMCS via social engineering attack.

"So, this just goes to show, even Google can be Social Engineered. P.S. It was Google's Account Manager, Olga Was, so technically, we did Social Engineer Google. :)."Hacker said.

At the time of writing, there is no official statement made from Google or Mark Monitor about the hack.

Read more »
Security News
Security News

AVG Family Safety web browser: Keep your family safe online


AVG has launched the iOS and Windows Phone versions of its Family Safety web browser to ensure that adults and their children are protected from online threats such as scams, phishing and potentially dangerous websites.

“With people increasingly using mobile devices to access social networks and browse the web, protecting these devices against online threats has become vital,” JR Smith, the CEO of AVG Technologies.

“Online scams and attacks are on the rise and can occur on any platform with access to the web. AVG aims to protect its users wherever they go. With AVG Family Safety for iOS and Windows Phone, we provide our users the peace of mind that they and their children are protected against online threats on these mobile platforms too.”

One of the best features of AVG Family Safety is the fact that it allows parents not only to monitor their children’s online activities, but also to set up restrictions and set filters across mobile devices and personal computers.
Read more »
Vulnerability
Breaking News Firefox Security Vulnerability

Memory Corruption Vulnerability in Firefox 13


A security researcher Ucha Gobejishvili has discovered a memory corruption vulnerability in the Firefox 13, the latest version of Mozilla Firefox.

The vulnerabilities can be exploited by local privileged user accounts with low user inter action or remote via manipulated http request & high required user inter action.

According to softpedia report, the researcher notified the Mozilla about the vulnerability. He told that Mozilla confirmed the existence of the vulnerability and planned on fixing it in the upcoming versions.

In a Proof-of-concept video , the researcher showed that by launching the specially crafted HTML file the vulnerability would be triggered, causing a denial-of-service (DOS) state.

In practice, an attacker would have to host a website that contains the malicious webpage. Then, with the aid of cleverly designed emails or instant messages, he could lure potential victims to the website.

The POC video:
Read more »
Silent Hacker
Silent Hacker

Two pakistani high profile site hacked by Silent HaxOR from Indishel

A hacker called as silent Hacker, from Indishell, claimed he hacked into two high profile pakistan websites.

One of the victim site is Citizens Police Liaison Committee Of Pakistan(
http://www.cplc.org.pk/images/). The second victim site is Pakistan biggest and Largest Advertising Agencies, Media buying(timenspacemedia.com).

The mirror of defacements:
http://zone-h.net/mirror/id/17890564

http://arab-zone.net/mirror/101578/timenspacemedia.com/
Read more »
LulzSec Reborn
Breaking News Database Leaked LulzSec Reborn

TweetGif hacked and 10,000 Twitter Users data dumped by LulzSec Reborn



The hacker group known as "LulzSec Reborn" claimed to have hacked into the TweetGif website (tweetgif.com) and compromised the database. TweetGif is a thirt-party twitter app that lets users share animated GIFs.

After the security breach, the hackers dumped a part of database that containing the credentials for more than 10,000 Twitter accounts. The dump contains access tokens and the associated access token secrets which can be used to access users' Twitter accounts.

The leak also contains users names, locations, bio information, links to avatars, and the date of the last update.

The tokens remain valid even when the account password is changed. If you used the app, all you need to do is head into Twitter's settings and revoke access to the app—no massive password changes required.
Read more »
Security Breach
Breaking News Security Breach

Global Payments Credit card processor finds more trouble from breach



Global Payments Inc. issued another statement, more than two months after it first reported that computer hackers may have compromised data from as many as 1.5 million credit and debit card accounts in North America.

Initially, the company are confident that their estimate on compromised card details is correct. After further investigation, they discovered that hackers may have access the personal information belong to a number of consumers.

“Our ongoing investigation recently revealed potential unauthorized access to personal information collected from a subset of merchant applicants. It is unclear whether the intruders looked at or took any personal information from the company’s systems,” reads the statement.

As an additional precaution, Global Payments said it alerted card issuers about more than 1.5 million potentially affected accounts so they can be on the lookout for suspicious activity.

After the breach, both Visa Inc. and MasterCard Inc. removed Global Payments from their lists of third-party vendors that meet the payment processing industry’s security standards.

Read more »
VoxAnon
Anonymous Hackers Breaking News VoxAnon

VoxAnon IRC Network suffers DDOS Attack

The VoxAnon, an IRC Community created as a platform to help facilitate inter-Anonymous discussion and activities , has experienced distributed denial of service(DDOS) attack.

“VoxAnon will be back soon! Check this page frequently for updates!” a message posted in the The main page of VoxAnon.org.


“#VoxAnon is down due to #DDOS Haters will hate. We won't stop doing what we do best,” a tweet posted on June 10 from VoxAnon IRC .




According to a report from HOTforSecurity, the DDOS attack may have been launched by other hacktivists who name VoxAnon a platform on which security companies and law enforcement look around.



Read more »
Vulnerability
Featured OS Vulnerability Vulnerability

64-bit OS & virtualization software running on Intel CPU vulnerable to local privilege escalation


A critical security vulnerability has been discovered in the 64 bit operating system and virtualization software running on Intel CPU , which leads to privilege Escalation exploit or a guest-to-host virtual machine escape.

The problem affects 64-bit versions of Windows, Linux, FreeBSD and the Xen hypervisor. The flaw seems to only affect Intel hardware – AMDand ARM CPUs are not affected.

"A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP)."US-CERT's vulnerability report reads.

" The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation. "

Metasploit penetration testing framework founder H.D. Moore characterized the bug as a "serious guest-to-host escape vulnerability," noting that while it affects the Xen platform, it doesn't affect VMware.

To this end, operating system specific details on the vulnerability have been published by Xen, FreeBSD and Microsoft. Linux vendor Red Hat has also published two updates on the problem: RHSA-2012:0720-1 and RHSA-2012:0721-1.

To close the security hole, users should apply updates from their operating system supplier.
Read more »
Subscribe to: Comments (Atom)