Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Malware Report
Breaking News Malware Report

New ZitMo Trojan masquerades as Android Security Suit Premium

Android users who are looking for the good Antivirus should beware of this latest threat which masquerades as Android Security suit premium application. Kaspersky recently come across 6 APK files, which functionality is almost the same as in old ZitMo samples.

Zitmo(Acronym of Zeus-in-the-mobile) is mobile component of the Zeus Banking malware. The malware steals incoming SMS and sends them to command-and-control(C&C) servers operated by the attackers.

After further analysis of the new variant, researchers found that the C&C ’re somehow connected to domains that show up in their ZeuS C&C database.

"So, there is new piece of Android malware which steals incoming SMS messages and uploads them to the remote server," Denis Maslennikov, a Kaspersky Lab expert said.

"The newest variant of ZitMo demonstrates the commitment to effective mobile spyware development and distribution that cybercrime has made," Kurt Baumgartner, senior security researcher at Kaspersky Lab told to ComputerWorld.

As usual, Users are advised to install Android apps from the official Google Play website and should always look at an app's reviews and download statistics to determine if it's trustworthy.
Read more »
Myanmar Hackers
Bangladesh Cyber Army Cyber War Myanmar Hackers

Cyber War between Myanmar Hackers and Bangladeshi Cyber Army


A Bangladeshi hackers group known as 'Bangladeshi Cyber Army(BCA)' has declared a cyber-war on Myanmar, accusing the country of killing innocent Muslims and its hackers of breaching Bangladeshi websites.

"This injustice over the Muslims and attack on the Bangladeshi cyber space has forced us to react. In this situation, we feel the necessity of a cyber war, against racists." Hackers posted in their official facebook page.

"Human Rights Commission and other Governments who have the ability to stop all these are sitting idle under this situation. We request them to come forward and stand against injustice."

As part of the Cyber War, The BCA take down the number of Myanmar government sites by DDOS attack. Ministry of Foreign Affairs (www.myanmar.gov.mm), Ministry of Co-operatives (www.myancoop.gov.mm), Ministry of Construction (www.construction.gov.mm), Ministry of Forestry (www.myanmarteak.gov.mm), Ministry of Agriculture and Irrigation (www.moai.gov.mm) sites are seems to be down at the time of writing this article.


Hackers also defaced the websites of Myanmar Tour And Travel, the University of Medicine in Mandalay, Myanmar Logistics Co, Client Focus Technology Group, UN Framework Convention on Climate Change, The Royal Hantha Arts of Myanmar Artists, Myanmar Clover Hotel Yangon, and others.

As part of the Cyber-war, Myanmar hackers also started to hack more Bangladeshi sites. More than 30 Bangladeshi government sites were defaced. The sites are Ministry of Education, Department of Relief & Rehabilitation,Ministry Of Industries and others. The full list of hacked sites can be found here.
Read more »
Featured
Featured

CVE-2012-1875 : Exploit for Remote Code Execution Flaw in Internet Explorer 8


After less than a week Microsoft released security advisory detailing a number of critical vulnerabilities in Internet Explorer, an exploit code has been made available for the CVE-2012-1875 remote code execution flaw.
CVE-2012-1875: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."

While releasing the security advisory, Microsoft also issued a warning that working exploit code could be released within 30 days. As usual, it doesn’t take much time for such popular attack codes to become available.

Also, this is not the only vulnerability that affects Internet Explorer. There’s another critical flaw in Microsoft XML Core Services that hasn’t been patched yet, but for which the Redmond company released a temporary fix.

The Metasploit exploit framework has been fitted with a module that takes advantage of the vulnerability, meaning that the attack option is freely available to anyone who knows how to use the framework

Read more »
Malware Report
AV Bypassing Exploits Malware Report

AV Bypass for Malicious PDFs Using XML Data Package (XDP) format

Security researcher Brandon Dixon has discovered a way to bypass the Antivirus detection for malicious PDFs using the XML Data Package(XDP) format.

XDP is an XML file format created by Adobe Systems in 2003. It is intended to be an XML-based companion to PDF. It allows PDF content and/or Adobe XML Forms Architecture (XFA) resources to be packaged within an XML container.

As XDP files are opened by Adobe Reader just like a normal PDF would be , opening the malicious XDP file can result in Adobe Reader Exploit.

Dixon's test document, which uses a two-year-old security vulnerability in Adobe Reader, was only detected by one anti-virus package in his tests. After experimenting with the XDP format, he was able to create another file that fooled all 42 anti-virus engines used on VirusTotal.

"The exploit is old. The JS is not encoded. This shoud be fixed. If you are wondering how to combat against this on your network or in your inbox, then look for XDP files."Dixon said in his blog.

"Of course, one could simply change the extension and still trick the user, but only awareness can fix that. For those with DPI, look for the Adobe XDP namespace and base64 code to identify the PDF embedded inside. "
Read more »
Malware Report
Malware Report

Ghost, a honeypot for capturing USB malware

The Honeypot project has released first public version of malware Honeypot called as "Ghost".

Ghost is a honeypot for USB malware. It is capable of capturing malware that propagates via USB storage devices without any further knowledge. This is done by emulating a USB thumb drive and tricking malware into infecting the emulated device. Due to the fact that a machine must be infected in order for the virtual device to detect the malware, the honeypot is designed to run on Windows systems, which are mainly targeted by malware at themoment.

Currently, Ghost only supports Windows XP and is in an early development stage, although its concept has been shown to work well, and the code is stable. If Ghost detects an infection, then it will currently only report that the machine is possibly infected, without including any additional information.

The team plans on extending Ghost's reporting capabilities, and to make it run on other versions of Windows. We can expect the complete product on August 31. The source code and binary for this file can be found here.
Read more »
UGNazi
Breaking News UGNazi

Google's MarkMonitor account hacked by #UGNazi via Social Engineering


The well-known Hacker group UGNazi claimed that they gained access to the Google's MarkMonitor account.  According to their press release, hackers managed to reset the account via social engineering attack. 

"The agent that helped us reset the account should get some what of credit, she helped us alot on reseting Google's MarkMonitor account " hacker said in the press release.

"3 Days ago, We gained access into Google's registrar MarkMonitor, the following picture goes to show how no one is safe http://i.imgur.com/KDWja.png" The tweet from hackers account reads.

"i suggest you move to a more secure registrar. but then again, we are Social Engineering Gods." The statement clearly shows the group is strong in social engineering attacks. Earlier of this month, the group hacked the WHMCS via social engineering attack.

"So, this just goes to show, even Google can be Social Engineered. P.S. It was Google's Account Manager, Olga Was, so technically, we did Social Engineer Google. :)."Hacker said.

At the time of writing, there is no official statement made from Google or Mark Monitor about the hack.

Read more »
Security News
Security News

AVG Family Safety web browser: Keep your family safe online


AVG has launched the iOS and Windows Phone versions of its Family Safety web browser to ensure that adults and their children are protected from online threats such as scams, phishing and potentially dangerous websites.

“With people increasingly using mobile devices to access social networks and browse the web, protecting these devices against online threats has become vital,” JR Smith, the CEO of AVG Technologies.

“Online scams and attacks are on the rise and can occur on any platform with access to the web. AVG aims to protect its users wherever they go. With AVG Family Safety for iOS and Windows Phone, we provide our users the peace of mind that they and their children are protected against online threats on these mobile platforms too.”

One of the best features of AVG Family Safety is the fact that it allows parents not only to monitor their children’s online activities, but also to set up restrictions and set filters across mobile devices and personal computers.
Read more »
Vulnerability
Breaking News Firefox Security Vulnerability

Memory Corruption Vulnerability in Firefox 13


A security researcher Ucha Gobejishvili has discovered a memory corruption vulnerability in the Firefox 13, the latest version of Mozilla Firefox.

The vulnerabilities can be exploited by local privileged user accounts with low user inter action or remote via manipulated http request & high required user inter action.

According to softpedia report, the researcher notified the Mozilla about the vulnerability. He told that Mozilla confirmed the existence of the vulnerability and planned on fixing it in the upcoming versions.

In a Proof-of-concept video , the researcher showed that by launching the specially crafted HTML file the vulnerability would be triggered, causing a denial-of-service (DOS) state.

In practice, an attacker would have to host a website that contains the malicious webpage. Then, with the aid of cleverly designed emails or instant messages, he could lure potential victims to the website.

The POC video:
Read more »
Silent Hacker
Silent Hacker

Two pakistani high profile site hacked by Silent HaxOR from Indishel

A hacker called as silent Hacker, from Indishell, claimed he hacked into two high profile pakistan websites.

One of the victim site is Citizens Police Liaison Committee Of Pakistan(
http://www.cplc.org.pk/images/). The second victim site is Pakistan biggest and Largest Advertising Agencies, Media buying(timenspacemedia.com).

The mirror of defacements:
http://zone-h.net/mirror/id/17890564

http://arab-zone.net/mirror/101578/timenspacemedia.com/
Read more »
LulzSec Reborn
Breaking News Database Leaked LulzSec Reborn

TweetGif hacked and 10,000 Twitter Users data dumped by LulzSec Reborn



The hacker group known as "LulzSec Reborn" claimed to have hacked into the TweetGif website (tweetgif.com) and compromised the database. TweetGif is a thirt-party twitter app that lets users share animated GIFs.

After the security breach, the hackers dumped a part of database that containing the credentials for more than 10,000 Twitter accounts. The dump contains access tokens and the associated access token secrets which can be used to access users' Twitter accounts.

The leak also contains users names, locations, bio information, links to avatars, and the date of the last update.

The tokens remain valid even when the account password is changed. If you used the app, all you need to do is head into Twitter's settings and revoke access to the app—no massive password changes required.
Read more »
Security Breach
Breaking News Security Breach

Global Payments Credit card processor finds more trouble from breach



Global Payments Inc. issued another statement, more than two months after it first reported that computer hackers may have compromised data from as many as 1.5 million credit and debit card accounts in North America.

Initially, the company are confident that their estimate on compromised card details is correct. After further investigation, they discovered that hackers may have access the personal information belong to a number of consumers.

“Our ongoing investigation recently revealed potential unauthorized access to personal information collected from a subset of merchant applicants. It is unclear whether the intruders looked at or took any personal information from the company’s systems,” reads the statement.

As an additional precaution, Global Payments said it alerted card issuers about more than 1.5 million potentially affected accounts so they can be on the lookout for suspicious activity.

After the breach, both Visa Inc. and MasterCard Inc. removed Global Payments from their lists of third-party vendors that meet the payment processing industry’s security standards.

Read more »
Subscribe to: Comments (Atom)