Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Zer0Pwn
Zer0Pwn

Airport of Sydney Hacked and Data Leaked by Zer0Pwn


The Hacker known as 'Zer0Pwn' claimed to have unauthorized access to the Airport of Sydney website(sydneyairport.com.au).

Hacker dumped the compromised data in pastebin along with database details. The dump contains username and password(plain text). Hackers also post the admin login page details.

"We have gained access to the FIDS (Flight Information Display System) of your airport, and we are leaking the data. We're proving that literally, NOTHING is secure. " Hacker said in the leak.


Read more »
Team Dig7tal
Team Dig7tal

University sites are being targeted by Team Dig7tal

The hacker group known as 'Team Dig7tal', breaking into University websites and leaked confidential data. They hacked into sites belong to University of Florida,Stanford University,University of Nebraska.

Hacker leaked the part of the database belong to University of Florida.  "These databases have tens of thousands of entries each, so I only dumped a sample of the first DB " Hacker said.

Earlier of this month, University of Florida notified users that database could have been compromised.  The recent hack clearly indicates that site is still vulnerable.

Hackers dumped the data belong to University of Nebraksa - Lincoln in AnonPaste.  "They failed to fix the SQL i vulnerability the first time, so it's a little worse this time. I'm hoping they'll take the time to fix it after this one. Probably not though...Anyway, let's get started." Hacker said.

The data leak contains username ,email address, hashed passwords, and other database details.
Read more »
Database Leaked
Breaking News Database Leaked

Security flaw in Kuwait Banking system, found by C0mrade

A Hacker called as c0mrade, has  been trying to raise awareness of the vulnerabilities in the Government sites. He claimed to have found vulnerability in Kuwait’s banking system.

According to the hacker, the software vulnerability affects Commercial Bank of Kuwait( CBK.com), NBK.com and other Banking Website associated with Kuwait.

To prove the seriousness of the vulnerability, C0mrade has leaked a database containing the details of around 3,000 customers and transaction logs(Credit card data censored).

"I am not a gutless Terrorist who prays for the Downfall of this Planet and the desire for it to become a Wasteland and all that comes left of it is Billions of bodies piled up onto each other, burnt remains and destroyed buildings. With that being said, I have a sudden thirst for epistemology. Let me elaborate, folks." Hacker said in the pastebin.
Read more »
Cyber Crime
Botnets Cyber Crime

Biggest banking Trojan Botnet suspect arrested by Russian Authorities


Russian police authorities arrested 22-year-old hacker, who is allegedly responsible for comprising more than 4.5 million computers – making it the largest publicly known botnet to date.

According to Russia’s Interior Ministry, the hacker used banking trojans to steal 150 million roubles($4.5 million or 3.6 million EUR), from private individuals and organisations.

The young man was known as "Hermes" and "Arashi" in online communities and apparently used variants of Carberp and similar trojans to commit the crimes. The trojan stole users' access credentials and used them to transfer money to bogus companies. Helpers then withdrew the stolen money from cash points. Most of the victims were Russian nationals.

This is the biggest banking Trojan botnet ever to be uncovered in Russia, according to reports, and one of the biggest in the world. Every day, the botnet operator would attempt to install malware on around 1 million computers, which meant that on some days, around 100,000 computers would join the network.

The authorities say that the arrest of "Hermes" and other members of his hacker group was carried out with the assistance of anti-virus company Dr. Web. Most of the accomplices lived in Moscow and St. Petersburg while "Hermes" was arrested in Southern Russia according to the reports.

Read more »
DDOS Attacks
DDOS Attacks

Iranian Central Bank hit by DDOS attack

The Central Bank of Iran was hit with a cyber attack on Tuesday which brought down the bank’s internet connection, according to the Iranian Labour News Agency (ILNA).

An analyst quoted by the news service said the attack brought down the CBI’s website and the” internal network’s going offline for an extended period is a sign there was a cyber-attack against the Central Bank of Iran.”

The attack occurred the same day in which negotiations in Moscow over Iran’s nuclear program failed to produce any positive results. European Union foreign affairs chief Catherine Ashton told reporters there are “significant gaps” between the positions of Iran and world powers when it comes to an agreement on Iran’s nuclear ambitions.

Heydar Moslehi, the intelligence minister for Iran, said on Thursday that cyber attacks against the Islamic Republic have increased since the meetings in Moscow ended.

On Wednesday, websites associated with the highest levels of Israeli government were unavailable as well. This came one day after the Washington Post published a story that Israel and the United States worked on a computer virus named “Flame”, in order to collect information inside Iran as a prelude to cyber-attacks aimed at slowing the Iranian nuclear program.

Source: The Algemeiner
Read more »
Web Application Vulnerability
Software Release Web Application Vulnerability

NT OBJECTives Releases New NTOEnterprise for Web Application Vulnerability Program Management

NT OBJECTives, a provider of automated, comprehensive and accurate web application security software, services and SaaS, today announced the availability of NTOEnterprise 2.0 which enables organizations to plan, manage, control and measure thousands of web application scans and also assess and prioritize areas of greatest risk across the enterprise.



“With NTOEnterprise, security teams, developers and CSOs can quickly view and easily understand how their organization’s security is improving, or not, and more importantly, what they can do about it. They can prioritize threats and respond more rapidly to their key areas of vulnerability,” says Dan Kuykendall, CTO and co-founder of NT OBJECTives. “With our customers’ input, we were also able to design an incredibly useful customizable report and graphic generation engine in the new version as well.”



NTOEnterprise features a consolidated graphical view of the enterprise security posture across all enterprise applications, allowing security professionals to easily determine vulnerability and application behavior trends, along with the overall status of the application security program. The new version includes data tagging capabilities that enable security teams to view applications by any user-defined criteria such as business unit, business risk, criticality, owner, location or any other grouping that can help security professionals organize applications. Security professionals now also have the ability to quickly navigate scan plans and configurations through flexible search functionality based on domain names, scan times and custom tagging.



NTOEnterprise enables customers to:
  •  Scale application security programs to handle simultaneous scans
  •  Centralize management and control of scan configurations, schedules and permissions
  •  Share information beyond security teams to developers, QA teams and executives
  •  Demonstrate compliance with regulatory and organizational security policies


NTOEnterprise 2.0 enhancements include:


Centralized Management Console
The new centralized dashboard provides a consolidated view of web application scans that includes:

· Active vulnerabilities by vulnerability type

· Six month vulnerability trending chart

· Recent completed scans

· Scans in progress



Enterprise Scan Management
The enhanced user interface improves users’ ability to initiate, schedule and configure application scans through. The consolidated interface enables users to quickly view in-progress, recent and scheduled scans. Scans can be scheduled to run at regular monthly or quarterly intervals to provide ongoing monitoring of application security issues.


Blackout Management
Users have an improved ability to define when scans can't happen and when they can with improved blackout functionality. Only administrators can define blackout periods and the defined blackouts trump scheduled scanning so users can feel confident that business operations won’t be impacted.


Asset Tagging
New asset tags facilitate flexible custom reporting and a graphical view of the security posture across all enterprise applications. Organizations can define (customize) their own tags to view applications and vulnerabilities from different vantage points. Organizations can tag by location, team or business functionality such as which applications store credit card data or Personally Identifiable Information (PII). In addition, organizations can define trending data to show vulnerability trends over time.


Custom & Graphical Report Generation
New custom report generators allow users to define filters to quickly find and analyze vulnerability information from their scans. The custom reports and charts provide fantastic presentation data for management.


Test Management Software Integration
NTOEnterprise is now capable of creating tickets for each discovered vulnerability in popular issue management systems. Supported systems: RSA Archer, HP Quality Center and Atlassian's JIRA.

Infrastructure & Performance
NTOEnterprise’s back-end infrastructure has been enhanced to optimize user experience and performance. The new installation model enables organizations to implement tighter security controls to each component.


For more information visit http://www.ntobjectives.com/security-software/ntoenterprise-centralized-application-security


About NT OBJECTives

NT OBJECTives, Inc. has been dedicated to solving the most difficult application security challenges for over 10 years. NTO’s software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NTO’s SaaS offering, NTOSpider On-Demand, can be augmented with enhanced services including false positive validation and business logic testing. NT OBJECTIVES is privately held with headquarters in Irvine, CA.

Read more »
Defaced Website
3xp1r3 Cyber Army Defaced Website

Famous Porn Network Hacked By 3xp1r3 Cyber Army



The Bangladeshi Hackers group known as 3xp1r3 Cyber Army hacked famous porn websites and defaced them.

The list of hacked sites are:
  • http://freehardcoreporn.xxx/
  • http://freecelebritysextapes.xxx/
  • http://findafuck.xxx/
  • http://celebritypornmovies.xxx/
  • http://redhotvoucher.com/
  • http://aienetwork.com/
  • http://xlmedianetworks.com/
  • http://aien.xxx/

At the time of writing this article, sites are not recovered and we are able to see the defacement.

The mirrors for the defaced pages:
http://zone-hack.com/mirror/id/62923
http://zone-hack.com/mirror/id/62924
http://zone-hack.com/mirror/id/62925
http://zone-hack.com/mirror/id/62926
http://zone-hack.com/mirror/id/62927
http://zone-hack.com/mirror/id/62928
http://zone-hack.com/mirror/id/62929
http://zone-hack.com/mirror/id/62930
Read more »
Myanmar Hackers
Bangladesh Cyber Army Cyber War Myanmar Hackers

Cyber-war :more Bangladesh Government sites hacked by Myanmar Hackers

After Bangladesh cyber army declares cyber-war against Myanmar and hack few government sites, Myanmar Hackers group known as 'Blink Hacker Group(BCH)' hack more Bangladeshi Government sites.

The hacked sites are Bangladesh Public Service Commission (BPSC),Information and Communication Technology Division,Cabinet Division,Pabna Textile Engineering College,Ministry of Defence,NID Registration Wing,Bangladesh National Commission for UNESCO.

Disaster Management Bureau(DMB),Department of Textile,Economic Relations Division (ERD),Bangladesh Election Commission,Ministry of Communication,Ministry of Civil Aviation and Tourism and more sites become victim of this cyber attack from Myanmar Hackers.

Hacker provide us the list of hacked sites.  Here you can find the list:
http://pastebin.com/raw.php?i=jnqXLNX1.


Hackers wipe out the database from the hacked sites. At the time of writing this article, all sites appeared to be suffering database connection issues.
Read more »
Security News
Security News

Bluebox Launches with $9.5 Funding Led by Andreesen Horowitz/Andreas Bechtolsheim Joins Board

Bluebox, a start-up developing the next evolution in enterprise security technology, announced today that it has closed a $9.5 million Series A financing round led by Andreessen Horowitz.

Additional investors include Andreas Bechtolsheim, co-founder of Sun Microsystems and one of the first investors in Google, SV Angel, Ram Shriram, board member of Google and one of its first investors, and Brian Cohen, former CEO of SPI Dynamics (acquired by HP). Along with the initial round of funding, Bechtolsheim and Scott Weiss, general partner at Andreessen Horowitz, have been named to the company’s board of directors.

Bluebox is founded by veteran entrepreneurs with strong security DNA. Bluebox CEO and co-founder Caleb Sima served as Chief Technology Officer for HP’s Application Security Center and was responsible for directing the lifecycle of the company’s web application security solutions. He joined HP following the acquisition in 2007 of SPI Dynamics, the company he co-founded and led as CTO, where he oversaw the development of WebInspect - a solution that set the bar in Web application security testing tools. Prior to co-founding SPI Dynamics in early 2000, Caleb worked for Internet Security Systems’ elite X-Force R&D team and as a Security Engineer for S1 Corporation.

Co-founder Adam Ely was previously CISO of the Heroku business unit at salesforce.com. Prior to salesforce.com, Adam led security operations, application security, and compliance for TiVo. Before TiVo, he led security functions within The Walt Disney Company, responsible for properties including ABC.com, ESPN.com, and Disney.com.

“Enterprise security on mobile is an unsolved problem, and, frankly, is in need of innovation,” said Bechtolsheim. “Bluebox is developing a solution that will change the way enterprises think of how to successfully and seamlessly protect their data.”

"This is the most amazing security team that I've seen in a long time," said Scott Weiss, general partner at Andreessen Horowitz and former CEO of IronPort Systems, which was acquired by Cisco. "They are going after one of the hardest problems that companies face and where incumbents have floundered."


Bluebox is hiring world-class developers, who want to work on breakthrough security technology. Interested individuals should contact the company rockstars@bluebox.com. Visit www.bluebox.com to learn more, or follow us on Twitter @BlueboxSec.

Read more »
Malware Report
Breaking News Malware Report

New ZitMo Trojan masquerades as Android Security Suit Premium

Android users who are looking for the good Antivirus should beware of this latest threat which masquerades as Android Security suit premium application. Kaspersky recently come across 6 APK files, which functionality is almost the same as in old ZitMo samples.

Zitmo(Acronym of Zeus-in-the-mobile) is mobile component of the Zeus Banking malware. The malware steals incoming SMS and sends them to command-and-control(C&C) servers operated by the attackers.

After further analysis of the new variant, researchers found that the C&C ’re somehow connected to domains that show up in their ZeuS C&C database.

"So, there is new piece of Android malware which steals incoming SMS messages and uploads them to the remote server," Denis Maslennikov, a Kaspersky Lab expert said.

"The newest variant of ZitMo demonstrates the commitment to effective mobile spyware development and distribution that cybercrime has made," Kurt Baumgartner, senior security researcher at Kaspersky Lab told to ComputerWorld.

As usual, Users are advised to install Android apps from the official Google Play website and should always look at an app's reviews and download statistics to determine if it's trustworthy.
Read more »
Myanmar Hackers
Bangladesh Cyber Army Cyber War Myanmar Hackers

Cyber War between Myanmar Hackers and Bangladeshi Cyber Army


A Bangladeshi hackers group known as 'Bangladeshi Cyber Army(BCA)' has declared a cyber-war on Myanmar, accusing the country of killing innocent Muslims and its hackers of breaching Bangladeshi websites.

"This injustice over the Muslims and attack on the Bangladeshi cyber space has forced us to react. In this situation, we feel the necessity of a cyber war, against racists." Hackers posted in their official facebook page.

"Human Rights Commission and other Governments who have the ability to stop all these are sitting idle under this situation. We request them to come forward and stand against injustice."

As part of the Cyber War, The BCA take down the number of Myanmar government sites by DDOS attack. Ministry of Foreign Affairs (www.myanmar.gov.mm), Ministry of Co-operatives (www.myancoop.gov.mm), Ministry of Construction (www.construction.gov.mm), Ministry of Forestry (www.myanmarteak.gov.mm), Ministry of Agriculture and Irrigation (www.moai.gov.mm) sites are seems to be down at the time of writing this article.


Hackers also defaced the websites of Myanmar Tour And Travel, the University of Medicine in Mandalay, Myanmar Logistics Co, Client Focus Technology Group, UN Framework Convention on Climate Change, The Royal Hantha Arts of Myanmar Artists, Myanmar Clover Hotel Yangon, and others.

As part of the Cyber-war, Myanmar hackers also started to hack more Bangladeshi sites. More than 30 Bangladeshi government sites were defaced. The sites are Ministry of Education, Department of Relief & Rehabilitation,Ministry Of Industries and others. The full list of hacked sites can be found here.
Read more »
Subscribe to: Comments (Atom)