Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Malware Report
BlackHole Exploit Malware Report

Blackhole Exploit Kit upgraded to generate pseudo-random domains

Blackhole Exploit Kit is one of the famous Exploit Kit which is being used by Cyber Criminals for infecting innocent users through Drive-by-download.  It delivers different exploit including Java, Adobe Flash Player, Adobe Reader, Windows Help Center, and other applications.

Although this approach has generally been very successful for malware authors, it has had one weakness. If the location or URL for the iframe, which actually contains the malicious code, changes or is taken down, all of the compromised sites will have to be updated to point to this new location. This process is difficult and impractical.

To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains ,based on the date and other information, and then creates an iframe pointing to the generated domain.

After de-Obfuscating the javascript in the compromised pages, symantec researchers found a code that pseudo-random domains.

This code uses the setTimeout() DOM function to run a particular piece of code (the anonymous function at the bottom of the code) after half a second. This function calls the following:

  • generatePseudoRandomString() function, with a timestamp
  • 16, the desired length of the domain name
  • ru, the top-level domain name to use

The code then creates a hidden iframe, using the previously-generated domain as the source.

Once the domain has been generated and the iframe has been created, the exploit kit page runs many exploits as normal, going to great lengths to determine, for example, which compromised PDF file to show, depending on the version of Adobe Reader installed.

Running this code in isolation, it seems that the pseudo-random domain is based on a number which is in turn based on an initial seed value, the current month and the day of the current month. When running the code at the time of writing, it returned:

lfbovcaitd[REMOVED].ru

By changing the date passed to the function we can determine domains that will be used in future. All domains up to 7 August of this year have been registered and all currently resolve to the same IP address. The domains, all recently registered, use private registration, such as details of the registrant not published in WHOIS.
Read more »
Security News
Security News

FBI two-year cybercrime sting leads to 24 arrests


The FBI orchestrated a two-year cybercrime sting that resulted in 24 arrests, with some alleged hackers facing more than 20 years in prison for allegedly profiting from stolen information such as credit card and bank account numbers, law enforcement authorities announced today.

The U.S attorney's office in Manhattan and the FBI announced the arrests and provided details of the sting operation, which involved FBI agents posing as hackers while the bureau set up a fake "carding" forum, according to the press release (see the full release below).

Carding is the term for crimes associated with exploiting stolen personal information for profit. The forums helped "carders" communicate and, in some cases, find mailing addresses -- usually empty apartments or houses -- for products purchased with stolen credit-card data.

While the sting netted 24 arrests across eight countries, authorities only shared the charges of 12 alleged hackers. These individuals were charged with several counts of fraud, including selling personal data, using stolen information to purchase or obtain products, and selling tools to aid hackers in stealing information.

The FBI claims it prevented 400,000 potential cybercrimes via this operation.

via cnet
Read more »
Zer0Pwn
Zer0Pwn

Airport of Sydney Hacked and Data Leaked by Zer0Pwn


The Hacker known as 'Zer0Pwn' claimed to have unauthorized access to the Airport of Sydney website(sydneyairport.com.au).

Hacker dumped the compromised data in pastebin along with database details. The dump contains username and password(plain text). Hackers also post the admin login page details.

"We have gained access to the FIDS (Flight Information Display System) of your airport, and we are leaking the data. We're proving that literally, NOTHING is secure. " Hacker said in the leak.


Read more »
Team Dig7tal
Team Dig7tal

University sites are being targeted by Team Dig7tal

The hacker group known as 'Team Dig7tal', breaking into University websites and leaked confidential data. They hacked into sites belong to University of Florida,Stanford University,University of Nebraska.

Hacker leaked the part of the database belong to University of Florida.  "These databases have tens of thousands of entries each, so I only dumped a sample of the first DB " Hacker said.

Earlier of this month, University of Florida notified users that database could have been compromised.  The recent hack clearly indicates that site is still vulnerable.

Hackers dumped the data belong to University of Nebraksa - Lincoln in AnonPaste.  "They failed to fix the SQL i vulnerability the first time, so it's a little worse this time. I'm hoping they'll take the time to fix it after this one. Probably not though...Anyway, let's get started." Hacker said.

The data leak contains username ,email address, hashed passwords, and other database details.
Read more »
Database Leaked
Breaking News Database Leaked

Security flaw in Kuwait Banking system, found by C0mrade

A Hacker called as c0mrade, has  been trying to raise awareness of the vulnerabilities in the Government sites. He claimed to have found vulnerability in Kuwait’s banking system.

According to the hacker, the software vulnerability affects Commercial Bank of Kuwait( CBK.com), NBK.com and other Banking Website associated with Kuwait.

To prove the seriousness of the vulnerability, C0mrade has leaked a database containing the details of around 3,000 customers and transaction logs(Credit card data censored).

"I am not a gutless Terrorist who prays for the Downfall of this Planet and the desire for it to become a Wasteland and all that comes left of it is Billions of bodies piled up onto each other, burnt remains and destroyed buildings. With that being said, I have a sudden thirst for epistemology. Let me elaborate, folks." Hacker said in the pastebin.
Read more »
Cyber Crime
Botnets Cyber Crime

Biggest banking Trojan Botnet suspect arrested by Russian Authorities


Russian police authorities arrested 22-year-old hacker, who is allegedly responsible for comprising more than 4.5 million computers – making it the largest publicly known botnet to date.

According to Russia’s Interior Ministry, the hacker used banking trojans to steal 150 million roubles($4.5 million or 3.6 million EUR), from private individuals and organisations.

The young man was known as "Hermes" and "Arashi" in online communities and apparently used variants of Carberp and similar trojans to commit the crimes. The trojan stole users' access credentials and used them to transfer money to bogus companies. Helpers then withdrew the stolen money from cash points. Most of the victims were Russian nationals.

This is the biggest banking Trojan botnet ever to be uncovered in Russia, according to reports, and one of the biggest in the world. Every day, the botnet operator would attempt to install malware on around 1 million computers, which meant that on some days, around 100,000 computers would join the network.

The authorities say that the arrest of "Hermes" and other members of his hacker group was carried out with the assistance of anti-virus company Dr. Web. Most of the accomplices lived in Moscow and St. Petersburg while "Hermes" was arrested in Southern Russia according to the reports.

Read more »
DDOS Attacks
DDOS Attacks

Iranian Central Bank hit by DDOS attack

The Central Bank of Iran was hit with a cyber attack on Tuesday which brought down the bank’s internet connection, according to the Iranian Labour News Agency (ILNA).

An analyst quoted by the news service said the attack brought down the CBI’s website and the” internal network’s going offline for an extended period is a sign there was a cyber-attack against the Central Bank of Iran.”

The attack occurred the same day in which negotiations in Moscow over Iran’s nuclear program failed to produce any positive results. European Union foreign affairs chief Catherine Ashton told reporters there are “significant gaps” between the positions of Iran and world powers when it comes to an agreement on Iran’s nuclear ambitions.

Heydar Moslehi, the intelligence minister for Iran, said on Thursday that cyber attacks against the Islamic Republic have increased since the meetings in Moscow ended.

On Wednesday, websites associated with the highest levels of Israeli government were unavailable as well. This came one day after the Washington Post published a story that Israel and the United States worked on a computer virus named “Flame”, in order to collect information inside Iran as a prelude to cyber-attacks aimed at slowing the Iranian nuclear program.

Source: The Algemeiner
Read more »
Web Application Vulnerability
Software Release Web Application Vulnerability

NT OBJECTives Releases New NTOEnterprise for Web Application Vulnerability Program Management

NT OBJECTives, a provider of automated, comprehensive and accurate web application security software, services and SaaS, today announced the availability of NTOEnterprise 2.0 which enables organizations to plan, manage, control and measure thousands of web application scans and also assess and prioritize areas of greatest risk across the enterprise.



“With NTOEnterprise, security teams, developers and CSOs can quickly view and easily understand how their organization’s security is improving, or not, and more importantly, what they can do about it. They can prioritize threats and respond more rapidly to their key areas of vulnerability,” says Dan Kuykendall, CTO and co-founder of NT OBJECTives. “With our customers’ input, we were also able to design an incredibly useful customizable report and graphic generation engine in the new version as well.”



NTOEnterprise features a consolidated graphical view of the enterprise security posture across all enterprise applications, allowing security professionals to easily determine vulnerability and application behavior trends, along with the overall status of the application security program. The new version includes data tagging capabilities that enable security teams to view applications by any user-defined criteria such as business unit, business risk, criticality, owner, location or any other grouping that can help security professionals organize applications. Security professionals now also have the ability to quickly navigate scan plans and configurations through flexible search functionality based on domain names, scan times and custom tagging.



NTOEnterprise enables customers to:
  •  Scale application security programs to handle simultaneous scans
  •  Centralize management and control of scan configurations, schedules and permissions
  •  Share information beyond security teams to developers, QA teams and executives
  •  Demonstrate compliance with regulatory and organizational security policies


NTOEnterprise 2.0 enhancements include:


Centralized Management Console
The new centralized dashboard provides a consolidated view of web application scans that includes:

· Active vulnerabilities by vulnerability type

· Six month vulnerability trending chart

· Recent completed scans

· Scans in progress



Enterprise Scan Management
The enhanced user interface improves users’ ability to initiate, schedule and configure application scans through. The consolidated interface enables users to quickly view in-progress, recent and scheduled scans. Scans can be scheduled to run at regular monthly or quarterly intervals to provide ongoing monitoring of application security issues.


Blackout Management
Users have an improved ability to define when scans can't happen and when they can with improved blackout functionality. Only administrators can define blackout periods and the defined blackouts trump scheduled scanning so users can feel confident that business operations won’t be impacted.


Asset Tagging
New asset tags facilitate flexible custom reporting and a graphical view of the security posture across all enterprise applications. Organizations can define (customize) their own tags to view applications and vulnerabilities from different vantage points. Organizations can tag by location, team or business functionality such as which applications store credit card data or Personally Identifiable Information (PII). In addition, organizations can define trending data to show vulnerability trends over time.


Custom & Graphical Report Generation
New custom report generators allow users to define filters to quickly find and analyze vulnerability information from their scans. The custom reports and charts provide fantastic presentation data for management.


Test Management Software Integration
NTOEnterprise is now capable of creating tickets for each discovered vulnerability in popular issue management systems. Supported systems: RSA Archer, HP Quality Center and Atlassian's JIRA.

Infrastructure & Performance
NTOEnterprise’s back-end infrastructure has been enhanced to optimize user experience and performance. The new installation model enables organizations to implement tighter security controls to each component.


For more information visit http://www.ntobjectives.com/security-software/ntoenterprise-centralized-application-security


About NT OBJECTives

NT OBJECTives, Inc. has been dedicated to solving the most difficult application security challenges for over 10 years. NTO’s software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NTO’s SaaS offering, NTOSpider On-Demand, can be augmented with enhanced services including false positive validation and business logic testing. NT OBJECTIVES is privately held with headquarters in Irvine, CA.

Read more »
Defaced Website
3xp1r3 Cyber Army Defaced Website

Famous Porn Network Hacked By 3xp1r3 Cyber Army



The Bangladeshi Hackers group known as 3xp1r3 Cyber Army hacked famous porn websites and defaced them.

The list of hacked sites are:
  • http://freehardcoreporn.xxx/
  • http://freecelebritysextapes.xxx/
  • http://findafuck.xxx/
  • http://celebritypornmovies.xxx/
  • http://redhotvoucher.com/
  • http://aienetwork.com/
  • http://xlmedianetworks.com/
  • http://aien.xxx/

At the time of writing this article, sites are not recovered and we are able to see the defacement.

The mirrors for the defaced pages:
http://zone-hack.com/mirror/id/62923
http://zone-hack.com/mirror/id/62924
http://zone-hack.com/mirror/id/62925
http://zone-hack.com/mirror/id/62926
http://zone-hack.com/mirror/id/62927
http://zone-hack.com/mirror/id/62928
http://zone-hack.com/mirror/id/62929
http://zone-hack.com/mirror/id/62930
Read more »
Myanmar Hackers
Bangladesh Cyber Army Cyber War Myanmar Hackers

Cyber-war :more Bangladesh Government sites hacked by Myanmar Hackers

After Bangladesh cyber army declares cyber-war against Myanmar and hack few government sites, Myanmar Hackers group known as 'Blink Hacker Group(BCH)' hack more Bangladeshi Government sites.

The hacked sites are Bangladesh Public Service Commission (BPSC),Information and Communication Technology Division,Cabinet Division,Pabna Textile Engineering College,Ministry of Defence,NID Registration Wing,Bangladesh National Commission for UNESCO.

Disaster Management Bureau(DMB),Department of Textile,Economic Relations Division (ERD),Bangladesh Election Commission,Ministry of Communication,Ministry of Civil Aviation and Tourism and more sites become victim of this cyber attack from Myanmar Hackers.

Hacker provide us the list of hacked sites.  Here you can find the list:
http://pastebin.com/raw.php?i=jnqXLNX1.


Hackers wipe out the database from the hacked sites. At the time of writing this article, all sites appeared to be suffering database connection issues.
Read more »
Security News
Security News

Bluebox Launches with $9.5 Funding Led by Andreesen Horowitz/Andreas Bechtolsheim Joins Board

Bluebox, a start-up developing the next evolution in enterprise security technology, announced today that it has closed a $9.5 million Series A financing round led by Andreessen Horowitz.

Additional investors include Andreas Bechtolsheim, co-founder of Sun Microsystems and one of the first investors in Google, SV Angel, Ram Shriram, board member of Google and one of its first investors, and Brian Cohen, former CEO of SPI Dynamics (acquired by HP). Along with the initial round of funding, Bechtolsheim and Scott Weiss, general partner at Andreessen Horowitz, have been named to the company’s board of directors.

Bluebox is founded by veteran entrepreneurs with strong security DNA. Bluebox CEO and co-founder Caleb Sima served as Chief Technology Officer for HP’s Application Security Center and was responsible for directing the lifecycle of the company’s web application security solutions. He joined HP following the acquisition in 2007 of SPI Dynamics, the company he co-founded and led as CTO, where he oversaw the development of WebInspect - a solution that set the bar in Web application security testing tools. Prior to co-founding SPI Dynamics in early 2000, Caleb worked for Internet Security Systems’ elite X-Force R&D team and as a Security Engineer for S1 Corporation.

Co-founder Adam Ely was previously CISO of the Heroku business unit at salesforce.com. Prior to salesforce.com, Adam led security operations, application security, and compliance for TiVo. Before TiVo, he led security functions within The Walt Disney Company, responsible for properties including ABC.com, ESPN.com, and Disney.com.

“Enterprise security on mobile is an unsolved problem, and, frankly, is in need of innovation,” said Bechtolsheim. “Bluebox is developing a solution that will change the way enterprises think of how to successfully and seamlessly protect their data.”

"This is the most amazing security team that I've seen in a long time," said Scott Weiss, general partner at Andreessen Horowitz and former CEO of IronPort Systems, which was acquired by Cisco. "They are going after one of the hardest problems that companies face and where incumbents have floundered."


Bluebox is hiring world-class developers, who want to work on breakthrough security technology. Interested individuals should contact the company rockstars@bluebox.com. Visit www.bluebox.com to learn more, or follow us on Twitter @BlueboxSec.

Read more »
Subscribe to: Comments (Atom)