Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Security News
Security News

XSS Vulnerability has been fixed in IP.Board 3.3.4 Release

Invision Power Services has released IP.Board 3.3.4. The new version comes with a number of functionality bug fixes, but it also addresses a cross-site scripting (XSS) vulnerability that affects the search result page.

The XSS security hole has been patched in IP.Board 3.3.4, but for older versions, customers must apply the patches made available by the vendor manually.

“Simply download the relevant zip file, expand and upload the file inside. The directory structure has been retained so you can quickly locate the file you need to update,” Invision Power Services representatives advise.

This is not the first time this year when an XSS vulnerability is identified in IP.Board. Back in February, a one-file patch was released for a flaw that could allow an attack in the Admin CP. A similar bug was also fixed in March.

 Update/Download Details
Read more »
Malware Report
Malware Report

Android.Dropdialer malware found in Google's official Android market


Symantec Security researchers has identified a new malware posted to the official Google Play market, a discovery that once again demonstrates the limitations of a recently deployed scanning service designed to flag malicious apps before they can be downloaded by end users.

The threats were posted as two popular titles, one as “Super Mario Bros.” and the other was packaged as “GTA 3 Moscow City”. Both were posted to Google Play on June 24 and since then have generated in the range of 50,000 to 100,000 downloads.

"What is most interesting about this Trojan is the fact that the threat managed to stay on Google Play for such a long time, clocking up some serious download figures before being discovered," researcher said. "Our suspicion is that this was probably due to the remote payload employed by this Trojan."

Once installed, it would download an additional package, hosted on Dropbox, called ‘Activator.apk’.This additional package sends SMS messages to a premium-rate number.

An interesting feature of the secondary payload is that it prompts to uninstall itself after sending out the premium SMS messages—an obvious attempt at hiding the true intent of the malicious app. The premium SMS is targeting Eastern Europe.

The threat has been removed after Symantec notified Android security Team of this discovery.
Read more »
Cyber Crime
Breaking News Cyber Crime

Hackers attempt to spy on DSM

Criminals have been creative as they came up with ways to steal data from major Dutch materials and life sciences company, DSM,. The hackers put USB sticks with spyware in a parking lot of the business and hoped that employees then the sticks in their laptop would do. DSM claims that the result was unsuccessful.


The unusual plan failed when one of the employee who is the first USB stick took it to the IT department who scanned it first. There was the malicious software was detected and the IP addresses that the malware communicated blocked.

The other infected USB sticks were detected. DSM said the attempt was clumsy, but it sounds to us like it was simply lucky. Not all the employees reported the infected USB sticks and they did put them into their company machines.

[source]
Read more »
Spam Report
Spam Report

“Don’t forget about meeting tomorrow” mail leads to Trojan attack

MX Lab intercepted a new trojan distribution campaign by email with the subject “Don’t forget about meeting tomorrow”.

The email is send from the spoofed address “LinkedIn <welcome@linkedin.com>” or “Files Tube >filestube@filestube.com>”and has the following body:
Don’t forget this report for meeitng tomorrow.
See attached file.

The mail has a zip file attachment "Report.zip".  It contains 83 kB large file Report_ALK_CON-39892-45.exe.

The trojan is known as W32/Trojan3.DUC, HEUR:Trojan.Win32.Generic, W32/Kryptik.AB!tr, W32.Cridex.

At the time of writing, only 19 of the 42 AV engines did detect the trojan at Virus Total.

The Same malware campaign has been intercepted by Sophos researchers.

"Interestingly, the spelling of the email's message body can vary - presumably this was done in an attempt to avoid rudimentary email filters which might attempt to block messages." Sophos researchers said.

As always, users are advised to think twice before opening attachments and following links contained in unsolicited emails.
Read more »
Vulnerability
SQL Injection Vulnerability Vulnerability

SQL Injection vulnerability in U.S Department of Defense

The hacker known as 'Zer0Pwn' claimed that he discovered SQL injection vulnerability in the U.S Department of Defense (dod.mil).

The vulnerability resides in the external login page of subdomain 'jieddo.dod.mil'. Hacker specified the SQLi vulnerability type as POST MsSQL injection.

In order to exploit the vulnerability, You must put an email before any of your queries, or else it won't work.For Example: asd@asd.com' or 1=convert(int, @@version)--

"I have quite an interesting vulnerability to share. I have tested it, and it does work. So instead of exploiting it, I thought I'd let you guys have some fun messing around with it."Hacker said in the release.


"I have left @TheWikiBoat. We had some personal issues going on between us, and I eventually decided it would be best for me and for the group that I leave. So now I'm flying solo again."
Read more »
null
Hackers Conference null

14th July 2012 null Bangalore Monthly Meetup

null meetup on Saturday 14th July 2012 starting at 09:30 AM. No registrations, no fees, just come with
an open mind :)

The Bangalore meet, as usual, is divided into 2 parts, the monthly
talks and the Training on Reverse Engineering. The Reverse Engineering
training will start at 12:30 PM by the SecurityXploded/Garage4Hackers
team.

The schedule for this months meet is as outlined below:

  • 09:30 - 10:10: Hands on Web Application Security: Mutillidae -
  • Vulnerable Web App - Satish
  • 10:10 - 10:25: Introductions
  • 10:25 - 11:05: Burpsuite for Beginners - Saran
  • 11:05 - 11:20: Networking
  • 11:20 - 12:00: Basics of IDS/IPS - Pravin
  • 12:00 - 12:20: Feedback & Topic discussion for next monthly meet
  • 12:20 - 12:30: Break
  • 12:30 - 01:50: Advanced Malware Analysis - Monnappa

VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.
Map Location: http://g.co/maps/dahhv
Parking is available in the building. See you there.
Read more »

July 9 DNSChanger virus

The so-called Internet doomsday virus with the potential to black out tens of thousands of computers worldwide appeared to pose no major problems Monday in the first hours after a fix expired.

Security firms reported no significant outages linked to the DNS Changer virus, as many Internet service providers have either implemented a fix or contacted customers with steps to clean their computers.

The problem stems from malware known as DNS Changer, which was created by a cybercriminals to redirect Internet traffic by hijacking the domain name systems (DNS) of Web browsers.

The ring behind the DNS Changer was shut down last year by the US Federal Bureau of Investigation (FBI), Estonian police and other law enforcement agencies, after infecting some four million computers worldwide.

Nearly 300,000 computers appeared to be still infected as of June, according to experts monitoring the problem.

Read more >>
Read more »
Malware Report
Malware Report

MMarketPay.A - New Android Malware Found in China Affects Over 100000 Devices


TrustGo, The Mobile Security Company claims that they found a new Android malware found in the wild in China.   The new malware is dubbed Trojan!MMarketPay.A@Android – is being distributed in nine different third party app stores.

When installed on a phone, the trojan places orders and downloads paid apps and video content without user's knowledge, which can result in unexpectedly high phone bills. According to TrustGo,the Trojan has infected more than 100,000 devices.

TrustGo Mobile mentioned that malware may arrive as repackaged apps with the following package names: com.mediawoz.goweather; com.mediawoz.gotq; com.mediawoz.gotql; cn.itkt.travelskygo; cn.itkt.travelsky; com.funinhand.weibo; sina.mobile.tianqitong or com.estrongs.android.pop.

“The ease and speed that malicious apps can be developed and distributed to unsuspecting users is one of the fastest growing security concerns. Anyone with a smartphone or mobile device is a potential target,” said said Xuyang Li, CEO of TrustGo.

In order to get rid of the virus, those with infected device can download a mobile security application that recognize this malware.You can Download the Trust Go Mobile Security from here.
Read more »
Malware Report
Breaking News Malware Report

Distributed malware network comprised of thousands of websites

Thousands of websites are being hacked and added to the Distributed malware network , warns Researchers at Sucuri Labs. The sites are being injected with the following iframe:

<iframe src="http://hackedsite.com/stats.php" name="Twitter" ..

"Once inserted, these iFrames can be controlled to distribute the malware of course, but they can also be used to add things like drive-by downloads, and other types of browser-based attacks. Although the exact vector is unknown, the malware has been found across sites with know outdated software, and in some cases known vulnerable versions." The Sucuri blog post reads.

How does a distributed web-based malware network function?
Site-X.com is hacked and a malicious file named stats.php is inserted into it. An iFrame is then added to source code from Site-Y.com/stats.php. Site-Y.com is also compromised, it has a stats.php file added to it, and an iFrame from Site-Z.com/stats.php added. 

"When all is said and done, you have a large network of compromised sites, all linking to each other and all with the same malware."
Read more »
Spam Report
Clickjacking Spam Report

Facebook Scam :At 17, she did THIS in public high school, EVERY day! Outrageous?


There is a video floating around facebook with a headlines that reads "[SHOCK] At 17, she did THIS in public high school, EVERY day! Outrageous?". Clicking the link leads you to the blogspot which pretends it is about to show you a video.

After analyzing the webpage, i found that the scam targets only users from Australia, U.S, Canada, South Africa,France, Ireland and UK. When a user from other countries try to visit the link, they will be redirected to google.com.

script used identify the country


The page pretends it is about to show you a video.However, the "play" button on the video hides a secret "Like" button, which means that you share the link even further across your social network by clickjacking - helping the scammers spread their link virally.

Facebook like script


There are numerous sites that mirror this. You should always be careful about what you click on on Facebook .

Few Attackers site
Read more »
Defaced Website
Anonymous Hackers Defaced Website

Presidency of Paraguay website hacked by Anonymous


The official website of the Presidency of Paraguay (presidencia.gov.py) has been hacked by Paraguay Unlocker Security, a group of Anonymous-affiliated hackers.

The site’s main page has been defaced to host a couple of images and a message to the government.

“[Expletive] this [expletive]. Government stop robbing people and build a better country,” reads a translation of the hackers' statement.

The website’s main page isn’t the only one affected by the breach. The hacktivists have also posted short messages and images on the photo album, videos, news, agenda, and presidency TV web pages.

The Facebook page and the Twitter account of the “Presidencia Paraguay” don’t seem to be impacted.

At the time of writing , the site still displayed all the messages and pictures published by Anonymous.
Read more »
Subscribe to: Comments (Atom)