Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Spam Bots
Botnets Featured Security News Spam Bots

Dutch Authorities take down C&C servers used by Grum Botnet


Dutch Authorities did a great job by taking down two of the command and control(C&C) servers belong to  the world's largest spam botnet ,Grum. This is not complete victory, as there are still two other C&C servers at work, but researchers are optimistic that the volume of spam will drop as a result.

Last week, FireEye published the details on four C&C servers, actively controlling the Grum botnet.Two of the servers were in the Netherlands, one is in Russia and the other in Panama.

Now, Dutch authorities take down the two Secondary C&C servers located in the Netherlands.  The master CnC servers located in Panama and Russia are still alive.

"These two CnC servers were responsible for pumping spam instructions to their zombies. With these two servers offline, the spam template inside Grum's memory will soon time out and the zombies will try to fetch new instructions but will not able to find them," FireEye’s Atif Mushtaq wrote.

“Ideally this should stop these bots from sending more spam. I am sure the absence of the spam sent by the world's third largest spam botnet will have a significant impact on the global volume.”
Read more »
Security Breach
Defaced Website Security Breach

'Grey Security' Team hacked Palm Springs Police Officer Association

A hacker group called as Grey Security, claims to have breached the official website of the Palm Springs Police Officer Association (pspoa.com) as a form of protest against law enforcement.

“You've now awaken the beast,” the hackers wrote.

The data leak they published contains only the username and the clear text password allegedly used by the site’s administrator, along with the name of the database table from which they obtained the information.

It’s uncertain at this point if Grey Security did access PSPOA’s systems, but we can confirm that the site has been hacked at least once in the past.

Furthermore, we’ve found a number vulnerable URLs on various hacking forums. The attackers could have used the information to easily penetrate the site and obtain the admin’s credentials.


Read more »
NullCrew
Breaking News Database Leaked Hackers News NullCrew

South Africa's Leading ISP Directory site hacked by #NullCrew


NullCrew, The Hacker group that has taken credit for hacking WHO, ASUS and PBS ,returns with another major data breach. Hackers claimed to have access to the database belong to the South Africa's Leading ISP Directory and Community Portal(ispdirectory.co.z).

Hackers leaked the database in pasteBay. "We have hacked an ISP Directory from Africa, and we have dumped all the results." Hacker said in the leak.

The leak contains Usernames, passwords and Emails. Passwords are in plain text format.

We have informed about the security breach to ISP directory, waiting for their reply. 

Read more »
Web Application Vulnerability
Breaking News Vulnerability Web Application Vulnerability

[POC Video] Filter Bypass Vulnerabilities in Barracuda Appliances

Vulnerability-Lab researchers discovered a new serious vulnerability in the Barracuda appliances, that could affect a number of companies which rely on Barracuda products.

The input filter blocks persistent input attacks with a restriction/filter exception for double quotes, <>,frames, scripts & statements. The vulnerability allows to bypass the existing input validation filter & exception handling.


“The bug is located when processing to save the URL path name (DB stored) with attached file. The vulnerability allows the bypassing of the path URL name parse restriction which leads to the execution on a second vulnerable bound module which displays the input as output listing,” the advisory reads.

The Account MyResource Display (example listing + input) & Upload File modules are executing the earlier saved `save` path of url-path/folder which leads to the bypass of the input validation filter & exception-handling. The result is the persistent execution of malicious script codes out of the security appliance application context.


“The URL path function saves the context of the input path name (parsed) as client side request via URL. If the request is getting bound with the file, which is getting stored (persistent) and displayed later on the overview listings, the code is getting executed unauthorized out of the security application context (persistent|server-side),” the experts explain.

The researchers say that the flaw can be fixed by parsing the second input request of the “file upload” function and the path URL request.

To demonstrate their findings, the experts have published a proof-of-concept video :


Barracuda Networks has been notified of the issues sometime in May, but so far it’s uncertain when a patch will be made available.

Read more »
Vulnerability
Android Applications Android Malwares Application Vulnerability Breaking News Vulnerability

Yahoo! app vulnerability could be behind 'Android botnet'



Earlier this month, Microsoft Engineer ,Terry Zink said he discovered spam was being sent from compromised Yahoo accounts from what looked like an international Android spam botnet.

He stated that the messages all come from Yahoo Mail servers. They are all from compromised Yahoo accounts. They are sending all stock spam, the typical pump and dump variety that we’ve seen for years.  Furthermore, they all have the 'Sent from Yahoo! Mail on Android' text at the bottom of their spam.


Google, however, refuted that the spam were sent from an Android botnet, stating that the spammers behind this may have used infected PCs and fake mobile signature in an attempt to bypass email filters.

Security Researchers at Lookout have identified a security hole in the Yahoo! Mail app for Android, which they believed to be responsible for the so-called mobile spam botnet. Today, Trend Micro experts have confirmed the existence of the vulnerability.

They couldn’t precisely say if the vulnerability is in fact responsible for the spam sent out from mobile phones, but the fact that they independently appoint the same weakness as a possible cause makes this scenario even more plausible.


The vulnerability discovered by the researchers allow an attacker to gain access to a user’s Yahoo! Mail cookie.

This bug stems from the communication between Yahoo! mail server and Yahoo! Android mail client. By gaining this cookie, the attacker can use the compromised Yahoo! Mail account to send specially-crafted messages. The said bug also enables an attacker to gain access to user’s inbox and messages.

Read more »
NullCrew
Breaking News Database Leaked NullCrew

ASUS eStore hacked by #NullCrew


The Hacker group called as #NullCrew , managed to hacked into the ASUS eStore website and leaked confidential data in pastebin.

ASUS is a leading company driven by innovation and commitment to quality for products that include notebooks, netbooks, motherboards, graphics cards, displays, desktop PCs, servers, wireless solutions, mobile phones and networking devices.


"Greetings everyone. Today we decided to leak some very interesting information. Information from the Web-Admin from good old ASUS. " Hackers press release reads.

"I also found it a challenge because I saw the GoDaddy 'Security' icon. That said they were verified for proper security. Couldn't stop after I saw that ;). Enjoy."

The leak contains username ,hashed password stolen from the ASUS eStore site, includes the username ,password of Administrator account.

Read more »
Hackers Arrested
Cyber Crime Hackers Arrested

High-tech hacker gets 8 Years in Prison for $3M Hacking Scheme


The final member of a roving theft ring that combined high-tech hacking and old-fashioned burglary has been sentenced to nearly eight years in federal prison for a series of identity- and payroll thefts that took more than $3 million from up to 50 local businesses.

Joshuah Allen Witt, 35, appeared in U.S. District Court on Friday, where Judge Richard A. Jones imposed just under an eight-year sentence on charges that included conspiracy, aggravated identity theft and access-device fraud.


Witt, who pleaded guilty in April, received the same prison sentence as co-conspirator John Earl Griffin, 36, who appeared before Jones earlier. Witt will get credit for the nearly two years he has been in custody since his arrest.

A third defendant, Brad Eugene Lowe, 39, received a 6 ½-year sentence.

The Seattle Times reported that all of the men will be ordered to pay restitution, which will be determined at another hearing.
Read more »
Security News
Antivirus Security News

Recent symantec anti-virus update results in bluescreen of death


A bug in the recent update of Symantec's Anti-virus software caused some windows-based PCs to crash, the security software maker disclosed Friday.

An update earlier this week to Symantec Endpoint Protection 12.1 antivirus software for businesses caused some Windows XP-based computers to crash repeatedly with a "blue screen of death," the company revealed on its Web site.

The embarrassment comes at a challenging time for Symantec, whose shares have lost about a quarter of their value since it warned of a pending profit decline three months ago.

According to Reuters, the company knows so far of about 300 corporate customers that have been affected, and about 60 consumer customers.

Customers reported it took Symantec hours to identify and fix the bug and that they needed to fix computers broken by the tainted update on their own.

Symantec blamed the glitch on software compatibility issues that arose after an update was released late on Wednesday. PCs could be fixed if customers manually removed the software from each disabled computer, it said in an advisory.
Read more »
Security News
Breaking News Hackers News Security News

Russian hacker find a way to get Apple's In-app purchases for FREE


A Russian hacker has discovered a simple method that makes in-app purchases on the iPhone and iPad free.The process is potentially damaging for Apple's iOS developers whose main revenue comes from the paid upgrades.

The hacker,  who goes by ZonD80, posted a video on YouTube announcing his method and explaining how to do it. The video has been removed today by Apple Inc.

Your iDevice doesn't even need to be jailbroken in order to use the hack: You just need to download a couple of security certificates from ZonD80's website, change a single setting on your phone or tablet's Wi-Fi connection, and then you're done.

The Apple blog 9to5Mac has confirmed that the hack does work on several of its devices which run systems iOS3 to the up-coming iOS6.
Read more »

Operation save the Arctic : a campaign led by Anonymous

Operation save the Arctic – a campaign led by Anonymous – has reached its second phase, the hackers revealing the names of four other companies whose systems have been targeted.

According to the hacker CyberZeist, the new victims are Shell, Gazprom, Rosneft and BP Global.

“We know we’re going up against the most powerful countries and companies in the world.But together we have something stronger than any country’s military or any company’s budget. Our shared concern for the planet we leave our children transcends all the borders that divide us and makes us - together - the most powerful force today,” he said.

He claims that similar to “phase 1” of the operation, the email addresses they’ve obtained have been used to sign a “Save the Arctic” petition.

From Shell, the hacktivists leaked around 20 user email addresses and associated clear text passwords. BP Global’s databases appear to contain more information, over 400 email addresses and password hashes being published.

Around 200 credential sets were stolen by the hackers from Gazprom and approximately 80 from Rosneft. For some of the companies, database access details were also made available.
Read more »
XSS Vulnerability
Breaking News Vulnerability Web Application Vulnerability XSS Vulnerability

Tumblr patched the critical Persistent XSS vulnerability


A Security researcher, Riyaz Ahemed Walikar, has posted evidence of a serious persistent Cross Site Scripting(XSS) vulnerability on Tumblr, the popular microblogging platform.

XSS flaws are highly common on websites these days, but most of them are non-persistent and implicitly less dangerous.

"XSS can cause a lot of serious problems. An attacker can steal cookies, redirect users to fake or malicious sites, control a user's browser using automated frameworks like BeEF and download and execute exploits on the victim's computer," Researcher said in the blog post.

"Stored XSS is even more dangerous since the script is stored on the server and is executed everytime user visits an infected page."

Researcher found vulnerability  on the 'Register Application' page at http://www.tumblr.com/oauth/apps. The application was not sanitizing user input when a user would create a new application. An XSS attack vector like tester "><img src='x' onerror="alert(document.cookie)"/> would trigger an alert box, displaying the user's cookie, in the browser.

Tumblr were notified more than three weeks ago on the issue. Finally, they fixed the vulnerability Today(july 14).

If you don't know what XSS is, you can read this article "Xss For Beginners".
Read more »
Subscribe to: Comments (Atom)