Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Featured
Database Leaked Featured

Over 8 million Gamigo passwords leaked after hack



It’s been more than four months since gaming site Gamigo warned its users of a server breach, but the breach is still in the news as the hackers leaked more than 8 million user credentials.

In February 2012, Gamigo was hacked by someone who calls himself "8in4ry_Munch3r." The company's website was taken down for an extended period of maintenance. 

According to the site PwnedList, a total of 8 million accounts have been compromised; 3 million of these accounts belong to Americans. The list of compromised accounts was posted to a hacking forum(Inside Pro) earlier this month until it was removed late last week.

A 478MB file contains 8.2 million email addresses, usernames and password hashes.


It’s the largest leak I’ve ever actually seen,” says PwnedList founder Steve Thomas, whose startup seeks to track data breaches and alert users when their information is published. “When this breach originally happened, the data wasn’t released, so it wasn’t a big concern. Now eight million email addresses and passwords have been online, live data for any hacker to see.”

Following the attack, Gamigo informed their users about the breach and forced a password reset, but the risk of users having the same credentials for multiple accounts still remains.
Read more »
Malware Report
BlackHole Exploit Breaking News Malware Report

Japan Internet Service Provider, SpinNet contains malicious iframe



SpinNet, The leading Internet Service Provider in Japan, has been compromised and Executes malicious scripts, detected by Comodo's Site Inspector.

'home.att.ne.jp' contains iframe pointing to the malicious domain 'competechart.ru' which redirects to another sites.



Earlier today, 'hxxp://competechart.ru/in.cgi?16' redirects to malicious domain which hosts black Hole Exploit kit. At the time of writing, 'competechart.ru' redirects to bing.com.

UrlQuery detected competechart.ru url as SutraTDS , a Traffic Distribution Systems(TDS) package.  There are some other sites also infected by this iframe. A simple google search reveals the list of infected sites.

There are more malware domains that follows same method like competechart.ru, the list can be found at Sucuri Malware Labs .

Read more »
Hackers Arrested
Cyber Crime DDOS Attacks Hackers Arrested

Russian Man Arrested for distributed denial-of-service attacks on Amazon.com

International authorities have arrested a Russian man in Cyprus on charges that he was behind cyberattacks on Seattle-based Amazon.com and other online retailers in 2008.

Dmitry Olegovick Zubakha, 25, of Moscow, was indicted by a Seattle grand jury in May 2011 for conspiracy to intentionally cause damage without authorization to a protected computer and with being in possession of at least 15 unauthorized access devices. He's charged with aggravated identity theft in another case involving possession of stolen credit-card numbers in October 2009.

"The old adage is true: The arm of the law is long," said Durkan, who leads the Justice Department's Cybercrime and Intellectual Property Enforcement Committee. "This defendant could not hide in cyberspace, and I congratulate the international law-enforcement agencies who tracked him down and made this arrest."

The indictment, unsealed Thursday, says that Zubakha mounted two "denial of service" attacks against Amazon.com on June 6 and June 9, 2008. In both instances, the attacks flooded the online retailer's computers with requests to display pages with particularly large graphics and photographs.

The attacks overwhelmed Amazon.com's servers and caused their systems to crash. Zubakha and a co-defendant, Sergey Vioktorovich Logashov, are also accused of similar attacks on ebay.com and Priceline.com.

The indictment says the men took credit for the attacks in hacker Internet forums.

In one instance, Logashov is accused of calling Priceline.com and offering his expertise as a computer consultant to stop the attack. In October 2009, law enforcement traced the possession of more than 28,000 stolen credit-card numbers to the men.

Zubakha also is charged with aggravated identity theft for illegally using the credit card of a Lake Stevens resident. Logashov remains at large, according to the U.S. Attorney's Office.

The possession of illegal access devices and conspiracy counts each carry a sentence of as much as 10 years in prison and a possible $250,000 fine. Conviction on aggravated identity theft could add an additional mandatory two years on top of any other sentence they receive.

Zubakha is awaiting extradition.

source: The Seattle Times
Read more »
Software Release
Featured Software Release

Stonesoft released Evader - Free Advanced Evasion Technique Testing software


StoneSoft today released Evader, the first software based testing tool that empowers organizations to test their network security solutions' ability to withstand advanced evasion techniques (AETs), increasingly used in sophisticated cyberattacks.

"Evader is not a hacking tool, and Evader is not a penetration test to see if different exploits can enter your system. Rather, Evader tests if a known exploit can be delivered – using AETs – through your current security devices to a target host."

Evader launches a set of AETs against a tester’s own next generation firewall (NGFW), Intrusion Prevention System (IPS) and Unified Threat Management (UTM). As a result, organizations can understand whether these AETs pose a threat to their own networks and digital assets.

"Network security vendors have ignored the problem posed by AETs for a number of years," said Andrew Blyth, professor at Glamorgan University and an AET expert. "Stonesoft's free Evader test tool makes securing against AETs accessible for organizations of all sizes. Hopefully, this will encourage the whole network security industry to come together and seriously research AETs and their ongoing threat."

To download Evader for free and learn more about the tool, please visit evader.stonesoft.com. For more information about advanced evasion techniques and Stonesoft's new Evasion Prevention System (EPS) please visit aet.stonesoft.com.
Read more »
Cyber Crime
Cyber Crime

Mom Arrested for Hacking School Computers, Changing Kids' Grades

A former secretary for a Lehigh County school district is facing six felony charges for allegedly hacking into her children's school computer to change their grades and read school officials' emails.

Catherine Venusto, 45, from New Tripoli, Pennsylvania, worked as a secretary for the Northwestern Lehigh School District from 2008 through April 2011 and has at least two children in the district, according to the District Attorney's office.

She has been accused of changing her daughter's failing grade from an F to an M for "medical" in June 2010, and then changing her son's 98 to a 99 in February 2012, nearly a year after she quit her job as an administrative office secretary to work at another school district.

According to Lehigh Valley Live.com, Venusto allegedly used the superintendent's password 110 times over the course of a year and a half to conduct the mischief.

She was arraigned on Wednesday and released on $30,000 unsecured bail, which she'll only have to pay if she fails to appear in court for her preliminary hearing on July 26.

If she's convicted, Venusto could face a maximum of 42 years in prison or a $90,000 fine, District Attorney's office spokeswoman Debbie Garlicki told ABC News Radio. Garlicki said that the maximum penalty on each count is seven years or a $15,000 fine.
Read more »
Spam Report
BlackHole Exploit Spam Report

"Wire Transfer Confirmations" email leads to BlackHole Exploit site



Sophos Labs intercepted a spam campaign that claim to be related to a rejected wire transfer.

Although most savvy computer users would realise that unsolicited email is unlikely to be legitimate, there are some who might be vulnerable or merely curious enough to click on the HTML attachment, not realising that it can cause problems for their PC.


When user open the The HTML attachment , it displays 'Please wait a moment. You will be forwarded...'.


In the background, an obfuscated piece of code is performing a redirect to a hijacked Russian site that hosts Blackhole, the infamous exploit kit that leverages all sorts of known vulnerabilities to serve malware.
Read more »
Malware Report
Malware Report

Fake jQuery Website redirects to malware site


Be careful while including jQuery libraries in your website. Security researchers at Sucuri come across a fake jquery website(jQuerys.org) that serves redirection to malware sites. Did you notice 's' at the end of domain name?

If you click on the domain, it does a simple redirect to the correct jQuery website – jquery.com. But it hosts fake jQuery libraries.

The fake jQuery script (www.jquerys.org/class/jquery-1.6.3.min.js) may look fairly legit.  After analyzing the code, researchers found a code that loads the malicious websites.

"Ultimately the fake jQuery script loads a window that pops up the www.watchliveonline.org website. From some quick research we could see that this is nothing new, it has been active for over a month. The ultimate risk from what we could tell is the pop up leads you to a spammy site, no payload or other issues were found at time of analysis." Researchers wrote.

Security Tips:

  • Check your jQuery includes to make sure they are are from a legit source. If they are coming from jquerys.com, remove it immediately.
  •  Scan your site with Sucuri SiteCheck.
Read more »
Data Stolen
Breaking News Data Stolen

Cichlid forum hacked & 67,000 account details leaked by SirLeakAlot


A Hacker who call himself SirLeakAlot managed to break into the Cichlid forum (www.cichlid-forum.com),a discussion board dedicated to cichlid, an interesting fish from the Cichlidae family.

Hacker published the compromised data in AnonPaste.  Hacker splits the dump into three parts due to the size of it.

The dump contains username, email address and passwords.  The passwords are in encrypted form(MD5 hashes).


The hacker didn’t reveal the reasons why the website was targeted, but a Twitter post provides some clues.
Read more »
Database Leaked
Database Leaked

13 various Government websites hacked by #NetBashers


After taking a long break, The Hackers group "NetBashers" returned with pretty big targets. They managed to breach the 13 government websites belong to various countries.

Hackers leaked the compromised database in the pastebin.  Hacked sites are from Nepal,Maldives,Virgin Islands,Thailand,China, United Arab Emirates, Pakistan, Albania,Paraguay,Tanzania.

The leak contains username and passwords belong to those sites. The passwords are in encrypted form except the Paraguay government site.

Hackers also discovered cross site scripting vulnerability in Webroot website (webroot.com), Internet Security firm.  one of its audit pages found to be vulnerable to XSS.
Read more »
Defaced Website
Defaced Website

285 INDIAN SITES HACKED BY HCRACK2


A Hacker called HCrack2, Pakistan Hacker, hacked into 286 Indian websites and defaced them.


Few hacked sites :
http://indiprops.com/def.htm
http://streamstudio.co.in/def.htm
http://krome.in/def.htm
http://bells.ac.in/def.htm
http://subasurinderkaur.com/def.htm
http://webdesignerexperts.com/def.htm
http://humfauji.com/def.htm

The full list of hacked sites:
http://tinypaste.com/42ca0d28

The mirror sites:
http://arab-zone.net/attacker/0/HcracK2

In past, hackers also hacked more than 200 Indian websites.
Read more »
Cyber Crime
Cyber Crime

Estonian hacker gets 7 years for Theft of 240,000 Credit Card Details

An Estonian hacker , Aleksandr Suvorov, 28-years-old, was sentenced to seven years in prison for his role in a couple of hacking schemes that involved the theft of over 240,000 credit card numbers.

According to DOJ, Suvorov pleaded guilty in May 2009 to a wire fraud conspiracy charge, filed in the Eastern District of New York, for hacking into the national restaurant chain Dave & Buster’s and stealing more than 80,000 credit card numbers.

In addition, Suvorov pleaded guilty in November 2011 to a trafficking in unauthorized access devices charge, originally filed in the Southern District of California, related to the sale of more than 160,000 stolen credit card numbers to an undercover agent with the U.S. Secret Service.The case was originally filed in the Southern District of California.

The two cases were consolidated in the Eastern District of New York.

In addition to being sentenced to seven years in prison, Suvorov is ordered to pay $675,000 in restitution and satisfy a $300,000 asset forfeiture judgment stemming from the New York charges.
Read more »
Subscribe to: Comments (Atom)