Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Security News
hacker news IT Security News National Security Security News

Convicted Hackers could be recruited for UK cyber defence force


I consider this is best move by the United Kingdom- recruiting a convicted computers hackers for the Cyber Defence force.  The best way to improve the cyber security is hiring a hackers.

Lieutenant Colonel Michael White told BBC that even convicted hackers could be recruited if they pass security vetting.  He also added that the recruitment process will be based on "capability development" of a person instead of "personality traits".

Hundreds of computer experts are expected to be recruited by the British Ministry of Defence as cyber reservists to help defend the national security.

"The Cyber Reserves will be an essential part of ensuring we defend our national security in cyberspace." the Defence Secretary, Philip Hammond noted in September.  "This is an exciting opportunity for internet experts in industry to put their skills to good use for the nation, protecting our vital computer systems and capabilities"
Read more »
The RedHack
Anonymous hacktivists Hackers News The RedHack

Operation Direnis: RedHack and Anonymous Team Up for November 5 Protests


November 5 is Guy Fawkes Day on which Anonymous hacktivists and activists from all over the world participate in various protests.

According to Softpedia report, the famous Turkey hacktivists "RedHack" and the world famous hacktivists "Anonymous" have said to have teamed up for the Nov 5 protest.

The operation has been dubbed as "Operation Direnis(#OpDirenis)", "dirensis means "resistance" in Turkey.   Interestingly, the individuals claimed there will be no defacement, data leaks or any other cyber attacks!

 “Both Anonymous and RedHack are not solely based on hacks, leaks or the exposure of corrupt officials. The very core of both groups are based on activism, in where upon protesting and rebellion is an act of not chaos or anarchy, but of justice, truth and liberty,” the initiators of the operation stated.

 “We are here with you today to warn you of an operation that will either go down in history, or it will be forever forged in the stones of rocks, deep in the shadow and forgotten,”

 “It is up to the people of Turkey to make one final push to declare both their civil, human and political rights.”
Read more »
Twitter account hacked
Breaking News Hacking News Twitter account hacked

Twitter account of Malindo Air hacked

Malindo Air, an airline based in Malaysia, has lost control of their tweets after hackers hijacked their twitter account.

Hacker managed to tweet a false message saying "Dear all, in view of the recent events, Malindo Air is giving away 100,000 free seats from today till end of the week."

When a Malaysian politician Tony Pua retweeted and asking whether "Hacked or real?".  The hackers responded with "damn real, yb".


However, Malindo Air representative told local news report that they are not giving 100,000 free seats and apologized for the inconvenience.

"Dear All, our twitter account has been hacked. Please do not entertain the hacker. We will get to the bottom of this problem. Thank you."

It appears they have not yet recovered the account, the tweet posted by the hacker still appears even after 20 hours. 
Read more »
Syrian Electronic Army
Featured hacker news Syrian Electronic Army

#Exclusive: Qatar DNS hacked by Syrian Electronic Army -Facebook, Google Defaced

It appears almost all hackers like to do DNS hijack attack instead of targeting the main target.  DNS hijack attacks allows them to deface high profile websites such as Google, Yahoo and more.

Now, the famous Syrian hacker group " Syrian electronic army " has also chosen "DNS hijack attack".  The group compromised the Qatar Domain registrar "registry.qa".


The hackers successfully managed to change the DNS records of high profile websites and defaced them.  The list of affected websites includes Government and Military websites, Google Qatar, Facebook Qatar, Vodafone Qatar and more websites.




At the time of writing, most of the websites are still showing the defacement page while other websites displaying "CPU Limit Exceeded" error message.

It is still in question how hackers break into the Qatar Registry portal whether a usual social engineering attack used by SEA or any other vulnerabilities.  We will update once we get a word from the group.

*Update:
 We had talk with Syrian Electronic Army. The hackers told EHN that they have gained access to the registry administration by hacking 'domains.qa' and decrypting the passwords and then they logged to their emails.

"All the world know that Qatar is supporting the terrorists in Syria and today was the zero-day for them" SEA told EHN.

Exclusive screenshot

Read more »
Defaced Website
Defaced Website

Multiple Domains of Redbull hacked by Algerian Hacker Over-X

An Algerian Hacker known as Over-X has hacked into multiple domains belong to RedBull , a most popular energy drink company, and left them defaced.

Hacker didn't leave any special message. The defacement just contains the logo of RedBull and a title saying "Hacked by HCN".  He also left a link to his facebook page.


The hacked domains includes blogs.redbull.co.uk,  web.redbullrookiescup.com, redbullworld.at, redbullbedroomjam.com.au, racingcan.redbull.in, wob.redbull.nl and more.

The full list of hacked websites and mirrors can be found here:http://zone-h.com/archive/notifier=Over-X

However, the main domain (redbull.com) is not affected. At the time of writing, all domains still displaying the defacement page.

It is still question which vulnerability allowed the hacker to take control of these domains.
Read more »
hacker news
Anonymous hacktivists Anonymous Venezuela Breaking News Defaced Website hacker news

Anonymous Venezuela hacks Venezuelan Military and other government websites



The Anonymous Venezula has hacked into a number of Venezuelan government websites that includes Military website.

The list of affected websites includes hidropaez.gob.ve, Military Technical Academy(atmb.mil.ve), Military Counterintelligence Directorate(dgim.mil.ve), Aragua Police website(policiadearagua.gob.ve), Municipal Police of Vargas(policiamunicipalvargas.gob.ve).

The group also hacked one educational website "University of Falcon(udefa.edu.ve) .

"Good day Venezuela. What seemed to them the night and early morning we offered? In the next few days are a lot more action ;)" The tweets posted by the group reads.

"We are not criminals, we are just citizens voicing their dissatisfaction with this crap called "government". Politicians Tremble!"

At the time of writing, most of the websites are still showing the defacement page.
Read more »
Scareware
hacker news Malware Report Scareware

Advertising SDK delivers Android scareware, victims signed up with a premium-rate ringtone

Bitdefender researchers have uncovered that several legitimate applications containing the InMobi advertising SDK displays fake alert message.  It includes the older version of the legitimate "Brightest Flashlight Free" app available on Google Play.

The apps in question display pop-up informing that the user's device is infected with malware and urge them to purchase a tool to disinfect the malware.

The users who follow the link will be asked to enter the phone number to download the tool.  By doing so, they actually get signed up with a premium rate ringtone and wallpaper service that charges €3.00 per week plus taxes.



According to the researchers, the providers of the ad module ain't aware their service is being abused by cyber criminals to deliver malware. It appears the ad accidentally reached the market.

If you have fallen victim to this scam, you can just "unsubscribe by sending SMS to the number mentioned in the T&C section of the website", "immediately uninstall the apps you downloaded recently".
Read more »
Turkish hackers
Defaced Website hacker news RedHack Turkish hackers

Turkish Association of Enterprises with Public Participation website hacked by RedHack


Turkish Association of Enterprises with Public Participation's official website has been hacked by one of the famous Turkish hacktivist group "Redhack"

The website is showing the defacement page for more than 20 hours. At the time of writing, the main page(www.tkib.gov.tr) redirects users to the defacement page "www.tkib.gov.tr/dosyalar/dosya/dosya_14102013201228.html"


The defacement page contains the names of individuals who died a victim of police violence during the recent protests.

Last month, the same group leaked documents exposing police officers who allegedly killed Turkish Protester.
Read more »
Spam Report
hacker news Spam Report

Scammers once again take Advantage of Deepavali Festival

CyberCriminals always try to take advantage of festivals.  As expected, cyber criminals have started to sending Diwali themed scam emails.  Diwali/Deepavali is a Hindu festival which is being celebrated in Nov 2,this year.

One of the scam email spotted by Symantec experts which is purportedly from Reserve Bank of India(RBI) informs the users that they have been awarded a prize of 4 crore and 70 Lac Indian rupees(US$763,609) as a Diwali celebration promotion.

"Dear Lucky Winner, The Reserve Bank of India(RBI) Governor, Secretary-General of the United Nations met with the Senate Tax committee on Finance RBI Mumbai/Delhi branch. You have been awarded the total sum of 4 Crore, 70 Lac Indian Ruppes in the up-coming diwali celebration promotion " The scam email reads.

The recipients are asked to contact the RBI Regional director by sending email to a given email address to claim their winnings.   Keep in mind, there is no such kind of promotion.

Those who contact the scammers either will be asked to pay certain fees to get the prize money or will be asked to give certain personal/financial information.
Read more »
Security News
DNS Hijacking hacker news IT Security News Security News

MYNIC says the Google Malaysia DNS hijack is done through Reseller’s account

We recently learned that Google Malaysia main page was defaced via DNS hijacking. Malaysian Registrar MYNIC has published a statement saying the DNS hijack is done through one of their Reseller's account.

"We can assure there is no customer’s content, password information and other personal information affected by the redirect" Hasnul Fadhly Hasan, Chief Executive Officer (CEO) of MYNIC said in their official blog post.

MYNIC says it is "undertaking all necessary measures to monitor the situation and prevent further related issues".

Hasnul said that various security measures have taken place on MYNIC’s infrastructure since the first incident on 1st July 2013. The investigation shows their system is not compromised after the incident.

"However, this time around, the group manipulated reseller's account management. MYNIC’s next course of action is to immediately improve resellers’ security on account management" Hasnul added.
Read more »
Metasploit
Defaced Website DNS Hijacking vulnerability hacker news KDMS Team Metasploit

Metasploit and Rapid7 DNS hijacked and Defaced by Kdms Team


The domains of Metasploit.com and its parent company rapid7.com had been hijacked and defaced by the Kdms Team.  They had previously also had taken down down several high profile computer security related targets.


Mr. HD Moore (Chief Research Officer of Rapid7 and Chief Architect of Metasploit) told EHN how the domain was hijacked.





And when asked if the Domains were back in their control he said "yes" and explained why some people are still seeing the deface page.



Please note that a DNS attacks DOES NOT affect the server of the hacked site in anyway. Anybody could fall victim to it . The blame belongs to the Registrar not Rapid7.


This shows how even if you have the strictest security mechanisms there is always a "weak spot" that could be exploited and more often than not it is the "Human" element that is weakest. 
Read more »
Subscribe to: Comments (Atom)