Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Vulnerability
hacker news Remote Code Execution Security Advisory Security News Vulnerability

OpenSSH fixes a critical code execution vulnerability

 

OpenSSH , a tool that provides encrypted communication sessions over a computer network using the SSH protocol, has patched a critical code execution vulnerability.

"A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange." The security advisory reads.

"If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations."

The vulnerability was identified by an OpenSSH developer Mark Friedl on November 7th.  The fix has immediately been issued.

The flaw is fixed in OpenSSH 6.4 version.  There is security patch available for those users who prefer to continue use OpenSSH 6.2 or 6.3.
Read more »
Malware Report
Breaking News hacker news Information Security IT Security News Malware Report

Cybercriminals embed Banking Trojan inside RTF file

If you are waiting for a bank receipt via email and living in Brazil, then be careful. Kaspersky security researchers have spotted a spam mail in which Brazilian Cyber criminals have come with a new and interesting trick to infect recipients.

The attack starts with a spam mail carrying "Comprovante_Internet_Banking.rtf"("Receipt from Internet Banking.rtf) file as attachment.

Usually, the attachment will be an executable file masquerades as a pdf file or an exploit file. Interestingly, in this case, it is just RTF file and is not exploit file. But it doesn't mean that the file is innocuous file.

When a user open the RTF file, the document shows an image thumbnail with a message "Click to see in a larger size". You may think what is going to happen when clicking an image thumbnail in a rtf file, but you will be presented with a message saying a CPL file is about to be executed.


Yes, it is a malware. Kaspersky detects it as "Trojan.Win32.ChePro", a Brazilian banking trojan written in Delphi.

How did the cybercriminals insert a malware inside a document?! The .RTF file and few other text editors allows us to insert file objects inside documents even an executable file. The attackers managed to embed the malware file using this feature.
Read more »
Scam Report
Cyber Crime Report cybercriminals Fraudsters hacker news Hackers Arrested Scam Report

Cyber criminals convicted of stealing more than £1 million using Fake job ads

Organized criminal network of five men and one woman have been convicted for stealing more than £1million from job hunters using fake job advertisements.

The members of the criminal are Adjibola Akinlabi (aged 26), Damilare Oduwole (26), Michael Awosile (27), Nadine Windley (26) and Temitope Araoye (29) and a malware writer "Tyrone Ellis (27)".

The evidence gathered by authorities including phone and online chat records shows that they made more than £300,000 from their fraud scheme. However, the officers believe it could be much higher , possibly more than £1million ($1.6m).

According to the National Crime Agency report, the fraudsters targeted innocent job hunters with fake job ads. Those who responded to the ads were sent a link via email asking them to complete an application form. Once the user clicks the link , it inadvertently install malware in victim's system.

The malware is capable of recording keystrokes and capturing victim's financial and personal data.

The compromised information is used by the fraudsters to get a new credit and debit cards, pin numbers.

The crooks will remain in custody and expected to be sentenced on Thursday 14 November.
Read more »
hacker news
Anonymous hacktivists Database Leaked hacker news

Anonymous hacktivists leak Mafia, corruption documents compromised from Italian Government


Anonymous hacktivists has leaked a number of documents which is said to have compromised from the personal computers of regional administrations, mainly presidents of Calabria, Lombardia, Sicilia, Toscana, Campania and Puglia.

The leak is only the first leak in series of leaks targeting Italian regional Government. This first leak contains documents compromised from personal computer and mobile devices of Giuseppe Scopelliti, an Italian politician and a member of The People of Freedom political party.

"Giuseppe did nothing to stop mafia in Calabria spreading like plague,
nor he did anything to at least look like trying." hackers wrote in cyberguerilla website.


The hacktivists have posted a 400MB archive file containing 1000 documents and Gallery of 27 documents.

"This is just a beginning. People of Italia do have the right to know what the government is involved in, especially when it comes to mafia wars and corruption in the region." hackers wrote.
Read more »
Syrian Hackers
Breaking News hacker news Security Breach Syrian Electronic Army Syrian Hackers

Exclusive: Vice.com hacked by Syrian Electronic Army, redirects to SEA website

Syrian Electronic Army known for hacking high profile US based websites has once again come up with high profile website hack.

Today, the group hacked into VICE main website(vice.com), an US based international magazine focused on arts, culture, and news topics.

The hackers managed to gain access to the administration panel of the website and modified the website to redirect to hackers' website.

"Dear the @VICE, Your website was hacked in order to deliver a message" The tweet posted by the hackers reads.



They also published an article saying "Your website was hacked by the Syrian Electronic Army. This time we just deleted the article that you claimed in it that you exposed "Th3Pr0" identity. But you didn't. You published names of innocent people instead. The second time we will delete all your website"

Exclusive: The group provided us two screenshots of Gmail account belong to the Vice's employees. One of the account belong to the Developer of the Vice website who have full access to the website.

Even Though the developer got a warning about phishing attempt from his VICE cms manager, he fall into the trap of hackers.

They group also claimed to have hacked into the mailchimp account and managed to send mail to 33,000 subscribers.
 
Read more »
Security Breach
Bitcoin Bitcoin hacked Breaking News hacker news Security Breach

Hackers steal $1 million from Australian bitcoin bank website

 

An Australian entrepreneur who is running the Bitcoin bank website has claimed hackers stole more than $1 million of virtual currency bitcoin from his website(Inputs.io).

The security breach reportedly took place on both October 23 and October 26, hackers managed to steal 4,100 bitcoins worth more than $1 million, according to service’s operator only known as "Tradefortress".

In an email interview with Fairfax media, TradeFortress said he would try to refund some of the money using more than 1,000 bitcoins he personally owned.

He said he won't be reporting the incident to law enforcement because there were "extremely limited actions" it could undertake considering the currency can't be easily traced, According to the Sydney Morning Herald report.

A spokesperson for the Australian Federal Police told Daily Mail that a theft of bitcoins has never been investigated but if it was reported to officers then police would investigate it like any other theft.
Read more »
IT Security News
hacker news Information Security IT security conference IT Security News

Ground Zero Summit 2013 - Asia’s largest Information Security Summit Kicks off in New Delhi

New Delhi, November 07, 2013: In an attempt to generate information security awareness and combat sophisticated threats that the country is facing in cyber security domain, the “Information Security Consortium” - an independent apex body and an outcome of an alliance between industry and Government of India kicked off Ground Zero Summit 2013 at Hotel Ashok, New Delhi today.


The inauguration speech by given by Dr. Rajagopala Chidambaram, Principal Scientific Advisor to Govt. of India, the special address was made by Mr. Pratyush Kumar, Chairman – National Council on Cyber Security, ASSOCHAM. Special Keynote was given by Dr. S.K. Nanda, Additional Chief Secretary, Home, Government of Gujarat and Dr. Gulshan Rai, National Cyber Security Coordinator - Director General, CERT-In, Government of India and Mr. Muktesh Chander, IPS, Joint CP, Delhi Police. Shantanu Ghosh, VP and MD – India Product Operations, Symantec Corporation addressed an executive keynote on Cyber readiness challenges. Special note was given by Chief Guest H.E. Shekhar Dutt, Governor of Chhattisgarh.

Day 2 will witness Keynote by Dr. Nirmalijeet Singh Kalsi, IAS, Joint Secretary (Police) – II, Ministry of Home Affairs, Government of India; Capt. P Raghu Raman, CEO, NATGRID and John McAfee, Original founder, McAfee.

The two day conference will take a holistic view of the Information Security landscape in Asia and will examine various issues related to it. It also focuses on the Information Security challenges emerging on the horizon and looks at finding ways in which enterprises, service providers and government can overcome challenges. The vision of the Summit is to guide the development of next generation cyber security policies and technology, to bring about changes in the current process, involve all affected industries and form the largest PPP in this domain.


Ground Zero Summit is a result of collaboration between different security conferences in the country that have joined hands to create a massive platform for cyber security research, technology showcase and policy creation and amendments. Ground Zero Summit in its debut year has emerged as the largest collaborative platform in Asia for this. It has proved to be Asia’s largest Information Security gathering for industry experts converging private and government players, to bring across issues in information/cyber security space, which is being presented, debated and deliberated over four days - two days of technical conference, followed by two days of hands-on technical workshops on information security. G0S will be a triple track conference with papers, demos and presentations focusing on the key areas concerning Information Security.

Some of the key focus areas at the event were:

  •  Cyber readiness challenges
  • Cloud Security: Enabling continuous, scalable security for today’s hyper connected world
  •  Exploring accuracy and correctness of modern network defence products
  •  Towards a next generation secure Internet
  • Evolution of network security around Software Defined Networking (SDN) – The intelligent network
  •  Internet – Transforming terrorism
  •  Surveillance, privacy and cyber espionage, in the aftermath of PRISM

The summit is a result of an industry - government alliance in this domain, and a collaborative effort between the four major cyber security conferences in the region viz. ClubHack, c0c0n, Malcon, nullcon and InfoSec research firm INNEFU. The summit will be executed by UBM India Pvt Ltd, a leading player in the live media space and the largest trade exhibition organizer in India responsible for over 20 large scale exhibitions.
Read more »
Security News
hacker news IT Security News Security News

CSPF Cordially invites you for a lecture by Mr. Larry Clinton

This lecture will review the current emerging trends of various types of cyber threats and find ways and means of how to manage and avoid them.


Larry Clinton is the President and Chief Executive Officer of the
Internet Security Alliance (ISA). ISA is a multi-sector trade association with membership from virtually every one of the designated critical industry sectors. The mission of the ISA is to combine advanced technology with economics and public policy to create a sustainable system of cyber security.

Mr. Clinton is known for his ability to take the complicated issues in this space and explain them clearly to a wide range of audiences:


Professional, policy makers and the general public. He has been featured in mass media such as USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC.


He has also authored numerous professional journal articles on cyber security. This year he has published articles in the Cutter IT Journal, the Journal of Strategic Security and the Journal of Software Technology

Programme =========
10.00 a.m. : Tea & Registration
10.30 a.m. : Lecture
12.30 p.m. : Conclusion

Location: Anna University Chennai
Free Registration is here: www.cysecurity.org/larryclinton.php
Read more »
PenTesting
Ethical Hacking Ethical Hacking Training hacker news IT Security PenTesting

Break The Security - Hands on Ethical Hacking and Cyber Security Training for Corporate


Cyber Security & Privacy Foundation is proud to announce the Corporate training in Chennai. The attendees will be trained by four security researchers on various cyber security topics.

The training starts with introduction to information security field and various classes of hackers. It will be hands on training, we will demonstrate the usage of various security tools and will help the attendees to use it.

The course covers various tookits including TamperData, Hackbar, Maltego, FOCA , Live HTTP Headers plugin and more.

We also give training on advanced tools for vulnerability assessment and penetration testing which includes Metasploit, Nmap, Nessus, sqlmap, and more.

Attendees are requested to bring their own laptops installed with isolated network like VMware/Virtual box to gain hands on exposure.

Venue:

Computer Society Of India Head Quarters,
Educational Directorate- Taramani,
Chennai
Chennai, Tamil Nadu

Price:

The Corporate Training tickets would cost Rs. 2000/- per person.

Lunch and Tea/Snacks will be provided at the venue.

Registration Link:

http://www.meraevents.com/event/break-the-security-training–ethical-hacking-hands-on-for-corporate

For more details , visit : http://cwhh.cysecurity.org/?page_id=81
Read more »
Security News
hacker news IT Security News Security Breach Security News

Harbor Freight Tools admits its payment processing system hacked

Harbor Freight Tools, a California based privately held discount tool and equipment retailer, began notifying a number of their customers that its payment processing system was hacked.

According to the report, the security breach affects only credit and debit card transactions took place in between May 6,2013 and June 30,2013 in their stores.

The information accessed by cyber criminals includes card account number, expiration date, and card verification number. In a number of transactions, cardholders' name was also accessed.

"If you see a fraudulent charge on your card, please immediately contact the bank that issued your card. Major credit card companies typically guarantee cardholders will not be responsible for fraudulent charges." Eric Smidt, Chairman & CEO of Harbor Freight Tools wrote.  "Please be on the lookout and review your account statements for any unauthorized activity."
Read more »
hacker news
Breaking News Defaced Website hacker news

Anonymous Philippines Hacked Government Websites Against Corruption

Anonymous Philippines group has contacted E Hacking News with a list of hacked government websites. The group mentioned the hacking attack is part of protest against corruption.

"We apologize for this inconvenience, but this is the only easiest way we could convey our message to you, our dear brothers and sisters who are tired of this cruelty and this false democracy, tired of this government and the politicians who only think about themselves."  The defacement message reads.

"The government, in many ways, has failed its Filipino citizens. We have been deprived of things which they have promised to give; what our late heroes have promised us to give. Let us remind the government that fairness, justice and freedom are more than words. They are perspectives.
"

Here is the list of affected domains:

http://www.philembassy-seoul.com/

http://www.pasigcity.gov.ph/

http://www.pateros.gov.ph/

http://www.insurance.gov.ph/UserPictures/index.html

http://candoncity.gov.ph/

http://braulioedujali.gov.ph/

http://spda.gov.ph/

http://3rddistrictoflaguna.com/

http://bansud.gov.ph/

http://gloria.gov.ph/

http://magarao.gov.ph/
http://bolinao.gov.ph/home/
http://kalingaprovince.com/
http://kalinga.tabuk.gov.ph/
http://tabuk.gov.ph/
http://www.vigancity.gov.ph/
http://mgbcar.ph/


Read more »
Subscribe to: Comments (Atom)