Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

IT Security News
Ethical Hacking hacker news Information Security News IT Security News

Cyber Society of India wants to Ban Ethical Hacking course in India- Compares hackers to rapists


I was totally shocked when i heard the words came out from the President of Cyber Society of India(cysi.in) on local channel "Puthiya Thalaimurai'. The local channel covered a story about Ethical Hacking.

He told in the Puthiya Thalaimurai's interview that "Ethical hacking" is like ethical rape.  He asked "how one can claim it is legal by adding 'Ethical' word in front of Hacking".

He also added that "We are not doing rape in order to prevent rapes. Then, why we should do ethical hacking to prevent hacking?". 
  
It is ridiculous to compare ethical hackers with rapists. 

Here is Puthiya Thalaimurai's video covering Ethical Hacking (Tamil):


"I will say ban Internet, no Internet no Hacking we all will be safe. Even Pollution is increasing so shall we stop breathing????? " One hacker commented . " What I understand from my side is you should increase Cyber Forensics Courses so that we get good investigators."

"If you have good Cyber Forensics Investigators the crime rate will go down, and only those people will get enrolled to even Ethical Hacking Course who have good ethics as they know that if thet go wrong they will be arrested."

Yes, i agree with what hacker said.  An Ethical Hacking course with a cyber laws always produce a good ethical hackers.  We can't just simply ban ethical hacking course as India need more Ethical Hackers/PenTesters.  We just need to teach them cyber laws as well.

 "This is one of the most ridiculous discussions I have ever seen. Now guys will come and say don’t teach programming they will write virus" One cyber security expert comment.

"There is a great demand for “ethical” hackers all over the world and they are required to make cyber world secure. As its said in movie Spiderman “with great powers come great responsibilities” and should make kids understand the responsibilities associated with this great art."
Read more »
Security Breach
Breaking News Database Compromised Database Leaked Hacking News Security Breach

MacRumors Forums hacked, 860,000+ users data compromised


MacRumors forums have been breached by hackers who managed to obtain the information belonging to 860106 users that includes hashed passwords.

"In situations like this, it's best to assume that your MacRumors Forum username, email address and (hashed) password is now known." Editorial Director Arnold Kim wrote.

The hacker who behind the attack also made a post in MacRumors forum regarding the breach saying "We're not 'mass cracking' the hashes. It doesn't take long whatsoever to run a hash through hashcat with a few dictionaries and salts, and get results."

Hackers also claimed that they are not going to use the compromised credentials to log into gmail, apple accounts or any other accounts unless they target users specifically for some reason.

"Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place." the hacker added.

It appears hackers have gained access to the database by logging into the forum with the stolen credentials of a single moderator.
Read more »
Security Breach
Bitcoin hacked Breaking News hacker news Security Breach

Another Bitcoin related website Bitcash.cz reportedly hacked


We recently reported that an Australian who is running Bitcoin bank site claimed hackers stole $1m from their site.  It appears another organization related to Bitcoin is claiming that their website is compromised by hackers.

Bitcash.cz website calimed that hackers attacked their website on 11th November and stole Bitcoin wallet.

"Unfortunately, the nightmare became reality." wrote in the main page of the site. "Against an unknown perpetrator was filed. Due to the ongoing investigation, we can not further comment on specific questions about the attack."

Coin Desk pointed out an online post that "purports to show an email sent from a bitcash.cz email address", it says hackers are sending fake emails to users purportedly coming from Bitcash.

The recipients are asked to send 2 BTC to a wallet address in order to get back their Bitcoins.

"Due to the anonymous structure of the bitcoin it is impossible to differentiate between a real hack and someone claiming that they got hacked ." When we asked about the recent incidents, Suriya Prakash who has been researching into Bitcoins for quiet sometime said.

"The 'stolen' money can be made to disappear and come back some other way" Always store your BTC's in multiple physical wallets that are encrypted and only opened to make transactions"
Read more »
XSS Vulnerability
hacker news Vulnerability XSS Vulnerability

Critical security vulnerabilities patched in Adobe Flash Player and ColdFusion

Adobe has issued security hotfix for two critical vulnerabilities in ColdFusion web application server.  They have also issued security update for the Adobe Flash player.

The cross site scripting(XSS) vulnerability (CVE-2013-5326) could be exploited by a remote, authenticated user on ColdFusion 10 and earlier versions when the CFIDE directory is exposed. 

The other vulnerability in ColdFusion is "unauthorized remote access(CVE-2013-5328)"- marked as critical security flaw.

Adobe Flash Player 11.9.900.117 and earlier versions are vulnerable to a critical bug that "could cause a crash and potentially allow an attacker to take control of the affected system".

Users are recommended to follow the instruction provided in these pages: 1.http://www.adobe.com/support/security/bulletins/apsb13-27.html , 2.http://www.adobe.com/support/security/bulletins/apsb13-26.html 
Read more »
IT Security News
hacker news Hackers Conference IT security conference IT Security News

DefCamp 2013 : International hacking and information security conference in Romania

 

Between 29-30th of November, Crystal Palace Ballroom, Bucharest is hosting the fourth edition of one of the most hypnotizing events on hacking & INFOSEC in Romania and South-Eastern Europe - DefCamp. The list of special guests contains big names, such as Raoul Chiesa, founder and president of The Security Brokers and Carsten Eiram, Chief Research Officer at Risk Base Security.

The conference that will take place this fall will engage participants in discussions about how to travel for free with Bucharest Public Transit (RATB and Metrorex), hijacking control of your car, hacker profiling, 0days, PRISM, mobile security problems, DDOS, networking, P2P networks, D&D APT’s, social engineering, camera surveillance, metasploit, header analysis, application security research, NSA, Snowden, privacy concerns, credit cards, Romanian Internet scanning, networking, P2P networks, SSL ripper lock picking, copyrights, Romanian laws, secure system administration with key industry specialists from Romania and abroad holding presentations.
 
The conference will also include a series of hands-on activities such as DCTF (DefCamp Capture the Flag), App2Own, Hack The Machine and Spot The Cop, rewarded with prizes.

Keynote presentations will be held by our special guests:
  •  Raoul "Nobody" Chiesa, president of The Security Brokers
  •  Carsten Eiram, Chief Research Officer at Risk Base Security.
  • The awesomeness is powered up by:
  •   Kizz MyAnthia, Senior Penetration Tester – Shadowlabs at HP Enterprise Security
  •  Nathan LaFollette “httphacker”, Senior Security Consultant – Shadowlabs at HP Fortify
  •  Nir Valtman, R&D Chief Security Officer at Retalix
  •  Robert Knapp, Co-Founder & CEO CyberGhost SRL
  •  Milan Gabor, CEO at Viris
  •  Adrian Furtuna, Security Consultant at KPMG Romania
  •  Bogdan Alecu, System Administrator at Levi9 and one of DefCamp's traditional speakers
  •  Alex Negrea, Co-founder at docTrackr.com
  •  Andrei Costin, PhD student with EURECOM & Co-Founder/Lead-Researcher at Firmware.RE
  •  Ionut Popescu, Security Consultant at KPMG
  •  Dan Catalin Vasile, Board Member of OWASP Romania
  •  Brindusa Stefan Cristian, Lead-Developer at RogentOS GNU/Linux
  •  Radu Stanescu, IT Security Consultant & Trainer Sandline
  •  Bogdan Manolea, legi-internet.ro
  •  Bogdan-Ioan Åžuta, Independent Security Researcher.

“We have awaited the 48 hours of DefCamp 2013 since the closing moment of the last edition. It is hypnotizing to exchange ideas, to compete, to expand your knowledge and to meet people who you know only from the virtual world. I wish I could also participate to fully enjoy these moments!", said Andrei Avădănei, founder and coordinator of the Defcamp conference in a press release.

DefCamp managed, in just 4 editions, to be the most awaited conference in the entire information security and hacking scene in Eastern Europe. It's the perfect time to join and feel the vibes.

For more details you can access our website or contact us directly at contact@defcamp.ro.  Don't forget to sign up! European students pay only 50% of the ticket!
Read more »
Vulnerability
Cyber Security SQL Injection Vulnerability Vulnerability

Vevo website hacked by TeslaTeam via SQL Injection vulnerability

Tesla Team, one of the hacker group from Serbia has claimed to have breached the Vevo website(Vevo.com).

Vevo is a joint venture music video website owned and operated by Universal Music Group, Google, Sony Music Entertainment, and Abu Dhabi Media.

The team has discovered a SQL Injection vulnerability in one of the sub-domains of Vevo website that allowed hackers to compromise their database.

In a pastebin leak(pastebin.com/TAjce91x), the group leaked a vulnerable link as well as a proof of concept that exploits the vulnerability.  The dump of the database is claimed to have containing emails and password of admins and other users.

It appears some one with username "JoinSeventh" in HackForums has already published the vulnerability details in 2012.
Read more »
IT Security News
Breaking News Bug Bounty Programs Hacking Challenge IT Security News

Hacking Challenge : Hack Tresorit and get $25,000 Bounty

 

Hungarian developers Istvan Lam and Szilveszter Szebeni are offering $25,000 Bounty to any White hat hackers who can hack the layers of defenses protecting their startup "Tresorit" , VentureBeat reports.

Tresorit is intended to offer a truly secure cloud storage service where user's files, passwords, encryption keys never stored in unencrypted form - being referred as high-security alternative to DropBox.

"Files and some corresponding encryption keys can only be decrypted by the people you have explicitly shared with."

The site offers client-side encryption in which the encryption of files is performed before getting into the cloud.  The AES-256 standard is used for encrypting the files.

"All of our data centers employ physical security measures against intrusion, and are equipped with uninterruptible power and backup systems."
Read more »
Vulnerability
CSRF vulnerability Stored XSS Vulnerability Vulnerability

Vulnerabilities in RunKeeper website could allow hackers to run XSS worm

A security researcher David Sopas has discovered a Cross site scripting and Cross Site Request Forgery(CSRF) vulnerabilities in the RunKeeper website, official site of popular GPS fitness-tracking application.

The POST request in the "Account Setting" page failed to use security token to validate the request results in CSRF vulnerability.  It could allowed cybercriminals to modify information of an authenticated user by tricking them into clicking a crafted link that will send a malicious request.

The Persistent XSS vulnerability on user Account Settings and on the profile page poses a potential security risk.  The cybercriminals could have launched a malicious cyber attack and infect millions of users.


Creating Hybrid attack that take advantage of XSS and CSRF vulnerabilities results in hijacking user profile. Hackers also could have modified POC little bit and run an XSS worm.

Runkeeper fixed these security issues immediately after got a notification from Sopas.
Read more »
Security News
Breaking News cyber espionage IT Security News Security News

UK spies reportedly used fake Linkedin pages to gain access to target network

British Intelligence Agency GCHQ(Government Communications Headquarters ) reportedly tricked employees of mobile communications companies and billing companies with fake Linkedin and Slashdot pages to gain access to their network.

The news was initially reported in the German magazine Der Spiegel based on secret GCHQ documents leaked by NSA whistleblower Edward Snowden.

The first known attack was targeting partly government-owned Belgian telecommunications company Belgacom. 

Once the employees visit the fake pages, the malware surreptitiously installed in the victim's system, it will act as backdoor and gives unauthorized access to Internal networks of Belgacom and its subsidiary BICS. The goal was to gain access to the GRX Router System operated by BICS in order to intercept phone traffic.
Read more »
Stuxnet
Cyber Attacks Featured Malware Report Stuxnet

Notorious Stuxnet malware infected Russian Nuclear Plant, claims Eugene Kaspersky

 

The notorious Stuxnet malware which is widely believed to have been developed by US and Israel to target Iran Nuclear plants, managed to "badly" infect the internal network of Russian Nuclear power plant.

Eugene Kaspersky, founder of the Russian antivirus company Kaspersky, said a friend of him working at unnamed nuclear plant told him that their nuclear plant network was disconnected from the internet which is badly infected by Stuxnet.

"So unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity." SC Magazine quoted Kaspersky as saying.

"All the data is stolen," Kaspersky said. "At least twice."

This is first time the Stuxnet infects the major nuclear plant outside of its intended target in Iran.
Read more »
Zero Day exploit
Hacking News IE Vulnerability Vulnerability Zero Day exploit

New IE Zero-day vulnerability exploited in the wild, infects with malware


New Internet Explorer zero-day vulnerabilities are currently being exploited in the wild in Watering Hole Attack, infects the visitors of malicious websites with malware, Security researchers at FireEye Labs warn.
 
One of the vulnerability is an Information leakage that affects windows IE8 in Windows XP and IE9 in windows 7.  The exploit sends timestamp retrieved from the PE headers of msvcrt.dll" which is being used for choosing exploit.

The second one is memory access vulnerability designed to work on IE 7 and 8 in Windows XP, and Windows 7.  The researchers also discovered the vulnerability affects IE 7,8, 9 and 10.

After successful exploitation, he shellcode used in the exploit launches rundll3d.exe and inject malicious code.  The malicious code then downloads and runs malware file from attacker's server.
Read more »
Subscribe to: Comments (Atom)