Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Tesla Team
Database Leaked Hacking News Tesla Team

Government websites hacked, database leaked by TeslaTeam

 The infamous Serbian hacker group called as "Tesla Team" is targeting government websites belong to various countries.  The group has managed to find SQL Vulnerability in the target websites.

Affected websites includes Albanian Ministry of Economy Trade and Energy(mete.gov.al), Ministry of Finance and Economic Planning of Ghana(mofep.gov.gh),   Court of Bosnia(sudbih.gov.ba) and qashqadaryo.gov.uz.

The hacker didn't deface any of the hacked websites.  He managed to extract the data from the target database servers and leaked them instead.

The dump contains username and password credentials stolen from the database.  The group also provided the proof-of-concept link along with the database dump.
Read more »
Vritual Currency
Bitcoin hacker news Vritual Currency

Bitcoin falls after China restrict Banks from using Bitcoin as currency

Earlier today, Chinese government banned the country's Banks from using the virtual currency 'Bitcoin', warning that it could be used for illegal activities.

After China banned Banks from using Bitcoin in transactions, the Bitcoin prices fell from $US1,240 to around $1,079.

The government pointed out the list of risks using the virtual currency that has 'no price limit', 'higher risk of money laundering' and the risk of being exploited for criminal activities such as drugs and guns.

Considering the risks of using Bitcoins, the China Government concluded the bitcoin could not meet the requirements to be used in Bank transactions.

The public is free to use the Bitcoin in their online transactions if they ready to take care of the risks.
Read more »
Security Breach
Featured hacker news Malware Report Pony Malware Security Breach

Hackers steal 2 Million Facebook, Gmail, twitter accounts with Pony Botnet


Cyber criminals have stolen more than two Million facbeook, Gmail, Twitter, Linkedin and yahoo accounts with the help of Pony malware, according to report from Trustwave.

Security researchers at Trustwave gained access to the admin control panel of the "Pony botnet" which is storing a large amount stolen credentials from the infected machines.

According to their report, around 1,580,000 website login credentials, 320,000 email credentials, 41,000 FTP credentials were stolen.

Approximately 318121 facebook , 59549 yahoo, 54437 Google, 21708 Twitter login credentials were affected.

The most commonly used password is appeared to be the unsurprisingly the weakest one.  As usual, '123456' password keep it's position in the top.  The second & third is '123456789' and '1234' respectively.

Facebook, Linkedin, Twitter and other services is reportedly resetting the account's passwords.
Read more »
Security Breach
Breaking News Database hacked Hacking News Security Breach

JPMorgan Chase & Co's UCard website hacked, 465,000 users affected

JPMorgan Chase & Co, an American multinational banking and financial services holding company, has issued warning to around 465,000 card users regarding a security breach that might have allowed hackers to steal personal information.

According to the Reuters, the cyber attack happened back in July on their UCARD website "www.ucard.chase.com". However, the breach was only detected in the mid-September.

The company says the personal info of customers are encrypted. However, during the cyber attack, some data temporarily "appeared in plain text in files the computers use to log activity".

Though small amount of data was accessed, the company found no evidence showing that sensitive data such social security number, email id,date of birth were compromised.

Only Ucard users are affected by this security breach, others are not affected. Affected customers are being offered free credit-monitoring services for one year.

The company says it has fixed the issued and FBI & Secret service are investigation the incident to find out the attackers behind the breach.
Read more »
Wordpress Security
Backdoors hacker news Information Security Spam Report Wordpress Security

WordPress Plugins containing Backdoor distributed via phishing emails

What would you do when you receive an email offering Pro version of Wordpress plugin for free, if you are a WordPress user? Don't get tempted by such kind of emails, they also give malicious code for free!

Sucuri reported about a phishing emails asking their clients to download Pro-version of "All in one SEO Pack" WordPress plugin.  The email claims that the plugin is $79.00 worth and giving it for free.

"You have been chosen by WordPress to take part in our Customer Rewarding Program.  You are the 23rd from 100 uniques winners." The phishing email reads.

Credit : Sucuri

The download link provided in the email is not linked to WordPress plugin store, it is linked to a zip file hosted in a compromised website.

Security researchers at Sucuri analyzed the plugin and found out that it is modified with a Backdoor which gives attackers full access to the server.

The malicious code in the plugin replaces the index.php file with the malicious code retrieved from the attacker's server.  So, when user visit the site, they either redirected to SPAM sites or to Exploit kits where it will infect the visitor's system.
Read more »
IT security conference
CSPF Cyber Security Cyber Security awareness Cyber Security Privacy Foundation IT security conference

CyberTech 2014, International exhibition & conference for Cyber solutions


CyberTech 2014 (cybertechisrael.com) is one of the best International Cyber security conference going to happen in Israel which is Inaugurated by Israeli Prime Minister, Mr.Benjamin Netanyahu.

Leading multi-national companies, over a hundred start-ups, private and corporate investors, experts and many more are going to participate in this event.

The keynote speakers of the event are leading cyber security experts including Chairman and CEO of Kaspersky lab 'Eugene Kaspersky', Head of the Israeli National Cyber Bureau 'Dr.Eviatar Matania',  Senior Vice President of Cisco Systems 'Bryan Palma'.

Cyber Security Privacy Foundation(CSPF) is interested to take a delegation of corporate/companies to Israel.

Indian companies who would like to tie up with Israeli hi-tech cyber start-ups can contact CSPF.  If you need any assistance in getting VISA to Israel for the conference, you can also contact CSPF.

Contact Details of CSPF: Founder@CySecurity.org


Read more »
IT Security News
Anonymous hacker news IT Security News

More than 30 Anonymous twitter accounts suspended

Twitter has suspended more than 30 Anonymous related twitter accounts including @Anon_Central account which had more than 150k followers.

The move which is appeared to be the response to a campaign of misogynist abuse against feminist campaigners.

In a link(http://pastebin.com/NY6uGPZP) shared by the @YourAnonNews account, it claims that mentioning the twitter handles belong to Times columnist Caitlin Moran,freelance journalist Caroline Criado-Perez , campaigner Hannah Curtis, Labour MP Stella Creasy end up in account suspensions.

However, Criado-Perez denies she is nothing to do with those account suspensions and told the Guardian that "I certainly don't have the power to ban accounts, but I do report accounts that send threats and harass me".
Read more »
TOR
Anonymous Deep Web hacker news TOR

Deep web underground marketplace "Sheep Marketplace" hacked or it is scam!

 
Sheep Marketplace, an underground anonymous marketplace selling drugs and others on the "Deep web", has shut down after large amount of bitcoins allegedly stolen from their website.

The website became popular after feds shut down the similar website "Silk Road" in october.

The site admin claimed that the 5,400 Bitcoins worth $5 million stolen by a vendor dubbed "EBOOK101" who exploited a bug in their site.  However, other reports that more than 96,000 Bitcoins worth $40 million stolen.

However, many say the Sheep market is actually a scam. There is also a website called "sheepmarketscam" that provides facts about Sheepmarket being a scam.

The market claimed to provide refund the remaining bitcoins to the users.  However, none of them is appeared to be received anything so far.

Sheep Marketplace is reportedly linking to new unknown marketplace called "TorMarket". 
Read more »
IT Security News
hacker news Information Security IT Security IT Security News

Scientists developed Malware capable of sending data using Mic and Speakers


How a malware can steal the data from an infected system that doesn't have internet connection? You might think it is impossible.  Computer scientists say it is possible.

German Researchers at Fraunhofer Institute for Communication, Information Processing, and Ergonomics, say that a malware can transmit data using inaudible sounds.

It can steal confidential data or keystrokes using nothing more than a normal speakers and Microphones without any internet connection. 


Security researchers often suggest not to connect the system that has sensitive data to Internet so that cyber criminals can't reach them.  But now, It can steal from audio sounds without network connection.  So what now?! Then, Let us remove the audio devices. 

The researchers says it can be prevented by switching off audio I/O devices.  Sometimes, we might need audio devices.  In that case, the inaudible communication can be prevented "by application of a software-defined lowpass filter".

The researchers has described their idea in their paper entitled "On Covert Acoustical Mesh Networks in Air".  You can find the research paper here.

(h/t: Ars Technica)
Read more »
Ransomware
Fake Antivirus Information Security IT Security News Malware Report Ransomware

Antivirus that will alert about Criminal and Illegal content for $500

Isn't the title interesting?! There is no such Antivirus that will alert about criminal and illegal content.  It is being advertised in recently discovered ransomware.

Ransomware usually lock the victim's system or browser and displays a warning message pretending be from FBI or any other authority.  It will inform victims that their system is locked because of their illegal activities and asks them to pay money to unlock  it.

A new ransomware spotted by Malwarebytes team interestingly informs the victims that "Your criminal records have been deleted". 


The malware also suggest the victims to buy an Antivirus for $500 from them in order to unlock the system and avoid other legal consequences.

Those who fall for this scam end up in paying around $1200 dollars.  As i said earlier,  there is no such kind of antivirus exist.  After paying ransom, you will just receive a message "your browser will be unlocked within 12 hours" nothing else.
Read more »
Malware Report
DotCacheF Exploit Kit Exploit Kits hacker news Malware Report

TeamSpeak Forum hacked and redirects users to DotCacheF Exploit Kit

The official forum of TeamSpeak, a company that provides voice-over-Internet Protocol (VoIP) software, infected with a malicious script. 

Malwarebytes' honeypot found that TeamSpeak forum "forum[dot]teamspeak.com" is compromised and redirects to the DotCacheF exploit page.

Security researchers at Malwarebytes described that the infection is similar to the "malware infection on automobile forum" found by Kahu Security.


The malicious script injected in the forum takes several redirects to reach the Exploit kit landing page which is hosted on another infected website(atvisti[dot]ro).

The exploit kit page attempts to exploit the vulnerable plugin in the victim's browser.  If successful, it drops the ZeroAccess Trojan in the victim's machine.
Read more »
Subscribe to: Comments (Atom)