Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Security News
Data Breach hacker news Security Breach Security News

University of North Carolina notifies 6000 individuals affected by Data Breach

University of North Carolina is investigating a data breach in which files containing more than 6,000 people's personal information inadvertently became accessible on the Internet.

The exposed information including Social Security numbers, addresses, birth dates, Tax id belong to current and former University employees, students and vendors.

The university came to know about this incident on Nov. 11, it immediately started forensic investigation.

According to their investigation, the safeguards protecting the files public access were accidentally disabled during the maintenance of one computer on July 30.

The university also learned that Google also indexed the link to the file. So, they asked Google to remove the index. On Nov. 23, Google removed the link from their database.

On Dec. 13 , the university began notifying those individual affected by this data breach.
Read more »
Web Application Vulnerability
Bug Bounty Hunter David Vieira-Kurz hacker news Remote Code Execution Vulnerability Web Application Vulnerability

Remote Code Execution vulnerability in Ebay website

David Vieira-Kurz, a Security researcher from Germany, has discovered an interesting Remote Code execution vulnerability in the eBay website.

The 'q' parameter in the 'search' page of South Asian Ebay domain (sea.ebay.com/search/?q=david&catidd=1) is found to be vulnerable to remote code execution.

The researcher cleverly managed to pass the 'q' parameter as array with a command that successfully got executed.

Proof of concept provided by the researcher prints the information about the PHP running on the server:
  sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1

An attacker could have exploited this vulnerability to run OS commands and managed to compromise the entire server.  However, David reported about this vulnerability to eBay security team, the vulnerability has been fixed now.

He also discovered a SQL Injection vulnerability in the same domain last year.

The full technical details is available here.
Read more »
Spam Report
hacker news Phishing Attack Phishing scam Spam Report

Halifax Bank phishing email claims "3rd party Intrusion detected"


A phishing email targeting UK-based Halifax Bank users attempt to trick recipients into handing over their sensitive information.

The email informs the recipients that "3rd party intrusions" have been detected and their account has been limited for security reasons, according to Hoax-slayer.

To restore the account, it asks recipients to confirm their identify and verify that their account has not been used for fraud purposes, by filling an online validation form.

Once the victim opened the link provided in the email, it will take them to a fake Halifax Bank website where it will ask them to log in.  Then, it will ask victims to enter their personal information such as name, phone number, birth dates.

In next form, they will be asked to enter sensitive information such as Account Number, sort code, card number, expiration date and security code.

As usual in phishing scams, once the form is filled, the victim will be automatically redirected to the legitimate Halifax Bank website.
Read more »
Security News
hacker news Information Security Information Security risk Security News

Gmail now automatically displays images, helps attacker to know when you open the mail


Google yesterday announced that it will automatically display the embedded images in emails by default, which was previously disabled by Google. 

By enabling this feature, Google made a mistake, now sender is able to track whether the user have opened the mail or not.

An attacker with a unique image link (eg:www.breakthesecurity.com/123456.jpg) can easily determine when the recipient opened the mail.

"Turning those images on means we’ll be more accurate when tracking unique opens."MailChimp, a bulk Mail service, said in their blog post.

"GMail's new image caching doesn't occur until the user views the message, still provides read tracking." HD Moore, security researcher commented about this new feature in his tweet.

You can disable this feature by choosing the option "Ask before showing" in the "image" section under the General tab in settings. However, it is still in question how many of users going to disable it, most of them don't bother.
Read more »
hacker news
Cyber Crime hacker arrested hacker news

Hacker sentenced to 18 months for hacking US government systems

A Pennsylvania hacker has been sentenced to 18 months for hacking into and selling the access to various computer networks, also fined $25,000.

According to the Boston Globe, Andrew James Miller, 24 year old, who lives with his parents in Pennsylvania, hacked into the computers of various law enforcement agencies, academic institutions, corporations and government agencies including the Dept. of Energy.

He is said to be part of the part of a underground hacker group called "
Underground Intelligence Agency" with online moniker "Green.

The man asked sorry for his actions and said "wish to do anything I can to correct the situation".

Assistant US Attorney Adam J. Bookbinder highlighted that Miller was fully aware that his actions are illegal. But because of making money, he was willing to do it.
Read more »
Vulnerability
Featured hacker news Remote Code Execution Vulnerability

Vulnerability in NVIDIA mental ray allows hackers to take control of render farms

A security vulnerability in Nvidia mental ray, a high performance 3D rendering software allows hackers to take control of an entire "render farm", says security researchers at ReVuln.

A Render farm is a cluster of specialized computers designed for rendering images, typically used for creating visual effects in films.  Render farms have high computational capability.

The mental ray is available as stand alone software and also embedded into popular software like AutoCAD, Autodesk 3ds Max, Autodesk Maya, Cinema 4D, Domus3D.

By just sending a malicious packet to the target machine, a hacker can load arbitrary DLLs on a victim's machine; Injecting malicious remote library allows attacker to take control of the entire render farm.


The mental ray version 3.11.1.10 is only affected by this vulnerability.

What will you do when you get access to a system that has huge computation capability? A hacker definitely attempt to use it for password cracking or Bitcoin Mining.

You can find the white paper here : http://revuln.com/files/ReVuln_Nvidia_mental_ray.pdf

Read more »
hacker news
Data Breach hacker news

Laptop containing Houston Methodist Hospital patient's info stolen

Houston Methodist Hospital located in Houston, Texas, reports laptop containing sensitive information of approximately 1,300 transplant patients and files were stolen.

The stolen laptop is claimed to be encrypted one and contains personal information including names, Social Security Numbers and date of birth.

Hospital has informed about the theft to the local police and is also conducting their own investigation, reports the Houston Chronicle.

All those affected patients are being offered 1 year free subscription to identity theft protection service.The hospital apologized for the incident and promised to improve the security to prevent future data breaches.
Read more »
ZeuS
hacker news Malware Report ZeuS

64 bit version of notorious Zeus Trojan spotted by Kaspersky


As more number of people switch to 64bit version of OS,  Cyber criminals also started to write malware code that compatible with 64 bit.

It is not surprising to see the world's most notorious Banking Trojan Zeus also come up with new variants supporting 64bit.

Security researchers at Kaspersky spotted a 32-bit variant of Zeus malware containing 64bit version.  Researchers say 64-bit variant has already been in the wild around June with compilation date on April 2013.

This new variant has ability to communicate with its command and control(C&C) server via Tor Network.
 
A number of 64-bit users comparing to 32-bit users is very low.  Then, what is the need of developing 64bit supported variants?!

Researchers believe that it might be marketing technique to attack buyers or the ground work for some future needs.
Read more »
Malware Report
Android Malware IT Security News Malware Report

New variant of Mouabad malware can make phone calls from Your Android Mobile

We already aware that there are android malware which are capable of making money for cyber criminals by sending SMS to premium rated numbers.

A New variant of Android mobile malware 'Mouabad' spotted by Lookout allows cyber criminals to make phone calls from infected devices without user intervention.

The malware is cleverly designed to avoid detection, it attempts to make phone calls only when the device is locked. When the victim unlocks the devices, it ends the call.

However, it can be easily detected by looking at the call histories, as the malware is not designed to delete the call logs.

Fortunately, the malware only works on android older than version 3.1. So, those who have the latest android version need not to worry.
Read more »
Security News
hacker news Information Security Information Security risk Security News

Stolen laptop of Poker Player mysteriously returned with Remote Administration Tool


Jens Kyllönen, a professional Poker player from Finland, has shocked when his laptop apparently stolen from his hotel room while he was playing in a tournament, mysteriously returned to the same place where he left it.

Jens complaint about this incident to the hotel however the staffs are not helpful. They told him that camera's are not working properly so not able to find out how it was happened.

Interestingly, the laptop again stolen while he was getting help from staffs and placed in hotel lobby. The one who accessed his laptop managed to remove the password security.

Then, he got an idea to visit the F-Secure Labs to do forensics investigation on his laptop to find out what happened.

According to F-Secure Labs, the laptop was in fact infected with a java-based Remote Administration Tool(RAT). Based on the timestamps, the malware was introduced to the laptop when the laptop had gone missing.

He is not the only person who fell victim to this attack, there is another professional player, Henri Jaakkola who stayed in the same room at the event, had the same exact same trojan installed in his laptop.

Those who have laptop with sensitive information are advised to put it in a safe when you are not around it, and encrypt disks.
Read more »
Malware Report
Bitcoin malware hacker news Malware Report

Fake Facebook page serves Fake Flash player containing Miner

Now a days, Cyber Criminals have more interest in Bitcoins and Mining than the victim's information. Here is another example that shows the interest of cybercriminals.  


Security Researcher at MalwareBytes has come across a fake facebook video page that displays a message "An update for Youtube flash player is needed" and downloads fake flash player file.


Once user opened the fake flash player, it drops a couple of executable files namely "control.exe" and "svhost.exe".

Svchost.exe attempts to join a P2Pool - a decentralized Bitcoin mining pool that works by creating a peer-to-peer network of miner nodes.  However, it failed to connect.  The dropped miner is being detected as PUP.BitCoinMiner.

Users are always recommended to download the software from trusted and directly from the software provider. 
Read more »
Subscribe to: Comments (Atom)