Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Hacking News
Apple Hacked Featured Hacking News

Hackers can covertly activate Macbook Webcams without Warning light


Recently, a Hacker has managed to take nude photos of his high school classmate by covertly activating the Webcam in Macboook without turning on the warning light.

Though it is designed to trigger a warning light near to the webcam whenever the webcam is turned on, researchers says it can be deactivated.

Researchers from Johns Hopkins University have published a paper entitled "iSeeYou: Disabling the MacBook Webcam Indicator LED", first reported by Washington Post, demonstrates how an attacker can disable the LED indicator.

According to the research, the vulnerability affects the Apple old version of apple products including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros released before 2008.

However, security researcher Charlie Miller suggest the attack could be possible in newer machines.
Read more »
Qadars
Featured hacker news Malware Report Qadars

Banking Trojan 'Qadars' now targets users in Netherlands


A New Banking Trojan called 'Qadars' that has been infecting users across the globe in recent days, is now appeared to be targeting users mainly from Netherlands, according to ESET.

It was first publicly discussed by researchers from LEXSI.  At the time, the malware was said to be targeting users from France, India and Dutch.

Similar to the notorious Banking malware 'Zeus', the Qadars also uses Man in the Browser technique - Steal info from the browser before it is encrypted and send the modified info to bank websites.

It has also Android mobile components that allows the malware to bypass two-step authentication security feature of online banking and gain access to bank accounts.

This malware has focused mainly on six countries : Netherlands, France, Canada, Australia, India and Italy.  However, the graph provided by researchers shows that malware has more number of infected users in Netherlands.  
Read more »
hacker news
hacker news

Harvard University Student made bomb threats to get out of a final exam

Exam is a nightmare for most of students.  It appears a Harvard University student also got this nightmare. He chose a different and stupid way to avoid the final exam, made a bomb threats.

Eldo Kim, 20-year-old was charged for sending a hoax email claiming bombs were in four buildings on the Harvard University’s main campus in Cambridge, according to CBS Boston

On Dec. 16th 2013, University officials, president of the Harvard Crimson, received an anonymous email with a subject "Bombs placed around campus".

"shrapnel bombs placed in:science center, sever hall, emerson hall, thayer hall
2/4. guess correctly. be quick for they will go off soon." The email reads.

University immediately notified the FBI.  After investigation, FBI find out the sender used a Temporary mail service 'Guerrilla Mail' and TOR to hide his identity.

After further investigation, they University determined Kim accessed the TOR using the Harvard's university wireless network.
Read more »
Vulnerability
hacker news Security flaw Vulnerability

Security Bugs fixed: Wireshark 1.10.4 and 1.8.12 released

Wireshark latest versions are available here.  The new versions 1.10.4 and 1.8.12 have no special features comparing to previous versions.  However, multiple bugs have been fixed in these versions.

There are three security bugs fixed.  The vulnerability exists in the "SIP dissector", "The BSSGP dissector" and the "NTLMSSP v2 dissector"

An attacker could remotely crash the Wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Besides security bugs, there are also some non-security related bugs fixed in these versions such as "Tx MCS set is not interpreted properly in WLAN beacon frame", "Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses".

Download the latest version from here:
http://www.wireshark.org/download.html


Read more »
Security News
Cyber Security awareness hacker news Phishing scam Security News

Cyber Security Awareness: How a Grandma got phished by a Hacker

Christmas is getting closer, children are expecting gifts from Santa Claus.  I'm not sure whether Santa is going to send gifts to your children but definitely cyber criminals have much interest to send phishing emails for you.

Now you should be extreme caution about the emails claiming to give special Christmas offers or free Christmas gifts.

University IT at The University of Rochester has uploaded a funny video in Youtube called "Grandma Got Phished by a Hacker" to create awareness of cyber security.




They have conveyed the warning message about phishing mails in funny way.

The University also has launched a new service called "Proofpoint Targeted Attack Protection", which is designed to improve the protection of University mail systems against phishing attacks.
Read more »
Twitter account hacked
Hacking News Twitter account hacked

Twitter account of Joe Simpson hacked, terrible tweets posted


Verified Twitter account of an English Mountaineer Joe Simpson hijacked by an unknown hacker and posted a series of horrible messages from his account.

According to US magazine, the hacker posted more than 40 horrible tweets including "I've used my 'name' and abused my power".

" I've molested multiple and can provide proof. Everyone should know.  Everyone should know," One of the tweets posted by hacker reads.

"For those who are wondering...my account has not been hacked but as I said I would remove those tweets...see I can get away with anything ;)" the hacker added in another tweet.

After sometime, Joe managed to regain the control to his account and removed the awful messages.

"My twitter account was hacked this evening and some terrible messages were sent from my account. My account has been reset now." In his tweet, Joe admitted his twitter was hacked.
Read more »
Malware Report
Android Malware Botnets hacker news Malware Report

One of the largest Android Botnet 'MisoSMS' steals messages

Security researchers from FireEye have uncovered one of the largest Android botnet which they dubbed as "MisoSMS".  The botnet is said to have been used in at least 64 spyware campaigns.

According to the report, the malware disguised as an "Android settings" application used for adminstrative tasks.

 The threat is designed to steal messages from victims and emails the messages to a Command and control(C&C) server located in china.

 the most of the infected devices are from Korea.  The cybercriminals behind this botnet logged into the server from Korea, China and few other locations in order to read the stolen messages.

FireEye said they are collaborating with the Koran law enforcement and Chinese webmail vendor in a effort to disrupt this botnet.
Read more »
Vulnerability Lab
hacker news stack based buffer overflow Vulnerability Vulnerability Lab

Local Stack buffer overflow Vulnerability in Quickheal antivirus

A Security researcher from Vulnerability Lab has discovered a local stack buffer overflow vulnerability in the QuickHeal AntiVirus 7.0.0.1 (b2.0.0.1) Pro software.
 
Researcher says improper handling of buffers in the 'pepoly.dll' module on certain conditions leads to a stack overflow.  Disabling the Core scanning server service could trigger the vulnerable point and crash the system.

"The vulnerability is located in the generated PE file `*.text` value. It can be overflowed by manipulating import of a malicious PE file.The issue is a classic (uni-code) stack buffer overflow"


A local attacker with low privilege can exploit this vulnerability to take control of the system or simply crash the quickheal software system process.  The security risk of this vulnerability has been estimated as medium.

Researcher also provided a solution to fix the vulnerability: "It can be patched by a secure filter and size restriction of the PE file name text flag".

The proof of concept is available here.
Read more »
SQL Injection Vulnerability
Botnets Breaking News hacker news Malware Report SQL Injection Vulnerability

'Advanced Power' botnet attempts to hack website using victim's machine

S ecurity researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines. 

The malware disguise itself as a legitimate Firefox add on called "Microsoft .NET Framework Assistant" is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.

Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites.  So, it will probably help the attacker to increase the number of infected websites and systems.

Advanced Power test SQL Injection vulnerability

The malware also capable of stealing sensitive information.  However, the feature is not appeared to be activated on infected systems.

Alex Holden, chief information security officer at Hold Security LLC, analyzed the malware and believes the malware authors are from Czech Republic, based on the text string available in the threat.

Researcher says more than 12,500 systems have been infected by this malware and helped to discover at least 1,800 web pages vulnerable to SQL Injection.

Update:
In an email, a Mozilla spokesperson told EHN that "they have disabled the fraudulent 'Microsoft .NET Framework Assistant' add-on used by 'Advanced Power' as part of its attack. You should always be careful with anything you download. It's a good idea to use many layers of protection, including antivirus software to stop malware."
Read more »
Spam Report
Cyber Crime hacker news Phishing scam Spam Report

Nigerian man jailed for $1.5 m phishing scam targeting students

A Nigerian man has been sentenced to three years and nine months for taking part in a $1.5 m phishing scam targeting UK students.

Olajide Onikoyi, 29-year-old, from Manchester, was one of the person of a criminal group who targeted students by sending phishing emails inviting them to update student load details.

According to SKY News, he laundered £393,000 from 238 victims in total, including one student who had £19,000 taken from his account.

When Metropolitan police central e-crime unit seized his computers, they found a chat logs that revealed he was conspiring with criminals in Russia, Lithuania and UK.

A number of other people have also been jailed in connection with the scam.

Users are all advised to be extreme caution when clicking links in unsolicited emails, log into the websites directly by entering the url of the site instead of clicking the link.
Read more »
Team Berserk
hacker news Team Berserk

TeamBerserk hackers Buy gifts for less fortunate with stolen credit cards

Team Berserk, a hacker group announced a new operation called #opBerserkChristmas in which hackers planning to buy gifts for less fortunate with the stolen credit cards of politicians, government officials.
They are planning to send gifts such as toys, blankets, tablets, computers to "many children's shelters, homeless shelters and less fortunate folks addresses.".

The group also claimed to have already shipped a gift to  Children's Shelter 2939 W. Woodlawn at the expense of Texas Judge.

They are planning to upload screenshots of order details with "#opBerserkChristmas" hash tag and said "Once the items have been shipped the sceenshot will be uploaded as proof.".

"If any of the employees at these locations tries to keep any of these items that are meant for the children and less fortunate we will pull your dox and ruin your credit and additional LoLs will be made." Hackers said. 
Read more »
Subscribe to: Comments (Atom)