Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Pakistan Haxors CREW
Defaced Website Hacking News Pakistan Hackers Pakistan Haxors CREW

Official website of Assam Rifles hacked by Pakistan Haxors CREW


Just few minutes ago, the Pakisani hacker group known as "Pakistan Haxors CREW" has hacked into the official website of Assam Rifles.

The main home page is not affected by this attack.   The hacker has just uploaded a html file 'phc.html' in the main website(http://assamrifles.gov.in/phc.html).

Hacker didn't provide much information on the defaced page except a short message saying "Security Breach! Admin Secure It Thankssss".

In their official facebook page, the hacker group said "We Have What We Want".  We are not sure what they mean by that,  whether they have obtained any sensitive information or just mentioning about the defacement. The mirror of the defacement is here "add-attack.com/mirror/466057/ ".

According to the add-attack mirror record(www.add-attack.com/mirror/466052/), there is another group called "United Bangladesh Hackers" also defaced the website, just few hours before Pakistani hackers.

The same pakistani hacker group recently breached the Indian Railways website and uploaded their defacement.
Read more »
Hacking News
Anti NSA hacker Defaced Website DNS Hijacking Hacking News

Confirmed: Angry Birds website hacked by Anti-NSA Hacker

Syrian Electronic Army yesterday posted a tweet saying that one of its friend with handle "Anti-NSA" hacker defaced the Angry website.

At the time, we were not able to confirm the defacement.  No one was reported to have seen the hack.  Even the Zone-h mirror didn't confirm the defacement, displayed a message "The mirror is onhold and has not been verified yet".

So, we didn't have strong proof to report the hack.  Today,  Rovio, creator of angry birds, confirmed that the defacement was there for few minutes and corrected immediately.  Now, the Zone-h record also confirmed it.

Antti Tikkanen, Director of Security Response at F-Secure Labs, said in twitter that the attack is actually 'DNS Hijack attack'. He mentioned that the website itself not touched by the hacker; hacker managed to modify the DNS records.

He also said that the angrybirds website pointed to some IP address(31.170.165.141) assoicated with Lithuania for at least one hour.  The same IP address shown in the Zone-h record(https://www.zone-h.org/mirror/id/21666969).

The hack comes after the angry birds application is said to be used by NSA and GCHQ to spy on people. 
Read more »
Malware Report
Breaking News Cross-platform malware Java Exploits Java Malware Malware Report

Java Bot, a cross-platform malware capable of running on Windows, Mac and Linux


Security researchers at Kaspersky has came across a cross-platform malware which is capable of running on Windows, Mac and Linux.

The malware is completely written in Java.  Even the exploit used for delivering the malware is also well-known Java exploit(CVE-2013-2465) which makes the campaign completely cross-platform.

Once the bot has infected a system, it copies itself into user's home directory as well as add itself to the autostart programs list to ensure it gets executed whenever user reboots the system.

Once the configuration is done, the malware generates an unique identifier and informs its master.  Cyber criminals later communicates with this bot through IRC protocol.

The main purpose of this bot is appeared to be participate in Distributed-denial-of-service(DDOS) attacks.  Attacker can instruct the bot to attack a specific address and specify a duration for the attack.

The malware uses few techniques to make the malware analysis and detection more difficult.  It uses the Zelix Klassmaster obfuscator.  This obfuscator  not only obfuscate the byte code but also encrypts string constants.

All machines running Java 7 update 21 and earlier versions are likely to be vulnerable to this attack.
Read more »
Social Engineering Attack
Breaking News Hacking News Social Engineering Attack

Hacker manipulates Paypal and Godaddy to extort a twitter account worth $50,000


We aware that one of the powerful attack method in the hacking world is Social Engineering.  Here is a story how social engineering attack helped a hacker to extort a twitter account worth $50,000.

Naoki Hiroshima, an app developer, registered his one letter handle @N in 2007.  He says since he registered the account, he faced several troubles.  One letter twitter handles are rare, worth a lot of money.  

He says that even he got an offer up to $50,000 for his twitter handle.  However, he declined to sell it.  But, not all attempts to obtain the account have been friendly.  Hackers have often attempted to steal his account by sending phishing emails.

But this time, Naoki got bad luck.  A Hacker managed to compromise his website with social engineering attack.  The main target of the hacker is the twitter handle.  He threatens Naoki that he will never his domain, if he fails to hand over his twitter handle.  So, Naoki finally agreed to give the twitter handle to the hacker.

After get access to the @N, hacker explained how he was able to compromise his website and provided few security tips to prevent himself from being victim in future.

Manipulated employees at Paypal and Godaddy:
The attack started from Paypal.  The hacker called up Paypal and social engineered an employee into handing over the last four digits of Naoki's card.

He then called up Godaddy and said he lost his card data but he remembers the last four number.  Godaddy let the attacker to guess the first two digits of the card.  He successfully guessed the digits and has been given access to the account.

Naoki was using email ID hosted in his website for the Twitter account.  The attacker attempted to reset the twitter password.  Meanwhile, Naoki realized the attack and immediately changed the email id of Twitter to gmail.  So, the attacker was not able to get access to twitter account. 

He also attempt to trick the Twitter into handing over the account but Twitter asked the attacker to give more info.  So, he dropped the plan and blackmailed the Naoki to give his handle.

As the domain's registrant details have been changed and Godaddy is not helping Naoki, he finally agreed to exchange the twitter handle for his godaddy account.

Naoki said that he is disappointed with the Godaddy & paypal and he is planning to leave them as soon as possible.

"Stupid companies may give out your personal information (like part of your credit card number) to the wrong person. Some of those companies are still employing the unacceptable practice of verifying you with the last some digits of your credit card. " Naoki said in his blog.

Currently, the attacker has control of the twitter handle @N.  Naoki is using N_is_Stolen for his account.
Read more »
Malware Report
Breaking News Featured Malware Report

First Android Bootkit virus found to have infected 350,000 mobile devices

A New Android Trojan which is said to be the first Android Bootkit has been discovered by the Russian security firm Doctor Web.

The malware resides in the memory of the infected devices and launches itself early on in the OS loading stage and makes it hard to remove from the device.

The trojan, identified as Android.Oldboot.1.origin, installs one of its components into the boot partition of the file system.  It also modifies the init script -  a specialized program for initializing elements of the Android system.

When the device is turned on, the script is get executed and installs other malware components as a typical application.

Android virus which can't be removed by your Antivirus:  
This malware is considered as most dangerous of android malware because even if you remove it, once the device is rebooted, the component residing in the protected memory area will re-infect the device.

Researchers believe the threat gets into the device when user reflash their smartphones with the modified firmware containing this Trojan.

The malware has reportedly been infected more than 350,000 mobile devices around.  92% of the infected devices are appeared to be from China.

 To prevent yourself from being victim to such kind of threats, make sure that you are not installing firmware from unreliable sources.  Users are also advised not to buy devices from unknown origin.
Read more »
surveillance
Edward Snowden GCHQ NSA surveillance

'Leaky apps' like Angry Birds allows NSA and GCHQ to spy on you


Do You know while you are busy in hitting the pigs in angry birds game, US and UK Spy agencies collecting your personal data?

A recently leaked classified documents by whistleblower Edward Snowden show NSA and GCHQ have been working to develop ways to collect your personal information from so-called "leaky" phone apps.

According to Guardian,  Such apps allow the spy agencies to collect information including phone details and personal info such as age, gender and location and in some cases even sexual orientation.

One of the slides titled "Golden Nugget" shows how NSA able to obtain phone type, buddy lists, "possible image",location and other data, when a user upload a photo taken via mobile.


Many social networking sites such as facebook removes the EXIF metadata(which contains the geolocation details). Guardians points out that agencies still can collect those data, as it is transferred across the networks.

On the other hand, Rovio, the creator of Angry Birds, said in a press release that it doesn't share any data with spy agencies.  It points finger at the third-party advertising networks.

"The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries" Rovio's statement reads.
Read more »
Zcompany Hacking Crew
Pakistani Hackers Team Madleets Zcompany Hacking Crew

TeaM Madleets wesbite hacked by ZCompany Hacking Crew (ZHC)


The infamous Pakistani hacker group "Team Madleets" official website has been hacked by another hacker group known as ZCompany Hacking Crew (ZHC).

Hacked pages:
http://b0x1.madleets.com/index.html
http://b0x2.madleets.com/index.html

"Cool, we are not against madleets or any other team, but when we someone tryna act like they 'Own The Scene' with much arrogance, starts praising and greeting Indians, insulting groups/people who hack for cause like us 'The ZHC' & starts yelling about not to hack indians and they are our friends?" The defacement message reads.

"Its surely something to react too..So you thought we don't make difference? and ZHi is over? lol. btw we don't involve in cyber wars stuff like that, nor we will nor we are a rivarly skiddy group, but this was due for a long long time. "

However, Team Madleets claim that their website is not actually hacked.

"I recently got access to a Domain registry and was thinking to DNS changed it to b0x1.madleets.com and b0x2.madleets.com. Since I got busy in my personal life, I forgot about it that I had left both b0x1 and b0x2 pointing to our old server. That server had then gone expired and some other guy bought that server with our old server I.P.  " one of the admin said in their forum.

"Since that server was not ours anymore, those which were hungry to take down MaDLeeTs got access to that server and defaced our b0x1 and b0x2 DNS names making others think MaDLeeTs servers got hacked :mad: "

Team Madleets is best know for its DNS hijacking attacks.  They have defaced several high profile websites including Google Malaysia, Google Kenya and more via DNS poisoning.  The group also hacked several other websites including Daily Mail forum.

Jew few days back, the group also hacked into the Indian actress Poonam Pandey and Pop singer Daler Mehndi websites.

Mirrors of the defacement is here:
http://zone-hc.com/archive/mirror/720d579_b0x1.madleets.com_mirror_.html http://zone-hc.com/archive/mirror/e070a4c_b0x2.madleets.com_mirror_.html
Read more »
Spam Report
Facebook Scams Spam Report

Facebook Scams: "Hacking any Facebook Account", "Facebook Music Theme"


A new facebook scam which is claimed to be a script to "Hack any Facebook account" is spreading like Wildfire.  Recently, i also came across a facebook scam post that promise a "Facebook Music Theme". I've been tagged in the spam posts by more than 20 friends within a week.

The post has a link to a script file which is randomly hosted in dropbox, pastebin, textuploader and other file hosting services.

The post tricks users into thinking that it is a script to hack any facebook accounts.  It urge users to use it before it is getting blocked by facebook.

It asks them to copy the script and paste in the "console" section of the "inspect element" option in your browser.  It claims you will get username and password once you done the process.


Here is what exactly happening:
When you execute paste the code in the console section, it will run the code on behalf you.  So, it will send several requests including "Like" & "comment" request".  It means that you are unknowingly "liked" and "commented" on the scammer's pages.


It also tag all of your friends in a comment so that it can spread the scam further and get more victims.

I can't believe that there are still plenty of people out there who still believe some stupid scripts can hack accounts.

Are you one of the victim who followed the stupid instructions? 
No need to panic.  As far as i know, the script only "likes"& "comments" on behalf you.  So, you can simply go to "Activity" log page in your account and unlike & uncomment them.  If you are reading this article, make sure you are not doing the same mistake again.
Read more »
Pakistan Haxors CREW
Breaking News Defaced Website defacement Hacking News HaXor Hasnain Pakistan Hackers Pakistan Haxors CREW

Indian Railways website hacked by Pakistan Haxors Crew


The official website of the Indian Railways has once again been hacked by Pakistani Hackers group.  This time, it is done by two hackers named as " H4$N4!N H4XOR" and "HUNTER KHAN" from the "Pakistan Haxors CREW(PHC)".

The home page of the site is not affected.  However, hackers managed to upload a "index.html" in a subdirectory("http://er.indianrailways.gov.in/cris/edrm_site/notice/index.html")

Not the first time :

Last August, Pakistan Cyber Army hacked into Indian Railways and uploaded their defacement page in the same "edrm_site" directory with a short message "Hello Guys. Aooooo Indian Railway Pawned LOL. Go to Hell This hack in reply to Pak Army Website".

In 2012, another hacker with handle "AiNAB", a member of Pakistan hacker group called Pakistan cyber pyrates, defaced multiple sub-domains of Indian Railways.(Refer: http://www.zone-h.org/archive/notifier=AiNAB/page=2)

At the time of writing, the website still shows the defacement message.  It is still unknown whether the previous vulnerability hasn't been fixed or hackers discovered new vulnerability.

It is worth to note the "H4$N4!N H4XOR" has hacked several Indian websites including Tamilnadu popular TV channels Jaya TV and Sun TV.
Read more »
Hacking News
Breaking News Defaced Website Hacking News

Poonam Pandey website hacked by Pakistani Hacker "Haxor 99"


Pakistani hacker with handle "Haxor 99" has hacked into Official website of Poonam Pandey - an Indian model and Bollywood film actress. The hacker defaced the home page.

The same hacker recently defaced the websites belong to Indian Pop singer "Daler Mehndi" and Canadian singer "Raghav Mathur".

The hacker left the same defacement message saying . "Nothing Delete or Harmed...Rise a Voice for Justice of Kashimr. Patch Your Site".

It appears Poonam pandey needs help in recovering her website and patching the vulnerability.

"Really upset! & Scared.. My website is Hacked... It says to Raise Voice for Kashmir!... dont know what to do?" Poonam Pandey tweeted from her twitter account.
Read more »
Hacking News
Ashik Iqbal Chy Bangladesh Grey Hat hackers Defaced Website defacement Featured Hacking News

Exclusive: BCCI official website hacked by Bangladesh Grey Hat Hackers



A hacker named as "Ashik Iqbal Chy", from Bangladeshi Grey Hat hackers group hacked into the official website of Board Of Control For Cricket In India(BCCI.tv).

The hacker managed to publish and edit few articles with title "HackeD By AshiK IqbaL Chy" in the news section of the site.  Links to edited articles have also been displayed in the main page.

Hacker also changed the picture of the site with Bangladeshi cricket players with a short message saying " Don't mess up with Tigers!"

Hacker told EHN that he gained access to the admin panel of the website and managed to delete articles from the site which results in "under maintanence" mode.

Hacker told EHN that he managed to deface the home page also last night.  He provide us a screenshot of the admin panel.

Exclusive: Admin panel of BCCI

At the time of writing, the website is under "maintenance" mode.  Here is the list of mirrors of defacements:
http://www.zone-h.com/mirror/id/21650626
http://www.zone-h.com/mirror/id/21650812

Reason for the Hack:
One of the member of the hacker group told E Hacking News the hack is part of a protest against "India, England and Australia proposal on test cricket placed to the International Cricket Council"
Read more »
Subscribe to: Comments (Atom)