Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Moroccan Islamic Union-Mail
Defaced Website Hacking News Moroccan Hackers Moroccan Islamic Union-Mail

Moroccan Islamic Union-Mail hacks 5 Italian Government websites

Moroccan hackers going with the team handle "Moroccan Islamic Union-Mail" have hacked and defaced Several Of Italian Government Websites again.

Home page of the hacked websites have been modified with hackers' message and a youtube video. 

"We do not want muscle-flexing. Just want to get our message across the world to discover the truth."The message left by the team reads. " Yes, the fact that should be explored invite you to show filter this video to discover the truth for yourself.  #THE TRUTH WILL PREVAIL"

In addition to the above statement the defaced website was also playing a
Youtube video, depicting The stark reality about the Prophet Muhammad in the
Bible.

Link of targeted website along with its mirror can be found below:

http://www.smsagenovesi.gov.it/
http://www.add-attack.com/defaced/468738/smsagenovesi.gov.it/

http://www.superdue.gov.it/
http://dark-h.org/deface/id/8018

http://www.matteodellacorte.gov.it/
http://www.add-attack.com/defaced/468745/matteodellacorte.gov.it/

http://www.terzonocera.gov.it/
http://www.add-attack.com/defaced/468744/terzonocera.gov.it/

http://www.liceoclassicogbvico.gov.it/
http://www.add-attack.com/defaced/468747/liceoclassicogbvico.gov.it/

Hackers modified the content of home page 10 hours ago.  But, all of those affected sites are still showing the defacement.

The group has hacked several other Government websites in the past including South African, Colombia.
Read more »
Syrian Electronic Army
Ebay and Paypal hacked Featured Hacking News Syrian Electronic Army

Ebay and Paypal UK domains hacked by Syrian Electronic Army

Paypal is the latest Organization to be victim of Syrian Electronic Army(SEA).  Today, the group has hacked into the MakrMonitor account managing the Ebay and Paypal domains.

Exclusive :MarkMonitor account of Ebay

SEA managed to modify the DNS records of ebay.co.uk and paypal.co.uk and left them defaced.

"For denying Syrian citizens the ability to purchase online products, Paypal was hacked by SEA" The group said in a tweet.

The group said it is purely a hacktivist operation and no user accounts or data affected by this breach.

"If your Paypal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years. #SEA"

Syrian Electronic Army is best known for its Spear Phishing attacks where employees of organization are targeted with malicious emails. It appears the group used the same attack to compromise the Mark Monitor account of Ebay.

Exclusive: Ebay defaced
The group also hacked the email account Paul Whitted, Sr. Manager, Site Engineering Center at eBay and posted screenshot of the internal communications.


Update:

"We’re aware our UK & France marketing pages were redirected briefly for a few users. Situation is resolved; NO customer info was compromised"Paypal has acknowledged the breach on its official twitter account.
Read more »
NullCrew
Data Breach Database Leaked Hacking News NullCrew

Nullcrew hackers claims to have hacked Bell Canada

The Nullcrew Team is back! After several months, the group returned with a new database leak.  They claimed to have hacked into the Bell Canada website(www.bell.ca) and compromised the database server.

Just few hours before, the group published a link to leak(http://nullcrew.org/bell.txt).  The leak contains thousands of usernames,email addresses and plain-text passwords and even some credit card data.

"Go f****g figure, people who are suppose to provide secure connection to the internet?.. They can't secure themselves, and with that said?" Hackers wrote next to the leak.

"Successful day hacking internet service providers is successful. #NullCrew" Tweet posted by hackers on Jan 14 reads.

It appears the group also had a talk with Bell support team.

"We'd like to give a shout-out to the beautiful people over at twitter.com/Bell_Support.  First of all, asking a hacker their providence made all of us lolololol!" The group said.
Read more »
Malware Report
Android Malware Malware Report

Android malware delivered via windows, when debugging-mode enabled

Be careful if you are connecting your android device to others computers! 
A New windows-based malware installs malicious application in debugging-mode enabled android devices.

Usually, malware applications get installed in your device, only if you have changed the default security settings to allow apps from third-party app stores.  But, Malware analysts at Sophos say a malware still can reach your device, even if you have not enabled so-called "off-market" apps.

When you have enabled USB debugging mode,  you can install apps directly from your windows machine.  A new windows-based malware appears to be taking advantage of this facility.

The malware first register itself as a system service and downloads a configuration file "iconfig.txt".  The iconfig.txt file contains the list of exe files to be downloaded in the infected machine.

"Samsung.exe, LG.exe, AdbWinApi.dll, AdbWinUsbApi.dll, aadpt.exe, adb.exe, AV-cdk.apk, ok.bat" are the files downloaded by the malware.

The "ok.bat" is a batch file that runs "C:\Users\Yourname> adb install AV-cdk.apk" in your command prompt, results in the malicious apk file getting installed in your android device.

The name of apk file sounds like it is pretending to be an Antivirus, but once installed, the app disguise itself as "Google Play store".

Researchers suggest to turn it off the Android Debugging option, when you don't need it.
Read more »
Data Breach
Breaking News Brian Krebs Cyber Security Data Breach

Hotel Management Company White Lodging appears to be latest victim of Data breach

There have been three massive data breaches reported in the last two months. The data breaches just keep coming. Now, it looks like people used their cards in a number of hotels might be at financial risk.

A latest report from Cybersecurity blogger Brian Krebs reveals a hotel management company White Lodging, which manages hotel franchises under nationwide brands including Hilton, Marriott, Sheraton and Westin, suffered a data breach involving customer's card information.

Krebs started the investigation, after he received reports from multiple sources in Bank industry saying that they have noticed a "pattern of fraud" on a number of cards that were previously used at Marriott hotels.

White Lodging told Krebs that an investigation is in progress and it will provide additional information as soon as it is available.

Krebs said the breach only impacted Mariott guests who used their cards at White Lodging-managed gift shops and restaurants.

Krebs is the one who uncovered the massive data breaches reported in the last two months at Target,Neiman Marcus and most recently Michaels Stores.
Read more »
surveillance
IT Security IT Security News NSA Spy Agency surveillance

Canadian Spy agency with help of NSA tracked passengers who used free airport WiFi


Image Credits: Kaspersky
Here is another example why public WiFI networks pose a potential risk to your data.

A report from CBC News based on newly leaked secret document by former U.S. security contractor Edward Snowden reveals that Canadian spy agency was spying on the passengers who used free WiFi service in airports.

The Communications Security Establishment Canada (CSEC) is prohibited from spying on Canadians without a warrant.  However, they have collected metadata about all travelers passing through Airport including Canadians.

The document presented to the CBC shows the captured information from travelers' devices was then helped the spy agency to track them for a week or more as their wireless devices connected to any other Wi-FI hot spots in locations around Canada and event at US airports.

According to CBC, the leaked document suggests that operation was a trial run of a new software developed by CSEC with the help US's National security Agency(NSA).

Two largest Canadian airports - Toronto and Vancouver - and Boingo, a largest independent WiFi services supplier at other airports, have denied the involvement in providing any information of WiFi users.
Read more »
Security News
Bug Bounty Programs Github Bug Bounty program IT Security News Security News

Bug Bounty Programs: Github now offers $100 to $5000 for security vulnerability

Github is the latest organization to join the list of organizations offering Bounty to security researchers who find and report vulnerabilities.

Github has previously listed the name of those who report vulnerabilities in the 'Hall of fame' page, now offers bounty amount starting from $100 to $5,000. 

The exact bounty amount for each vulnerability is determined by GitHub based on actual risk and potential impact to their users.

Let us say, you find a non-persistent XSS vulnerability which only work in Opera browser(affects only 2% of its users) will get small bounty.  If you managed to find a Persistent(stored) XSS that will work in Chrome(affects 60% of its users), it will earn you larger reward. 

The bounty program currently covers the GitHub API, GitHub Gist and GitHub.com.  GitHub says its other applications are not part of the open bounty, but researchers may receive a bounty at its discretion.

So far, two researchers have received 1000 points for reporting 'Broken Authentication or Session Management' and 'Missing Function Level Access Control'
Read more »
Yahoo Mail account hacked
Database Compromised Featured hacker news Yahoo Mail account hacked

Third-party database compromise leads to Yahoo mail account hack

Yahoo has acknowledged a number of yahoo mail accounts have been accessed by hackers.  Yahoo says the unauthorized access came after hackers compromise a third-party database.

Yahoo didn't specify the name of the third-party and didn't disclose number of affected users.  After learned about the unauthorized access, Yahoo is sending password reset mail to all impacted accounts.

The company also said in its official statement that they have found no evidence that the credentials were compromised directly from its server.  Their investigation revealed a malicious software is using the login credentials to access Yahoo mail accounts.

The company said that it is now working with federal law enforcement to find the cause of the unauthorized access.  Additional measures also implemented to secure its server.

Yahoo says if your account is affected by this breach, you will get a notification through your yahoo email or SMS if a phone number is linked to your account.
Read more »
Web Application Vulnerability
Breaking News Remote Code Execution Vulnerability Web Application Vulnerability

Critical Remote Code Execution vulnerability patched in MediaWiki, affecting WikiPedia

A Critical Remote Code Execution vulnerability has recently been patched the Mediawiki in its wiki Software.  Thousands of Wiki sites including WikiPedia have been impacted by this security bug.

Security researchers from Checkpoint identified this vulnerability(CVE-2014-1610) affecting all versions starting with version 1.8.  The websites are vulnerable only, if a specific non-default setting is enabled.

According to the security advisory, an attacker could have exploited this vulnerability to make file and system changes and gained complete control over the server.

Checkpoint said that an attacker could have injected malware code into every page WikiPedia.org which could have put millions of users' system at potential risk of malware infection.

Fortunately, Checkpoint immediately informed the WikiMedia foundation about the presence this security bug.  On 28th Jan., the foundation released patch for this bug.

The security advisory says that this is the third critical remote code execution vulnerability discovered in MediaWiki since 2006.
Read more »
Security News
Data Breach IT Security IT Security News Security Breach Security News

Hackers reportedly used stolen vendor credentials for hacking Target system


Target Corporation told Wall Street Journal that the massive data breach it suffered last month happened after cyber criminals compromised credentials from a vendor and used them for hacking into the Target system.

The company didn't provide much information.  It didn't say how hackers stole the credentials.  They also didn't specify in which portal hackers logged into.

Cyber security blogger Brian Krebs who brought the Target breach to the light, said in his blog that malware used in the breach had used username 'Best1_user' and password 'BackupU$r' to access the shared drive.  Krebs highlighted the fact that the username is same as the default password used in IT management software developed by BMC Software.

"According to BMC’s documentation, this account is normally restricted, but the attackers may have usurped control to facilitate lateral movement within the network." said in Dell SecureWorks report pointed out by Krebs.

The report also revealed that malware component installed a service called "BladeLogic", appeared to be mimicking the name of another product of BMC.

A Trusted source told Krebs that BMC's software is used by many major retailers.  He believes targets also use it.

Krebs also confirmed that cyber criminals known as Rescator are selling millions of cards stolen in the Target data breach.
Read more »
Venezuelan Hackers
Anonymous Venezuela Defaced Website Hacker Claus Hacking News Venezuelan Hackers

Peruvian local news website NetLima hacked by Venezuelan Hackers


A group of Venezuelan hackers affiliated with Anonymous hacktivists managed to gain access to the website of Netlima, a Peruvian online news paper site that covers news related to Lima city.

Even though the main page is not affected, the hackers used the unauthorized access to modify the content of few pages of the site in order to show their message.

Few pictures and a short message have been placed in those affected pates.

" Article 350 has its own life, lives in each of our hearts, can lead us to freedom. Let's give life and to liberate Venezuela. " the message reads.  "In this country there will never be revolution without evolution of Consciousness.!".

In the end of the modified-page, the hackers apologized to the admin of the site for the inconvenience and said "nothing personal, it is a protest for my Country." 
List of affected pages:
http://www.netlima.com/avisos2/index.php
http://www.netlima.com/noticias.php
http://www.netlima.com/web1/index.html

Two hacker groups namely "Hacker Claus Team" and "Anonymous Juventud" have done this defacement.  Currently, the affected pages still shows the defacement.
Read more »
Subscribe to: Comments (Atom)