Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Web Application Vulnerability
Hacking News Joomla vulnerability Vulnerability Web Application Vulnerability

Thousands of Joomla websites using JomSocial vulnerable to Remote Code Execution

Thousands of Joomla websites using JomSocial are vulnerable to Remote Code Execution vulnerability.  JomSocial is a social networking extension for Joomla CMS.

The extension is currently listed on the Joomla's Vulnerable Extension list.  The vulnerability is being exploited in the wild, several users have reported that someone had hacked into their website.

According to JomSocial, hackers breached JomSocial website by exploiting this vulnerability.  The security experts at JomSocial have spotted the attack and released a patch for this vulnerability.  While analyzing the vulnerability which is being exploited, they also discovered another critical vulnerability.

The vulnerability was discovered by a security researcher Matias Fontanini.  He notified JomSocial about the vulnerability.  At first, the team said that they have fixed the issue in the 3.1.0.1. However, researcher found 3.1.0.1 is also vulnerable.

Vulnerability Details:
The vulnerability is located in the 'photos' controller, 'ajaxUploadAvatar' task. The parameters parsed by the 'Azrul' plugin are not properly sanitized before being used in a call to the 'call_user_func_array' PHP function.

"This allows an attacker to execute arbitrary static class functions, using any amount of user-provided parameters."  An attacker can exploit this vulnerability by calling CStringHelper::escape function and execute arbitrary PHP code.

HTTP Request exploiting the vulnerability

More technical details about the vulnerability and exploit code is available here.

As you can see that exploit code is already publicly available, all JomScoial Admins are advised to upgrade to latest version of the extension (v3.1.0.4) as soon as possible.
Read more »
Malware Report
Bitcoin malware Breaking News Mac Malware Malware Report

StealthBit: New malware targeting Apple Mac OS X steals Bitcoins

A new Trojan Horse targeting Apple Mac OS X spies on web traffic of users and attempt to steal Bitcoins.  SecureMac says the malware referred as "OSX/CoinThief.A" is found in the wild.  Several users have reported that their Bitcoins have been stolen.

The malware hosted in Github with the name "StealthBit" disguising itself as an app to send and receive payments on Bitcoin Stealth Addresses.  A link to this project had also been posted in reddit  inciting users to download the app and have been voted by 100 people. 

The project had source code as well as a pre-compiled binary file.  Researchers say the binary file didn't match with the copy generated from source code. Those who installed the pre-compiled version of the app likely to be infected by this malware.

One user from reddit reported that his 20 Bitcoins(current value is around $10k) have been stolen by this malware app.

"I foolishly installed 'StealthBit' Anyone else find this to be a virus? The Post is still online.. I found 1 comment suggesting the possibility. https://pay.reddit.com/r/Bitcoin/comments/1wqljr/i_was_bored_so_i_made_bitcoin_stealth_addresses/" The user posted in the reddit.

Upon running the app for the first time, it installs browser extensions for Safari and Google Chrome and runs continually a program in background that looking for Bitcoin Wallet login credentials. The malware then steals Bitcoin login credentials, username and Unique identifier of infected Mac.

At the time of writing, the malicious project have been removed from the GitHub. 

It appears this is not the first time Mac users being fooled such kind of malicious apps.  One user shared his experience that he was scammed by similar app called "Bitvanity" which was also hosted in Github, stole 20 BTC from his account.

The user also has pointed out interesting facts about these two projects- The "StealthBit" hosted by "Thomas Revor" and "Bitvanity" was hosted by "Trevorscool".
Read more »
Twitter account hacked
hacker news TheHorsemenLulz Twitter account hacked

Dubai Police's Twitter and other Social media accounts hacked by @TheHorsemenLulz

A hacker identified as @TheHorsemenLulz attacked Dubai Police's official Social media accounts including verified Twitter account with 258k followers.

"Dubai Police is spying on you, Isn’t it fair that we the people do the same back? hacked by @TheHorsemenLulz," message posted in the hijacked twitter account reads.

Hacker posted a number of screenshots in his twitter account, it shows that he also hijacked other social media accounts : Pinterest, Linkedin and Tumblr.

Dubai Police have regained access to their twitter account and the tweets posted by hacker have been removed from the feeds.

It appears the hacker has ddosed several websites including Central Bank of the United Arab Emirates, UAE Computer Emergency Response Team and Emirates Integrated Telecommunications Company.
Read more »
Malware Report
Google Safe Browsing IT Security News Malvertising Malware Report

Thousands of websites using MadAdsMedia ads blocked by Google Safe Browsing

Thousands of websites' owners using MadAdsMedia ads service became mad after Google Safe Browsing blocked their websites.

A number of users have reported in Google forums and Digital Point forums that their website is blocked by GSB and showing the following warning message "This web page at [site] has been reported as an attack page and has been blocked based on your security preferences."

Even after removing the MadAdsMedia script from their website, it is still showing the Malware warning.

"In my webmaster tools it lists the suspicious snippets as the links to madads. As I said before I removed them, then I tried to request a review in my webmaster tools but when I submit it I get: 'Your request can't be processed at this time because your site isn't currently flagged for malware. If you see a malware warning in your browser, it is likely a cross-site warning.' " One of the user posted in DigitalPoint forums.

It is still unknown whether Google mistakenly blocked those websites or the MadAdsWebsite is hacked to serve malicious ads.  We are not sure how many number of websites have been affected.

*Update:
According to fz6-forum, one of the MadAdsMedia advertising vendors' server was hacked and few ads have been injected with malicious code.

"This message is regarding the recent malware notifications that some of our publishers may have experienced. Just before noon today, our engineers discovered that one of our ad serving locations had been hacked."
 
"Since this attack was discovered, our engineering team worked diligently until 3:45pm EST to ensure that the appropriate action was taken to secure our ad server. Unfortunately during that time, this attack effected 7.8% of our publishers' domains. " Mail from MadMAdsMedia reads.
Read more »
Vulnerability
Breaking News Denial of Service vulnerability Vulnerability

Vulnerability in Snapchat allows hackers to remotely crash iPhones

A New security flaw has been discovered in Snapchat app allows a hacker to launch denial of service attack that will crash your Iphone devices.

A cyber security researcher Jaime Sanchez today exposed a security bug in Snapchat app that allows an attacker to send thousands of messages within few seconds.  Users can only recover the phone by hard reset.

The app generates a new token whenever user send a message, in order to verify their identity.  

According to Los Angeles Times, vulnerability allows to reuse the old tokens generated by the app to send new messages.  A cyber criminal can use these old tokens to send a large amount of spam messages.

The researcher hasn't informed Snapchat about the vulnerability and told Los Angeles times that Snapchat has no respect for the cyber security research community.

The reason why researcher is saying that is because Snapchat recently ignored a security bug reported by security researchers that could be used to expose user data.
Read more »
Tidal Botnet
Information Security News Spam Bots Spam Report Tidal Botnet

Users targeted with large number of Spam mails containing Banking Trojan

 
A new massive spam campaign has been spotted by security researchers at AppRiver which sends large amount of spam mails to data centers in an effort to evade Email-filtering engines.

AppRiver's data centers received 10 to 12 times normal traffic.  Even though AppRiver managed to block the spam mails, tremendous volume of traffic caused some of its customers delays in sending and receiving emails.

CyberCriminals are targeting users with large amount of emails with varying premise.  One of the spam mails is targeting Bank of America customers.  A fake alert message pretending to be from Bank of America contains a Bredo malware.

Researchers say the malware is capable of recording the keystrokes and steal financial information.  It has also capabilities to do download additional malware on the victim's machine.  The spam mails reportedly detected only by 11 out of 51 antiviruses.

Another mail analyzed by AppRiver is pretending to be from "VISA/MasterCard" and informs recipients that their account has been blocked due to unusual activity.

Some of the malicious attached files have pointed to Andromeda botnet and some other pointing to Bredo Botnet.  This botnet activity being referred as TidalWave/TidalBotnet by AppRiver.
Read more »
Hacking News
defacement Dr.SHA6H Hacking News

Turkmenistan Banks and Government websites hacked by Dr.SHA6H

A Syrian hacker with twitter handle "Dr.SHA6H" has hacked and defaced the official websites of two Turkmenistan state-owned commercial banks. The affected Banks are PrezidentBank (presidentbank.gov.tm) and Turkmenbashi Bank(tbbank.gov.tm).

The hacker managed to modify the contents of an article at PrezidentBank site and just wrote "Hacked By Dr.SHA6H" in the homepage.  The home page of Turkmenbashi Bank has also been modified by the hacker, he managed to place the message at the end of homepage.

The hacker didn't stop with these two bank websites defacement, he also breached few other government websites.

The affected websites includes Nowruz festival(www.nowruz.gov.tm ), Earthquake Engineering Research Institute Website(seysmostroy.gov.tm), Commerce and Industry of Turkmenistan(cci.gov.tm).

Dr.SHA6H is known for government websites defacements.  At the end of last year, he defaced several Kerala Government websites and left the same message.
Read more »
Malware Report
Fake Antivirus Malvertising Malware Report

Malvertising on Aftonbladet news site targets IE users with Fake Antivirus

A largest Sweden Newspaper website Aftonbladet is found to be serving malicious ads that redirect users to a malicious website serving Fake Antivirus.

Security researcher at Kaspersky said the website was spreading malware not because they got hacked, but because cybercriminals compromised a third-party ads running on the site.

The malicious script used in the malvertising attack checks whether the user is using Internet Explorer browser or not.  Only IE users are being redirected to malware website.

The malware page is not exploiting any vulnerabilities but displays a fake virus alert message from Microsoft Security essential that it has detected potential threats in the user's computer and recommends to clean the malware.

Once user click on the picture, it will not clean any viruses, it will download a malicious obfuscated Visual Basic Executable file. 

"Large websites often include content from other websites, and if the bad guys compromise any of those websites they can also manipulate the content which is getting included by the large website." researcher said.
Read more »
IT Security News
Data Breach Hacking News IT Security News

Target's network hacked using stolen credentials from a HVAC company

Stolen Credentials from Fazio Mechanical Services, a Pennsylvania based provider of heating, ventilation and air-conditioning(HVAC) systems, allowed attackers to breach the Target's network which resulted in massive breach involving more than 40 million credit card data.

Cyber security blogger Brain Krebs has learned that US secret services visited the companies offices, but Faizo Vice president has refused to provide further details about the visit.

You may ask why Target gave a ventilation contractor access to its network?  A CyberSecurity expert told Krebs that a HVAC service providers usually get access to retailers' computer systems in order to remotely monitor energy consumption and temperatures in stores.

CyberCriminals first tested their card-stealing malware, by infecting only a small number of cash registers within Target stores.  They conducted the test between November 15 and Nov. 28.

By the end of the November, hackers distributed their malware to a majority of Target's POS Systems.

It appears the stolen financial data stored not only in Russian server but it has also been uploaded to servers located in various countries including Miami and Brazil.

In an official statement, Faizo Mechanical Services said "Fazio Mechanical does not perform remote monitoring of or control of heating, cooling and refrigeration systems for Target"

"Our data connection with Target was exclusively for electronic billing, contract submission and project management, and Target is the only customer for whom we manage these processes on a remote basis."
Read more »
National Security
Breaking News Chinese Hackers Cyber War IT Security News National Security

Chinese Huawei allegedly hacked into Indian state-owned Telecoms company BSNL

Parliament of India was informed on Wednesday that the State-owned Telecoms Company Bharat Sanchar Nigam Limited(BSNL)'s network was allegedly hacked by a Chinese Telecom equipment maker Huawei.

"The government has constituted an inter-ministerial team to investigate the matter."Killi Kruparani, Minister of State for Communications and IT, told the Lok Sabha.

According to reports,  the engineers of Huawei allegedly hacked a BSNL's mobile tower in Coastal area of Andhra Pradesh in October 2013.

India has launched an investigation, the investigation team is comprise of top officials from National Security council Secretariat, Intelligence Bureau, Union home ministry and BSNL.

It is worth to note that BSNL has offered a major part of its network expansion tender to another Chinese company ZTE in 2012.  The goverment suspects it might be the "inter-corporate rivalry" between these two chinese companies.

Huawei India denies allegations of hacking BSNL's network, said it will continue to work with Indian customers and Government and ready to help in addressing any network security issues.
Read more »
Syrian Electronic Army
Featured hacker news MarkMonitor hacked Syrian Electronic Army

Facebook almost got hacked by Syrian Electronic Army, MarkMonitor website Hacked

Earlier today the Syrian Electronic Army posted a tweet with screenshots which suggested they had hijacked the Facebook's domain and changed the Registrant details and name server.

"Happy Birthday Mark! http://Facebook.com  owned by #SEA http://whois.domaintools.com/facebook.com" Hackers said in a tweet.

How hackers take control of Facebook Domain?
The next tweet confirmed that the hacker group took control of the MarkMonitor website - a website that manages Top Level domains including Facebook, Google, Yahoo and more.

The group managed to gain the admin panel of the Mark Monitor website that allowed them to access records of all domains hosted.


After learning about the breach, the Markmonitor immediately took down the Management portal.

It seems like facebook is lucky this time.  Even though the group changed the nameserver of the domain, it didn't reflect.  It's failed attempt to compromise domain's DNS records.  If they had managed to change the records successfully, it could have affected millions of facebook users.

Few other screenshots provided by Syrian Electronic Army shows that the group had access to Google, Yahoo and Amazon domains.




Read more »
Subscribe to: Comments (Atom)