Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Hacking News
Breaking News Defaced Website defacement Hacking News

Las Vegas Sands casino websites hacked and defaced by Anti WMD Team

Las Vegas Sands Corp which is said to be the world largest casino operator, has been targeted by hackers.  Websites of Sands casino and its subsidiaries have been defaced.

The sites home page modified with the world map marking the location of sands casinos with flickering flame.

"Damn A, Don't  let your tongue cut your throat "the defacement message reads. "Encouraging the use of weapons of Mass destruction, Under Any condition , is a Crime"

The defacement also contained personal information of Sands employees including e-mail id, social security numbers and other information.

The sign left in the defacement suggest it is done by a hacker group identified as "Anti WMD team".  However, we are not able to find any history about this group.

List of affected websites are: Sands official website (sands.com), Venetian (www.venetian.com), Palazzo (palazzo.com), Sands Bethlehem (pasands.com), Marina Bay Sands (www.marinabaysands.com), Venetian Macao (venetianmacao.com), Sands Macao (sandsmacao.com) and Holiday Inn Macao Cotai Central (sandscotaicentral.com).

All of the affected websites are currently showing "Undergoing Maintenance" message.

Sands Spokesperson told Associate Press that the company is working with law enforcement to find out the hacker behind this security breach.  The company couldn't say whether customers' card data had been compromised.
Read more »
Hacking News
Credit Card hack Hacking News

Paypal President David Marcus credit card gets hacked

David Marcus, Paypal president is to be the latest person to fall victim to credit card fraud.

Marcus said on Monday that his Credit card data were compromised. The cybercriminals made several fraudulent transactions using the obtained information.

Marcus points out that his card using EMV technology which is being touted as a more secure system than magnetic stripe.  But that didn't stop the cybercriminals.

It seems like he did not want to waste this opportunity, he used this incident to promote his company's security benefits.  He said this breach would not have happened, if the merchant accepted Paypal. 

"Obfuscating card data online, on mobile, and now more and more offline remains one of PayPal's strongest value props." he said in twitter.

Paypal is claimed to be more secure and doesn't share card data or bank account details with merchant.  But, we reported that a hacker reportedly manipulate a paypal employee to get the last four digits of a card.
Read more »
Point of Sale malware
Featured JackPos Malware Malware Report Point of Sale malware

JackPos, a new Point of Sale malware stole thousands of Credit card data

Cyber criminals keep targeting Point of Sale(POS) with malware in an effort to steal credit card data.  A new malware targeting POS have been uncovered security researchers.

According to the cyber intelligence firm IntelCrawler, the new POS malware dubbed as "JackPos" which is being distributed through drive-by download attack disguise itself as Java Standard Edition binary, replaces the legitimate Java Update Scheduler file in the infected system. 

The loaders used in the "Drive-by" download attack has been written in obfuscated and compiled AutoIt Script.  Researcher says it is a technique to avoid AV detection and unpack additional malicious codes that will receive instructions from C&C server.

"The Cybercriminals have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system through external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices."IntelCrawler said.


At least 4,000 credit card data appeared to be stolen from several countries.  The list of target countries including Canada, Brazil, India, France, Spain, United states, Argentina, Korea and others.

According to Globe and Mail, more than 400 card data have been stolen from Bangalore City, India. 3,000 cards' data stolen from Sao Paulo, Brazil.  700 cards data from Canada, 230 cards data from Madrid have also been compromised.
Read more »
Malware Report
Banking Trojans Breaking News Corkow Malware Report

Corkow, a Banking Trojan which has interest in Bitcoins and Android developers

Security researchers at ESET have found that the infection ratio of the lesser-known Russian Banking Trojan "Corkow" is increasing.

According to WeLiveSecurity, the Corkow trojan allows attackers to use different plug-in to improve the capabilities.

Like other trojans, it is capable of logging keystrokes, grab screen shots, web injection and form-grabbing to trick victims into handing over their financial data to cyber criminals.

In addition to the usual banking trojan features, it also allows attackers to remotely access the trojan and installs Pony- universal password stealer.

The malware also capable of collecting browser history, list of applications installed and processes running on the infected machine.

It appears the malware has interest on websites and softwares related to Bitcoins and systems belong to Android developers who publish apps in Google Play.

Once a system is infected, the malware's payload will be encrypted using volume serial number of C drive and behaves innocuously, if it is being executed in a separate computer from the one it initially infected in an attempt to make the malware analysis difficult.

ESET is about to release more detailed technical examination of this malware next week.
Read more »
Web Application Vulnerability
Hacking News Joomla vulnerability Vulnerability Web Application Vulnerability

Thousands of Joomla websites using JomSocial vulnerable to Remote Code Execution

Thousands of Joomla websites using JomSocial are vulnerable to Remote Code Execution vulnerability.  JomSocial is a social networking extension for Joomla CMS.

The extension is currently listed on the Joomla's Vulnerable Extension list.  The vulnerability is being exploited in the wild, several users have reported that someone had hacked into their website.

According to JomSocial, hackers breached JomSocial website by exploiting this vulnerability.  The security experts at JomSocial have spotted the attack and released a patch for this vulnerability.  While analyzing the vulnerability which is being exploited, they also discovered another critical vulnerability.

The vulnerability was discovered by a security researcher Matias Fontanini.  He notified JomSocial about the vulnerability.  At first, the team said that they have fixed the issue in the 3.1.0.1. However, researcher found 3.1.0.1 is also vulnerable.

Vulnerability Details:
The vulnerability is located in the 'photos' controller, 'ajaxUploadAvatar' task. The parameters parsed by the 'Azrul' plugin are not properly sanitized before being used in a call to the 'call_user_func_array' PHP function.

"This allows an attacker to execute arbitrary static class functions, using any amount of user-provided parameters."  An attacker can exploit this vulnerability by calling CStringHelper::escape function and execute arbitrary PHP code.

HTTP Request exploiting the vulnerability

More technical details about the vulnerability and exploit code is available here.

As you can see that exploit code is already publicly available, all JomScoial Admins are advised to upgrade to latest version of the extension (v3.1.0.4) as soon as possible.
Read more »
Malware Report
Bitcoin malware Breaking News Mac Malware Malware Report

StealthBit: New malware targeting Apple Mac OS X steals Bitcoins

A new Trojan Horse targeting Apple Mac OS X spies on web traffic of users and attempt to steal Bitcoins.  SecureMac says the malware referred as "OSX/CoinThief.A" is found in the wild.  Several users have reported that their Bitcoins have been stolen.

The malware hosted in Github with the name "StealthBit" disguising itself as an app to send and receive payments on Bitcoin Stealth Addresses.  A link to this project had also been posted in reddit  inciting users to download the app and have been voted by 100 people. 

The project had source code as well as a pre-compiled binary file.  Researchers say the binary file didn't match with the copy generated from source code. Those who installed the pre-compiled version of the app likely to be infected by this malware.

One user from reddit reported that his 20 Bitcoins(current value is around $10k) have been stolen by this malware app.

"I foolishly installed 'StealthBit' Anyone else find this to be a virus? The Post is still online.. I found 1 comment suggesting the possibility. https://pay.reddit.com/r/Bitcoin/comments/1wqljr/i_was_bored_so_i_made_bitcoin_stealth_addresses/" The user posted in the reddit.

Upon running the app for the first time, it installs browser extensions for Safari and Google Chrome and runs continually a program in background that looking for Bitcoin Wallet login credentials. The malware then steals Bitcoin login credentials, username and Unique identifier of infected Mac.

At the time of writing, the malicious project have been removed from the GitHub. 

It appears this is not the first time Mac users being fooled such kind of malicious apps.  One user shared his experience that he was scammed by similar app called "Bitvanity" which was also hosted in Github, stole 20 BTC from his account.

The user also has pointed out interesting facts about these two projects- The "StealthBit" hosted by "Thomas Revor" and "Bitvanity" was hosted by "Trevorscool".
Read more »
Twitter account hacked
hacker news TheHorsemenLulz Twitter account hacked

Dubai Police's Twitter and other Social media accounts hacked by @TheHorsemenLulz

A hacker identified as @TheHorsemenLulz attacked Dubai Police's official Social media accounts including verified Twitter account with 258k followers.

"Dubai Police is spying on you, Isn’t it fair that we the people do the same back? hacked by @TheHorsemenLulz," message posted in the hijacked twitter account reads.

Hacker posted a number of screenshots in his twitter account, it shows that he also hijacked other social media accounts : Pinterest, Linkedin and Tumblr.

Dubai Police have regained access to their twitter account and the tweets posted by hacker have been removed from the feeds.

It appears the hacker has ddosed several websites including Central Bank of the United Arab Emirates, UAE Computer Emergency Response Team and Emirates Integrated Telecommunications Company.
Read more »
Malware Report
Google Safe Browsing IT Security News Malvertising Malware Report

Thousands of websites using MadAdsMedia ads blocked by Google Safe Browsing

Thousands of websites' owners using MadAdsMedia ads service became mad after Google Safe Browsing blocked their websites.

A number of users have reported in Google forums and Digital Point forums that their website is blocked by GSB and showing the following warning message "This web page at [site] has been reported as an attack page and has been blocked based on your security preferences."

Even after removing the MadAdsMedia script from their website, it is still showing the Malware warning.

"In my webmaster tools it lists the suspicious snippets as the links to madads. As I said before I removed them, then I tried to request a review in my webmaster tools but when I submit it I get: 'Your request can't be processed at this time because your site isn't currently flagged for malware. If you see a malware warning in your browser, it is likely a cross-site warning.' " One of the user posted in DigitalPoint forums.

It is still unknown whether Google mistakenly blocked those websites or the MadAdsWebsite is hacked to serve malicious ads.  We are not sure how many number of websites have been affected.

*Update:
According to fz6-forum, one of the MadAdsMedia advertising vendors' server was hacked and few ads have been injected with malicious code.

"This message is regarding the recent malware notifications that some of our publishers may have experienced. Just before noon today, our engineers discovered that one of our ad serving locations had been hacked."
 
"Since this attack was discovered, our engineering team worked diligently until 3:45pm EST to ensure that the appropriate action was taken to secure our ad server. Unfortunately during that time, this attack effected 7.8% of our publishers' domains. " Mail from MadMAdsMedia reads.
Read more »
Vulnerability
Breaking News Denial of Service vulnerability Vulnerability

Vulnerability in Snapchat allows hackers to remotely crash iPhones

A New security flaw has been discovered in Snapchat app allows a hacker to launch denial of service attack that will crash your Iphone devices.

A cyber security researcher Jaime Sanchez today exposed a security bug in Snapchat app that allows an attacker to send thousands of messages within few seconds.  Users can only recover the phone by hard reset.

The app generates a new token whenever user send a message, in order to verify their identity.  

According to Los Angeles Times, vulnerability allows to reuse the old tokens generated by the app to send new messages.  A cyber criminal can use these old tokens to send a large amount of spam messages.

The researcher hasn't informed Snapchat about the vulnerability and told Los Angeles times that Snapchat has no respect for the cyber security research community.

The reason why researcher is saying that is because Snapchat recently ignored a security bug reported by security researchers that could be used to expose user data.
Read more »
Tidal Botnet
Information Security News Spam Bots Spam Report Tidal Botnet

Users targeted with large number of Spam mails containing Banking Trojan

 
A new massive spam campaign has been spotted by security researchers at AppRiver which sends large amount of spam mails to data centers in an effort to evade Email-filtering engines.

AppRiver's data centers received 10 to 12 times normal traffic.  Even though AppRiver managed to block the spam mails, tremendous volume of traffic caused some of its customers delays in sending and receiving emails.

CyberCriminals are targeting users with large amount of emails with varying premise.  One of the spam mails is targeting Bank of America customers.  A fake alert message pretending to be from Bank of America contains a Bredo malware.

Researchers say the malware is capable of recording the keystrokes and steal financial information.  It has also capabilities to do download additional malware on the victim's machine.  The spam mails reportedly detected only by 11 out of 51 antiviruses.

Another mail analyzed by AppRiver is pretending to be from "VISA/MasterCard" and informs recipients that their account has been blocked due to unusual activity.

Some of the malicious attached files have pointed to Andromeda botnet and some other pointing to Bredo Botnet.  This botnet activity being referred as TidalWave/TidalBotnet by AppRiver.
Read more »
Hacking News
defacement Dr.SHA6H Hacking News

Turkmenistan Banks and Government websites hacked by Dr.SHA6H

A Syrian hacker with twitter handle "Dr.SHA6H" has hacked and defaced the official websites of two Turkmenistan state-owned commercial banks. The affected Banks are PrezidentBank (presidentbank.gov.tm) and Turkmenbashi Bank(tbbank.gov.tm).

The hacker managed to modify the contents of an article at PrezidentBank site and just wrote "Hacked By Dr.SHA6H" in the homepage.  The home page of Turkmenbashi Bank has also been modified by the hacker, he managed to place the message at the end of homepage.

The hacker didn't stop with these two bank websites defacement, he also breached few other government websites.

The affected websites includes Nowruz festival(www.nowruz.gov.tm ), Earthquake Engineering Research Institute Website(seysmostroy.gov.tm), Commerce and Industry of Turkmenistan(cci.gov.tm).

Dr.SHA6H is known for government websites defacements.  At the end of last year, he defaced several Kerala Government websites and left the same message.
Read more »
Subscribe to: Comments (Atom)