Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Featured
Defaced Website Featured

EC Council official website hacked


A hacker who calls himself "Eugene Belford" (A character from the movie "Hackers" )has hacked the EC-Council website - an organization that offers Certified Ethical Hacker(CEH)

"Owned by certified unethical software security professional" The defacement message reads.

He has also put in the deface page documents proving that "Edward Snowden" attended the CEH classes in India.

A spokesman from CSPF (Cyber Security and Privacy Foundation) says, it appears to be hackers used DNS hijacking attack to deface the website and possible gain access to their email.

Another CEH certified professional says he was not satisfied with EC Coucil  Training. He says though the course material is good and certification is recognised worldwide, the trainers from francisees of EC Coucil do not know hacking and they are not competent to take CEH classes.


Update: Sometime after this news was posted the hacker edited the deface page with this extra text. 

"Defaced again? Yep, good job reusing your passwords morons jack67834#

owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
-Eugene Belford

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials "

It might be that the attacker has gotten access to the emails of EC Council and hence all the email correspondence of the Law Enforcements and Military officials might be compromised also.



Read more »
Security Breach
Data Breach hacker news Security Breach

Hackers compromised 300k personal records from University of Maryland

Hackers breached University of Maryland's computer and compromised data belong to more than 300,000 people affiliated with the school on its College Park and Shady Grove campuses.

Details of students, staffs have been compromised in this security breach.  The accessed information includes Social Security numbers, names, birth dates and university ids, reports TwinCities.com

On Tuesday, 4 a.m, an Intruder gained access to a database containing information dating to 1998.  Other than stealing the data, the hacker didn't do any damage for the server.

University President Wallace D. Loh. said school officials are investigating the security breach and trying their best to prevent such kind of attacks in future.

Loh said they are also working with Law enforcements authorities. Computer forensics experts are examining the logs to determine how intruders gained access.

University plans to offer one year free credit card monitoring service to those who affected by this breach. 
Read more »
Hackers Arrested
Cyber Crime Hackers Arrested

Two Students hacked Data InfoSys website to recharge mobile phones worth Rs.8 Lakh

Two Information Technology(IT) students have been arrested by Jaipur cyber crime police for hacking Data InfoSys e-processing system and fraudulently recharging BSNL mobile phones.

Kulshrestha Varma and Hardik Sud, both 19-years-old, students of APG University in Shimla, managed to recharge more than 500 mobile phones, causing loss of Rs.8 Lakh for the Data infosys.

According to Times of India, the students have used a public Internet cafe to breach the Data InfoSys' website.  These two kids might have thought that police can't catch them, if they use a cyber cafe.

The company became aware of fraudulent recharges at the end of last year and filed a complaint in cyber police station back in December 3rd.  Police took 75 days to crack the case.

Police has arrested and brought them to Jaipur on a transit remand.  The police suspect involvement of several other people in this cyber crime.   
Read more »
Security Breach
Breaking News Data Breach Hacking News Security Breach

KickStarter kicked by Hackers, username and password stolen

Online Crowdfunding website KickStarter is to be the latest high-profile website reporting security breach.  KickStarter became aware of the breach, after receiving a notification from Law enforcement.

Hackers breached their website( kickstarter.com) and gained access to the user's information including usernames, encrypted passwords, email IDs and phone numbers.  The company says there is No Credit card data compromised in this breach.  

Even though the password is encrypted one,  we aware the fact that attackers with enough computing power can easily crack those passwords.

The company informs that two accounts have been accessed by hackers so far.  All users are recommended to change their password immediately for the KickStarter website.

If you are using the same password in any other websites(most of us do), you are also advised to reset the password there also.

"We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting." the company apologizes in their blog post.
Read more »
Malware Report
Android Malware Information Security Malware in Google Play Malware Report

Android SMS malware hosted on Google Play infects 1.2 Million users


Experts often suggest to download android apps only from Google Play to avoid malware infection.  But, it doesn't mean that we can trust all of the apps hosted on Google.  

Security researchers from Panda security has found more than five malicious apps being hosted on Google play.

The apps in question appear to be targeting users in Spain.  Name of the apps are in Spanish: “Peinados Fáciles” (Easy Hairdos), “Dietas para Reducir el Abdomen” (Abs Diets), “Rutinas Ejercicios para el Gym” (Workout Routines) and “Cupcakes Recetas” (Cupcake Recipes).

The apps obtain phone number of the infected device from WhatsApp and uses it to sign the victim up to a premium rated SMS subscription services.

Researchers say that each of these apps have been downloaded by between 50k and 100k users. It means that between 300k and 1.2 Million users might have affected this malware.

“The truth is that fraudsters are making insane amounts of money from these premium services. A conservative estimate of, let’s say, €20 paid by each user would result in a huge sum of 6 to 24 million euros stolen from victims”, said Luis Corrons, Technical Director of PandaLabs.
Read more »
Syrian Electronic Army
Featured Social Engineering Attack Syrian Electronic Army

Syrian Electronic Army hacks Forbes website and twitter accounts

Forbes, american business magazine, is appeared to be the latest victim of the Syrian Electronic Army.  The group has managed to post articles entitled "hacked by syrian electronic army".

The group is experts in phishing attack -targeting employees of the organization with a fake emails.  We believe hackers used the same method for compromising Forbes' employees also.

It appears they have gained admin access to the wordpress panel that allowed them to post stories.

The group appears to have compromised one twitter account of forbes (@forbestech) and two twitter accounts(@thealexknapp, @samsharf) belong to their employees.  At the time of writing, Samantha sharf account still shows the hackers tweet.

The hackers said the reason for hacking forbes is because the publication posted  many articles against syrian electronic army, with muchnhate for syria.

Read more »
Web Application Vulnerability
DDOS Attacks Tomcat Vulnerability Vulnerability Web Application Vulnerability

CVE-2014-0050: Apache Tomcat vulnerable to Denial of service attack

If you are a developer, you should always be careful when writing loops especially an endless loops [ for(;;) or while(true) ] which are coded to be stopped by an 'if' statement.

Security researchers from TrustWave have explained how an endless 'for' loop resulted in a denial of service vulnerability that could allow attackers to launch DOS attacks against websites hosted on Apache Tomcat servers.

The vulnerability(CVE-2014-0050) is located in Apache Commons FileUpload file.  The 'for' loop in the file is coded in such a way that it will be stopped by raising an exception or by returning a value. 

An attacker can send a malformed 'Content-type' header for a multipart request which could result in an infinite loop.

Multipart is often used in HTTP request for uploading files.  Values in the multipart requests are separated by a magic line called "boundary".  Boundary is a random string which will be defined in the 'content-type' header.

By sending a boundary value longer than 4091 characters and 'body' longer than 4096 characters, the 'for' loop won't be stopped by both 'if' statement.

TrustWave researchers managed to send four times a request containing more than 4091 characters in the boundary field that forces vulnerable tomcat server into an infinite loop.  As a result, the tomcat server will end up in consuming all available CPU resources until it is stopped.
Read more »
Spear Phishing attacks
Breaking News Data Breach Social Engineering Attack Spear Phishing attacks

Target data breach started with a Spear phishing attack targeting HVAC firm

A latest information on Target data breach published by security blogger Brian Krebs shows the power of Social Engineering attacks. 

It appears everything began from a spear phishing attack in which employees of HVAC company Fazio Mechanical Services targeted with an email containing a piece of malware.

Sources have told Krebs that the malware used in the attack is Citadel- a notorious banking trojan capable of stealing login credentials and other information.  However, Krebs isn't able to confirm the information.

The reason why the company didn't get chance to identify the malware is because it is using a free version of Malwarebytes Anti-malware to protect is internal systems.

Malwarebytes is one of good tool capable of scanning and removing threats from infected machines.  However, unlike the Pro version(just $25), it doesn't offer any real-time protection.

Furthermore, the free version is meant for individuals not for companies, also the license for free version prohibits corporate use. 
Read more »
Malware Report
Bitcoin malware Breaking News CoinThief malware Hacking News Malware Report

Bitcoin stealing Mac malware found to be hosted on Download.com and MacUpdate.com

Image Credits: ThreatPost.
Another variant of the recently discovered Mac Trojan "OSX/CoinThief" is found to be hosted on two popular download websites Download.com and MacUpdate.com.

CoinThief malware is designed to steal Bitcoins login credentials from victim as well as Mac's username and UUID(unique identifier), also collects information about the list of Bitcoin related apps installed on the system.

Few days back, SecureMac spotted this Trojan is being hosted under the name of "Stealthbit" on GitHub and downloaded by hundreds of users.  One user from reddit also pointed out the similarity between an one year old fake bitcoin related app "BitVanity" and stealthbit.

Now, experts at SecureMac have spotted one more variant being hosted under the name of "Bitcoin Ticker TTM" and "Litecoin Ticker" on popular download sites.  These app names appear to have been taken from legitimate apps in the Mac app store.

This version also installs fake browser extension called as Pop-up Blocker in Chrome, safari and firefox.  The malicious extension attempts to sniff on the web traffic to steal  bitcoin login credentials.  It will communicate with the background process and send collected data to a remote server.

SecureMac has explained how to check whether malware is installed on your system and how to remove this CoinThief malware.

The developer of legitimate Bitcoin Ticker TTM app said he has no connection with download.com & Macupdate.com and recommends users to download the app from Mac app store.
Read more »
DDOS Attacks
Anonymous hacktivists DDOS Attacks

Anonymous hacktivists launch DDOS attack against GCHQ website


It seems like Anonymous hackers have launched a Distributed denial of service(ddos) attack against GCHQ website.

The attack just came after Edward Snowden leaked a document which revealed that British Spy Agency (GCHQ) carried out ddos attacks to disrupt the anonymous hacktivists' communication channel.

Some anonymous hacktivists also claimed to have successfully disrupted the website of GCHQ.  Netcraft confirmed that gchq.gov.uk today has experienced 'noticeable performance issues'.  Netcraft says the attack could be originated from Romania.

"Curiously, a much larger amount of downtime has been observed from Netcraft's Romanian performance monitor since the leaked slides were made public."Netcraft post reads.

"That could indicate much more extreme DDoS mitigation techniques are being applied to these requests, and this in turn suggests that if an attack is occurring, perhaps Romania is one of the countries from which the attacks are being launched."
Read more »
NTP based DDOS attack
DDOS Attacks Featured hacker news NTP based DDOS attack

400Gbps NTP-based DDOS attack hits CloudFlare - largest DDOS attack in History

Until a week ago, it was believed that Distributed denial-of-service(DDOS) attack against Spamhaus is the largest one in the history.  Now, an even bigger DDOS attack has been recorded by the Content delivery Network CloudFlare.

Matthew Prince, CloudFlare CEO, said in twitter that very big NTP reflection attack was hitting them and appears to be bigger than the Spamhaus attack from last year.

According to Matthew, the attack reached 400Gbps which is 100Gbps higher than the ddos attack targeting Spamhaus. 

CloudFlare said all websites have returned to production.

Founder of a French hosting firm OVH also said their network received more than 350Gbps traffic, but it is not clear whether it is related or not.

Last month, CloudFlare also wrote an article detailing about the Network Time protocol(NTP) based DDOS attacks that caused trouble for some gaming web sites and service providers.

NTP protocol is UDP-based protocol runs on port 123 which is used by Internet connected computers to set clocks accurately.  A system will synchronize with the server and receives the current time.

Experts says this protocol is prone to amplification attacks because it will response to the packets with spoofed source IP address "and because at least one of its built in commands will send a long reply to a short request. That makes it ideal as a DDoS tool."

List of open NTP servers on the Internet allows attackers to launch Denial of attack against any target network. 
Read more »
Subscribe to: Comments (Atom)