Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Vulnerability
Router vulnerability Vulnerability

Cisco Small Business Routers can be remotely hacked


A security flaw in the Cisco wireless VPN router and cisco wireless VPN firewall allows an attacker to gain remote access to the admin panel of the web management interface of the affected device.

According to the security advisory, the vulnerability is due to the improper handling of authentication requests by web framework.

"An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. " the security advisory reads.

Common Vulnerability Scoring System (CVSS) rated this vulnerability as highly critical vulnerability - base score is 10.

Cisco has issued a software update for all of the affected devices which will address this vulnerability.  There are currently no known workarounds that mitigate this vulnerability.

Cisco says the vulnerability is not being publicly exploited by any attackers.  It was reported by a security researcher Gustavo Javier Speranza.
Read more »
Website Hacked
Hacking News Website Hacked

BitStamp hacked, users are receiving spam mail containing malware


BitStamp which is said to be largest Bitcoin Exchange, has been breached and users are receiving spam mails containing a link to malware file.

BitStamp yesterday gave a warning to its users about a new phishing attack and urged users to ignore all emails with the subject "Bitstamp trading will be suspended for 24 hours".

A few days back, a BitStamp's user reported in reddit that he received a malicious email pretending to be from MtGox which asked to him to download a document saying "please sign the papers attached.  The malicious link given in the email led to page which distributes a malware with the extension '.pif'.

The user suggested that BitStamp mailing list might be compromised by attackers.  The attackers also appear to have sent spam mail pretending to be from BTC Guild and Eobot.  

BitStamp confirmed to owner of BTC Guild 'Eleuthira' that its mailing list has been compromised by attackers.  The security breach was reportedly happened before two weeks.
Read more »
Remote Administration tools
Android Malware Dendroid malware Malware Report Remote Administration tools

Dendroid, a new Android malware toolkit

Number of malware for Android platform is increasing day by day.  Cybercriminals trying to sell android-malware toolkit to others.  The first Android Remote admin tool is AndroRAT which is believed to first ever malware APK binder.

Symantec researchers have come to know another android malware toolkit called "Dendroid" is being sold in the underground forums.

A cybercriminal going by online handle "soccer" in the underground forum is selling this HTTP based RAT which is said to be having many malicious features.

The toolkit is able to create malicious apk file capable of 'deleting call logs', 'call to any number', 'open webpages', 'record calls', 'intercept sms', 'take and upload photos&videos', 'dos attack'.

Researchers say the cybercriminal also offer 24/7 support for this RAT.  Others can buy this toolkit by paying $300 through crypto currencies such as Bitcoins, Litecoins.

Experts have mentioned that this RAT has some link with the previous AndroRAT saying "the author of the Dendroid APK binder included with this package had assistance writing this APK binder from the author of the original AndroRAT APK binder.   "
Read more »
Spam Report
Phishing scam Spam Report

European Apple users targeted with phishing emails

A new phishing campaign targeting European users of Apple store which promises to offer a discount.

Security researchers at Kaspersky have spotted a new spam mail targeting Apple users, tricks users into thinking that they can get discounts of 150 euros by just paying 9 euros.

"Apple is rewarding its long-term customers.  Your loyalty for our products made you eligible for buying an Apple discount card" The spam mail reads.

The spam mail asks users to download an attached HTML file and fill the form, where users are being asked to enter personal information as well as credit card information.

The scammers spoofed the email address such that it makes the email pretending to be from informs@apple.com.  They also promised to send the discount card within 24 hours, after filling the form.

If a recipient follows the instructions and fill the form, the phishing file will send the data to the attacker server.  The attacker will use the given financial data. 
Read more »
Vulnerability
Breaking News Security flaw Vulnerability

Critical Bug in GnuTLS library affects Linux and hundreds of apps


A critical bug(CVE-2014-0092) in handling the errors in the GNU Security library GnuTLS affects hundreds of software packages including RedHat, Debian and Ubuntu distros.

According to RedHat security advisory, there is a coding error in GnuTLS which fails to handle certain errors that could occur during the verification of an X.509 certificate, results in reporting 'a successful verification'.

"An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker." the advisory reads.

The bug exists in returning the value in the verify.c file (https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b?diffmode=sidebyside).  It appears the uninitialized variable "result" is causing the problem.  There is also another coding error where it returns value of issuer_version when issuer_version is less than zero, instead of returning zero.  And, when result is less than zero, it goes to 'cleanup' location instead of 'fail'.

Nikos Mavrogiannopoulos from Red Hat Security Technologies Team discovered this security flaw, while doing an audit of GnuTLS for the RedHat.

Users are advised to upgrade to the latest GnuTLS version (3.2.12 or 3.1.22) or apply the patch for GnuTLS 2.12.x.
Read more »
Hacking News
Bitcoin hacked Breaking News Hacking News

Bitcoin Exchange Poloniex website got hacked

Here comes another hacking news related to Bitcoin.  Multi crypto currency exchange Poloniex has announced today that their website suffered a cyber attack, leading to Bitcoins being stolen from their company.

On BitcoinTalk forum, the company explained how hackers stole the Bitcoins; Placing multiple withdrawls requests at the same time will result in negative balance but still the request is being processed.

"Another design flaw is that withdrawals should be queued at every step of the way. This could not have happened if withdrawals requests were processed sequentially instead of simultaneously" the forum post explaining another bug reads.

One of the forum's member gave a link to the attacker's bitcoin address "https://blockchain.info/address/1Ktq7TE3J5vZ3c99M5weqKfFcNkHQdqPrq".  It appears the loss is around $50,000(76BTC).

The owner of Poloniex said he will take the full responsibility and will repay the debt of BTC.  However, due to shortage of 12.3% in funds, the company will temporarily deduct 12.3% balance from all accounts.

"If I had the money to cover the entire debt right now, I would cover it in a heartbeat. I simply don't, and I can't just pull it out of thin air." he said.
Read more »
Security Breach
Bitcoin hacked Breaking News Hacking News Security Breach

Bitcoin Bank Flexcoin website hacked, $600,000 worth Bitcoins stolen

Bitcoin Bank "FlexCoin" website has been closed after reportedly hackers attacked the site and stole 896 bitcoins worth $600,320.

The organization claims the attack happened on March 2nd, in which attackers transferred the bitcoins to two different addresses.

"As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately." the company posted a statement on its main page.

The bitcoins stored in cold storage were not affected by this breach, as coins were held offline.  Those users who put their coins into cold storage will be contacted by Flexcoin and asked to verify their identity.

For others, the company pointed out a link to TOS, where it says "Flexcoin Inc is not responsible for insuring any bitcoins stored in the Flexcoin system. You are entering into this agreement with Flexcoin Inc. You agree to not hold Flexcoin Inc, or Flexcoin Inc's stakeholders, or Flexcoin Inc's shareholders liable for any lost bitcoins."

The company says they are working with law enforcement and trying to find the cause of the security breach.  
Read more »
Pharming attack
Featured Hacking News Pharming attack

Hackers compromise 300,000 SOHO routers and changed DNS to redirect to attacker site

A security researchers at Team Cymru have uncovered a Pharming attack campaign targeting Small office and Home office(SOHO) routers.  So far, more than 300k SOHO routers have been compromised.

The hackers altered DNS settings  to use IP addresses '5.45.75[.]11' and '5.45.75[.]36' on the compromised devices in an effort to redirect the victim to attacker's website.

Most of the compromised devices are from Vietnam.  India is also to be one of the top countries affected by this campaign.  Other affected countries are including Italy, Thailand, Indonesia, Ukraine, Turkey, Colombia.

The affected routers are from number of manufacturers including Micronet, Tenda, D-Link, TP-Link.  Researchers say that affected devices are vulnerable to multiple exploits including CSRF attack, vulnerability in ZyXEL firmware.

The vulnerability in ZyXEL's ZynOS was discovered by researcher back in January which allows attacker to directly download the routers configuration file http://[IP Address]/rom-0.

So far, the attackers didn't seem to have abused the compromised devices.  But, the attack is similar to the attack against a number of Poland's banks.  In which, the attacker changed the DNS configuration in order to steal Online Banking login credentials.
Read more »
Hackers Conference
Breaking News Defcon Kerala Hackers Conference

Defcon Kerala Information Security Meet 2014


DEFCON KERALA chapter is pleased to announce that the second edition of DEFCON Kerala 2014 will be held on March 8th at Hotel Travancore Court, Kochi. DEFCON Kerala (DC0497) is the first DEFCON Chapter in Kerala and is a DEFCON USA Registered group for promoting and demonstrating research and development in the field of Information Security. We are a group of Information Security Enthusiasts actively interested in promoting information security.

Whether you are an information security expert, researcher or newbie in the field of information security, we have the right events to satisfy your appetite. This year DEFCON Kerala bring you a host of events which include.

KEYNOTE SESSION
N. Vinayakumaran Nair, Assistant Commissioner, Hi-Tech Cell, Kerala Police

TECHNICAL TALKS
Be there with us to hear from the experts who are at the forefront of information security research. This year we have about 12 Technical Talks that demonstrate Information Security Research in various fields.

  • WI-Hawk - Anamika Singh, Product Specialist
  • Android Security and Mobile OS Security in General - Anto Joseph, Technical Consultant
  • Compromising a DB via the XSS Vulnerability. XSS + Metasploit + Social Engineering -Fadli B. Sidek&VikneshwaranVeeran, Security Consultants
  • Security through Obscurity No More Alive - Gaurav Raj Anand, Independent Researcher
  • XMLChor-XPATH Injection exploitation - HarshalJaiprakashJamdade, Security Researcher
  • Interactive Web Security Testing with IronWASP- Lavakumar, Founder IronWASP
  • Windows 8 Forensics - Nikhalesh Singh Bhadoria, Information Security Researcher
  • DrupSnipe: Vulnerability Scanner for live Drupal powered website - Ranjeet Singh Sengar and Sukesh Reddy, Security Researchers
  • Securing the Web-Native Bridge in Hybrid Mobile Apps - Sachinraj Shetty, Application Security Manager
  • Android Forensics and Security Analysis - Santhosh Kumar, Independent Security Researcher.
  • To be announced - Francis Alexander, Security Researcher, OpenSecurity
  • HackSpace Workshop - YashinMehaboobe, Security Researcher, OpenSecurity

HACKSPACE-Free Hardware hacking workshop


HackSpace is a free and interactive hands on workshop on hardware hacking. It'll cover everything from basic microcontroller programming to hardware based attacks. Workshop will start with basic programming fundamentals. This will serve as a base for the rest of the class. Attendees will be introduced to various boards such as the Raspberry Pi, various Arduino boards as well as boards such as the MSP430 Launchpad.

The course will include fundamentals of bus protocols such as UART,I2C and SPI and how they are used. This will all be covered from an HackSpace is a free and interactive hands on workshop on hardware hacking. It'll cover everything from basic microcontroller programming to hardware based attacks. Workshop will start with basic programming fundamentals. This will serve as a base for the rest of the class. Attendees will be introduced to various boards such as the Raspberry Pi, various Arduino boards as well as boards such as the MSP430 Launchpad. The course will include fundamentals of bus protocols such as UART,I2C and SPI and how they are used. This will all be covered from an InfoSec perspective. Attendees will learn how to utilize the boards for penetration testing and security research.

DEFKTHON CTF
DEFKTHON CTF is DEFCON Kerala's trademark CTF. This is a jeopardy style CTF with challenges categorized into Recon, Reversing, Web, Crypto and Miscellaneous. The CTF is open to all and will be online on March 3rd 9.00 IST and will run till March 4th 21.00 IST. Stay tuned to http://ctf.defconkerala.com/


BEST SPEAKER AWARD

Cyber Security and Privacy Foundation(CSPF) will award the best speaker a grant of Rs.10,000. The Speakers will be judged by a Committee including Team DEFCON Kerala and an honorable member form CSPF. Delegates can contribute 50% to this selection process.

Top 5 reasons to attend DEFCON KERALA 2014
Access to cutting edge Technical Talks.
Access to Hack Space, the Hardware Hacking workshop.
Certificate of Participation.
Slides, Tools or Materials provided by the Speaker.
A niche networking platform.


Entry Pass: Rs.1100
Student Pass: Rs.800 (with discount code)
DISCOUNT CODE: STUDENT_14
Complimentary food coupons for all attendees.

Visit: www.defconkerala.com
Register Here: http://defconkerala.com/registration.html
Read more »
Hacking News
Defaced Website Hacking News

Russian Today (RT) news website hacked

On Sunday, the famous Russian news website RT.com has bee hacked and defaced.

The hackers gained access to the admin panel of the RT website and managed to publish several articles containing "Nazi" word in the headline.

The security breach also has been confirmed by the Russian Today in its official twitter account saying "Hackers deface RT.com  website, crack admin access, place "Nazi" in every headline. Back to normal now.".

Some of the published articles are entitled "Russian Senators vote to use stabilizing Nazi forces on Ukrainian territory", "Nazi nationalist leader calls on 'most wanted' Nazi umarov' to act against Russia' ".

The website has been restored and back to normal.  But still, no hackers appear to have taken credit for the breach.
Read more »
Malware Report
Banking Trojans Malvertising Malware Report

YouTube ads serve Banking Trojan Caphaw


Number of Malvertising attacks are appeared to be increasing day by day, even top websites fall victim to such kind of attacks - YouTube is to be the latest popular organization affected by malicious ads.

Security experts from Bromium have discovered that the cyber criminals were distributing a malware via YouTube ads.

According to researchers,  malicious ads attempt to exploit vulnerabilities in outdated Java.  It loads different malicious jar file, to ensure the exploit is compatible with the installed java version.

The Exploit kit used in this attack "Styx Exploit Kit" which was the same one used by cybercriminals to infect users of toy maker Hasbro.com.

If the user's machine is having vulnerable plugins, it will exploit the vulnerability and drops a Banking Trojan known as "Caphaw".  Researchers say they are working with Google Security team. 
Read more »
Subscribe to: Comments (Atom)