Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Syrian Electronic Army
Defaced Website hacker news Syrian Electronic Army

Syrian National Coalition website and US Central Command hacked by Syrian Electronic Army


The official website of the National Coalition for Syrian Revolutionary and Opposition Forces(etilaf.org) and few other websites have been hacked and defaced by Syrian Electronic Army.

In addition to Syrian National Coalition hack, the group also hacked into Masarat Syria (masaratsyria.com) and the City Council of Daraya (darayacouncil.org).

The hacked websites went offline at the time of writing, A mirror of the defacement can be found here:
  • http://www.zone-h.org/mirror/id/22015751
  • http://www.zone-h.org/mirror/id/22015787
  • http://www.zone-h.org/mirror/id/22015855
Recently, the group also announced that they have successfully breached the US Central Command(CENTCOM) and accessed hundreds of documents.

In the meantime, the Syrian Electronic army also posted a tweet "How much does @Microsoft charge @FBIPressOffice ever month to spy on your emails? Stay tuned for their leaked documents. #SEA #PRISM".

Read more »
Pakistan Hacker
BSNL hacked Defaced Website Pakistan Hacker

BSNL subdomain's defaced by "Kai-h4xOrR And Trojan"



Two Pakistani hackers called "Kai-h4xOrR And Trojan" have managed deface some webpages of BSNL's sub-domains.

The defaced pages are:
http://learntelecom.bsnl.co.in/acp_main_module/schedule_list.asp
http://www.vas.bsnl.co.in/vas/contact_us.jsp?cir=11

They left the following message: "Team MaXiMiZerSOp# Free For Kashmir"

BSNL has very bad track record with security it has been defaced multiple times in the past few years.

Mirrors:http://zone-h.com/mirror/id/22021830

http://zone-hc.com/archive/mirror/d0abab6_learntelecom.bsnl.co.in_mirror_.html

http://zone-hc.com/archive/mirror/ea72f34_vas.bsnl.co.in_mirror_.html
Read more »
Web Application Vulnerability
Express Language Injection Indian Security Researchers Vulnerability Web Application Vulnerability

Express Language(EL) Injection vulnerability in Paypal's subsidiary

An Indian Security researcher Piyush Malik has discovered an Expression Language(EL) Injection security flaw in Zong, a subsidiary of Paypal.

According to OWASP, EL Injection is a vulnerability that allows hacker to control data passed to the EL Interpreter.  In some cases, it allows attackers to execute arbitrary code on the server.

Researcher Malik said in his blog that Zong was running an outdated version of Clearspace(Now known as Jive software) on a subdomain.

"Clearspace is a Knowledge management tool and is Integrated with Spring Framework. EL Pattern was used in Spring JSP Tags which made Clearspace Vulnerable to this Bug." Malik explained in his blog.

He found two forms in the site which are vulnerable to this bug. He was able to perform some arithmetic operations using the vulnerable field.

One of the vulnerable urls:
https://clearspace.zong.com/login!input.jspa?unauth=${custom command here}

An attacker can inject a Express Language command on the 'unauth' field which will be executed in the server.  In his demo, researcher inject an arithmetic command(https://clearspace.zong.com/login!input.jspa?unauth=${100*3}) and able to executed it.

Paypal has offered some bounty amount for his finding.  Researcher didn't disclose the bounty amount.

About EL Injection vulnerability is first documented by security researchers from Minded Security in 2011.  You can find the document here: https://www.mindedsecurity.com/fileshare/ExpressionLanguageInjection.pdf
Read more »
Police Ransomware
Police Ransomware

Romanian kills his son and commits suicide, after got threatened by Ransomware virus

Police Ransomware is a notorious virus that threatens the victim into paying some amount and informs the victim that they will be jailed, if they failed to pay.  So far, the worst-case scenario of a ransomware has been victim paying the fine, thinking it is legitimate warning from Police.

But, no one could have expected that this notorious malware forced a man into committing suicide.

Softpedia covers a terrible tragedy took place in the Romania - a man has committed suicide, after his system got infected by a 'Police Ransomware'. 

The man hanged himself and held his 4 year old boy in his arms with rope around his neck.  They both died strangled.

He left a suicide note to his wife which reads "I don’t think it’s normal what I’ve done (…) I apologize to all of you (…) I received a warning that said I have to pay 70.000 lei or go to prison for 11 years (…) I don’t want Nicusor [the small boy who was killed] to suffer because of me (…) I can’t stand going to prison. I can’t!"



Read more »
hacker news
Celebrity Hacked Featured hacker news

Miley Cyrus, Taylor Swift and Britney Spears websites hacked by Ethical Spectrum

Update :
The latest tweet from the hacker shows he compromised the database containing username and password details belong to these websites "The database of #MileyCyrus, #SelenaGomez......etc with 2,5 million users and pass is for sell, anyone interested email me at my mail"

Exclusive Information:
The hacker told E Hacking News that he found multiple vulnerabilities in the Groundctrl website and gained access to the database server.

He also gained access to the CMS panel which manages the celebrities' websites.
GroundCtrl CMS Panel

Original Article:

 
A hacker going by online handle "Ethical Spectrum" has hacked into websites belong to several celebrities and defaced the sites.

The affected websites include Miley Cyrus official site(mileycyrus.com), Selena Gomez(selenagomez.com), Taylor Swift site(taylorswift.com), Britney Spears site(britneyspears.com).

We are able to confirm that these are official websites of the celebrities, as it is being linked from their twitter account.

According to hackers twitter account(@Eth_Spectrum), he hacked into the above mentioned websites on March 8th.  The website was restored after the breach.  However, hacker mentioned he once again managed to deface them.  ]

Other websites attacked by the hacker are Ground Ctrl(groundctrl.com), mypinkfriday.com, Chelsea Handler site (chelseahandler.com), Aaron Lewis(aaronlewismusic.com/), therealcocojones.com, christinagrimmieofficial.com, Kacey Musgraves(kaceymusgraves.com).

The defacement just reads "Why i hacked this site, you can ask this person greg.patterson@groundctrl.com".

Greg Patterson is the co-founder of the Groundctrl, an organization that build websites for artists.  It appears the security breach started from Groundctrl.

Other affected sites:
  • Pat Green(patgreen.com),  
  • Rob Thomas(robthomasmusic.com), 
  • Rock Mafia(rockmafia.com  ), 
  • ritawilson.com  , 
  • sum41.com
  • nickcarter.net
  • jordanknight.com
If you are not able to see the defacement, you can find the mirror here:
http://www.zone-h.org/archive/notifier=Ethical%20Spectrum

All of the affected websites are currently showing the maintenance error message except groundctrl official website.

Hacker didn't provide much information about the breach, so we are not sure how exactly he hacked into all of these websites, whether he found a zero-day exploit on the cms developed by groundctrl or all of the affected sites managed in a central place. 


Read more »
Data Breach
Data Breach

Data breach at Seattle Archdiocese affects 90k employees and volunteers

Hackers breached the database of Seattle Archdiocese and compromised the data belong to thousands of employees and volunteers.

Church conducts a background check for employees and volunteers where they are asked to give their Social Security numbers, which will be stored in a database.

According to reports, this database has been compromised by attackers which reportedly affects more than 90,000 employees and volunteers. 

The Archdiocese has reported the data breach to the FBI and IRS.  A cyber forensic team is trying to determine the source of the breach.

Those who think they might have been affected are advised to contact the IRS identity protection specialized unit.
Read more »
Vulnerability
Information Security IT Security News Vulnerability

Bug in Twitter could allow anyone to read tweets from protected accounts

Twitter has fixed a bug in their website that could allow non-approved followers to read the tweets made by protected twitter accounts.

Normally, Tweets from protected accounts can't be seen by public user;  One should get approval from the account holder to view the protected tweets.

This bug could allow anyone to view hidden tweets by getting SMS or push notification from the accounts.  

The microblogging firm said a member of white hat security community helped them to discover and diagnose the bug.  According to its blog post, the bug is there since November 2013.

"As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future."

The bug affects around 93,788 protected accounts.  Twitter has sent mail to all affected users to inform about the bug and apologize.
Read more »
Twitter account hacked
Breaking News Hacking News Twitter account hacked

Justin Bieber Twitter account hacked, malicious url tweeted


Justin Bieber official twitter account which has more than 50 million followers has been hijacked by attackers to spread spam links from the account.

The attacker posted a tweet saying "Justin Bieber Cemberut? [Malicious link] " ( Cemberut is Indonesian word, it means  'Sullen').

The shortened link provided in the tweet leads to a .tk domain 'rumahfollowers[.]tk'.  At the time of writing, we are not able to access the site.  So, we are not able to determine exactly what has been delivered to users.

More than 13k users have favorited the spam tweets and over 7,000 users have re-tweeted them.  It means thousands of users might have followed the link and affected by this spam.

It is worth to note that this is not the first time his account being hijacked by attackers.  We are not sure how this time the account get compromised by the attacker. 

His team managed to recover the account and posted saying " all good now, we handled it".

Read more »
Vulnerability
Joomla vulnerability Security Advisory SQL Injection Vulnerability Vulnerability

Joomla 3.2.2 is vulnerable to SQL Injection and XSS


If your website is running Joomla 3.2.2, you should upgrade your CMS to the latest version.

A new version of Joomla v3.2.3 has been released to address more than 40 bugs and four security vulnerabilities.

One of the patched security flaws is SQL Injection, caused by Inadequate escaping, rated as High severity bug.  It affects versions 3.1.0 through 3.2.2.

Other two security bugs are Cross site scripting vulnerabilities, which have been rated as Medium severity bugs. 

The last one allows unauthorized logins via GMail authentication, caused by inadequate checking. It affects versions 2.5.8 and earlier 2.5.x and 3.2.2 and earlier 3.x.

It doesn't matter whether you do care about the 40 bugs but you always should consider the security fixes.  So, better update your cms immediately before attackers informing you by hacking your site.
Read more »
Security News
Hackers Conference Information Security nullcon Security News

Nullcon international security conference 2014

Recently we all witnessed this season of NULLCON unfold, NULLCON, which is India’s biggest Security Conference that happens in Goa every year, this year it was held on 14th of Feb, and its tagline being ”Spread Love, Not Malware”.

This year’s Nullcon International Conference was filled with speakers from across the Globe with various interesting papers that were presented. This year’s Nullcon did see some of the upcoming talents of Indian Cyber Space.

The event started off with a bang with the Night Talks on 13th night which was followed by a Grand Party. The evening part of the talks even had “Black Shield Award” segment which brought out the eminent personalities being awarded the Black Shield Award. The Achievers List of Black Shield is as follows:


The day talks started on 14th morning and went on till 15th evening. This year’s Nullcon’s talks featured various well known Security Researchers such as Rahul Sasi, Alexander Polyakov, LavaKumar Kuppan, Vivek Ramachandran, Saumil Shah and many more. And as Nullcon always tries to bring out the budding talents from India, this time we did have upcoming talents from Indian Infosec Community such as Yahin Mehboobe, Ankita Gupta, Abhay Rana and many more.

One of the major paparazzi grabber this time was the Ultra Geeky nullcon2014 hardware badge that was developed by Indian researchers “Amay Gat” and “Umesh Jawalikar”.

One of the new things that was seen this time at Nullcon was the NULLCON AMMO which showcased some of the coolest, geekiest opensource tools developed by young Indian Researchers and Developers.

The tools found at Nullcon Ammo were:
  • OWTF (The Offensive Web Testing Framework) – By: Abharam Aranguren & Bhardwaj Machhiraju.
  • NoSQL Exploitation Framework – By: Francis Alexander.
  • XML Chor – By: Harshal Jamdade.
  • Drup Snipe - By: Sukesh Reddy and Ranjeet Senger.
  • OWASP Xenotix XSS Exploitation Framework – By: Ajin Abharam
And there were plenty of other tools too that got featured this time at Nullcon Ammo event.

Overall this season of Nullcon was filled with more geekness , fun, party and awesome feast of Information and Knowledge for Infosec Enthusiasts. It was really more exciting than the previous season of Nullcon. The experience this time the hackers had was the best. For a Hacker , you can’t ask anything better than Nullcon. 
Read more »
Security Breach
Database Leaked hacker news Security Breach

Hacker breaches Johns Hopkins University website

 
A hacker claiming to be part of the Anonymous hackers group has breached the Johns Hopkins University website and leaked the data compromised from the database server.

The database server contains information of current and former biomedical engineering students.  The stolen information includes name, phone number and email id of students.

The University says no information such as Social Security numbers and credit card numbers that would make identity theft a concert, is not involved in the breach.

According to the Baltimore Sun, the so-called anonymous hacker attempted to extort the university for further access to its database server, threatening to leak the stolen data unless university handed over the server password.

The breach reportedly occurred in last November, the vulnerability responsible for the breach has been patched.  The University is currently working with FBI and trying to remove the leaked data from online. 
Read more »
Subscribe to: Comments (Atom)