Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Security News
Breaking News Security News

Full-Disclosure Security mailing List Suspended Indefinitely



Today , users subscribed to the Full disclosure security lists received a shocking email from the admin of the Full-disclosure that they are going to suspend the service.

"I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honour amongst hackers any more. " the email reads.

"There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry."

" I'm suspending service indefinitely.  Thanks for playing."
Read more »
Vulnerability
Bug Bounty Programs directory traversal vulnerability Vulnerability

Yahoo using 'admin' as username and password, leads to RCE


Behrouz Sadeghipour, a bug bounty hunter, has found a critical vulnerability in one of the subdomain of Yahoo(hk.yahoo.net) that allowed him to access admin panel.

It is funny to know that the hk.yahoo.net is using 'admin' as username and password for its panel.

After gaining access to the admin panel, he managed to upload his backdoor shell to the server.  Using the shell, he was able to delete or create any file or run any commands on the server.

He was also able to control few other subdomains of Yahoo.  After getting notification from the researcher, Yahoo has patched the security hole.  Researcher is still waiting for his bounty. 

In addition to this bug, he also found another vulnerability 'Directory Traveral attack' on health.yahoo.com that allowed him to read the contents of '/etc/passwd' files on the server. 
Read more »
Servers hacked
Featured Hacking News Operation Windigo Servers hacked

Operation Windigo: Thousands of Linux and Unix Servers hacked to deliver malware, spam

Hackers compromised thousands of Linux and Unix servers and used them for stealing SSH credentials, sending millions of spam messages and infecting visitors with malware.

The campaign has been dubbed as Operation Windigo, which was uncovered by researchers at security firm ESET.

According to the report, the operation has been ongoing since 2011 and more than 25,000 servers have been compromised in the last two years. 

Even some of high profile servers including Cpanel and Kernel.org had been affected by this campaign.

Millions of users to legitimate website hosted on affected servers are being served with malware via exploit kits and 35 Million spam messages are being sent each day from the compromised servers.

 Three main components used in this operation are:

  • Linux/Ebury – an OpenSSH backdoor used to keep control of the servers and steal credentials
  • Linux/Cdorked – an HTTP backdoor used to redirect web traffic. We also detail the infrastructure deployed to redirect traffic, including a modified DNS server used to resolve arbitrary IP addresses labeled as Linux/Onimiki
  • Perl/Calfbot – a Perl script used to send spam

Detailed technical paper on "Operation Windigo" is here.
Read more »
Hacking News
Cyber Crime Hackers Arrested Hacking News

Black Hat hacker Farid Essebar arrested in Thailand


An infamous international computer hacker Farid Essebar has been arrested on Tuesday in Thailand, at the request of Swiss authorities.

Essebar, also known as Diabl0, 27 year old, who has dual Morocco-Russia nationality, was detained in Bangkok, according to the local news report.

He has been arrested on suspicion of taking part in a cyber crime which involves cracking banking systems and hacking online banking websites.  The breach was resulted in damage of $4 billion to customers in Europe in 2011.

Thailand will send the suspect to Switzerland within next 90 days.  Police are reportedly searching for two other gang members who involved in the breach.

This is not the first time he is being arrested.  In 2006, he was sentenced to two years in prison.  He was accused of spreading Zotob computer worm.  CNN, ABC News, United Parcel service, NY Times and US Depart. of Homeland Security were among those affected by this worm.
Read more »
Web Application Vulnerability
hacker news SSRF Vulnerability Web Application Vulnerability

Critical SSRF vulnerability in Paypal's subsidiary allows to access Internal Network

Shubham Shah, a web application pentester from Australia, has discovered a critical Server Side Request Forgery(SSRF) vulnerability in the Bill Me Later website, a subsidiary of Paypal. The vulnerability exists in the subdomain(merchants.billmelater.com).

"The vulnerability itself was found within a test bed for BillMeLater’s SOAP API, which allowed for queries to be made to any given host URL." researcher explained in his blog post.

An attacker is able to send request to any internal network through the API and get the response.  Some internal admin pages allowed him to query internal databases without asking any login credentials.

Researcher says that a successful exploitation may result in compromising the customers data.

The bug was reported to Paypal on October 2013 and he got reward from them on Jan. 2014.

Paypal has partially fixed the bug by restricting the SOAP API to access the internal servers.  However, researcher says that it still act as proxy to view other hosts.

If you would like to know more details about SSRF vulnerability and how it can be exploited for port scanning or internal network finding, you can refer the Riyaz Waliker blog post and this document.
Read more »
Security Breach
Featured Hacking News Security Breach

25,000 cards data compromised in Sally Beauty data breach


Earlier this month, Krebs on Security first reported that one of the largest retailers of beauty products 'Sally Beauty' had been hacked.  At the time, the Sally Beauty said there is no card data involved in the breach.

Today, the company confirmed that its network has been breached and fewer than 25,000 credits cards data may have been compromised by attackers. 

“As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation." Sally Beauty said.

"As a result, we will not speculate as to the scope or nature of the data security incident." the company added.

The company said they will continue to work with Verizon and US secret services on this investigation.  The company is taking necessary actions and precautions.

In the meantime, an unknown hacker defaced a website selling the stolen credit card data and send a message to the admin of the site as well as to Brian Krebs.

" Hi subhumans and miscreants, your fraud site is gone now. Go away.
Also, Krebs, please dont call me a punk on Twatter: im trying to be a good person :(" The defacement page reads.

"To all the people who used this service to blackmail and threaten and "dox" people's families: fuck you especially. To the "regular" fraudsters: fuck you too but slightly less.  To Cloudflare: why in a billion 6000-degree hells is your NS TTL 80000?" 
Read more »
Twitter Spams
Phishing Attack Twitter Hacks Twitter Spams

Australian Foreign Minister Julie Bishop Twitter account hacked


It's not usual tweet from Australian Foreign Minister Julie Bishop which suggest users to check out the post weight loss.

"LOL u gotta read this, its crazy [link]", " I'm laughing so hard right now at this[LINK]" these are one of the tweets posted from her account.

If you are regular user of E Hacking News, you would have already realized that this is nothing other than spam tweet.  However, most of people do not aware of that.

At first, i thought the link leads to simple weight loss spam website.  While analyzing few similar links, i found that some links are leading to a Twitter phishing page.

The JulieBishopMp account has more than 57k followers.  It means the phishing page has reached thousands of users.  We are not sure how many of them fall victim to these attack.

We already seeing plenty of similar fake tweets are being posted from several accounts(some accounts have more than 10k followers) which leads to the phishing pages.

Julie Bishop recovered and posted the following tweet:  "Yes my Twitter account has been hacked/compromised"

Beware of these new twitter phishing attack !  Share this post with your friends and make them aware about these kind of attacks. 
Read more »
Syrian Electronic Army
Defaced Website hacker news Syrian Electronic Army

Syrian National Coalition website and US Central Command hacked by Syrian Electronic Army


The official website of the National Coalition for Syrian Revolutionary and Opposition Forces(etilaf.org) and few other websites have been hacked and defaced by Syrian Electronic Army.

In addition to Syrian National Coalition hack, the group also hacked into Masarat Syria (masaratsyria.com) and the City Council of Daraya (darayacouncil.org).

The hacked websites went offline at the time of writing, A mirror of the defacement can be found here:
  • http://www.zone-h.org/mirror/id/22015751
  • http://www.zone-h.org/mirror/id/22015787
  • http://www.zone-h.org/mirror/id/22015855
Recently, the group also announced that they have successfully breached the US Central Command(CENTCOM) and accessed hundreds of documents.

In the meantime, the Syrian Electronic army also posted a tweet "How much does @Microsoft charge @FBIPressOffice ever month to spy on your emails? Stay tuned for their leaked documents. #SEA #PRISM".

Read more »
Pakistan Hacker
BSNL hacked Defaced Website Pakistan Hacker

BSNL subdomain's defaced by "Kai-h4xOrR And Trojan"



Two Pakistani hackers called "Kai-h4xOrR And Trojan" have managed deface some webpages of BSNL's sub-domains.

The defaced pages are:
http://learntelecom.bsnl.co.in/acp_main_module/schedule_list.asp
http://www.vas.bsnl.co.in/vas/contact_us.jsp?cir=11

They left the following message: "Team MaXiMiZerSOp# Free For Kashmir"

BSNL has very bad track record with security it has been defaced multiple times in the past few years.

Mirrors:http://zone-h.com/mirror/id/22021830

http://zone-hc.com/archive/mirror/d0abab6_learntelecom.bsnl.co.in_mirror_.html

http://zone-hc.com/archive/mirror/ea72f34_vas.bsnl.co.in_mirror_.html
Read more »
Web Application Vulnerability
Express Language Injection Indian Security Researchers Vulnerability Web Application Vulnerability

Express Language(EL) Injection vulnerability in Paypal's subsidiary

An Indian Security researcher Piyush Malik has discovered an Expression Language(EL) Injection security flaw in Zong, a subsidiary of Paypal.

According to OWASP, EL Injection is a vulnerability that allows hacker to control data passed to the EL Interpreter.  In some cases, it allows attackers to execute arbitrary code on the server.

Researcher Malik said in his blog that Zong was running an outdated version of Clearspace(Now known as Jive software) on a subdomain.

"Clearspace is a Knowledge management tool and is Integrated with Spring Framework. EL Pattern was used in Spring JSP Tags which made Clearspace Vulnerable to this Bug." Malik explained in his blog.

He found two forms in the site which are vulnerable to this bug. He was able to perform some arithmetic operations using the vulnerable field.

One of the vulnerable urls:
https://clearspace.zong.com/login!input.jspa?unauth=${custom command here}

An attacker can inject a Express Language command on the 'unauth' field which will be executed in the server.  In his demo, researcher inject an arithmetic command(https://clearspace.zong.com/login!input.jspa?unauth=${100*3}) and able to executed it.

Paypal has offered some bounty amount for his finding.  Researcher didn't disclose the bounty amount.

About EL Injection vulnerability is first documented by security researchers from Minded Security in 2011.  You can find the document here: https://www.mindedsecurity.com/fileshare/ExpressionLanguageInjection.pdf
Read more »
Police Ransomware
Police Ransomware

Romanian kills his son and commits suicide, after got threatened by Ransomware virus

Police Ransomware is a notorious virus that threatens the victim into paying some amount and informs the victim that they will be jailed, if they failed to pay.  So far, the worst-case scenario of a ransomware has been victim paying the fine, thinking it is legitimate warning from Police.

But, no one could have expected that this notorious malware forced a man into committing suicide.

Softpedia covers a terrible tragedy took place in the Romania - a man has committed suicide, after his system got infected by a 'Police Ransomware'. 

The man hanged himself and held his 4 year old boy in his arms with rope around his neck.  They both died strangled.

He left a suicide note to his wife which reads "I don’t think it’s normal what I’ve done (…) I apologize to all of you (…) I received a warning that said I have to pay 70.000 lei or go to prison for 11 years (…) I don’t want Nicusor [the small boy who was killed] to suffer because of me (…) I can’t stand going to prison. I can’t!"



Read more »
Subscribe to: Comments (Atom)