Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

IT Security
Information Security IT Security

Cyber Defence Course Level 1 in Anna University, Chennai

Most of us from beginners to advanced users use mobile phone/laptops/desktops. We don’t know to secure our machines/phones from hackers, viruses, spies who want to get our information. Here is a short course on securing your computer. mobile phones and laptops from most advanced cyber espionage guys.

Who should learn this:

a. Corporate users – Marketing, sales, CEO, CFO’s who are targeted by corporate espionage

b. Women & Children who want to secure their phones, emails, social media.

c. Lawyers , Doctors who may be targeted to get information on their clientele.

d. Common Man – Anyone who uses computers from young to old for securing their own machines/laptops to protect their loved ones.

e. College Students

Content:

Computer:

  • Security in general.
  • Online security and safe browsing practices.
  • Using live CD for banking.
  • Social Media privacy settings (FB, Twitter, Gmail , 2 factor auth)
  • What can malware do ?
  • Firewall.
  • Check for malware without AV (find undetectable virus).
  • Removing malware manually.
  • Checking USB for malware also disabling autorun.inf type virus.
  • Anti Keylogger.
  • Sandbox.
  • Recover Files.
  • Secure Wipe Files.
  • Encrypt files.
  • Encrypted Email
  • Encrypted Chat

Phone:

Secure Chat, Phone, Messaging on windows, android & others.


Certificate:

Cyber Security & Privacy Foundation will give certificate.

Register here

 Venue:
Anna University, Chennai
Read more »
Breaking News
Android Malware Android Vulnerability Breaking News

Pileup flaw: Android updates can be exploited by malware to gain permissions

Upgrading an operating system patches the security holes in the previous versions.  However, researchers found a bug in upgrading process of Android itself, which can be exploited by malicious apps.

A team of researchers from Indiana University and Microsoft have published a paper explains a new critical security bugs which are referred as "Pileup flaws".  The vulnerability exists in Package Management Service (PMS) of Android.

When a user upgrades android to the latest version, a malicious app with few or no permission in the old version can exploit this vulnerability to update itself with new set of permissions.

An attacker can exploit this vulnerability to steal sensitive information from the compromised device, change security configurations and also prevent installation of critical system services.

Researchers say they have confirmed the presence of security hole on all official android versions as well as 3,000 customized android versions.

Researchers also have developed a new service called 'SecUp' which is capable of detecting the malicious apps designed to exploit PileUp vulnerabilities.
Read more »
ZeuS
Malware Report ZeuS

Variant of Zbot makes money for cybercriminals via pay-per-click ads


Zeus(ZBot) is the notorious trojan known for stealing login credentials associated with online banking, continues to evolve.

A new variant spotted by TrendMicro security researchers is doing totally different task than other variants.  This variant displays websites containing advertisements..

Every time user try do something on the infected machine, these websites will get occupied on the entire screen preventing user from accessing other windows or files.

Even though victim can access the desktop by pressing the 'show desktop' shortcut(win+d),  but the websites still being displayed in the background.

"It should be noted that the sites being displayed are all legitimate–running from gaming sites, ticketing sites, music sites to search engines." researcher said.

"Users can actually navigate these displayed sites. One curious feature of this malware is that it also performs various mouse movements and scrolling when the mouse is idle."

Interestingly, this variant doesn't include a module to steal banking credentials.  However, it achieves the main goal of stealing credentials - making money for cyber criminals.
Read more »
Website Hacked
Breaking News Website Hacked

EA Games website hacked to host Apple phishing page

A webserver belonging to the EA Games has been compromised by cybercriminals and it is now hosting a phishing page attempting to steal Apple IDs.

According to Netcraft report, hackers managed to break into the sub-domain by exploiting vulnerabilities in the outdated version of web calendar application.

The Web Calendar version 1.2.0 has a critical vulnerability that allows attacker to run arbitrary code.

The phishing page tricks users into handing over their login credentials for the Apple website.  After entering the Apple ID and password, it will display second form which asks to victim to enter card details, name, birth date, phone number and few other details.  Like the usual phishing pages, once victim submit the details, he will be redirected to legitimate apple site.

Netcraft says the hacker might also have gained access to the internal servers and other information.

"In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server." The blog post reads.
Read more »
Security News
Breaking News Security News

Full-Disclosure Security mailing List Suspended Indefinitely



Today , users subscribed to the Full disclosure security lists received a shocking email from the admin of the Full-disclosure that they are going to suspend the service.

"I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honour amongst hackers any more. " the email reads.

"There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry."

" I'm suspending service indefinitely.  Thanks for playing."
Read more »
Vulnerability
Bug Bounty Programs directory traversal vulnerability Vulnerability

Yahoo using 'admin' as username and password, leads to RCE


Behrouz Sadeghipour, a bug bounty hunter, has found a critical vulnerability in one of the subdomain of Yahoo(hk.yahoo.net) that allowed him to access admin panel.

It is funny to know that the hk.yahoo.net is using 'admin' as username and password for its panel.

After gaining access to the admin panel, he managed to upload his backdoor shell to the server.  Using the shell, he was able to delete or create any file or run any commands on the server.

He was also able to control few other subdomains of Yahoo.  After getting notification from the researcher, Yahoo has patched the security hole.  Researcher is still waiting for his bounty. 

In addition to this bug, he also found another vulnerability 'Directory Traveral attack' on health.yahoo.com that allowed him to read the contents of '/etc/passwd' files on the server. 
Read more »
Servers hacked
Featured Hacking News Operation Windigo Servers hacked

Operation Windigo: Thousands of Linux and Unix Servers hacked to deliver malware, spam

Hackers compromised thousands of Linux and Unix servers and used them for stealing SSH credentials, sending millions of spam messages and infecting visitors with malware.

The campaign has been dubbed as Operation Windigo, which was uncovered by researchers at security firm ESET.

According to the report, the operation has been ongoing since 2011 and more than 25,000 servers have been compromised in the last two years. 

Even some of high profile servers including Cpanel and Kernel.org had been affected by this campaign.

Millions of users to legitimate website hosted on affected servers are being served with malware via exploit kits and 35 Million spam messages are being sent each day from the compromised servers.

 Three main components used in this operation are:

  • Linux/Ebury – an OpenSSH backdoor used to keep control of the servers and steal credentials
  • Linux/Cdorked – an HTTP backdoor used to redirect web traffic. We also detail the infrastructure deployed to redirect traffic, including a modified DNS server used to resolve arbitrary IP addresses labeled as Linux/Onimiki
  • Perl/Calfbot – a Perl script used to send spam

Detailed technical paper on "Operation Windigo" is here.
Read more »
Hacking News
Cyber Crime Hackers Arrested Hacking News

Black Hat hacker Farid Essebar arrested in Thailand


An infamous international computer hacker Farid Essebar has been arrested on Tuesday in Thailand, at the request of Swiss authorities.

Essebar, also known as Diabl0, 27 year old, who has dual Morocco-Russia nationality, was detained in Bangkok, according to the local news report.

He has been arrested on suspicion of taking part in a cyber crime which involves cracking banking systems and hacking online banking websites.  The breach was resulted in damage of $4 billion to customers in Europe in 2011.

Thailand will send the suspect to Switzerland within next 90 days.  Police are reportedly searching for two other gang members who involved in the breach.

This is not the first time he is being arrested.  In 2006, he was sentenced to two years in prison.  He was accused of spreading Zotob computer worm.  CNN, ABC News, United Parcel service, NY Times and US Depart. of Homeland Security were among those affected by this worm.
Read more »
Web Application Vulnerability
hacker news SSRF Vulnerability Web Application Vulnerability

Critical SSRF vulnerability in Paypal's subsidiary allows to access Internal Network

Shubham Shah, a web application pentester from Australia, has discovered a critical Server Side Request Forgery(SSRF) vulnerability in the Bill Me Later website, a subsidiary of Paypal. The vulnerability exists in the subdomain(merchants.billmelater.com).

"The vulnerability itself was found within a test bed for BillMeLater’s SOAP API, which allowed for queries to be made to any given host URL." researcher explained in his blog post.

An attacker is able to send request to any internal network through the API and get the response.  Some internal admin pages allowed him to query internal databases without asking any login credentials.

Researcher says that a successful exploitation may result in compromising the customers data.

The bug was reported to Paypal on October 2013 and he got reward from them on Jan. 2014.

Paypal has partially fixed the bug by restricting the SOAP API to access the internal servers.  However, researcher says that it still act as proxy to view other hosts.

If you would like to know more details about SSRF vulnerability and how it can be exploited for port scanning or internal network finding, you can refer the Riyaz Waliker blog post and this document.
Read more »
Security Breach
Featured Hacking News Security Breach

25,000 cards data compromised in Sally Beauty data breach


Earlier this month, Krebs on Security first reported that one of the largest retailers of beauty products 'Sally Beauty' had been hacked.  At the time, the Sally Beauty said there is no card data involved in the breach.

Today, the company confirmed that its network has been breached and fewer than 25,000 credits cards data may have been compromised by attackers. 

“As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation." Sally Beauty said.

"As a result, we will not speculate as to the scope or nature of the data security incident." the company added.

The company said they will continue to work with Verizon and US secret services on this investigation.  The company is taking necessary actions and precautions.

In the meantime, an unknown hacker defaced a website selling the stolen credit card data and send a message to the admin of the site as well as to Brian Krebs.

" Hi subhumans and miscreants, your fraud site is gone now. Go away.
Also, Krebs, please dont call me a punk on Twatter: im trying to be a good person :(" The defacement page reads.

"To all the people who used this service to blackmail and threaten and "dox" people's families: fuck you especially. To the "regular" fraudsters: fuck you too but slightly less.  To Cloudflare: why in a billion 6000-degree hells is your NS TTL 80000?" 
Read more »
Twitter Spams
Phishing Attack Twitter Hacks Twitter Spams

Australian Foreign Minister Julie Bishop Twitter account hacked


It's not usual tweet from Australian Foreign Minister Julie Bishop which suggest users to check out the post weight loss.

"LOL u gotta read this, its crazy [link]", " I'm laughing so hard right now at this[LINK]" these are one of the tweets posted from her account.

If you are regular user of E Hacking News, you would have already realized that this is nothing other than spam tweet.  However, most of people do not aware of that.

At first, i thought the link leads to simple weight loss spam website.  While analyzing few similar links, i found that some links are leading to a Twitter phishing page.

The JulieBishopMp account has more than 57k followers.  It means the phishing page has reached thousands of users.  We are not sure how many of them fall victim to these attack.

We already seeing plenty of similar fake tweets are being posted from several accounts(some accounts have more than 10k followers) which leads to the phishing pages.

Julie Bishop recovered and posted the following tweet:  "Yes my Twitter account has been hacked/compromised"

Beware of these new twitter phishing attack !  Share this post with your friends and make them aware about these kind of attacks. 
Read more »
Subscribe to: Comments (Atom)