Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Facebook Hacking
Breaking News Facebook Hacking

Hackers get to Prince's facebook page

Prince's Facebook page made a quick re-appearance on the social media site on Saturday for few hours before being it was taken down for being a hacked one.

Prince, who has been in the music industry for about forty years had avoided social media until last year. In an era where reaching close to the audience has been the aim of most musicians, Prince chose to avoid the buzz of online socializing. It was only in 2014 October that he opened a Facebook page and hosted a fan Q&A but  replied to only one question before taking the page down in November.

He even shut his Twitter account and deleted videos from the official You Tube account. The page was activated with promises of new music, but then it started being self-deprecating and rude with messages like " My name is Prince and I don't care about my fans, I put my hit and run pause on tour so I can be the true asshole I am." Some were funny as well, with one saying, “Bring omelets to my next show, free entry.”

The surge of insulting and absurd messages pointed towards a hack and the page was promptly taken down by the site.
Read more »
App vulnerability
Android Applications App vulnerability

The AirDroid Lesson: Don't let apps take over your life

The popular android app AirDroid which lets users organize their lives by  providing the remote ability to send text messages, edit files, manage other apps and perform GPS tracking suffers from a serious authentication flaw which allows attackers to take control over user's activities.

Th flaw can be exploited  to take photos of the victim via the phone’s camera, track the victim via GPS or harass the victim’s friends and family via contacts.Anything that the app has permission to access to can be accessed by the remote attacker.

The mode of attack is very simple, the attacker would send a innocent-looking link to the user which if clicked leads to the webpage of the attacker. The attacker thus assumes control over the user's phone and can activate the phone's camera to take photos of the user and taunt the user.

This bug has been fixed as of now but the security risk it posed raises questions on how much should an app be permitted to know.

Often for the sake of convenience we offer personal information to the apps thus compromising our security. The long list of permissions that an app asks for is also cumbersome for many users to scan through and they just hit agree.  One never knows how many vulnerabilities are lurking in the apps we freely download and use and how those vulnerabilities can be exploited to take over our daily activities.One must be careful of the things they are agreeing to while installation.

Constant vigilance is the key.
Read more »
Hacking News
Hacking News

Millions of ID’s and Password’s stolen to access online shopping website

The Metropolitan Police Department have found  IDs and passwords of 5.06 million people on computer servers, that it seized in connection with unauthorized access through proxy server by a Chinese group,reports the Japan news.

While investigating MPD found that Chinese fraud group obtained the personal information of about 60,000 people was used to log into online shopping sites. The server contained three kinds of hacking tools.

The proxy servers contains the computer code that automatically attempts unauthorized access to online shopping sites to check whether the IDs and passwords can be used.

There has been no report of financial damage from the illegal use of the IDs and passwords, they  have asked the companies to check whether there is any purchases were made using stolen user information.

A LINE official said: “It is greatly regrettable that our customer information was leaked illegally and could be used inappropriately. We'd like to implement safety measures and make efforts to improve our services.”
Read more »
Security News
Security News

Researchers claim hack of Israeli military network

Blue Coat Systems Inc, a network solution provider based in California, has claimed that they have detected a hack in Israel's military network.

According to them, the hack seems to be a four month job and is an espionage campaign that skillfully packages existing attack software with trick emails.

The hack seems to be a job of Arabic-speakimg hackers as researchers at Blue Coat have found that programming tools used to hack the network had a default Arabic setting. They suspect the hackers might be working on a small budget as most of their code has been sourced from previous existing versions of hacking software.

Israeli defense minstry spokerperson said that Military officials were "not aware of hacking on IDF operational networks."

"Not all targeted attackers need advanced tools," Blue Coat wrote in a draft paper shared with Reuters. "As regional conflicts continue, cyber threats from groups of various skill levels will also accompany the conventional armed conflicts."
Read more »
IT Security News
IT Security News

Valve new policy to control spam cases and phishing on Steam


Photo Courtesy: Steam
With an aim to control spam cases and phishing on Steam, Valve, an entertainment software and technology company, has come up with a new policy under which people won’t get Steam’s features, unless they have a minimum of $5 worth of games in their library, or more in the store.

It is believed that Valve’s new policy is to ensure that the user is an actual gamer or not.

It is said that once the new policy gets implemented, current and new users will find huge restriction on their Steam accounts. However, those people who have spent $5 in the past or more in the store won’t have to face such restriction.

Although, people can play games without paying $5, they cannot send friend invitations, open a group chat, vote on Greenlight, Steam Reviews and Workshop items, participate in the Steam Market, post frequently in the Steam Discussions, gain Steam Profile Levels (Locked to level 0) and Trading Cards, submit content on the Steam Workshop, post in an item's Steam Workshop Discussions, access the Steam Web API, use browser and mobile chat.

Tom Sykes, who writes for PC Gamer, wrote that if anyone has 200 Steam games on his/her game library, then he/she won’t face restrictions. But, the new policy would affect people who only use Steam with disc-based retail games.

He added that by activating retail game on Steam won't prevent account restrictions. People can use buy different features by their own currency. Their currency will be converted into dollars using daily exchange rates.
Read more »
IT Security News
Hackers Arrested IT Security News

Teenagers suspected of hacking Belgian and French websites


Photo Courtesy: The Local France
Two teenagers, who were suspected of hacking the websites of Belgian and French newspapers last week, would have a court hearing, authorities said on April 17.

The websites of Le Soir, La Libre Belgique, La Dernière Heure, the Sudpresse group, the French regional publications, including La Voix du Nord, and Union de Reims and l'Ardennais, which sites were disabled during the attacks, were targeted.

According to the prosecutors, five-year prison sentence will be given to those two teens, if the prosecutors find them guilty. Similarly, those persons will have to pay a fine of up to 100,000 euros and also to have to compensate for the damages.


In a statement Brussels prosecutors said that the regional unit of computer crime managed to identify the two teens, who are 18 and 16 years old, behind the cyber attacks on Sunday and Monday.

The hacking, which took place on Sunday evening, forced the Le Soir to close down its website for several hours.

The Belgian media group Rossel and the Belgian group IMP filed a police complaint last week.

The authorities carried out three raids in Belgium. During the raids, they discovered one address which linked to the attacks.

An examining magistrate has been investigating the case. They will try to find out, if others are involved or not in the attacks, the authorities said.

In a video by an anonymous group of Belgian, said that it had identified one of the teens as an adolescent who lives in Belgium and loves playing games.

The group, which is said to be hackers’ group, said it shared information with the police as it was protecting freedom of expression.
Read more »
Vulnerability report
Featured Vulnerability report

Google fixes comment cloning vulnerability in Youtube


Google has fixed a flaw in Youtube, which was discovered by an Egyptian security researcher. The vulnerability allowed anyone to move or copy comments from one video to another without any user-interaction.

On April 15, Ahmed Aboul-Ela wrote on his blog that he and his friend, Ibrahim Mosaad, discovered the flaw that allowed them to duplicate or copy any comments from one video on YouTube to other.

Aboul-Ela wrote, while they were testing the features of reviewing comments, they found it.
These two researchers mainly focused on the setting which allows the user to hold the comments for review before they get published. They found that if that feature is enabled, then the comments will be listed in a control panel labeled “held for review.”

If anyone comments on a Youtube video, it shows the comment_id and video_id in the post parameters. Now, if anyone changes the video_id to any other video id, he/she will get an error. However, if he/she does not touch the video_id and change only the comment_id to any other comment-id on any Youtube video, the request will get accepted and that comment will be copied and appear on his/her own video.

“The author of the comment does not get notified that his comment is copied onto another video nor the original comment from the original video doesn’t get removed,” Aboul-Ela wrote.

According to him, the flaw could be used to make a good video unpopular. And it could have been used to copy any celebrity or public figure’s comment and paste it on their videos.

Aboul-Ela wrote that Google decided to give $3,133.7 reward which is the maximum payment for disclosing vulnerabilities in normal Google applications.
Read more »
Privacy Breach
Database Leaked Privacy Breach

Kelly Brooks personal photos leaked online

US sitcom 'One Big Happy' star Kelly Brooks has become a target of hackers for the second time after a set of 24 nude photos of her were posted online by hackers.

The photos show the actress in various intimate poses in her bedroom. Kelly had fallen victim to a celebrity hacking scandal last year also in which thousands of photos of various celebrities were posted online in one of the biggest scandals of such kind.

Her ex-fiancee David McIntosh also features in the photos. The last time Kelly fell prey to such activity, 34 of her private photos had been posted online.

Prior to all the scandals, Kelly had tweeted, "The only nude photos you'll see of me are the ones that I leak and the ones my head is superimposed on!"
Read more »
Malware Report
Breaking News Malware Report

Interpol coordinated to take down Simda botnet

The Simda botnet has been taken down on April 9 in a collaborative effort between international law enforcement bodies and private security and technology companies coordinated by Interpol's Global Complex for Innovation.

The botnet, known for spreading banking malware and establishing backdoor for many malware, has exploited more than 770,000 computers in 190 countries. The take down has resulted in seizure of 14 command-and-control servers in the Netherlands, United States, Poland, Luxembourg, and Russia.

According to the researchers, Simda is a mysterious botnet used by cyber criminals for distributing several types of unwanted and malicious software. Due to constant functionality and security updates, it rarely appears on the KSN radars despite a large number of hosts every day.

It uses hardcoded IP addresses to notify the keeper about the various stages of execution. It can modify the system hosts file by downloading and running additional components from its own updated servers, and to point to malicious IP’s, it adds unexpected records for google-analytics.com and connect.facebook.net.

The Kaspersky Lab report says that, “This criminal business model opens up the possibility of exclusive malware distribution. This means that the distributors can guarantee that only the client’s malware is installed on infected machines. And that becomes the case when Simda interprets a response from the C&C server – it can deactivate itself by preventing the bot to start after next reboot, instantly exiting. This deactivation coincides with the modification of the system hosts file. As a farewell touch, Simda replaces the original hosts file with a new one from its own body.”

To analyse the spread of the infection the Digital Crime Centre (IDCC) in Singapore worked with Microsoft, Trend Micro, Kaspersky Lab, and Japan's Cyber Defense. The researcher team also involved officers from the Dutch National High Tech Crime Unit in the Netherlands, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, the Federal Bureau of Investigation in the US, and the Russian Ministry of the Interior's Cybercrime Department "K".

Sanjay Virmani, Director of the INTERPOL Digital Crime Centre, said “This successful operation highlights the value of, and need for partnerships involving national and international law enforcement and private industry in the fight against the global threat of cyber crime. The operation has dealt a crippling blow to the Simda botnet. INTERPOL will continue its work to assist member countries in protecting their citizens from cybercriminals and to identify other emerging threats.”
Read more »
Featured
Data Breach Featured

HSBC Finance confirms data breach of mortgaged customers


In a breach notification letter sent to the New Hampshire Attorney General, HSBC Finance Corporation has revealed that sensitive mortgage information of customers of a number of its subsidiaries has been potentially compromised.

The company says that personal information of 685 New Hampshire residents, about mortgage accounts, such as customers’ names, Social Security numbers, account numbers and possibly telephone numbers, were “inadvertently made accessible via the Internet.”

HSBC said that the notice was sent by HSBC Finance Corporation on behalf of its subsidiaries regarding a breach that it learned about on March 27th.

Its subsidiaries include Beneficial Financial I Inc., Beneficial Consumer Discount Company, Beneficial Homeowner Service Corporation, Beneficial Maine, Inc., Beneficial Massachusetts, Inc., Beneficial New Hampshire, Inc., Household Finance Corporation II, Household Finance Corporation of Alabama, Household Financial Center, Inc., and Household Realty Corporation.

HSBC said that it takes the issue seriously, and deeply regrets it happening. “We are conducting a thorough review of the potentially affected records and have implemented additional security measures designed to prevent a recurrence of such an incident,” it said. “We have ensured that the information is no longer accessible publicly. The company has notified law enforcement and the credit reporting agencies of the incident, and no delay in advising you has been caused by law enforcement notification.”


HSBC said it has ensured that the information is no longer publicly available. It began notifying affected customers on April 9 by letter and it's offered customers a free one-year subscription to Identity Guard, a credit monitoring and identity theft protection service.
Read more »
IronWASP
CSPF Cyber Security IronWASP

CSPF donates one lakh rupees to IronWASP project


Cyber Security & Privacy Foundation (CSPF), a non-profit organisation which provides solution to tackle cyber security and privacy issues, has donated Rs.1,000,00 to Iron Web application Advanced Security testing Platform (IronWASP) project, Asia's largest open source security project.

"We will use the donation to support the further development of the project," said Lavakumar Kuppan, the founder of IronWASP.

"It is really encouraging. We are not only getting funds but also feedbacks and comments which mean a lot to us."

According to Lavakumar, IronWASP’s main objective is to make web security easy and accessible to everyone. It is a scanner which automatically discovers security problems in web applications.

Though it is designed for security testers, others like admins, developers and QA testers can also use the software by following the video tutorials available on the project website. Almost anyone can download IronWASP and use it is for free.

"We are regularly adding new features to IronWASP" said Lavakumar. "We recently added Dynamic JavaScript vulnerability analysis capability, a feature that is unique to IronWASP. More additions are planned for future versions to make it more effective and help create a safer internet."
Read more »
Subscribe to: Comments (Atom)