Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

websites hacked and defaced
Defaced Website Hacking News Military websites hacked websites hacked and defaced

Lithuanian Military Website hacked to post false information

If we had to believe what we saw on Lithuanian Armed Forces website on Thursday morning, then the North Atlantic Treaty Organization (NATO), an alliance of countries from North America and Europe committed to fulfilling the goals of the North Atlantic Treaty signed in 1949, is preparing for the annexation of Kaliningrad, Russia’s seaport city which is sandwiched between Poland to the south and Lithuania to the north and east.

However, Victoria Cemenite, spokesperson at the Lithuanian Defense Ministry, confirmed that the website had been hacked and that the false information has since been removed by the security experts from the National Cyber Security Centre.

And an investigation has been launched.

The ministry said a private company, which provided server for the Army website, is responsible for its maintenance and security.

Baltic country's National Defence Minister Juozas Olekas says that the hacking attack was aimed to harm the reputation of Lithuania and the NATO. Similarly, security measures will be taken to avoid vulnerabilities.    

“We are carrying out an investigation to identify what measures are necessary to avoid such incidents in the future. The contents was provocative and aimed at discrediting Lithuania and NATO," Olekas told journalists on Thursday.

“It is undoubtedly an initiative of people or institutions unfriendly for Lithuania and NATO. Now, both the sides are improving, hackers and institutions in charge of cyber security. It will be a good lesson for future considerations of additional security measures.”
Read more »
Hacking News
Breaking News Database breached Database Leaked Hacking News

iiNet urges its Westnet users to change their password after an alleged hack of customer database


iiNet, Australia's’ second largest internet service provider, has urged its more than 30,000 Westnet internet users to change their passwords after a hacker claimed to have gained access to the customer database and put them on sale.

According to a tweet posted by Cyber War News, the unknown hacker claimed to have hacked important details of the customers like passwords, email-addresses, telephone numbers etc.

He is now offering to ‘sell or trade’ Westnet's customer database.

However, he has not mentioned any rate for the information.

Matthew Toohey, chief information officer at iiNet, told Mashable Australia that the hack, which could be an unauthorized access to old customer information stored on a legacy Westnet system, was under investigation and had been reported to law enforcement agencies.

"iiNet takes the privacy and security of customer information extremely seriously," he said. "The 30,827 impacted customers are being contacted with a recommendation they change passwords associated with their accounts as this is the most effective way to ensure security. As a precaution, additional steps have been taken to increase the monitoring of impacted accounts."

The system is now offline.
Read more »
Middle East Cyber Army
Defaced Website Hacking News Middle East Cyber Army

Arizona’s department website shuts down after hacking attack


One after another, Middle East Cyber Army, a hacking group, is attacking government websites of various countries.

After Myanmar’s Ministry of Mines, the hacker group has hacked the website of Arizona’s Department of Weights and Measures’. As a result, the website has been shut down for the last one week.

The hackers left a message on the website, “Hacked by Middle East Cyber Army” and slogans like such as, “In Allah we trust. For Allah we work. Death to Israel. Free Palestine. Jerusalem is ours” along with a masked figure in front of the Dome of the Rock.

Andy Tobin, director at the department, confirmed that the department’s website was hacked on Sunday.

Today, the department’s website is still down for maintenance.

“The web-site you were attempting to access is currently undergoing maintenance activities. We apologize for the inconvenience. Please retry again later. Thank you for your patience,” the website read.

According to Tobin, soon after they got to know about the hacking attack, they shut down their website and database.

He said that the agency got its backup database running on Tuesday so its investigators can continue their work.

Tobin said the agency is investigating the matter collaborating with the Arizona Department of Administration. Similarly, they have also informed the U.S. Department of Homeland Security about the hacking attack.

The department is still trying to sort out the issue. It has yet to be determined whether the department to resume its website or shift its components over to the Arizona Department of Agriculture, which is scheduled to take over many of the department’s duties next year.

The hacking group had hacked many other websites like in December the group hacked the website for a school district in Little Rock, Ark. It took over the website for the small Quebec town of Terrasse-Vaudreuil in January. Similarly, in May, it targeted Auckland University in New Zealand. And in April, it hacked Art and Sol, a Scottsdale-based performing arts program for children.
Read more »
Syrian Electronic Army
Defaced Website Hacking News Syrian Electronic Army

Pro Syrian group hacked US Army's official website

 
The US Army's official website was hacked  by the "Syrian Electronic Army", and posted a message on its twitter account, criticizing the training of rebel fighters inside Syria.

According to the army officials, no personal or classified data has been stolen. The army has decided to temporarily shut down the website.

One of the messages reads as, "Your commanders admit they are training the people they have sent you to die fighting."

This pro-Syrian group has been blamed for various hacking and denial of service attacks of  numerous news media sites, including the Twitter account of AFP's photo service.

Army spokesman Brigadier General Malcolm Frost said in a statement, "Today an element of the Army.mil service provider's content was compromised. After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily."

This is not the first time they have hacked website, in 2013 they created confusion in the stock market briefly by putting  out a fake media tweet falsely claiming the White House was under attack.

But officials said “It was possibly the first time a US military website had been penetrated, as previous hacking had targeted Twitter accounts.”
Read more »
Cyber Crime Report
Cyber Crime Cyber Crime Report

High School students arrested for hacking school network

The principal of San Dimas High School in southern California said that two students studying in the school had been arrested for hacking the school network and changing grades of around 120 people.

The Cyber Crimes bureau of the Los Angeles Sheriff's Department is working closely with the school to investigate how the unauthorized access of the school network could have taken place.

 "We are very confident that we have the ability to restore all of the impacted scores. Teachers have been contacted and will be reviewing their student's grades for accuracy," said Principal Michael Kelly.

This is not the first recent incident in California after a student of Dixon High School in north California was also arrested earlier for unauthorized access to his school network.

Students whose grades were changed were interviewed by the authorities and some of them were suspended while the grades of all are being reverted back.

The teachers will be reviewing the grades again to make sure that the original grade is given to each student.
Read more »
Cyber Security News
Cyber Security awareness Cyber Security News

Kaspersky Lab discovers Grabit, small and mid-sized businesses targeted

A cyber-spying campaign “Grabit” has been discovered by the Kaspersky Lab that can steal about 10000 files from small and medium-sized businesses in areas like chemicals, nanotechnology, education, agriculture, media and construction in Thailand, India and the United States.


Ido Noar, Kaspersky Lab's Senior Security Researcher from the Global Research and Analysis team mentioned that a simple Grabit keylogger was found to be sustaining thousands of victim account credentials from hundreds of infected systems on the May 15.

The virus finds its feet when a user receives an email with an attachment that is a Microsoft Office Word (.doc) file. The user clicks to download it and the Grabit is delivered to the machine from a remote server.

Due to the activeness of Grabit, it is important for the users to check the network for ensuring safety in the system.

HawkEye keylogger, a commercial spying tool from Hawk Eye Products and a configuration module containing a number of Remote Administration Tools (RATs) are used by the attackers to control their victims.
Kaspersky lab revealed that 2,887 passwords, 1,053 emails and 3,023 usernames from 4,928 different hosts including Faceook, Twitter, Skype and LinkedIn were stolen by a keylogger in merely one of the command-and-control servers.
To protect against Grabit, Kaspersky Lab has recommend businesses to follow these rules:
·         Check this location C:\Users\<PC-NAME>\AppData\Roaming\Microsoft. If it contains executable files, you might be infected with the malware.
·         The Windows System Configurations should not contain a grabit1.exe in the startup table. Run "msconfig" and ensure that it is clean from grabit1.exe records.
·         Do not open attachments and links from people you don't know. If you can't open it, don't forward it to others - call for the support of an IT administrator.
·         Use an advanced, up-to-date anti-malware solution, and always follow the AV task list for suspicious processes.
Read more »
Vulnerability report
Breaking News Insecure direct object reference Vulnerability Vulnerability report

Zomato fixed a Security bug that allowed hackers to access Personal data of 62 Million users


Zomato, an online restaurant search and discovery service providing information on home delivery, dining-out, cafés and nightlife to various cities across India and 21 other countries, has fixed a bug which could allow an attacker to gain access to personal information of million users.

Anand Prakash, discovered Insecure Direct Object Reference(IDOR) vulnerability in the Zomato website.

IDOR occurs when an application provides direct access to objects based on user-supplied input. The vulnerability allows the attackers to bypass authorization and access resources in the system directly by modifying the value of a parameter used to directly point to an object, for example database records or files.

One of the API calls used for retrieving the users information is insecurely coded.  It gets the information only based on the "browser_id" parameter passed in a HTTP GET request and fails to verify the user is authorized to access the requested data.

By sequentially changing the 'browser_id' value, an attacker is able to access the users' personal information, such as Names, Email addresses, phone numbers, Date of birth.

"The data leaked also had Instagram access token which could be used to see private photos on Instagram of respective Zomato users,” Prakash wrote in his blog.

Prakash reported the vulnerability to Deepinder Goyal, CEO of Zomato, On June 1. And the next day (June 2), the flaw was fixed by Gunjan Patidar along with his engineering team.

You can also check the Proof of concept Video:


Read more »
Hacking News
Breaking News Data Breach Hacking News

China blamed for Security breach at OPM, affects current and former federal employees


 
The computer system of the Unites State’s Office of Personal Management was hacked by the  Chinese hackers. They  will send notifications to approximately 4 million individuals whose personal data including personally identifiable information (PII) may have been compromised.

OPM detected a cyber-intrusion affecting its information technology (IT) systems and data in April 2015. The  hackers used the tougher security controls to intrude.

The U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI)  are investigating the full impact to Federal personnel.

After the intrusion additional network security precautions has been added  by the OPM. These includes: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.

Credit monitoring and identify theft insurance, and recovery services are offered by OPM to  potentially affected individuals through CSID®, a company that specializes in these services.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”

This hack was second major intrusion by China in less than a year, and largest breach of federal employee data in recent years.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”
Read more »
Targeted cyber attacks
Cyber Attacks Targeted cyber attacks

#OpISIS: A Cyber attack against Twitter accounts related to ISIS


The Islamic State(ISIS) terrorist group is using social networking sites like Twitter to recruit people.  To bring an end to this, Anonymous hacktivists and their affiliates earlier this year launched an operation called "#OpISIS" against the ISIS.

The main motive of the operation is to take down all the websites and mainly Social Media accounts related to the ISIS.

The hacktivists have been on a search to identify Twitter accounts linked to ISIS. In March 2015, they reportedly tracked more than 25,000 Twitter accounts.  Most of the accounts have been reported and removed from Twitter. They also reportedly "destroyed" more than 100 websites.

Anonymous hackers now leaked more than 4000 email addresses, IP addresses and logs which is said to be taken from online communities supporting ISIS. Few links to the dumps have been shared in the Hackers Leaks website.

Some of the Email addresses listed in the dump ends with "*.gov" extension.
Read more »
Hacking News
Hacking News

Open garage doors within ten seconds with a hacked kid’s toy


Most of us may find it hard to believe that a hacked kid’s toy can open a garage door in less than ten seconds. However, a security researcher has discovered a new tool, which he dubbed OpenSesame, an app for hacked IM-ME texting toys that can open millions of fixed-code garage doors in less than a minute.

Samy Kamkar claims that the toy can open any garage door that uses an insecure “fixed code” system for its wireless communication with a remote.

The researcher reprogrammed the children’s toy, which is designed for short-distance texting called Radica Girl Tech IM-me.

Moreover, the toy (remote control) is in ‘pink’ color which is Kamkar’s favorite color.

With a fixed code garage door opener, the remote control always transmits the same 8 to 12-bit binary code. For a 12-bit code, there are 4,096 possible combinations strings of 1s and 0s.

The fact that openers’ fixed-codes can be cracked through brute-force is a known issue, but doing so was believed to take longer. A typical clicker resend the same code 5 times, with a transmission time of 2 milliseconds per bit and an additional wait time of 2 milliseconds between each bit.

The researcher has calculated that the process to repeat through all possible combinations for 8, 9, 10, 11 and 12-bit codes would take 29 minutes.

However, he found out that to re-transmit the same code 5 times is unnecessary. Once he removed all the unnecessary bits, the researcher noticed that the time needed to brute-force a fixed garage door opener code was reduced to 3 minutes.

In order to reduce the time, Kamkar discovered that the first n bits in the string can be 8, 9, 10, 11 or 12, depending on which code length is expected. For example, if the expected length would be 3 bits and the opener would receive a 101011 sequence, it would first try 101, then 010, then 101 and so on.

As per his findings and based on the formula of Dutch mathematician Nicolaas Govert de Bruijn, Kamkar developed a De Bruijn sequence which includes each combination of bits only once.

“OpenSesame implements this algorithm to produce every possible overlapping sequence of 8-12 bits in the least amount of time,” Kamkar said. “How little time? 8.214 seconds.”

However, there are now, new types of garage door openers which use Intellicode, which are not vulnerable to the attack.

“Vulnerable products are still sold by some manufacturers and many discontinued ones are likely still in use,” the researcher said.

There is proof-of-concept code for his attack which he published on GitHub, but the code is intentionally incomplete to avoid abuse by criminals.

“It almost works, but just not quite, and is released to educate,” he said. “If you are an expert in RF and microcontrollers, you could fix it, but then you wouldn’t need my help in the first place, would you.”
Read more »
Ransomware
Malware Report Ransomware

Think twice before you open email attachments from unknown senders


Security researchers of Checkpoint have discovered a new ransom threat dubbed Troldesh, which is also known as Encoder.858 and Shade.

The Troldesh, which was created in Russia, has already affected numerous users across the world. The Troldesh ransomware typically encrypts the user’s personal files and extorts money for their decryption.

“Troldesh is based on so-called encryptors that encrypt all of the user’s personal data and extort money to decrypt the files. Troldesh encrypts a user’s files with an “.xtbl” extension. It is spread initially via e-mail spam,” Natalia Kolesova, anti-bot analyst at the Check Point, wrote in a blog.

She said that they found a distinctive characteristic in Troldesh besides the typical ransom features. 

The inventors of Troldesh directly communicate with the user by providing an email address, which is used to determine the payment method.

According to Kolesova, once a corrupted email is opened, the malicious threat is activated. Then, it will start encrypting the user’s files with the extension .xbtl.

Along with the files, users’ names are also encrypted. Once the encryption process is done, the affected user is displayed a ransom message and is being redirected to a ‘readme’ text for further information.

In a bid to stay safe, users are advised not to open anything suspicious by unknown senders.

“Many cases have been reported by the users paying the ransom without having their files decrypted. In order to avoid ransomware, it is important to back up important data previously on an external storage device or in a cloud,” she wrote.

The researcher said that the affected users have to download a powerful anti-malware tool to scan the system and remove the ransomware.

The researcher said she contacted the hackers via an email and asked for a discount.

“I was very interested to learn more about the ransom and tried to start a correspondence with the attackers. As required, I sent the specified code to the e-mail address provided, one that is registered on the most famous Russian domain,” the researcher wrote.

The crooks had demanded 250 euros to decrypt all of the files.

However, after the researcher asked to reduce the amount, the criminals agreed to lower the ransom to €118 / $131, payable via QIWI money transfer system.
Read more »
Subscribe to: Comments (Atom)