Popular Post

Anonymous Hacker Hijacked Russian Prime Minister Twitter Account

By : Sarsti Saini
Hacking Official twitter account is now a trend to express anger via false tweets on the name of the genuine one, but the thing is Twitter security is Poor? Or Account holders are careless about account security or privacy?

Latest victim of the twitter hack is Russian Prime Minister Dmitry Medvedev’s, whose twitter account was hacked early on Thursday morning.


The amazing thing is, it’s not SEA (Syrian Electronic Army,) the group which always hack a twitter account with a message left along via tweet— Hacked by SEA!
It is still unclear who hacked this account and we call it a Anonymous Twitter Hack :)

One of the tweet from the Prime Minister’s official twitter account @MedvedevRussia:

“Resign. Ashamed of the actions of the government. I’m sorry.” (VIA: Google Translate)

Maybe better to ban electricity? Promise in the near future the government and think about it. But without me,” another tweet read (VIA: Google Translate).

“I have long wanted to say. Vova! You are wrong!” read another. And later: “Russian citizens should not suffer because of problems in the perception of common sense from the top leadership of the country.”

In the meantime, Affected twitter account seems to be recovered and working fine, but there was not any tweet posted from the last one day.


Windows XP Flaw: Hackers withdraw money from any ATM by just sending a Text Message

By : Sarsti Saini


ATM theft and fraud is nothing new and culprits are coming up with new ways all the time to either get cash out of ATM in some way or steal ATM user’s card number and pin code. One expects the banks to stay vigilant and at top of the security game to cope with such notorious acts by keeping their ATMs up to date with cutting edge technology. However, this is not the case as over 95 percent of the ATMs run on an operating system which was released initially about 13 years ago that is Windows XP. Microsoft will stop supporting the historic operating system on April 8 this year after which it will be officially declared dead. According to Symantec researchers, this will affect the banks heavily. What can be the reason for banks to not upgrade to a new OS in ATMs? Clearly, shortage of funds is not something that is associated with banks.
The users and the banks have already been warned by Microsoft and hackers are eagerly waiting for the day when support will be withdrawn. Microsoft will neither issue any more patches nor will it investigate the flaws any further after that.
It could be as easy as to send an SMS through a mobile sharing the internet connection of the ATM machine to collect the cash from the ATMs. The Trojan threat named as “Backdoor.Ploutus.B” is an English variant of its earlier Mexican version called “Backdoor.Ploutus” which used an external keyboard to send commands. How does it work? The hacker attaches a mobile phone in the compromised ATM running on Windows XP using USB tethering which creates a shared Internet connection for ATM and mobile phone to connect to the servers of the bank. Then the hacker sends SMS commands to the connected phone which converts the commands in proper network packets that are sent through the ATM to the bank servers. The servers think that the request for cash is legitimately coming from a properly working ATM thus releases the cash to be collected by the hacker.


Two SMSs are required to carry out this hack successfully:
“SMS 1 must contain a valid activation ID in order to enable Ploutus in the ATM.”
“SMS 2 must contain a valid dispense command to get the money out.”
Symantec suggest a number of measures that can be taken to make the ATMs more secure from Ploutus attacks. Symantec writes:
“Upgrading to a supported operating system such as Windows 7 or 8
Providing adequate physical protection and considering CCTV monitoring for the ATM
Locking down the BIOS to prevent booting from unauthorized media, such as CD ROMs or USB sticks
Using full disk encryption to help prevent disk tampering
Using a system lock down solution such as Symantec Data Center Security: Server Advanced (previously known as Critical System Protection)”



Hackers create drone that can steal What’s inside your phone

By : Sarsti Saini
At this point of time, most of smartphones are loaded with an important function that requires Hackers of London have created a drone that is proficient in taking data consists of locations and passwords directly from your smartphone.
The drone uses a codename “Snoopy” that targets busy city streets and specific phones switched on while using the WiFi settings and it is also an advantage for the drone that it uses the common smartphone features and thus, it continuously searches for the networks that are already approved and accessed by a user.
The developer of Snoopy, Glenn Wilkinson said in a report of CNN that whenever users will connect their smartphones to Snoopy, they will be shouting and noisily. There shouting would be like this, are you there Starbucks? Are you there McDonald’s?

 Onboard software of snoopy then tries to be a part of the networks that are approved and connects to more than one secured devices at a time, acting as different networks. After connecting to the quadcopter, Snoopy seizes each transmission sent or received by a phone.
After stopping the individual media access control address of a phone, Snoopy is capable of seeing and recording data of sensitive nature such as location, username, passwords or even information about credit card that is more often accessed by accounts or websites.
“I can have a look at all of your traffic after your phone connects to me, “said by Wilkinson.” I’ve gone through the situation where somebody is searching for ‘Bank X’ cooperate Wi-Fi. In this way, we can be informed that that the concerned person is working at the bank.
While giving an interview to CNN, Snoopy revealed multiple users of smartphones about how they were attacked by the drone, and within the space of an hour gathered the sensitive information and real time GPS location of about 150 smartphones. It also collected their Yahoo, Amazon and PayPal accounts created for testing purpose.
Daniel Cuthbert and Wilkinson, both belong to SensePost Information security a London based company developed Snoopy, have a plan of presenting their achievements at the cybersecurity conference named as Black Hat Asia which to be held in Singapore at 25th March.
Like lots of other companies of information security, SensePost completed a test to show the weak points of the technology that we use on daily basis. It is an important research that is being considered as very helpful in preventing the attack of drones.
permission for the side of the user before entering into a network. It is needed that this function must certainly be switched on after the research of SensePost.

Share and Enjoy

Hackers have hacked 300000+ wireless routers, Check yours NOW!

By : Sarsti Saini
Hackers have hacked 300000+ wireless routers, Check yours NOW!
Hackers near by you could hack your router and redirect to the custom Malicious websites, according to a report at least 300,000 routers compromised by hackers.
Small Office/Home Office (SOHO) routers produced by TP-Link, D-Link, Micronet and Tenda affected through the Weak authentication and vulnerabilities in both the routers’ firmware and their web application interfaces were all exploited in the attacks, reported by security team Cymru.
Hackers attacking Routers:

To hack a router, one of the vulnerability used was a cross-site request forgery flaw- Whenever a user visited a malicious website, router authentication was hendled to the hackers. Image below helps you to describe the attack:
Some of the known flaw also exploited by hackers in ZyXEL ZynOS firmware on the routers, which meant to download the credentials directly from the device by using an unauthenticated web interface for the machines. Hackers also caught up that they changing the domain name system (DNS) configrautions on the devices, by which user easily rediercted to any of the Malicious URL that attacker wants to. Most of the victims of the attack were based in Vietnam, although other victims lived in Italy, India and Thailand. The attacks date back to at least mid-December. It appears the UK came away relatively unscathed, even though there were many victims across Europe

Main motive of hackers is still unclear, for what they are attacking routers because the IP addresses the victims were forwarded on to did not appear to contain anything obviously malicious. According to Team Cymru hackers using these type f techniques to send victims to fake sites, where they could get your financial information ‘n all. You should check yours NOW! 
Share and Enjoy 

Express Language(EL) Injection vulnerability in Paypal's subsidiary

By : Sarsti Saini

An Indian Security researcher Piyush Malik has discovered an Expression Language(EL) Injection security flaw in Zong, a subsidiary of Paypal.Sponsored LinksAccording toOWASP, EL Injection is a vulnerability that allows hacker to control data passed to the EL Interpreter.  In some cases, itallows attackers to execute arbitrary code on the server.Researcher Malik said in his blog that Zong wasrunning an outdated version of Clearspace(Nowknown as Jive software) on a subdomain."Clearspace is a Knowledge management tool and is Integrated with Spring Framework. EL Pattern was used in Spring JSP Tags which made Clearspace Vulnerable to this Bug." Malik explained in hisblog.He found two forms in the site which are vulnerable to this bug. He was able to performsome arithmetic operations using the vulnerable field.One of the vulnerable urls:https://clearspace.zong.com/login!input.jspa?unauth=${custom command here}An attacker can inject a Express Language command on the 'unauth' field which will be executed in the server.  In his demo, researcher inject an arithmetic command(https://clearspace.zong.com/login!input.jspa?unauth=${100*3}) and able to executed it.Paypal has offered some bounty amount for his finding.  Researcher didn't disclose the bounty amount.About EL Injection vulnerability is first documented by security researchers from Minded Security in 2011.  You can find the document here:https://www.mindedsecurity.com/fileshare/ExpressionLanguageInjection.pdf

Miley Cyrus, Taylor Swift and Britney Spears websites hacked by Ethical Spectrum

By : Sarsti Saini
Update :
The latest tweet from the hacker shows he compromised the database containing username and password details belong to these websites "The database of #MileyCyrus, #SelenaGomez......etc with 2,5 million users and pass is for sell, anyone interested email me at my mail"

Exclusive Information:
The hacker told E Hacking News that he found multiple vulnerabilities in the Groundctrl website and gained access to the database server.


He also gained access to the CMS panel which manages the celebrities' websites.
  
GroundCtrl CMS Panel

                                                                 Original Article:

A hacker going by online handle "Ethical Spectrum" has hacked into websites belong to several celebrities and defaced the sites.

The affected websites include Miley Cyrus official site(mileycyrus.com), Selena Gomez(selenagomez.com), Taylor Swift site(taylorswift.com), Britney Spears site(britneyspears.com).

Sponsored Links


We are able to confirm that these are official websites of the celebrities, as it is being linked from their twitter account.

According to hackers twitter account(@Eth_Spectrum), he hacked into the above mentioned websites on March 8th.  The website was restored after the breach.  However, hacker mentioned he once again managed to deface them.  ]

Other websites attacked by the hacker are Ground Ctrl(groundctrl.com), mypinkfriday.com, Chelsea Handler site (chelseahandler.com), Aaron Lewis(aaronlewismusic.com/), therealcocojones.com, christinagrimmieofficial.com, Kacey Musgraves(kaceymusgraves.com).

The defacement just reads "Why i hacked this site, you can ask this person greg.patterson@groundctrl.com".

Greg Patterson is the co-founder of the Groundctrl, an organization that build websites for artists.  It appears the security breach started from Groundctrl.

Other affected sites:
Pat Green(patgreen.com), 
Rob Thomas(robthomasmusic.com),
Rock Mafia(rockmafia.com  ),
ritawilson.com  ,
sum41.com
nickcarter.net
jordanknight.com
If you are not able to see the defacement, you can find the mirror here:
http://www.zone-h.org/archive/notifier=Ethical%20Spectrum

All of the affected websites are currently showing the maintenance error message except groundctrl official website.

Hacker didn't provide much information about the breach, so we are not sure how exactly he hacked into all of these websites, whether he found a zero-day exploit on the cms developed by groundctrl or all of the affected sites managed in a central place. 

Bug in Twitter could allow anyone to read tweets from protected accounts

By : Sarsti Saini
Twitter has fixed a bug in their website that could allow non-approved followers to read the tweets made by protected twitter accounts.

Normally, Tweets from protected accounts can't be seen by public user;  One should get approval from the account holder to view the protected tweets.

This bug could allow anyone to view hidden tweets by getting SMS or push notification from the accounts.  

The microblogging firm said a member of white hat security community helped them to discover and diagnose the bug.  According to its blog post, the bug is there since November 2013.

"As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future."


The bug affects around 93,788 protected accounts.  Twitter has sent mail to all affected users to inform about the bug and apologize.


Hacker breaches Johns Hopkins University website

By : Sarsti Saini
The database server contains information of current and former biomedical engineering students.  The stolen information includes name, phone number and email id of students.

The University says no information such as Social Security numbers and credit card numbers that would make identity theft a concert, is not involved in the breach.

According to the Baltimore Sun, the so-called anonymous hacker attempted to extort the university for further access to its database server, threatening to leak the stolen data unless university handed over the server password.


The breach reportedly occurred in last November, the vulnerability responsible for the breach has been patched.  The University is currently working with FBI and trying to remove the leaked data from online. 

Apple’s iPhone 5S tracks your every physical movement even after the battery dies

By : Sarsti Saini
Something serious about your privacy revealed in public by an user of Apple iPhone 5S, right now you just know-Apple has a motion co-processor called M7 Chip that tracks of your motion related data derived from the integrated accelerometer, gyroscope and compass sensors but you know if your ever died then-still all of your data collected by the M7 Chip.
The fact is when iPhone’s battery shuts down due to low battery, actually the battery isn’t completely drained. M7 designed to work in very tiny power also. So M7 analyzes your every physical activity even if the your battery dies.
M7 processor works  independently , so it doesn’t need any other components on the iPhone to be powered on.
This Privacy stuff revealed by a Reddit user, who wrote:
While traveling abroad, my iPhone cable stopped working so my 5s died completely.
I frequently use Argus to track my steps (highly recommended if you have any health bands or accessories) since it takes advantage of the M7 chip built into the phone.
Once I got back from my vacation and charged the phone, I was surprised to see that Argus displayed a number of steps for the 4 days that my phone was dead.
I’m both incredibly impressed and slightly terrified.
M7 only analyze physical activity, not your actual location.


Share and Enjoy

European Apple users targeted with phishing emails

By : Sarsti Saini
A new phishing campaign targeting European users of Apple store which promises to offer a discount.
Security researchers at Kaspersky have spotted a new spam mail targeting Apple users, tricks users into thinking that they can get discounts of 150 euros by just paying 9 euros.

"Apple is rewarding its long-term customers.  Your loyalty for our products made you eligible for buying an Apple discount card" The spam mail reads.

The spam mail asks users to download an attached HTML file and fill the form, where users are being asked to enter personal information as well as credit card information.

The scammers spoofed the email address such that it makes the email pretending to be from informs@apple.com.  They also promised to send the discount card within 24 hours, after filling the form.


If a recipient follows the instructions and fill the form, the phishing file will send the data to the attacker server.  The attacker will use the given financial data.


World’s Biggest Cyber Attack-360 Million email accounts credentials, 1.25 billion email addresses

By : Sarsti Saini
Do you know?-More than 360 Million accounts credentials and around 1.25 billion email addresses are put up on sale on the online Black Market by Hackers worldwide.
This is the world’s biggest cyber attack ever.
A company in London named ‘Hold Security’ researched and found this huge size of data .

Only one of the hacker attack stole more than 105 million records, which is a single largest data breach in the history.
“These credentials can be stolen directly from your company but also from services in which you and your employees entrust data. In October 2013, Hold Security identified the biggest ever public disclosure of 153 million stolen credentials from Adobe Systems. One month later we identified another large breach of 42 million credentials from Cupid Media,” the firm said.
The firm took three weeks to collect the data. Firm tracked over 300 million abused credentials that were not disclosed publicly (that is over 450 million credentials if one counts the Adobe find).
“But this month we exceeded all expectations. In the first three weeks of February we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses. These mind boggling numbers are not meant to scare you and they are a product of multiple breaches which we are independently investigating. This is a call to action,” it added.
“The sheer volume is overwhelming,” said Alix Holden, chief information security officer of Hold Security.
Email addresses include all the major providers like Google, Microsoft and Yahoo. Many non-profit organizations and all Fortune companies had been affected.
This is the biggest data breach after the Adobe one.

Share and Enjoy

YouTube ads serve Banking Trojan Caphaw

By : Sarsti Saini
Number of Malvertising attacks are appeared to be increasing day by day, even top websites fall victim to such kind of attacks - YouTube is to be the latest popular organization affected by malicious ads.
Security experts from Bromium have discovered that the cyber criminals were distributing a malware via YouTube ads.
According to researchers,  malicious ads attempt to exploit vulnerabilities in outdated Java.  It loads different malicious jar file, to ensure the exploit is compatible with the installed java version.
The Exploit kit used in this attack "Styx Exploit Kit" which was the same one used by cybercriminals to infect users of toy maker Hasbro.com.

If the user's machine is having vulnerable plugins, it will exploit the vulnerability and drops a Banking Trojan known as "Caphaw".  Researchers say they are working with Google Security team.

- Copyright © Virus Bhabhi - Date A Live - Powered by Blogger - Designed by Johanes Djogan -