Showing posts sorted by date for query Symantec. Sort by relevance Show all posts
Showing posts sorted by date for query Symantec. Sort by relevance Show all posts

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

Posted by Avik Sarkar On 1/05/2013 09:48:00 pm

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

The Redmond based software giant Microsoft issued an urgent security advisory to address vulnerabilities in its popular web-browser that is Internet Explorer.  Few of days new “zero day” security hole in IE was discovered which could potentially allow hackers to take over control of your system when all you've done is visit an infected website. The vulnerability affects IE versions 6, 7 and 8. Though the latest versions of the browser, that means IE 9 and 10, are not affected. “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” Microsoft said in its statement. The statement went on to say, “an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.”
On its advisory Microsoft first issued warning of the problem, which involves how IE accesses "an object in memory that has been deleted or has not been properly allocated." The problem corrupts the browser's memory, allowing attackers to execute their own code. Security vendor Symantec described such a scenario as a "watering hole" attack, where victims are profiled and then lured to the malicious site. Last week, one of the websites discovered to have been rigged to delivered an attack was that of the Council on Foreign Relations, a renowned foreign policy think tank. 
While talking about IE and its bugs, then we would like to remind you that couple of weeks ago, Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized. That time the software giant ignored that particular issue. But here they take this one bit seriously; So if you still using the older and affected version of IE, then its time to update your browser, in order to stay safe and secure on the Internet. To update your browser or to access the security fix click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VMware Confirmed: The Source Code of ESX kernel Was Indeed Stolen By Hackers

Posted by Avik Sarkar On 11/07/2012 04:12:00 am

VMware Confirmed: The Source Code of ESX kernel Was Indeed Stolen By Hackers

VMware, the global leader in virtualization and cloud infrastructure again faced cyber attack. Earlier in this year a hacker named "Hardcore Charlie" had stolen files from its ESX server hypervisor source code has been posted online. In that attack the hacker managed to steal more than 300MB source code of  VMWare products. Here also after 6 months another hacker named Stun (57UN) claiming to be affiliated with hacker collective Anonymous managed to hack the source code of VMware's ESX kernel. Immediately after the breach the hacker tweeted a link to a torrent site hosting the stolen VMkernel source code. In their official blog post VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed the source code was indeed stolen. But VMware also confirmed that leaked is source code that dates back to 1998-2004 which was previously leaked Hardcore Charlie. VMware also said that it is investigating what actions to take next. The torrent file posted by 57UN is leading to download you the source code of VMware ESX, that is sized almost 2MB
In a security note VMware said- "our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012. It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate. Ensuring customer security is our top priority. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment. We also recommend customers review our security hardening guides. By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected. As is our practice, VMware will continue to assess any further security risks, and will provide recommendations and updates here as appropriate..." VMware also encouraged its customers to view the May 3, 2012 security patch information as a resource.

While talking about source code leak, we want to remind you that couple of months ago this hacker (57UN) stolen the source code of Skype. Also earlier in 2012 another hacker group named  The Lords of Dharmaraja has managed to steal the source code of Norton Symantec





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Prison CCTV System are Under Attack By Worm Named 'Conficker'

Posted by Avik Sarkar On 9/29/2012 02:32:00 am

Prison CCTV System are Under Attack By Worm Named 'Conficker'

Yet again worm named 'conficker' has been spotted in the wild and this time it's showing some dangerous tricks. Security researcher from Symantec has unveiled that is infamous malware have managed to hack all the computers that control closed circuit television (CCTV) system of an unknown prison. Representatives from the correctional institutions were adamant that all the required security measures be all set and be in place so that the malware might be blocked, thus claiming that the threats were identified by protective software that were most likely false positives. Symantec experts found that a different Windows server 2003 system was required to control the prison CCTV system after examining the whole incident, and that system had remained unpatched as updates are formed interoperability problems with the cameras. An infection is introduced unintentionally through a USB drive while a contractor doing maintenance on the system. The recorded footage is modified by the threat insisting the prison's representative to catalogue it as "tampered evidence". While commenting on the matter, Director of Managed Security Services for the Asia Pacific and Japan region at anti-virus firm (Symantec), Peter Sparkes denoted that a CCTV was found to cause infection and identified as a threat, through a maintenance device. It is a software update by the involvement of a third party was that was into maintaining the CCTV.


-Source (SPAMfighter News)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Recently security firm Kaspersky lab has published a new report on the sophisticated nation-state sponsored Flame cyber-espionage campaign. During the research, conducted by Kaspersky Lab in partnership with International Telecommunication Union’s cybersecurity executing arm - IMPACT, CERT-Bund/BSI and Symantec, a number of Command and Control (C&C) servers used by Flame’s creators were analyzed in detail. The analysis revealed new, groundbreaking facts about Flame. Particularly, traces of three yet undiscovered malicious programs were found, and it was discovered that the development of the Flame platform dates back to 2006.

Main findings:
  • The development of Flame’s Command and Control platform started as early as December 2006.
  • The C&C servers were disguised to look like a common Content Management System, to hide the true nature of the project from hosting providers or random investigations.
  • The servers were able to receive data from infected machines using four different protocols; only one of them servicing computers attacked with Flame.
  • The existence of three additional protocols not used by Flame provides proof that at least three other Flame-related malicious programs were created; their nature is currently unknown.
  • One of these Flame-related unknown malicious objects is currently operating in the wild.
  • There were signs that the C&C platform was still under development; one communication scheme named “Red Protocol” is mentioned but not yet implemented.
  • There is no sign that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.
The Flame cyber-espionage campaign was originally discovered in May 2012 by Kaspersky Lab during an investigation initiated by the International Communication Union. Following this discovery, ITU-IMPACT acted swiftly to issue an alert to its 144 member nations accompanied with the appropriate remediation and cleaning procedures. The complexity of the code and confirmed links to developers of Stuxnet all point to the fact that Flame is yet another example of a sophisticated nation-state sponsored cyber operation. Originally it was estimated that Flame started operations in 2010, but the first analysis of its Command and Control infrastructure (covered by at least 80 known domains names) shifted this date two years earlier.
The findings in this particular investigation are based on the analysis of the content retrieved from several C&C servers used by Flame. This information was recovered despite the fact that Flame’s control infrastructure went offline immediately after Kaspersky Lab disclosed the existence of malware. All servers were running the 64-bit version of the Debian operating system, virtualized using OpenVZ containers. Most of the servers’ code was written in the PHP programming language. Flame’s creators used certain measures to make the C&C server look like an ordinary Content Management System, in order to avoid attention from the hosting provider.
Sophisticated encryption methods were utilized so that no one, but the attackers, could obtain the data uploaded from infected machines. The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame. It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild. These unknown malicious programs are yet to be discovered.
Another important result of the analysis is that the development of the Flame C&C platform started as early as December 2006. There are signs that the platform is still in the process of development, since a new, yet not implemented protocol called the “Red Protocol” was found on the servers. The latest modification of the servers’ code was made on May 18, 2012 by one of the programmers.
“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers. Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep. Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale,” commented Alexander Gostev, Chief Security Expert, Kaspersky Lab. 
Here we want to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 
For detailed analysis on Flame's command and control (C&C) servers click Here

-Source (Kaspersky)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Crime Cost $8 Billion Loss For India in Last 12 Months

Posted by Avik Sarkar On 9/17/2012 11:14:00 am

Cyber Crime Cost $8 Billion Loss For India in Last 12 Months While Affecting 42 Million People 

In its annual cybercrime report, security firm Norton has estimated that India has lost more than $8 Billion; in Indian currency around 42,000 Crore in last twelve months. This big consumer cyber espionage has effected more than 42 million of people around the country. In terms of cost, this is a full 18 per cent increase. Against this, the global loss has been pegged at $110 billion. The study further notes that as many as 66 per cent of online adults in India have been a victim of cyber crime. During the past 12 months, as many as 56 per cent of online adults here have experienced cyber crime, over 1,15,000 victims per day, 80 victims per minute and over one every second.
According to the report, the average direct financial cost per victim is $192, which is up 18 per cent over 2011 when it was $163. One key finding this year is that both the cost per victim as well as social and mobile incidents are on the rise due to cybercrime. The study is based on the findings of self-reported experiences of over 13,000 adults across 24 countries, Norton by Symantec said in a statement. 
Globally, every second, 18 adults fall victim to cybercrime, resulting in over 1.5 million cybercrime victims each day. With losses totaling an average of $197 per victim across the world in direct financial costs, in the past 12 months, an estimated 556 million experienced cybercrime, representing 46 per cent of online adults, says the report. Last year, the figure was 45 per cent. "Cybercriminals are changing their tactics to target fast growing mobile platforms and social networks where consumers are less aware of security risks," says Norton by Symantec Asia director and internet safety advocate Effendy Ibrahim said. 
If we compare with other countries who are very much advance in IT then a very nasty truth will come appear, and that is being sound in IT still India is very much week and also careless of cyber security. This carelessness of Indian Govt has already cost maximum damage in terms of finance, defense, privacy and so on. India has already faced big damage in cyber space (both financially & reputation) from native countries like China, Pakistan, where sensitive data of Govt, defense, nuclear & space research has allegedly been stolen by cyber criminals. So far India was dam careless but couple of weeks ago things changed dramatically. And now the Indian Govt is working on a robust cyber security structure, Prime Minister of India Dr. Manmohan Singh himself confirmed that from now on wards India will pay as much attention as possible to make the cyber fence digitally safe and secured. 



-Source (Norton & msn)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)

Posted by Avik Sarkar On 9/11/2012 12:06:00 am

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October 26)


Adobe confirmed a serious security hole in Windows 8, hackers have been aiming at  Microsoft's Windows 8 PCs for several weeks as it is vulnerable to attack by exploits. Its very unfortunate for those who runs all the four (consumer previewdeveloper preview, release preview & enterprise) pre-release version of Windows 8, because the Redmond based software giant Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale. 
"We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions. "The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe."
Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company took a page from Google's playbook and integrated the popular media software with Internet Explorer 10 (IE10), the new operating system's browser. Last month, Adobe issued two updates for Flash Player that patched eight vulnerabilities, some of which were ranked as "1" by the company, its highest threat warning. One of the vulnerabilities, tagged as CVE-2012-1535, was patched Aug. 14, but had been exploited for an indeterminate time before that.
In fact, CVE-2012-1535 was one of four "zero-days," or unpatched vulnerabilities, exploited in a 16-week stretch by an elite hacker gang revealed by Symantec researchers on Friday. Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.
Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.

Adobe actually told some users about Windows 8's Flash situation two weeks ago. On an Adobe support forum, a company representative announced on Aug. 23 that there would be no Flash update for Windows 8 and IE10 until late October. "Since Windows 8 has not yet been released for general availability, the update channel is not active," said Chris Campbell, identified as an Adobe employee. "Once this goes live, you'll start getting updates to Flash Player."

-Source (Computer World)









SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again

Posted by Avik Sarkar On 9/09/2012 04:05:00 pm

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again 

Computer security firm Symantec has unveiled, that a hacker group which unleashed the Hydraq or Aurora Trojan horse against Google and 34 other companies in 2009 has also been linked to attacks that have compromised systems at defense contractors, human rights organizations, and other large groups. According to the official blog of Symantec- they have been monitoring the activities of that hacker group since last three years and figure out that these attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (compromising certain websites likely to be visited by the target organization). The overall campaign by this group has been dubbed by the name "Elderwood Project".  
Serious zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero-day vulnerabilities used by the Elderwood attackers. Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many. The number of zero-day exploits used indicates access to a high level of technical capability. Here are just some of the most recent exploits that they have used:
  •  Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
  •  Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
  •  Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
  •  Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) 
Symantec have published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec

Posted by Avik Sarkar On 8/31/2012 06:05:00 pm

Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec

We are very much familiar to see Malware has targeted men by enticing them to view videos or pictures of a sexually-oriented nature. But here the story is totally different, recently Antivirus firm Symantec has discovered discovered 'Android.Loozfon' a rare example of malware that targets female Android users.
According to the symantec official blog -A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can easily make some money. The email includes a link to a site that appears to be designed to assist women to make money simply by sending emails. When a certain link on the site is clicked, Android.Loozfon is downloaded onto the device. Other links direct the user to a dating service site that likely attempts to charge money to use the service, which supposedly helps women meet rich men.



If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device. The downloaded app is titled “Will you win?” in Japanese. It has nothing to do with earning extra income or wealthy men.

If the app is installed and launched, it counts down from two to zero and then states that the user has lost. The app is programmed to lose every time, although there is nothing to either lose or win. It steals contact details stored on the device as well as the phone number of the device, which is the main goal of the malware. The scammers are likely harvesting email addresses in order to send spam to the contacts they were able to steal to lure them to the dating service site and/or sell the data to another group of spammers.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

nullcon security conference Delhi 2012 Highlights/Agenda

Posted by Avik Sarkar On 8/09/2012 05:04:00 am

nullcon Security Conference Delhi 2012 Highlights/Agenda

Earlier we have discussed several times about nullconAfter the success of Goa, now we all are waiting for nullcon Delhi to showcase cutting edge security technologies and discuss new attack vectors and security threats among the Corporate world and the Government sector. So lets talk about the highlights & agendas of nullcon Delhi 2012. nullcon feel proud to be at the forefront of the IT Security arena in the Asian IT Industry. With the fourth event in the row, nullcon continue to deliver the latest and responsible vulnerability disclosures and their mitigation solutions which help organizations take proactive and timely protective measures to safeguard their critical data and assets.
nullcon Delhi is being held on 26 - 29 Sept 2012 at The Leela Kempinski, Gurgoan.

 Highlights:-
1. Day one keynote by CEO Natgrid,Mr. Raghu Raman. Talk Title:  Battle of the Minds
2. Day two keynote by Global Security Evangelist and renowned speaker. Mr. Richard Thieme. Talk Title: Staring into the Abyss.
3. Security Conclave on Critical Infrastructure Protection:  Focused Panel discussion of 90 minutes with participation from Govt. and corporate. Expert panelists from PSUs (Public Sector Undertaking) and large private organizations to create the road map for the protection standard and processes. This year's theme is Critical Infrastructure Protection and will be focused on organizations managing and developing critical infrastructure and organizations offering solutions and risk consulting on the same.
4. Executive Briefing: Exclusive two hours sub-event for senior management and the CIO’s to present summarized content of conference talks/events.
5. Prototype sub-event:  An excellent opportunity/platform for organization to speak/showcase/present (30 Min Talk) new innovative security technologies to the conference attendees to attract industry recognition and to promote their brand.
6. 20+ Exhibitors from security industry.
7. 20+ presentations by security experts on ground breaking defensive and offensive security technologies.
8. Seven security Training by industry experts on deep technical and critical security sbjects.
9. Null Job fair for hiring the best in the security industry.
10. Attendees from varied Industry verticals.
11. Supported by Microsoft (MSRC USA), Praxeva, SANS and Hacker5. 
12. Some of the exhibitors include WatchGuard, Symantec, Microsoft, Praxeva, SANS, JNR, Search Lab, Innobuzz, ACPL, LFY, Payatu
nullcon Delhi is a must attend for all those who share an interest in IT security. It is nullcon's endeavor to be continually delivering the best in IT Security. For more details please visit http://nullcon.net. 
Pre-con registration is closing on 31st August. FREE Registration for Exhibition and Job Fair. Group discount available. For offline registration, kindly drop an email to register@nullcon.net
Being the official media partner, Team Voiceofgreyhat wishes all the very best for Nullcon Delhi 2012.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Reverse Engineered Source Code of Skype Allegedly Stolen & Exposed

Posted by Avik Sarkar On 7/21/2012 03:09:00 am

Reverse Engineered Source Code of Skype Allegedly Stolen & Exposed 

After VMWare & Norton's Symantec now another big fish -Skype get caught among the list of those whose source code has been allegedly stolen. An Anonymous affiliated hacker named "57UN" also known as 'Stun' claims to have stolen the source code which he made public. From this leak several fact come in front, according to the hacker the Federal Authorities uses skype for surveillance, in his twitter the hacker said - "Oh and the FBI uses #Skype as a surveillance tool?! #Lulz?! Privacy my ass! Wake up people!..." He added "#Skype & privacy?! Yeah! Did you know that #Microsoft works with each and every government, for instance in #Tunisia!..." 

In his release on Pastebay Stun said- 
"AFTER MICROSOFT ACQUIRING SKYPE FOR 8.5 BILLION DOLLARS AND PROCEEDING TO ADD BACK DOORS FOR GOVERNMENT TO THE PROGRAM, THE SOFTWARE HAS BEEN HACKED AND IT'S SOURCE CODE RELEASED

Skype1.4_binaries
http://thepiratebay.se/torrent/6442887

SkypeKit_sdk+runtimes_370_412.zip
skypekit binaries for Windows and x86_Linux + SDK
http://thepiratebay.se/torrent/7190651/

skype55_59_deobfuscated_binaries (Windows)
http://thepiratebay.se/torrent/7238404/

http://twitter.com/57UN

#Anonymous #Antisec #PoliceState #SecurityState #OpenSource ..."

However, experts state that the source code published by the hacker is actually the one leaked some time ago by a researcher who reverse engineered the Windows binaries. According to security researcher Janne Ahlberg “I managed to get a copy of the file ‘skype55_59_deobfuscated’ from May. It is not Skype source code, but a reverse engineered version of the Windows binaries. The tool used in reverse engineering seems to be IDA disassembler/debugger” 
So far 3 torrent files being released which include a reversed engineered copy of the skype protocol, the source development kit(sdk) and needed runtime and de-obfuscated, unpacked Skype 5.5 and 5.9 binaries for Windows. 


-Source (Softpedia





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Stand Against CISPA, Saying The Bill Will Infringes on Our Privacy

Posted by Avik Sarkar On 5/07/2012 06:13:00 pm

Mozilla Stand Against CISPA, Saying The Bill Will Infringes on Our Privacy
 
When almost 99% of leading IT Industry, software giant like Microsoft, Facebook, AT&T, Intel, Verizon has been either silent or quietly supportive of the controversial bill HR 3523 Act dubbed the Cyber Intelligence Sharing and Protection Act (CISPA). But here we get one exception late Tuesday, Mozilla’s Privacy and Public Policy lead sent me the following statement:-
"While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security. The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse. We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation."
CISPA’s official supporters include Facebook, Microsoft, IBM, Intel, Oracle and Symantec among others–carriers including AT&T and Verizon have signed on, too. Despite reports that Microsoft had backed off its support for the bill citing privacy, a Microsoft spokesperson Monday told reporters that the company’s supportive position on CISPA remains “unchanged.”




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VMWare Source Code Was Stolen at The Time of CEIEC Breach

Posted by Avik Sarkar On 4/29/2012 05:05:00 pm

VMWare Source Code Was Stolen at The Time of CEIEC Breach 

In the official blog VMWare, the visualization software company has revealed that a hacker associated with hacktivist calling himself "Hardcore Charlie" has stolen at least one and possibly many more source files for its software - and has begun posting them on line. VMware on Tuesday announced that a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future. The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers, Said by VMWare official. Earlier we covered that Hardcore Charlie claimed to breach China NationalElectronics Import-Export Corporation (CEIEC), based in Beijing, he got inside CEIEC and posted documents ranging from purported U.S. military transport information to internal reports about business matters on several file-sharing sites, but the authenticity of the documents could not be independently confirmed. Hacker Charlie' claims to have found program files for virtualisation software on CEIEC. In a conversation with Kaspersky Lab, the hacker claimed to have 300MB of VMWare source code. 
The hacker also claimed to have cracked cryptographic hashes on the credentials of hundreds of thousands of sina.com email accounts with the help of another hacker, who goes by the name of @Yamatough and who is thought to have been involved in the distribution of documents suggesting that the Indian government had put in monitoring systems for Nokia, RIM and Apple smartphones. The companies all denied the claim, and the documents were later shown to be faked.
VMWare insisted that the code dated back to 2003-04, though it did not say whether that section of the code had been changed since then. "We will continue to provide updates to the VMware community if and when additional information is available," said Iain Mulholland, director of VMware's security response centre in a statement. VMWare didn't indicate whether its own systems had been breached, and seemed to widen the number of potential targets to include commercial partners.  
Like VMWare, a hacker group named The Lords of Dharmaraja has managed to steal the source code of Norton anti-virus, Symantec. There also hacker leaked the source code and hacktivist Anonymous take the responsibility of the entire phenomena





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Posted by Avik Sarkar On 4/22/2012 02:21:00 pm

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Massive Flashback botnet that hit more than 60K Mac PC world wide originated from hacked and malware-rigged WordPress blog sites. Researchers figure out there were between 30,000 and 100,000 WordPress sites infected in late February and early March, 85% of which are in the United States.
Kaspersky Lab researchers say the infected WordPress blog sites were rigged with code that silently redirected visitors to a malicious server. "When the connection was made to the malicious server, that server would determine which OS was running and serve exploits accordingly," says Roel Schouwenberg, senior researcher for Kaspersky. It was a pay-per-install scheme to spread malware, including the Flashback Trojan.
Most researchers say a gradual decline in machines infected by the Trojan is still underway: As of Thursday, there were about 140,000 infected Macs still out there, according to Symantec, and Kaspersky says it sees only about 30,629 Flashback-infected bots in its sinkhole. Still on the horizon, too, is the possibility of a Flashback comeback, with the command-and-control servers sending their bots updates. "We are watching the command-and-control domains used to control this botnet for any updates ... We haven't seen any new updates being delivered," said Liam O Murchu, manager of operations for Symantec Security Response. "Flashback generates new domains every day, which shows us the attackers have probably written malicious code before. They are aware that their botnet could be taken down with a single domain, so they generate a new one every day." To see the full story click here


Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Duqu is Still in Operation, Researcher Found New Duqu Variant

Posted by Avik Sarkar On 4/11/2012 06:36:00 pm

Duqu is Still in Operation, Researcher Found New Duqu Variant 

Last month researchers at Kaspersky Lab managed to solve the Duqu Mystery. They discovered that this dangerous stuxnet was written by custom object oriented C called “OO C”. But was the sufficient to stop this dangerous cyber weapon? The answer is big no, and today a new Duqu variant rise up, which clearly indicating that the attacks are still ongoing and still security experts failed to put a solid brick between Duqu & cyber space. The latest Duqu driver was compiled in February 2012, more than four months after Duqu was first flagged as a unique piece of malware “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran
Symantec identified the newly compiled Duqu driver as mcd9×86.sys and said it contains no new functionality beyond spying and collecting data from infected machines. Kaspersky Lab’s Costin Raiu says the latest variant has been engineered to escape detection by the open-source Duqu detector toolkit released by CrySyS Lab.


-Source (ZDnet) 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

Posted by Avik Sarkar On 4/11/2012 06:36:00 pm

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

As per schedule two software giants Microsoft and Adobe today each issued security bulletin to plug security holes in their vulnerable products. The patch batch from Microsoft fixes at least 11 flaws in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting. The company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader. 
Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012. Among those is an interesting weakness (MS12-024) in the way that Windows handles signed portable executable (PE) files. According to Symantec, this flaw is interesting because it lets attackers modify signed PE files undetected. Microsoft said that this patch the highest priority security update this month. “What makes this bulletin stand out is that Microsoft is aware of attacks in the wild against it and it affects an unsually wide-range of Microsoft products, including Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8 and Visual Basic 6 Runtime,” Kandek said. “Attackers have been embedding the exploit for the underlying vulnerability (CVE-2012-0158) into an RTF document and enticing the target into opening the file, most commonly by attaching it to an e-mail. Another possible vector is through web browsing, but the component can potentially be attacked through any of the mentioned applications.” Other notable fixes from Microsoft this month include a .NETupdate, and a patch for at least five Internet Explorer flaws. Patches are available for all supported versions of Windows, and available through Windows Update. In March 2012 Security bulletins Microsoft closed a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).

After Microsoft here comes the turn for Adobe &  they updates fix critical problems in Acrobat and Reader on all supported platforms, including Windows, Mac OS X, and Linux. Users on Windows and Mac can use each products’ built-in update mechanism. The newest, patched version of both Acrobat and Reader is v. 10.1.3 for Windows and Mac systems. The default configuration is set to run automatic update checks on a regular schedule, but update checks can be manually activated by choosing Help > Check for Updates. Reader users who prefer direct links to the latest version can find them by clicking the appropriate OS, Windows, Mac or Linux (v. 9.5.1).




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

AnonOps- Anonymous-OS Is Fake & Wrapped In Trojans (Anonymous Vs. Anonymous)

Posted by Avik Sarkar On 3/16/2012 07:33:00 pm

AnonOps- Anonymous-OS Is Fake & Wrapped In Trojans (Anonymous Vs. Anonymous)
Yesterday we cover the release of Anonymous-OS, which was claimed to be the first Operating System made by hacker collective Anonymous. But now we are facing a complete different scenario. After the release of the OS one of the so called official twitter account of Anon tweeted about the OS "The Anon OS is fake it is wrapped in trojans". From this tweet the controversy begins which takes two direction, one saying Anonymous did not release their own operating system and other saying the OS have certain backdoors, malware & trojan installed. In a SourceForge project page this Anonymous-OS was first made available but later the SourceForge Authority said that they have removed the page and also the distribution from their server as significant concerns were raised concerning the software bundle's authenticity and possible maliciousness. According to their official blog post :- 
Yesterday we starting hearing some buzz about a new project called “Anonymous-OS” - people claiming that it was not affiliated in any way with the group referring to itself as “Anonymous". We looked at the project, and decided that although the name of the project was misleading (we see no evidence that it is connected with Anonymous) it appeared, on initial glance, to be a security-related operating system, with, perhaps, an attack-oriented emphasis. We have, in the past, taken a consistent stance on “controversial” projects - that is, we don’t pass judgement based on what’s possible with a product, but rather consider it to be amoral - neither good nor bad - until someone chooses to take action with it.
VOGH Review:-
Anonymous-OS was based on Ubuntu 11.10 with number of hacking tools like HOIC, Sqlmap, Havij, Zenmap & so on. Basically the OS was represented to be a pentest distro. But just after the time of release a controversy came while saying - is the OS safe? In this issue the previous track record of Anonymous was not good. Remember few days ago in a report Symantec have discovered that a piece of Anonymous-recommended DDoS software called Slowloris contained an insidious Trojan that was stealing financial info from people using it. In #OpMegaupload, the largest attack ever where 5,635 Anon people bring down the websites of Universal Music, the U.S. Department of Justice and the Recording Industry Association of America while using one of the world's most popular and vastly used DDoSer LOIC. But in reality thousands of people has been tricked by Anon in the named of cause and justice. Here again the history repeated. In the so it's Anon Vs. Anon.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Defaced New York Ironworks Website & Leaked Source Code of Norton

Posted by Avik Sarkar On 3/12/2012 09:42:00 pm

Anonymous Defaced New York Ironworks Website & Leaked Source Code of Norton

The Federal Authorities still unable to dominate the spirit of Anonymous. After a series of arrest by FBI, Interpol, Scotland Yard still the hacktivist are on the high node. As a result New York Ironworks, a supplier of police equipment and tactical gear based in New York City became the victim of cyber attack. Where a hacker collective group named #Antisec (Part of Anonymous) has hacked and defaced the index page of Ironworks with a rambling message from AntiSec. The message expressed support for those who were arrested and anger at fellow hacker "Sabu" whose cooperation with the FBI contributed to this week's arrests. It included a brief diatribe against the FBI, a promise of more hacks Friday.
Meanwhile, Anonymous members also released source code to Symantec's Norton Antivirus 2006 software in apparent tribute to those who were arrested this week. A 1.07GB file that is apparently the source code was published on Pastebin as well as Pirate Bay on Thursday. The release of the code was not unexpected. Last month, hackers named Lords of Dharmaraja affiliated with Anonymous had released source code to Symantec's pcAnywhere after a botched sting operation. That time too, the hackers published the code on The Pirate Bay website. Symantec also confirmed the security breach




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search