Showing posts sorted by date for query facebook. Sort by relevance Show all posts
Showing posts sorted by date for query facebook. Sort by relevance Show all posts

What Risk We are Posing! Everyone Can Become Target of the Latest Cyber Security Threats

Posted by Avik Sarkar On 2/10/2014 07:31:00 pm

What Risk We are Posing! Everyone Can Become a Target of the Latest Cyber Security Threats
According to a report by the Washington Post, hackers may soon be setting up a plan to unfold in 2013 that will target 30 different U.S. banking institutions. McAfee Labs, who has compiled a new cyber security report, says that banks should be on the lookout for software that creates false online transactions or targets transfers tied to large dollar amounts.
Sources say that these threats can all be tied back to “Project Blitzkrieg”, which is a program that has been around since 2008. Within the past four years, it has already stolen $5 million and plans to continue for as long as possible. During the past few months, between 300 and 500 victims located within the U.S. have fallen victim to Project Blitzkrieg’s schemes. By the spring of 2013, McAfee says that things could get even worse for U.S. banks and their customers.
Experts note that this scheme may be tied to reports from back in October by security company RSA that mentioned how a hacker out of Russia named “vorVzakone” has been openly discussing his plan to recruit a team to plan the largest Trojan attack tied to banking. McAfee warns that these threats should be taken extremely seriously as the beginning of 2013 is soon to unfold. The software can become extremely dangerous to those doing their banking online because it can replicate transactions and even delete e-mail notifications about certain transfers.
While U.S. banks will no doubt be increasing their security protocols to protect themselves from any unnecessary attacks, most already know that they are continually being cited as targets from hacking groups around the globe. Back in September, both JP Morgan Chase and Bank of America saw their sites crash because of DDoS attacks.

Samsung Smart TV Dangers
The Register has recently reported that Samsung’s newest Smart TV is completely open and vulnerable to hacking because it gives hackers the ability to steal data very quickly. According to security company ReVuln, this vulnerability most notably affects consumers who own and use their Samsung 3D TVs for internet purposes.
Those who use their Smart TVs can rent movies, browse the web for a cheap line rental, go on Facebook, and more. ReVuln claims that they have found an exploit which allows hackers to see everything the user is doing while they are using their TV, retrieve and access information like web history, and hook up an external thumb drive to the TV to conveniently steal all of this information for future use. While ReVuln noticed this exploit while using a Samsung 3D TV, the true problem is that it seems to affect all of the latest Samsung TVs with internet capabilities, which includes many different makes and models.
As these TVs continue to act more as larger PCs, it is only a matter of time until we see even more security vulnerabilities tied to them in the very near future.

Gas Station Bluetooth Skimming
News site KRCA out of Sacramento notes that crooks are using Bluetooth devices in order to steal credit card information from those who are paying for gas at the pump. The biggest issue the cyber security experts noticed is that these thieves do not even have to be near the gas station in order to steal information.
Crooks are using skimming devices that utilize Bluetooth and contain a variety of common security keys that can be used to access gas pumps for maintenance. They don’t simply pull out their device and begin swiping information for oblivious consumers. Thieves will start by installing skimmers on the pumps to collect information from those pumping gas and then pick them back up. Detectives say that these types of devices are impossible to detect.
According to experts, thieves can be up to 100 yards away and continually collect credit card information from unsuspecting users. Because of this, these crooks are impossible to detect, and the problem may only grow larger in the near future.

Troublesome QR Codes

QR codes seem to be everywhere these days. They’re typically on everything from advertisements to products that we purchase on a daily basis. In the Netherlands, hackers are posting QR codes in heavily trafficked areas like airports and major streets. When these QR codes are scanned in by a user’s smart phone, they are taken to a malicious website that may attempt to phish information from the user or possibly infect their smartphone with malware.

Disclaimer:- Before perfection, on behalf of Team VOGH, I would like to personally thank Eve Halton  for sharing this magnificent article with our readers. Eve is a very much passionate Fleet Street, she  has done her graduation in International Business and Journalism. She gained decent experience in writing articles on several fields like global politics, economics, sustainability issues, cyber security & many more.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

Posted by Avik Sarkar On 1/02/2014 11:10:00 pm

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]
Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Controversial Cyber Security Bill CISPA Passed Again By The US House

Posted by Avik Sarkar On 4/23/2013 11:30:00 pm

Controversial Cyber Security Bill CISPA Passed Again By The US House

Couple of months ago we reported that the White House is planning for an executive cyber security order, from some official sources it has also come to know that the U.S. President Mr. Barack Obama has a special plan to re-introduce the Cyber Intelligence Sharing and Protection Act (CISPA). Today that deceleration get executed as the US House of Representatives has passed the controversial Cyber Information Sharing and Protection Act. This is the second time when CISPA have been passed by the White House, first it was rejected by the Senator while saying that the bill did not do enough to protect privacy. But yet again with the initiative of Obama and a substantial majority of politicians in the House backed the bill. Though there is a huge chance of getting rejected. According to some relevant sources it has been came to light that, this time also CISPA could fail again in the Senate after threats from President Obama to veto it over privacy concerns. Sources are saying that the main reason of re-introducing CISPA is the the President Barack Obama expressed concerns that it could pose a privacy risk. The White House wants amendments so more is done to ensure the minimum amount of data is handed over in investigations.  The law is passing through the US legislative system as American federal agencies warn that malicious hackers, motivated by money or acting on behalf of foreign governments, such as China, are one of the biggest threats facing the nation.  "If you want to take a shot across China's bow, this is the answer," said Mike Rogers, the Republican politician who co-wrote CISPA and chairs the House Intelligence Committee. 

On the other hand CISPA has also secured the backing of several technology firms, including the CTIA wireless industry group, as well as the TechNet computer industry lobby group, which has Google, Apple and Yahoo as members. By contrast, some other big names like Mozilla, Reddit has been vocal in its opposition to the bill. In the beginning the social networking giant Facebook supported CISPA but later they took back its support. The American Civil Liberties Union has also opposed CISPA, saying the bill was "fatally flawed". The Electronic Frontier Foundation (EFF), Reporters Without Borders and the American Library Association have all voiced similar worries.


-Source (BBC)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Israel Hit By Demolishing Cyber Attack From Anonymous Caused $3 Billion Damage (#OpIsrael)

Posted by Avik Sarkar On 4/11/2013 01:44:00 am

VOGH Exclusive: Israel Hit By Demolishing Cyber Attack From Anonymous Caused $3 Billion Damage (#OpIsrael) 

The past 7th April will be unforgettable for Israeli cyber space, yes it was no doubt the black day for Israel, when the World's largest hacker group "Anonymous" with help of several other hackers communities caused ruin while bringing down almost all the Israeli Government websites, along with more that 100,000 other important Israeli websites, 40,000 Facebook pages, 5,000 Twitter accounts and 30,000 bank accounts belonging to Israeli people. The hacker group not only demolished the cyber space of Israel, but also caused a loss of 3 billion USD. This never forgettable hacking rampage dubbed Operation Israel became the most devastating and venturesome hacking rampage ever happened to the Israeli cyber space. In the last week of March, it was dangerous hacker collective group Anonymous who called the operation widely known as #OpIsrael, where the hacker group vows to erase Israel from the Internet. And indeed the hacker group did that, According to several Israeli source, leading media outlets it has been confirmed that almost all the important sites owned by the Government of Israel have been  either hacked and paralyzed. These sites include the site of the Israeli Police, Israeli Prime Minister, Bureau of StatisticsIsraeli intelligence agency Mossad, Stock Market and the Israel Ministry of Defense and many more. Regardless of the amount of damage done, the scale of the attack is bound to be embarrassing for the Israeli government. This is the second time that Anonymous has successfully taken down Israeli government websites. The first #OpIsrael attack happened last November and affected Israeli cyber fence heavily. Like the last November, this time also the reaction of Israel Government was indifferent and unconcerned. Despite of what Anonymous's claims of massive damage to Israel, the country's cyber security officials say that the attack caused minimal damage. "So far it is as was expected, there is hardly any real damage," Yitzhak Ben Yisrael from the government's National Cyber Bureau told the press. "Anonymous doesn't have the skills to damage the country's vital infrastructure. And if that was its intention, then it wouldn't have announced the attack ahead of time. It wants to create noise in the media about issues that are close to its heart." This is more or less what Anonymous always does, often with varying levels of success.







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Posted by Avik Sarkar On 3/31/2013 03:21:00 pm

Facebook Hacker Cup 2013Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Now a days leading organizations offers bug bounty and other competitions by which hackers from different part of the world will participate and find out security holes, in order to make more secure product and enhance cyber security. While talking about hackers competition then the name of "Hacker Cup" organized by the social networking giant Facebook will surely be an important one. Like last last two years, this year also Facebook called Hacker Cup 2013 in February and after completing several exciting  rounds finally we have the winners of this year's championship. Last year it was Roman Andreev of Russia who won the Hacker Cup with a heavy and prestigious trophy and a check for $5,000. Just like last year, this time also thousand of hackers across the globe participated in the competition and after completing the breathtaking championship three lucky winners been rewarded by Facebook for the outstanding performance. And the winners of Hacker Cup 2013 are Petr Mitrichev,  in second place we have Jakub Pachocki and third place it was Marcin Smulewicz. The social networking giant congratulated all the competitors who taken part in Hacker Cup for a great showing and performance. This year winner Petr Mitrichev solved all the four problems (Archiver, Colored Trees, Minesweeping, Teleports) in a due time and honored with the highly coveted Hacker Cup Trophy and an amount of $10,000. Here are some key moments of this year Hacker Cup:- 
 (Hacker Cup 2103 Finalist)
 (Competition is on)
 (The Prestigious Trophy) 
(Electric Moment)
(Hacker Cup 2103 Award)

(Petr Mitrichev Hacker Cup Winner)
Brief About Facebook Hacker Cup:-
Hacking is core to how we build at Facebook. Whether we’re building a prototype for a major product like Timeline at a Hackathon, creating a smarter search algorithm, or tearing down walls at our new headquarters, we’re always hacking to find better ways to solve problems. Programmers from around the world will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges. This is the chance to compete against the world’s best programmers for awesome prizes and the title of World Champion. 
As expected Facebook promises to continue this event every year so keep your eye out for signups to open to be the Hacker Cup 2014. So stay tuned with VOGH, for all the upcoming updates on cyber security. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Posted by Avik Sarkar On 3/11/2013 02:55:00 am

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED


The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

  1. James Forshaw: Java = $20K
  2. Joshua Drake: Java = $20k
  3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
  4. Nils & Jon: Chrome = $100k
  5. George Hotz: Adobe Reader = $70k
  6. Ben Murphy: Java = $20k
As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 


 -Source (HP, Naked Security) 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Evernote Security Breached! Causing 50 Million Passwords Reset

Posted by Avik Sarkar On 3/07/2013 06:57:00 pm

Evernote Security Breached! Causing 50 Million Passwords Reset

World famous online information storage firm Evernote, allows millions of people to store and organised personal data on an external server from cross-platform have fallen victim to latest round of cyber attacks where hackers had managed to breach the company network which results a massive data breach effecting more than 50 million of its registered users. The breach on Evernote follows malicious activity at Twitter, NBC, New York Times, Facebook and others in recent weeks. In their blog release the firm has acknowledged the incident while saying "Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service." But the matter of relief for the millions of its users are that, whether the hackers have gained access inside Evernote user information, which includes usernames, email addresses associated with Evernote accounts, but due to salted encryption; hackers fail to gain decrypt those  credentials. But to avoid further massacre Evernote did password reset of all it's registered users. Phil Libin, Evernote’s CEO and founder, told press that the services are running, although if you try to access the site things may not work as normal at the moment: “We just pushed out a password reset, so the servers are going to be saturated for a bit,” he wrote. “Everything is up, although response is choppy. There’s no threat to user data that we’re aware of” -said Phil. Evernote also claimed that also have no evidence of any payment information for Evernote Premium or Evernote Business customers was accessed during the hack. 
The security response team of Evernote apologized for the annoyance of having to change your password, but, ultimately, they believed that; this simple step will result in a more secure Evernote experience.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

Posted by Avik Sarkar On 2/25/2013 02:07:00 pm

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

The month of February is still going from bad to worse for the cyber domain, in this very month cyber criminals swallowed the security system of many giant companies like Facebook, Twitter, Apple, New York Times and many more. But the game is not over yet, as we have just passed a few weeks, when the attack on NY Times took place, which stolen the employ database; yet again the cyber criminals have targeted another media giant National Broadcasting Company widely known as NBC. During the attack, hackers have successfully gain access inside the server of NBC and planted malware, in order to harm innocent readers. Famous security expert and blogger Brian Krebs said that the hackers inserted code into the NBC.com homepage. This caused visiting browsers to load pages from third-party sites that were compromised. While explaining the nature of the attacker, Krebs said; "The compromised sites tried to foist the Citadel Trojan, a variant of the Zeus Trojan." The Zeus is a "sophisticated data theft tool that steals passwords and allows attackers to control machines remotely" he added. Not only the NBC’s home page, also several others were affected, including the pages of late night talk show hosts Jay Leno and Jimmy Fallon. Well known security firm Sophos explained how roughly attack played out, and how NBC got sucked into the equation:
  • NBC's hacked pages were altered to add some malicious JavaScript that ran in your browser.
  • The JavaScript injected an additional HTML component known as an IFRAME (inline frame) into the web page.
  • The IFRAME sucked in further malicious content from websites infected with an exploit kit known as RedKit.
  • The exploit kit delivered one of two exploit files to try to take control over your browser via a Java vulnerability or a PDF bug.
  • If the exploit worked on your computer, financially-related crimeware from the Citadel or ZeroAccess families was installed.
This, of course, is an example of a dreaded drive-by download, where the crooks use a cascade of tricks to download, install and execute software without going through any of the warnings or confirmation dialog you might expect. This, in turn, means that even if you are a careful and well-informed user, you may end up in trouble, since there are no obvious signs that you are doing anything risky, or even unexpected.
As soon as this story get spotted the American commercial broadcasting television network, NBC News reported and confirmed that its site had been attacked. The broadcaster released the following statement regarding the website: "We've identified the problem and are working to resolve it. No user information has been compromised."
The emergency response team immediately take the situation under control and restored the website, and confirmed that the site is back again and completely safe for its visitors. But so far there is no evidence of attackers who were involved in this attack. For the safety of VOGH readers we would like to recommend you to update your operating systems and browser plugins. Also note that the attack on NBC was similar to many that have occurred in recent years in that the malicious sites tried to exploit vulnerabilities in Java. So it will better to disable Java, unless it is that much necessary. So stay tuned with VOGH and be safe in the cyber domain. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Hacked By The Same Group Who Attacked Facebook

Posted by Avik Sarkar On 2/20/2013 06:52:00 pm

Apple Hacked, Macintosh Computers Infected  By The Same Group Who Attacked Facebook 

The month of February is not going good for cyber space, specially for giant organization. Last week the social networking giant Facebook fallen victim of a devastating cyber attack which did effected a number of  systems. Facebook admitted that it faced a "sophisticated attack" on computers where it has been found the attackers used a zero-day Java exploit to initiate the attack, but that no user data was compromised. The same thing happened to micro blogging site Twitter and New York Times. And now it was the turn for Apple. The California based multinational company acknowledged that recently their systems has been attacked by hackers who infected Macintosh computers of some employees. Like Facebook here also no data has been effected, "there was no evidence that any data left Apple." -said Apple. 
According to an exclusive report of Reuters -some unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. Experts are presuming that all these cyber attacks of February, that is Twitter, New York Times, Facebook & Lastly Apple Inc was originated from China, and executed by the same hacker group. On the other side few experts are also saying that the group responsible for the hack, has been identified as "Unit 61398" of the People's Liberation Army. But so far there is no proof. 
Apple also revealed that it plans to release a software tool later Tuesday that will protect customers against the same type of software that was used against its employees. 

Apple also provided a statement as follows:-
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found..."




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Sub-domain is Vulnerable Allowing Information Disclosure

Posted by Avik Sarkar On 2/18/2013 08:55:00 pm

NASA Sub-domain is Vulnerable Allowing Serious Information Disclosure

National Aeronautics and Space Administration, widely known as NASA used to fascinate the hackers to come and breach its security system. Many of our readers may be astonished after reading the above lines, but its a fact and history is the witness of that. So far NASA have been targeted several times, where hackers have figured out vulnerability and penetrated the digital security. Yet again same thing happened to NASA, when an ethical hacker from India going by the name of "Zero Cool" find out serious loopholes in one of the sub-domain of NASA, which could lead sensitive information disclosure. The hacker shared a vulnerability report with us, where he has shown that, exploiting the vulnerability one malicious attacker can easily extract lots of confidential data from NASA server, such as source code of various programs (used by NASA), current project information, future research paper, topological graph, license information, several executable files, .dll files, private application software & it's source codes, employ details and many more highly confidential or in other word "Top Secrete" data and files. For security and privacy purpose we are not disclosing those vulnerable links, but exclusively for VOGH readers we are sharing few images to justify the fact. 



This vulnerability report has already been submitted to NASA, and as expected they immediately reacted and promised to path those loopholes with immediate effect. While talking about the ethical hacker "Zero" we would like to remind you that, before this NASA vulnerability disclosure, he exposed several vulnerabilities among many major and high profile websites such as FacebookReebok,Indiagames, mtv, lapdonline, UNESCO, Toshiba, Discovery.com, Novell.comMicrosoft Store India, several Pakistani  and Bangladeshi Govt websites and many more.  




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship)

Posted by Avik Sarkar On 2/06/2013 07:12:00 pm

A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship) 
Freedom of social media in India has been revoked, as the Indian govt has implemented several policy by which they made the social network completely censored. Though this step has been criticized randomly but the decisions has remain unchanged. And the result is in front of us; when a man from Agra get busted. The incident occurs immediately after he made a posts on social networking site Facebook targeting Prime Minister Manmohan Singh, union Communications Minister Kapil Sibal and Uttar Pradesh's ruling Samajwadi Party (SP) chief Mulayam Singh Yadav. According to police the post which the man from Agra made violated the policy of Indian govt and that's why it is taken as "communal and inflammatory." the man named Sanjay Chowdhary, a resident of the Dayalbagh suburb of Agra, was arrested late Monday and his laptop, sim card and data card impounded.
Police in Agra, about 360 km from here, said the arrest, which some see as an attempt to muzzle freedom of speech and expression on social networking sites, that the arrest was made on "specific information" about certain "communal and inflammatory" posts by Chowdhary. However, officials here admitted that the "case became hypersensitive after some remarks were made on the SP chief".
Senior Superintendent of Police (SSP) Agra, Subhash Chandra Dubey said police had acted "purely on law and order basis" in the matter.
"We are not involved in the political angle of the whole issue, our concern were the inflammatory comments and posts on the Facebook wall of this man and we acted to prevent any communal flare up," Dubey told the media. Some officials, however, said the case was "fast tracked" once cartoons lampooning the three leaders were posted on his Facebook wall.
Soon after his arrest, the inflammatory posts were deleted from his Facebook profile and later his account was deactivated. Chowdhury, a civil engineer and chairman of a public school, was booked under sections 153 A of the Indian Penal Code (IPC) and 66 A of the Information Technology (IT) Act.
"We have arrested him and he is being sent to jail under the due process of law," a police official said.



-Source (Yahoo News)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

Posted by Avik Sarkar On 12/02/2012 07:01:00 pm

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

The social networking giant Facebook announced that it started rolling out Photo Synchronization, in order to add more mobility and ease of use. According to Facebook Newsroom -the new Photo Sync will make photo sharing easier. With this feature, photos from your phone sync automatically to a private album on the web. When you want to share these photos, just pick and post your favorites. If you turn this feature on, up to 2GB of photos from your phone can be synced automatically to a private album on Facebook, from which you can then pick your favorites to share with your friends. It’s important to note that Facebook isn’t launching new Android and iOS apps today. The feature is already included, but the company is turning it on for more and more users, starting with a big push today. To turn the feature on in the Facebook app (if you have an iPhone, iOS 6 is required), tap Photos and then tap Sync at the bottom of your photos section. Once the uploads start coming in, you can check them out and share them via the app, on the mobile Web, or on your computer (go to your Timeline, click Photos, and click “Synced From Phone” at the top of your photos section). To save on the limited amount of space, you can stop photos from being synced by deleting them. In the app, that’s the “Remove synced photo” option once you pick a photo in the Synced section, and on your computer that’s the Delete option when you’re in the “Synced From Phone” folder. The good news is that deleting a photo from your synced photos won’t delete it from your phone’s gallery.
That’s right, you can turn photo syncing on or off, but you can also choose to sync over Wi-Fi only. Normally, when you’re on a cellular network like 3G or 4G, Facebook will sync photos at a smaller size (around 100K each), so they’re unlikely to use much of your data plan. Over a Wi-Fi connection, Facebook will sync larger versions of your photos. The best part: photos will not sync when your battery is low.

Get the latest Facebook app for Android or iPhone to try it out. Learn more at Facebook.com/mobile or visit the Help Center.


-Source (TNW & FB)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA Refused to Disclose Obama's Secret Cyber Security Directive

Posted by Avik Sarkar On 11/27/2012 12:33:00 am

NSA Refused to Disclose Obama's Secret Cyber Security Directive

The cyber security directive of United States President Barack Obama has been twisted a little as the National Security Agency (NSA) has refused to release details of a secret presidential directive document that would establish a broader set of standards that would guide federal agencies in confronting Cyber threats. Several experts are presuming that the cyber security directive could allow the military and intelligence agencies to operate on the networks of private companies, such as Google and Facebook. According to the last week report by Washington Post, cited several U.S. officials saying that Obama signed off on the secret cyber security order, believed to widely expand NSA’s spying authorities, in mid-October. “The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyber war and cyber terrorism,” the report states.  
The Electronic Privacy and Information Center (EPIC), filed a Freedom of Information Act (FOIA) request to make the document public because it said the measure could expand NSA’s Cyber security authority. “Transparency is crucial to the public’s ability to monitor the government’s national security efforts and ensure that federal agencies respect privacy rights and comply with their obligations under the Privacy Act,” said EPIC’s request.
EPIC said that NSA denied the request on Nov. 21 arguing that it doesn’t have to release the document because it is a confidential presidential communication and contains information that is classified “Secret” and “Top Secret” by the agency. NSA said disclosure of the order could “reasonably be expected to cause exceptionally grave damage to the national security.” The agency said EPIC could file an appeal with the NSA/Central Security Service denial and EPIC said it plans to do so. The privacy group said it is litigating similar FOIA requests with NSA, including the release of NSPD 54, a 2008 presidential directive setting out the NSA’s cyber security authority. The group called NSA a “black hole for public information about cyber security” in an official statement to Congress earlier this year. National Security Agency whistle blower William Binney said in Mid July that the U.S. government is secretly gathering information “about virtually every U.S. citizen in the country”, in “a very dangerous process” that violates Americans’ privacy.
Former President George W. Bush signed a presidential order in 2002 allowing the National Security Agency (NSA) to monitor without a warrant the international (and sometimes domestic) telephone calls and e-mail messages of hundreds or thousands of citizens and legal residents inside the United States. The program eventually came to include some purely internal controls -- but no requirement that warrants be obtained from the Foreign Intelligence Surveillance Court as the 4th Amendment to the Constitution and the foreign intelligence surveillance laws require.



-Source (GSN Magazine & Press TV)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

USA Accused For Planting "Flame" Malware to Hack France President's Network

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

USA Accused For Planting "Flame" Malware to Hack France President's Network

A well known French newspaper named "L'Express" has accused that United States is using dangerous cyber weapon "Flame" to break into the computer networks inside France’s presidential palace also known as the Elysee. In his report L'Express has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data. According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now. The newspaper alleges that the attackers reportedly found their targets on Facebook, identifying people working inside the presidential palace and connecting with them on the social network. The social engineering laid the groundwork for the next phase of the attack; the victims were then sent links to a fake Elysee intranet page where their login credentials were stolen. Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it's claimed, login credentials were stolen. It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy's office. The United States Embassy in Paris has denied any involvement in hacking its ally. “We categorically refute allegations of unidentified sources,” Mitchell Moss, Embassy spokesman, told l’Express. “France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat.” Though the secretary  of Department of Homeland Security Janet Napolitano did not deny the U.S. was involved. She told l’Express: “We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones.”

While talking about Flame, we would like to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 


-Source (NS & threatpost)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Started Enabling HTTPS by Default for North American Users

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

Facebook Started Enabling HTTPS by Default for North American Users

The social networking giant Facebook has started securing all data traffic to the social networking site using HTTPS by default. The change started rolling out to all North American users last week, while users in the rest of the world should see HTTPS enabled by default soon. This change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Switching to HTTPS by default will mean that all connections and data, including cookies, will be transmitted over SSL in encrypted form and should no longer be able to be easily read and used for fraudulent purposes by attackers. While Facebook has used HTTPS connections to protect users' login credentials for some time, it only started offering an HTTPS option for the entire site in January 2011. The feature was not turned on by default and instead required users to manually enable the HTTPS option in their Facebook account settings.
Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to in and manually make the change in order to get the better protection of HTTPS. 
Now, users will have to manually turn HTTPS off if they don't want it, a distinction that is a major change, especially for Facebook's massive user base, which has become a major target for attackers





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search