Showing posts sorted by relevance for query compromised. Sort by date Show all posts
Showing posts sorted by relevance for query compromised. Sort by date Show all posts

Facebook Said 600K+ Accounts Are Being Compromised Per Day

Posted by Avik Sarkar On 10/30/2011 04:27:00 pm



According to the infographic blog post of Facebook they said about 600,000 log-ins per day are compromised. That's given some the false impression that there are that many accounts compromised every day. 
While Facebook does block (approximately) 600,000 log-ins per day, it is not that these Facebook accounts are compromised on Facebook, and certainly not that they're 'hacked' as some have written. There may be compromised accounts that appear on Facebook, but more often than not they are compromised off of Facebook--they use the same password for e-mail as Facebook, they get phished, etc. Compromised in this sense refers to log-ins where we are not absolutely confident that the account's true owner is accessing the account and we either preemptively or retroactively block access. 

The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm. The new security features include Trusted friends (called "Guardian angels" in the infographic).
Facebook says that you will be able to nominate three to five "trusted" friends who can help you if you have a problem accessing your account - if, for instance, someone else has changed its password and locked you out of your email account. The idea is that if you need to login to Facebook but can't access your email account, Facebook will send codes to your friends that they can pass on to you.


For more information and to download the Facebook security infographic Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Hacked, More Than 250,000 User Data Compromised

Posted by Avik Sarkar On 2/03/2013 01:55:00 am

Twitter Hacked, More Than 250,000 User Data Compromised

The social networking giant and the world famous micro blogging site Twitter again fallen victim of cyber attack. Last year we have seen that the tight security system if twitter have been compromised many times. Yet again in this year the San Francisco based social media giant who have more than 500 million registered users failed to protect them selves from hackers. On last Friday Twitter acknowledged that it had become the latest victim in a number of cyber-attacks against media companies, saying hackers may have gained access to information on 250,000 of its more than 200 million active users. The micro blogging giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected. According to reports usernames, email addresses, session tokens and encrypted/salted passwords for 250,000 users might have been accessed in what it described as a “sophisticated attack” 

"This attack was not the work of amateurs, and we do not believe it was an isolated incident,” said Bob Lord, Twitter’s director of information security. “The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked” Bob added. 

Jim Prosser, a Twitter spokesman, would not say how hackers infiltrated Twitter’s systems, but Twitter’s blog post said hackers had broken in through a well-publicized vulnerability in Oracle’s Java software. Last month, after a security researcher exposed a serious vulnerability in the software, though Oracle patched the security hole, but Homeland Security said the fix was not sufficient. The DHS issued a rare alert that warned users to disable Java on their computers. Prosser said Twitter was working with government and federal law enforcement to track down the source of the attacks. For now, he said the company had reset passwords for, and notified, every compromised user. The company encouraged users to practice good password hygiene, which typically means coming up with different passwords for different sites, and using long passwords that cannot be found in the dictionary.
Twitter said it “hashed” passwords — which involves mashing up users’ passwords with a mathematical algorithm — and “salted” those, meaning it appended random digits to the end of each hashed password to make it more difficult, but not impossible, for hackers to crack. Once cracked, passwords can be valuable on auction-like black market sites where a single password can fetch $20.

While talking about Twitter and cyber issues, I would like to remind you that in last year twitter faced several cyber attacks where more than 55,000 twitter account details was leaked, after this issue in the middle of last year the social networking giant faced massive denial of service which interrupted its services. Later a huge number of Twitter users across the globe received  emails warning that their account have been compromised and their passwords had been reset, and it was another security breach which affected twitter. Such big organization are not at all careless about security, so as twitter and it has been proved when they hired renowned white hat hacker Charlie Miller to boost up their security, but after this current massacre, it seems that twitter need to think more and emphasize a lot to make sure that their system is good enough to prevent cyber attacks. For all the hot cyber updates and reviews stay tuned with VOGH.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Breach: Twitter Unintentionally Resets More Passwords Than Accounts Hacked

Posted by Avik Sarkar On 11/10/2012 12:57:00 am

Security Breach: Twitter Unintentionally Resets More Passwords Than Accounts Hacked

Yet again the famous micro blogging site Twitter faced security challenge. Tuesday a huge number of Twitter users across the globe received  emails warning that their account may have been compromised and their passwords had been reset as a precautionary measure to prevent unauthorized access. In the e-mail, the microblogging company noted: "Twitter believes that your account may have been compromised by a Web site or service not associated with Twitter. We've reset your password to prevent others from accessing your account."

It remains unclear how many have been affected by the password reset e-mail or what's caused the mass e-mailing of its users. A post by TweetSmarter on Wednesday noted that in some cases when "large numbers of Twitter accounts have been hijacked," the company sends out these e-mails en masse, even sending messages to accounts that may not have been affected by any hack or hijack to err on the side of caution. The emails are apparently legitimate, though they were sent to more than victims of compromised accounts. The mass email coincided with incidents involving several high-profile accounts, including at least one account belonging to the BBC. Other media organisations, such as the TechCrunch blog, reported being warned. 
"We’re committed to keeping Twitter a safe and open community," reads a notice the company issued earlier Thursday. "As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users. "In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."
Twitter officials have not disclosed how many uncompromised accounts had passwords reset, nor any more on the attack that led to those actions. The social media site currently has 140 million active usersSome victims reported having select tweets deleted, while others started sending out spam.

-Source (CNET)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

Posted by Avik Sarkar On 2/25/2013 02:07:00 pm

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

The month of February is still going from bad to worse for the cyber domain, in this very month cyber criminals swallowed the security system of many giant companies like Facebook, Twitter, Apple, New York Times and many more. But the game is not over yet, as we have just passed a few weeks, when the attack on NY Times took place, which stolen the employ database; yet again the cyber criminals have targeted another media giant National Broadcasting Company widely known as NBC. During the attack, hackers have successfully gain access inside the server of NBC and planted malware, in order to harm innocent readers. Famous security expert and blogger Brian Krebs said that the hackers inserted code into the NBC.com homepage. This caused visiting browsers to load pages from third-party sites that were compromised. While explaining the nature of the attacker, Krebs said; "The compromised sites tried to foist the Citadel Trojan, a variant of the Zeus Trojan." The Zeus is a "sophisticated data theft tool that steals passwords and allows attackers to control machines remotely" he added. Not only the NBC’s home page, also several others were affected, including the pages of late night talk show hosts Jay Leno and Jimmy Fallon. Well known security firm Sophos explained how roughly attack played out, and how NBC got sucked into the equation:
  • NBC's hacked pages were altered to add some malicious JavaScript that ran in your browser.
  • The JavaScript injected an additional HTML component known as an IFRAME (inline frame) into the web page.
  • The IFRAME sucked in further malicious content from websites infected with an exploit kit known as RedKit.
  • The exploit kit delivered one of two exploit files to try to take control over your browser via a Java vulnerability or a PDF bug.
  • If the exploit worked on your computer, financially-related crimeware from the Citadel or ZeroAccess families was installed.
This, of course, is an example of a dreaded drive-by download, where the crooks use a cascade of tricks to download, install and execute software without going through any of the warnings or confirmation dialog you might expect. This, in turn, means that even if you are a careful and well-informed user, you may end up in trouble, since there are no obvious signs that you are doing anything risky, or even unexpected.
As soon as this story get spotted the American commercial broadcasting television network, NBC News reported and confirmed that its site had been attacked. The broadcaster released the following statement regarding the website: "We've identified the problem and are working to resolve it. No user information has been compromised."
The emergency response team immediately take the situation under control and restored the website, and confirmed that the site is back again and completely safe for its visitors. But so far there is no evidence of attackers who were involved in this attack. For the safety of VOGH readers we would like to recommend you to update your operating systems and browser plugins. Also note that the attack on NBC was similar to many that have occurred in recent years in that the malicious sites tried to exploit vulnerabilities in Java. So it will better to disable Java, unless it is that much necessary. So stay tuned with VOGH and be safe in the cyber domain. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Square Enix Server Hacked, More Than 1.8 Million Gamers Accounts Compromised

Posted by Avik Sarkar On 12/18/2011 08:59:00 pm


Square Enix the famous franchise for the Final Fantasy and Dragon Quest compromised. The Square Enix Authority reported that a hacker gained unauthorized access to one of their servers thus the attacker managed to access the personal information of 1.8 million gamers in the US and Japan. Though the company spokes man claimed that no credit card information was compromised in this attack. The video game industry has been the target of several hacker attacks this year. Few days ago 13 million MapleStory players personal data was also stolen. It was one of the largest cyber attack happened in South Korea. Earlier such phenomena took place in Sony PSN breaching case, there more than 93K user details ware compromised
In an exclusive report it is demonstrated that  the target of the attack was a free fan site called Square Enix Members. Officials at Square Enix noticed the unauthorized access on December 12 and subsequently shut the site down to investigate. Members of the site register using their email addresses but some enter additional information like names, addresses and phone numbers. A spokesperson for Square Enix said no credit card information is stored on the server.
Those affected include 1 million users from Japan and 800,000 gamers in the US. As of writing, the Square Enix Members site remains offline, instead redirecting visitors to a page explaining the breach and actions the company is taking moving forward. The message indicates that the suspension will continue for a few days until the security team completes their investigation and counter-measures are in place.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text

Posted by Avik Sarkar On 7/13/2012 01:54:00 am

Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text

After LinkedIneHarmony and Formspring here comes another big fish, guess who ?? Its one of the widely used web search engine - Yahoo! A list of over 453,491 email addresses and plain-text passwordsin a document named "Owned and Exposed" apparently from users of a Yahoo! service, is in circulation on the internet. According to security expert and former hacker and well known security expert Kevin Mitnick, the passwords belong to the little-known VoIP service, Yahoo! Voice. The information is contained in a 17MB text file and has been released by a group of hackers calling themselves the D33DS Company. Access to the original information is said to have been achieved through use of an SQL injection vulnerability, where databases are accessed through inadequately filtered parameters passing through the web front end. Whether the passwords were originally stored as plain text in the database or if the hackers had already cracked hashed passwords to produce the file is unclear. 

The original D33ds site that posted the login credentials (d33ds.co) was down as of early Thursday morning; however, the text file is available through torrents and sites such as Media Fire.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the D33ds group said in the text file containing the leaked credentials. The group said it did not reveal which Yahoo service the hacked credentials came from “to avoid further damage.”
Yahoo confirmed it was hacked and provided the following statement:-
“An older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised yesterday, Of these, less than 5% of the Yahoo! accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."

While looking at the current scenario we strongly advise you to change your Yahoo! passowrds immediately & also set a strong password in an alpha-numeric combination. Enjoy reading Voice of Greyhat & stay safe and happy on the Internet. 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple’s Based Networks are More Vulnerable to Attack than Windows (BH 2011)

Posted by Avik Sarkar On 8/05/2011 10:01:00 pm


For many years, Apple enjoyed security through obscurity. The market share for Mac computers was so small that malware creators bypassed it to go after the much bigger target, Microsoft Windows. Not anymore.
Apple’s market share has been slowly rising and the popularity of the iPhone has put Apple’s products into the spotlight. Hackers are taking notice and they’re figuring out that Apple’s computers have security vulnerabilities, some of them more severe than Windows machines, according to a talk by the iSEC Partners security consulting team at the Black Hat security conference today.
Alex Stamos (pictured), Paul Youn, and B.J. Orvis of iSEC Partners said in their talk that it is possible for hackers to penetrate a network of Apple Mac computers and lurk undetected while gathering data. They concluded that there were so many vulnerabilities on the networking level that Mac machines could be considered more vulnerable than Windows machines.
Apple has not yet responded to a request for comment. At Black Hat, there will also be talks about the vulnerabilities of other operating systems, including Windows. In years past, security researchers have blamed Microsoft for producing vulnerable Windows code. And immediately following the Apple talk, security researchers had another talk about hacking Google’s Chrome operating system.
“This is all changing,” Stamos said. “If [recent hacking events] tell us anything, it’s that any computer is vulnerable to attack.”
The iSEC team said they looked at attacks on the Mac and its latest operating system, code-named Lion, or OS X version 10.7, from the perspective of Advanced Persistent Threats, or long-term security break-ins on networks of computers. They showed examples of the vulnerabilities and detailed proof that they had hacked into the operating system.
The category of Advanced Persistent Threats is a hot one because Google discovered that, under Operation Aurora, dozens of companies were compromised over a long period of time. And McAfee reported today that a similar attacked, dubbed Operation Shady RAT, compromised a total of 72 governments and corporations over a five-year period.
A network of Mac computers can be compromised in the usual way, iSEC’s Stamos said. A single user can be tricked out of giving up a username and password through social engineering or targeted “phishing attacks,” or attacks that use a believable ruse to get you to enter your username and password, which is then captured and compromised by the hackers.
Once inside the network, Stamos said that it is easy for the attacker to escalate the privileges he or she has on the network. That is where Apple’s operating system falls down in comparison to Windows. ”Once you have access, you can compromise the networking,” Orvis said. “Network privilege escalation is where it really gets bad on the Mac.”
The security researchers said that Apple has made improvements to security in version 10.7 of OS X, such as putting applications in a “sandbox,” or isolating them so that they can run (or crash) without taking down the rest of the operating system. Still, the researchers said they had figured out a couple of different ways to compromise the security of Macs through a test program dubbed Bonjoof. They said that it’s possible to lurk on a network and cover your tracks so that intelligence can be gathered on a network over time.
“All of Apple’s major authentication protocols suffer” from some kind of weakness, Orvis said.
There are ways to deal with the vulnerabilities, but company security professionals have to know how to use security forensics technology, which can take a long time. In the meantime, attackers can detect the forensics tools and react to their usage in an attempt to hide. The security researchers said they did talk with Apple about the vulnerabilities they found and communicated a number of ideas about how to improve the security of Apple’s computers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Webmail gets hacked, corporate passwords exposed

Posted by Avik Sarkar On 5/09/2011 10:56:00 pm


This week, one of our C-level executives suffered a personal security incident that spilled over to the workplace. Here's what happened.
The executive's Yahoo email password was compromised, which she learned after hearing from friends who told her that they had received messages from her requesting money to deal with a crisis. You've probably heard similar stories, but whoever hacked the executive's email was a bit more clever than the average cybercrook. One friend was suspicious of the request and asked for verification of the executive's identity. Most email hijackers would probably give up and move on to another victim at that point, but this hacker had sifted through the executive's emails and learned enough about her family, vacations and health issues to trick the friend and dupe her into wiring the money.
Naturally, the executive had used her Yahoo Mail account for a variety of activities, including setting up accounts with her bank, her brokerage, an airline and various shopping sites. The Yahoo account had received emails containing clear-text passwords when she had forgotten them. Worse, she often used the same password for multiple accounts.
I advised her to abandon the email account and to contact all of her friends and let them know that they should disregard any mail from that address. But that action, or simply changing the password, probably wouldn't be enough to stem the damage. Most identity thieves will download all the email from a compromised account, as well as data such as calendars and contact lists, to a local computer. This is quite simple, since many webmail clients allow customers to use more feature-rich email clients such as Microsoft Outlook to download email. So even if the account were shut down or the password changed, the hacker would probably still have all of its contents.
Because the compromised content could not be safeguarded, I also told her to file a police report; contact all banks, credit card companies, brokerages and other organizations with which she had done business online; file a fraud alert with the major credit agencies; sign up for a credit-monitoring service; and obtain a new email address and update all of her accounts with that address. I also warned her to refrain from using any PCs, including her home PC, until we could verify their integrity, since we still didn't know how her password had been compromised.

Dangerous Habit

In the course of our conversation, I learned that this incident had implications for the company. You see, we have increased our use of software as a service to the point that we now use more SaaS offerings than on-premises applications. Some might see this as an achievement. I see it as a security nightmare.
As I've explained in past articles, most SaaS vendors have focused more on functionality and accessibility than on security. This incident is a perfect example of how that approach can lead to problems. The executive had a habit of forgetting her passwords for SaaS applications, and she gave me a list of seven SaaS apps that had sent password reset notices to her hacked email account -- in clear, unencrypted text!
Fortunately, none of the data used with these particular apps was extremely sensitive. But she had used her domain password for all of the applications. This meant we had to change her domain password and then log in to all the other applications -- about 15 altogether -- that were not synchronized with Active Directory or configured for single sign-on.
Needless to say, this was not a good day for this executive. But on a positive note, I did get a sponsor for my security awareness and training program.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Global Payments Inc -Security Breach Compromised 1.5 Million of Visa and MasterCard

Posted by Avik Sarkar On 6/15/2012 05:08:00 pm

Global Payments Inc -Security Breach Compromised 1.5 Million of Visa and MasterCard

Earlier in this year cyber criminals had breached the security system Global Payments Inc. a leader in payment processing services. During breach experts have estimated that more than 50,000 Visa and MasterCard information was stolen. And now after the investigation Global Payments says that no more than 1.5 million credit card numbers were harvested during the intrusion into its systems disclosed earlier this year. The incident only affects North American Visa and MasterCard customers. The Company has, however, provided a larger quantity of card numbers to industry brands to enable them to proactively monitor cardholder activity.  The evidence continues to indicate that the potential card exportation was limited to Track 2 data. 

This type of track data on the magnetic stripe of a credit card includes numerical data such as the card number and the expiry date but doesn't include information like the card owner's name.
Additionally, Global Payments says that it believes that not all of the nearly 1.5 million cards have been compromised. However, the payment processing company has notified credit card companies of all potentially affected numbers so that they can "proactively monitor cardholder activity"; Global Payments has previously said that it might pass on further card numbers for monitoring purposes. Paul R. Garcia, the Chairman and CEO of Global Payments, has apologised for the incident and said that his company is working diligently to conclude its investigations. At the end of its fiscal year in July, the company plans to present its shareholders with a final report on the incident. Once investigations are complete, the payment processing firm plans to reapply as a "PCI DSS Compliant Service Provider" with MasterCard and Visa: after the incident was made public, the credit card companies revoked Global Payments' certification.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Several Twitter Accounts of CBS News (60Minutes, 48Hours & CBSDenver) Hacked

Posted by Avik Sarkar On 4/23/2013 11:30:00 pm

Several Twitter Accounts of CBS News (60Minutes48Hours & CBSDenver) Hacked By Syrian Electronic Army [#twithackery]

Yet again CBS one of the major commercial broadcasting television network of United States faced cyber attack. First it was hacker collective Anonymous who targeted CBS and managed to hack the TV network of CBS in January last year. The attack was done under the banner of Operation Megaupload. And now CBS have fallen victim of what it called twithackery, where hacker managed to gain temporary access of popular twitter accounts and broadcast fake tweets. This Sunday such twithackery targeted and compromised several twitter account of CBS. Infamous hacker community going by the name of Syrian Electronic Army claimed to have hijacked the twitter accounts of CBS, the list of the hijacked accounts include "60 Minutes" and "48 Hours" which is maintained by CBS news program. Later it has been reported that another twitter account @CBSDenver has also been hacked, during this ongoing cyber attack. CBS acknowledged the whole phenomena and later a CBS spokeswoman confirmed that the accounts had been compromised. "PLEASE NOTE: Our Twitter account was compromised earlier today. We are working with Twitter to resolve." - said the CBS spokesman. Another message from CBS said, "A message that was posted earlier to this account was not written or sent by @60Minutes or its staff."

Here is the list of those fake tweets came from the hijacked accounts of CBS:- 
From @60Minutes account we got the following message -
  • "The US government is hiding the real culprit of the Boston bombing"
  • "The US government is sponsoring a coup in Venezuela and a terrorist war in Syria"
  • "Your duty is to protect your nation from the parasites that have taken your government"
  • "Obama wants to destroy the Syrian and American people. We must stop this beast" 

Other messages claimed: "Syrian Electronic Army Was Here via @SyrianCyberArmy" and suggested the action was in response to the suspension of the @Official_SEA account. Tweets sent out on the @48Hours account reportedly included: "General Dempsey calls for #Obama's arrest under new anti-terror laws #48hours" As soon as the issue get spotted, CBS regain those hijacked accounts and immediately deleted those rouge messages. Later the two accounts @60Minutes and @48Hours has been suspended. 
While talking about twitter hacking, widely known as #twithackery; we would like to remind you the following names, WWE champion John CenaStar Rita OraJustin BieberTeyana Taylor,American pop singer KeshaNBC NewsFox News PoliticsUSAToday, Lady Gaga’s Twitter AccountAnders BreivikMahesh Bhatt, Huffington Postthese are the famous names who have fallen victim to twithackery before CBS. 



-Source (BBC & Reuters)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

KPN Server Compromised, SSL Authority Stops Issuing Certificates

Posted by Avik Sarkar On 11/07/2011 08:36:00 pm


Netherlands-based KPN Corporate Market said it was taking the action while it investigated the compromise, which may have taken place as long as four years ago. The breach came to light after tools for waging distributed denial-of-service attacks were found on its network.
The certificate authority (CA) belonging to KPN Corporate Market, a subsidiary of Dutch telecommunications provider KPN, has announcedDutch language link that it has stopped issuing Secure Socket Layer (SSL) certificates because hackers bypassed the CA's security mechanisms and compromised one of its servers. When performing a thorough review that was prompted by other recent Certificate Authority break-ins, the CA discovered programs which are used for DDOS attacks on other computers. The evidence discovered so far indicates that the break-in at KPN happened four years ago and has remained undetected since then.
KPN said that previously issued certificates are unlikely to have been compromised, but that the possibility can't be ruled out completely. Nevertheless, these certificates will remain valid for the time being. As a precautionary measure, the telecommunications provider has replaced its web servers. KPN will also not issue any further SSL certificates until the break-in has been fully investigated.
In a similar incident, last Thursday Microsoft and Mozilla revoked their trust in all certificates issued by the Malaysian Digicert CA. 22 certificates issued by this CA were found to use weak 512-bit keys and lack certain certificate extensions as well as revocation information.

-News Source (The Register, The H)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

CDMA and 4G WiMAX Wireless Networks Compromised (#Defcon)

Posted by Avik Sarkar On 8/12/2011 04:27:00 pm


A post on the Full Disclosure mailing list claims both CDMA and 4G WiMAX wireless networks were compromised using a man-in-the middle attack at Defcon earlier this week.
Coderman, who posted the information, was a witness to the attack which gained access to Android smart phones and PCs on the local CDMA and 4G cellular network. The hackers started with simple exploits, like looking for devices with superuser access and sending remote notifications that opened a backdoor to the device. They then used more complex techniques until a device was compromised.
The goal of the attack was a mass infiltration of devices and the interception of data on commercial licensed bands. According to Coderman, this goal was achieved.
There's lot of speculation about how this hack was pulled off, but the group behind it has not released any details. Until someone comes forward with more information, we can't assess the seriousness of this attack, nor speculate whether it would work outside the conference.
To know the full disclosure report click here 
-News Source (gizmodo & defcon)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

TV Network Of Syrian Pro-Government Compromised

Posted by Avik Sarkar On 2/07/2012 08:54:00 pm

TV Network Of Syrian Pro-Government Compromised  

Pro-Government TV news Network of Syria has been compromised. Syria's state broadcaster confirmed this on Sunday that the text message news service of a separate, pro-government TV station had been hacked. A headline displayed on state Syria tv said: "The administration of Addounia draws the attention of its subscribers to the fact that it has temporarily halted its SMS service, and calls citizens to be wary of the false messages being sent now."
Separate headlines on Addounia cautioned against a text message asking people "to avoid public squares for security reasons," and advised that its subscribers ignore all SMS messages on its service until further notice. The station was the target of European Union sanctions imposed on Syria in September, in response to President Bashar al-Assad's bloody crackdown on mass protests - and, increasingly, an armed insurgency - against his rule.
Few days ago Anonymous has hacked the CBS Broadcasting of US. They managed to gain access on CBS Server and deleted everything.


-Source (Reuters)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

HP LaserJet Printers Have Serious Security Flaws Said Columbia University Researchers

Posted by Avik Sarkar On 12/02/2011 11:55:00 pm



Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer.
Attacks can be carried out from different vectors. Printers that support a remote firmware update process could allow attackers to take control of a printer’s firmware over the Internet in less than a minute if the printer is not protected properly by a firewall. The researchers during a scan were able to find more than 40,000 devices that they said could be infected within minutes.


Local attacks are another possibility. The researchers were able to send print commands from Macintosh and Linux computer systems to trick the printer into reprogramming itself. It is not clear at the time of writing if Windows environments are safe or also affected by this.
Printers that the researchers analyzed do not verify the source of the firmware with the help of digital signatures. A HP spokesperson stated that all modern HP printers do require digitally signed firmware upgrades since 2009. Even worse for consumers and companies, there is no way of telling if a printer’s firmware has bee compromised short from physically disassembling the printer and analyzing its chipset output.
According to RedTape, HP is currently analyzing the claims made by the researchers. HP could release a firmware update of their own to resolve the vulnerability. Compromised printers however may have been programmed to block new firmware updates. That’s bad on the one hand as companies would have to throw away the printer in this case (or talk to HP to find a solution) and good in another as they have just identified a compromised printer in their network. The researchers have started analyzing printers manufactured by other companies recently but no results have been posted yet. They say it is likely that printers and other devices with Internet access are also vulnerable.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pastebin Under Massive Cyber Attack, 20K IP Address Blocked To Prevent DDoS Attack

Posted by Avik Sarkar On 2/22/2012 11:57:00 pm

Pastebin Under Massive Cyber Attack , More Than 20K IP Address Blocked To Prevent DDoS Attack

Pastebin - most widely used & world's number one paste tool yet again faced massive cyber attack. According to pastebin official twitter profile the 1st attack came on the 18th February where the attacker was using a botnet to send millions of requests to pastebin servers in an attempt to flood the network, inshort the attacker was trying to engage a DDoS attack. In response the pastebin team immediately took action while blocking more than 4000 IP address, but it was later found that those counter measure seems useless in-front of the attack so again more than 9000 IP address get blocked. According to the last twitter update pastebin confirmed that they are still adding more IP to the block list and now the number of block listed IP became more than 20000. This attack came on the day when Pastebin’s developers revealed the fact that the 3.1 version has gone online. 
In the press release Pastebin team said:- 
"For the last 16 hours Pastebin.com has been under attack by a botnet. Someone is using this botnet to send millions of requests to our servers in an attempt to flood the network to the point where it becomes inaccessible. A botnet is a collection of compromised computers connected to the Internet (each compromised computer is known as a 'bot').
So far we have been able to block about 20,000 IP's, but this number is growing by the minute. These IP's are most likely from innocent people who have no clue that their computer is being used for this purpose. It is highly recommended that you always have up-to-date antivirus software installed, and a good Firewall active.
Later today we will publish the list of IP's from today's 'botnet attack' on another server so you are able to check if your own computer has been compromised.
If your IP is in this list, you will not be able to access Pastebin at this time. With the current IPv4 system there are a total number of 4,294,967,296 IP's. The chance that your IP is blocked is rather small.
We sincerely apologize for the times that we were unable to block the attacks, and we will continue to fight these attacks as well as we can to make sure Pastebin is available 24/7."



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Dutch Security Firm "Gemnet" Compromised

Posted by Avik Sarkar On 12/12/2011 04:48:00 pm


Another Dutch Security firm "Gemnet" get compromised. The hack appears to have started when someone discovered a publicly accessible instance of phpMyAdmin without a password. phpMyAdmin is a web interface for managing SQL databases that should not be facing the open internet, password required or not.
By manipulating the databases the attacker was allegedly able to gain control over the system and all of the documents contained on it. The parent company, KPN, insists the documents contained on the server were all publicly available.
webwereld reports that the hacker claims to have accessed non-public documents that outlined the secure communication networks and procedures for communication between KPN and governments and customers.
Gemnet CSP, KPN's certificate authority division, has also suspended access to their website. While KPN believes that Gemnet CSP has not been compromised, it would appear they are taking precautions while they investigate the incident. The attacker reportedly was able to obtain the password (braTica4) used for administrative tasks on the server as well. 

Brief About Gemnet:-
Gemnet provide security consulting and authentication technologies to nearly all parts of the Dutch government including the Ministry of Security and Justice, Bank of Dutch Municipalities and the police.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Operation Shady RAT (The Biggest Cyber-Attack Ever)

Posted by Avik Sarkar On 8/04/2011 01:50:00 am



Researchers from security software concern McAfee say they have discovered the biggest series of computer intrusions ever, covering some 72 organizations and governments around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some of them dating back as far as 2006. (See the map of targets, courtesy of McAfee, below.)
And these aren’t the kind of cyber attacks carried out by bumbling troublemakers like the LulzSec gang, which make headlines but really only cause a nuisance for companies like Sony. In these cases, networks were compromised by remote access tools — or RATs, as they’re known in the industry. These tools — and they are tools, because they have legitimate uses for system administrators — give someone the ability to access a computer from across the country or around the world. In this case, however, they were secretly placed on the target systems, hidden from the eyes of day-to-day users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.
McAfee says the attacker was a “state actor,” though it declined to name it. I’ll give you three guesses who the leading candidate is, though you’ll probably need only one: China.
Dmitri Alperovitch, McAfee’s Vice President, Threat Research, makes a statement in his blog entry on the discovery that should give everyone minding a corporate or government network pause: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.” He further divides the worldwide corporate landscape into two camps: Those who have been compromised and know it, and those who simply don’t know it yet.
This has been a particularly nasty year on the cyber security front. (I hate to say it, but I told you so.) Prior to this, the big attack whose full impact has not yet been fully sized up was the one against the RSA SecureID system, which uses popular keychain devices that create a constantly changing series of numbers that in turn create a second password for access to system resources. They’re widely used in government and military circles and among defense contractors. Google has been a regular target in recent years.
The RSA attack and Operation Shady RAT are examples, Alperovitch says, of an “Advanced Persistent Threat.” The phrase has come to be a buzzword that, loosely translated into English, means the worst kind of cyber attack you can imagine. Unlike the denial-of-service attacks and network intrusions carried out by LulzSec and its ilk, which require only minimal skill and marginal understanding of how networks and servers work, an APT is carried out by someone of very high skill who picks his targets carefully and sneaks inside them in a way that is difficult to detect, which allows access to the target system on an ongoing basis that may persist for years.
How did these attacks happen? Its very simple: Someone at the target organization received an email that looked legitimate, but which contained an attachment that wasn’t. This is called “spear phishing,” and it has become the weapon of choice for sophisticated cyber attackers. The attachments are not what they appear to be — Word documents or spreadsheets or other routine things — and contain programs that piggyback on the targeted user’s level of access to the network. These programs then download malware which gives the attackers further access. This all happens in an automated way, but soon after, live attackers log in to the system to dig through what they can find, copy what they can, and make a getaway — though they often leave the doors unlocked so they can come back for repeat visits.
Alperovitch notes — correctly, to my mind — that the phrase has been picked up and overused by the marketing departments of numerous security companies. His larger point is that too often those attacked in this way refuse to come forward and disclose what they’ve learned, thereby allowing the danger to continue for everyone else.
Alperovitch says that the data taken in Operation Shady RAT adds up to several petabytes worth of information. It’s not clear how it has been used. But, as he says, “If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth.” It’s also bad for a target’s national security, because defense contractors dealing in sensitive military matters are often the targets. The best thing that can happen is that victims start talking about their attacks and sharing information with each other so that everyone can be ready for the next one, which is surely coming.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers Breached Adobe Server in Order to Compromise Certificate to Sign malware

Posted by Avik Sarkar On 9/29/2012 02:33:00 am

Hackers Breached Adobe Server in Order to Compromise Certificate to Sign malware

Few advanced hackers have managed to break into an internal server at Adobe to compromise a digital certificate that allowed them to create at least two files that appear to be legitimately signed by the software maker, but actually contain malware. This security breach took place on Thursday and the software giant Adobe confirmed that the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system. As a result of the breach, which appears to date back to early July, Adobe on Oct. 4 expects to revoke the compromised certificate that was used to sign the malicious files. According to Brad Arkin, senior director of product security and privacy for Adobe “This only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications that run on both Windows and Macintosh,” 

Arkin wrote. “The revocation does not impact any other Adobe software for Macintosh or other platforms.” The company uncovered the breach after coming across two malicious "utilities" that appeared to be digitally signed with a valid Adobe cert. It is unclear how or whether those files were used in the wild to target anyone. "Sophisticated threat actors use malicious utilities like the signed samples during highly targeted attacks for privilege escalation and lateral movement within an environment following an initial machine compromise," Arkin wrote

In another blog posted by Arkin, he said that, generally speaking, most Adobe users won't be affected"Is your Adobe software vulnerable because of this issue?" he wrote. "No". This issue has no impact on the security of your genuine Adobe software. Are there other security risks to you? We have strong reason to believe that this issue does not present a general security risk. The evidence we have seen has been limited to a single isolated discovery of two malicious utilities signed using the certificate and indicates that the certificate was not used to sign widespread malware."
The "build" server that was compromised was not configured according to Adobe's corporate standards, but that shortfall wasn't caught during the provisioning process, Arkin said. He added that the affected server did not provide the adversaries with access to any source code for other products, such as the popular Flash Player and Adobe Reader and Acrobat software. 
Here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,Blizzard and  Philips. And after this breach Adobe also enlisted its name among those who was fallen victim to cyber criminals in this year. For all the latest on cyber security and hacking related stories; stay tuned with VOGH

UPDATE: Recently we got an update, where Adobe denies the breach. In their later press release an Adobe spokeswoman said the certificate was not actually stolen: "Adobe has stringent security measures in place to protect its code signing infrastructure. The private keys associated with the Adobe code signing certificates were stored in Hardware Security Modules (HSMs) kept in physically secure facilities. We confirmed that the private key associated with the Adobe code signing certificate was not extracted from the HSM."


-Source (Adobe, SC Magazine, WIRED)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search