Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised

Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised 

Drupal, one of the most famous and widely used open-source content management framework have fallen victim to cyber criminals. The Drupal Security Team and Infrastructure Team has discovered unauthorized access to account information on the official Drupal website and another site called groups.drupal.org. This security breach has exposed user names, country, and email addresses along with hashed passwords of more than 967,000 registered users on the Drupal.org. But still a matter of relief is that the breach failed to infiltrate the credit card details which was stored on the same server. According to security release unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. Drupal team have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. They are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, the security team has already shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability. The suspicious files may have exposed profile information like username, email address, hashed password, and country. In addition to resetting your password on Drupal.org, it is also recommending a number of measures (below) for further protection of your information, including, among others, changing or resetting passwords on other sites where you may use similar passwords. 

As a precautionary measure of the said security breach, Drupal Security Team has reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps. 

1. Go to https://drupal.org/user/password 
2. Enter your username or email address. 
3. Check your email and follow the link to enter a new password. It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

Counter Measures that Drupal has Taken to avoid such mishap is something followed- as attacks on high-profile sites (regardless of the software they are running) are common, Drupal strive to continuously improve the security of all Drupal.org sites. To that end, Drupal have taken the following steps to secure the Drupal.org infrastructure:

• Staff at the OSU Open Source Lab (where Drupal.org is hosted) and the Drupal.org infrastructure teams rebuilt production, staging, and development webheads and GRSEC secure kernels were added to most servers
• Drupal is scanning and have not found any additional malicious or dangerous files and making scanning a routine job in their process
• There are many subsites on Drupal.org including older sites for specific events. Drupal created static archives of those sites.

This security breach of Drupal which affected more than 967,000 users is giving us a remind of the decent history of breach where we have seen a slew of attacks against the following sites: Scribd, Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, Adobe,  Twitter  New York Times, Apple and so on. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised "https://www.voiceofgreyhat.com/2013/06/Drupal.org-Hacked-967000-User-at-Risk.html</a>

PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)

PostgreSQL Fixed 'High-Exposure Security Vulnerability' Causing Denial-of-Service Attack (CVE-2013-1899)

Security researcher's have yet again figured out a serious security hole in one of most widely used object-relational database management system, PostgreSQL also known as Postgres. While manipulating the loophole an attacker can easily corrupt files and in some cases, can execute malicious code on underlying servers causing "persistent denial-of-service" attack. By corrupting the files an attacker can cause database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable. As soon as this vulnerability get spotted, the developers at PostgreSQL immediately  released updates while addressing a "high-exposure security vulnerability in versions 9.0 and later." The updates are available for 9.0, 9.1, and 9.2 branches, as well as 8.4. This updates also allow PostgreSQL to be built using Microsoft Visual Studio 2012. According to developers: "A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center." In addition to fixes for one major security issue, the updates also include four more minor security fixes, as well as fixes for other, non-security-related issues. 

Some of these fixes include:

• A security vulnerability that made contrib/pgcrypto-generated strings too easy to guess;
• A vulnerability that would allow unprivileged users to interfere with backups;
• Security issues involving the OS X and Linux installers;
• Vaious issues with GiST indices;
• An issue related to crash recovery; and
• Memory and buffer leaks, among others.

The complete list of fixes and enhancements in each version can be found on the PostgreSQL release notes archive page. Also the patched PostgreSQL 9.2.4, 9.1.9, 9.0.13, and 8.4.17 are available now at download  page. While talking about this fix, we would like to remind you that, late in last year another security vulnerability hit PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. The security holes associated with libxml2 and libxslt. Along with that a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. 

-Source (Campus Technology & The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)"https://www.voiceofgreyhat.com/2013/04/PostgreSQL-fixed-denial-of-Service-vulnerability.html</a>

Jadavpur University Official Website is Vulnerable to Sql Injection

Jadavpur University Official Website is Vulnerable to Sql Injection 

An ethical hacker from India named Chirag Singh have figured out serious loopholes in the official website of Jadavpur University -one of the most renowned and prestigious university of India. Chirag find blind Sql injection vulnerability which can be exploited by malicious purpose in order to harm the website and gain access. From the vulnerability report submitted by the hacker, it has been found that the web-server of Jadavpur University is using Red Hat Enterprise Linux 5 (Tikanga) where the web application technologies are Apache 2.2.3 and PHP 5.1.6; along with the back-end database is PostgreSQL. The hackers also managed to dump 11 database with more than 215 tables as shown in the picture below 

This issue has already been reported to the concern person and the webmaster of Jadavpur University, and due to security and privacy we are not exposing and mention the vulnerable link and dumped database.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Jadavpur University Official Website is Vulnerable to Sql Injection"https://www.voiceofgreyhat.com/2013/03/Jadavpur-University-Vulnerable-to-Sqli.html</a>

Hacker Breached Verizon Server & Stolen 3 Million Customer Data

Hacker Breached Verizon Server & Stolen 3 Million Customer Data

Verizon one of the most popular and largest Network provider and ISP of America faced a large scale cyber attack. A hacker going by the name of TibitXimer claimed to have breached one of major server of Verizon, by which he managed to gain access inside the database of Verizon customer. This data breach effected more than 3 Million Verizon FiOS customers including full names, addresses, mobile serial numbers, the opening date of each account, and account passwords. However, he said that figure was an estimate and had "no clue" exactly how many records there were, and that it was a "low estimate based on the size of one record and the size of all the files." A fraction of leaked data have been allegedly posted on pastebin, but later the post was removed. In a report Zdnet said that the cyber attack was taken place earlier in July, this year which allowed him to gain root access to the server holding the customer data. Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw. Though Tibit denied to mention the reason of this hack, and also he did not expose the nature of the vulnerability by which he managed to get access in the server. The hacker also said that after he informed Verizon of the exploit, the company "ignored my report," and did not comment. 

 He also noted that the exploit "still exists." "The worst part of it all, every single record was in plain text," he said. "I did not have to decrypt anything." He said he couldn't understand "why they still haven't fixed the exploits," months after informing the company of its poor network security.

Immediately after this hack Verizon authorities posted a notice while saying- "This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.

....

There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers...."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hacker Breached Verizon Server & Stolen 3 Million Customer Data"https://www.voiceofgreyhat.com/2012/12/Hacker-Breached-Verizon-Server.html</a>

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details 

Yet again Adobe, the American multinational computer software company had fallen victim of cyber attack. In September Adobe faced what it called a sophisticated cyber attack where hackers have breached Adobe server in order to compromise certificate to sign malware. As a move Adobe revoked those certificates on October 4th. After that massacre, here again one of Adobe's databases has been breached by a hacker and that it has temporarily taken offline the affected Connectusers.com website. The attacker who claimed responsibility for the attack, told that he used a SQL injection exploit in the breach. Adobe confirmed the breach and said that the hacker indeed managed to break into an Adobe server and copy the private credentials of approximately 150,000 users – including their names, email addresses and password hashes. Those affected accounts include Adobe customers, Adobe employees and partners along with U.S. military users including U.S. Air Force users, and users from Google, NASA, universities, and other companies. To prove the attack, the intruder, who goes by the name of "ViruS_HimA" and claims to be from Egypt, has released extracts from his haul on the Pastebin text hosting service. 

"It was an SQL Injection vulnerability -- somehow I was able to dump the database in less requests than normal people do," said ViruS_HimA. Users passwords for the Adobe Connect users site were stored and hashed with MD5, says the hacker, which made them "easy to crack" with freely available tools. And Adobe wasn't using WAFs on the servers, the hacker notes. "I just want to be clear that I'm not going against Adobe or any other company. I just want to see the biggest vendors safer than this," he told the press. "Every day we see attacks targeting big companies using Exploits in Adobe, Microsoft, etc. So why don't such companies take the right security procedures to protect them customers and even themselves?"

"Adobe is a very big company but they don't really take care of them security issues, When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!!" he wrote. "It even takes 3-4 months to patch the vulnerabilities!" 

While talking about such big cyber attacks, here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, & so on. For all the latest on cyber security and hacking related stories; stay tuned with VOGH. 

-Source (Dark Reading, The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details"https://www.voiceofgreyhat.com/2012/11/Hacker-Leaked-150000-Customer-Details-of-Adobe.html</a>