Showing posts sorted by date for query movie. Sort by relevance Show all posts
Showing posts sorted by date for query movie. Sort by relevance Show all posts

Angelina Jolie & Lady Gaga Became Victim of Ongoing Celebrity Hacking

Posted by Avik Sarkar On 4/05/2013 06:31:00 pm

Angelina Jolie & Lady Gaga Became Victim of Ongoing Celebrity Hacking 

Now a days it has became a fascination for cyber criminals to target and hack celebrities and public figures. Earlier we have seen similar scenario many a time. Last month an unnamed hacker released personal details of many public figure, national leaders, celebrities. The hacked data dubbed "The Secret Files" by the hackers contains personal information and credit reports (including social security numbers, details of their mortgages, addresses, and details of their credit card and banking details) was made public by those hackers on a website. Now we have past just a couple of weeks, yet again the same massacre took place, the hackers returned to the Internet after a brief hiatus and immediately hit six more. 
Angelina Jolie who played a key role in one of the most fine hacking movie named "Hackers" herself became victim to hackers in real life, as well as Jolie; Lady Gaga, NRA advocate Wayne LaPierreDennis RodmanMichael Vick, Secret Service Director Julia Pierson and Robert De Niro
Like earlier, this time also the nature of the hack was similar to the previous the hackers have posted what they claim to be the social security numbers, mortgage amounts, credit card info, car loans, banking and other info for the celebs listed on their site. Last time, the website; where the hacker have posted those hacked credentials; were shutdown by the authorities. But it's now back up and running with a new domain extension (.re) that suggests it's based out of the French island of RĂ©union located off the coast of Madagascar -said TMZ in an exclusive report. Again also the same style were followed by the hacker group and leaving the very same message saying - "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve."
According to sources - Jolie's page (prepared by the hacker) includes what is said to be her social security number as well as her credit report, which can be downloaded. There are addresses listed as well, but they are all business addresses, likely for her lawyer and other people she employs. The same information for Lady Gaga and Johansson is also available. However, Johansson's page also features a photo of her which became public through a previous hacking incident. The FBI has already started investigation, but so far no arrest have been made. In 2011 another high profile hack taken place, where the hacker targeted several celebrities like Scarlett Johansson & few more; while leaking nude photos. Later FBI carried out a special operation named 'Hackerazzi' which put a full stop in that issue and also FBI arrested the master mind named Christopher Chaney was sentenced to imprisonment after pleading guilty. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"We Steal Secrets: The Story of WikiLeaks" -Documentary Movie Based on WikiLeaks

Posted by Avik Sarkar On 3/30/2013 02:17:00 am

"We Steal Secrets: The Story of WikiLeaks" -Documentary Movie Based on Julian Assange & WikiLeaks 

Millions of WikiLeaks fans will be happy when they will come to know that a documentary type movie is coming in this year which will be based on the true story or in other sense, based on the journey of WikiLeaks. As per sources several active projects are currently running on WikiLeaks such as a feature called “The Fifth Estate” which stars  Benedict Cumberbatch as Julian Assange. Other versions are planned as well, but the very first one which is out of the gate is the one we are talking about. The name of much waited coming movie is “We Steal Secrets: The Story of Wikileaks” which will be a documentary coming later this year from the insanely prolific filmmaker Alex Gibney. People like us who love the cyber space have already seen many movies based on hacking like Hackers, Takedown, The Matrix, Die Hard 4, The Italian Job, Anti TrustSwordfish, The Girl With Dragon Tattoo, Reboot & so on. So the special expectation  will deferentially be on "We Steal Secrets" and the official trailer is saying so. 
According to IMDB, it has been confirmed that WikiLeaks founder Julian Assange himself is acting on the movie where another world famous hacker Adrian Lamo playing an important role in We Steal Secrets- a documentary that details the creation of Julian Assange's controversial website, which facilitated the largest security breach in U.S. history. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Shahrukh.com -The Official Fan Site of Shahrukh Khan Hacked

Posted by Avik Sarkar On 2/27/2013 08:17:00 pm

Shahrukh.com -The Official Fan Site of Shahrukh Khan Hacked
Last week we covered the hack of several Yamaha motor's official website, where a newly formed hacker group named 'Dark Snipper' took responsibility of that attack. Yet again that group strikes while setting a new target and that is the official website of famous Indian actor Shahrukh Khan's fan. Shahrukh Khan widely known as SRK, one of the most famous actor in Indian industry called "Bollywood". The attack took place couple of days ago, where this Pakistani hackers community have gained access into the server where shahrukh.com was hosted and thus the defaced the index page. After the matter get spotted, the webmaster took action and recovered the website. But the hacker did not forget to create a deface mirror on Zone-H, to justify the hack. Though such kind of cyber attack against Bollywood celebrities is a very normal phenomenon, infarct earlier we have seen the official website of Shahrukh Khan's movie named 'Ra.One' Also the twitter account of srk once became the hot target of hackers. If we define the nature of the attack, then we must have to say no such big object or cause driven the hackers, so the main purpose of engaging the hack can be defined as fun purpose. While talking about relation between hackers and Bollywood we would like to remind you that earlier we have seen several instances where celebrities like Mahesh Bhatt, Kangna Ranaut, Mallika SherawatArbaaz Khan, Vishal and Shekhar and so on have fallen victim to cyber criminals







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Citi Bank & Bank of America Faced Sent Offline After Massive DDoS Attack (Operation Ababil)

Posted by Avik Sarkar On 1/05/2013 09:48:00 pm

Citi Bank & Bank of America Faced Sent Offline After Massive DDoS Attack (Operation Ababil)

Late in last year we have reported that major banking and finical sector of America faced massive cyber attack. The attack came just after 'anti Islamic' video was posted online. During the time of attack the hacker group named 'Izz ad-Din al Qassam Cyber Fighters' said "these series of attacks will continue until the Erasing of that nasty movie from the Internet". But now its seems that, the earlier deceleration of the hacker collective group was fake, as they again engaged denial of service attack against large banking sector, where Citi Bank and Bank of America fallen victim. Several website of those above banks were reported offline for a certain period of time. "Just moments ago Izz ad-Din al-Qassam Cyber Fighters attacked CitiBank and made all the parts out of reach. This was the 2nd attack this day. Banks could not stop al-Qassam Cyber fighters this week" - said the hacker group in their blog. In thier blog Hilf-ol-Fozoul reports that on Thursday several domains of Citi Bank such as citicards.com, citibank.com and citi.com were inaccessible during the pick hours. "In the 3rd week from Operation Ababil, Bank of America faced technical difficulties due to heavy traffic made by al - Qassam Cyber Fighters and users can no more reach the site." said the hackers
The Citi Bank’s representatives acknowledged the cyber attack while saying “Currently we are aware & are working on technical issues with Citi websites. We will let you know when service is fully restored. We apologize for the inconvenience. Please call the number on the back of your card if you need immediate assistance,” on Twitter. But the representatives of Bank of America have not issued any statements on the matter.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Mickey Virus' The Upcoming Bollywood Movie Based on Hacking

Posted by Avik Sarkar On 1/01/2013 03:47:00 pm

'Mickey Virus' The Upcoming Bollywood Movie Based on Hacking 

'Mickey Virus' many of you may think it may be the name of another cyber threat, but let me assure you that; its not a virus or cyber threat. Mickey Virus is the name of an upcoming Bollywood movie based of hacking and cyber world. Sounds interesting, yes it is as this is the first Indian movie which have been subjected to such fields. Before Mickey Virus, we have seen several Indian movies where the matter hacking have been shown, among them we can take the name of  16 DECEMBER, Players & so on. But the main difference between those movies and Mickey Virus will be, here the main story is based on cyber world and specially hacking. According to sources popular television anchor Manish Paul is set to make his Bollywood debut with "Mickey Virus", where he plays a computer hacker. The film hits the screens May 17. Directed by debutant Saurabh Verma, the film also features actor Manish Chaudhary of "Rocket Singh: Salesman Of The Year" fame. "The film is called 'Mickey Virus' and Manish Paul has acted in it. Other than this, we have Manish Chaudhary, who was also there in 'Rocket Singh...'," Verma told IANS.
With Delhi as its backdrop, the story of the film revolves around computer hackers. Asked if Verma harboured any apprehensions since the cast and the crew of the film are relatively new, he said: "I have no apprehensions. The film is such, it has been made for people like us. It is extremely interesting." Verma has been in showbiz for the past 15 years, but was involved in the distribution and production aspects of the film industry. "I always had this movie in mind. I have been in this business for many years now. This film was not made overnight. The pre-production itself took about six months," he said.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SecretLayer: Advanced Steganography Software [Pro Version Download Now]

Posted by Avik Sarkar On 10/31/2012 06:08:00 am

SecretLayer: Advanced Steganography Software [Pro Version Download Now]

Hackers, security professionals and also many other people who are involved in this cyber domain must be familiar with the term 'steganography'. I do believe that many of us have used this finest technique many times, may be some times for fun, or may be some nasty jobs. For those who are not so familiar with Steganography, then it is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. In very simple word its one of finest art of deception. For your information, now a days Steganography has been widely used, or I should say misused by many terrorist organizations for transmitting their hidden messages. One of the most dangerous changeless with Steganography is, researcher can detect whether an image or text is containing hidden message, but so far they can't unveil the inside message. 
Today we will talk about an advanced tool which is designed to tweak the color of specific pixels. The tool is named 'SecretLayer' which lets you encrypt your data (so you're no worse off than before) and then hide that encrypted data in ordinary images, like the ones used every day on all websites and email attachments. 

The Pro version of Secret Layer supports encryption of your data: -




  • Encryption type: AES, Key length: 128, 196, 256 (bits)
  • Encryption type: Blowfish, Key length: 128, 196, 256, 384, 448 (bits)
  • Encryption type: Cast-128, Key length: 40, 64, 128 (bits)
  • Encryption type: Cast-256, Key length: 128, 160, 192, 224, 256 (bits)
  • Encryption type: DES, Key length: 64 (bits)
  • Encryption type: IDEA, Key length: 128 (bits)
  • Encryption type: RC5, Key length: 64, 128, 192, 256, 384, 448, 512, 1024, 1536, 2040 (bits)
  • Encryption type: Twofish, Key length: 128, 192, 256 (bits)



    • A container with the encrypted data is hidden inside of an ordinary-looking image. This is all done automatically and in the background: you don't have to do anything extra. To download SecretLayer click Here. Earlier I told you that Steganography is on the finest way of hiding your secrete message, besides it contains many threats, as it has been widely used by criminals for transmitting messages. So far those hidden contains can not be decrypted easily. So now its upto you, that how will you use such tools. Remember one lesson which we have already learnt from a Famous movie SpiderMan, that is 'With greater power there comes greater responsibility...'. So I urge you not to use such tools for negative purposes. 






    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    HSBC Comeback Online After Prolonged DDoS Attack From Anonymous

    Posted by Avik Sarkar On 10/20/2012 12:07:00 pm

    HSBC Comeback Online After Prolonged DDoS Attack From Anonymous 

    Massive attack against banking and financial sector continues, this time HSBC became the latest victim of cyber attack. The attack which interrupt the service for 10 hours long were mainly originated from Iran and Russia. After 'Izz ad-Din al Qassam Cyber Fighters' now it was the time for Fawkes Security, an offshoot of hacktivist group Anonymous, quickly took credit for the attack, acknowledging the take down in posts yesterday afternoon on Twitter and Pastebin The group claimed to have knocked HSBC’s main site, along with its US, UK and Canadian counterparts offline and on Friday,claimed it logged 20,000 debit card details from the site while it was down. 
    According to HSBC newsroom- "On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world." But HSBC denied any sort of data loss. Fawkes Security claimed to have details of more than 20K cards, but in their release HSBC said "This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking." 
    But now the whole situation is under control, websites belonging to British bank and financial services company HSBC are back online and working normally. According to an update posted on its website, HSBC restored all of its websites globally to full accessibility as of 3:00am UK time. 
    New York Stock Exchange, Bank of America, Wells Fargo, US Bank and PNC was brought down by few hacker collective group as protest against the anti Islamic movie. After this attack the name of HSBC has also been enlisted with those poor victims (affected banks & finance sector) who suffered DDoS attack in last month.





    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Anonymous Say They've Track down Amanda Todd’s Tormentor & Publishes Online

    Posted by Avik Sarkar On 10/17/2012 05:13:00 pm

    Anonymous Say They've Track down Amanda Todd’s Tormentor & Publishes Online 

    Everyday we are increasing cyber security, to stand against any sort of cyber harassment and attacks. But still its very unfortunate to say that the whole system failed to protect a teenager named Amanda Todd from Canada. She has been fallen a victim of cyber bullying, 15-year-old Amanda, described with the aid of a series of flashcards - the horrific treatment she had received at the hands of bullies in her video entitled "My Story: Struggling, bullying, suicide and self harm". Amanda was bullied viciously on Facebook where her schoolmates were invited to join a page which included topless photographs of her, causing Amanda to suffer from anxiety and depression.
    Despite her family moving house and her changing schools, the bullying continued and Amanda fell into drug-taking and alcohol.  After a violent encounter with another girl, Amanda drank bleach and attempted to kill herself. "It killed me inside and I thought I actually was going to die." Amanda admitted in the video that she had deliberately cut herself, and ends the movie by holding a card which reads: "I have nobody. I need someone. My name is Amanda Todd." Finally after facing so many horrific treatment, she committed suicide. on 10th of October, it was just one week before her 16th birthday.

    Here is the video, where Amanda tried to describe what she faced:- 
    Amanda's tragic death has stirred a national debate about cyberbullying, but the sad story has now developed a new twist, when hacker collective group Anonymous claimed that hey have tracked down a man they say is Amanda Todd’s tormenter. The hacktivists say they have found a man in his early 30s from New Westminster, B.C., who allegedly blackmailed the 15-year-old girl for pictures over the Internet. In their move Anonymous have published a video (later removed by YouTube) and documents on pastebin, naming the person that they believe to have allegedly relentlessly harrassed Amanda Todd. 

    Police told The Canadian Press they were aware of the Anonymous claim. “I'm not going to speak to anything beyond the fact that we are aware of what has been put on social media in regards to that name,” said Sgt. Peter Thiessen, spokesman for the RCMP. Amanda’s mother, Carol Todd, has said police have been investigating leads about the Web stalker. “Police investigated and investigated, it got traced to somebody in the United States,” Carol Todd was quoted saying by the press. “But they never found him. Those people are very good at hiding their tracks.”


    -Source (Naked Security & thestar) 







    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Most Organized Banking-Trojan Called 'Gozi Prinimalka' By Russian Hackers Targeting U.S. Banks

    Posted by Avik Sarkar On 10/14/2012 06:25:00 pm

    Most Organized Banking-Trojan Called 'Gozi Prinimalka' By Russian Hackers Targeting U.S. Banks

    We all might be aware of massive attack which took place last month, targeted several leading banking and financial sector of United StatesThe attack came just after 'anti Islamic' video was posted online. The US National Security officials accused the Iranian government for engaging cyber attacks against US Banks mainly Bank of America. Sooner or later the situation came under control. But cloud of trouble for US Banking sector is not gone completely, recently security professionals unveiled that a cartel of Russian hackers is planning to launch a separate attack aimed at stealing money from about 30 U.S. financial institutions, an apparent attempt to piggyback and capitalize on the ongoing cyber attacks on U.S. banks. The emergence of Russian hackers suggests a potential shift in the motivation of the cyber attacks from ideological to financial and also points to a longer duration of the ongoing attacks. Security experts have picked up on chatter in the cyber underworld indicating Russian cyber hackers have set their sights on about 30 U.S. financial institutions. Dubbed “Operation Blitzkrieg,” the attack is planned for this fall on 30 U.S. banks, though it’s not clear which specific institutions will be targeted. In a blog post last week, RSA said it “believes this is the making of the most substantial organized banking-Trojan operation seen to date.”

    So far it’s not clear who the specific Russian hackers are, but famous security professional & blogger Brian Krebs pointed to series of posts beginning in early September on Underweb forums by a Russian hacker who uses the nickname “vorVzakone,” which translates to “thief in law.” RSA said “underground chatter” indicates the gang plans to deploy a Trojan, called “Gozi Prinimalka,” in an effort to complete fraudulent wire transfers via Man-In-The-Middle (MiTM) manual session-hacking scenarios. Herberger said MiTM is a type of attack that aims to deceive targets by violating otherwise secure communications, similar to tapping into a landline phone conversation or breaching a VPN session. “If successfully launched, the full force of this mega heist may only be felt by targeted banks in a month or two,” RSA said. The Trojan is part of a family of malware used by a crime gang that has successfully siphoned at least $5 million from banks, RSA said. The Russian hackers are also offering to pay individuals who help them carry out the attacks, indicating a desire to monetize the intrusions.

    So now the vows of hacker group named 'Izz ad-Din al Qassam Cyber Fighters' is proving to be more dangerous for US. The hacker group earlier said "These series of attacks will continue until the Erasing of that nasty movie from the Internet". For your reminder this hacker group was responsible for all the major DDoS attacks against US financial sector. “It’s not uncommon that people who have a financial motive may try to take advantage of nefarious techniques,” said Herberger. “They will jump in because they can take advantage of the fact banks are laboring and security departments are becoming overrun and softened for a different kind of motivated attack.” The emergence of the threat from Russian groups underscores the prolonged nature of the attacks against corporations, especially in the financial industry. “Security teams are coming to terms that these attacks are long,” often measured in days and weeks, said Herberger. However, security teams often aren’t “staffed for attrition.”

    -Source (FOX Business)





    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Leading US Banking & Financial Sector Suffering From Massive DDoS Attack

    Posted by Avik Sarkar On 9/30/2012 03:50:00 pm

    Leading US BankingFinancial Sector Suffering From Massive DDoS Attack 

    Few days ago in a report we said that US National Security officials accused the Iranian government for engaging cyber attacks against US Banks. The attack came just after 'anti Islamic' video was posted online. Attacks against the websites of leading banks in the United States have the banking and financial services industry on edge. The Financial Services ISAC (Information Sharing and Analysis Center) set its Threat Level to “High” on Wednesday, September 19, indicating a high risk of cyber attacks. Attacks against the websites of leading banks in the United States have the banking and financial services industry on edge. A Muslim hacking group calling itself Izz ad-Din al Qassam Cyber Fighters took responsibility for attacks on the New York Stock Exchange, Bank of America and Chase last week. This week brought attacks against Wells Fargo, US Bank and PNC. Wells Fargo used its Twitter account to apologize for service interruptions on Wednesday and said it was working to "quickly resolve this issue." Most of the targeted banks were back online and operational Thursday. The events prompted U.S. Senator Joe Lieberman (I-CT) to use an interview on C-SPAN to point the finger of blame at the Iranian government and its elite Quds Force.
    Wheather it is Iran Govt or that hacker group 'Izz ad-Din al Qassam Cyber Fighters' but the main issue of concern is that the Banking and financial sector has been highly disturbed since last few weeks. Though the situation came under control at last Thursday but still experts are predicting that this ongoing cyber attack is not over yet. In their statement the hacker group vows to engage more attack. "These series of attacks will continue until the Erasing of that nasty movie from the Internet," said the hacker.


    -Source (Naked Security) 





    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Iran Accused of Carrying out Cyber Attacks Against US Banks Over Anti Islamic Movie Issue

    Posted by Avik Sarkar On 9/26/2012 01:36:00 am

    Iran Accused of Carrying out Cyber Attacks Against US Banks Over Anti Islamic Movie Issue

    Since last few days, the conspiracy with the 'Anti Islamic Movie' was the headline in every where. We have seen global violence and a mass protest mainly came from Muslim brotherhood. This protest was also touched the internet, and as expected Muslim hackers joined the movement, which cost many damages for the cyber fence. Thousands of websites became victim of cyber attack, and among them several US banks also faced huge disturbance. This protest takes a new direction when Govt of Iran announced the blockage of Google Inc's search engine and its email service. "Google and Gmail will be filtered throughout the country until further notice," an official identified only by his last name, Khoramabadi, said, without giving further details. The Iranian Students' News Agency (ISNA) said Google ban was connected to the anti-Islamic film posted on the company's YouTube site which has caused outrage throughout the Muslim world. 
    This stand of Iran Govt created a controversy, which make them responsible for carrying out cyber attacks against US banks. According to NBC news report US National Security officials accused the Iranian government for engaging cyber attacks against US Banks mainly Bank of America. But when the ball goes to Iran's side then they completely denies the blame, while saying "We officially announce that we haven't had any attacks," This statement came from the Head of Iran's civil defense agency Gholam Reza Jalali when he was asked about the report. The western media reports alleged on Friday that Muslim hackers have repeatedly attacked Bank of America Corp, JPMorgan Chase & Co and Citigroup Inc over the past year as part of a broad cyber campaign targeting the United States. Security sources told Chicago Tribune and NBC News that the attacks on the three largest US banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens. 

    Here we want to refresh your memory while digging up a story, when Iran Govt decided a permanent Internet ban in Iran, where Iran Government has announced its plans to establish a National Intranet within five months. The Iranian minister for Information and Communications Technology, announced the setting up of a national Intranet and the effective blockage of services like Google, Gmail, Google Plus, Yahoo and Hotmail, in line with Iran's plan for a "clean Internet." And that five months is almost over, so may be the blockage of Google came due to that reason, or may be not. We suggest our readers that, it will be better if you ask yourself, that whether Iran was indeed responsible for the cyber attack or not??!!


    -Source (Reuters, NBC & FARS News Agency)








    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability

    Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

    Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability 

    Last few days the whole cyber world have gone through with so many drama of Internet Explorer's security bug, as researchers have unveiled four active exploits of a zero-day vulnerability in the browser. As expected the software giant Microsoft has released an emergency fix to get rid of these major security issues. Microsoft released a “fix it” tool for a critical security flaw in most versions of Internet Explorer 6, 7, 8 and 9  that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. "While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," said Yunsun Wee, director of Microsoft Trustworthy Computing in a statement. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability, similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file. The latest payload discovered dropped the PlugX RAT via the same corrupted Flash movie, Blasco said. He also said the new exploits are the work of the Chinese hacker group Nitro, the same group behind a pair of Java zero-day exploits disclosed in August.

    Blasco also said the new exploits appear to be targeting defense contractors in the United States and India.
    Microsoft recommended several workarounds Tuesday morning before announcing its intention to send out a FixIt.
    • Setting Internet and local Internet security zone settings to high, which would block ActiveX Controls and Active Scripting in both zones
    • Configure IE to prompt the user before running Active Scripting, or disable Active Scripting in both zones
    • Use of Microsoft's Enhanced Mitigation Experience Toolkit provides mitigations as well, and would not impact website usability, as both of the first two options might.
    Microsoft also said that IE running on Windows Server 2003, 2008 and 2008R2 runs in a restricted mode that mitigates the vulnerability. Outlook, Outlook Express and Windows Mail also open HTML messages in a restricted zone, mitigating the vulnerabilty but should a user click a link in a message, they could still be vulnerable to exploit.





    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Malicious Android Application Stealing User Data & Personal Information

    Posted by Avik Sarkar On 4/16/2012 12:32:00 pm

    Malicious Android Application Stealing User Data & Personal Information 

    Yet again security vulnerability found in Android application. An information security company has warned about malicious Android smartphone applications that steal and transmit personal data, such as contact information stored in users' address books. The company said these types of free applications have been downloaded up to 270,000 times, indicating that potentially millions of people have had their personal information stolen. An Internet security expert said, "It's possible that creating applications that transmits users' information without consent can be considered a crime under the Penal Code, which criminalises the creation of computer viruses." The malicious application only has three buttons: Steal SD Card Contents, Steal App Data, and Upload Identifying Data.Every application has at least read-only access to the contents of this external storage. No Permissions scans the /sdcard directory and returns a list of all non-hidden files. All the files discovered can be fetched. The worrying part is that the SD card usually stores some of our most private files, including photos, backups, external configuration files, and, in some cases, even Open VPN certificates.
    According to NetAgent, a Tokyo-based information security company, the applications were disguised as video tutorials for popular games on Google Inc.'s Android operating system. The applications were named by affixing the expression "the Movie" to existing game titles. The company found at least 16 of these applications.
    The company's analysis revealed that when these applications are activated, they can automatically transmit not only a person's telephone number, their e-mail address and the phone's ID number, but also the personal names, telephone numbers and e-mail addresses of contacts stored on the smartphone's address book. Although the creators of these applications aren't well known, the stolen information was sent to the same domestic server. When users download the malicious applications, a message pops up on the display screen requesting permission for access to contact information. What ever the malicious application was immediately deleted from Android market. For additional information click here.




    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

    Posted by Avik Sarkar On 2/24/2012 10:32:00 pm

    Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage
    Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 
    Brief About Metasploit:- 
    The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
    Module Changes:-
    •     Novell eDirectory eMBox Unauthenticated File Access
    •     JBoss Seam 2 Remote Command Execution
    •     NAT-PMP Port Mapper
    •     TFTP File Transfer Utility
    •     VMWare Power Off Virtual Machine
    •     VMWare Power On Virtual Machine
    •     VMWare Tag Virtual Machine
    •     VMWare Terminate ESX Login Sessions
    •     John the Ripper AIX Password Cracker
    •     7-Technologies IGSS 9 IGSSdataServer.exe DoS
    •     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion
    •     DNS and DNSSEC fuzzer
    •     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
    •     CorpWatch Company ID Information Search
    •     CorpWatch Company Name Information Search
    •     General Electric D20 Password Recovery
    •     NAT-PMP External Address Scanner
    •     Shodan Search
    •     H.323 Version Scanner
    •     Drupal Views Module Users Enumeration
    •     Ektron CMS400.NET Default Password Scanner
    •     Generic HTTP Directory Traversal Utility
    •     Microsoft IIS HTTP Internal IP Disclosure
    •     Outlook Web App (OWA) Brute Force Utility
    •     Squiz Matrix User Enumeration Scanner
    •     Sybase Easerver 6.3 Directory Traversal
    •     Yaws Web Server Directory Traversal
    •     OKI Printer Default Login Credential Scanner
    •     MSSQL Schema Dump
    •     MYSQL Schema Dump
    •     NAT-PMP External Port Scanner
    •     pcAnywhere TCP Service Discovery
    •     pcAnywhere UDP Service Discovery
    •     Postgres Schema Dump
    •     SSH Public Key Acceptance Scanner
    •     Telnet Service Encyption Key ID Overflow Detection
    •     IpSwitch WhatsUp Gold TFTP Directory Traversal
    •     VMWare ESX/ESXi Fingerprint Scanner
    •     VMWare Authentication Daemon Login Scanner
    •     VMWare Authentication Daemon Version Scanner
    •     VMWare Enumerate Permissions
    •     VMWare Enumerate Active Sessions
    •     VMWare Enumerate User Accounts
    •     VMWare Enumerate Virtual Machines
    •     VMWare Enumerate Host Details
    •     VMWare Web Login Scanner
    •     VMWare Screenshot Stealer
    •     Capture: HTTP JavaScript Keylogger
    •     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
    •     Asterisk Manager Login Utility
    •     FreeBSD Telnet Service Encryption Key ID Buffer Overflow
    •     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
    •     Java Applet Rhino Script Engine Remote Code Execution
    •     Family Connections less.php Remote Command Execution
    •     Gitorious Arbitrary Command Execution
    •     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
    •     OP5 license.php Remote Command Execution
    •     OP5 welcome Remote Command Execution
    •     Plone and Zope XMLTools Remote Command Execution
    •     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit
    •     Support Incident Tracker <= 3.65 Remote Command Execution
    •     Splunk Search Remote Code Execution
    •     Traq admincp/common.php Remote Code Execution
    •     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection
    •     Mozilla Firefox 3.6.16 mChannel Use-After-Free
    •     CTEK SkyRouter 4200 and 4300 Command Execution
    •     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
    •     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
    •     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
    •     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
    •     Java MixerSequencer Object GM_Song Structure Handling Vulnerability
    •     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
    •     MS12-004 midiOutPlayNextPolyEvent Heap Overflow
    •     Viscom Software Movie Player Pro SDK ActiveX 6.8
    •     Adobe Reader U3D Memory Corruption Vulnerability
    •     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow
    •     BS.Player 2.57 Buffer Overflow
    •     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow
    •     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
    •     McAfee SaaS MyCioScan ShowReport Remote Command Execution
    •     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow
    •     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
    •     Ability Server 2.34 STOR Command Stack Buffer Overflow
    •     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
    •     Serv-U FTP Server < 4.2 Buffer Overflow
    •     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
    •     XAMPP WebDAV PHP Upload
    •     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
    •     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
    •     HP Diagnostics Server magentservice.exe Overflow
    •     StreamDown 6.8.0 Buffer Overflow
    •     Wireshark console.lua Pre-Loading Script Execution
    •     Oracle Job Scheduler Named Pipe Command Execution
    •     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow
    •     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
    •     OpenTFTP SP 1.4 Error Packet Overflow
    •     AIX Gather Dump Password Hashes
    •     Linux Gather Saved mount.cifs/mount.smbfs Credentials
    •     Multi Gather VirtualBox VM Enumeration
    •     UNIX Gather .fetchmailrc Credentials
    •     Multi Gather VMWare VM Identification
    •     UNIX Gather .netrc Credentials
    •     Multi Gather Mozilla Thunderbird Signon Credential Collection
    •     Multiple Linux / Unix Post Sudo Upgrade Shell
    •     Windows Escalate SMB Icon LNK dropper
    •     Windows Escalate Get System via Administrator
    •     Windows Gather RazorSQL Credentials
    •     Windows Gather File and Registry Artifacts Enumeration
    •     Windows Gather Enumerate Computers
    •     Post Windows Gather Forensics Duqu Registry Check
    •     Windows Gather Privileges Enumeration
    •     Windows Manage Download and/or Execute
    •     Windows Manage Create Shadow Copy
    •     Windows Manage List Shadow Copies
    •     Windows Manage Mount Shadow Copy
    •     Windows Manage Set Shadow Copy Storage Space
    •     Windows Manage Get Shadow Copy Storage Info
    •     Windows Recon Computer Browser Discovery
    •     Windows Recon Resolve Hostname
    •     Windows Gather Wireless BSS Info
    •     Windows Gather Wireless Current Connection Info
    •     Windows Disconnect Wireless Connection
    •     Windows Gather Wireless Profile
    For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

     -Source (rapid7)



    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Anonymous Retaliates For Megaupload Shutdown & Bring Down DOJ & FBI (#OpMegaupload)

    Posted by Avik Sarkar On 1/20/2012 09:23:00 pm


    Federal authorities shut down one of the Web’s most popular sites Thursday on charges that it illegally shared movies, television shows, e-books and so on. In the payback hacktvist Anonymous called #OpMegaupload performed "The Largest Attack Ever" where 5,635 Anon people bring down the websites of Universal Music, the U.S. Department of Justice and the Recording Industry Association of America while using one of the world's most popular and vastly used DDoSer LOIC. 

    "The government takes down Megaupload? 15 minutes later Anonymous takes down government and record label sites,"  Tweeted by Anonymous. That note was followed shortly by this one: "Megaupload was taken down w/out SOPA being law. Now imagine what will happen if it passes. The Internet as we know it will end. FIGHT BACK." The tweet referred to the Stop Online Piracy Act, an Internet piracy bill being considered in the U.S. Congress. 
    Detailing the attacks, which are being dubbed as the largest performed by the group, via numerous Twitter feeds, @YourAnonNews said: "You cannot censor the internet. You cannot subpoena a hashtag. You cannot arrest an idea. You CAN expect us #OpMegaupload"


    The link is a page on the anonymous web hosting site pastehtml. It link loads a web-based version of the program Anonymous has used for years to DDoS websites: Low Orbit Ion Cannon. (LOIC). When activated, LOIC rapidly reloads a target website, and if enough users point LOIC at a site at once, it can crash from the traffic. Judging from a Twitter search, the link is being shared at a rate of about 4 times a minute, mostly by Spanish-speaking users, for some reason. (Here's a link to the Twitter search, just don't click the PasteHTML link.)
    The thing is, DDoSing is a criminal offense that could earn you 10 years in prison, if you do it intentionally. With previous versions of LOIC, participants had to acknowledge this risk and press a button labeled "fire." But now, it appears some enterprising anonymous member has retooled it so that it automatically fires if you click an unassuming link and leave a window open.
    Megaupload.com distributed a variety of digital content, including music and movies. Investigators say Megaupload’s executives made more than $175 million through subscription fees and online ads while robbing authors, movie producers, musicians and other copyright holders of more than $500 million. “This action is among the largest criminal copyright cases ever brought by the United States,” the Justice Department and FBI said in a statement.
    On Thursday, the U.S. DOJ announced that it had charged seven people who allegedly were affiliated with the site with running an organized criminal enterprise responsible for worldwide online piracy of copyrighted content. The DOJ worked with authorities in New Zealand, who arrested four of the seven people.

    "Twitter - @AnonymousWiki
    January 19th, 2012
    Popular file-sharing website megaupload.com gets shutdown by U.S Justice - FBI and charged its founder with violating piracy laws. Four Megaupload members were also arrested. The FBI released a press release on its website which you can view here: 
    http://www.fbi.gov/news/pressrel/press-releases/justice-department-charges-leaders-of-megaupload-with-widespread-online-copyright-infringement
    We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn't think they would get away with this did they? They should have expected us.
    #OpMegaupload 
    The following sites were taken down in response to the FBI shutting down megaupload.com
    :) TANGO DOWN


    justice.gov
    universalmusic.com
    riaa.org
    mpaa.org
    copyright.gov
    hadopi.fr
    wmg.com
    usdoj.gov
    bmi.com
    fbi.gov
    ..."

    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Mochahost Web Server Rooted, More Than 1250 Sites Hacked By Teamgreyhat

    Posted by Avik Sarkar On 12/23/2011 12:15:00 am


    Few days earlier well known hackers group Teamgreyhat has rooted the Guyana Server and thus they hacked more than 1500 websites. Now TGH strikes again, this time another big attack happens. Mochahost Web hosting company's server compromised and more than 1250 websites get hacked by TGH hackers. After this attack TGH authority claimed them selves as the "Achilles of Cyber World". To emphasizes this statement they changed the background music of the hacked page and used the famous quotes of well-known movie Troy. If you dig the history you will find that TGH has already made their own identity on the web by hacking many web servers such as Theexpert ServerMalaysian Web-hostCybertek Web-Server5gbfree.comGuyana Server and many more. Again this attack proves the strength of TGH. All the hacked sites can be found on a pastebin written by Teamgreyhat. 

    Press Release of TGH:- 
    "Guyana Server Rooted, 1500 Websites Hacked By Teamgreyhat
    T-Series Official Website Hacked By Teamgreyhat (TGH)
    Theexpert Server Rooted By TGH
    Malaysian Web-Hosting Company's Security Compromised, Entire Server Dumped By TeamGreyhat
    Cybertek Web-Server Rooted By TGH 
    & & & Many more..............
    Yet moooooooooooore to Come.................


    The Common question arise and that is who is TGH and what we are capable of???
    Here is the Answer


    We are TGH 
    We are Warriors 
    We are Achilles of Cyber World
    ............
    "Remember, I will still be here
    As long as you hold me, in your memory


    Remember, when your dreams have ended
    Time can be transcended 
    Just remember me


    I am the one star that keeps burning, so brightly,
    It is the last light, to fade into the rising sun


    I'm with you
    Whenever you tell, my story
    For I am all I've done


    Remember, I will still be here
    As long as you hold me, in your memory
    Remember me


    I am that one voice in the cold wind, that whispers
    And if you listen, you'll hear me call across the sky


    As long as I still can reach out, and touch you
    Then I will never die


    Remember, I'll never leave you
    If you will only
    Remember me


    Remember me...


    Remember, I will still be here
    As long as you hold me
    In your memory


    Remember, when your dreams have ended
    Time can be transcended
    I live forever 
    Remember me


    Remember me
    Remember... me..."




    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Related Posts Plugin for WordPress, Blogger...

    Site search