Showing posts sorted by date for query security hole. Sort by relevance Show all posts
Showing posts sorted by date for query security hole. Sort by relevance Show all posts

Skype Shop & National Geographic Germany (Nat Geo) Vulnerable to XSS

Posted by Avik Sarkar On 12/26/2013 09:06:00 pm

Skype Shop & National Geographic Germany (Nat Geo) Vulnerable to XSS -Said Dr41DeY
Couple of weeks ago, I have talked about the vulnerability of Cartoon Network official website, today I am going to speak about two more big fish who are posing serious security holes in their official websites. Lets not waste time while stretching the preface and come directly to the story -it's the hacker who has recently made his name for some big hacks, has back again. 
Many of you are right, I am talking about 'Dr41DeY' because he is the guy who found vulnerability in the official website of Skype Shop and National Geographic Channel Germany (Nat Geo). Both Nat Geo and Skype have non persistent cross site scripting vulnerability also known as XSS vulnerability in their website. We have already informed this issue to concerning authority and webmaster to avoid misfortune. As expected, while writing this Skype have taken this issue seriously and fixed their loopholes immediately. Still for proof- above I have shared the screenshots with our readers, as evidence of the XSS hole. But unlike Skype Shop, Nat Geo yet not responded, so the vulnerability still exist on their portal. Hopefully they will take appropriate steps with out doing more delay. For updates in this story and also other hot cyber issues, just stay tuned with VOGH.  Before concluding, I would like to remind you that- in 2012 an Indian hacker named Akshay has found XSS holes in the official website of National Geographic. Again after a year, Dr41DeY found another Nat GEO site vulnerable to XSS, that definitely arises a doubt about the security concern of one of the world's leading satellite television channel featuring documentaries with factual content involving nature, science, culture, and history, plus some reality and pseudo-scientific entertainment programming. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DY365 TV -Popular Satellite Channel of Assam, India Hacked

Posted by Avik Sarkar On 12/05/2013 02:35:00 am

DY365 TV -Popular Satellite Channel of Assam, India Hacked By Dr41DeY (Nigerian Cyber Army )
Hacker going by the alias name of Dr41DeY, from a hackers community named Nigerian Cyber Army strikes again. After his much discussed hack of Pakistan People's Party (PPP), this time also he targeted what it called yet another high profile website of one of the leading 24-hour satellite channel of Assam, India named 'DY365 TV.' While talking with VOGH representative the hacker confirmed that, manipulating some untold vulnerability he managed to gain administrative access into the official website DY365 TV. But this time without tampering data, the hacker just left a message on the home page saying "Hacked By Dr41DeY @Nigerian Cyber Army." Like earlier this time also Dr41DeY created an image archive as a proof of this hack. This attack taken place on the 3rd of December, and after couple of hours of hack, DY365 authorities have responded to the incident and restored their site, and also sources confirmed that the security hole has also been patched. Though this popular Assamese broadcasting channel refuses to give any statement regarding this issue. 

Brief About DY365:- It is a 24-hour satellite channel of Assam, India. DY365 broadcasts news in Assamese, Hindi, Bengali and English language. It was launched on October 30, 2008. DY365 is a unit of Brahmaputra Tele Productions Pvt. Ltd. Manoj Kumar Goswami is the editor-in-chief of the channel. The channel gained popularity is a very short span of time, and now it's recognized as one of the leading channel of North East India. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)

Posted by Avik Sarkar On 4/11/2013 01:44:00 am

PostgreSQL Fixed 'High-Exposure Security Vulnerability' Causing Denial-of-Service Attack (CVE-2013-1899)

Security researcher's have yet again figured out a serious security hole in one of most widely used object-relational database management system, PostgreSQL also known as Postgres. While manipulating the loophole an attacker can easily corrupt files and in some cases, can execute malicious code on underlying servers causing "persistent denial-of-service" attack. By corrupting the files an attacker can cause database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable. As soon as this vulnerability get spotted, the developers at PostgreSQL immediately  released updates while addressing a "high-exposure security vulnerability in versions 9.0 and later." The updates are available for 9.0, 9.1, and 9.2 branches, as well as 8.4. This updates also allow PostgreSQL to be built using Microsoft Visual Studio 2012. According to developers: "A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center." In addition to fixes for one major security issue, the updates also include four more minor security fixes, as well as fixes for other, non-security-related issues. 

Some of these fixes include:
  • A security vulnerability that made contrib/pgcrypto-generated strings too easy to guess;
  • A vulnerability that would allow unprivileged users to interfere with backups;
  • Security issues involving the OS X and Linux installers;
  • Vaious issues with GiST indices;
  • An issue related to crash recovery; and
  • Memory and buffer leaks, among others.

The complete list of fixes and enhancements in each version can be found on the PostgreSQL release notes archive page. Also the patched PostgreSQL 9.2.4, 9.1.9, 9.0.13, and 8.4.17 are available now at download  page. While talking about this fix, we would like to remind you that, late in last year another security vulnerability hit PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. The security holes associated with libxml2 and libxslt. Along with that a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. 



-Source (Campus Technology & The-H)








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Posted by Avik Sarkar On 3/11/2013 02:55:00 am

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED


The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

  1. James Forshaw: Java = $20K
  2. Joshua Drake: Java = $20k
  3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
  4. Nils & Jon: Chrome = $100k
  5. George Hotz: Adobe Reader = $70k
  6. Ben Murphy: Java = $20k
As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 


 -Source (HP, Naked Security) 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Yamaha Motor's Official Website of Six Different Countries Hacked & Defaced

Posted by Avik Sarkar On 2/18/2013 08:55:00 pm

Yamaha Motor's Official Website of Six Different Countries Hacked By Dark Snipper

Yamaha, Japanese multinational corporation; widely known to us for manufacturing motorcycles and power sports equipment, have fallen victim in front of hackers. A newly formed hacker group calling themselves "Dark Snipper" targeted several websites of Yamaha. This round of cyber attack has blown Six Yamaha websites from different countries like Bosnia HerzegovinaCroatiaMontenegroMacedoniaSloveniaSerbia. According to sources a few hackers code named 'Soul Inj3ct0r,  P4K-CoMManDeR, Error Haxor,  Dream.Killer, X3o-1337 & SOG' mainly from Pakistan took responsibility of the hack. So far the reason of the attack is not clear, but still the deface page is saying that the attack was inspired by the cause of "Free Palestine". But it is very irrelevant that, why the hacker group targeted Yamaha, as there is hardly any relation between the cause of Gaza, Palestine and Yamaha. What ever! Yamaha authority and the cyber response team immediately recovered those hacked sites by deleting the hacker's page (as shown in the picture below) and patched the security hole.

It is come to our concern that, team 'Dark Snipper' managed to get access into Yamaha server, where all those domain were hosted, and that is why it became possible for the hackers to breach all those Yamaha sites. But, Yamaha did not passed any reaction after the breach. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Hacked, More Than 250,000 User Data Compromised

Posted by Avik Sarkar On 2/03/2013 01:55:00 am

Twitter Hacked, More Than 250,000 User Data Compromised

The social networking giant and the world famous micro blogging site Twitter again fallen victim of cyber attack. Last year we have seen that the tight security system if twitter have been compromised many times. Yet again in this year the San Francisco based social media giant who have more than 500 million registered users failed to protect them selves from hackers. On last Friday Twitter acknowledged that it had become the latest victim in a number of cyber-attacks against media companies, saying hackers may have gained access to information on 250,000 of its more than 200 million active users. The micro blogging giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected. According to reports usernames, email addresses, session tokens and encrypted/salted passwords for 250,000 users might have been accessed in what it described as a “sophisticated attack” 

"This attack was not the work of amateurs, and we do not believe it was an isolated incident,” said Bob Lord, Twitter’s director of information security. “The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked” Bob added. 

Jim Prosser, a Twitter spokesman, would not say how hackers infiltrated Twitter’s systems, but Twitter’s blog post said hackers had broken in through a well-publicized vulnerability in Oracle’s Java software. Last month, after a security researcher exposed a serious vulnerability in the software, though Oracle patched the security hole, but Homeland Security said the fix was not sufficient. The DHS issued a rare alert that warned users to disable Java on their computers. Prosser said Twitter was working with government and federal law enforcement to track down the source of the attacks. For now, he said the company had reset passwords for, and notified, every compromised user. The company encouraged users to practice good password hygiene, which typically means coming up with different passwords for different sites, and using long passwords that cannot be found in the dictionary.
Twitter said it “hashed” passwords — which involves mashing up users’ passwords with a mathematical algorithm — and “salted” those, meaning it appended random digits to the end of each hashed password to make it more difficult, but not impossible, for hackers to crack. Once cracked, passwords can be valuable on auction-like black market sites where a single password can fetch $20.

While talking about Twitter and cyber issues, I would like to remind you that in last year twitter faced several cyber attacks where more than 55,000 twitter account details was leaked, after this issue in the middle of last year the social networking giant faced massive denial of service which interrupted its services. Later a huge number of Twitter users across the globe received  emails warning that their account have been compromised and their passwords had been reset, and it was another security breach which affected twitter. Such big organization are not at all careless about security, so as twitter and it has been proved when they hired renowned white hat hacker Charlie Miller to boost up their security, but after this current massacre, it seems that twitter need to think more and emphasize a lot to make sure that their system is good enough to prevent cyber attacks. For all the hot cyber updates and reviews stay tuned with VOGH.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DHS & US-CERT Recommended to Disable Java in Web Browsers

Posted by Avik Sarkar On 1/18/2013 06:49:00 pm

DHS & US-CERT Recommended to Disable Java in Web Browsers Unless It's Absolutely Necessary

The running time is proving to be the worst period for Java, as it has been walking under serious security issues. Yet again security researchers have pointed out a zero-day security vulnerability in the Java program that hackers are exploiting. The exploit takes advantage of a vulnerability left open in Java 7 Update 10, released in October last year. It works by getting Java users to visit a website with malicious code that takes advantage of a security gap to take control of users' computers. Thus how Java is being used by cyber criminals to infect computers with malware. Oracle, hasn't specified the number of users who have downloaded Java 7 Update 10. However, Java runs on more than 850 million computers and other devices. When Oracle released Update 10, so it is predictable that more than 850 million devices run by Java is under threat. The exploit was first discovered by French researcher Kafeine, who claimed to have found it running on a site registering hundreds of thousands of page views daily. From that site, immediately that vulnerability and a large number of effected devices has been spotted in the wild. In Java 7 Update 10 the creator of Java, Oracle added several security control and fixed older bugs and promised more security enhancement, but its very unfortunate that Oracle failed to keep their promise. What ever after this newly discovered 0-day hole spotted wildly, Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe, but distinct vulnerability (CVE-2012-3174). Immunity has indicated that only the reflection vulnerability has been fixed and that the JMX MBean vulnerability remains. Java 7u11 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets. It "strongly recommends" that Java SE 7 users upgrade immediately to avoid all kind of security hazards. 

After seeing all the drama, many of you have failed to keep trust in Java, and you all will be relieved when you will gone through the security advisory of CERT (Computer Emergency Response Team) where they have clearly instructed to disable Java in your popular web-browser. In their official release CERT said "Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future."

You will see similar advice in the advisory posted on the official DHS US-CERT website where DHS also suggested to disable Java until and unless it is that much necessary. "To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment." - said U.S. CERT in their advisory. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Yahoo Mail Hit By XSS Exploit Putting 400 Million Users At Risk

Posted by Avik Sarkar On 1/13/2013 05:53:00 pm

Yahoo Mail Hit By XSS Exploit Putting 400 Million Users At Risk

Yet again mistrust growing in between the large number of Yahoo users, as it has been continuously failed to protect its customers from cyber attack. Late in last year we have seen that the two major services of Yahoo get compromised, which affects millions of its registered users across the globe. First it was Yahoo Voice, which get hacked while putting 450K users at high risk. Then it was the time for Yahoo Mail, where few Egyptian hacker figured out serious XSS vulnerabilities in Yahoo Mailing service  that lets attackers steal cookies from Yahoo Webmail users. Later cyber criminals made product while exploring that loop holes, that so called product or widely known as exploit was made available at high price in underground market and forums. As expected Yahoo immediately patched these loopholes, but now it seems they did not learn lesson from the decent past. 
You all may be wondering! what happened? Again the security of Yahoo fallen victim in front of hackers.  Shahin Ramezany, a hacker and independent security researcher have figure out a DOM-Based XSS vulnerability in Yahoo Mail that is exploitable in all major browsers. Ramezany tweeted about this issue whihc links to an YouTube video, where he demonstrated the hack. Shahin Ramezany also claimed that the exploit have put more than 400 Million yahoo users at risk


As soon as this story get spotted, Yahoo immediately responds the matter, in their official release a Yahoo spokesman said "We’ve been looking into it and the US have now confirmed that they are investigating too. They will be in touch if there is a comment – otherwise I recommend that if users are concerned then they should change their passwords immediately." 

Later Yahoo said that thy have plugged the security hole. In their statement the spokesperson added, “At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data. We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed. In addition, we are investigating recent reports of increased abusive traffic and will work diligently to fix any vulnerabilities that are found. Concerned users are encouraged to change their passwords to a safe password that combines letters, numbers, and symbols.”

But this issue did not get completely resolved, as immediately after the fix release of Yahoo, Shahin Ramezany said that the fix is not good enough, and the Yahoo Mail exploit is still active. In his twitter he said "not effective enough and users are still [at] risk," since the proof-of-concept code can be easily tweaked to continue attacks. 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

Posted by Avik Sarkar On 1/05/2013 09:48:00 pm

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

The Redmond based software giant Microsoft issued an urgent security advisory to address vulnerabilities in its popular web-browser that is Internet Explorer.  Few of days new “zero day” security hole in IE was discovered which could potentially allow hackers to take over control of your system when all you've done is visit an infected website. The vulnerability affects IE versions 6, 7 and 8. Though the latest versions of the browser, that means IE 9 and 10, are not affected. “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” Microsoft said in its statement. The statement went on to say, “an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.”
On its advisory Microsoft first issued warning of the problem, which involves how IE accesses "an object in memory that has been deleted or has not been properly allocated." The problem corrupts the browser's memory, allowing attackers to execute their own code. Security vendor Symantec described such a scenario as a "watering hole" attack, where victims are profiled and then lured to the malicious site. Last week, one of the websites discovered to have been rigged to delivered an attack was that of the Council on Foreign Relations, a renowned foreign policy think tank. 
While talking about IE and its bugs, then we would like to remind you that couple of weeks ago, Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized. That time the software giant ignored that particular issue. But here they take this one bit seriously; So if you still using the older and affected version of IE, then its time to update your browser, in order to stay safe and secure on the Internet. To update your browser or to access the security fix click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

‘Pervasive Vulnerability’ Found in The Robotic Aircraft of Drone Fleet

Posted by Avik Sarkar On 1/01/2013 03:47:00 pm

 ‘Pervasive Vulnerability’ Found in  The Robotic Aircraft of Drone Fleet

Unmanned aerial vehicle (UAV), widely known as a drone has always been gone through with several controversies in case of both defense and cyber security. Yet again several question arises regarding the security system and the control algorithms of drone. According to the Pentagon’s premier science and technology division a a “pervasive vulnerability” have been found in the robotic aircraft of drone. The control algorithms for these crucial machines are written in a fundamentally insecure manner, says Dr. Kathleen Fisher, a Tufts University computer scientist and a program manager at the Defense Advanced Research Projects Agency. There’s simply no systematic way for programmers to check for vulnerabilities as they put together the software that runs our drones, our trucks or our pacemakers.
In our homes and our offices, this weakness is only a medium-sized deal: developers can release a patched version of Safari or Microsoft Word whenever they find a hole; anti-virus and intrusion-detection systems can handle many other threats. But updating the control software on a drone means practically re-certifying the entire aircraft. And those security programs often introduce all sorts of new vulnerabilities. “The traditional approaches to security won’t work,” Fisher tells Danger Room.
Fisher is spearheading a far-flung, $60 million, four-year effort to try to develop a new, secure way of coding and then run that software on a series of drones and ground robots. It’s called High-Assurance Cyber Military Systems, or HACMS. For detailed information about this story click Here

While talking about drone and its security we would like to give you reminder that in 2011 we came to know that a stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Later Iran took responsibility of that cyber attack. Also in 2012 drone was in controversy where researcher have figured out that drone fleets are vulnerable to GPS spoofing and it can be hijacked by any malicious attacker or terrorist. 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel

Posted by Avik Sarkar On 12/21/2012 07:17:00 pm

Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel

Serious security hole has been discovered in Samsung smartphones. According to a member of XDA-Developer forum named 'alephzain' the vulnerability exists in the Samsung Galaxy S III, Galaxy S II and Galaxy Note II along with several other Samsung devices. As per sources the vulnerability is marked as "severe". This vulnerability could provide a malicious way for remotely downloaded apps to read user data, brick phones and perform other malicious activities. In other words, this hole could allow a malicious app free reign over your smartphone’s memory, and basically take complete control of your device. Prepare tin foil hats. Another XDA-Developer user, supercurio says Samsung has been notified of the security hole, but had not yet acknowledged the issue. That is until this morning when Samsung dropped word to Android Central that they are “currently in the process of conducting an internal review” in reference to the security hole. Supercurio says the potential exists for millions of devices to be in harms way, especially those with Exynos 4210 and 4412 processors that use Samsung code. Another XDA user, Entropy512 adds “this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention.” 
While talking about security holes in Samsung phones, then we would like to remind you that few moths ago, researcher have unveiled several android based handsets including Samsung Galaxy S3, S2 were vulnerable to 'remote wipe' hack.   




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Vulnerability Found in Samsung Printers Allowing Remote Hack

Posted by Avik Sarkar On 11/29/2012 06:02:00 pm

Vulnerability Found in Samsung Printers Allowing Remote Hack 

Bad news for those who are using Samsung and Dell-branded printers, as in an advisory U.S. Computer Emergency Readiness Team (US CERT) issued an warning that a hard coded administrative account could allow remote attackers to take control of their device. According to the vulnerability note (VU#281284)Samsung printers contain a hardcoded account that could allow a remote attacker to take control of an affected device. Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility. Manipulating the above vulnerability a remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution. 
Solution:-
Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung and Dell have also indicated that they will be releasing a patch tool later this year to address vulnerable devices.
Block Port 1118/udp
The reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks.

Restrict Access:
As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location.

While talking about vulnerabilities in Printer, then we would like to remind you that late in last year Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer. Later HP issued firmware to fix those security hole.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Posted by Avik Sarkar On 11/29/2012 06:02:00 pm

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Those people who wander in many underground hackers community, knows very well that several unethical equipment such as Botnet, Zero-day exploit, black hole exploit kit, malware, undisclosed vulnerabilities and so on were sold there for different prices. Those products were generally priced between $5-$500, but today I will talk about an expensive product, which listed itself top on the black market. I am talking about a new cross-site scripting exploit that enables attackers to steal cookies and access Yahoo email accounts. According to the blog post of Krebs on Security -A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. The hacker posted the following video to demonstrate the exploit for potential buyers. 


“I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers,” wrote the vendor of this exploit, using the hacker handle ‘TheHell.’ “And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!” -said the hacker.  
In response Ramses Martinez, director of security at Yahoo!, said the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video. “Fixing it is easy, most XSS are corrected by simple code change,” Martinez said. “Once we figure out the offending URL we can have new code deployed in a few hours at most.”





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA Refused to Disclose Obama's Secret Cyber Security Directive

Posted by Avik Sarkar On 11/27/2012 12:33:00 am

NSA Refused to Disclose Obama's Secret Cyber Security Directive

The cyber security directive of United States President Barack Obama has been twisted a little as the National Security Agency (NSA) has refused to release details of a secret presidential directive document that would establish a broader set of standards that would guide federal agencies in confronting Cyber threats. Several experts are presuming that the cyber security directive could allow the military and intelligence agencies to operate on the networks of private companies, such as Google and Facebook. According to the last week report by Washington Post, cited several U.S. officials saying that Obama signed off on the secret cyber security order, believed to widely expand NSA’s spying authorities, in mid-October. “The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyber war and cyber terrorism,” the report states.  
The Electronic Privacy and Information Center (EPIC), filed a Freedom of Information Act (FOIA) request to make the document public because it said the measure could expand NSA’s Cyber security authority. “Transparency is crucial to the public’s ability to monitor the government’s national security efforts and ensure that federal agencies respect privacy rights and comply with their obligations under the Privacy Act,” said EPIC’s request.
EPIC said that NSA denied the request on Nov. 21 arguing that it doesn’t have to release the document because it is a confidential presidential communication and contains information that is classified “Secret” and “Top Secret” by the agency. NSA said disclosure of the order could “reasonably be expected to cause exceptionally grave damage to the national security.” The agency said EPIC could file an appeal with the NSA/Central Security Service denial and EPIC said it plans to do so. The privacy group said it is litigating similar FOIA requests with NSA, including the release of NSPD 54, a 2008 presidential directive setting out the NSA’s cyber security authority. The group called NSA a “black hole for public information about cyber security” in an official statement to Congress earlier this year. National Security Agency whistle blower William Binney said in Mid July that the U.S. government is secretly gathering information “about virtually every U.S. citizen in the country”, in “a very dangerous process” that violates Americans’ privacy.
Former President George W. Bush signed a presidential order in 2002 allowing the National Security Agency (NSA) to monitor without a warrant the international (and sometimes domestic) telephone calls and e-mail messages of hundreds or thousands of citizens and legal residents inside the United States. The program eventually came to include some purely internal controls -- but no requirement that warrants be obtained from the Foreign Intelligence Surveillance Court as the 4th Amendment to the Constitution and the foreign intelligence surveillance laws require.



-Source (GSN Magazine & Press TV)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Posted by Avik Sarkar On 11/02/2012 03:28:00 am

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Serious security hole in Mozilla Firefox has been fixed. Mozilla has announced availability of Firefox version 16.0.2, an emergency update to address a serious flaw in the way the browser treats the LocationObject. According to the advisory, successful exploitation of this flaw can result in cross site scripting or code execution. The bug was first discovered by security researcher Mariusz Mlynski, which  forced Mozilla developers to release the third emergency fix in a month since the introduction of version 16 of the popular browser. According to the Security Advisories of Mozilla Foundation -Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. With Firefox 16.0.2 also the security bug in Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 & SeaMonkey 2.13.2 has been fixed. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Users running older versions of Firefox are advised to update immediately using the auto-update feature built into the browser.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Flaws Allowing Any Windows User to Upgrade to Windows 8 Pro For Just $14.99

Posted by Avik Sarkar On 10/28/2012 04:37:00 am

Security Flaws Allowing Any Windows User to Upgrade to Windows 8 Pro For Just $14.99

The long awaited and the most advanced windows operating system by Microsoft is ready and available to buy from Microsoft Store. Earlier we got three Pre-release version of Windows 8 -Consumer Preview, Developer Preview Release Preview. Along with these the Redmond based software giant also released an Enterprise Edition of Windows 8. With those releases, Microsoft declared that they will start selling Windows 8 from October 26. As per the schedule Microsoft opened its virtual store and began selling upgrades to Windows 8 Pro for $39.99, making good on a promise made last summer. The upgrade, which must be downloaded and installed via a utility called "Windows 8 Upgrade Assistant," can be applied to Windows XP-, Vista-, and Windows 7-powered systems. So far so good, but not that good as it looking, recently a security hole has been spotted in the wild which is allowing Windows user to buy a license for Windows 8 Pro for just $14.99 by faking the details on the WindowsUpgradeOffer page. According to a post from Technology Personalized -For the uninitiated, the MRP of Windows 8 Pro version is $169.99 and during the promotional offer period, which runs till Jan 31st 2013, Microsoft is offering a big $130 discount to encourage early adaption of the latest Windows OS. So, the existing Windows 7/Vista/XP users can upgrade to Windows 8 for just $39.99 (or INR 1999). Additionally, Microsoft had announced that those who bought a Windows 7 PC between June 2, 2012, and January 31, 2013 are eligible for a further discount and can actually upgrade for a meagre $14.99. Moreover, users get to download the ISO and/or save Windows 8 as bootable USB.


Shockingly, the WindowsUpgradeOffer page requires people to enter some extremely basic details about their Windows 7 PC purchase as shown below. As you can see, the details they ask for can no way be used to validate the purchase. It neither asks for a serial number nor Windows 7 key, but just the PC brand and model! As you can see, we entered some random info into each of the fields.


Once the details are submitted, user will get a confirmation email about the registration. Within a few minutes, another email with the promo code is sent to the same email address. This promo code can be used to purchase the Windows 8 Pro edition via the Windows 8 Upgrade assistant app, for a nominal fee of USD 14.99. Unbelievable, isn’t it? 
So far Microsoft did not responded about this issue, but for those who want to buy Windows 8 Pro (Download) click Here & those who want to get Windows 8 Pro shipped to you click Here.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Closes Several Critical Security Hole in Shockwave Player

Posted by Avik Sarkar On 10/27/2012 02:48:00 am


Adobe Closes Several Critical Security Hole in Shockwave Player

If you are a fan or regular user of  Adobe Shockwave Player on your Windows or Mac computer then it's time for you to update your systems. Adobe has released a security update for Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638 using the instructions provided below.
This update resolves buffer overflow vulnerabilities that could lead to code execution (CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-5273)
  • AFFECTED SOFTWARE VERSIONS:-
Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh
  • SOLUTION:-
Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to the newest version 11.6.8.638, available here: http://get.adobe.com/shockwave/.

This update resolves an array out of bounds vulnerability that could lead to code execution (CVE-2012-4176). Adobe has said that the update is a priority 2 issue. The company recommends users update their installations as soon as is possible, but notes there are no known Shockware exploits in the wild for these flaws.
If you dig the recent past, then you will found the security of Adobe products has been under the microscope the last four weeks. Most recently, Adobe upgraded its Reader and Acrobat products with enhancements to its sandbox functionality and a new feature that forces any DLL loaded by either application to use Address Space Layout Randomization (ASLR). Also we want to remind you that in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

Posted by Avik Sarkar On 10/26/2012 05:59:00 am

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

We all are very much aware that Sony along with its product's were always been a very hot favorite target of hackers. But here there are few twists, so the word 'Hack' will be be the appropriate one to describe of what happened to Sony. According to a report on Eurogamer Sony's PlayStation 3 is facing a new security threat - one it hasn't seen since the system was cracked via the PSJailbreak in 2011. The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple's iOS. But the latest PS3 break is being dubbed unpatchable and the final hack. That's because this hack isn't giving you an exploit to use against a programming hole. It's giving you Sony's so-called LV0 (level zero) cryptographic keys
A decryption key that is reported to be circulating on the net is said to remove the final protective barrier on some models of Sony's PlayStation 3 consoles. In the long run, the release of the key will probably allow unsigned software such as homebrew games, Linux distributions, or pirate copies of software to run on some PS3 consoles. Allegedly, the private key can be used to modify and sign the "LV0" (Level 0), for example to disable its security checks. When the PS3 system boots, from version 3.60 of the PS3's firmware, the LV0 is directly launched by the bootloader (bootldr) that is built into the system's hardware – which means that the chain of trust is broken at a very early stage. As Sony won't be able to update the bootloader with a software update, the hacker community considers this the "final hack" of the PS3 in its current forms. Eurogamer says that these keys may not have been released at all if not for a Chinese hacking outfit called "BlueDiskCFW," who gained access to the keys and planned to charge for new custom firmware updates it would create. The original group that created the LV0 had no plans on releasing them, but eventually they were leaked onto the Internet in some limited fashion. Seeing that someone was going to profit on them, the group known as "The Three Tuskateers" decided to release them into the wilds of the Internet. 
In a statement the hacker group says that "You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Flaws Allowing Hackers to Brute Force Twitter Passwords

Posted by Avik Sarkar On 10/04/2012 01:57:00 am

Security Flaws Allowing Hackers to Brute Force Twitter Passwords 

A security flaw has been discovered in popular micro blogging site 'Twitter' which is allowing an malicious attack to brute force user's passwords.  On Saturday, multimedia producer and Twitter user Daniel Dennis Jones (@blanket) received a notification that his Twitter password had been reset. This alone would have been cause for concern; at the very least, it would mean that someone had tried and failed to access his account. He quickly found out that the problem was much worse than he expected. He was eventually able to log back into the account, but found that his username had been changed to @FuckMyAssHoleLO , and that @blanket was now operated by someone else. His account, in other words, had clearly been hacked. After seeing the above scenario it is very clear that - Twitter's password reset process allows hackers to attempt a more wide-ranging brute force approach to breaking into accounts than other services with more restrictive systems. Both Apple and Amazon quickly closed the loopholes that led to Honan's hack, but Twitter accounts (the ultimate prize Honan's hackers were after) remain surprisingly vulnerable to unsophisticated hacking efforts. That vulnerability was on display this past weekend as a desirable group of "OG" Twitter handles the short, memorable, one-word names that got snapped up when the service launched were brute-force hacked by a group of kids looking to make a little cash and impress their friends.

Daniel Jones is not the only victim of this recently discovered vulnerability, many other people around the globe also fallen victim of this security hole. After a day of research, Jones "got to the bottom of a little ring of kids who crack passwords to gain access to handles" - he found a number of other short, memorable handles like @hah, @captain, and @craves had also been hacked. Judging from the conversations he saw over Twitter, these hackers were not sophisticated social engineers, but just a group of teenagers trying to sell the names they had collected. Eventually, Jones had a long Skype conversation with a 14-year-old hacker who goes by Mason he wasn't the one who stole @blanket from Jones, but he was part of the young crew grabbing and selling these desirable names.
Of course, Twitter's security regimen is probably not all that different from that of many other sites. According to Jeremiah Grossman, CTO and co-founder of Whitehat Security, the attack that victimized Jones was "very, very common....Perhaps Twitter could have a bit stronger and more comprehensive approach to dealing with brute force attacks, but they can really only take it so far before annoying their users." 
We personally think that, after this case twitter should implement two step authentication, like Google to prevent its user getting compromised


-Source (Buzz Feed & CNET)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search