USA Accused For Planting "Flame" Malware to Hack France President's Network

USA Accused For Planting "Flame" Malware to Hack France President's Network

A well known French newspaper named "L'Express" has accused that United States is using dangerous cyber weapon "Flame" to break into the computer networks inside France’s presidential palace also known as the Elysee. In his report L'Express has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data. According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now. The newspaper alleges that the attackers reportedly found their targets on Facebook, identifying people working inside the presidential palace and connecting with them on the social network. The social engineering laid the groundwork for the next phase of the attack; the victims were then sent links to a fake Elysee intranet page where their login credentials were stolen. Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it's claimed, login credentials were stolen. It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy's office. The United States Embassy in Paris has denied any involvement in hacking its ally. “We categorically refute allegations of unidentified sources,” Mitchell Moss, Embassy spokesman, told l’Express. “France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat.” Though the secretary  of Department of Homeland Security Janet Napolitano did not deny the U.S. was involved. She told l’Express: “We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones.”

While talking about Flame, we would like to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 

-Source (NS & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">USA Accused For Planting "Flame" Malware to Hack France President's Network"https://www.voiceofgreyhat.com/2012/11/USA-Accused-For-Planting-Flame-to-Hack-France.html</a>

Teen Hacker "Cosmo the God" of Underground Nazi Sentenced 6 Yrs Internet Ban By California Court

Teen Hacker "Cosmo the God" of Underground Nazi Sentenced 6 Yrs Internet Ban By California Court

A teenager hacker from an infamous hacker collective group named Underground Nazi faced Internet ban. On Wednesday the 15 years old hacker known as "Cosmo" or "Cosmo the God" was sentenced in juvenile court in Long Beach, California. According to sources, Cosmo pleaded guilty to multiple felonies in exchange for a probation, encompassing all the charges brought against him, which included charges based on credit card fraud, identity theft, bomb threats, and online impersonation. 

This newly formed hacker group Underground Nazi had taken the spot light in January this year, when they hacked UFC.com (Ultimate Fighting Championship). Later they involved them selves in mass protest against controversial privacy act SOPA & PIPA. The protest was dubbed Operation Megaupload (#OpMegaupload), where hacktivist Anonymous  along with hackers around the globe stand together against the take down of Megaupload.com. In the middle of 2012 Cosmo was also responsible for Twitter outage, where Cosmo along with few other UG Nazi members performed massive denial of service attack to interrupt the service of Twitter. Also it has been found that, Cosmo pioneered social-engineering techniques that allowed him to gain access to user accounts at Amazon, PayPal, and a slew of other companies. He was arrested in June during a part of a multi-state FBI sting. 

Representatives from both the Long Beach district attorney and public defenders offices refused to comment on the case, given Cosmo’s status as a juvenile. However, according to Cosmo, the terms of the plea place him on probation until his 21st birthday. During that time, he cannot use the internet without prior consent from his parole officer. Nor will he be allowed to use the Internet in an unsupervised manner, or for any purposes other than education-related ones. He is required to hand over all of his account logins and passwords. He must disclose in writing any devices that he has access to that have the capability to connect to a network. He is prohibited from having contact with any members or associates of UG Nazi or Anonymous, along with a specified list of other individuals. He had to forfeit all the computers and other items seized in the raid on his home. Also, according to Cosmo, violating any of these terms will result in a three-year prison term. The probationary period lasting until age 21 is standard, but other terms were more surprising.

-Source (Wired) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Teen Hacker "Cosmo the God" of Underground Nazi Sentenced 6 Yrs Internet Ban By California Court"https://www.voiceofgreyhat.com/2012/11/Cosmo-of-UGNazi-Sentenced-By-California-Court.html</a>

Cyber Security Summit Hosted By Department of Homeland Security (DHS)

Cyber Security Summit Hosted By Department of Homeland Security (DHS) 

As part of the national Stop.Think.Connect campaign against cyber threats to computers in the private and public sector, the city of Mesa and the Department of Homeland Security are hosting a cyber security summit at the Mesa Arts Center on Wednesday, Sept. 26. The mayor of Mesa said on Wednesday that interest in the summit is growing, and that there also will be numerous representatives of government from throughout the state and a member of the Secret Service attending the event.  Kelvin Coleman, U.S. Department of Homeland Security director of state, local, tribal and territorial cyber engagement, will be the keynote speaker. Mesa Mayor Scott Smith and District 3 councilman and Mesa Public Safety Committee chair Dennis Kavanaugh also will offer comments and help to facilitate questions during the event. “We use computers every day,” Smith said. “We don’t know how important computers are until they’re breached.”

-:Agenda & Other Details:- 

Date: September 26, 2012

Venue:- Mesa Contemporary Arts - Brown Sculpture Courtyard

1 E. Main Street
Mesa, AZ  85201 

7:30 a.m. Registration & Continental Breakfast sponsored by Siemens

8:30 a.m. Welcome and Opening Remarks

• Mayor Scott Smith
• Councilmember Dennis Kavanaugh

9:00 a.m. Keynote Address

• Mr. Kelvin Coleman, Director, State, Local, Tribal and Territorial Cybersecurity Engagement Program DHS National Cyber Security Division

9:30 a.m. Convenience vs. Security Expert Panel

Current Threats in an increasingly Networked World Panelist Bios

John Meza (Moderator), Assistant Chief, Mesa Police Department

James Choplin, Special Agent, Electronic Crimes Task Force, U.S. Secret Service

Dr. Dee H. Andrews, Ph.D. Senior Research Psychologist, Army Research Institute for the Behavioral and Social Sciences

Kristy Westphal, Director of Security Operation, T-Systems North America

Lonnie Benavides, Red Team Lead, The Boeing Company

Ilene Klein, City of Phoenix Office of Information Security and Privacy

Bill Kalaf, Executive Director - Intelligence-Led Policing, Mesa Police Department

 

During this session, the panel will outline and discuss many of the current threats affecting businesses, local government, users, such as social engineering, security of mobile devices and many of the trending applications on smart phones and PCs.

   

10:30 a.m. Networking Break

   

10:45 a.m. Closing Remarks

• Mayor Scott Smith

11:15 a.m. Adjournment

   

11:30 a.m. Post CyberSecurity Summit Break Out Session:  Methods for training supervisors to detect behavioral indicators of insider threat

Dr. Dee H. Andrews 

Senior Research Psychologist , U.S. Army Research Institute for the Behavioral and Social Sciences 

During this session, participants will get an overview of methods in training supervisors to spot and mitigate the cyber insider threat.  Statistics reveal that approximately 40% of the cyber incidents are caused by insiders.  

If you want to register for the U.S. Department of Homeland Security Cyber Security Summit then click Here. For additional information about Stop.Think.Connect. click Here

-Source (mesaaz.gov)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cyber Security Summit Hosted By Department of Homeland Security (DHS)"https://www.voiceofgreyhat.com/2012/09/Cyber-Security-Summit-Hosted-By-DHS.html</a>

Fbpwn Version 2.0 Released (Java Based Facebook Social Engineering Framework) Twitter pwn added

Fbpwn Version 2.0 Released (A cross-platform Java based Facebook social engineering framework) Twitter pwn added

Earlier we have discussed about Fbpwn. Now the time has come to update the version as the author - Hussein El Motayam has going to release version 2.0 of Fbpwn -A cross-platform Java based Facebook social engineering framework developed by Team Motayam. The most notable thing of this version is that the author has added 'Twitter pwn' that means you can now also extract Twitter information using Fbpwn Version 2.0. 

Bug Fix in Beta - 2.0

• Fixed all Login issues
• Added a new module: Dictionary builder
• Added a new module: Close friends finder
• Added an option to group dumped information by victim's ID
• Use FBPwn through proxy

Fbpwn 2.0 is Capable of:

• Dump friend list
• Add all victim friends
• Dump all users album pictures
• Dump profile information
• Dump photos
• Check friends request
• Dump victim wall
• Clone the profiles

FBPwn modules are:

AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.

ProfileCloner: A list of all bob's friends is displayed, you choose one of them (we'll call him andy). FBPwn will change mallory's display picture, and basic info to match andy's. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andy's account, but probably it would be too late as all his info are already saved for offline checking by mallory.

CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.

DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.

DumpImages: Accessable images (tagged and albums) are saved for offline viewing including comments under each image and album names. Same limitations of dump friends applies.

DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.

DumpWall: Dumps wall posts for offline viewing. Same limitations of dump friends applies.

DictionaryBuilder: Builds a dictionary using words from comments under photos and wall posts.

CloseFriendsFinder: Finds the victim's close circle of friends by counting number of comments,likes and tags under photos and wall posts with the ability to change the weights of the ranking criteria.

To Download Fbpwn Version 2.0 Click Here (Disclaimer- Use this tool at your own risk)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Fbpwn Version 2.0 Released (Java Based Facebook Social Engineering Framework) Twitter pwn added"https://www.voiceofgreyhat.com/2012/09/Fbpwn-Version-2.0-Released-Twitter-pwn-added.html</a>

Hacker Are Invited To Attack Facebook's Corporate Network

Hackers Are Invited To Attack Facebook's Corporate Network

Last year the social networking giant, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. The minimal reward amount was of $500. White hats were urged to search for Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code Injection bugs. In Facebook's White Hat program the company strictly announced that they should not be bothered with spam or social engineering techniques, DoS vulnerabilities, bugs in Facebook's corporate infrastructure and vulnerabilities in third-party websites or apps. Now they changed their mind. When the social network's security team randomly receiving tips from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the Corporate Network. There are quite a few bug bounty programs instituted by tech companies such as Google, Paypal but Facebook has become the first firm that gave formal permission to white hats to target its networks. Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there’s a million-dollar bug, they will pay it out.

Given that Facebook has a strong incentive to protect the data belonging to its 900 million users, and the fact that data breaches have become a disturbingly common occurrence in the last two years or so, the step seems like a logical one. 

-Source (Net-Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hacker Are Invited To Attack Facebook's Corporate Network"https://www.voiceofgreyhat.com/2012/07/HackersareInvitedToAttackFacebookCorporateNetwork.html</a>

Two Young Researchers Found Vulnerability in Microsoft Windows Live Which Could Lead ID-Theft

Two Young Researchers Found Security Flaws in Microsoft Windows Live Which Could Lead Identity Theft

Recently two young security researchers of Morocco named Abdeljalil S'hit and Yasser Aboukir discovered a serious vulnerability in Microsoft's Windows Live service. The vulnerability has been reported to Microsoft, but unfortunately the software giant neither gave compastion nor  did any comment about the said topic. In a report ZDNet said the vulnerability in question leveraged Cross-Site Scripting (XSS) to execute a malicious script. 

More specifically, the two researchers managed to cause an error on the Windows Live login page (as you can see above), and once the victim clicked on the "Continue" button, their malicious script would be executed. XSS flaw means that an attacker could impersonate a Windows Live user by gaining full control of the victim's cookies. Combined with social engineering, this technique could be used to steal a victim's Windows Live identity with ease. 

The last update we got from Microsoft is saying - "We quickly addressed the vulnerability in question to help keep customers protected and appreciate the researchers using Coordinated Vulnerability Disclosure to assist in us working toward a fix in a coordinated manner"

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Two Young Researchers Found Vulnerability in Microsoft Windows Live Which Could Lead ID-Theft"https://www.voiceofgreyhat.com/2012/07/two-young-researchers-found.html</a>

Java-Based Multi-platform Backdoor Targeting Windows, Mac & Linux Computers

Java-Based  Multi-platform Backdoor Targeting Windows, Mac & Linux Computers 

Security researcher at Kaspersky Lab have revealed a new java-based web vulnerability which is targeting Windows, Linux & Mac computers while installing backdoor. Mainly the whole thing is a Web-based social engineering attack that relies on malicious Java applets. According to security researchers from antivirus vendors F-Secure - the attack was detected on a compromised website in Colombia. When users visit the site, they are prompted to run a Java applet that hasn't been signed by a trusted certificate authority.

If allowed to run, the applet checks which operating system is running on the user's computer -- Windows, Mac OS X or Linux -- and drops a malicious binary file for the corresponding platform.

The JAR file checks if the user's machine is running in Windows, Mac or Linux then downloads the appropriate files for the platform. All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux, and Windows respectively.

The files are detected as:
Trojan-Downloader:Java/GetShell.A (sha1: 4a52bb43ff4ae19816e1b97453835da3565387b7)
Backdoor:OSX/GetShell.A (sha1: b05b11bc8520e73a9d62a3dc1d5854d3b4a52cef)
Backdoor:Linux/GetShell.A (sha1: 359a996b841bc02d339279d29112fe980637bf88)
Backdoor:W32/GetShell.A (sha1: 26fcc7d3106ab231ba0ed2cba34b7611dcf5fc0a)

However, since F-Secure researchers began monitoring the attack, the remote control server hasn't pushed any additional code. It appears that the attack uses the Social Engineer Toolkit (SET), a publicly available tool designed for penetration testers, Aquino said Tuesday via email. However, the chances of this being a penetration test sanctioned by the website's owner are relatively low.

Kaspersky's researchers are in the process of analyzing the backdoor-type malware downloaded by the malicious shell code on Windows and Linux. "The Win32 backdoor is large, about 600KB; the Linux backdoor is over 1MB in size, both appear to contact very complex code which communicates encrypted with other servers."

-Source (CW & F-Secure) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Java-Based Multi-platform Backdoor Targeting Windows, Mac & Linux Computers"https://www.voiceofgreyhat.com/2012/07/java-based-multi-platform-backdoor.html</a>

WHMCS Forum Get Hacked & Defaced By 1337 (Pakistani Hacker)

WHMCS Forum Get Hacked & Defaced By 1337 (Pakistani Hacker)

WHMCS, the popular client management billing platform used by a number of web hosting providers faced the wrath of hackers on Monday. After facing website downtime, WHMCS Developer Matt confirmed the breach via the company’s forums late last night. A Pakistani hacker code named "1337" managed to get access on the server and defaced the index page of WHMCS forum. As expected the hacker has also created a deface mirror on Zone-H. But the authority completely deny that they have security hole on the server. WHMCS laid the blame on what it referred to as a “social engineering attack.” WHMCS has handed over the investigation to the FBI.

It has also been reported that the official site of WHMCS had been  facing denial of service attack since last few days. Operation was carried out by hacking group UGNazi and succeeded in leaking data pertaining to 500 thousand user accounts. Another report from stated that the data totaled 1.7 gigabytes. Earlier this Pakistani hacker was responsible for the hack of world's largest warez forum.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">WHMCS Forum Get Hacked & Defaced By 1337 (Pakistani Hacker)"https://www.voiceofgreyhat.com/2012/05/whmcs-forum-get-hacked-defaced-by-1337.html</a>

Facebook Said - Please Hack Us & Get Bounty of $500

Facebook Said - Please Hack Us & Get Bounty of $500

Earlier through Hackers Cup, Facebook has already shown honour to hackers now social networking giant Facebook is directly encouraging hackers to try hacking its security systems to find weaknesses. Those who succeed will receive a reward of US$500 or more and have their name added to a list of helpful hackers.

The hackers have taken part in Facebook's White Hat program. Anyone who finds a way of breaching the site's networks, and owns up, can earn rewards worth thousands of dollars. As well as money, Facebook promises not to land them in trouble with the police & legal harassment if they have complied with the program's golden rules. Already one British hacker has earned more than $2400 from Facebook, and the most prolific White Hat contributors are now given their own Facebook "bug bounty" credit cards. Facebook's chief security officer, Joe Sullivan, says he would much rather the hackers worked with the company, rather than against it. In time, he hopes the hackers will be able to find legitimate ways of expressing themselves within schools and universities. "There is a real lack of practical academic programs for cyber-security not only in the US but also internationally," he said. "Cyber-security is a skill best learned by doing, and unfortunately many of the current academic programs place little emphasis on real-world practical experience such as that gained in competition or via bug-bounty programs.

According to Facebook - "If you're a security researcher, please review our responsible disclosure policy before reporting any vulnerabilities. If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

Eligibility:-
To qualify for a bounty, you must:

• Adhere to our Responsible Disclosure Policy:

• Be the first person to responsibly disclose the bug

• Report a bug that could compromise the integrity of Facebook user data, or circumvent the privacy protections of Facebook user data, such as:

• Cross-Site Scripting (XSS)

• Cross-Site Request Forgery (CSRF/XSRF)

• Remote Code Injection

• Broken Authentication (including Facebook OAuth bugs)

• Circumvention of our Platform permission model

• A bug that allows the viewing of private user data

• Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)

Rewards:-

• A typical bounty is $500 USD

• We may increase the reward for specific bugs

• Only 1 bounty per security bug will be awarded

Exclusions:-
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):

• Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])

• Security bugs in third-party websites that integrate with Facebook

• Security bugs in Facebook's corporate infrastructure

• Denial of Service Vulnerabilities

• Spam or Social Engineering technique

                      For detailed information click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Said - Please Hack Us & Get Bounty of $500"https://www.voiceofgreyhat.com/2012/05/facebook-said-please-hack-us-get-bounty.html</a>

Flashback.G Trojan Targeting Mac Users While Stealing Passwords

 Flashback.G Trojan Targeting Mac Users While Stealing Passwords

Remember earlier MAC Security Blog reported that the latest version, Flashback.D, has gotten a bit sneakier. First, it checks to see if the user is running Mac OS X in VMware Fusion. If so, it does not execute. It does this because many malware researchers test malware in virtual machines, rather than infect full installations, as it is easier to delete them and start over with clean copies. This means that security researchers analyzing and looking for this malware need to be running regular Macs.

 Yet again Mac users became the victim of another trojan. This new Trojan virus is capable of infecting their computers and stealing passwords to services such as Google, PayPal, online banking & so on. This virus is using a new installation method When a user visits a crafted web page, the new variant either tries to exploit two old security vulnerabilities or deploys a Java Applet which tries to trick the user into believing it has been certified by Apple. According to Mac Security Blog (Intego):- This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.
It is worth noting that Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac in question. It does this to avoid detection. It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.

Earlier also Mac users faced such attacks where OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Flashback.G Trojan Targeting Mac Users While Stealing Passwords"https://www.voiceofgreyhat.com/2012/02/flashbackg-trojan-targeting-mac-users.html</a>

PandaLabs Exclusive Report: Privacy Violations Will Be The Biggest Security Threat in 2012

Panda Security anti-malware laboratory, today announced its predictions for top security trends to watch for in the coming year. Cyber-espionage, along with privacy violations and social networking attacks facilitated by the increased use of mobile and tablet devices, will be the source of increased security threats over the coming months.

Cyber-espionage targeting companies and government agencies around the world will dominate corporate and national information security landscapes, with the integrity of classified and other protected information on the line. Trojans are expected to be the weapon of choice for hackers focused on these highly-sensitive targets.

According to Luis Corrons, technical director of PandaLabs, “We live in a world where all information is in digital form and is easily accessible if you know how. Today’s spies no longer need to infiltrate a building to steal information. As long as they have the necessary computer skills, they can wreak havoc and access even the best-kept secrets of organizations without ever leaving their homes.”

Consumers will continue to be targeted by cyber-criminals as they find ever more sophisticated ways to target social media sites for stealing personal data. Social engineering techniques exploiting users’ naïveté have become the weapon of choice for hackers targeting personally-identifiable information. “Social networking sites provide a space where users feel safe as they interact with friends and family. The problem is that attackers are creating malware that takes advantage of that false sense of security to spread their creations,” says Corrons. “It is very easy for cyber-criminals to trick users with generic messages like ‘Look, you’re on this video,’ for example. Sometimes, curiosity can be our own worst enemy.”

Summary of what PandaLabs predicts as the major security trends of 2012:-

• Mobile Malware:- A year ago, PandaLabs predicted a surge in cyber attacks on mobile phones, and the fact that Android has become the number one mobile target for cyber-crooks in 2011 confirms that prediction. That trend will continue in 2012, with a new focus on mobile payment methods using Near-Field Communications (NFC) as these applications become increasingly popular.

• Malware for Tablets:- Since tablets share the same operating system as smartphones, they are likely be targeted by the same malware. In addition, tablets might draw a special interest from cyber-crooks since people are using them for an increasing number of activities and are more likely to store sensitive data.

• Mac Malware:- As the market share of Mac users continues to grow, the number of threats will grow as well. Fortunately, Mac users are now more aware that they are not immune to malware attacks and are increasingly using antivirus programs to protect themselves. The number of malware specimens for Mac will continue to grow in 2012, although still at a slower rate than for PCs.

• PC Malware:- PC malware has grown exponentially over the past few years, and everything indicates that the trend will continue in 2012. Trojans, designed to sit silently on users’ computers, stealing information and transmitting it back to their handlers will continue to be cyber-crooks’ weapon of choice; 75 percent of new malware strains in 2011 were Trojans.

• SMBs Under Attack:- Financial institutions are fairly well protected these days against malware. But smaller businesses are easier and cheaper targets to attack, and their customer databases can be a real treasure trove for hackers, particularly if credit card and other financial data is stored “in the clear”. Unfortunately, many small to medium-sized companies do not have dedicated security teams, which makes them much more vulnerable.

• Windows 8:- While not scheduled until November 2012, the anticipated next version of Microsoft’s operating system will offer cyber-crooks new opportunities to create malicious software. Windows 8 will allow users to develop malware applications for virtually any device (PCs, tablets and smartphones) running this platform, although this will likely not take place until 2013.

Corrons concludes, “The malware game continues. As new technologies advance, cyber-crooks develop new modes of attack, often by simply adapting old techniques to the new platforms – which is an area software vendors need to pay attention to. In the end, though, it’s users’ false sense of security that is the hacker’s best friend.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PandaLabs Exclusive Report: Privacy Violations Will Be The Biggest Security Threat in 2012"https://www.voiceofgreyhat.com/2011/12/pandalabs-exclusive-report-privacy.html</a>

2011 "The Year of The Hack" A Brief Over View & Prediction of 2012

Everyday when you open voiceofgreyhat.com you see lost of hacks, defacement, data breached, server rooted, database hacked, information leaked and so on and on. Here is some summary where all the recent attacks ware covered. If 2011 was “the year of the hack,” as it was dubbed by Richard Clarke, former White House cyber-security czar

Would 2012 be the year enterprises apply the lessons learned and stop the attacks? 
Apparently not, as security experts are predicting even more sophisticated attacks for 2012. 

Defense contractors, government agencies, and other public and private organizations reported network breaches where attackers stole intellectual property, financial data and other sensitive data. Hacktivist groups such as Anonymous and LulzSec demonstrated how much damage they can cause large organizations by employing fairly well-known techniques against the application layer. 

What’s the security outlook for 2012? 

It’s appears gloomy, as security experts warn that cyber-attackers will target applications, mobile devices and social networking sites. There will be more social engineering as attackers research victims beforehand to craft even more targeted attacks.

2011 was a year in transition, David Koretz, CEO of Mykonos Software, told, the year when sophisticated Web application attacks came of age. Before, people were talking about the threat to Web applications but were unable to quantify the problem. “2011 is the year people started caring about Web security for the first time,” Koretz said

Attackers targeted applications through SQL injection and cross-site scripting attacks to get access to sensitive data, said Lori MacVittie, senior technical marketing manager at F5 Networks. There are more kits and exploit tools released that exploit certain vulnerabilities, making it easier for even less skilled attackers to launch sophisticated attacks. There will be more of these tools in 2012, she said.

Social media has become more ubiquitous. Forrester estimated 76 percent of enterprises allow some access to social networking sites from within the corporate networks,  and 41 percent allow “unfettered access” to these sites. Many of the data breach and cyber-attack headlines in 2011 were social engineering attacks that exploited email and the Web as an attack vector, according to Rick Holland, a Forrester analyst.

Attacks against social network sites accounted for only 5 percent of total social engineering attacks in Verizon’s 2011 Data Breach Investigations Report. Forrester expects this number to “increase significantly” in 2012, Holland said.

Malware for mobile platforms grabbed headlines in 2011, starting with Google removing apps infected with DroidDream malware from Android Market and then remotely removing them from user devices.

Malware developed for mobile platforms exploded in volume and sophistication, according to Juniper Networks’ Global Threat Center. Criminals released a mobile version of the Zeus Trojan designed to intercept security controls used for online banking for several mobile platforms. Many users were infected with malware that turned their smartphones into zombies participating in a botnet without their knowledge.

Mobile device adoption is on track to reach 60 million tablets and 175 million smartphones in the workforce by 2012, according to Forrester. The majority of users will not be using these devices secured within the corporate environment as they will be working from home offices, public hotspots and third-party networks.

Organizations will increasingly shift their content security operations to the cloud to better protect mobile users. Security professionals have to adapt quickly to multiple mobile form factors and evolving threats from sophisticated malware and social networks, Holland said. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">2011 "The Year of The Hack" A Brief Over View & Prediction of 2012"https://www.voiceofgreyhat.com/2011/12/2011-year-of-hack-brief-over-view.html</a>

Spy Files By Wikileaks Said Government Using Malware For Surveillance

The latest round of documents published by Wikileaks offers a rare glimpse into the world of surveillance products. The collection—which Wikileaks calls the Spy Files—includes confidential brochures and slide presentations that companies use to market intrusive surveillance tools to governments and law enforcement agencies. The documents published by Wikileaks include 287 files that describe products from 160 companies. The group says that these files are only the first set of a larger collection and that more will be published in the future. The project is being carried out in collaboration with activist groups such as Privacy International and press organizations such as the Bureau of Investigative Journalism and the Washington Post.

"[The surveillance industry] is, in practice, unregulated. Intelligence agencies, military forces, and police authorities are able to silently, and on mass, and [sic] secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers," wrote Wikileaks in its report.

 "In the last ten years systems for indiscriminate, mass surveillance have become the norm."

Surveillance products revealed in the Spy Files cover a wide range of different communication technologies. Many are designed to circumvent standard privacy and security safeguards in mainstream consumer technology products so that they can collect as much data as possible. Some are even deliberately programmed to operate like malware.

The software will capture the content of encrypted communications—including instant messaging conversations, e-mails, and the user's Web activity—and will relay the data to the party conducting surveillance. The software also includes key logging, remote file access, and has the ability to capture screenshots. The company cites "zero day exploits" and "social engineering" in a bulleted list of ways that its remote forensic software can be installed on the computer of a surveillance target.

For More Information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Spy Files By Wikileaks Said Government Using Malware For Surveillance"https://www.voiceofgreyhat.com/2011/12/spy-files-by-wikileaks-said-governments.html</a>

Social Engineer Toolkit (SET) Version 2.4.2 Released

Social Engineer Toolkit has been updated! We now have the Social Engineer Toolkit version 2.4.2. 

Brief About SET:-

The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Official Change Log For Social Engineer Toolkit v2.4.2:-

• Fixed a bug in multiattack vector where specifying java applet attack and shellcode exec would not properly inject alphanumeric shellcode into applet properly
• Restructured multiattack vector to properly clone, prep payload delivery, then inject alphanumeric shellcode
• Added better handling around multiple attack vectors
• Fixed a bug that caused msfvenom to bomb out if path was /opt/framework3/msf3 versus /opt/framework/msf3
• Added better handling around multiattack in Social Engineer Toolkit
• Fixed a bug with self signed certificates would continue to show Microsoft versus what you sign it with
• Changed java applet to load and render at bottom of body versus in head. Page should now load with Java Applet appearing
• Fixed a bug where Java Repeater would not load properly when executed due to a incorrect loop within cloner.py
• Added the ability to use filename for import versus directory
• Added the ability to import index.html files versus just the folder on the custom import feature

To Download Social Engineer Toolkit v2.4.2 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Social Engineer Toolkit (SET) Version 2.4.2 Released"https://www.voiceofgreyhat.com/2011/12/social-engineer-toolkit-set-version-242.html</a>

Cybersecurity Predictions for 2012 (Websense Security Labs)

Cyber security predictions for 2012 an exclusive report by Websense Security Labs released. Since the last year their report was very much accurate. Dan Hubbard, chief technology officer, writes about his company’s predictions of what will occur in Cyber Security in 2012. So this time also Hubbard’s predictions could prove to be very useful guidance for information security professionals trying to mitigate the expected risks involving cybersecurity in 2012.

Highlights:-

• Your social media identity may prove more valuable to cybercriminals than your credit cards.

• The primary blended attack method used in the most advanced attacks will be to go through your social media “friends,” mobile devices and through the cloud.

• The number of people who fall victim to believable social engineering scams rise exponentially if the bad guys find a way to use mobile location-based services to design hyperspecific geolocation social engineering attempts.

• As more traffic moves through encrypted tunnels, many traditional enterprise security defenses are going to be left looking for a threat needle in a haystack, since they cannot effectively inspect the encoded traffic.

• Containment is the new prevention.

• Cybercriminals will continue to take advantage of today’s 24-hour, up-to-the minute news cycle.

• Scareware tactics and the use of rogue anti-virus, which decreased a bit in 2011, will stage a comeback.

To read the entire article Click Here

The full report can be downloaded from Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cybersecurity Predictions for 2012 (Websense Security Labs)"https://www.voiceofgreyhat.com/2011/11/cybersecurity-predictions-for-2012.html</a>

Hackers Champions League Presented By Innobuzz & VOGH (Call For Research Papers)

Hackers Champions League is Presented by Innobuzz Knowledge Solution & Voice of Greyhat (VOGH). This is 1st event ever conducted in India where the ability of hackers will be classified.  All the hackers around the globe can participate, show their skills, ability, potentiality & compatibility. The main aim of conducting Hackers Champions League (HCL 2011) is to enrich the Cyber Security because we believe that "Security Comes from You".
All the hackers, security researchers, Pen testers around the whole spectrum are invited to take part in this event. In HCL 2011 a participant have to submit his/her research papers. Our honorable judges panel will select the winners and the top 50 candidates will get exclusive gift from the organizer.

Contents of The Paper:-

•         New Security Flaws

•         Vulnerabilities

•         Malware

•         Trojan,Stealer, Backdoors & Bots

•         Cryptography & Steganography

•         Firewalls, IDS & Honeypots

•         Reverse Engineering

•         Captcha System

•         Algorithm

•         Mobile Security (Android, i-OS)

•         Denial of Service (DoS)

•         DNS Poisoning

•         New Cyber Attacks

•         Social Engineering

•         On-line Frauds

•         Web Vulnerabilities

•         Operating System

•         Scripting (Exploit Writing)

•         Wireless Security

How to submit the paper:-

All the papers must be submitted to the following Email id

hcl@voiceofgreyhat.com

1. The name of the Author
2. Content (Which he/she has selected from the above list)
3. Subject or Title of your research paper
4. Email-id
5. Phone Number (Optional)
6. Papers Must be on .pdf Format
7. Video Demonstration, PPT Presentation Can also be added  


Note That:- All the papers must be submitted on or before the 28th of December 2011

For More info click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hackers Champions League Presented By Innobuzz & VOGH (Call For Research Papers)"https://www.voiceofgreyhat.com/2011/11/hackers-champions-league-presented-by_10.html</a>

The Nitro Attacks Stealing Secrets from the Chemical Industry

Symantec prepares a a report on the ongoing malware report and named it "Nitro Attacks". By using this an attacker can pull secretes information from chemical industries, companies, the attack is mainly based on social engineering. 

An Analysis report is Saying:-

This "nitro" attack has an interesting blend of malware techniques that does show some ingenuity. It used a socially engineered email message with a malicious attachment. While the malware component of the attack was a recycled version of the common remote access Trojan (RAT) PoisonIvy, it was often packaged in an encrypted archive to evade email gateway detection. Nitro portrayed itself as a necessary Adobe Flash or anti-virus update, using your desire to be secure to trick you into installing the malware. Like many other targeted attacks that have come to light recently, this one attacks our weakest link, our humanity.
One of the behaviors of the Trojan was to collect password hashes from compromised Windows computers. If you haven't already gotten the memo, it is an extremely bad idea to give your users administrative rights.
Malware cannot access the Windows cache of passwords, which almost always has admin credentials included, if it does not have administrative rights. Simply restricting permissions would be enough to stunt the spread of an attack like this. Additionally, the behavior of this malware is quite easy for HIPS or behavioral anti-virus to detect and block. With the multitude of techniques being used by the bad guys, analyzing the behavior of applications is critical.
The command and control for this Trojan was located on a virtual hosted server in the United States. Symantec's investigation shows that the person who owns this instance, Covert Grove, is based in the Hebei region of China. In too many high profile organizations, IT security and their users have an adversarial relationship. Additionally, IT often does not use the full capabilities of the tools they are purchasing out of fear of false positives. Blocking suspicious attachments, using proactive detection technologies and educating users could all stop this type of attack from succeeding. If you weren't one of the victims, this is a great lesson on what you should be doing to protect against the next attack.

For more info & to download the symantec report click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">The Nitro Attacks Stealing Secrets from the Chemical Industry"https://www.voiceofgreyhat.com/2011/11/nitro-attacks-stealing-secrets-from.html</a>

Son of Flynn (Social Engineer Toolkit v2.2) Released

Social Engineer Toolkit has been updated! This release is named “Son of Flynn”. We now have the Social Engineer Toolkit version 2.2. The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Official Change Log for Social Engineer Toolkit v2.2:-

* Added better handling when generating your own legitimate certifcate and ensure proper import into SET

* Adjusted java repeater time to have a little more delay, seems to be more reliable and stable if that occurs.
* Removed the check from the main launch of SET for pymssql and only added it when the fast-track menu was specified
* Removed the derbycon posting since it already happened. When we get closer I’ll re-add it back in with detailed information
* Removed old files in the java applet attack that were not needed.
* Added better granularity checking the Java Applet attack when the shellcode exec or normal attacks were being specified.
* Fixed a bug that caused infectious media bomb out if shellcodeexec was specified as a payload
* Added a legal disclaimer for first inital use of SET that is must be used for lawful purposes only and never malicious intent
* Added improved stability of the java applet attack through better payload detect/selection
* Fixed a bug with shellcodeexec and creating a payload and listener through SET, it would throw an exception, it now exports shellcodeexec properly and exports alphanumeric shellcode
* Added new config check inside core.py, will return value of config, easier..will gradually replace all config checks with this
* Fixed an issue that would cause AUTO_REDIRECT=OFF to still continue to redirect. This was caused from a rewrite of teh applet and the same parameters not being filtered properly
* Added more customizing Options to RATTE. Now you can specifiy custom filename ratte uses for evading local firewalls. So you can deploy RATTE as readme.pdf.exe and it will run as iexplore.exe to bypass local firewalls. You can although specify if RATTE should be persistent or not. For testing network firewalls you won’t need a persistent one. Doing a penetration test you may choose a persistent configuration.
* Fixed a bug in RATTE which could break connection to Server. RATTE now runs much more stable and can bypass high end network firewalls much more reliable.
* Added a new config option called POWERSHELL_INJECTION, this uses the technique discovered by Matthew Graeber which injects shellcode directly into memory through powershell
* Added a new teensy powershell attack leveraging Matthew Graebers attack vector.
* Rehauled the Java Applet attack to incorporate the powershell injectiont technique, its still experimental, so will remain OFF in the config by default. The applet will not detect if Powershell is installed, and if so, use the shellcode deployment method to gain memory execution without touching disk through PowerShell.
* Fixed a bug that would cause mssql bruter to error if powershell injection was enabled or other attack vectors

To Download SET 2.2 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Son of Flynn (Social Engineer Toolkit v2.2) Released"https://www.voiceofgreyhat.com/2011/10/son-of-flynn-social-engineer-toolkit.html</a>

Hcon Security Testing Framework By Ashish Mistry (Information Security Researcher)

Hcon is the spirit of gaining & sharing knowledge. It is the platform for the people who want to learn and share knowledge with freedom, and of course it is the platform for me and my group to share our knowledge with the world and learn more. 

Description:-
Security testing Frameworks based on deferent bases. contains 100 of tools for perform tasks like recon ,social engineering ,  vulnerability assessment , exploitation , code auditing,  reporting , etc. currently available for windows for XP , vista, 7 and also it has a portable edition. This framework has been designed and developed by Ashish Mistry (Information Security Researcher & Trainer)

Features:-
Most of the part of HSTF is semi-automated but you still need your brain to work it out. It can be use in web developing / debugging & all IT security testing stages, it has tools for

• Information gathering

• Enumeration & Reconnaissance

• Vulnerability assessment

• Exploitation

• Privilege escalation

• Reporting

To Download Hcon:-

• Hfox v 0.3 (Firefox based)

• Hcon STF v0.1 (Chromium Based)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hcon Security Testing Framework By Ashish Mistry (Information Security Researcher)"https://www.voiceofgreyhat.com/2011/10/hcon-security-testing-framework-by.html</a>

Facebook Get Updated & Created New Security Concerns

Facebook CEO Mark Zuckerberg unveiled a raft of changes at this year’s f8 Developer Conference, many of which have left security experts concerned about a rise in Twitter-style spambots as well as targeted cybercrime attacks on users.
New privacy controls as well as the new Subscribers, News Ticker and Timeline features have boosted usability and sharing on the social networking, but according to BitDefender, the changes could also mean a rise in the number of privacy and security breach incidents.

The company has created a list of the Facebook changes, and the impact they could have on online security:-

1. Smart Lists, will prompt users to share more information publicly, but will also have the adverse effect of supplying ammunition for targeted attacks.
Smart Lists encourage people to complete their profile with details of their career, work projects, where they went to school or which city they live in. Every time someone creates a list with colleagues from a specific job, this is tagged in their profile. Of course, this is generally not confidential information, and the user has the final decision on whether to approve or reject the tag. But having this information public and indexable will make it much easier to create sophisticated, targeted attacks. Attackers will be able to find out exactly who is working for a specific company at any given time, their job and, more importantly, what project(s) they are working on. The additional information available to a hacker may lead to an increase in socially engineered attacks on businesses, where hackers attempt to gain access to a company’s network or confidential information by targeting its employees as the point of entry.

2. The Subscribe feature could increase the number of spambots, just like on Twitter.
The subscribe feature lets Facebook users follow people of interest, much like Twitter. It also allows your updates to be followed by others, even if they are not friends with you on Facebook. But with the introduction of Twitter-like features, BitDefender believes that Facebook users may see an increase in the number of Twitter-like threats and annoyances, too.
These include spambots and fake schemes that try to lure users in with promises of obtaining more subscribers to their profile page.

3. The Timeline feature means everything you’ve ever shared on Facebook is now available and easy to browse.
Timeline is a revolution of usability, but it’s also the open story of your life to date on the social network. If the default settings are not changed, to restrict who can see your wall, the content will, by default, be available for anyone to see. Friends, photos, places you have checked in, relationships and much more.
It’s important for Facebook users to be aware of this privacy setting when using Timeline, and adjust this accordingly.

4. Health is now social… and public.
The Facebook timeline considers health information social. While it will be easy to share health-related updates such as breaking a bone, undergoing surgery or overcoming an illness, this information is also set to public by default. While seemingly innocuous, information about health that is shared publicly may risk being exploited for identity theft or social engineering attacks.

5. Widgets, open the door to interactive scams.
With Timeline, Facebook also introduced widgets that live on users’ profile pages, which takes social interaction to a whole new level. Until now, anyone who had an application installed could only interact with other users within the app. Now, the app is on the user’s wall, so anyone who interacts with the user profile can also interact with the app.
This isn’t a concern for legitimate apps, but the ease with which they can be accessed may lead to fake or scam apps spreading quickly through the social network.

-News Source (F8, Dynamic Business & FB)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Get Updated & Created New Security Concerns"https://www.voiceofgreyhat.com/2011/10/facebook-get-updated-created-new.html</a>