EU Opens The Door of European Cybercrime Centre (EC3) To Protect Europe From Cyber Threat

EU Opens The Door of European Cybercrime Centre (EC3) To Protect Europe From Cyber Threat

We all are aware of FBI's Internet Crime Complaint Center also known as IC3, which is protecting U.S. citizen from cyber criminals and attacks. But the cyber world is not limited to U.S. so as cyber criminals, and to get rid of this and while protecting every countries digital fence safe and secure there need to be organizations like IC3. All the growing and developing countries across the globe are in rush to ensue maximum digital and cyber security. This same rush and impact also applies for Europe countries and the result is in front of us. As the fight against cyber crime in Europe has got a new home. The European Cybercrime Centre (EC3) officially open its doors from this January 11, at the European Police Office, Europol in the Hague. In the middle of last year European Commission declared that are preparing a cybercrime center to fight against cyber threats. And after an effort of six months they made it possible and live for the people of Europe. Such organization will surely enhance the cyber security of European countries.  In the official press release EUROPA said "EC3 will be up and running to help protect European citizens and businesses from cyber-crime." 

EC3 officially commenced its activities on 1 January 2013 with a mandate to tackle the following areas of cybercrime: 

• That committed by organised groups to generate large criminal profits such as online fraud
• That which causes serious harm to the victim such as online child sexual exploitation
• That which affects critical infrastructure and information systems in the European Union

According to the press release of European Commission - "The Cybercrime Centre will give a strong boost to the EU's capacity to fight cybercrime and defend an internet that is free, open and secure. Cybercriminals are smart and quick in using new technologies for criminal purposes; the EC3 will help us become even smarter and quicker to help prevent and fight their crimes", said Commissioner Malmström.

"In combatting cybercrime, with its borderless nature and huge ability for the criminals to hide, we need a flexible and adequate response. The European Cybercrime Centre is designed to deliver this expertise as a fusion centre, as a centre for operational investigative and forensic support, but also through its ability to mobilise all relevant resources in EU Member States to mitigate and reduce the threat from cybercriminals wherever they operate from", said Troels Oerting, Head of the European Cybercrime Centre

Investigations into online fraud, child abuse online and other cybercrimes regularly involve hundreds of victims at a time, and suspects in many different parts of the world. Operations of this magnitude cannot be successfully concluded by national police forces alone.

The opening of the European Cybercrime Centre (EC3) marks a significant shift in how the EU has been addressing cybercrime so far. Above all, the approach of the EC3 will be more forward-thinking and inclusive. It will pool expertise and information, support criminal investigations and promote EU-wide solutions.

The EC3 will focus on illegal online activities carried out by organised crime groups, especially attacks targeting e-banking and other online financial activities, online child sexual exploitation and those crimes that affect the critical infrastructure and information systems in the EU.

The Centre will also facilitate research and development and ensure capacity building among law enforcement, judges and prosecutors and will produce threat assessments, including trend analyses, forecasts and early warnings. In order to dismantle more cybercrime networks and prosecute more suspects, the EC3 will gather and process cybercrime related data and will provide a Cybercrime Help desk for EU countries' law enforcement units. It will offer operational support to EU countries (e.g. against intrusion, fraud, online child sexual abuse, etc.) and deliver high-level technical, analytical and forensic expertise in EU joint investigations. 

For Detailed Information Please Visit The Official Website of Europol's EC3 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">EU Opens The Door of European Cybercrime Centre (EC3) To Protect Europe From Cyber Threat"https://www.voiceofgreyhat.com/2013/01/European-Cybercrime-Centre-EC3.html</a>

FBI Wanted Cyber Criminal Hamza Bendelladj Arrested in Thailand

FBI Wanted Cyber Criminal Hamza Bendelladj Arrested in Thailand

Another FBI listed cyber criminal get nabbed. The suspect named Hamza Bendelladj of 24 yrs have been arrested in late Sunday night during a layover at Thailand’s international airport while traveling from Malaysia to Egypt. According to the officials Bendelladj is an Algerian national wanted by the United States Federal Bureau of Investigation (FBI) for allegedly making tens of millions of dollars from cyber crime. Police confiscated two laptops, a tablet computer, a satellite phone and a number of external hard drives from Bendelladj. According to the officials FBI had been pursuing Bendelladj for nearly three years. U.S. authorities believe the suspect hacked private accounts in more than 217 banks and financial companies worldwide, causing about $10 million in losses per transaction. After this arrest, he will be extradited to the U.S. state of Georgia, where a district court has issued an arrest warrant. In an exclusive report Bangkok Post said -a smiling Bendelladj, who was present at the press conference, denied claims by the Thai authorities that he was on the FBI's top-10 most wanted list. "I'm not in the top 10, maybe just 20th or 50th," the Algerian suspect said with a laugh. "I am not a terrorist."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">FBI Wanted Cyber Criminal Hamza Bendelladj Arrested in Thailand"https://www.voiceofgreyhat.com/2013/01/FBI-Wanted-Hamza-Bendelladj-Arrested-in-Thailand.html</a>

Official Website of Senator Vicente C. Sotto III Hacked By Anonymous Philippines

Official Website of Senator Vicente C. Sotto III Hacked By Anonymous Philippines

Philippines rampage of hacktivist Anonymous continues, as this hacker collective group strikes again and blown the official website of Senator Vicente C. Sotto III. This attack carried under the banner of 'OccupyPhilippines' where the hacker group hacked into server of Senator Tito Sotto and defaced the index page. According to the hacker, the cyber attack was to stand against the controversial "Cybercrime Prevention Act of Philippines" widely known as Republic Act No. 10175. The hacker group believed that, if this bill did not get revised, then the freedom of speech in cyber space will be restricted. During this attack the hacker tried to send his message to the Senator, and that is - 

"It's been a long time, Tito Sen! Deny us our freedom of speech and of expression through R.A. 10175 

and we will deny you your cyberspace. You cannot shut us up, you cannot shut us down. 

And you shall not see us rest until R.A. 10175 is revised.

We are all waiting, we are all ready.

We are Anonymous, we are legion.

We do not forgive and we do not forget.

Expect Us

Protect our Right to Freedom of Expression!..."

The attack took place in yesterday evening, as soon as the intrusion was spotted the site was sent offline for a certain period. And today morning, the whole thing get restored and it came back to its normal format. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Official Website of Senator Vicente C. Sotto III Hacked By Anonymous Philippines"https://www.voiceofgreyhat.com/2013/01/Senator-Tito-Sotto-Hacked-By-Anonymous.html</a>

SQL Injection Vulnerability Affected All Versions of Ruby on Rails

SQL Injection Vulnerability Affected All Versions of Ruby on Rails (CVE-2012-5664)

Developers at Ruby on Rails are warning its users regarding a Sql Injection flaws which has affected all the current version of Ruby on Rails web framework. While exploiting the vulnerability an attacker can inject and even execute malicious codes into the web application. "Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL," explained the Rails framework's developers. As soon as this vulnerability has been spotted in the wild, the maintainers of Ruby on Rails have released new versions that addresses the flaw, versions 3.2.10, 3.1.9 and 3.0.18. In their advisory Ruby on Rails team recommends that users running affected versions, which is essentially anyone using Ruby on Rails, upgrade immediately to one of the fixed versions mentioned earlier. "We're sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don't feel we can delay the release," Rails developer concluded. 

The original problem was disclosed on the Phenoelit blog in late December where the author applied the technique to extract user credentials from a Ruby on Rails system, circumventing the authlogic authentication framework. While talking about the vulnerability discloser of Ruby on Rails, we would like to remind you that, this is not the first time, earlier in 2012 a Russian security researcher named Homakov has found that Github has succumbed to a public key vulnerability in Ruby on Rails which is allowing a normal user to gain administrator access into the popular Rails Git.

Brief About Ruby on Rails:- Ruby on Rails, often shortened to Rails, is an open source full-stack web application framework for the Ruby programming language. Ruby on Rails runs on the general-purpose programming language Ruby, which predates it by more than a decade. Rails is a full-stack framework, meaning that it gives the web developer the ability to gather information from the web server, talk to or query the database, and render templates out of the box. As a result, Rails features a routing system that is independent of the web server. Ruby on Rails emphasizes the use of well-known software engineering patterns and principles, such as Active record pattern, Convention over Configuration, Don't Repeat Yourself and Model-View-Controller.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SQL Injection Vulnerability Affected All Versions of Ruby on Rails"https://www.voiceofgreyhat.com/2013/01/SQL-Injection-Vulnerability-in-Ruby-on-Rails.html</a>

Citi Bank & Bank of America Faced Sent Offline After Massive DDoS Attack (Operation Ababil)

Citi Bank & Bank of America Faced Sent Offline After Massive DDoS Attack (Operation Ababil)

Late in last year we have reported that major banking and finical sector of America faced massive cyber attack. The attack came just after 'anti Islamic' video was posted online. During the time of attack the hacker group named 'Izz ad-Din al Qassam Cyber Fighters' said "these series of attacks will continue until the Erasing of that nasty movie from the Internet". But now its seems that, the earlier deceleration of the hacker collective group was fake, as they again engaged denial of service attack against large banking sector, where Citi Bank and Bank of America fallen victim. Several website of those above banks were reported offline for a certain period of time. "Just moments ago Izz ad-Din al-Qassam Cyber Fighters attacked CitiBank and made all the parts out of reach. This was the 2nd attack this day. Banks could not stop al-Qassam Cyber fighters this week" - said the hacker group in their blog. In thier blog Hilf-ol-Fozoul reports that on Thursday several domains of Citi Bank such as citicards.com, citibank.com and citi.com were inaccessible during the pick hours. "In the 3rd week from Operation Ababil, Bank of America faced technical difficulties due to heavy traffic made by al - Qassam Cyber Fighters and users can no more reach the site." said the hackers. 

The Citi Bank’s representatives acknowledged the cyber attack while saying “Currently we are aware & are working on technical issues with Citi websites. We will let you know when service is fully restored. We apologize for the inconvenience. Please call the number on the back of your card if you need immediate assistance,” on Twitter. But the representatives of Bank of America have not issued any statements on the matter.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Citi Bank & Bank of America Faced Sent Offline After Massive DDoS Attack (Operation Ababil)"https://www.voiceofgreyhat.com/2013/01/Citi-Bank-Bank-of-America-Faced-DDoS-Attack.html</a>

Ministry of Defense Argentina Hacked By LulzSec Peru, Sensitive Information (Aircraft, Submarines, Weapons) Leaked

Ministry of Defense Argentina Hacked By LulzSec Peru, Sensitive Information (Aircraft, Submarines, Weapons) Leaked

A hacktivist group claiming to be the part of infamous LulzSec, targeted the official website of Argentinian Ministry of Defense. This round of cyber attack taken sensitive data from Ministry of Defense server, along with that the index page also get defaced by the hacker group calling them selves 'LulzSec Peru'. The leaked data, allegedly said “top secret” documents from the ministry’s systems has been posted on AnonPaste. The total leak is almost 100 megabytes in size, contains information on submarines, radars and weapons. It also contains user details such as usernames, passwords, the names of officials and other sensitive information. The release on AnonPaste also did satire of the cyber security system of Argentinian Ministry while saying "According to statements by the DEPARTMENT OF ARGENTINA DEFENSE the computer systems area say they had a system impossible to hack, thing turned otherwise. The event should not be taken as terrorism, was for the simple fact to prove that the system was totally vulnerable. The documents contain highly sensitive material rated SECRET (aircraft, submarines, guns)..."

As per sources the data dump, leaked by the hacker was indeed stolen from Ministry's system, also the deface mirror on Zone-H is showing that the official website was indeed hacked and defaced. Though the officials of Argentinian Ministry did not commented about this incident. After the hack was spotted on the wild, the authorities restored their system, and the website came back to its normal format very soon. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Ministry of Defense Argentina Hacked By LulzSec Peru, Sensitive Information (Aircraft, Submarines, Weapons) Leaked"https://www.voiceofgreyhat.com/2013/01/Ministry-of-Defense-Argentina-Hacked.html</a>

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

The Redmond based software giant Microsoft issued an urgent security advisory to address vulnerabilities in its popular web-browser that is Internet Explorer.  Few of days new “zero day” security hole in IE was discovered which could potentially allow hackers to take over control of your system when all you've done is visit an infected website. The vulnerability affects IE versions 6, 7 and 8. Though the latest versions of the browser, that means IE 9 and 10, are not affected. “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” Microsoft said in its statement. The statement went on to say, “an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.”

On its advisory Microsoft first issued warning of the problem, which involves how IE accesses "an object in memory that has been deleted or has not been properly allocated." The problem corrupts the browser's memory, allowing attackers to execute their own code. Security vendor Symantec described such a scenario as a "watering hole" attack, where victims are profiled and then lured to the malicious site. Last week, one of the websites discovered to have been rigged to delivered an attack was that of the Council on Foreign Relations, a renowned foreign policy think tank. 

While talking about IE and its bugs, then we would like to remind you that couple of weeks ago, Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized. That time the software giant ignored that particular issue. But here they take this one bit seriously; So if you still using the older and affected version of IE, then its time to update your browser, in order to stay safe and secure on the Internet. To update your browser or to access the security fix click Here. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed"https://www.voiceofgreyhat.com/2013/01/Vulnerability-in-Internet-Explorer-Fixed.html</a>