NBC.com Compromised, Hackers Exploited The Website to Spread Malware

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

The month of February is still going from bad to worse for the cyber domain, in this very month cyber criminals swallowed the security system of many giant companies like Facebook, Twitter, Apple, New York Times and many more. But the game is not over yet, as we have just passed a few weeks, when the attack on NY Times took place, which stolen the employ database; yet again the cyber criminals have targeted another media giant National Broadcasting Company widely known as NBC. During the attack, hackers have successfully gain access inside the server of NBC and planted malware, in order to harm innocent readers. Famous security expert and blogger Brian Krebs said that the hackers inserted code into the NBC.com homepage. This caused visiting browsers to load pages from third-party sites that were compromised. While explaining the nature of the attacker, Krebs said; "The compromised sites tried to foist the Citadel Trojan, a variant of the Zeus Trojan." The Zeus is a "sophisticated data theft tool that steals passwords and allows attackers to control machines remotely" he added. Not only the NBC’s home page, also several others were affected, including the pages of late night talk show hosts Jay Leno and Jimmy Fallon. Well known security firm Sophos explained how roughly attack played out, and how NBC got sucked into the equation:

• NBC's hacked pages were altered to add some malicious JavaScript that ran in your browser.
• The JavaScript injected an additional HTML component known as an IFRAME (inline frame) into the web page.
• The IFRAME sucked in further malicious content from websites infected with an exploit kit known as RedKit.
• The exploit kit delivered one of two exploit files to try to take control over your browser via a Java vulnerability or a PDF bug.
• If the exploit worked on your computer, financially-related crimeware from the Citadel or ZeroAccess families was installed.

This, of course, is an example of a dreaded drive-by download, where the crooks use a cascade of tricks to download, install and execute software without going through any of the warnings or confirmation dialog you might expect. This, in turn, means that even if you are a careful and well-informed user, you may end up in trouble, since there are no obvious signs that you are doing anything risky, or even unexpected.

As soon as this story get spotted the American commercial broadcasting television network, NBC News reported and confirmed that its site had been attacked. The broadcaster released the following statement regarding the website: "We've identified the problem and are working to resolve it. No user information has been compromised."

The emergency response team immediately take the situation under control and restored the website, and confirmed that the site is back again and completely safe for its visitors. But so far there is no evidence of attackers who were involved in this attack. For the safety of VOGH readers we would like to recommend you to update your operating systems and browser plugins. Also note that the attack on NBC was similar to many that have occurred in recent years in that the malicious sites tried to exploit vulnerabilities in Java. So it will better to disable Java, unless it is that much necessary. So stay tuned with VOGH and be safe in the cyber domain. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NBC.com Compromised, Hackers Exploited The Website to Spread Malware"https://www.voiceofgreyhat.com/2013/02/NBC.com-Compromised.html</a>

Twitter Account of Hacktivist Group Anonymous Hacked By 'Rustle League'

Twitter Account of Hacktivist Group Anonymous Hacked By 'Rustle League'

The scenario of hackers targeting another hacker has became a very common matter, in last two years we have seen many instances of the above matter where a hacker hit another hacker's site, community, blog, forums and so on. Today the story which I will about to discuss is the same matter where infamous hacker community named 'Anonymous' fallen victim. A newly formed hacker group calling them selves "Rustle League" targeted one of the officially recognized twitter account (@Anon_Central) belongs to hacktivist group which have more than 160,000 followers. According to security experts  "the reason Anonymous fell victim is probably human weakness." Or in other word many of twitter accounts get hacked due to choosing week passwords. "Chances are that they followed poor password practices, like using the same password in multiple places or choosing a password that was easy to crack. Everyone should learn better password security from incidents like this - if it can happen to an account run by Anonymous supporters, it could happen to you" said another expert of security firm Sophos. The hack on Anonymous twitter account placed Thursday morning and three hours later, those running the feed tweeted that they had gained back control of their account. 

While talking about attack on Twitter, we would like to remind you that, in this month a sophisticated cyber attack compromised the security system of the social networking giant twitter, where more than 250,000 twitter users have fallen victim. Though the hack of Anonymous twitter account does not resembles to the said matter, but the hack can be considered in the list of twitter hacking, widely known as #twithackery; where hackers gain temporary access of celebrity and famous twitter accounts. If you did the history we will find the following names, WWE champion John Cena, Star Rita Ora, Justin Bieber, Teyana Taylor,American pop singer Kesha, NBC News, Fox News Politics, USAToday, Lady Gaga’s Twitter Account, Anders Breivik, Mahesh Bhatt, Huffington Post; these are the famous names who have fallen victim to twithackery. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Twitter Account of Hacktivist Group Anonymous Hacked By 'Rustle League'"https://www.voiceofgreyhat.com/2013/02/Twitter-Account-of-Anonymous-Hacked.html</a>

Apple Hacked By The Same Group Who Attacked Facebook

Apple Hacked, Macintosh Computers Infected  By The Same Group Who Attacked Facebook 

The month of February is not going good for cyber space, specially for giant organization. Last week the social networking giant Facebook fallen victim of a devastating cyber attack which did effected a number of  systems. Facebook admitted that it faced a "sophisticated attack" on computers where it has been found the attackers used a zero-day Java exploit to initiate the attack, but that no user data was compromised. The same thing happened to micro blogging site Twitter and New York Times. And now it was the turn for Apple. The California based multinational company acknowledged that recently their systems has been attacked by hackers who infected Macintosh computers of some employees. Like Facebook here also no data has been effected, "there was no evidence that any data left Apple." -said Apple. 

According to an exclusive report of Reuters -some unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. Experts are presuming that all these cyber attacks of February, that is Twitter, New York Times, Facebook & Lastly Apple Inc was originated from China, and executed by the same hacker group. On the other side few experts are also saying that the group responsible for the hack, has been identified as "Unit 61398" of the People's Liberation Army. But so far there is no proof. 

Apple also revealed that it plans to release a software tool later Tuesday that will protect customers against the same type of software that was used against its employees. 

Apple also provided a statement as follows:-

"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.

Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found..."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Hacked By The Same Group Who Attacked Facebook"https://www.voiceofgreyhat.com/2013/02/Apple-Hacked-Mac-Computers-Infected.html</a>

'Data Theft' A Serious Issue! Be Watch Full, Be Safe

Hidden Costs of 'Data Theft' A Serious Issue! What You Need to Know to Be Safe 

Sitting at the edge of technology, we the people of this century are blessed with all the required equipment  which makes our work so easy that one could have even imagined three hundred years ago. Along with these positive sides, we must have to keep in mind that, these technologies not only elaborating our effort  making life easier, but also posing  high level of threat. As the main concern of VOGH is cyber domain, so here w would like to share a fact which will make you think and even make your cyber life and your personal life too uncanny. Yes, I am talking about the rising cyber threats; the more we are shedding with technologies, the more we are involving our lives with some dangerous threats and challenges. Now a days cyber criminals are every where, you don't even know, what trap has already been set for you, that can ruin your happy life. One of the big example is "Data Theft" which becoming boomerang for us. In an age of fully digitized data, consumers and businesses can lose thousands of dollars in the blink of a hacker’s eye. The costs of data theft are well known to anyone who has ever found themselves victim to financial identity or medical record fraud. What few of us realize is that the procedures required to right a financial wrong are often costlier than the crimes themselves. Lets share some interesting statistic, which will surely put terror in your mind - the economy loses an average of $22,346 for every time an identity is stolen. And to fully recuperate losses, repair credit and prosecute fraudsters, consumers, accountants, lawyers and IRS officials can spend up to 5,000 hours, the equivalent of two years of full-time work on a single case. Even so, 60% of medical record fraud victims admit that they don’t monitor their medical statements for inconsistencies. 

Shocking!! Why not?

For one, most consumers don’t have time every month to file through complex medical or financial statements and check for accuracy. And secondly, the image of thousands of evil savants working around the clock to hack BOA databases sure makes a consumer feel helpless. Identity theft seems random and unpreventable–a stroke of bad luck like getting struck by lightning. If we are struck, we tell ourselves, banks, credit agencies and insurance companies are legally bound to recover our funds and correct our records. 

Now lets check out a fascinating video in our Hidden Costs Series to get a deeper look at how our high-cost, high-risk data management systems really work.

Hidden Costs of Data Theft (Statistic At a Glance):-

Data theft includes financial identity theft, identity cloning, and medical identity theft. The average cost per victim was $22,346 in 2012. And the total national cost of just medical identity fraud was $41 billion in 2012. The worst part – nearly 60% of reported victims say they don’t ever check their medical records for fraud. Depending on the severity of the case, it can take over 5,000 hours (the equivalent of working a full-time job for two years) to correct the damage.

Since 1935, over 435 million social security cards have been issued. That’s over 2,175 tons of paper issued as cards, or 52,200 trees and 5 million new cards are issued every year. 

Worldwide, digital warehouses storing private information, like banking and personal history, use about 30 billion watts of electricity, which equals roughly the output of 30 nuclear power plants. Data centers in the US make up almost a third of that usage, and waste 90% of the electricity they pull off the grid.

On average, 47% of victims encounter problems qualifying for a new loan and 70% have difficulty removing the negative information from their credit reports.

Over the next five years, the IRS stands to lose as much as $21 billion in revenue due to identity theft, and worldwide, businesses lose close to $221 billion a year with the US, UK, Canada and Australia ranking the highest in reported fraudulent activity.

After reading the above story carefully, many of you will feel insecure and panic. But I would like to inform you that the main purpose of sharing such important information, is to enhance carefulness, to rise cyber awareness. Many people became victim, not because of less knowledge, but of less information, less awareness. So from now onward before connecting your self into the digital world make sure that the significant & the emergent knowledge and information you have gathered from the article, should remain intact inside your brain. Trust me, if you became a bit cautious, you can easily get rid of all those cyber threats, and can enjoy the bless of technologies to make your life prosperous and happy. 

So stay tuned with VOGH and also be canny, be attentive and be safe inside the digital world. 

We the Team VOGH heartily thanks one of our invaluable reader and friend Emily Stewart of Insurance Quotes for the statistic and the awesome video. We love you Emily :) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'Data Theft' A Serious Issue! Be Watch Full, Be Safe"https://www.voiceofgreyhat.com/2013/02/Hidden-Costs-of-Data-Theft.html</a>

Ambedkar Institute of Telecom Training India (BRBRAITT) Hacked By Hitcher

Ambedkar Institute of Telecom Training India  (BRBRAITT)Hacked By Hitcher

He was noiseless since his last massive attack against Israel, with the banner of #OpIsrael for Muslim Liberation Army. He was mum but not passive, and it shows when well known Pakistani hacker going by the name of "Hitcher" come back again. The name of Hitcher is common to us for defacing high profile websites, his last few high profile hack was HP Training Center, Bank of Punjab, Kingfisher Airlines, Central Statistical Agency of Ethiopia & 100+ Chinese Govt Websites, again ensue the same path. This time the target was the official website of Bharat Ratna Bhim Rao Ambedkar Institute of Telecom Training India (BRBRAITT) also known as India Premier National Level Telecommunication Training Center. As per sources the hacker managed to breach the server security and get administrative access into the BBBRAITT system. He not only hacked and defaced the index page, but also stolen sensitive data like employ details, course curriculum,  student details, several ongoing project information, and few more confidential tidings. Immediately after the hack, webmaster of BBBRAITT noticed the issue and patched those security holes and back doors from which the hacker get in. Also he restored the site to its normal format. But still the deface mirror can be found on an archiving site called Th3Mirror.com, though the reason of this hack is still a mystery. 

Brief About BRBRAITT:- 

BRBRAITT is one of the premier institutes of BSNL India, imparting training in various fields like latest technologies in field of telecommunications, computer networking, accounting, management, providing competency and skills to meet the ever changing needs of esteemed customers. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Ambedkar Institute of Telecom Training India (BRBRAITT) Hacked By Hitcher"https://www.voiceofgreyhat.com/2013/02/BRBRAITT-Hacked-By-Hitcher.html</a>

NASA Sub-domain is Vulnerable Allowing Information Disclosure

NASA Sub-domain is Vulnerable Allowing Serious Information Disclosure

National Aeronautics and Space Administration, widely known as NASA used to fascinate the hackers to come and breach its security system. Many of our readers may be astonished after reading the above lines, but its a fact and history is the witness of that. So far NASA have been targeted several times, where hackers have figured out vulnerability and penetrated the digital security. Yet again same thing happened to NASA, when an ethical hacker from India going by the name of "Zero Cool" find out serious loopholes in one of the sub-domain of NASA, which could lead sensitive information disclosure. The hacker shared a vulnerability report with us, where he has shown that, exploiting the vulnerability one malicious attacker can easily extract lots of confidential data from NASA server, such as source code of various programs (used by NASA), current project information, future research paper, topological graph, license information, several executable files, .dll files, private application software & it's source codes, employ details and many more highly confidential or in other word "Top Secrete" data and files. For security and privacy purpose we are not disclosing those vulnerable links, but exclusively for VOGH readers we are sharing few images to justify the fact. 

This vulnerability report has already been submitted to NASA, and as expected they immediately reacted and promised to path those loopholes with immediate effect. While talking about the ethical hacker "Zero" we would like to remind you that, before this NASA vulnerability disclosure, he exposed several vulnerabilities among many major and high profile websites such as Facebook, Reebok,Indiagames, mtv, lapdonline, UNESCO, Toshiba, Discovery.com, Novell.com, Microsoft Store India, several Pakistani  and Bangladeshi Govt websites and many more.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NASA Sub-domain is Vulnerable Allowing Information Disclosure"https://www.voiceofgreyhat.com/2013/02/NASA-Sub-domain-is-Vulnerable.html</a>

Yamaha Motor's Official Website of Six Different Countries Hacked & Defaced

Yamaha Motor's Official Website of Six Different Countries Hacked By Dark Snipper

Yamaha, Japanese multinational corporation; widely known to us for manufacturing motorcycles and power sports equipment, have fallen victim in front of hackers. A newly formed hacker group calling themselves "Dark Snipper" targeted several websites of Yamaha. This round of cyber attack has blown Six Yamaha websites from different countries like Bosnia Herzegovina, Croatia, Montenegro, Macedonia, Slovenia & Serbia. According to sources a few hackers code named 'Soul Inj3ct0r,  P4K-CoMManDeR, Error Haxor,  Dream.Killer, X3o-1337 & SOG' mainly from Pakistan took responsibility of the hack. So far the reason of the attack is not clear, but still the deface page is saying that the attack was inspired by the cause of "Free Palestine". But it is very irrelevant that, why the hacker group targeted Yamaha, as there is hardly any relation between the cause of Gaza, Palestine and Yamaha. What ever! Yamaha authority and the cyber response team immediately recovered those hacked sites by deleting the hacker's page (as shown in the picture below) and patched the security hole.

It is come to our concern that, team 'Dark Snipper' managed to get access into Yamaha server, where all those domain were hosted, and that is why it became possible for the hackers to breach all those Yamaha sites. But, Yamaha did not passed any reaction after the breach. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Yamaha Motor's Official Website of Six Different Countries Hacked & Defaced"https://www.voiceofgreyhat.com/2013/02/Yamaha-Motor-Official-Website-Hacked.html</a>