Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

Gang of Cyber Criminals Arrested For Stealing $7 Million From Exchange Companies in Dubai

Gang of Cyber Criminals Arrested For Stealing $7 Million From Exchange Companies in Dubai 

Yet again another infamous gang of cyber criminals who were behind the hack of more than $7 Million from exchange companies in Dubai get busted by the Dubai Police. The special Criminal Investigation Department (CID) of Dubai Police were behind these criminals for a long time, and after a certain period they successfully managed to track down and crack the cyber crime ring. Major General Khamis Matter Al Mazeina, acting chief of Dubai Police, said on last Sunday that a gang of Asians and Africans work with hackers in order to enter different websites and systems of different companies here in Dubai in order to transfer money inside and outside the country. “Cheques worth more than Dh6 billion have been found with the gang after their arrest,” he said. He also said that the gang was able to transfer more than Dh7 million from exchange companies in Dubai to their own accounts. From an exclusive report of Gulf News we came to know that the deputy director of the General Department of Criminal and Investigation for research, Colonel Salem Khalifa Al Rumaithi said the incident happened early this month when police received complaints about a scam and transfer of $2 million from a company’s account. “This was done through hacking the e-mails of this company by someone outside the UAE,” he said.

He said the hackers used to change the data of the transactions, billing, and then transfer the money into their accounts.

He said the first accused, an Asian identified as Kh. Q., used to receive the transferred funds. “He owns three luxury cars which he bought from the proceeds of such crimes,” he said. 

He said the role of the second suspect, another Asian identified as U.K., was to provide the gang with bank account numbers by creating fake companies on the internet and dealing with the victims’ accounts. “After the process of converting the money credited to the first accused U.K. used to take 3 per cent of the money and give the remaining to an African man who was the mastermind. According to Lt Colonel Saeed Al Hajeri, director of the electronic investigation department, the third suspect was identified as D.Q. from Africa.

“The role of this suspect was as a mediator between the gang members and manipulating the business processes and changing the bank accounts to any other account,” he said. The suspect admitted that he was part of the Dh4 billion scam and another Dh6 million scam.

Lt Col Al Hajeri said Dubai Police had taken the necessary measures to obtain sufficient information from the rest of the gang members who operate outside the country in African countries through Interpol. Brigadier Khalil Ebrahim Al Mansouri, director of CID, said the police team worked on arresting the gang quickly.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Gang of Cyber Criminals Arrested For Stealing $7 Million From Exchange Companies in Dubai"https://www.voiceofgreyhat.com/2013/03/Cybercriminals-Arrested-For-Stealing-7Million.html</a>

Australia Joined 38 Other Nations as Part of an International Cybercrime Treaty

Australia Joined 38 Other Nations as Part of an International Cybercrime Treaty

Sitting at the edge of the latest technology, today we can easily separate our world into two parts. One is the real world where we live and another is the virtual or cyber world, in which we all are tightly attached. As these two fields are the prime factor where we have to stay happily so the matter of safety, security is highly required on the both said areas. Being one of the leading cyber media, our main concern is the cyber domain,  so we are worried as well are responsible and committed to server our readers. In this period of time many of us feel terrified to engage themselves in the cyber space due to lack of security and privacy, and also keeping in mind the major disaster done by cyber criminals. But how long? To get rid of that not only we the media people but also the sincere government of several countries make themselves committed to prepare a safe cyber world for the people. Earlier we have seen several developed countries came under a shade, in order to make an united shield to protect this cyber domain and its people. Today that shield got a new member. Yes it is Australia who has now formally joined 38 other nations as a party to the world's first international treaty on crimes committed via the internet. This deceleration came from the Attorney-General Mark Dreyfus. In his speech he said "Australia becoming a party to the Council of Europe Convention on Cybercrime will help combat criminal offences relating to forgery, fraud, child pornography, and infringement of copyright and intellectual property" 

By joining the Convention, Australian law enforcement agencies will be able to rapidly obtain data about communications relevant to cybercrimes from partner agencies around the world. With the Convention now in effect, Australia's investigative agencies are able to use new powers contained in the Cybercrime Legislation Amendment Act 2012 to work with cybercrime investigators around the globe. The Act amended certain Commonwealth cybercrime offences and enabled domestic agencies to access and share information relating to international investigations. Dreyfus says the Act also created new privacy protections, safeguards and reporting requirements for the exercise of new and existing powers.
"A warrant is always required to access the content of a communication whether the information is in Australia, or accessed from overseas under the Cybercrime Convention. The Cybercrime Act and the Cybercrime Convention do not impact in any way on the need to have a warrant to access content from a telephone call, SMS or e-mail." -Dreyfus said in his statement.

-Source (ZDNet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Australia Joined 38 Other Nations as Part of an International Cybercrime Treaty"https://www.voiceofgreyhat.com/2013/03/Australia-Joined-International-Cybercrime-Treaty.html</a>

Evernote Security Breached! Causing 50 Million Passwords Reset

Evernote Security Breached! Causing 50 Million Passwords Reset

World famous online information storage firm Evernote, allows millions of people to store and organised personal data on an external server from cross-platform have fallen victim to latest round of cyber attacks where hackers had managed to breach the company network which results a massive data breach effecting more than 50 million of its registered users. The breach on Evernote follows malicious activity at Twitter, NBC, New York Times, Facebook and others in recent weeks. In their blog release the firm has acknowledged the incident while saying "Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service." But the matter of relief for the millions of its users are that, whether the hackers have gained access inside Evernote user information, which includes usernames, email addresses associated with Evernote accounts, but due to salted encryption; hackers fail to gain decrypt those  credentials. But to avoid further massacre Evernote did password reset of all it's registered users. Phil Libin, Evernote’s CEO and founder, told press that the services are running, although if you try to access the site things may not work as normal at the moment: “We just pushed out a password reset, so the servers are going to be saturated for a bit,” he wrote. “Everything is up, although response is choppy. There’s no threat to user data that we’re aware of” -said Phil. Evernote also claimed that also have no evidence of any payment information for Evernote Premium or Evernote Business customers was accessed during the hack. 

The security response team of Evernote apologized for the annoyance of having to change your password, but, ultimately, they believed that; this simple step will result in a more secure Evernote experience.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Evernote Security Breached! Causing 50 Million Passwords Reset"https://www.voiceofgreyhat.com/2013/03/Evernote-Security-Breached.html</a>

China Claiming Their Defense & Military Sites are Serially Attacked By U.S. Hackers

China Claiming Their Defense & Military Sites are Serially Attacked By U.S. Hackers 

We all are very much familiar of hearing the story of cyber espionage and cyber attacks originated from China by Chinese hackers. Where many countries across the globe have fallen victim like U.S. India, Japan, South Korea, many European countries and many more. But today a complete reverse story came under light where the Chinese government are claiming that several top secrete government sites like defense, army, military were targeted and hit by hackers from United States. According to some classified sources it came that Chinese government websites are routinely hacked from IP addresses originating within the United States. In a news conference, spokesman of Defense Ministry of China; Mr. Geng Yansheng said that - more than 144,000 hacking attempts per month are targeted at the China Military Online and Defense Ministry websites. According to Chinese defense ministry a close to two-thirds of those attacks (62.9 percent) originated in the United States. Geng said he had noted reports that the United States planned to expand its cyber-warfare capability but that they were unhelpful to increasing international cooperation towards fighting hacking.

"We hope that the U.S. side can explain and clarify this." The U.S. security company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries. Yansheng did not mention a direct link between the cyber attacks and the U.S. government only that the attacks originated in the United States. He did note, however, that China is concerned with reports that the United States is planning to expand its cyber warfare capabilities. 

In the last month China was blamed for engaging cyber attacks against several high profile websites and organization of U.S. including New York Times, Twitter, NBC and so on. And if you refresh our memory then then we will find the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had  breached Telvent's corporate network & gained control of US Power Grid. Also in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Also in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. 

After keeping in mind all the above facts, we can not conclude the matter very easily, but what we can say that, whether China is responsible or not is neither been proved so far. In spite of looking at the situation we can only say, the entire matter is foggy; where the original truth has either been manipulated or been still untold. But it is sure that those untold or manipulated issues will some day came in front, till that time we have to keep patience and don't forget to stay tuned with VOGH for all kind of cyber related topics and expert reviews.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">China Claiming Their Defense & Military Sites are Serially Attacked By U.S. Hackers"https://www.voiceofgreyhat.com/2013/03/Chinese-defnese-attacked-by-us-hackers.html</a>

Shahrukh.com -The Official Fan Site of Shahrukh Khan Hacked

Shahrukh.com -The Official Fan Site of Shahrukh Khan Hacked

Last week we covered the hack of several Yamaha motor's official website, where a newly formed hacker group named 'Dark Snipper' took responsibility of that attack. Yet again that group strikes while setting a new target and that is the official website of famous Indian actor Shahrukh Khan's fan. Shahrukh Khan widely known as SRK, one of the most famous actor in Indian industry called "Bollywood". The attack took place couple of days ago, where this Pakistani hackers community have gained access into the server where shahrukh.com was hosted and thus the defaced the index page. After the matter get spotted, the webmaster took action and recovered the website. But the hacker did not forget to create a deface mirror on Zone-H, to justify the hack. Though such kind of cyber attack against Bollywood celebrities is a very normal phenomenon, infarct earlier we have seen the official website of Shahrukh Khan's movie named 'Ra.One' Also the twitter account of srk once became the hot target of hackers. If we define the nature of the attack, then we must have to say no such big object or cause driven the hackers, so the main purpose of engaging the hack can be defined as fun purpose. While talking about relation between hackers and Bollywood we would like to remind you that earlier we have seen several instances where celebrities like Mahesh Bhatt, Kangna Ranaut, Mallika Sherawat, Arbaaz Khan, Vishal and Shekhar and so on have fallen victim to cyber criminals. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Shahrukh.com -The Official Fan Site of Shahrukh Khan Hacked"https://www.voiceofgreyhat.com/2013/02/Shahrukh.com-Hacked.html</a>

Hackers Hit Microsoft Windows Azure Causing 12 Hour Outage, Affecting Xbox & 52 Other Services

Hackers Hit Microsoft Windows Azure Causing 12 Hour Outage, Affecting Xbox & 52 Other Services 

Windows Azure the cloud computing platform of Microsoft for building, deploying and managing applications and services through a global network of Microsoft-managed datacenters  faced an unwanted disaster due to organized cyber attack which interrupted its service world wide. While looking at the scenario the Redmond based software giant sincerely apologize for the interruption and any issues it has caused and declared that they will  refund Windows Azure customers impacted by the said outage last week caused by an expired SSL certificate. The Windows Azure Storage outage affected at least 52 services, including Xbox Live on Thursday night and Friday. 

In a blog post while describing the situation Microsoft said - "HTTP traffic was unaffected but the event impacted a number of Windows Azure services that are dependent on Storage.  We executed the repair steps to update the SSL certificate on the impacted clusters and availability was restored to >99% worldwide by 1:00 AM PST on February 23.  At 8:00 PM PST on February 23, we completed the restoration effort and confirmed full availability worldwide. Given the scope of the outage, we will proactively provide credits to impacted customers in accordance with our SLA. The credit will be reflected on a subsequent invoice.  Our teams are also working hard on a full root cause analysis (RCA), including steps to help prevent any future reoccurrence."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hackers Hit Microsoft Windows Azure Causing 12 Hour Outage, Affecting Xbox & 52 Other Services"https://www.voiceofgreyhat.com/2013/02/Hackers-Hit-Windows-Azure-Caused-12-Hour-Outage.html</a>