'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Researcher at F-Secure blog has identified that A new piece of malicious software targeted at Apple users has been found on a website dedicated to the Dalai Lama. According to blog post by F-Secure -the website related to Dalai Lama is fully compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit. Dockster tries to infect computers by exploiting a vulnerability in Java, CVE-2012-0507. The vulnerability is the same one used by the Flashback malware, which first appeared around September 2011 and infected as many as 600,000 computers via a drive-by download. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud. Apple patched the vulnerability in Java in early April and then undertook a series of steps to remove the frequently targeted application from Macs. Apple stopped bundling Java in the 10.7 version of its Lion operation system, which continued with the company's Mountain Lion release. In October, Apple removed older Java browser plug-ins in a software update.

But still the matter of relief is that current versions of OS X are not vulnerable; users who have disabled the Java browser plug-in are also not vulnerable. F-Secure researcher Sean Sullivan said Dockster is “a basic backdoor with file download and keylogger capabilities.” Meanwhile F-Secure’s Sullivan, also said that the Dalai Lama’s site is also serving a Windows-based exploit for CVE-2012-4681, the Agent.AXMO Trojan. The Trojan exploits a Java vulnerability that allows remote code execution using a malicious applet that is capable of bypassing the Java SecurityManager. 

Please Note That: The gyalwarinpoche.com site doesn't seem to be as "official" as dalailama.com

While talking about Mac malware, then you must remember that earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information. In the very decent past we have seen a trojan named 'BackDoor.Wirenet.1'  apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like Chrome, Chromium,Firefox and Opera. For any kind of cyber updates and infose news, stay tuned with VOGH.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website"https://www.voiceofgreyhat.com/2012/12/Dockster-Mac-Malware-Found-on-Dalai-Lama-Related-Website.html</a>

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Gordon Lyon also known as Fyodor, the author of world's most popular security scanner 'Nmap' announced another update. Almost after five months we got this new version that is Nmap 6.25. This release of Nmap  contains hundreds of improvements, including 85 new NSE scripts, nearly 1,000 new OS and service detection fingerprints, performance enhancements such as the new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8 improvements, and much more!  It also includes the work of five Google Summer of Code interns who worked full time with Nmap mentors during the summer. 

Here are the most important change since 6.01:

• Integrated all of your IPv4 OS fingerprint submissions since January (more than 3,000 of them).  Added 373 fingerprints, bringing the new total to 3,946.  Additions include Linux 3.6, Windows 8, Windows Server 2012, Mac OS X 10.8, and a ton of new WAPs, printers, routers, and other devices--including our first IP-enabled doorbell! Many existing fingerprints were improved.

• Integrated all of your service/version detection fingerprints submitted since January (more than 1,500)!  Our signature count jumped by more than 400 to 8,645.  We now detect 897 protocols, from extremely popular ones like http, ssh, smtp and imap to the more obscure airdroid, gopher-proxy, and enemyterritory. 

• Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to http://nmap.org/submit/.  Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful.

• Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto(Next Header) probes. 

• Scripts can now return a structured name-value table so that results are query-able from XML output. Scripts can return a string as before, or a table, or a table and a string. In this last case, the table will go to XML output and the string will go to screen output. See http://nmap.org/book/nse-api.html#nse-structured-output 

• [Nsock] Added new poll and kqueue I/O engines for improved performance on Windows and BSD-based systems including Mac OS X. These are in addition to the epoll engine (used on Linux) and the classic select engine fallback for other system.  

• [Ncat] Added support for Unix domain sockets. The new -U and --unixsock options activate this mode.  These provide compatibility with Hobbit's original Netcat. 

• Moved some Windows dependencies, including OpenSSL, libsvn, and the vcredist files, into a new public Subversion directory /nmap-mswin32-aux and moved it out of the source tarball. This reduces the compressed tarball size from 22 MB to 8 MB and similarly reduces the bandwidth and storage required for an svn checkout.

• Many of the great features in this release were created by college and grad students generously sponsored by Google's Summer of Code program.  Thanks, Google Open Source Department!  This year's team of five developers is introduced at http://seclists.org/nmap-dev/2012/q2/204 and their successes documented at http://seclists.org/nmap-dev/2012/q4/138

• [NSE] Replaced old RPC grinder (RPC enumeration, performed as part of version detection when a port seems to run a SunRPC service) with a faster and easier to maintain NSE-based implementation. This also allowed us to remove the crufty old pos_scan scan engine. 

• Updated our Nmap Scripting Engine to use Lua 5.2 (and then 5.2.1) rather than 5.1. See http://seclists.org/nmap-dev/2012/q2/34 for details. 

• [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They are all listed at http://nmap.org/nsedoc/

For additional information and to know the full change log of this release click Here. To download Namp 6.25 (Source Code & Binary Packages) for Windows, Linux, Mac, Unix & few other OS click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance"https://www.voiceofgreyhat.com/2012/12/Nmap-6.25-Released-With-85-NSE.html</a>

LulZsec Hacker Jeremy Hammond Denied Bail & Have to Face 30 Years in Prison

LulZsec Hacker Jeremy Hammond Denied Bail & Have to Face 30 Years in Prison 

More trouble coming towards LulzSec, as the bail appeal of former LulzSec hacker Jeremy Hammond has been denied by the court. Hammond widely known as "Anarchaos" have to face a potential sentence of 30 years to life for alleged hacking crimes is probably enough to get the attention of most 27-year-olds. And that is what U.S. District Judge Loretta Preska told Hammond last week that he could face if he is convicted on all counts. Hammond, much better known in the world of hactivism by various online aliases including "Anarchaos," "sup_g," "burn," "yohoho," "POW," "tylerknowsthis," and "crediblethreat," has been held without bail since his arrest in March on charges connected with last year's hacking of Strategic Forecasting, or Stratfor, an Austin, Texas-based international intelligence broker, by AntiSec, an offshoot of LulzSec, which is in turn an offshoot of the hacktivist collective Anonymous.

The three-count federal indictment, brought in the Southern District of New York, charged him with conspiracy to commit computer hacking, computer hacking and conspiracy to commit access device fraud. More specifically, the government alleges that starting last December, Hammond and others from AntiSec stole information from about 860,000 Stratfor subscribers, including emails, account information, and data from about 60,000 credit cards. The government alleges that he published some of that information online, and used some of the stolen credit card data to run up at least $700,000 in unauthorized charges. He is also accused of giving about five million internal emails to WikiLeaks, which were published under the name The Global Intelligence Files.

Apparently unknown to Hammond, however, was that the then-leader of AntiSec, Hector Xavier Monsegur, a New York hacker known by the alias "Sabu," had been arrested the previous June and agreed to cooperate with the FBI. So, at least some of the Stratfor information Hammond uploaded was to a honey pot server maintained by the FBI. At a hearing last week, Hammond was denied bail, based on Judge Preska's determination that he was both a danger to the community and a flight risk. He had also recently been added to the Terrorist Watch List, said Sue Crabtree, a member of the Jeremy Hammond Solidarity Network and a spectator at his bail hearing. Crabtree said Hammond didn't even have a passport. The bail denial sparked another round of protest from Hammond's supporters. Anonymous published a message on Pastebin demanding that Preska recuse herself for conflict of interest. The group said her husband, Thomas J. Kavaler, was among Stratfor's clients, and therefore one of the alleged victims of the hack. Kavaler is a partner at Cahill Gordon & Reindel LLP in New York City.

"Judge Preska by proxy is a victim of the very crime she intends to judge Jeremy Hammond for," Anonymous wrote in a message posted last Friday. "Judge Preska has failed to disclose the fact that her husband is a client of Stratfor and recuse herself from Jeremy's case, therefore violating multiple Sections of Title 28 of the United States Code."

Beyond that, a writer identified only as "NA" on the website FreeHammond.com, argued that "Hacktivists are not criminals! Jeremy is alleged of a crime that has exposed the corruption and exploitation of the very State prosecuting him," and suggested entrapment by the FBI as well.

Renowned security expert Kevin Mitnick said it is possible that the government is trying to scare Hammond to get him to cooperate. Or, it could be designed to send a message to Anonymous members that what they view as sticking it to the man could yield some very serious consequences. Hammond is scheduled to go to trial sometime next year.

-Source (CSO Online)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">LulZsec Hacker Jeremy Hammond Denied Bail & Have to Face 30 Years in Prison"https://www.voiceofgreyhat.com/2012/12/LulZsec-Hacker-Jeremy-Hammond-Have-to-Face-30-Years-in-Prison.html</a>

Microsoft Launching Surface With Windows 8 Pro in January Starting at $899 For 64GB & $999 For 128GB

Microsoft Launching Surface With Windows 8 Pro in January Starting at $899 For 64GB & $999 For 128GB

Near about five months ago Microsoft announced that they will introduce a tablet computer of its own design that runs a new version of its Windows operating system, and that tablet was named 'Surface'. After this announcement we got the long awaited Surface tablet based on Windows RT. Now the software giant announced that the next version of its tablet computer which will run on full version of Windows 8 Pro is ready for sale. in a blog post Microsoft confirmed that the device will start at $899 for the 64GB model, with the 128GB version setting you back $999. Both of those are what's Microsoft's dubbing the "standalone" model, which means you'll get a Surface pen/stylus, but have to shell out extra for a Touch or Type Cover (each over $100). Both will be available in January, although there's no specific date or word on pre-orders yet. The current Surface uses the slimmed down Windows RT operating system. As a result, it runs only specially designed applications from Microsoft and others sold through the company's online store. The Pro version of Surface will also run regular Windows applications written for desktops and laptops. "It's a full PC AND a tablet," Surface general manager Panos Panay wrote in a blog post Thursday.

Both Surface RT & Pro looks similar to the including the same "VaporMg" casing and built-in kickstand, and it also boasts a 10.6-inch display with a 16:9 aspect ratio. A key difference with that latter bit, though, is that the screen packs a full 1920 x 1080 resolution as opposed to the 1366 x 768 found on the RT model. You'll also get a third-gen Core i5 processor with Intel HD Graphics 4000 (no more specifics on that just yet), 4GB of RAM, a Mini DisplayPort that can output a 2560 x 1440 resolution, a full-size USB 3.0 port and, of course, Windows 8 Pro with support for all your traditional desktop applications. All that expectedly makes the tablet itself a bit heftier than its RT-based counterpart -- it's just over half-an-inch thick and weighs in at two pounds on the nose.

The spec list confirmed that the Surface Pro will have a 42 W-h battery, but Microsoft has now also expanded on that in a tweet, saying that the device is expected to "have approximately half the battery life of Surface with Windows RT." Based on our testing of the RT version, that should translate to just over four-and-a-half hours.

-Source (Microsoft, Engadget)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Launching Surface With Windows 8 Pro in January Starting at $899 For 64GB & $999 For 128GB"https://www.voiceofgreyhat.com/2012/12/Microsoft-Launching-Surface-With-Windows8-Pro.html</a>

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

The social networking giant Facebook announced that it started rolling out Photo Synchronization, in order to add more mobility and ease of use. According to Facebook Newsroom -the new Photo Sync will make photo sharing easier. With this feature, photos from your phone sync automatically to a private album on the web. When you want to share these photos, just pick and post your favorites. If you turn this feature on, up to 2GB of photos from your phone can be synced automatically to a private album on Facebook, from which you can then pick your favorites to share with your friends. It’s important to note that Facebook isn’t launching new Android and iOS apps today. The feature is already included, but the company is turning it on for more and more users, starting with a big push today. To turn the feature on in the Facebook app (if you have an iPhone, iOS 6 is required), tap Photos and then tap Sync at the bottom of your photos section. Once the uploads start coming in, you can check them out and share them via the app, on the mobile Web, or on your computer (go to your Timeline, click Photos, and click “Synced From Phone” at the top of your photos section). To save on the limited amount of space, you can stop photos from being synced by deleting them. In the app, that’s the “Remove synced photo” option once you pick a photo in the Synced section, and on your computer that’s the Delete option when you’re in the “Synced From Phone” folder. The good news is that deleting a photo from your synced photos won’t delete it from your phone’s gallery.

That’s right, you can turn photo syncing on or off, but you can also choose to sync over Wi-Fi only. Normally, when you’re on a cellular network like 3G or 4G, Facebook will sync photos at a smaller size (around 100K each), so they’re unlikely to use much of your data plan. Over a Wi-Fi connection, Facebook will sync larger versions of your photos. The best part: photos will not sync when your battery is low.

Get the latest Facebook app for Android or iPhone to try it out. Learn more at Facebook.com/mobile or visit the Help Center.

-Source (TNW & FB)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS"https://www.voiceofgreyhat.com/2012/12/Facebook-Launched-Photo-Sync.html</a>

Vulnerability Found in Samsung Printers Allowing Remote Hack

Vulnerability Found in Samsung Printers Allowing Remote Hack 

Bad news for those who are using Samsung and Dell-branded printers, as in an advisory U.S. Computer Emergency Readiness Team (US CERT) issued an warning that a hard coded administrative account could allow remote attackers to take control of their device. According to the vulnerability note (VU#281284)- Samsung printers contain a hardcoded account that could allow a remote attacker to take control of an affected device. Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility. Manipulating the above vulnerability a remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution. 

Solution:-
Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung and Dell have also indicated that they will be releasing a patch tool later this year to address vulnerable devices.
Block Port 1118/udp
The reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks.

Restrict Access:
As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location.

While talking about vulnerabilities in Printer, then we would like to remind you that late in last year Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer. Later HP issued firmware to fix those security hole.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Vulnerability Found in Samsung Printers Allowing Remote Hack "https://www.voiceofgreyhat.com/2012/11/Samsung-Printers-Allowing-Remote-Hack.html</a>

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Those people who wander in many underground hackers community, knows very well that several unethical equipment such as Botnet, Zero-day exploit, black hole exploit kit, malware, undisclosed vulnerabilities and so on were sold there for different prices. Those products were generally priced between $5-$500, but today I will talk about an expensive product, which listed itself top on the black market. I am talking about a new cross-site scripting exploit that enables attackers to steal cookies and access Yahoo email accounts. According to the blog post of Krebs on Security -A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. The hacker posted the following video to demonstrate the exploit for potential buyers. 

“I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers,” wrote the vendor of this exploit, using the hacker handle ‘TheHell.’ “And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!” -said the hacker.  

In response Ramses Martinez, director of security at Yahoo!, said the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video. “Fixing it is easy, most XSS are corrected by simple code change,” Martinez said. “Once we figure out the offending URL we can have new code deployed in a few hours at most.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700"https://www.voiceofgreyhat.com/2012/11/Egyptian-Hacker-Selling-Zero-day-Exploit-of-Yahoo-Mail.html</a>