Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again 

Computer security firm Symantec has unveiled, that a hacker group which unleashed the Hydraq or Aurora Trojan horse against Google and 34 other companies in 2009 has also been linked to attacks that have compromised systems at defense contractors, human rights organizations, and other large groups. According to the official blog of Symantec- they have been monitoring the activities of that hacker group since last three years and figure out that these attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (compromising certain websites likely to be visited by the target organization). The overall campaign by this group has been dubbed by the name "Elderwood Project".  

Serious zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero-day vulnerabilities used by the Elderwood attackers. Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many. The number of zero-day exploits used indicates access to a high level of technical capability. Here are just some of the most recent exploits that they have used:

•  Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
•  Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
•  Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
•  Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) 

Symantec have published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again"https://www.voiceofgreyhat.com/2012/09/Google-Hackers-Who-Unleashed-Hydraq-Trojan-Strikes-Again.html</a>

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering 

Russian anti virus firm & security giant  Kaspersky Lab has released an anti-spam and anti-malware application called Linux Mail Security which can be integrated into different type of Linux-based mail server to fight spam and block malicious attachments. The latest spam-fighting features – including Reputation Filtering and Enforced Anti-Spam Updates Service  help to filter out zero-hour spam, while our new ZetaShield technology helps to shield businesses from zero-day and targeted attacks. Designed for integration with a range of Linux-based mail systems, Kaspersky Linux Mail Security delivers the security, flexibility and ease of management that businesses and ISPs demand. 

Key Features:- 

• Advanced antivirus engine- Kaspersky Linux Mail Security includes the latest version of Kaspersky Lab’s award-winning antivirus engine – with behaviour stream signatures – to help detect and remove malicious attachments from incoming emails.
• 
  
• Zero-Day Exploit and Targeted Attack (ZETA) Shield- Kaspersky’s ZetaShield offers protection against unknown malware and exploits – to defend you from zero-day and zero-hour attacks and APTs (Advanced Persistent Threats).
• 
  

Powerful Anti-Spam Engine- Kaspersky Linux Mail Security provides the latest version of Kaspersky’s anti-spam engine – including two powerful new technologies:

• Enforced Anti-Spam Updates Service – uses push technology, directly from the Kaspersky cloud, to deliver real-time updates. By reducing the ‘update window’ from 20 minutes to approximately 1 minute, the Enforced Anti-Spam Updates Service helps to defend businesses against zero-hour spam and spam epidemics.
• Cloud-assisted Reputation Filtering – fights against unknown spam, to enhance the spam capture rate and reduce the number of false positives.

Kaspersky Security Network -The cloud-based Kaspersky Security Network (KSN) gathers data from millions of participating users’ systems around the world to help defend your system from the very latest viruses and malware attacks. Potential threats are monitored and analysed – in real-time – to help block dangerous actions, before harm is caused.

Attachment filtering- The new Format Recogniser feature can filter attachments – using information about file type, name and message size. This helps businesses to enforce their email usage policy and can help to address corporate liability issues that can arise when users try to distribute illegal music or video files via the corporate email system.

Improved!Global Blacklists and Whitelists- In addition to creating corporate blacklists or whitelists, administrators can manage ‘allowed’ or ‘denied’ senders email – using IPv4 and IPv6, wildcards and regular expressions.

Personal Blacklists and Whitelists- Users also can create their own blacklists and whitelists.

Backup and personal backup with flexible search -Blocked email is quarantined in a backup system. If the system uses Microsoft Active Directory or OpenLDAP, individual users can access their personal backup via the web so they’re less likely to need to call your helpdesk.

Integration with most popular MTAs (Postfix, Sendmail, Exim, qmail and CommunigatePro)- Kaspersky Linux Mail Security lets you select the method of integration, depending on your choice of Mail Transfer Agent (MTA) – so you can integrate as a filter or using a Milter API.

Antivirus command line file scanner- The Kaspersky Anti-Virus On-Demand Scanner can be used for on-demand virus checking of objects – which can include directories, regular files and devices such as hard drives, flash drives and DVD-ROMs.

Amavisd-new- Kaspersky Linux Mail Security supports integration with Linux mail systems using the high-performance AMaViS interface.

Monitoring and Reporting features- 

• SNMP (Simple Network Management Protocol) support – any type of event can be monitored using SNMP events and traps
• A new dashboard gives an at-a-glance view of status and monitoring
• Detailed, flexible reporting in PDF format – for customisable reports that help in the monitoring and analysis of security and policies
• Notification system – informs administrators and document owners about policy violation incidents
• Detailed logs – on all product actions, to help in identifying problems

Easy to deploy, maintain and manage- 

• System administrators can run manual updates or set the rules for fully automatic updates of antivirus, anti-spam and ZetaShield
• Integration with Active Directory and OpenLDAP
• Rich email traffic management rules – administrators can create rules according to corporate security policies
• IPv6 support
• Scalable architecture – the entire system can be easily migrated from a test server to a production environment

Kaspersky Linux Mail Security will support the following Linux distributions - Red Hat Enterprise Linux 6.2 Server, Fedora 16, SUSE Linux Enterprise Server 11 SP2, Debian GNU/Linux 6.0.4 Squeeze, CentOS 6.2, openSUSE Linux 12.1, Ubuntu 10.04 LTS; 12.04 LTS, Mandriva Enterprise Server 5.2, FreeBSD 8.3, 9.0, Canaima 3.0, Asianux 4 SP1. 

For Detailed Information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering"https://www.voiceofgreyhat.com/2012/09/Kaspersky-Releases-Linux-Mail-Security.html</a>

Oracle Released Emergency Update to Patch Java 0day (CVE-2012-4681)

Oracle Released Emergency Update to Patch Java 0day (CVE-2012-4681)

Zero-day vulnerabilities in Java, which was on the spotlight for last few days; takes a new direction. Several security firms have already declared that, this newly found Java exploit had been added to Blackhole, a popular hacker's tool that bundles numerous exploits and tries each in turn until it finds one that will work against a personal computer. As expected  Oracle has released an emergency update to address those zero-day vulnerabilities. This Security Alert addresses security issues CVE-2012-4681 (US-CERT Alert TA12-240A and Vulnerability Note VU#636312) and two other vulnerabilities affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications. They also do not affect Oracle server-based software.

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.

In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Supported Products Affected

Security vulnerabilities addressed by this Security Alert affect the products listed in the categories below.  Please click on the link in the Patch Availability column or in the Patch Availability Table to access the documentation for those patches.

Affected product releases and versions:

Java SE	Patch Availability
JDK and JRE 7 Update 6 and before	Java SE
JDK and JRE 6 Update 34 and before	Java SE

Patch Availability Table and Risk Matrix

Java SE fixes in this Security Alert are cumulative; this latest update includes all fixes from previous Critical Patch Updates and Security Alerts.

Patch Availability Table

Product Group	Risk Matrix	Patch Availability and Installation Information
Oracle Java SE	Oracle JDK and JRE Risk Matrix	Oracle Security Alert for CVE-2012-4681 My Oracle Support Note 1486726.1. Developers can download the latest Java SE JDK and JRE 7 and 6 releases fromhttp://www.oracle.com/technetwork/java/ja vase/downloads/index.html. Users running Java SE with a browser can download the latest JRE 7 release from http://java.com/. Users on the Windows platform can also use automatic updates to get the latest JRE 7 and 6 releases.

Also Java 7 Update 7 is now available to download for Windows (32- and 64-bit), Linux (32- and 64-bit), Mac OS X (64-bit), Solaris x86 (32- and 64-bit) and Solaris SPARC (32- and 64-bit). JDKs with the updated Java runtimes are also available. Users with Java installed on their systems, whatever operating system, should install the updates as soon as possible because malicious software that uses the vulnerability is already in circulation. For detailed information click here. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oracle Released Emergency Update to Patch Java 0day (CVE-2012-4681)"https://www.voiceofgreyhat.com/2012/08/Oracle-Released-Emergency-Update-to-Patch-Java-0day.html</a>

Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec

Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec

We are very much familiar to see Malware has targeted men by enticing them to view videos or pictures of a sexually-oriented nature. But here the story is totally different, recently Antivirus firm Symantec has discovered discovered 'Android.Loozfon' a rare example of malware that targets female Android users.

According to the symantec official blog -A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can easily make some money. The email includes a link to a site that appears to be designed to assist women to make money simply by sending emails. When a certain link on the site is clicked, Android.Loozfon is downloaded onto the device. Other links direct the user to a dating service site that likely attempts to charge money to use the service, which supposedly helps women meet rich men.

If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device. The downloaded app is titled “Will you win?” in Japanese. It has nothing to do with earning extra income or wealthy men.

If the app is installed and launched, it counts down from two to zero and then states that the user has lost. The app is programmed to lose every time, although there is nothing to either lose or win. It steals contact details stored on the device as well as the phone number of the device, which is the main goal of the malware. The scammers are likely harvesting email addresses in order to send spam to the contacts they were able to steal to lure them to the dating service site and/or sell the data to another group of spammers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec"https://www.voiceofgreyhat.com/2012/08/Android-Malware-Loozfon-Targeting-Female-Android-Users.html</a>

Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime

Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime

kaspersky lab on Monday has unveiled Kaspersky Internet Security 2013 and promises to help combat the slew of new cyber threats that have emerged this year. This new release is boasting a host of new features including a new anti-spam module, a new Safe Money Mode, antivirus engine, and a simplified user interface.  These include a new Safe Browser mode that activates automatically when the user logs onto a banking sites and isolates the payment operation from other online activities to ensure any transaction made is not monitored. Kaspersky Internet Security 2013 also adds new Secure Keyboard technology to the company's existing Virtual Keyboard tool. The tool is designed to protect the most sensitive data against keyloggers when in Safe Money mode. Kaspersky claims the tool also features a "unique Automatic Exploit Prevention technology targets the most sophisticated threats utilising vulnerabilities in popular software", and a "new antivirus engine with better detection rates for the entire scope of emerging cyber threats".

The new tool also promises to offer protection from zero-day exploits adding "Automatic Exploit Prevention technology" that is designed to address some of the most sophisticated threats. 

"When developing the new versions of our home user products we paid particular attention to the users' needs as well as the threats they face," said Eugene Kaspersky, chief executive of Kaspersky. Kaspersky Internet Security 2013 and Kaspersky Anti-Virus 2013 are set to be released on 28 August, costing £39.99 and £29.99 respectively. Final Versions of Kaspersky Internet Security and Kaspersky Anti-Virus, that fully support Windows 8, will be available immediately upon the release of Windows 8. Meanwhile, for testing purposes, the Technical Preview of Kaspersky Internet Security has been released  that is designed for Windows Consumer Preview. This version of the product is exclusively intended for installation on Windows Consumer Preview, and the product has only been distributed to the most active testers. 

To Download Kaspersky Internet Security 2013 Build (Compatible with Windows 8) Click Here

-Source (Kaspersky & V3)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime"https://www.voiceofgreyhat.com/2012/08/Kaspersky-Unveils-Internet-Security-2013.html</a>

SQL Server 2008 R2 Service Pack 2 (SP2) Released & Available To Download

SQL Server 2008 R2 Service Pack 2 (SP2) Released & Available To Download

The software giant Microsoft announced the availability of SQL Server 2008 R2 Service Pack 2 (SP2). SQL Server 2008 R2 SP2 contains fixes to issues that have been reported through customer feedback platforms and Hotfix solution provided in SQL Server 2008 R2 SP1 Cumulative Update 1 thru to Cumulative Update 5. Service Pack 2 also includes supportability enhancements and issues that have been reported through Windows Error Reporting system. The update fixes several bugs with the product, most notably a problem that could cause a deadlock of the server when synchronising database logs to another server. A bug that prevented users of the JDBC Driver to connect to the server when using JRE 6 update 29, or later, was also fixed. A problem where users receive "incorrect results" when running "a complex query" which contains joins and aggregate functions and uses the DISTINCT statement has been fixed, but Microsoft is not offering any further details on it. Other patches correct false error reports, fix problems with the server's update install mechanism and more.

Both the Service Pack and Feature Pack updates are available for download on the Microsoft Download Center. As part of the continued commitment of Microsoft to software excellence for the customers, this upgrade is free and doesn't require an additional service contract. Microsoft SQL Server 2008 R2 SP2 also addresses a few key customer requests:

• Reporting Services Charts Maybe Zoomed & Cropped 
  Customers using Reporting Services on Windows 7 may sometime find charts are zoomed in and cropped. To work around the issue some customers set ImageConsolidation to false.
• Batch Containing Alter Table not Cached 
  In certain situations with batch files containing the alter table command, the entire batch file is not cached.
• Collapsing Cells or Rows, If Hidden Render Incorrectly 
  Some customers who have hidden rows in their Reporting Services reports may have noticed rendering issues when cells or rows are collapsed. When writing a hidden row, the Style attribute is opened to write a height attribute. If the attribute is empty and the width should not be zero.

Customers are highly encouraged to stay on a supported service pack to ensure they are on the latest and most secure version of SQL Server 2008 R2. The Service Pack is freely available for download from Microsoft's Download Center. We would like to share with you that, earlier in this year Microsoft has released SQL Server 2012 , and the Evaluation edition of SQL Server 2012 is also freely available to download from Microsoft. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SQL Server 2008 R2 Service Pack 2 (SP2) Released & Available To Download"https://www.voiceofgreyhat.com/2012/08/SQL-Server-2008-R2-SP2-Released.html</a>

Zero-Day Vulnerability Found in The Server Monitoring Software of HP

Zero-Day Vulnerability Found in The Server Monitoring Software of HP

After the massacre of HP LaserJet Printers yet again another product of HP (server monitoring software) has been infected with zero-day vulnerability. Hewlett-Packard have already issued a security warning to its customers about two security vulnerabilities in its Operations Agent server monitoring software. The vulnerabilities were reported to HP by Luigi Auriemma via TippingPoint's Zero Day Initiative (ZDI). According to the company, unspecified errors in the enterprise software for AIX, HP-UX, Linux, Solaris and Windows can be exploited by a remote attacker to compromise a vulnerable system and execute arbitrary code. Both of these errors have a CVSS 2.0 (Common Vulnerability Scoring System) base score of 10.0, the highest.

Versions prior to 11.03.12 on all supported platforms are affected; upgrading to 11.03.12 corrects the problems. A full list of affected versions, and patch download information can be found in the company's security advisory. HP advises all administrators to install the patches as soon as possible. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability Found in The Server Monitoring Software of HP"https://www.voiceofgreyhat.com/2012/07/zero-day-vulnerability-found-in-server.html</a>

#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)

#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)

After the success of Goa, now its the preparation time for nullcon Delhi to showcase cutting edge security technologies and discuss new attack vectors and security threats among the Corporate world and the Government sector. The event brings together thought leaders, Corporates, Government and security professionals all under one roof. Being the official media partner, Team Voiceofgreyhat wishes all the very best for Nullcon Delhi 2012.

Categories:-

The talk time duration includes time for questions and answers (5-10 minutes).

1. Research Category (40 mins - 1 hr) - is a deep knowledge technical track that includes new research, tools, vulnerabilities, zero days or exploits.
   
2. Technical Category (30 mins - 1 hr) - comprises of known security issues, case studies, twist to an existing research, tool, vulnerability, exploit or research-in-progress. Although this track is fairly technical, it covers known techniques and analysis and is specially created for security professionals who are not too much into new research, are auditors, management professionals and newbies.
   
3. Desi Jugaad (1 hr) - is our signature research category talk and includes any local Indian/Asian hacks.

Submission Topics:-

1. One of the topics of interest to us is Desi Jugaad(Local Indian/Asian Hack) and has a separate track of its own. Submissions can be any kind of local hacks that you have worked on (hints: electronic/mechanical meters, automobile hacking, Hardware, mobile phones, lock-picking, bypassing procedures and processes, etc. Be creative!)
   
2. The topics pertaining to security and hacking in the following domains(but not limited to):
• Hardware Hacking(ex: RFID, Magnetic Strips, Card Readers, Mobile Devices, Electronic Devices)
• Tools/exploits/Zero-days (noncommercial)
• Programming/Software Development security and weaknesses
• Network vulnerabilities.
• Information Warfare, cyber espionage, cyber crime, cyber laws
• Malware, Botnets
• Web attacks and application hacking
• New attack vectors
• Mobile malware, vulnerabilities, exploits, VOIP and Telecom
• Virtualization security, hacking VMs, breaking out of VMS etc
• Cloud security, threats and exploitation
• Critical Infrastructure
• Satellite hacking
• Forensics

Submission Format:-

Email the paper to : cfp@nullcon.net
The subject should be : CFP Delhi 2012 <Paper Title>
Email Body :

1. Name
2. Handle
3. Track (& Time required in case of General/Business track)
4. Paper Title
5. Country(and City) of residence
6. Organization and Designation
7. Contact Number
8. Have you presented or submitted this paper at any other conference(s) or magazine(s)?
   Yes, No. If yes, where? and how this submission is different from the previous ones. Note that new research talks already given elsewhere or are due to be given elsewhere prior to nullcon will be considered as Technical category talks unless they consist of cutting edge and ground breaking technology, which is at the judgment of the review committee.
9. Are you releasing an open source tool?
   Yes/No. (If yes, please include the source code for review)
10. Are you releasing an exploit?
    Yes/No. (If yes, please include the source and vulnerability details for review)
11. Are you releasing a new vulnerability/Zero-day?
    Yes/No. (If yes, please send us the details, including reproduction procedure, for review)
12. Why do you think your paper is different/innovative (for all tracks) and how does it qualify as new work/research(for Research track only)?
13. Are there any live demonstrations (These earn you good points during review)?
    Yes/No. (If Yes, how many? Also please explain each demo)
14. Brief Profile ( less than 500 Words)
15. Paper Abstract - Please provide detailed working or your research/work. The more details you provide the better it is for the reviewers. Please keep the abstract to the point. Please do not try to hide the technical details or say “I can't disclose it till bla bla” as it does not help the reviewers in any way and may give your paper a low score because of insufficient information available in the abstract.
16. Your high resolution photo (attached)

Important Dates:-

CFP Opens: 25^th April 2012
1st round of Speaker list Online: 10^th June 2012
CFP Closing Date: 30^th June 2012
Final speakers List online: 10^th July 2012
Conference Dates: 26^th-29^th September 2012 

For Detailed Information Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)"https://www.voiceofgreyhat.com/2012/06/cfp-call-for-papers-nullcon-delhi-2012.html</a>

Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities

Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities

It seems Adobe remained very busy while issuing security updates in their products. Few days ago Adobe closed a newly found Zero-day hole in its popular Flash Player program. Now it comes the time for Photoshop, Adobe released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. In the case of the Windows and Mac versions of Adobe Photoshop, a vulnerability exists in version CS5 and earlier that could be exploited by a malicious attacker who tricks you into opening a boobytrapped .TIF file in order to take control of your computer.

Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. This upgrade resolves a use-after-free TIFF vulnerability that could lead to code execution (CVE-2012-2027, Bugtraq ID 52634, which references: www.securityfocus.com/bid/52634/).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities"https://www.voiceofgreyhat.com/2012/05/security-bulletin-for-photoshop-adobe.html</a>

Adobe Plugged Newly Found Zero-day Hole In Flash Player

Adobe Plugged Newly Found Zero-day Hole In Flash Player

Adobe warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug. The vulnerability allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file. Adobe released security updates for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only. 

Affected Software Version :- 

• Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux operating systems
• Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x

Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9. For detailed information and to see the security bulletin of Adobe click here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Plugged Newly Found Zero-day Hole In Flash Player"https://www.voiceofgreyhat.com/2012/05/adobe-plugged-newly-found-zero-day-hole.html</a>

AnonBin - Anonymous Started A New & Secure Alternative of PasteBin

AnonBin - Anonymous Started A New & Secure Alternative of PasteBin 

Hacker collective Anonymous has started a brand new site which will allow users to post material without fear of being tracked down. Anonymous described the new site, dubbed AnonPaste or AnonBin, as a safer site than Pastebin.com, which has been widely used by hackers to post evidence of their exploits. Earlier this month Jeroen Vader, the owner of Pastebin says he planed the make Pastebin censored, and also they will help to crack down hackers who misused pastebin while exposing serious & confidential data. The entire hacker community did maximum criticism of this step, so to keep the anonymity hacker collective Anonymous has started AnonBin which is an opensource online pastebin based off of Zerobin software where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. In a joint statement issued Tuesday, Anonymous and a group calling itself the People’s Liberation Front said the new site will allow people to post any material with complete anonymity while keeping the user's identity safe. 

Press Release:- 

"Anonymous and the Peoples Liberation Front are proud to announce a totally secure and safe alternative to the now infamous PasteBin service. AnonPaste - www.AnonPaste.tk As many might be aware, PasteBin has been in the news lately for making some rather shady claims as to what they are willing to censor, and when they are willing to give up IP addresses to the authorities. And as a recent leak of private E-Mails show clearly, PasteBin is not only willing to give up IP addresses to governments - but apparently has already given many IPs to at least one private security firm. And these leaked E-Mail's also revealed a distinct animosity towards Anonymous. And so the PLF and Anonymous have teamed up to offer a paste service truly free of all such nonsense. 

Here is a brief list of some of the features of AnonPaste: 

1) No connection logs, period. 

2) All pastes are encrypted BY THE BROWSER using 256 bit AES encryption. This means there is no usable paste data stored on the server for the authorities or anyone else to seize. 

3) No moderation or censorship. Because the data on our servers is unreadable by us (or anyone), the responsibility for the legality or appropriateness of any paste is the sole responsibility of the person posting. So there will be no need for us to police this service, and in fact we don't even have the ability of deleting any particular paste. 

4) No advertisements. This service will be totally user supported through donations. Links for this are available on the web site. 

Paste services have become very popular, and many people want to post controversial material. This is especially so for those involved in Information Activism. We feel that it is essential that everyone, and especially those in the movement - have a safe and secure paste service that they can trust with their valuable and often politically sensitive material. As always, we believe in the radical notion that information should be free. SIGNED -- Anonymous and the Staff of the Peoples Liberation Front PLF - www.PeoplesLiberationFront.net ..."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">AnonBin - Anonymous Started A New & Secure Alternative of PasteBin"https://www.voiceofgreyhat.com/2012/04/anonbin-anonymous-started-new-secure.html</a>

Vulnerability Found in Rediff Job Search

Vulnerability Found in Rediff Job Search 

Official website of Rediff Job Search is vulnerable to non-persistent cross site scripting attacks. An Indian hacker code named "Zero" has found this vulnerability. This security issue is already been forwarded to the web-master but still the vulnerability status is un-patched. To know the link click here. This is not the first time, earlier he has figure out XSS vulnerability in many high profile sites like Discovery.com, novell.com & many other important Govt sites.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Vulnerability Found in Rediff Job Search"https://www.voiceofgreyhat.com/2012/04/vulnerability-found-in-rediff-job.html</a>

Zero-day Vulnerability in "Cloud" Revealed at TakeDown Conference

 Zero-Day Vulnerability in "Cloud" Revealed at TakeDown Conference

 

Almost every IT companies across the globe acknowledging "Cloud" technology to store large amount of data while reducing the cost. Also almost 99% of them assumes that data is being stored offsite it is securely preserved and they no longer have to worry about risk. But this assumption proved wrong when security experts at TechDown Conference reveled zero-day vulnerability in Cloud. “Au contraire. Risk cannot be outsourced,” says professional ethical hacker, Dave Chronister of Parameter Security (St. Louis, MO). Mr. Chronister went onto say, “It’s because of this mindset that hackers are preying upon the cloud and are gaining control of huge stores of information through a single attack” - which is exactly what Mr. Chronister recently did. Mr. Chronister went onto say, “During a recent cloud security audit, I was able to identify a zero day exploit and within minutes gained access to the cloud sphere and every system that was on that cloud—giving me complete control. Needless to say, the client was shocked because they were touting their cloud offering as 100% secure.”
Bringing his real-world cloud hacking experience to event goers at TakeDownCon in Dallas in May, his presentation entitled “The Cloud is a Smoke Screen” provides eye-opening information about the false sense of security cloud providers and users possess. Specifically, Chronister’s presentation will:-

• Expose various cloud vulnerabilities

• Address cloud security issues

• Provide insight into selecting cloud providers and questions to ask with     regards to data security, risk and incident response

• Offer ways to successfully implement your own cloud solution and mitigate risk

• Share his real-world experiences hacking multiple cloud environments

• And much more

-Source (TechDown)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-day Vulnerability in "Cloud" Revealed at TakeDown Conference"https://www.voiceofgreyhat.com/2012/04/zero-day-vulnerability-in-cloud.html</a>

Edward Pearson Sent To Jail For Stealing 8Million Customers Banking & PayPal Details

Edward Pearson (23 Years Aged Hacker) Sent To Jail For Stealing 8Million Customers Banking & PayPal Details

A 23 years aged hacker from UK named Edward Pearson has been sent to prison to pilfer eight million personal identities (ID fraud). Between January 1 2010 and August 30 2011, he used of malicious computer programs to get his hands on - wait for it - eight MILLION personal identities. According to report he used highly sophisticated cyber-weapons such as Zeus and SpyEye, to hunt down personal details on the Internet. 

One of his programs scanned through 200,000 accounts registered to online payment service PayPal - identifying names, passwords and current balances. Luckily, Pearson got caught after only making a £2,400 ($3,800 USD). The authorities estimate he could have walked away with as much as £800,000 ($1.3M USD).  Authorities were alerted to the problem when his 21-year-old girlfriend, Cassandra Mennim, used stolen credit cards to book rooms at the upmarket Cedar Court Grand and Lady Anne Middleton Hotels. Investigators looking into the case eventually identified him as G-Zero on hacking forms. Pearson has been jailed for 26 months, whilst girlfriend Cassandra Mennim admitted two counts of obtaining services dishonestly and was given 12 months’ supervision.

-Source (NS & DailyMail)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Edward Pearson Sent To Jail For Stealing 8Million Customers Banking & PayPal Details"https://www.voiceofgreyhat.com/2012/04/edward-pearson-sent-to-jail-for.html</a>

Wireshark (Network Protocol Analyzer) 1.6.6 Released

Wireshark (Network Protocol Analyzer) 1.6.6 Released 

Again we have 2 updated version of Wireshark (Wireshark 1.4.12 & 1.6.6) - It is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. Wireshark is widely used by system admins and also cyber criminals as because Wireshark has the capability to sniffing packets. Earlier we have discussed several times about Wireshark. The current stable release of Wireshark is 1.6.6. It supersedes all previous releases, including all releases of Ethereal. For a complete list of system requirements and supported platforms, please consult the User's Guide. Information about each release can be found in the release notes.

Official change log for Wireshark 1.6.6:-
Bug Fixes:-
The following vulnerabilities have been fixed:-

• wnpa-sec-2012-04: The ANSI A dissector could dereference a NULL pointer and crash. (Bug 6823)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• wnpa-sec-2012-05: The IEEE 802.11 dissector could go into an infinite loop. (Bug 6809)

• Versions affected: 1.6.0 to 1.6.5.

• wnpa-sec-2012-06: The pcap and pcap-ng file parsers could crash trying to read ERF data. (Bug 6804)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• wnpa-sec-2012-07: The MP2T dissector could try to allocate too much memory and crash. (Bug 6804)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• The Windows installers now include GnuTLS 1.12.18, which fixes several vulnerabilities.

The following bugs have been fixed:-

• ISO SSAP: ActivityStart: Invalid decoding the activity parameter as a BER Integer. (Bug 2873)

• Forward slashes in URI need to be converted to backslashes if WIN32. (Bug 5237)

• Character echo pauses in Capture Filter field in Capture Options. (Bug 5356)

• Some PGM options are not parsed correctly. (Bug 5687)

• dumpcap crashes when capturing from pipe to a pcap-ng file (e.g., when passing data from CACE Pilot to Wireshark). (Bug 5939)

• Unable to rearrange columns in preferences on Windows. (Bug 6077) (Note: this bug still affects the 64-bit package)

• No error for UDP/IPv6 packet with zero checksum. (Bug 6232)

• Wireshark installer doesn’t add access_bpf in 10.5.8. (Bug 6526)

• Corrupted Diameter dictionary file that crashes Wireshark. (Bug 6664)

• packetBB dissector bug: More than 1000000 items in the tree — possible infinite loop. (Bug 6687)

• ZEP dissector: Timestamp not always displayed correctly. Fractional seconds never displayed. (Bug 6703)

• GOOSE Messages don’t use the length field to perform the dissection. (Bug 6734)

• Ethernet traces in K12 text format sometimes give bogus “malformed frame” errors and other problems. (Bug 6735)

• max_ul_ext isn’t printed/decoded to the packet details log in GTP protocol packet. (Bug 6761)

• non-IPP packets to or from port 631 are dissected as IPP. (Bug 6765)

• lua proto registration fails for uppercase proto / g_ascii_strdown problem. (Bug 6766)

• no menu item Fle->Export->SSL Session Keys in GTK. (Bug 6813)

• IAX2 dissector reads past end of packet for unknown IEs. (Bug 6815)

• TShark 1.6.5 immediately crashes on SSL decryption (every time). (Bug 6817)

• USB: unknown GET DESCRIPTOR response triggers assert failure. (Bug 6826)

• IEEE1588 PTPv2 over IPv6. (Bug 6836)

• Patch to fix DTLS decryption. (Bug 6847)

• Expression… dialog crash. (Bug 6891)

• display filter “gtp.msisdn” not working. (Bug 6947)

• Multiprotocol Label Switching Echo – Return Code: Reserved (5). (Bug 6951)

• ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972)

• Adding a Custom HTTP Header Field with a trailing colon causes wireshark to immediately crash (and crash upon restart). (Bug 6982)

• Radiotap dissector lists a bogus “DBM TX Attenuation” bit. (Bug 7000)

• MySQL dissector assertion. (Ask 8649)

• Radiotap header format data rate alignment issues. (Ask 8649)

Updated Protocol Support:-
ANSI A, BSSGP, DIAMETER, DTLS, GOOSE, GSM Management, GTP, HTTP, IAX2, IEEE 802.11, IPP, ISAKMP, ISO SSAP, MP2T, MPLS, MySQL, NTP, PacketBB, PGM, Radiotap, SSL, TCP, UDP, USB, WSP

New and Updated Capture File Support:-
Endace ERF, Pcap-NG, Tektronix K12

To Download Wireshark Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark (Network Protocol Analyzer) 1.6.6 Released"https://www.voiceofgreyhat.com/2012/03/wireshark-network-protocol-analyzer-166.html</a>

Free Database Activity Monitoring Tool By McAfee

Free Database Activity Monitoring Tool By McAfee

McAfee - one of the world's leading security company & Antivirus developer has launched a free security tool designed to help businesses monitor and manage MySQL database deployments. According to McAfee-

McAfee Database Activity Monitoring automatically finds databases on your network, protects them with a set of preconfigured defenses, and helps you build a custom security policy for your environment — making it easier to demonstrate compliance to auditors and improve critical asset data protection. Database Activity Monitoring cost-effectively protects your data from all threats by monitoring activity locally on each database server and by alerting or terminating malicious behavior in real time, even when running in virtualized or cloud computing environments.
Comprehensive threat protection — Protect even your unpatched databases against zero-day attacks by blocking attacks that exploit known vulnerabilities and terminating sessions that violate your security policies.
Detailed audit trail reports — Audit trail reports are available to meet SOX, PCI, and other compliance audit requirements. During post-incident forensic analysis, this audit trail can help you understand the amount of lost data and gain greater insight into malicious activity.
Streamlined patching with no required downtime — Applying missing patches and fixing misconfigurations found by the Database Activity Monitoring vulnerability scan will improve the security posture of your databases immediately without requiring any downtime via McAfee’s virtual patching technology.

For more information & to download McAfee Database Activity Monitoring Tool click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Free Database Activity Monitoring Tool By McAfee"https://www.voiceofgreyhat.com/2012/03/free-database-activity-monitoring-tool.html</a>

Official Website of National Geographic is Vulnerable

Official Website of National Geographic is Vulnerable

Vulnerability found by an Indian hacker named Akshay AKA 0z0n3 in the official website of National Geographic. According to the hacker Nat Geo is vulnerable to non-persistent XSS. The vulnerability has also been reported to the Nat Geo but still the status is unfixed. To know the vulnerable link click here. Also we would like to give you reminder that earlier in 2011 another Indian hacker named Zero has found XSS in the official website of Discovery.com. 

Brief About National Geographic:- Is a commercially abbreviated and trademarked as Nat Geo, is a subscription television channel that airs non-fiction television programs produced by the National Geographic Society. Like History and the Discovery Channel, the channel features documentaries with factual content involving nature, science, culture, and history. The channel is owned primarily by Fox Cable Networks, a division of News Corporation. Its primary sister network worldwide, including the United States.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Official Website of National Geographic is Vulnerable"https://www.voiceofgreyhat.com/2012/03/official-website-of-national-geographic.html</a>

Professor Warner Helps FBI To Crack "Trident Breach" ($70 Million Cyber-crime Ring)

Professor Warner Helps FBI To Crack "Trident Breach" ($70 Million Cyber-crime Ring)

Earlier in 2008 cyber criminals have managed to steal more than  $70 million from the payroll accounts of some 400 American companies and organizations – all from the safety of their homes in Eastern Europe. The case was known to us as "Trident Breach". As expected FBI was inspecting that case but hardly get success. 

At the beginning of 2008, the group of hackers compromised hundreds of thousands of Americans computers using a malicious computer “Trojan” bug called ZeuS. When computer users clicked on certain attachments and e-mail links, ZeuS infected their computers. ZeuS is designed to zero in on users’ bank information. For example, when a user visits a bank website, ZeuS knows; and since it is a key logger program, it records the user's keystrokes as he or she enters usernames and passwords. It then sends that information by instant text message to waiting hackers, who then have access to the compromised accounts. Henry is one of the country’s top cybercrime fighters. He says Americans are increasingly prone to “virtual gangs” prying on people’s personal data stored on their computers. In late 2008, they created some 3000 money mules, many of them unwitting Americans, by luring them into work-at-home jobs requiring "employees" to open bank accounts.

Later FBI appoint Prof. Gary Warner of the University of Alabama at Birmingham, who teaches a program that combines computer forensics and justice studies. Warner is also a member of the little-known FBI-affiliated group called InfraGard, comprising some 50,000 members across the United States who keep an eagle eye on U.S . critical infrastructure: power plants, water supply, security and financial services…and the Internet. After the entry of Warner the investigation turns. Warner said hackers transferred cash from business payroll-type "ACH" (Automated Clearing House) accounts to the mule accounts and the mules sent the cash by Western Union or MoneyGram to Eastern Europe, taking eight or 10 percent commission. So stealthy was their ZeuS operation, neither the hackers nor the mules had counted on getting caught. But, using complex data mining techniques, Prof. Warner established links between ZeuS-infected computers and traced the origins of the mass infection to Ukraine; and many of the hackers and their mules were caught. And after the FBI published a wanted poster of the students, Warner’s students began using what they’d learned in class to track the criminals. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Professor Warner Helps FBI To Crack "Trident Breach" ($70 Million Cyber-crime Ring)"https://www.voiceofgreyhat.com/2012/03/professor-warner-helps-fbi-to-crack.html</a>