Showing posts with label Cyber News. Show all posts
Showing posts with label Cyber News. Show all posts
Monday, 14 April 2014
Labels:
Cyber News
Read More
Flickr vulnerable to SQL Injection and Remote C0de Execution Flaw
Yahoo-owned Flickr, one of the biggest online photo management and sharing website in the world was recently impacted by critical web application vulnerabilities, which left website's database and server vulnerable hackers.
Ibrahim Raafat, a security researcher from Egypt has found SQL injection vulnerabilities on Flickr Photo Books, new feature for printing custom photo books through Flickr that was launched 5 months ago.
He claimed to have found two parameters (page_id , items) vulnerable to Blind SQL injection and one (i.e.order_id) Direct SQL Injection that allowed him to query the Flickr database for its content by the injection of a SQL SELECT statements.
A Successful SQL exploitation could allow an attacker to steal the Database and MYSQL administrator password.
Furthermore, Flickr's SQL injection flaws also facilitate the attacker to exploit remote code execution on the server and using load_file(“/etc/passwd“) function he was successfully managed to read the content from the sensitive files on the Flickr server, as shown below:
In addition to this, Ibrahim was able to write new files on the server that let him upload a custom 'code execution shell'.
Video Demonstration:
He reported the vulnerability to Yahoo which have been patched.
Sunday, 13 April 2014
Labels:
Cyber News
Read More
MANY FILGHTS WERE CANCELED DUE TO THE DDOS ATTACK BY ANONGHOST and ANONSEC HACKERS (OPISRAEL)
As the opisrael is continued on second day,as anonghost and anonsec hackers attacked on airport websites which made cancellations many flights for several hours though some flights were delayed,and radars of airport were also jammed,which makes airports ideal place.we seems this is a largest cyber war on israeli cyberspace.Almost 80% websites are attacked by anonghost and anonsec hackers(opisrael 2014)
.as they said this war will ended on 10th of april 2014 according to the world time....
Saturday, 12 April 2014
Labels:
Cyber News
Read More
Researchers Get $10,000 for Hacking Google Server with Malicious XML!!
A critical vulnerability has been uncovered in Google that could allow an attacker to access the internal files of Google’s production servers. Sounds ridiculous but has been proven by the security researchers from Detectify.
The vulnerability resides in the Toolbar Button Gallery (as shown). The team of researchers found a loophole after they noticed that Google Toolbar Button Gallery allows users to customize their toolbars with new buttons. So, for the developers, it is easy to create their own buttons by uploading XML files containing metadata for styling and other such properties.
This feature of Google search engine is vulnerable to XML External Entity (XXE). It is an XML injection that allows an attacker to force a badly configured XML parser to "include" or "load" unwanted functionality that can compromise the security of a web application.
“The root cause of XXE vulnerabilities is naive XML parsers that blindly interpret the DTD of the user supplied XML documents. By doing so, you risk having your parser doing a bunch of nasty things. Some issues include: local file access, SSRF and remote file includes, Denial of Service and possible remote code execution. If you want to know how to patch these issues, check out the OWASP page on how to secure XML parsers in various languages and platforms," the researchers wrote on a blog post..
Using the same, the researchers crafted their own button containing fishy XML entities. By sending it, they gain access to internal files stored in one of Google's production servers and managed to read the “/etc/passwd” and the “/etc/hosts” files from the server.
By exploiting the same vulnerability the researchers said they could have access any other file on their server, or could have gain access to their internal systems through the SSRF exploitation.
The researchers straight away reported the vulnerability to the Google’s security team and rewarded with $10,000 (€7,200) bounty for identifying an XML External Entity (XXE) vulnerability in one of the search engine’s features.
Wednesday, 9 April 2014
Labels:
Cyber News
Last week Apple releases the iPhone 5S with Touch ID, a fingerprint-scanning feature, promoted by the company as "Your fingerprint is one of the best passwords in the world".
Read More
iPhone 5s Users Fooled By Apple, NSA and A Fake middle finger
Just after the launch of iOS7, Hackers around the world come up with a series of security issues andprivacy concerns.
One of the most embarrassing hack released yesterday, when a group of German Hackers fooled the iPhone's biometric fingerprint security by just using a high resolution photo of someone’s fingerprint.
Now, We all are aware about many secret surveillance projects of NSA like PRISM, where U.S.government is collecting data from these Internet companies including - Apple.
Apple claimed that, iPhone will never upload fingerprints to their server, but can we believe them anymore ?
It is already proven that, During Surveillance operations and for Backup purpose, Smartphone applications can upload anything from your device to their online servers without any special permission or user interaction, So why they will not upload your Fingerprint scans too ??
In Only this weekend, over 9 million new iPhones devices sold in International Market. In the name of stopping terrorism, NSA now manages to create a database of Fingerprints, of more than 9 million users, which will turn billions in a month.
Monday, 7 April 2014
Labels:
Cyber News
Read More
Pakistani Hacker Arrested for Hacking Telecom Company Database
Pakistan’s Federal Investigation Agency (FIA) has arrested a Pakistani Hacker allegedly involved in hacking into a telecom company and uploaded their database on his website.
With the help of the National Response Center for Cyber Crime (NR3C) of Pakistan’s Federal Investigation Agency, the local authorities were able to trace and arrest the hacker suspected of infiltrating into the systems of Warid Telecom, an Abu-Dhabi-based telecoms company that provides services in Congo, Pakistan and Uganda.
The suspect, Mubashar Shahzad, a resident of Kasur, is believed to have downloaded Warid Telecom’s customer information from the company’s databases and exposed it online, which was published onearlysms.com, a site hosted with HosterPK.
Investigation started after one of the senior manager of a cellular company filed a complaint saying the ‘information of its consumers till 2006 had been exposed over the internet.’
“A technical/forensic analysis found that the website was being hosted by hosterpk. The FIA traced the IP address, email address and phone number of the suspect through the host company,” Usman Anwar, the Director of FIA, told The Express Tribune...
The suspects IP address was traced to a shop in Ghalla Mandi, Kasur, from where the authorities arrested the suspect Mubashar Shahzad. The Investigation Team also detected and seized Shahzad’s computers which contained folders named ‘Warid Data’. In addition to that, two desktop systems, hard drives and portable Hard drives were also seized by the authorities.
The website on which the stolen data was posted by the hacker has now been shut down.
Sunday, 6 April 2014
Labels:
Cyber News
Read More
Worst Data Breach in German History 18 Million Email Passwords Compromised
Germany has confirmed its biggest Data theft in the country's history with usernames and passwords of some 18 million email accounts stolen and compromised by hackers.
The Story broke by the German press, Der Spiegel on Thursday, when German Authorities revealed another mass hacking of private data belonged to German citizens and major Internet companies both in Germany and abroad.
16 MILLION AND NOW 18 MILLION
Authorities in the northwestern city of Verden unearthed a treasure of personal information, a list of about 18 million stolen email addresses and passwords, and seized it just after only two months from the previous major data breach, when researchers came across 16 million compromised email accounts of German users while conducting research on a botnet, a network of computers infected with malware.
The accounts were compromised by hackers in the mid of January, and Der Spiegel suggests that the same group of hackers is responsible for both thefts and that they may be based in one of the Baltic countries.
MILLION ON SPAM .. SHOP... THEFT !!!
According to Investigators, some of the accounts are used to send spam emails and some combinations of email and password are used for online shopping portals, as these mass of stolen personal information could also be used to obtain the financial details of users account.
To help in securing the Internet users, German authorities warned to take additional security measures to prevent cyber criminals using their data while shopping online.
"It is suspected that these stolen records are being actively misused," said Lutz Gaebel, spokesman of the prosecutor's office in Verden.
SOURCE OF DATA
Till now, It has not been revealed by the investigators that how much they know about this massive data Breach and How the attackers get their evil hands on the personal data of over 18 million users. Lutz Gaebel declined to give more information due to the ongoing investigation.
It is estimated that at least three million of the accounts belonged to German citizens and some of the compromised email accounts have international domain extensions such as ‘.COM’. But in real, the number could be much larger than the visible one as the investigation is ongoing.
The German prosecutor investigating the latest major data theft informed the country's IT watchdog, Federal Office for Information Security (BSI), to introduce additional security measures to help the Internet users...
Friday, 4 April 2014
Labels:
Cyber News
Whatever you fail to detect, will cause your downfall...
Pakistan Haxors Crew is here to remind you of your security... Our fight is not against any individual but the system as a whole.. Should you choose to ignore security, it will reincarnate as your worst nightmare ! We just defaced your website to give you a chance to put your hands on it before others come and destroy it!Should you choose to ignore security, it will reincarnate as your worst nightmare !We just defaced your website to give you a chance to put your hands on it before others come and destroy it!
Read More
PMLN Official Website Hacked by PAK HAXOR CREW
Recently we got to know that H4$N4!N H4X0R defaced PMLN's official website. H4$N4!N H4X0R is a famous Pakistani hacker who have defaced many Pakistani government websites with different reasons , sometimes against corruption or sometimes against the security system.
This time H4$N4!N H4X0R defaced PMLN's official website against the web application security system as it was vulnerable to different kind of security attacks but the hacker hacked it and left a message which meant that "Secure your system before anyone destroys it" , as you can see the message left by hacker :
Pakistan Haxors Crew is here to remind you of your security... Our fight is not against any individual but the system as a whole.. Should you choose to ignore security, it will reincarnate as your worst nightmare ! We just defaced your website to give you a chance to put your hands on it before others come and destroy it!Should you choose to ignore security, it will reincarnate as your worst nightmare !We just defaced your website to give you a chance to put your hands on it before others come and destroy it!
The message left by hacker on deface clearly says that the hacker wanted PMLN to patch the security flaws in their website so no other hacker can hack and destroy there database and backup. As we know , this hacker has been defacing Pakistani government sites for several reasons but this time its PMLN , the most famous political part in Pakistan.
The Defaced Site with its mirror can be found below:
Friday, 28 March 2014
Labels:
Cyber News
Recently,A Pakistani hacker group going with the name "P4K-M4D-HUNT3R-Z" just hacked into the Punjab and Sind Bank Of India Official Website,
The hackers have left a page over there which shows that it was a Security Reminder as hacker don't have any wrong intentions regarding the website,
Hackers have just greeted there friends in the deface page with a message :
Read More
Punjab And Sind Bank of India Website Hacked by Pakistani Hacker Group
Recently,A Pakistani hacker group going with the name "P4K-M4D-HUNT3R-Z" just hacked into the Punjab and Sind Bank Of India Official Website,
The hackers have left a page over there which shows that it was a Security Reminder as hacker don't have any wrong intentions regarding the website,
Hackers have just greeted there friends in the deface page with a message :
"[#] YOur b0x gOt OwneD By | P4K-M4D-HUNT3R-Z
[#] Security Kiss It's Called Deep Love :D ! YOur WebseCurity Sucks
[#] I Was TryinG mY SkilLs On yOur WeBsite/seRVer :P
[#] And YOu knOw thE reSultS lOl :D
[#] FeeL thE pOweR Of A ScriPt kiDDie
[#] We aRE ReBel'S :)
[#] We aRE AkatSuki's
[#] Expect Us
Greets : "
The link of the hacked website is https://www.psbindia.com/x.html while the hacker have made mirror on zone-h,a popular hacktivism archive which can be found here http://zone-h.org/mirror/id/22108728
Labels:
Cyber News
Syrian Electronic Army Alias SEA claims to breached into the systems of United State Central Command (CENTCOM),the attack appears to be in response of US Intentions regarding to use cyber warfare on Syria.
Read More
Syrian Electronic Army Targets CENTCOM, Shows It Has Access to US Army Data
Syrian Electronic Army Alias SEA claims to breached into the systems of United State Central Command (CENTCOM),the attack appears to be in response of US Intentions regarding to use cyber warfare on Syria.
So far,the hackers have published few screenshots on there twitter account showing that they have access on Army Knowledge Online (AKO) servers,the AKO provides enterprise information services to the Army and Department of Defense customers,which provide classified and unclassified services to both,The image published by the SEA on Twitter shows that they have obtained information related to Department of Defense organizations, particularly Air Force operations.
The representatives on an Interview with The Tampa Tribune that "The hackers claims are totally bogus".
Bob Gourley, the former CTO of the Defense Intelligence Agency (DIA) and founder of Crucial Point LLC, has told The Tampa Tribune that the files shown in the screenshot published by the hacktivists appear to contain unclassified information.
Gourley says that if the SEA’s claims are true, they appear to have access to unclassified areas, not SIPRNet, the network used by the Department of Defense and the Department of State to transmit classified information. At this point, it would be more an embarrassment than a security concern.
However, the SEA argues that the screenshot it has published is only the beginning, claiming to have successfully penetrated “many central repositories.”
A lot more data will be published in the upcoming days, which, according to the pro-Assad hacktivists, will demonstrate that the breach is more serious than it appears at this point.
Labels:
Cyber News
Recently,very well known Hacker's group going with the name of AnonGhost hacked into the sub domain of Agricultural Research Organization of Israel (ARO),
Hackers in his post on a Social Network reflected the word "Warning for the 7th April #OpIsraelBirthday" seems like they are preparing something big for Israel as they have already launched successful uncountable Op's against Israel,this time the Damage will be massive,they always support "FREE PALESTINE"
The Hacked domains is http://app.agri.gov.il/default.htm and the hacker made a mirror/proof of its hack on a hacktivism archive http://aljyyosh.org/mirror.php?id=116727,
The severity of damage is unknown that what sort of access 'Hackers' have on the targeted server,
Hackers in there deface page wrote :
"Hi Israel !
We always here to Punish you as we did on the last Operation 7 April and we back again to celebrate it
Because We are the voice of Palestine and we will not remain silent!!
Muslims are everywhere - We will enter to Palestine soon :) remember this :D"
Read More
Agricultural Research Organization Israel website sub domain hacked by Anonghost
Recently,very well known Hacker's group going with the name of AnonGhost hacked into the sub domain of Agricultural Research Organization of Israel (ARO),
Hackers in his post on a Social Network reflected the word "Warning for the 7th April #OpIsraelBirthday" seems like they are preparing something big for Israel as they have already launched successful uncountable Op's against Israel,this time the Damage will be massive,they always support "FREE PALESTINE"
The Hacked domains is http://app.agri.gov.il/default.htm and the hacker made a mirror/proof of its hack on a hacktivism archive http://aljyyosh.org/mirror.php?id=116727,
The severity of damage is unknown that what sort of access 'Hackers' have on the targeted server,
Hackers in there deface page wrote :
"Hi Israel !
We always here to Punish you as we did on the last Operation 7 April and we back again to celebrate it
Because We are the voice of Palestine and we will not remain silent!!
Muslims are everywhere - We will enter to Palestine soon :) remember this :D"
Thursday, 27 March 2014
Labels:
Cyber News
YouTube has been blocked in Turkey as a newly leaked recording of Turkey's Intelligence chief discussing possible military operations in Syria with the foreign minister and the deputy head of the armed forces.
Another leaked voice recording suggests that Prime Minister Tayyip Erdogan orchestrated the release of Baykal's (former Republican People's Party leader) sextape in 2010.
Erdogan also tried to block Twitter ahead of elections (with moderate success) and threatened to block Facebook. His ruling AKP party has been embroiled in a wide-ranging corruption scandal for months.
Read More
YouTube blocked in Turkey
YouTube has been blocked in Turkey as a newly leaked recording of Turkey's Intelligence chief discussing possible military operations in Syria with the foreign minister and the deputy head of the armed forces.
Another leaked voice recording suggests that Prime Minister Tayyip Erdogan orchestrated the release of Baykal's (former Republican People's Party leader) sextape in 2010.
Erdogan also tried to block Twitter ahead of elections (with moderate success) and threatened to block Facebook. His ruling AKP party has been embroiled in a wide-ranging corruption scandal for months.
Labels:
Cyber News
A Hacker using an on line moniker 'Seo' has been arrested for breaching into about Approx 25 Million accounts of NAVER,South Korea's largest web portal.
According to KoreanHerald,the hacker bought private information of 25 million people from an Anonymous Korean-Chinese in 2013.The hacker then used the same data to hack into NAVER accounts. The purchased data included names, Internet IDs (profiles), passwords and telephone/mobile numbers.
A computer programmer using on line moniker 'Hong' was also arrested for developing hacking programs including one that automatically enters emails and passwords to log in to NAVER.
The National Police Agency Of South Korea has decided to expend its investigation into 86 other peoples who have bought malicious computer programs developed by 'Hong'.
While,NAVER said :
"The company was not able to stop such attacks from outside sources. The best way to prevent such attacks would be changing the passwords on regular basis, so even if the accounts are compromised, the impact would be minimal."
Read More
Famous South Korean Search Portal NAVER Hacked
A Hacker using an on line moniker 'Seo' has been arrested for breaching into about Approx 25 Million accounts of NAVER,South Korea's largest web portal.
According to KoreanHerald,the hacker bought private information of 25 million people from an Anonymous Korean-Chinese in 2013.The hacker then used the same data to hack into NAVER accounts. The purchased data included names, Internet IDs (profiles), passwords and telephone/mobile numbers.
A computer programmer using on line moniker 'Hong' was also arrested for developing hacking programs including one that automatically enters emails and passwords to log in to NAVER.
The National Police Agency Of South Korea has decided to expend its investigation into 86 other peoples who have bought malicious computer programs developed by 'Hong'.
While,NAVER said :
"The company was not able to stop such attacks from outside sources. The best way to prevent such attacks would be changing the passwords on regular basis, so even if the accounts are compromised, the impact would be minimal."
Subscribe to:
Comments
(
Atom
)