Robot Pirates Injected Malware Into Zone-H



A group of hackers named Robot Pirates has injected a powerful malware which they had created. They tested it on zone-h.org which worked perfectly.
Video:

DPScan : Drupal Security Scanner Released


DPScan : Drupal Security Scanner Released
DPScan+Drupal+Security+Scanner+Released

The First Security scanner for Drupal CMS has been released by Ali Elouafiq, on his Blog. His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines.

This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type:

> python DPScan.py [website url]

You can download Drupal Security Scanner here.

Zero-Day Vulnerability In Flash Patched By Adobe


Zero-Day Vulnerability In Flash Patched By Adobe 
Yet another Zero day vulnerability found in Adobe Flash Player. Earlier hackers found zero-day exploit in flash player which can allow an attacker to hack you web-cam remotely later Adobe patched that. Before releasing Flash Player 11 Adobe issued new privacy policy and security update but now it seems that those are of zero use. 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Affected Version:- 
  • Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x

Later Adobe confirmed that and immediately released a patch to close the security hole. Through this security release Adobe also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Google's Chrome Web browser, which directly integrates Flash into its software (unlike competing browsers) also received an update to reflect Adobe's patch update. 
Recommendation From Adobe:- 
Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6. For further details click here.
Earlier in 2011 another Flash Player bug found in Blackberry OS & later fixed by the developer and also last year adobe closes serious security hole in Acrobat 9X & Adobe Reader.


Acunetix Web Vulnerability Scanner v8 Released


Acunetix Web Vulnerability Scanner v8 Released  
Earlier we have discussed various times about Acunetix. November last year the team has released Acunetix Web Vulnerability Scanner 8 BETA and now in February we finally got the most awaited Final resale of Acunetix 8. Before this final resale in January this year Release Candidate (RC) of Acunetix 8. Version 8 echoes years of counter-hacking experience through its new ability to lock hackers out by integrating scan results into Imperva’s Web Application Firewall, and by recognizing a new breed of vulnerabilities through new detection methods. Additionally, Acunetix WVS 8 takes vulnerability scanning to a new level by integrating smarter and more reliable automated features, making it quicker to launch a scan with less configuration required. In the official blog Mr. Nick Galea the CEO of Acunetix  told:- “Acunetix WVS 8 continues to set new standards for web vulnerability scanners. Web security exploit statistics are steadily on the rise — unfortunately not in favor of website owners — which is why version 8 of WVS focuses on providing a comprehensive solution to anyone wanting to make their online presence a safe one. Acunetix WVS 8′s high performance scanning engine provides even more accurate exploit detection, and coupled with the new automation enhancements securing a web application has never been easier. WVS 8 makes it clear why Acunetix is the number one choice for companies to audit and secure their websites.”

Features At a Glance:- 
* Manipulation of inputs from URLs:
Acunetix WVS can automatically identify URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.
Replace manual intervention with scanner intelligence
* Automatic custom 404 error page identification:
Acunetix WVS 8 can automatically determine if a custom error page is in use, and recognizes it without needing any recognition patterns to be configured before the scan.
Interpret IIS 7 rewrite rules automatically
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Fix vulnerabilities while locking hackers out
* Imperva Web Application Firewall integration:
An exciting co-operation between Imperva and Acunetix; WVS 8 scan results can be imported into an Imperva Web Application Firewall and interpreted automatically as firewall rules.
Use WVS 8 as a true security scanning workhorse
* Multiple instance support:
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites enabling further support for multi-user scenarios on the same server/workstation.
Re-scan without re-configuring
* Scan settings templates:
WVS 8 can save the settings for the scan of a specific application as a template, making it quick and easy to recall those exact settings for the same application each time it is scanned. This is particularly useful when auditing multiple sites, enabling the user to load the template for each site instead of re-configuring everything manually.
Launch a scan quicker than before
* Simplified Scan Wizard:
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Access your results from anywhere and everywhere
* Web-based scheduler:
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance, and thereby allowing scans to complete in less time.
Identify threats unseen by other black-box scanners
* New HTTP Parameter Pollution vulnerability class:
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Ensure complex scans will complete automatically and successfully
* Smart memory management:
The following settings have been added to optimise scanning efficiency:
Define number of files per directory
Limit number of subdirectories per website
Assign Crawler memory limit

Other New Features:-

  • Real time Crawler status (number of crawled files, inputs discovered, etc.)
  • Support for custom HTTP headers in automated scans
  • Configurable log file retention
  • Detailed Crawler coverage report
  • Scan status included in report

To Download Acunetix Web Vulnerability Scanner v8 Click Here

Mac OS X 10.8 Mountain Lion Developer Preview Released By Apple


Mac OS X 10.8 Mountain Lion Developer PreviewReleased By Apple


Apple released a developer preview of the next major release of its operating system named Mac OS X 10.8 Mountain Lion. If you are a registered Mac developer then you can test the new flavor of Apple. Not to mention in this release Apple has added lost of charming features among them Gatekeeper is really handy one at leat from security point of view. Apple says gatekeeper will "help prevent you from unknowingly downloading and installing malicious software". Some of other features included by apple are iCloud, AirPlay Mirroring, Messages, Reminders, Notification Center, Share Sheets, Twitter Integration, Game Center and so on.
Brief About Gatekeeper:-
The Gatekeeper feature has three levels of security for running applications downloaded from the Internet; "Mac App Store", "Mac App Store and identified developers" and "Anywhere". The first setting only runs applications downloaded from the Mac App Store, in a style similar to the iPhone only running apps from the App Store. Unlike the iPhone though, Gatekeeper lets users allow applications from other sources. The "Mac App Store and Identified Developers" option only allows applications from the store and from developers who have signed their program with an Apple-issued Developer ID, while "Anywhere" allows any program to be downloaded and run. It is unclear how Gatekeeper interacts with software loaded from other media, such as a USB memory stick or CD/DVD.

For More Information & To Download Mac OS X 10.8 Mountain LionDeveloper Preview Click Here

QualysGuard - OpenSource Tool To Detect Vulnerability in Videoconferencing Equipment


QualysGuard - OpenSource Tool To Detect  Vulnerability inVideoconferencing Equipment
Earlier we have discussed that researchers found serious vulnerability in video conferencing systems which can even allow hackers to listen into a company's confidential discussions. Now security professional from Qualys Community has released an open source Auto Detect tool based on python which is capable to detect vulnerabilities in all those equipment used in video conferencing. In the press release the developers said -
Customers can use QualysGuard in conjunction with the auto-detect.py tool to identify videoconferencing systems with 'auto-answer' enabled as follows:
  • Use QualysGuard scanner to find H.323 equipment. For existing scans, this can be achieved by creating a report filtered by service and port. If your existing scans are stale, you can do a selective scan on QID 82023 which lists all TCP services and then create a report filter.
  • Use the tool above to manually confirm if ‘auto-answer’ is enabled.
Once vulnerable videoconferencing systems are identified, QualysGuard and internal processes can be used to manage and reduce the risk of attack to these systems.
This videoconferencing vulnerability, like the printer vulnerability identified in January, is a timely reminder that, while most vulnerability management effort is focused on the core set of servers and end-user devices like PCs, it's important to consider the potential vulnerability of all devices in your network. 


To Download The Tool Click Here

FBI might shutdown the Internet on March 8

FBI might temporarily end the Internet. (AFP Photo / Sonny Tumbelaka)

Millions of computer users across the world could be blocked off from the Internet as early as March 8 if the FBI follows through with plans to yank a series of servers originally installed to combat corruption.
Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone. The US Federal Bureau of Investigation later stepped up by replacing the rogue Trojan with servers of their own in an attempt to remediate the damage, but the fix was only temporary. Now the FBI is expected to end use of those replacement servers as early as next month and, at that point, the Internet for millions could essentially be over.
When functioning as its creators intended, the DNSChanger Trojan infected computers and redirected users hoping to surf to certain websites to malicious ones. Traditionally, DNS, or Domain Name System, servers translate alphabetical, traditional website URLs to their actual, numeric counterpart in order to guide users across the World Wide Web. Once infected by the DNSChanger Trojan, however, websites entered into Internet browsers were hijacked to malicious servers and, in turn, directed the user to an unintended, fraudulent site.
In coordination with the arrests in Estonia, the FBI shut down the malicious DNSChanger botnet network, and, additionally, replaced them with surrogate servers to correct the problem. Those servers, however, were installed "just long enough for companies and home users to remove DNSChanger malware from their machines," according to the court order that established them. That deadline is March 8, and those surrogate servers are expected to be retired then. At that point, computers still infected with the Trojan will be essentially unable to navigate the Internet.
Who, exactly, will be affected? Security company IID (Internet Identity) believes that half of all Fortune 500 companies and more than two dozen major government entities in the US are still currently infected with the worm as of early 2012. Unless they take the proper steps to eradicate the Trojan from their systems, millions of users worldwide will be left hog-tied, helplessly attempting to navigate to nonexistent servers and, in effect, without the Web.
“At this rate, a lot of users are going to see their Internet break on March 8,” Rod Rasmussen, president and chief technology officer at Internet Identity, cautions Krebs On Security.
Currently, both the computer industry and law enforcement are working together through a coalition they’ve established called the DNSChanger Working Group. That group has been tasked with examining the options in phasing out the surrogate servers set up by the feds, but unless an alternative plan is agreed on, a great port of the Web will go dark next month.
“I’m guessing a lot more people would care at that point,” Rasmussen adds. While infected users are cautioned to correct the problem now, millions internationally are still believed to be infected. “It certainly would be an interesting social experiment if these systems just got cut off,” he adds.

Trinamool Congress Official Website Hacked


Trinamool Congress Official Website Hacked By Bangladesh Black-hat Hackers
All India Trinamool Congress official website get hacked. Hackers from Bangladesh take responsibility of this hack. This attack on the AITMC website is yet another out put of the ongoing cyber war between Bangladesh & India. This ongoing cyber war indeed causing lots of damages for India. Till more than 20K Indian websites get hacked including 30+ Indian Govt Sites, National Informatics Center (NIC), Indian Railways, Passport Dept, MIT, NDTV, Indian Stock Market and many more high profile websites. According to party resources the site was hacked on the 14th February evening and later restored to its original format. The site was hosted on a US server and during this attack the security has been penetrated. Party spokes man also confirmed that the vulnerability has been fixed. MP and party's cyber team head Derek O' Brien said "It was blocked for a few hours but there was no damage to the site. We have lodged a complaint with the cyber cell of the Kolkata Police to get to the bottom of the truth" 
In a statement Bangladesh Black-hat Hackers said that Mamata Banerjee had broken her promise on sharing of Teesta river water with the country. Which effect Bangladesh so they have performed the attack. In short it was a type of revenge.
This is not the first time earlier in 2011 hackers from Pakistan have hacked the official website of All India Congress, Bharatiya Janata Party (BJP) and so on. Also in an attack another Pak Hacker named KhantastiC haXor penetrated the official site of Indian Congress and defaced the Profile page of Party President Sonia Gandhi. Still Indian Govt is very careless about this burning issue. The rise of cyber crime is almost kissing the sky. And the status of Indian cyber security is in the disaster. The very out put is in front of us. Since the last week every day BD hackers penetrating Indian cyber fence very badly which is indeed causing lots of damage for the country not only reputation but also the country has caused lost of economical damage.If such things continues then in very coming future India have to face a massive disaster of National security including defense, army, secrete research areas and in many other sensitive sectors. 

Nortel Network Breached By Chinese Hackers, More Than 10 Years Data Stolen


Nortel Network Breached By Chinese Hackers, More Than10 Years Data Stolen
Nortel Networks- the Giant telecommunication farm who have wide access to have corporate computer network has been breached by Chinese hackers. While investigation it has been found that the hackers stolen seven passwords from the company's top executives - including the CEO - which granted them widespread access to the entire Nortel network. According to Brian Shields, a former 19-year Nortel veteran who led an internal investigation- China—penetrated Nortel's computers at least as far back as2000 and over the years downloaded technical papers, research-and-development reports, business plans, employee emails and other documents. Nortel's breach offers a rare level of detail about a type of international corporate espionage that is of growing concern to U.S. officials. A U.S. Nortel responded by changing affected passwords, but wound down an internal investigation into the breach after six months due to a lack of progress. Mike Zafirovski, who was Nortel's CEO between 2005-2009 said "we did not believe it was a real issue". Though the China government has denied allegations of cyberspying. When asked about Nortel specifically, the Chinese embassy in Washington issued a statement saying in part that "cyber attacks are transnational and anonymous" and shouldn't be assumed to originate in China "without thorough investigation and hard evidence."

FTP Server of Horde Breached, Hackers Installed Back-door in Horde Groupware & Webmail


FTP Server of Horde Breached, Hackers Installed Back-door in Horde Groupware & Webmail
Horde faced cyber attack. Developpers at Horde open source community confirmed that one of their FTP server has been breached. Attacker also infected various files stored on that ftp server. In their official statement Horde said :- "A few days ago we became aware of a manipulated file on our FTP server. Upon further investigation we discovered that the server has been hacked earlier, and three releases have been manipulated to allow unauthenticated remote PHP execution," they explained. "We have immediately taken down all distribution servers to further analyze the extent of this incident, and we have worked closely with various Linux distributions to coordinate our response."
The three files that were modified to include a backdoor are Horde 3.3.12, Horde Groupware 1.2.10 and Horde Groupware Webmail Edition 1.2.10., and users who have downloaded any of those since the start of November 2011 until February 7 (when the breach was discovered) are advised to download new, clean versions and reinstall their machines, or to upgrade to the more recent versions. For those who would like to be sure whether they were affected, the developers advise searching their Horde directory tree for the following signature: $m[1]($m[2]). Horde 4 users can breathe safely, as that file has not been manipulated. The developers also made sure to point out that they have replaced all the FTP and PEAR servers, and uploaded clean files.


Pentagon Increased Their Expense On Cyber Security (Issued in Budget 2013)


Pentagon Increased Their Expense On Cyber Security(Issued in Budget 2013)

Cyber security has become one of the most sophisticated area of National security and defense. So as expected  the Pentagon is taking this issue very seriously. In 2013 budget issued in Monday Pentagon confirms that they will increase their spending in this very topic. Although the full figure will not be released until later in the day, a preview offered by Defense Secretary Leon M. Panetta last month suggested that “cyber is one of the few areas in which we actually increased our investments.” The increased spending will include both defensive and offensive measures. A four-year review of U.S. defense policy directed “more investment” in “long-range strike, and space and cyber-space [capabilities] in order to project power, deter aggression, and come to the aid of allies and partners.”
Total federal spending on cybersecurity is set to grow at almost 9 percent a year over the next five years, increasing from just more than $9 billion in 2011 to about $14 billion in 2016, according to Herndon, Va.-based Deltek market research consultants. This compares to a 2 percent annual growth rate for federal spending on information technology in general, Deltek said in recently published research.

 -Source (Washington times)
 
VOGH Review About Indian Cyber Security:- 
Still countries like India where Govt is very careless about this burning issue. The rise of cyber crime is almost kissing the sky. And the status of Indian cyber security is in the disaster. The very out put is in front of us. Since the last week every day BD hackers penetrating Indian cyber fence very badly which is indeed causing lots of damage for the country not only reputation but also the country has caused lost of economical damage.If such things continues then in very coming future India have to face a massive disaster of National security including defense, army, secrete research areas and in many other sensitive sectors.

Related Posts Plugin for WordPress, Blogger...