Security Geeks: August 2012

Friday, 31 August 2012

Oracle Fixes Java Zero-Day Flaw, Users Advised to Download Patch

Although few people expected it (many hoped), Oracle has released an out-of-band patch to address the zero-day flaw that affects Java Runtime Environment (JRE) 7. Since attacks that rely on this vulnerability have already been spotted, the company advises users to immediately apply the patch.

The patch addresses a number of three different, but related, bugs that don’t affect standalone desktop applications or servers. However, they affect Java running on desktop web browsers.

PhonepayPlus, the organization that regulates all premium rate phone services in the UK, has ordered a Russian company – Connect Ltd – to pay a fine and refund users after researchers highlighted the fact that an application it owned was attempting to trick Android users into signing up to expensive mobile services.

Another mysterious virus hits the Middle East. This time, the victim is RasGas – a Qatar-based company that’s considered to be the second largest liquefied natural gas (LNG) producer in the world, after Qatargas.

According to Arabian Oil and Gas, the virus disrupted the company’s offices, forcing them to shut down their systems, including the public-facing website rasgas.com.

Part of a Hertfordshire Police web site has been hacked, with the attacker uploading his stupid treasure trove of IP addresses and phone numbers of officers online.
Hertfordshire Police says the stolen data was hosted externally on a database associated with some sort of Neighbourhood Watch scheme, so the hacker wasn’t exactly setting his sights particularly

RedHack Lashes Out at Anonymous Turkey (AnonsTurkey)

The members of the now-infamous RedHack collective are displeased with the fact that Anonymous Turkey (AnonsTurkey) is relying on the Anonymous name “for their personal interests.”

The hacktivists released a statement to ensure that everyone understands that they’re not against Anonymous, but they’re against the teenagers who run AnonsTurkey.

“Relationship between Redhack and Anonymous goes back to the time of 4chan in 2005. We continue to be in solidarity with active and true hackers within Anonymous and offer our help within our capabilities when it is required,” members of RedHack said.

Cyber attack takes Qatar's RasGas offline

RasGas, the second largest producer of Qatari LNG after Qatar Petroleum, has been hit with an "unknown virus" which has taken the company offline.

A RasGas spokesperson confirmed that “an unknown virus has affected its office systems" since Monday 27 August.

RasGas confirmed the situation by fax yesterday. “RasGas is presently experiencing technical issues with its office computer systems,” said the RasGas fax seen by Oil & Gas Middle East, dated 28 August. “We will inform you when our system is back up and running.”

US Air Force is spending $10 million For Hacking

The US Air Force is spending $10 million on an effort to hack into opponents’ computer networks to “destroy, deny, degrade, disrupt, deceive, corrupt or usurp” their ability to use the Internet to their advantage.

The ability to hack into networks is part of a list of the military’s “Cyberspace Warfare Operations Capabilities” that it wishes to acquire, reports Wired.

Instead of giving the ability to conduct cyber strikes solely to the White House, the Air Force wants its Trojans and worms to be available to its own officials, including top personnel and operational commanders.

50 EU Government sites Hacked & Defaced By Robot Pirates

Paksitani hacker name Cfr and Dr Ninja From Robot Pirates hacked 50 government sites. EU Governement servers are consider as one of most secure servers in world and it is defiantly not easy to break security of server like these. This also raise lot of question for security experts that how much more security is need in cyber space.

Times reporter arrested over police blogger hacking

Times reporter arrested over police blogger hacking
Senior executives at The Times newspaper could be questioned by police investigating allegations of computer hacking after a former reporter was arrested on suspicion of conspiracy to pervert the course of justice.

Patrick Foster, 28, a former media reporter at Rupert Murdoch’s paper, was arrested at his North London home this morning for allegedly hacking into the email account of an anonymous police blogger named Nightjack in 2009.

Around one and a half years ago, malicious emails claiming to originate from Intuit attempted to convince recipients that they need to install a piece of software in order to access their QuickBooks accounts, giving them a three-day deadline to comply.

It seems that this spam campaign has been reinitialized in an attempt to steal sensitive information from Intuit customers. Here’s what these emails look like:

Last week we reported about the existence of a Facebook scam that was trying to trick users into visiting various websites by promising them $500 gift vouchers from Woolworths. Now, the Australian supermarket chain’s reputation is once again used in a malicious campaign.

After further analyzing the traces of the mysterious Wiper malware, researchers are still unable to precisely determine how it works. They also haven’t been able to find a clear link between it and Duqu, Stuxnet or Flame.
Back in April, the Iranian Oil Ministry reported sightings of a destructive piece of malware that attempted to extract information and then wipe it from the infected devices, hence the name Wiper.

Latest Java software opens PCs to hackers: Experts

Computer security firms are urging PC users to disable Java software in their browsers, saying the widely installed, free software from Oracle Corp opens machines to hacker attacks and there is no way to defend against them.

A hacking group has released one million records and accounts from banks, government agencies and other sources.
The group, calling itself Team GhostShell posted compromised databases from a Chinese mainframe, a US stock exchange mainframe and access points to three or four Department of Homeland Security servers among other sources.

Saudi Aramco, the national oil company of Saudi Arabia and the biggest oil company in the world, has issued a statement announcing that it has restored all its main internal network services that were impacted in a recent cyber attack which affected about 30,000 workstations - a number that corresponds with that shared by the Cutting Sword of Justice, the hacker group that took credit for the breach.

Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to U.S. authorities in Phoenix six days after a federal grand jury in Los Angeles returned an indictment charging him with conspiracy and unauthorized impairment of a protected computer.
If convicted, Rivera faces up to 15 years in prison.

Analysis Saudi Aramco said that it had put its network back online on Saturday, 10 days after a malware attack floored 30,000 workstations at the oil giant.
In a statement, Saudi Arabia's national oil firm said that it had "restored all its main internal network services" hit by a malware outbreak that struck on 15 August. The firm said its core business of oil production and exploration was not affected by the attack, which resulted in a decision to suspend Saudi Aramco's website for a period of a few days, presumably as a precaution. Corporate remote access services were also suspended as a result of the attack.
Oil and production systems were run off "isolated network systems unaffected by the attack, which the firm has pledged to investigate. In the meantime, Saudi Aramco promised to improve the security of its network to guard against fresh assaults.

The University of Cambridge has launched an investigation after a group claimed to have hacked into its software systems.
The group named NullCrew said it had targeted several university departments and broken into databases.
The network is linked to the computer hacking network Anonymous and supports the WikiLeaks founder Julian Assange.

Official forum of HostDime has been Hacked by 1337. The Pakistani Hacker posted a message about there security on there forum by posting a thread. The hacker had told that the site was not able to be defaced due to the .htaccess file which was added in the admincp file. The .htaccess file had spasific I.P

Oil giant Saudi Aramco workstations hit by malware Restored

Oil giant Saudi Aramco back online after workstations hit by malware.

Aramco, Saudi Arabia’s national oil company, said on Sunday that the company was back in operation ten days after a massive malware outbreak hobbled 30,000 workstations at the company.

In a statement on the company’s Facebook page (content alert: Facebook page contains images of extremely phallic architecture), Aramco said that it had “restored all its main internal network services” that were affected by a malware outbreak on August 15.

Hackers Can Read Your Thoughts Inside Your Mind

Hackers Can Read Your Thoughts. It’s like phishing, only it happens inside of your skull.

It’s hard to imagine something more futuristic than a helmet that lets you control machines with your mind. As if out of an X-Men comic, this technology became a reality about five years ago when not one but two devices, the NeuroSky MindWave and the Emotiv EPOC, that used brainwaves as an input hit the market. At first, the headsets were more or less novelties, a fun new way to play video games, but as the technology improved, all kinds of industries — from medicine to education, security to government — are looking for ways to take advantage of brain-controlled interfaces. We may never have to push a button again.

Team GhostShell leak One Million Records

TeamGhostShell a team linked with the Activist group Anonymous, is claiming that they have hacked some major U.S. institutions including major banking institutions, accounts of politicians and has posted those details online.

FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.Researcher. Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China.

Yesterday someone anonymously posted on Slashdot that The Pirate Bay had launched a free VPN service called PrivitizeVPN (http://freevpn.thepiratebay.se/). But Just today team at torrentfreak confirms on behalf of team The Pirate Bay that its not a Pirate Bay project.

Cross Platform Trojan steals Linux and Mac OS X passwords

Russian anti-virus company Doctor Web reported about the first cross-platform backdoor to run under Linux and Mac OS X identified as "BackDoor.Wirenet.1". This malicious program designed to steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin.

BackDoor.Wirenet.1 is the first-ever Trojan that can simultaneously work on these operating systems. BackDoor.Wirenet.1 is still under investigation.

Redmond based software giant Microsoft has released the Windows 8 Enterprise Evaluation version yet again making it available free for 90 days. Before this Evolution version we have tested three different flavors of Microsoft's upcoming and long awaited operating system Windows 8, and they are Windows 8 Consumer Preview, Windows 8 Developer Preview & Windows 8 Release Preview

Hackers Deface website of former British cabinet minister

Hackers claiming allegiance to the Anonymous movement of cyber-rebels have defaced the website of a former British cabinet minister in solidarity with WikiLeaks founder Julian Assange. "If the reason ... is revenge for Assange's treatment, it's weird to attack me," Hain said in comments carried by the BBC. "They have not done their research because I have supported Assange and opposed his extradition."

400+ Sites Hacked And Defaced By An0nym0uz17 Indonesian Hcker

Indonesian hacker Name as An0nym0uz17 Hacked And Defaced 400+ Sites. It is kind of huge hack. Server owned by hackers was really secure. This hack also point of lot of question for security experts. These kind of attacks are clearly showing how much awareness about security is need in cyber world.

357 arrested in massive cybercrime sting in Philippines

MANILA, Philippines—More than 300 foreigners, suspected members of a cybercrime and human trafficking syndicate, were arrested in simultaneous raids in Quezon City, Marikina City, and
Cainta and Antipolo City in Rizal province on Thursday.

The Criminal Investigation and Detection Group (CIDG) said among those arrested were the two suspected financiers of a group involved in credit card fraud and human smuggling in Taiwan and China.

US general: We hacked the enemy in Afghanistan

The U.S. military has been launching cyber attacks against its opponents in Afghanistan, a senior officer said last week, making an unusually explicit acknowledgment of the oft-hidden world of electronic warfare.

NSA top spy going to Defcon 2012NSA top spy going to Defcon 2012

General Keith Alexander, director of the National Security Agency (NSA), will speak at the Defcon conference, the Pentagon affirmed.
General Keith B. Alexander is also the current Commander, United States Cyber Command.
Defcon for those of you who don’t know is a community of “hackers.”

Let’s forget the political mumbo jumbo and posturing going on between countries about the release of Julian Assange. It is time to approach this in a “Sho-Gun” switch-a-roo style and get this over with.

If not, we are going to be reading endless editorials and opinions about who is doing what, and what is doing who. Ugggh.

Becoming Hackers Aren’t Tougher, You Just Have All The Right Tool

These days, hacking seems so common. It’s like a week won’t pass without hearing news about another site being hacked or passwords being leaked. So the situation begs the
questions, “Are passwords getting weaker or are hackers getting tougher?”

Microsoft Changed there Logo after 25 Years

In advance of one of the most significant waves of product launches in Microsoft’s history, today we are unveiling a new logo for the company.

It’s been 25 years since we’ve updated the Microsoft logo and now is the perfect time for a change. This is an incredibly exciting year for Microsoft as we prepare to release new versions of nearly all of our products. From Windows 8 to Windows Phone 8

Pages

Friday, 31 August 2012

Thursday, 30 August 2012

Wednesday, 29 August 2012

Tuesday, 28 August 2012

Monday, 27 August 2012

Sunday, 26 August 2012

Saturday, 25 August 2012

Thursday, 23 August 2012

Search The Blog

Follow Us

Search The Blog

Become a Fan Today!

Popular Posts

Site Links

Followers

Blog Archive

Follow Me on Facebook.com