Security Geeks: October 2012

Monday, 29 October 2012

Anonymous Takes Aim at Zynga for “Outrageous Treatment of Employees”

Anonymous hackers have initiated an operation called “maZynga.” The campaign was launched shortly after the company revealed its plans to lay off around 5% of its workforce.

The hacktivists published a video statement to announce the start of the operation, but the clip was removed from YouTube. However, a transcript of the statement posted on AnonNews reveals their plans.

Anonymous hacktivists have leaked confidential documents and user credentials which they allegedly stole from the systems of Greece’s Ministry of Finance. The breach comes at a time when the Greek government is trying to adopt a new austerity package.

“The Greek government is prepared to testify to a vote in the Greek Parliament the new package of economic austerity measures of 13.5 billion euros which are expected to prolong the recession in Greece,” the hackers wrote in a statement.

The latest target of the hacker collective known as NullCrew is the website of world-renowned car manufacturer Ford.

The hackers claim to have leveraged an SQL Injection vulnerability in order to gain access to the databases behind the social.ford.com subdomain. As a result of the breach, database and table names, customer usernames – represented by email addresses – and encrypted passwords have been leaked.

Gadgets add complexity to brutal bank layoffs

In the high-tech, gadget-addicted world of investment banking, layoffs are becoming more complex and brutal as firms try to stop sensitive data leaving with employees.
Sackings are usually swift, with bankers escorted out, a few belongings thrown into boxes and Blackberries and phones disabled the minute they get their marching orders.
But weeks of trawling through old emails and planning software lockdowns now precede and follow the job cuts that are happening in thousands, adding a new layer of indignity to the process.

A number of Israel's government offices have fallen victim to a cyber attack over the past week, one apparently aimed at slipping a "Trojan horse" into the computer servers at these ministries.

Israeli police immediately pulled the national computer network from the civilian Internet after this cyber threat . A Trojan horse has been sent as files attached to emails bearing the name of the IDF Chief of Staff Benny Gantz in the subject line.

DOS Vulnerability Found in Wireless Chips Used by Apple, HTC, Samsung, Ford, Others

Researchers Andres Blanco and Matias Eissler from Core Security’s Core Impact team have uncovered a remotely exploitable vulnerability in Broadcom BCM4325 and BCM4329 wireless chipsets that could be leveraged by cybercriminals to launch a denial-of-service (DOS) attack.

According to advisories published by the United States Computer Emergency Readiness Team and Core Security, the vulnerability is caused by an out-of-bounds read error condition that exists in the chips’ firmware.

Medical Devices Vulnerable to Hacking

A heart defibrillator remotely controlled by a villainous hacker to trigger a fatal heart attack? Yes now its possible, The Government Accountability Office has released a report warning that medical devices are vulnerable to hacking and calling for greater FDA oversight of such devices.

The investigation into electronic medical-device safety was initiated after computer-security researchers found dangerous vulnerabilities in insulin pumps. The FDA in 2009 issued guidance urging hospitals and medical device manufacturers to work together to eliminate security risks. But in September, the Government Accountability Office issued a report warning that implantable medical devices could be vulnerable to hacking, posing a safety threat, and asked the FDA to address the issue.

Anonymous Hacker claims to have 20,000 debit card details from HSBC Cyberattack

One of Anonymous hacker groups "FawkesSecurity" who claim responsibility for a DDOS cyber attack on HSBC Bank says that they also manage to get 20,000 debit card details.

When HSBC said, "This denial-of-service attack did not affect any customer data, but did prevent customers using HSBC online services, including Internet banking.", Anonymous tweeted on Friday. “We also managed to log 20,000 debit card details.”

According to the Center for Copyright Information, the controversial "Copyright Alert System" will hit the U.S. within weeks. A blog post by Jill Lesser, executive director of the Center for Copyright Information, revealed the long-awaited Copyright Alert System (CAS) will begin "in the coming weeks" and provided some details about the partnership with ISPs to deter subscribers from infringement over peer-to-peer networks.

Microsoft Profit Slips to $16 Billion (€12.2 Billion) as Everyone Waits for Windows 8

Microsoft’s profit for the first quarter of fiscal year 2013 dropped to $16 billion (€12.2 billion), while sales of the Windows division went down significantly ahead of the new Windows 8 debut.

Everybody is waiting to see the new Windows 8 at work, said company CEO Steve Ballmer, so sales and revenues are very likely to increase after the launch of the new operating system.

Apple Inc is removing old versions of Oracle Corp's Java software from Internet browsers on the computers of its customers when they install the latest update to its Mac operating system.
Apple, which has previously included Java with installations of Mac OS X, announced the move on its support site. It said that customers need to obtain Java directly from Oracle if they want to access web

Google Ireland and Yahoo Domains Hijacked

Irish websites Google.ie and Yahoo.ie went offline on Tuesday afternoon after their DNS servers were apparently hijacked to point to those of a third party, resulting in visitors being redirected to an 'allegedly fraudulent' address - farahatz.net. That site has now been taken offline, but it is not known whether the site could have been created with malicious intent.

A short note on the homepage of the IE Domain Registry said the move followed a "security incident on Tuesday 9th October, involving two high profile .ie domains that has warranted further investigation and some precautionary actions on the part of the IEDR." The IE Domain Registry have requested assistance from the Garda Bureau of Fraud Investigation.

ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities. They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product.

The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants.

Windows 8 Security flaw : Logon Passwords Stores in Plain Text

Windows 8 is the first operating system from Microsoft to support alternative non-biometric authentication mechanisms such as Picture Password and PIN. A vulnerability discovered by a password security vendor - "Passcape" in Microsoft’s Windows 8 operating system that it saves a log on password in plain text and allows any user with admin rights to see the password details.

Flash Websites Won’t Load in IE 10 Unless Microsoft Approves Them

Internet Explorer 10, the version that’s currently available to Windows 8 users only, won’t load Flash websites unless Microsoft places them on its very own whitelist.

Windows 8 comes with two different versions of Internet Explorer: one that loads in the Metro environment and runs full screen and another one accessible from the desktop that works in a similar fashion to the previous releases of the browser.

Satellite imagery tools have been around for a while (especially Google’s) and state authorities from all over the world closely worked with parent companies to censor specific images that aren’t supposed to be seen by everyone.

Bing’s satellite map service however apparently revealed what seems to be CIA’s secret Bin Laden training facility. In plain English, this is the place where the SEAL Team Six trained before eventually going after Osama Bin Laden.

The Atlantic Wire writes that Bing published an aerial photo of the Harvey Point Defense Testing in North Carolina that perfectly copies Osama bin Laden’s hiding spot.

Hacker group RedHack faces up to 24 years in prison for terrorist crimes

As part of an investigation launched by Başsavcıvekilliği in Ankara on March 20 arrested seven people, including college students. 13 of the indictment prepared by the prosecutor's office in Ankara Was adopted by the High Criminal Court.

Court has accepted an indictment against RedHack, a Turkish hacker group, seeking prison sentences of 8.5 to 24 years for its members as “members of a terrorist group.”

In an attempt to block pirated versions of its software from reaching the web, Microsoft requested the search engine giant Google to block access to links coming from CNN, The Huffington Post, Wikipedia and even the US government.

The latest Digital Millennium Copyright Act (DMCA) comes with what appears to be an unfortunate mistake, as some of the copyright infringement claims mentioned by Microsoft are aimed at legitimate websites.

TinKode Gets 2-Year Suspended Jail Term, Ordered to Pay $120,000 (€93,000)

The famous hacker known as TinKode has been given a two-year suspended prison sentence. The Romanian court that handled the case also ordered him to pay around $120,000 (93,000 EUR) representing the total losses caused to the organizations he breached.

According to court documents, Cernaianu Manole Razvan received three 2-year sentences and three 1-year sentences. However, the sentences have been merged into one 2-year punishment.

U.S. bank website hackers used advanced botnets, diverse tools

The hackers behind the cyber attacks on major U.S. banks have repeatedly disrupted online banking by using sophisticated and diverse tools that point to a carefully coordinated campaign, according to security researchers.
The hackers, believed to be activists in the Middle East, were highly knowledgeable about the defensive equipment used by the banks and likely spent months on reconnaissance, said several researchers interviewed by Reuters, who viewed the assaults as among the strongest and most complex the world has seen to date.

“Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.” From last 3 months Google users were surprised to see this unusual notification at the top of their Gmail inbox, Google home page or Chrome browser. These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.

Iran the world's no. 5 oil exporter, has tightened cyber security since its uranium enrichment centrifuges were hit in 2010 by the Stuxnet computer worm, which Tehran believes was planted by arch-adversaries Israel or the United States. Last week, the Islamic republic cut citizens' access to Gmail and the secure version of Google Search. Gmail has since been restored.

Microsoft Confirms Windows 9, Work Already in Progress

Microsoft will launch the new Windows 8 this month, but the company has already started work on the next Windows iteration, apparently codenamed Windows 9.

Of course, no information is yet available, but James Akrigg, Microsoft's head of technology for partners, confirmed at Misco Expo 12 in the United Kingdom that Windows 9 is the next major project to be released by his company.

If your Android phone goes missing Kaspersky’s mobile security app may help you not only locate your missing smartphone, but also send you pictures of the phone’s current surroundings.
Through a new web-based control center for the app users can activate a ‘Mugshot’ feature that accesses a lost or stolen phone’s forward-facing camera and captures photos of whatever or whomever might be in front of the lens.

Chinese Computer Hackers Break Into White House Military Network

Hackers linked to China's government broke into one of the U.S. government's most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.
One official said the cyber breach was one of Beijing's most brazen cyber attack against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks.

A ban on the use of pen drives has not been able to safeguard cyber security as it has now been labeled as a major threat in defence forces, the Army officials said. The use of pen drives as an easy-to-carry storage device has increased in the recent past and internal reports have confirmed that over 70 percent cyber security breaches in the armed forces are due to their unauthorised use

Beacon : A new advance payload for Cobalt Strike

Raphael Mudge (Creator of Cobalt Strike) announced Another Advance Payload for Cobalt Strike called "Beacon". In a conversation with The Hacker News Raphael said "A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem."

Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit.

Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the communications between the penetration tester and the target network.

Beacon is a critical tool for penetration testers who must mimic the threats their clients face today.

Pages

Monday, 29 October 2012

Saturday, 27 October 2012

Friday, 26 October 2012

Wednesday, 24 October 2012

Sunday, 21 October 2012

Friday, 19 October 2012

Friday, 12 October 2012

Thursday, 11 October 2012

Monday, 8 October 2012

Friday, 5 October 2012

Thursday, 4 October 2012

Tuesday, 2 October 2012

Monday, 1 October 2012

Search The Blog

Follow Us

Search The Blog

Become a Fan Today!

Popular Posts

Site Links

Followers

Blog Archive

Follow Me on Facebook.com