Quantcast
Channel: E Hacking News - Latest Hacker News and IT Security News
Viewing all 6409 articles
Browse latest View live

DarkWebGoons leaks 20k Credentials from Association of Irish Festival Events

January 6, 2013, 6:02 am
$
0
0

20,000 Credentials has been compromised from the Association of Irish Festival Events website (aoifeonline.com) by a new hacker with twitter handle @DarkWebGoons.

The Association of Irish Festival Events(AOIFE) is an all-island voluntary network organisation that brings together organisers of festivals and events in Ireland, suppliers to the festival and event sector and policy-makers and funders

The hacker announced the breach in Twitter and posted a link to the leak of the compromised database. Hacker did not mention the reason for the attack 

http://www.darkwebgoons.net/data/associationirish.txt

The dump contains password hash, Corporate Company, Email & Password , mobile number, name and other details.
Search

Reflected XSS vulnerability affects Millions of sites hosted in HostMonster

January 6, 2013, 8:34 am
$
0
0
Recently, We reported about the Reflected Cross Site scripting vulnerability in the HostGator India hosting site that affects millions of hosted sites. Today, Another Indian Security Researcher , Ramneek Sidhu , come with another interesting find.

Ramneek Sidhu has discovered Reflected XSS Vulnerability in One of the Biggest WebHosting site "HostMonster" (hostmonster.com). Just like in the previous case, this Vulnerability affects all sites hosted in the HostMonster.



The vulnerability discovered in Subdomain of Hostmonster:
http://host104.hostmonster.com/"><SCRIPT>alert(document.cookie)</SCRIPT><SCRIPT>alert("Evolution of Revolution")</script><img src="http://i49.tinypic.com/1zq7cyp.jpg /" />
The vulnerability was reported to Aarshit Mittal by the Security Researcher.  Aarshit started to analyze the vulnerability and find few more interesting things. He discovered that each and every websites hosted in the Hostmonster vulnerable to Reflected XSS.

Find the list of sites hosted in Hostmonster.  You can do this by searching for "Ip:ip:74.220.207.104" in Bing.  This single IP search gives 36,000 results.  All of those sites are affected by this security flaw.  For instance, let us take "vividhbharti.com".

The POC for this site is:
http://vividhbharti.com/"><SCRIPT>alert(document.cookie)</SCRIPT><SCRIPT>alert("Evolution of Revolution")</script><img src="http://i49.tinypic.com/1zq7cyp.jpg /" />
At EHN, i have just Analyzed the affected sites to know what cause this security flaw. It seems like this flaw occured when the developer try to display the ads in the 404 not found page.


There is a javascript code that generate ads.  Interestingly, the code uses referrer . The referrer is the current address.  Unfortunately, the developers fails to sanitize the url. This results in Reflected XSS.

Islami Bank Bangladesh website hacked by Human Mind Cracker

January 6, 2013, 9:38 am
$
0
0
The Tunisian hacker 'Human Mind Cracker' who discover critical vulnerability in high profile website, come with another interesting vulnerability finding. He discovered SQL Injection Vulnerability in one of the Bangladesh Bank website , "Islami Bank Bangladesh Ltd"(islamibankbd.com).

In an email sent to EHN, the hacker provided the vulnerable link and a link to the dump(heypasteit.com/clip/0MWN).

"The vulnerability was SQL injection...I report it many times..but they didn't reply and they didn't fix it yet...So I get into their database." Hacker said in the mail.

The dump contains database details, encrypted password, email address, admin id and password.


He also discovered Cross Site scripting security flaw in Feedback sending page of Islami Bank.

This is not the first time the Bank sites are being targeted by Human Mind cracker.  Last time, he discovered SQLi in Tunisian Bank site. 

The hacker always like to be a Grey Hat hacker and like to help the admin of site by reporting the vulnerability. But the admin fails to respond and fails to patch the security flaw.

#opleak28 : 10 Government database hacked by xl3gi0n hackers

January 6, 2013, 5:08 pm
$
0
0

A hackers from the hacker collective named as xl3gi0n hackers claimed to have breached the database of 10 Government websites, as part of their ongoing operation called "#OpLeak".

They have leaked the database belong to Government websites of different countries in pastebin (pastebin.com/56FFtkcn)

"#opleak is AN operation created by xl3gi0n hackers IN which we leak more THAN 1000 database to show the world that they need more security" The hacker said.

The hacked sites are from Ukraine, Italy, Nigeria, china.  The leak contains username,  encrypted passwords,  mail address.  Few sites contain plain text passwords.

More than 600 Indian websites hacked by rEd X from 3xp1r3 Cyber Army

January 6, 2013, 7:11 pm
$
0
0
More than 630 Sites Defaced by rEd X from 3xp1r3 Cyber Army !
The websites, most likely hosted on a single server, were altered to host the hacktivists’ message.

The hacked sites appears to belong to various organizations, including colleges, small buisnesses.

At press time, many administrators appeared to be
working on restoring their websites, but most of the affected sites still displayed the hackers’ message.

Site List:
http://pastebin.com/JB9JD79z

Mirrors:
http://zone-h.org/archive/notifier=3xp1r3
http://zone-h.org/archive/published=0/notifier=3xp1r3
http://hack-db.com/hacker/rEd_X/all.html

Official Forum Post:
http://forum.3xp1r3.com/Thread-630-INDIAN-Sites-HACKED-D

#opleak29 : NASA database leaked by xl3gi0n hackers

January 7, 2013, 9:02 am
$
0
0

The xl3gi0n hackers has breached one of the NASA subdomain ( Lunar Science Forum 2010) and compromised the database server.  The hackers leaked the stolen data in pastebin.

The leak(pastebin.com/HdFLpEMH) contains the email addresses, plain-text passwords, name of the user.  The leak also contains admin details including username, encrypted password.

There are three admin username and password listed in the leak. Hackers managed to crack the two out of three passwords and published the plain-text format of the password.

"This is why i were arrested the first time. hope you come and arrest me again cuz there are some files that will be leaked " Hacker said in the leak.

The hackers breached the database server by exploiting SQL Injection vulnerability.  In an Email send to EHN, hacker provided the vulnerable link of the target website.  Hacker requested me not to publish the vulnerable link.

Nir Goldshlager found vulnerability in Facebook Employees Secure Files Transfer service

January 7, 2013, 9:51 am
$
0
0
A Web Application PenTester , Nir Goldshlager, has identified a Security flaw in the Facebook's Employee Secure File Transfer that allowed him to reset the password of accounts.

The Secure File Transfer service provider "Acellion" provide service to Facebook's Employee for transferring files.  The Acellion had removed the registration page to prevent unauthorized users from creating accounts.

However, the Researcher discovered that the registration page could still be accessed by someone who know exact direct location of registration form.

After he created the account, he started to analyze the service for a security flaw. He successfully managed to find a critical vulnerability. There is a html file "wmPassupdate.html" which is used for a Password Recovery in Accellion Secure Files Transfer.

Facebook Security Flaw

He identified that there is referrer parameter used in the cookie that encoded with base64. By changing the values of this parameter, he could change the password of any account.

Facebook and Accellion fixed the issue after being notified by the Researcher.  The also claimed to have reported 20+ different bugs in Accellion Secure File Transfer Service. They fixed all of those bugs.

The POC for the vulnerability:


NaziGods' new DDOS Tool takes down Website of Jefferson County Sheriff over 4 days

January 7, 2013, 4:54 pm
$
0
0

The dispute between hacktivists and Steubenville, Ohio, authorities is far from being over.  Recently, hacktivists published a video in which Anonymous trolls Jefferson County Sheriff Fred Abdalla.

Now , the hackers has launched an Distributed-denial-of-service(DDOS) attack against the Jefferson County Sheriff,Ohio website(jeffersoncountysheriff.com).

The DDOS attack was initiated four days back.  After few hours the attack started, the site became inaccessible.  The site is still down ,at the time of writing.



The Cyber attack comes after the Jefferson County Sheriff Fred Abdalla threatened to go after Anonymous hackers.

According to NaziGods, they are using a new private Tool for launching ddos attacks.
Search

Hacker defaces Iowa Senate GOP caucus website

January 7, 2013, 5:17 pm
$
0
0

An unknown hacker defaced the website(iowasenaterepublicans.com) used by the Iowa Senate Republican Caucus on Monday.  The Senate GOP website normally contains press releases and information about the 24 Iowa Republican senators.

The Hacker replaced the normal page with a picture of a young woman in a white lab coat and words "Ayumi... there is only one reason for loving you..."

Spokeswoman Kirsten Anderson said the caucus staff had no idea who attacked the website or why. She said the website is hosted by a West Des Moines-based contractor outside of state government.

At the time of writing, the website has been restored and working normally.

Mass defacement: 100 websites hacked by UGBrazil

January 7, 2013, 5:18 pm

Password Reset Vulnerability in Facebook allowed hackers to hijack accounts

January 8, 2013, 6:46 am
$
0
0

An Independent Security Researcher, Sow Ching Shiong, has discovered a serious Password reset vulnerability in Facebook that allowed hackers to change the passwords of facebook accounts.

Normally, User is required to enter his current password before they can set the new one to prevent an unauthorized person from changing the password without the user's knowledge.


However, the Researcher identified that a hacker could change user's password without known the user's current password by accessing the url "https://www.facebook.com/hacked", which automatically redirected to the compromised account recovery page.


In this page,  an attacker was simply prompted to enter the new password and confirm it, without having to know any other information.

Facebook Security Team fixed the vulnerability after being notified by the Security researcher and Sow Ching Shiong has been added to Facebook's white hats list ( https://www.facebook.com/whitehat )

"Baby please check my facebook profile" Spam mail leads to Trojan infection

January 8, 2013, 7:48 am
$
0
0

A new spam campaign with the subject "I miss you , Check my new video please" targeting social media users, Report from HotForSecurity says.

"Hi baby please check my facebook profile, i send you friend request please add me from friends.  I miss you , check my video please [LINK]" The spam mail reads.

When a user click the bogus facebook link provided in the mail, he will be redirected to a malicious page where a java code is automatically downloaded and installs Trojan.

According to BitDefender researchers, the malicious application has been written in java script language that can compromise user's personal information.

VandaTheGod hacks several Government websites

January 8, 2013, 8:19 am
$
0
0

A Hacker named VandaTheGod from UGNazi hacker group, has breached several Government websites and other websites.

Recently, he hacked Ecuador government website "Technical Secretariat for Vocational Training (setec.gob.ec), Argentina govt site "Ministry of Education of the Province of Corrientes (mecc.gov.ar)", official site of Escalante City ,Philippines(escalantecity.gov.ph).

The hacked sites simply displays a text "Deface By @VandatheGod or @CosmoTheGod" with a email address of the hacker.

The hacker keep defacing more websites every minutes. He also hacked subdomain of "The International Bank for Trade and Finance(mail.ibtf.com.sy).  

Yahoo mail accounts hacked by Dom-Based XSS vulnerability

January 8, 2013, 10:31 am
$
0
0

Several Yahoo users complained that their accounts have been hacked. It appears that the Yahoo email accounts are being hacked after victim click a malicious link included.

The attack was started after one hacker or Security Researcher "Shahin Ramezany" uploaded a video in Youtube that demonstrates how to hack a Yahoo account by leveraging a DOM based XSS Vulnerability. The attack works in all major browsers.

"not so new Yahoo! again put ~400 million user in risk here is demo: http://www.youtube.com/watch?v=GJsMRDyC9eY … full detail PoC will be available after patch. #RT"

In the Demo video, the hacker included a link to external html file hosted in his website and send to his victim.  He opened the malicious link from the victim account.

When the victim opens the malicious link, the cookie logs of the victim are being stored in hacker website.  Hacker managed to use those cookies to log in into the victims account.

A Voice actress and singer Cristina Vee, was affected by this hack and posted in a twitter account:

"Friends and colleagues, don't click the link that was sent to you from my Yahoo email account, I was hacked :/ Apologies! "

According to The Next Web report, Yahoo has plugged the security hole in question.

At the time of writing, we are not able to confirm whether the attack was launched by the Shahin Ramezany or not.   

*Update*:
Thought the Next Web report says the yahoo fixed the vulnerability, offensive-security Team claims that the vulnerability is still there.

"With little modification to the original proof of concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim’s account." Offensive-security post reads. The POC code will be released once Yahoo patched the vulnerability.

The video Demo posted in Offensive-security:

More than 1400 Indian sites hacked by Bangladesh Grey hat hackers

January 8, 2013, 5:31 pm
$
0
0

The Bangladesh hackers from hacker collective known as "Bangladesh Grey Hat hackers(BGHH)", claim to have hacked and defaced more than 1400 Indian website in Memory of 15-Year-Old Girl .

"Today is the first anniversary of the Death of "felani"..
Felani is poor girl from Bangladesh who is brutally kiled by Indian border guards [bsf].." hacker said in an email sent to EHN, .

"On this occasion, we strongly condemn the activity of bsf on our border.They are daily killing our people brutally."

The hacked sites includes The Institute for Development and Communication (IDC) , Tutors Educationa's official website, Software Technology Network, Indian Meridian Security Force, Architect Kerala and more sites.

The mirror of hacked sites can be found here:
http://www.zone-h.org/archive/notifier=BD%20GREY%20HAT%20HACKERS

Search

Syrian Electronic Army hacked Saudi Arabian Ministry of Defense and other government sites

January 9, 2013, 8:03 am
$
0
0

Hacker break into Administration Panel of Ministry of Defense Saudi Arabia

The hacker collective Syrian Electronic Army is back with another huge Cyber attack. They have breached all the websites that belong to Ministry of Defense of Saudi Arabian and other government websites.

According to the hacker official page, they have hacked The Saudi Ministry of Defense(moda.gov.sa), Saudi Arabia Defense Industries (mic.gov.sa), Admission gate of the Armed Forces (afca.gov.sa).

Other hacked sites includes a Saudi government site(csc.edu.sa), General Directorate of Military Works(gdmw.gov.sa),  General Directorate of Military Survey (gdms.gov.sa).

Few more hacked sites : a Saudi government site(psmpq.org.sa), safous.gov.sa, Royal Saudi Land Forces(rslf.gov.sa) ,Royal Saudi Navy Foces(rsnf.gov.sa) , General Organization for Military Industries(mic.org.sa).

At the time of writing , most of the affected websites appeared to have been taken offline.  You can check the mirror of defacement here:
 http://www.zone-h.org/mirror/id/18910865

RedHack leaked documents from Turkish Council of Higher Education

January 9, 2013, 8:47 am
$
0
0

The popular Turkish hacktivist , RedHack, has hacked into “online data sharing portal” of Turkey’s Higher Education Council(yok.gov.tr) against corruption.  They have leaked compromised documents in pastehtml(pastehtml.com/view/cohg3nf3r.rtxt)

The hackers also defaced the websites the website ebys.yok.gov.tr with a photo of 8 mine workers who lost their lives in a mine accident and journalist Metin Göktepe whose 17th death anniversary due to police detention brutality coincided .

At the time of writing, The site is appeared to have been taken offline.  The mirror of the defacement can be found here: http://www.zone-h.org/mirror/id/18906528

The hack was announced on Twitter via RedHack official account:

Most corrupt institute of Turkey HACKED&Leaked- Council of Higher Education Mirror: http://www.zone-h.org/mirror/id/18906528 … @AnonIRC @AnonymousIRC @EHackerNews

There are 14 documents listed in the paste.  Hackers leaked documents belong to Giresun University(giresun.edu.tr), Adnan Menderes University(adu.edu.tr), Gazi University(gazi.edu.tr), Hacettepe University(hacettepe.edu.tr), İstanbul University(istanbul.edu.tr), Fırat Üniversitesi(firat.edu.tr).

Other documents belong to Kastamonu Üniversitesi(kastamonu.edu.tr), Uludağ University (uludag.edu.tr), Marmara University(marmara.edu.tr), Çukurova University(cu.edu.tr).

Around 3000 Indian sites hacked by Bangladesh Cyber Army in Memory of 15-Year-Old Girl

January 9, 2013, 9:21 am
$
0
0

Earlier Today, we reported that more than 1000 Indian sites hacked by Bangladesh Grey hat hackers.  The Bangladesh Cyber Army claims to have defaced around 3,000 Indian websites as a form of protest against the country’s Border Security Force (BSF).

"After exactly one year, Bangladesh Cyber Army is back once again with their attacks on Indian Cyber Space." The hacker said in an email sent to EHN.

"This attacks was inflicting owing to the reason of 7th January, being the day, when a 13 year old Bangladeshi girl was brutally murdered by BSF just 2 years back."

The full list of hacked sites can be found here : http://pastebin.com/EX47khec

" The website of Paisacontrol which is a supporting website of Indian Stock Exchange has also gone down! Bigger attacks will be coming! " The hackers give a warning.

The hackers uploaded a video on youtube with the title"2nd Bangladesh vs India War"





MasterCard WorldWide Insights Blog hacked by Syrian Electronic Army

January 9, 2013, 5:22 pm
$
0
0
Earlier Today, we reported that the Syrian Electronic Army has hacked Saudi Arabian Ministry of Defense and other Government websites. Now , we have come to know that the MasterCard blog got hacked by the same hacker group.

The hack was initially identified by Eduard Kovacs from Softpedia. The hackers appear to have breached the Payments Perspective Blog from MasterCard’s Insights site(insights.mastercard.com).
 
They have added a post with title  “Hacked By Syrian Electronic Army.” The post has been removed ,at the time of writing. But you can see the post made by the hackers in Google cache: "http://webcache.googleusercontent.com/search?q=cache:https://insights.mastercard.com/2013/01/05/hacked-by-syrian-electronic-army-3/"


The google Evidence shows that the cache recorded on Jan 6 and post has been added on 5th Jan.

It appears that the Site uses the outdated Worpress version. If you check the source code of the blog, you can identify the blog uses the old version 3.3.2 of Wordpress.

Sony France site vulnerable to SQL Injection Vulnerability

January 9, 2013, 6:01 pm
$
0
0
Sony France website(sony.fr) found to be vulnerable to SQL Injection vulnerability that allows hackers to compromise the data. The vulnerability was identified by a hacker from xl3gi0n hackers group.

Sony Corporation commonly referred to as Sony, is a Japanese multinational conglomerate corporation headquartered in Kōnan Minato, Tokyo, Japan. Its diversified business is primarily focused on the electronics, game, entertainment and financial services sectors.


The vulnerability has been discovered in the Sony Computer Science Laboratory (csl.sony.fr). The Vulnerable link provided by the hackers:
www.csl.sony.fr/~pachet/markov_applet_style/get_lyrics.php?auth=10,000 Maniacs&id=1
Hacker claims that he reported about the vulnerability to sony and get rewarded for his finding.

At the time of writing, I am not able to reach the csl.sony.fr.  It appears that the admin has taken the website offline.
Viewing all 6409 articles
Browse latest View live
Search