Tuesday, August 21, 2012

Julian Assange - The most Fuckable Man on the Planet

Julian Assange made a speech today from the balcony of the Ecuadorian Embassy in London and I felt a primal urge brought on by the fact that this man, in all his manly glory, has stuck his proverbial neck out for the essence of life. Truth and Justice. He is a handsome and articulate man, fighting for the basic rights of every human being on the planet. What could be more sexy? Putting aside husbands, lovers, friends, and professional media, he can Wik my Leaks anytime he wants.

Julian started by reminding us that he is there because he can’t be elsewhere. He blended his thanks for Ecuador’s stand for justice with the announcement of an emergency meeting of Latin American countries next Friday specifically to address his situation and to defend the right of asylum.

He made a straight forward statement that the United States must return to the values it was founded on and “Obama must do the right thing.” Bradley Manning must be released and “he is a hero and example to all of us…..” He gave us a grim reminder that Bradley Manning has been held for 815 days and by law you can only be held 120 days without a trial.

Julian ended his short speech with the statement, “There is unity in oppression. There must be unity in response.”
Julian+Assange+-+The+most+Fuckable+Man+on+the+PlanetThat said, we need a “pussy riot” of the colossal type. It is time for all you Princesses and Queens of revolution to step up and take the reigns and show Obama and David Cameron that women live true to the old adage, “hell has no fury like a woman scorned.” And, scorned we have been. The entire planet has been scorned and it is time to show more fury than has ever been displayed that we, want and deserve, the truth.
Women, with all their motherly graces can and should do what we do best. Raise up our voices, heat up the keyboards, and let the world know we have had enough and we are taking control. Let Julian Assange go to Ecuador peacefully and rightfully. Leave him alone to live his life and continue to protect us through the simple act of providing the truth.

Man or woman, you can’t really live without the truth. Your government is obligated to inform you and support you in a healthy and violence free life. We have had enough of secrets, lies and false flags. We have had enough of war and economic strife. It is time ladies (and gentlemen) to take back our Mother Earth.

Here are the emails to Obama, Cameron and the President of Ecuador. Write them now, and tell them Ann Smith sent you. I’ll write too, after my cold shower.
The goal is justice, the method is transparency. It's important not to confuse the goal and the method.
Written By : Ann Smith (Executive Editor) is the irreverent Executive Editor of The Hacker News, you can reach her at: http://www.facebook.com/ann.smith.92102

AMD Blog Hacked, Database leaked on Internet

A team of Hackers called, "r00tBeer Security Team" today hack into official blog of Advanced Micro Devices (AMD) which is a American multinational semiconductor company. AMD is the second-largest global supplier of microprocessors based on the x86 architecture and also one of the largest suppliers of graphics processing units.

Hacker deface the blog page (http://blogs.amd.com/wp-content/r00tbeer.html) and also leak the complete user database of blog on his twitter account. Leaked database SQL file uploaded on Mediafire by Hackers which include 200 AMD user's Emails, Wordpress Blog Usernames and Passwords.

During the time of writing, I think AMD is not aware about that they are the Victim of a Hack attack. We are tweeting to the AMD team for informing them. Screenshot of Hack as shown below:

Now only AMD, these hackers also hack another High Profile website called "TBN - The Botting Network", A Popular forum to learn How to make Money with 96000 members was got hacked and Complete database was also leaked via Hackers Twitter Account.

Serious Security Flaw : iPhone Bug Allows SMS Spoofing

 A rather serious security flaw in the iPhone’s SMS messaging system has been discovered and revealed by well-known security researcher and jailbreak extraordinaire ‘pod2g’. Security flaw affecting all iPhones that he says could facilitate hackers or thieves to access your personal information.

The researcher claims that the flaw has actually been present in Apple’s iPhone software ever since the first iPhone was launched in 2007, but has failed to have been picked up on by anybody, including Apple it seems.

Researcher revealed an SMS spoofing flaw that affects every version of Apple’s mobile OS. Using the flaw, hackers could spoof their identities via text and send messages asking for private information (by pretending to be from a users’ bank, for example), or direct users to phishing sites.

Users would be under the impression they were replying to the sender displayed on the screen of their iPhone, when in fact the text would be routed through to a different number without their knowledge.

pod2g highlights several ways in which malicious parties could take advantage of this flaw, including phishing attempts linking users to sites collecting personal information or spoofing messages for the purposes of creating false evidence or gaining a recipient's trust to enable further nefarious action.

…In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.

In many cases the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the phishing example shows how malicious parties could cast broad nets hoping to snare users by pretending to be a common bank or other institution.

In the meantime be prepared to update your iOS version as new options become available, as exploits are discovered Apple typically works quickly to fix those issue whenever possible.

Shamoon Malware : Permanently wiping data from Energy Industry Computers

 Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer's hard drive and rendering the machine unusable. Symantec would not name the victimized firm, and so far has seen the attack only in this one organization.

W32.Disttrack is a new threat that is being used in specific targeted attacks against at least one organization in the energy sector. It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable.

W32.Disttrack consists of several components:
  1. Dropper—the main component and source of the original infection. It drops a number of other modules.
  2. Wiper—this module is responsible for the destructive functionality of the threat.
  3. Reporter—this module is responsible for reporting infection information back to the attacker.
"Ten years ago we used to see purely malicious threats like this," muses Symantec researcher Liam O Murchu. The likely scenario for the victim would be an experience in which the computer is booting up, but all the files get erased, and the computer collapses into a non-bootable state.

Saudi Arabia-based Saudi Aramco, the world’s largest crude exporter, was reportedly hit by a computer virus this week that entered its network through personal computers. Shamoon is unusual because it goes to great lengths to ensure destroyed data can never be recovered, something that is rarely seen in targeted attacks. It has self-propagation capabilities that allow it to spread from computer to computer using shared network disks. It overwrites disks with a small portion of a JPEG image found on the Internet.

twitter Subscribe for latest Updates Your Friend can help Investigators to Access your Facebook Profile

If you’re not already particularly picky about who you friend on Facebook, you might want to think about rejiggering those privacy settings. It's not the backdoor access that the FBI has been pushing for, but US District Judge William Pauley III has now ruled that it and other law enforcement agencies are entitled to view your Facebook profile if one of your "friends" gives them permission to do so.

As GigaOm reports, a New York City federal judge ruled in a recent racketeering trial that it’s legal for police to view your Facebook profile if one of your friends grants them permission. Better start sniffing out the rats on your friends list.

That’s because all of that data that you think is personal really isn’t that personal after all, according to the Judge. "Colon’s legitimate expectation of privacy ended when he disseminated posts to his friends because those friends were free to use the information however the wanted including sharing it with the Government."

Both government agencies and private companies alike are mining social media to gain additional knowledge. Whether it’s a criminal investigation like this one or insurance companies reportedly combing through Facebook profiles to determine the party at fault in an auto accident, the freedom and public nature of social media can work both for and against its users.

Ultimately, users have to be aware of the public status of online information as well as the ease with which it can be obtained. Don’t post anything you don’t want to be found or seen.

Security Firm Reveals Flaw in Dirt Jumper Bot

A team of researchers has discovered a weakness in the command-and-control infrastructure of one of the major DDoS toolkits, Dirt Jumper, that enables them to stop attacks that are in progress.

The command and control (C&C) servers of the Dirt Jumper DDoS toolkit can be compromised and, in principle, completely taken over via SQL injection holes.

SQL injection involves inserting database instructions in unexpected and unprotected places, effectively taking charge of a web application's database from the outside. According to the Prolexic report, the open source penetration testing tool sqlmap can be used to dump the contents of Dirt Jumper's database configuration file in a matter of seconds, revealing administrative usernames and passwords.

The company's research includes Dirt Jumper v.3, Pandora and Di BoT. According to Prolexic, the Dirt Jumper family of DDoS botnet kits was originally authored by an individual who uses the handle ‘sokol.’ Various versions of Dirt Jumper were sold privately and leaked to the public.

"DDoS attackers take pride in finding and exploiting weaknesses in the architecture and code of their targets. With this vulnerability report, we've turned the tables and exposed crucial weaknesses in their own tools," said Prolexic's CEO, Scott Hammack.

Pandora can be used to launch five different attack types, including a combination of techniques against the web application and infrastructure layers of targeted websites. Dirt Jumper seems to have overtaken rivals to become one of the most successful DDoS toolkits available on the Russian underground.

"Construction of a new variant of Dirt Jumper is relatively easy, only requiring basic knowledge of Delphi, a basic understanding of PHP and MySQL, and U.S. $5,000 to purchase the Dirt Jumper builder source code".

Google engineers Warn Of Serious Unpatched Adobe Reader Flaws

Adobe has missed dozens of vulnerabilities in Reader in this week’s Patch Tuesday run according to Google engineers who reported the flaws. Sixteen vulnerabilities still affected the Windows and Mac OS X versions, while 31 critical and “trivially exploitable” bugs were found in the Linux application.

Of particular concern to Google’s Mateusz Jurczyk and Gynvael Coldwind are bugs in Reader for Linux, although other issues affect versions for Windows and OS X. For the Linux version, which went completely unpatched, Adobe and Google have been working together to counter 14 “new unique crashes” and nine “test-cases” that were potentially exploitable for remote code execution.

When Adobe released a new version of Reader for Windows and Mac OS X earlier this week, it patched 12 vulnerabilities, but another 16 remained unpatched. Jurczyk and Coldwind decided to come forward with information on those flaws in the interest of user safety, as Adobe has no plans to issue additional out of band updates before 27 August.
Considering that fixing the first twenty four crashes took twelve unique code fixes, it is expected that the remaining crashes might represent around eight more unique problems. Adobe plans to fix these remaining bugs and issue an update for the Linux version of Reader in an upcoming release,” the Google researchers said.

Adobe released new versions of Adobe Acrobat, Reader, Shockwave, and Flash to patch security holes in those products as well.

Check out the details of the Microsoft and Adobe security bulletins to figure out which ones apply to you, and prioritize the patches that are most critical or have the greatest potential to impact your PCs.

MyAgent Trojan Targets Defense and Aerospace Industries

 FireEye Security experts are analyzing a targeted trojan that leverages emailed PDF files to gain access to systems and deliver its payload to specified networks in the aerospace, chemical, defense and tech industries.

"We have seen different versions of this malware arriving as an exe inside a zipped file or as a PDF attachment. In this particular sample, the exe once executed opens up a PDF file called "Health Insurance and Welfare Policy." In addition to opening up a PDF file, the initial exe also drops another executable called ABODE32.exe (notice the typo) in the temp directory."
MyAgent+Trojan+Targets+Defense+and+Aerospace+IndustriesThe malware also uses JavaScript to assess which version of Adobe Reader is currently running on the host machine, and then executes attacks based on known vulnerabilities in the discovered version. Once the trojan has infected its host machine, it communicates with its command and control server, the user agent string and URI of which are hard-coded into MyAgent’s binary.

FireEye reports that most of the payloads are detected by updated antivirus software, based on research executed by running the binaries through VirusTotal.

Bafruz trojan vs Microsoft : Malicious Software Removal Tool Updated

 There's a new family of malware that's using a complex set of capabilities to disable antimalware and listen in on sessions between users and some social networks. Bafruz is essentially a backdoor trojan that also is creating a peer-to-peer network of infected computers.

Microsoft has announced that its Microsoft Malicious Software Removal Tool has recently been modified to detect two new malware families, Matsnu and Bafruz.

The payload seems to start by terminating a long list of security processes listed in its code. It then displays a fake system alert that looks like that of any standard rogue AV attack.

The device actually restarts in Safe Mode. Here, the malware can disable all the security products more easily, allowing it to perform its other tasks without being interrupted.

"This may lead the user into believing all is well with their security product, while in the meantime, Bafruz is downloading additional components and malware onto the computer in the background through its P2P network," Microsoft.

Microsoft has now added Bafruz to the list of threats detected by its Malicious Software Removal Tool.The update came Tuesday, along with nine patches for 26 security vulnerabilities.

Airport VPN hacked using Citadel malware

 It sounds like an air traveler’s nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network (VPN) credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being investigated by law enforcement.

Many businesses use VPNs to provide outside workers with access to secure data. Incursions on these networks often involve advanced “Man in the Browser” malware such as the Citadel, Zeus, and SpyEye programs. The man-in-the-browser (MITB) assault first used form-grabbing malware, which steals data entered into web forms before it is passed over the internet, to steal the airport employees' VPN usernames and passwords, Amit Klein, Trusteer's chief technology officer, said in a blog post.

“This was potentially very dangerous, but we don’t know whether the attacker group was targeting the financial system of the airport for economic gain or if the attack was terrorism-related,”

The airport VPN was immediately disconnected after officials there were made aware of the breach and authorities are investigating.

The product that the airport was using to provide strong authentication for employees gave each user two choices: log in with a username and a one-time password that's sent via SMS or a smartphone app; or log in using a CAPTCHA-like image of 10 digits that the user maps to his own static password. The Citadel malware used the screen-capture tactic to defeat this.

"This security measure prevents the form grabber from capturing the actual static password. This is where the screen capturing feature in Citadel kicks in," Klein said.

Trusteer doesn't know who the attackers are and what they are after, but Kedem says they could be trying to gather intelligence on airport security processes, or even the border customs service.He says the attack appears to be very targeted, and the bottom line is that VPN connections are not safe.

In addition to using endpoint cybercrime prevention software, Kedem also advises users to abide by standard practices for preventing infection: avoid opening unknown attachments or clicking links in emails.

BackTrack 5 R3 Released - Download Now !

 The latest version of Backtrack is out! Check out Backtrack 5 R3!

The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.

Backtrack Team have released a single VMware Image (Gnome, 32 bit), for those requiring other VM flavors of BackTrack.

Download BackTrack 5 R3

FinFisher spyware found running on computers all over the world

 FinFisher, a software application used by law enforcement agencies for surveillance, appears to be far more widespred than originally thought.Sold by British company Gamma Internationl Gmbh, FinFisher secretly monitors computers by turning on webcams, recording everything the user types with a keylogger, and monitoring Skype calls.

It can also bypass popular antivirus products, communicate covertly with remote servers, record emails, chats, and VOIP calls, and harvesting data from the hard drive. 
On Wednesday, computer security company Rapid7 researcher Claudio Guarnieri shared new details of the workings of FinFisher, a piece of malware sold by UK contractor Gamma Group to government agencies. He found FinFisher servers at work in Australia, Czech Republic, United Arab Emirates, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar, and the United States.
Rapid7 has published the IP addresses and communication "fingerprint" of the command and control servers it has discovered. The information can be used in intrusion detection systems. "If you can identify those networks actually communicating with those IPs, it most likely means some of the people on those networks are being spied on in some way," Guarnieri said.

Muench, who is based in Munich, has said his company didn’t sell FinFisher spyware to Bahrain. He said he’s investigating whether the samples used against Bahraini activists were stolen demonstration copies or were sold via a third party.

Researchers uncover security holes in China-based Huawei routers

 Routers made by China-based Huawei Technologies have very few modern security protections and easy-to-find vulnerabilities, two network-security experts stated at the Defcon hacking convention.

Huawei is one of the fastest-growing network and telecommunications equipment makers in the world. The vulnerabilities were discovered and presented by Felix Lindner and Gregor Kopf of the security firm Recurity Labs. They talks about three vulnerabilities demonstrated at the Defcon conference, which included a session hijack, a heap overflow, and a stack overflow, and the discussion of more than 10,000 calls in the firmware code that went to sprintf, an insecure function.

The problem is due to the use of "1990s-style code" in the firmware of some Huawei VRP routers, he said. (The models are the Huawei AR18 and AR 29 series). With a known exploit, an attacker could get access to the systems, log in as administrator, change the admin passwords and reconfigure the systems, which would allow for interception of all the traffic running through the routers.

Both Lindner and Kopf have criticized Huawei for not having a security contact, as well as for its lack of security advisories for its products. Additionally, the researchers say firmware updates don't talk about bugs that may have been fixed.
A U.S.-based Huawei representative provided CNET with the following statement:
We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims. Huawei adopts rigorous security strategies and policies to protect the network security of our customers and abides by industry standards and best practices in security risk and incident management. Huawei has established a robust response system to address product security gaps and vulnerabilities, working with our customers to immediately develop contingency plans for all identified security risks, and to resolve any incidents in the shortest possible time. In the interests of customer security, Huawei also calls on the industry to promptly report all product security risks to the solutions provider so that the vendor's CERT team can work with the relevant parties to develop a solution and roll-out schedule.

Anonymous hackers target Australian Intelligence and ASIO websites

 Hacking group Anonymous claimed to have shut down a computer server belonging to Australia's domestic spy agency ASIO, reportedly briefly closing down access to its public web page. The Australian Security Intelligence Organization acknowledged some disruption to its website.

The ASIO website was down for about 30 minutes after the attack and is now operating slowly or not at all. It appears the attack may be ongoing, but ASIO’s technical staff are recovering the situation.

Anonymous has been claiming on its Twitter feed over the past few days that it was able to bring down several sites, including ASIO's. It wrote: "asio.gov.au has been down for some time now, And will be for the rest of the day!"

It appeared linked to a controversial government plan to store the web history of all Australians for up to two years which was shelved Thursday until after the 2013 elections.

The group Anonymous, which is believed to be a loosely affiliated network of “hacktivists”, has attacked sites around the world including those of MasterCard and Visa, the US Justice Department, and the Tunisian and Yemen governments.

In 2011, ASIO revealed it had established a cyber intelligence unit although it is believed to have been operating for some time before it was announced.

Kaspersky Labs uncover 'Gauss' Espionage Malware hits Middle East banks

 A new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm.

After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It’s been dubbed Gauss (although Germanic-linguistic purists will no doubt be complaining that it should be written Gauß).

Gauss is a complex cyber-espionage toolkit, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following functions:
  • Intercept browser cookies and passwords.
  • Harvest and send system configuration data to attackers.
  • Infect USB sticks with a data stealing module.
  • List the content of the system drives and folders
  • Steal credentials for various banking systems in the Middle East.
  • Hijack account information for social network, email and IM accounts.
Kaspersky+Labs+uncover+'Gauss'+Espionage+Malware+hits+Middle+East+banksThe researchers at Russia-based Kasperky Labs who discovered it have christened it Gauss, and say it is aimed at pinching the pocketbooks of its intended targets, whoever they may be, by stealing account information of customers of certain banks in Lebanon, but also customers of Citibank and of PayPal.

An analysis of the new malicious software shows it was designed to steal data from Lebanese lenders including the Bank of Beirut (BOB), BomBank and Byblos Bank, Kaspersky said. Gauss has infected 2,500 machines, while Flame hit about 700.

Two groups Russian-based Kaspersky Labs, which first published information on Gauss and Flame, and the Hungarian research lab Crysys are detecting the malware by looking for a font that shows up on infected machines called Palida Narrow.Roel Schouwenberg, senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file.

Have a look on  relationship between Flame, Gauss, Stuxnet and Duqu:

One of the firm's top researchers said Gauss also contains a module known as "Godel" that may include a Stuxnet-like weapon for attacking industrial control systems. Kaspersky researchers said Gauss contained a “warhead” that seeks a very specific computer system with no Internet connection and installs itself only if it finds one.

*Image credit Kaspersky Lab

Zeus malware targeting BlackBerry and Android devices

 Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices.

Zitmo (Zeus in the mobile) is the name given to the mobile versions of Zeus, and it's been around for a couple of years already, mostly infecting Android phones. The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on.

ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers’ own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called ‘Zertifikat’.

Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data. Kaspersky found mobile users in Spain, Italy and Germany were targeted by these fresh variants, with two command and control (C&C) numbers found on Sweden’s Tele2 operator.
"The analysis of new Blackberry ZitMo files showed that there are no major changes. Virus writers finally fixed grammar mistake in the ‘App Instaled OK’ phrase, which is sent via SMS to C&C cell phone number when smartphone has been infected. Instead of ‘BLOCK ON’ or ‘BLOCK OFF’ commands (blocking or unblocking all incoming and outgoing calls) now there are ‘BLOCK’ and ‘UNBLOCK’ commands. Other commands which are received via SMS remain the same." Denis Maslennikov, a researcher at Kaspersky Lab.

The tactic is designed to help the criminals circumvent the out-of-band authentication systems used by many European banks, by hijacking the one-time password authentication password sent via SMS.

Earlier this year, Kaspersky warned of a set of malicious Android applications posing as security software. Zeus was sitting behind those apps, ready to siphon off text messages.

Mariposa botnet creator goes on trial

 26-year-old Slovenian hacker known as Iserdo stands thought to have been behind the Mariposa botnet is on trial in Slovenia, charged with having masterminded an international cybercrime gang.

At its height, the Mariposa botnet infected up to 12.7 million PCs, with more than half of the Fortune 1,000 companies believed to have been compromised, including 40 major banks. Once a computer had been compromised and brought into the botnet, operators could steal information from innocent users - including credit card details and banking passwords.

Computer crime-fighting authorities had succeeded in bringing down the Mariposa botnet at the end of 2009, FBI officials worked with Spanish and Slovenian authorities to track down Mariposa's mastermind, Iserdo.

He was said to charge between $500 for basic versions of the botnet code and up to $1,300 for more advanced ones, which included customised features, such as capabilities which allowed its operators to to steal credit cards and online banking credentials.

Mariposa+botnet+creator+goes+on+trialThe code was even found to have infected 3,000 HTC handsets shipped by mobile operator Vodafone. Mariposa style botnets were built using Škorjanc's "Butterfly Bot" code, according to the Slovenian authorities, and it was sold to cyber criminals worldwide. Mariposa, the Spanish version of the botnet, was the largest and the most notorious.

Tuesday, August 7, 2012

Researcher demonstrate hardware based backdoor called Rakshasa

Security researcher Jonathan Brossard created a proof-of-concept hardware backdoor called Rakshasa that replaces a computer's BIOS (Basic Input Output System) and can compromise the operating system at boot time without leaving traces on the hard drive.

In short, firmware is software that is stored in non-volatile memory on a computer chip, and is used to initialise a piece of hardware’s functionality. In a PC, the BIOS is the most common example of firmware but in the case of wireless routers, a whole Linux operating system is stored in firmware.

Hardware backdoors are lethal for three reasons:

They can’t be removed by conventional means (antivirus, formatting).
They can circumvent other types of security (passwords, encrypted file systems).
They can be injected during manufacturing.

Rakshasa, named after a demon from the Hindu mythology, is not the first malware to target the BIOS the low-level motherboard firmware that initializes other hardware components. Rakshasa replaces the motherboard BIOS, but can also infect the PCI firmware of other peripheral devices like network cards or CD-ROMs, in order to achieve a high degree of redundancy.

Rakshasa can be installed by anyone with physical access to your hardware either at manufacturing time, or in the office with a USB stick. Fortunately, Brossard hasn’t released the code for Rakshasa but he seems fairly confident that other security groups/agencies have already developed similar tools.
Brossard built Rakshasa by combining several legitimate open-source software packages for altering firmware. Due to the efforts of programmers that have contributed to those projects, Rakshasa works on 230 different models of motherboard, says Brossard.

The only way to get rid of the malware is to shut down the computer and manually reflash every peripheral, a method that is impractical for most users because it requires specialized equipment and advanced knowledge.

Malicious Olympic 2012 Android Apps & Domains

Whenever an important event takes place, new opportunities for cyber criminals, especially for those who develop attacks based on social engineering, arise. Currently, the whole world has its eyes glued to TV screens watching the London 2012 Olympic Games.

Anti-malware and anti-virus solutions provider Webroot has issued a warning that an app app called "London Olympics Widget," which is described as an app that displays aggregated Olympic news coverage. In fact, it's really just harvesting the user's contact list and device ID while reading up on SMS messages too.

The package name is ‘com.games.London.Olympics.widget’. This app has a digital certificate claiming it was developed in New Delhi, India.

For this scam, cybercriminals create websites that are very appealing; some even look very professional that they make it seem that you are close to having access to live programming. Researchers explain that the crooks rely on black hat SEO techniques to make sure that their malicious websites show up among the first in search engine results.

The security firm has determined that close to 10,000 clicks have already been redirected to the fraudulent Olympics website.Overall, a number of 38,000 clicks have been redirected to such sites, the victims being spread out across 100 countries.

Webroot advises that consumers should take a close look at the author of the app and then search the name to see if it is in fact a reputable company and/or developer, as seen in the photo above. A way that consumers can protect themselves from becoming a victim of these types of online scams is by learning about social engineering so they can recognize it and avoid falling into these traps .

The official London 2012 mobile app can be downloaded from the site.

Pakistani hackers deface Indian Southern Railways website

Website of the Southern Railways www.southernrailway.gov.in has been defaced apparently by Pakistani hackers.

The hacker group that calls itself 'Pak Cyber Pyrates' replaced the home page of the website with a page with content that denounces India's role in Kashmir.

Indian and Pakistani hacking groups are engaged in a cyber war of sorts with websites in both the countries being regularly attacked and defaced

Cortana scripting language introduced for Cobalt Strike and Armitage

At DEFCON 20, Raphael Mudge the developer of Armitage released the most significant update to Armitage. Armitage is now fully scriptable and capable of hosting bots in acollaborative hacking engagement.

Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based company that creates software for red teams. He created Armitage for Metasploit, the Sleep programming language, and the IRC client jIRCii. Previously, Raphael worked as a security researcher for the US Air Force, a penetration tester, and he even invented a grammar checker that was sold to Automattic.

Raphael talk about Cortana scripting language for Cobalt Strike and Armitage. Cortana allows you to write scripts that automate red team tasks and extend Armitage and Cobalt Strike with new features. This technology was funded byDARPA's Cyber Fast Track program and it's now open source.

Armitage a red team collaboration tool built on the Metasploit Framework. Cobalt Strike is Armitage’s commercial big brother. Both packages include a team server. Through this team server, multiple hackers may control compromised hosts and launch attacks through one instance of the Metasploit Framework.
Using Cortana, you may develop stand-alone bots that join your red team. Cortana bots scan hosts, launch exploits, and work on compromised hosts without stepping on each other or getting in the way of their human teammates.

Cortana scripts may also extend the Armitage and Cobalt Strike clients with new features. Cortana scripts can expose hidden Metasploit features, integrate third-party tools and agents, or control other Cortana bots.

LinkedIn Data breach costs $1 million

Business networking site LinkedIn has announced it took a hit of up to $1 million due to one of the year'slargest reported data breaches. LinkedIn spent between $500,000 and $1 million on forensic work after a large number of passwords were breached, LinkedIn CFO Steve Sordello said on the company's earnings call today.

He said the 175-million-member company continued to strengthen its website's security and is expected to add $2 million to $3 million in costs in the current quarter toward those efforts.

“Part of adding value to our members every day means ensuring that their experience on LinkedIn is safe and secure,” he said.“Since the breach, we have redoubled our efforts to ensure the safety of member account on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data. The health of our network as measured by number of growth and engagement remains as strong as it was prior to the incident.”After the leak was discovered, LinkedIn reset the passwords of accounts that they believed were frozen.The stolen passwords were camouflaged using an outdated cryptographic hash function, SHA-1, created by the National Security Agency. In addition to this weakness, LinkedIn failed to add additional security layers, such as salting the passwords, a technique which randomly appends a string of characters.

Following the attack, LinkedIn confirmed in a blog post the addition of new security layers, including the salting of passwords.

Fake Syria News Posted from Hacked Reuters blog and Twitter account

On Friday, Reuters blog platform was hacked with false posts and on Saturday, the @ReutersTech account on Twitter was taken over and renamed @TechMe. False tweets were sent before it was taken down.

The first attack came Friday after Syrian hackers loyal to President Bashar al-Assad allegedly gained access to Reuters’ blogging platform, which they used to post a fake interview with rebel Free Syrian Army (FSA) leader Riad al-Assad. The interview essentially said the general was withdrawing troops after a battle.Presumably, the same hackers are responsible for also compromising a Reuters Twitter account dedicated to technology news, which has about 17,500 followers. Reuters confirmed the breach today in a tweet on its main Twitter account:Earlier today @ReutersTech was hacked and changed to @ReutersME. The account has been suspended and is currently under investigationSeveral of the updates posted on the hacked Reuters account, which claimed that rebels in the city of Aleppo had been routed and were planning a tactical retreat, closely echoed details of the fabricated reports posted on the agency’s blogs two days earlier.

The tweets themselves were mostly pro-Syrian government messages, as well as some inflammatory statements targeted at the U.S. government.

One part of the elaborate fiction was an update reporting the fake news that President Obama had signed an “executive order banning any further investigation of 9/11.”

No hacker collective has taken credit for this second breach, but still the main suspect remains the Syrian Electronic Army, a group known for heavily supporting the current government and aiding it in defending its infrastructures against hacktivists who oppose it.

Huawei and Cyber Espionage, a question of trust ?

Chinese telecoms equipment suppliers have previously been criticized for allegedly being security risks. Huawei is working with British spooks to prove that it has no backdoors in its products which would allow Chinese agents to snuffle Her Majesty's secrets.

The U.S. and Australia have made clear their distrust of one of the world’s biggest telecoms company. The Australian government, for instance, banned the company from participating in bids for its national broadband network due to potential spying threats. Huawei, which has grown to become one of today’s dominant telecommunications equipment companies, is likewise constantly under threat because of what some might call China-bashing.

Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. Huawei is becoming an increasingly powerful global player, capable of going head-to-head with the best in intensely competitive markets.Several big Chinese firms, including ZTE and China Mobile, a giant mobile operator, have attracted scrutiny. But thanks to its size and its international reach it is Huawei that gets most attention.

But according to the Economist, the centre is being used to persuade Q that equipment from the manufacturer that runs it can be trusted. GCHQ has a handy base near by. Apparenly anyone who is anyone is riding a cock horse to Banbury cross to see a Chinese company with a Western gloss.What is interesting is that Huawei staff have UK security clearances and some of them used to work for GCHQ, so the relationship in Blighty is very close.

Even Huawei suggests a proactive approach to security. “Believe no one and check everything,” says John Suffolk, former CIO of the British government and now Huawei’s global cyber-security officer. However, experts say that security flaws are difficult to find, and can sometimes be subtly embedded in the code, and possibly included by accident. As such, doubts remain.

Alleged Anonymous hacker arrested for Facebook threat

Hong Kongpolice said Sunday they had arrested a 21-year-old man believed to be a member of the international hacker group Anonymous, after he reportedly said on social networking site Facebook that he would hack several government websites.

“The Internet is not a virtual world of lawlessness,” a police spokesman said, adding that the man was required to report back to the police in October.
He faces up to five years imprisonment if found guilty.The man is a member of the global hacker group Anonymous, the South China Morning Post said. The group is said to have 20 members in the semi-autonomous Chinese territory, which guarantees civil liberties not seen on the mainland, including freedom of speech.

The police spokesman declined to confirm his link to Anonymous. The last posting on the “Anonymous HK” Facebook page on July 22 urged authorities to show “respect” to citizens.

Fake AT&T bill Scam mails leads to Blackhole exploit Malware

Massive phishing campaign targeting AT&T customers. More than 200,000 fake emails are masquerading as billing information from the giant American communication services provider. Each message claims that there is a bill of a few hundreds US dollars.

As far as phishing campaigns go, these are pretty high-quality. Unlike most error-filled fraudulent emails, these use legit-looking logos, art, wording, and are free of spelling or grammar mistakes.

Scammers are pushing out malware by trying to trick users into thinking their AT&T bill is ready. Usually with the subject "Your AT&T bill is ready to be viewed" the spam claims you owe the telecom hundreds of dollars, but really you're just at risk of getting your computer infected by the Blackhole exploit kit.

Clicking on the link in the bogus message sends the user to a compromised Web server that redirects the browser to a Blackhole exploit kit. As a result, malware is downloaded onto the computer that is currently not detected by most antivirus products.
The malware is thought to belong to the Zeus family of malware, which has infected around 13 million computers worldwide, and stolen banking information. Earlier this year Microsoft announced it led a group of companies in the takedown of botnets pushing the Zeus malware. Servers in Scranton, Pennsylvania and Lombard, Illinois were targeted.

Worryingly the malware is not being picked up by most antivirus products, meaning many users will be at risk of their machine being infected. AT&T customers are advised to be on the lookout for such emails. They look legitimate, but the links they carry hide all sorts of websites designed to serve malware.

gizmo gets hack via apples tech

Is your iCloud account secured by a good password? Please Don’t rely on the cloud. Here's a terrifying tale of modern hacking. Mat Honan, a reporter at tech site Gizmodo, was playing with his daughter when his phone went dead. Thinking it was a software glitch, he rebooted, and went to log in to his iCloud. But his password wouldn't work.He was "irritated, but not alarmed", and connected his iPhone to his MacBook Air to restore from backup. On opening his laptop, an iCal message popped up telling him his Gmail account information was wrong. The screen went grey, and he was asked for a four-digit pin, which he didn't have. By now he knew something was up, but had no idea just how much damage the hacker had done.

After presumably brute-forcing his way into iCloud, the hacker was able change the password of and gain access to Mat’s Google account, remote wipe his Macbook Air, iPhone, and iPad, get into his Twitter and then use that to get access to the Gizmodo US account.
Apparently, the hackers were able to call up AppleCare support, and reset Honan’s password:I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.
The hackers, once inside were able to wipe out all the data on his iPhone, iPad and then they remote wiped out everything on his MacBook computer and at last word he still could not get into his Gmail account. “Social engineering” he says is a fancy word for tricking the person on the other end to do what you want by making them believe that they are you.
Recommended Post Slide Out For Blogger