Latest Post

Chinese Electronic Cigarette’s Charger Spreading Malware

The electronic cigarette is nowadays easily available at a very affordable price. On eBay, we can get it for around $5. But recently, an IT Security guy has started a thread where he stated that the e-cigarette has compromised the computer of his boss, and this can be considered as the very first side effect of the electronic cigarette.

According to the thread, the malware was hard coded in the charger, giving the IT guys trouble in identifying it. The executive's system was fully protected with up to date antivirus as well as anti-malware. After trying all possible technical way to find the source of the malware, they had to ask the executive if he recently had any change in his life. The executive stated that he started using the e-cigarette which he usually charges from his computer.

And that was the answer they were looking for, the made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system.

To protect you from such risk, disable the data pins on the USB. This will prevent exchange of information.

Source:[Click Here!]
 

InfoTech 2014 Will Focus On CyberSecurity

The 21st edition of InfoTech will be held from Thursday 27 to Sunday 30 November 2014 at the Swami Vivekananda International Convention Centre, Pailles, Mauritius. Over 100, 000 is expected to visit this event. Tassarajen Pillay Chedumbrum, the actual ICT minister of Mauritius along with members of the National Computer Board stated that this year they will focus on Cyber Security, which is a key element in the field of computer science. They will seize this opportunity to inform the general public about the importance of cyber security.

With recent vulnerabilities discovered in Mauritian government website and having the government lottery website defaced twice, many will want to know what will they be talking about. IT Security professionals of the country will surely seek answers from the National Computer Board which will be present on this occasion.
 

#OpKKK Launched By Anonymous

After threatening of using lethal force against Ferguson protesters, Anonymous hackers have launched an operation called #opKKK. This was announced through a video which they posted on Youtube. By the time of publishing, the twitter account of Ku Klux Klan(@KuKluxKlanUSA) was already hijacked. And the website kkk.com was unavailable. Find below the video and the transcript.

 
Transcript
Published on Nov 17, 2014
Greetings world, we are Anonymous
KKK it has came to our unfortunate attention that you have been interfering with Anonymous.
We are not attacking you because of what you believe in as we fight for freedom of speech…
We are attacking you because of what you did to our brothers and sisters at the Ferguson protest on the 12th of November.
Due to your actions we have started Operation KKK. The aim of our operation is nothing more than Cyber Warfare. Anything you upload will be taken down, anything you use to promote the KKK will be shut down.
DDos attacks have already been sent and have infiltrated your servers over the past 2 days… d0x's have also been launched on leaders of the KKK. All information retrieved will be given to the public.
You messed with our family and now we will mess with yours…
Let the cyber war begin.
We are legion.
We do not forgive
We do not forget
Ku Klux Klan you should have expect us.
Twitter Account
 

Trojan SMS App Was On Play Store For More Than A Year

Thai Fun Content, a malicious application pretending to be a downloader for wallpapers, music and videos on Android was recently discovered on Google Play by researchers from Malwarebytes.
The Trojan application requests its victims to send SMS to a premium number in exchange of the downloaded contents. When doing so, the victims actually subscribe to a daily feed. The application was last updated on August 2013 which according to Nathan Collier from Malwarebytes, was most likely the date the application was added to Play Store.

Source: [Malwarebytes Blog]
 

18 Vulnerabilities Fixed in Flash Player

Adobe has released security updates for flash player for all platforms in which a total of 18 vulnerabilities were addressed. These vulnerabilities could allow attacker to take control of affected system. Adobe is advising all users to update to the latest version.

  • Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223.
  • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.252.
  • Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.418.
  • Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
  • Users of the Adobe AIR desktop runtime should update to version 15.0.0.356.
  • Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.356.
  • Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.356.

Several researchers were credited for discovering these vulnerabilities, namely,

  • Ian Beer of Google Project Zero (CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0589, CVE-2014-0590)
  • bilou working with the Chromium rewards program (CVE-2014-0574)
  • bilou through Verisign’s iDefense Vulnerability Contributor Program (CVE-2014-0588, CVE-2014-8440)
  • Behrang Fouladi and Axel Souchet of Microsoft Vulnerability Research (CVE-2014-8442)
  • Haifei Li of McAfee Labs IPS Team (CVE-2014-0583)
  • Liu Jincheng and Wen Guanxing of Venustech ADLAB (CVE-2014-8438)
  • Nicolas Joly (CVE-2014-0582)
  • Lucas Leong of TrendMicro (CVE-2014-0581)
  • Tavis Ormandy and Chris Evans of Google Project Zero (CVE-2014-0573, CVE-2014-0576)
  • Natalie Silvanovich, working with Google Project Zero (CVE-2014-0577)
  • SuperHei of KnownSec (CVE-2014-8441)
  • Anonymously reported (CVE-2014-8437)

Source:[Adobe]
 

Maurihackers Celebrating its 3rd Anniversary

Today, 9th November 2014, we are celebrating our 3rd anniversary. On this occasion, we would like to thank all our readers, hackers, news providers and our friends who have been supporting us during these successful years.

We are proud to be the only Mauritian website which provides news relating solely to IT security and hacking. We have been reporting several security issues lately and we promise, we will continue our work for the coming year.


Thanking you all
Maurihackers - Mauritian Hacker Society






 

The MNIC Website Is No More Available

The Mauritius National Identity Card website which has been online for more than one year is no more available. Any person visiting the website will see the message "This website is no more available." on a white plain webpage. And yet, the domain registration was recently updated, that is, on the 2014-10-28 and that for a period ending 2015-05-08. Visiting the MNIC Facebook official page, we also noticed that it was last updated on the 26th September.
This is the same website which Ish Sookun,the Linux expert reported as vulnerable, where several users' personal information were accessible. Did they abandon the project even if not all Mauritian have given their fingerprints?

We made a mirror of how the website is at the time of publishing in case they change it, http://www.zone-h.org/mirror/id/23217451

Source: [MNIC.MU]
 

The Pirate Bay Co-founder Sentenced to 3.5 Years Imprisonment

After being found guilty on Thursday, Gottfrid Svartholm Warg,aka Anakata, the co-founder of The Pirate Bay was sentenced to 3.5 years imprisonment on Friday in the largest hacking case in Denmark's history.
The prosecutor made a request of six year in jail for Warg and two years in jail for his 21 year old co defendant Dane. Dane received a 6 month sentence instead. The Court said that they hacked into the Danish systems of IT giant CSC and illegally downloaded social security numbers from Denmark’s national driving license database, illegally accessing information in a Schengen Region database and cracking police email accounts between Febuary and August 2012. Anakata argued that his computer was been used remotely to carry out the attack but Court did not accept this argument.
In 2009, Warg was sentenced to one year in jail and ordered to pay criminal damages to the music and film industry for his part in founding the website.
Source:[RT]
 

Beware of MCB Phishing Email "URGENT MVR Required for your accounts"[UPDATED]

Phishing Email Screenshot
A phishing email pretending to be from The Mauritius Commercial Bank is at the moment making the round. The email is titled as "Update: URGENT MVR Required for your accounts" and contains the official logo of the Mauritius Commercial Bank. Along with the logo and picture, the following message was written,

Dear customer,
Your account(s) is no longer active as it has been suspended due to MVR (MCB Verification Requirements).
Your attention is required to activate your account now.
Activate Account Now(Link Removed)
Thanks and have a great day.

Fake Website of the Bank

When the recipient clicks on the link provided, he/she is directed to a website looking like a legitimate MCB website where a banner having the official logo of the bank is displayed on the top of the scam webpage. Following the banner, there are several warning message which ask recipients to reactivate their account. Scrolling down, there is a form where recipients need to insert their credentials such as, USER ID, USER PASSWORD, TRANSACTION PASSWORD, EMAIL ADDRESS and EMAIL PASSWORD. After clicking on the activate button, the website is directed to a PDF file from the official website of the bank. But it seems that the PDF file is no more available on the bank's site causing the browser to freeze for around 5seconds and afterwards remaining blank. In the meantime, cybercriminals behind the phishing scam have already received your login credentials which they may use to transfer money.

We advise our readers to be alert. The email and the phishing website have been professionally designed, not leaving noticeable errors which can prove they are fakes. The only two ways to find out is to have a look at the URL, which is a porn website domain name and secondly in the email, “Thanks and have a great day.”, an official email will never use and informal way of thanking a recipient. If you think you have been a victim of this email, change your password as soon as possible and contact the bank.

We reported the email to The Mauritius Commercial Bank and received an automated reply where it stated "MCB will NEVER ask for your Internet Banking login and transaction passwords under any circumstances". This is already a confirmation that the email is a fake one.

UPDATE
Yesterday, 27 October 2014, we received confirmation from The Mauritius Commercial Bank that this is a phishing email. The content of the confirmation email goes as follows:

Dear Sir/ Madam

We acknowledge receipt of your e-mail dated yesterday, and thank you for escalating the issue to us.
This e-mail is indeed a scam whereby fraudsters aim at obtaining personal details of our customer, with the intention of carrying out fraudulent transactions on the customer’s accounts.
These fraudsters operate by sending e-mails that appear to come from the Bank.
The MCB requests you to disregard these bogus messages and not to respond to any instructions contained therein. Instead, Internet Banking customers should forthwith delete the messages.
IB customers who have responded to such messages are advised to change their password immediately and call the MCB on (230) 2026060 without delay.
May we remind you that access codes (be the “User IDs” or “passwords” for Internet Banking or “PIN” for credit and debit cards) are strictly personal and must not be revealed to third parties or used otherwise than in the appropriate authenticated environment.
Rest assure that all possible steps are taken to promptly ban the fraudulent domains and to inform our customers not to respond to these fraudulent attempts.

We reiterate our thanks for advising us of this issue and assure you of our best services at all times.
 

Mauritius Tourism Promotion Authority (MTPA) Official Website Vulnerable

Ish Sookun, Mauritian Linux enthusiast and blogger who discovered vulnerability on the MNIC website recently is back with another ‘data leaking’ discovery. The vulnerabilities this time is on the official website of Mauritius Tourism Promotion Authority (MTPA).
According to Mr Sookun, 269,146 email addresses are publicly available. This is because the directories where the files are kept on the server allow public access. As he stated in his blog post, this database would be a gold mine for spammers.
Not satisfied with this, he decided to do some further search by visiting other directories.He was once again shocked when he came across two  administrator’s unencrypted credentials, that is, usernames and plain text passwords. One was for the blog MySQL database and the other for the newsletter application.  Mr Sookun reported this issue to CERT-MU and at the time of publishing, he stated he hasn’t received any reply from them.

Source: [Click Here!]
 
 
Support : MauriHackerS | Personal Template | Smoker
Copyright © 2012. MauriHackers - All Rights Reserved
Template Created by Creating Website Powered by Hackers
Proudly powered by Hackers