Latest Post

Mauritius Tourism Promotion Authority (MTPA) Official Website Vulnerable

Ish Sookun, Mauritian Linux enthusiast and blogger who discovered vulnerability on the MNIC website recently is back with another ‘data leaking’ discovery. The vulnerabilities this time is on the official website of Mauritius Tourism Promotion Authority (MTPA).
According to Mr Sookun, 269,146 email addresses are publicly available. This is because the directories where the files are kept on the server allow public access. As he stated in his blog post, this database would be a gold mine for spammers.
Not satisfied with this, he decided to do some further search by visiting other directories.He was once again shocked when he came across two  administrator’s unencrypted credentials, that is, usernames and plain text passwords. One was for the blog MySQL database and the other for the newsletter application.  Mr Sookun reported this issue to CERT-MU and at the time of publishing, he stated he hasn’t received any reply from them.

Source: [Click Here!]
 

Dropbox Blames Third Party Services For Credentials Leaked

A series of dropbox credentials are being posted on pastebin and Reddit since Monday. These documents consist of user email addresses and passwords in plain text. In each of these pastebin documents, the hacker has been writing a message stating that there is around 6,937,081 accounts which has been hacked and has given a bitcoin account number so that people donates for the hacker to release more. The message goes as follows,
"Dropbox Hack Second Teaser.
As promised here is another batch of Hacked Dropbox accounts from close to 7 million total hacked accounts.
We will keep releasing more to the public as donations come in, show your support.
Send bitcoin donations to 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h
Enjoy! More to come. As previously, all Dropbox logins are in the same format, login:Password"

Dropbox through a blog post stated that they were not hacked. They added that the usernames and passwords were stolen from unrelated services and attackers are using these credential to try to log into dropbox accounts. Dropbox is advising its users to enable the 2 step verification in their account.

Source:[Dropbox Blog]
 

The Snappening : SnapSaved.com Hacked and Database Leaked On The Internet

SnapSaved.com is a third party service which allowed users of Snapchat to save senders image and videos without the latter knowing about it. On 11th October 2014, SnapSaved.com published a post on its official Facebook Page stating that SnapSaved.com was hacked.

The private images and videos have been leaked on Torrent and 4chan under the name of "Snappening".  The name came after the recent event where celebrities’ naked pictures were leaked on the internet, The frappening. According to the threads on 4Chan, around 200,000 pictures and videos are in this Snappening leak.

In the Facebook post, Snapsaved.com stated that they had a misconfiguration in their Apache server and that SnapChat has not been hacked. All the images are from snapsaved.com's database. Find below the full Facebook Post,

"I would like to elaborate on the recent events regarding Snapsaved.com
Snapsaved.com Was a website used to save SnapChat's, precisely as the app snapsave.
In response to recent media events and the statement made by http://pastebin.com/cJcTbNz8, I would like to inform the public that snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server.
SnapChat has not been hacked, and these images do not originate from their database.
Snapsaved has always tried to fight child pornography, we have even gone as far, as to reporting some of our
Users to the Swedish and Norwegian authorities.
As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database
Associated with it. As far as we can tell, the breach has effected 500MB of images, and 0 personal information
From the database.
The recent rumors about the snappening are a hoax. The hacker does not have sufficient information to live up to his claims
Of creating a searchable Database.
Our users had to consent to all the content they received via SnapSaved.com, as we mentioned, we tried to cleanse the database of inappropriate images as often as possible.
The majority of our users are Swedish, Norwegian and American.
I sincerely apologize on the behalf of snapsaved.com we never wished for this to happen. We did not wish to cause SnapChat or their users any harm, we only wished to provide a unique service."


 

Beware of Vodafone New Message Phishing Scam

A new phishing email pretending to be from Vodafone is at the moment making the round. This scam can make plenty of victims if it hits the right audience as Vodafone has many customers who keep the voice message service activated.

The phishing email is very simple,
"Subject: Vodafone New Message
Dear Customer,
You have one unread Message on your Online Vodafone Account.
VIEW YOUR MESSAGE
Regards,
2014 Vodafone Limited
"

The recipient is provided with a link in the mail, which redirects he/she to a fake website identical to the original login page of Vodafone. Once the recipient enters the username and password, the credentials are sent to the crooks behind the scam.  These credentials can be used to hijack accounts.

We advise our readers to be vigilant.

 

13 year old China Youngest Hacker Wants to Be a White Hat

Wang Zhengyang, only 13 and is known in his country as the youngest hacker.He has been attracting the press during the China Internet Security Conference which took place from the 24th to 25th September.
Wang who is a student from a junior high school affiliated with Tsinghua University in Beijing said that he would like to be known as an ethical hacker or a white hat. He stated that he hacked his school website to avoid submitting homework. He also hacked an online store, after he discovering a flaw, to alter the price of an item from 2500 Yuan to 1 Yuan. Wang stated that he did notify the store about the vulnerability and has not purchased the item.
Earlier this year in April, he contacted a software company in Beijing to report about vulnerabilities he discovered which could affect over 100 educational institutions in the country.

Wang said:
"I think those who hack all day for profit are immoral,".."It is interesting to look for website security risks and I am overwhelmed with joy when I find one. But I will not use my talent for something illegal."

He added,
"By attending the conference, I want the other to notice me and know that someone my age could work on internet security,"

Source:[Want China Times]
 

Beware of Red Cross Job Offer Scam Email

An email pretending to be from Red Cross is at the moment making the round in which it is saying that Red Cross is recruiting staffs. The newly recruited staff will be paid $250 / €200 per day. A series of job positions have been listed in the email and those interested are requested to fill in the 'form' and to pay an enrollment fee.

This email is not from Red Cross and we advise our readers to ignore this email if they received it. This is  a way for cyber criminals to collect easy money.

Source:[Hoax-Slayer]
 

New Android Trojan Wipes Data and Blocks Communication

Security Researchers from Dr.WEB discovered a new android malware posing as Angry Bird Transformers. It has been categorised as a "vandal programs" as researchers has not find any code which indicates that the creators of the malware will have any financial benefits from it.
These types of malicious programs are rare nowadays and are done only to show the programming skills or to make mischief. Dr.Web added the malware to its database under the name of Android.Elite.1.origin.
Once this malware is granted permission, it starts formatting the SD card. The malware also blocks access to popular messengers like whatsapp messenger, hangouts or standard SMS application by displaying a message "OBEY or Be HACKED".
Adding to these, the Trojan also sends a text message to all contacts on the device which goes as follows,
"HEY!!! [contact_name] Elite has hacked you. Obey or be hacked.
A similar text is sent as a reply to all incoming SMS from valid mobile phone numbers:
Elite has hacked you.Obey or be hacked."

We advise our readers to be cautious and to install application from trusted developers only.

Source: [Dr.WEB News]
 

Are Free Public Wifi Networks Safe?


Recently the Minister of Information and Communication Technology of Mauritius, Mr Tassarajen Pillay Chedumbrum has launched a project of providing free wifi internet connection to the public. 150 spots were identified and some of them are already operating. People in the wifi range will take full advantage of this free service. Like them, hackers will also take full advantage of this service to harvest personal information(data) of the users.
As such, to raise awareness for these free wifi users, we thought of sharing  some security risks which users may face when using free wifi connections.

Sniffing of unencrypted data
When you connect to an open wifi network, the network is normally unencrypted because you don't have to enter any password to connect. Thus, if a hacker is connected to the same free wifi network, he/she can easily see what webpages you are visiting and what form you are submitting, example logging in your Facebook account.
This is done by using network sniffing tools,which are freely available online. These tools capture packet sent and received on the network.These packet are later analysed and very often, username and passwords can be retrieved from them.

Rogue Access Point
When connecting to a public network, it is difficult to identify whether it is a legitimate network or a rogue access point. In these rogue access point, the user is sent to fake webpages identical to legitimate ones. Once the user enters his or her personal credentials, the hacker get holds of these. These credentials can be used for account hijacking.

Network File Sharing
Wrongly configuring your network file sharing option can allow other users on the same network to have access to your device and view or even copy your personal data. For example, if the folder in which you keep your pictures is visible on the network, other users will be tempted to see what's in.

Our advise

  • Do not make bank transaction on free Wi-Fi connection.
  • Do not use websites where you have to enter credentials (username and password)
  • Use up to date antiviruses.
 

Steve-O Twitter Account Hacked after Challenging iCloud Hackers

Steve-O has challenged the iCloud hackers to get into his account. Yesterday, 23 September, he twitted that he recently added some nude pictures of himself in his iCloud account and wanted to know how good the hackers were.


We noticed some minutes ago that Steve-O twitted that he is thanking twitter for getting him his account back. He even congratulated the hacker who was able to get hold of his official account.


Was the challenge accepted by hackers?
 

36th International Conference of Data Protection and Privacy Commissioners in Mauritius

Mauritius Data Protection Office is hosting the 36th International Conference of Data Protection and Privacy Commissioners. The event will take place at the Intercontinental Resort Balaclava from 13 to 16 October 2014.
Several international participants will be present and will be talking about the importance of data protection and privacy. The conference will be divided in two sessions, a closed session where only members of the committee will be able to participate, and an open session. The open session is open to the public. Those interested will have to register themselves on the official website of the 2014 Conference and complete the payment.
More can be read from official website here: [Data Protection 2014]
 
 
Support : MauriHackerS | Personal Template | Smoker
Copyright © 2012. MauriHackers - All Rights Reserved
Template Created by Creating Website Powered by Hackers
Proudly powered by Hackers