Arrested For Insulting The Mauritian Prime Minister On Facebook

A 28 year old male nurse, Gauravsing Bagwan, has been using a fake Facebook profile to insult the Prime Minister of Mauritius.This young man has been doing this for over seven months by using the name of "Girish Baboo". The cybercrime unit was able to arrest the young man today, 27th March 2013, by tracing his IP address. Mr Bagwan's computer was seized for investigation purposes.
A provisional charge of "using an information and telecommunications services for the purpose of causing inconvenience" was retained against him.The police objected to his release on bail.

Tumblr Increases Security With Two-Factor Authentication

Tumblr added two-factor authentication method for its users. This will help in keeping hackers away. In this new system, users will need their mobile phone while accessing their account. When a user needs to sign in, Tumblr will send a code to his/her mobile phone to verify the identity of the account owner.The user will have to put this code in the space provided on the log-in page. To be able to use this new feature,the user will have to enable  this his/her account settings.
By implementing this security system, Tumblr in now in-line with other services like Gmail, Dropbox, Facebook, Twitter, etc..


Turkish Government Banned Twitter, Tor Browser Usage Increases

 Last Friday the Turkish government banned twitter after users shared information about allegation of corruption against high level officials.The Turkish Finance minister,Minister Mehmet Simsek, told BBC that banning social media site "doesn't reflect well" but this was an action of necessity.
"The Turkish telecommunications watchdog has made a number of statements saying that they have asked Twitter on a number of occasions to remove some content on the back of court orders and Twitter has been refusing to comply,".."I don't think any global company, whether it's a media company, whether it's an industrial company, it shouldn't see itself [as being] above the law."

Turkish ISP has been redirecting traffic from Twitter's homepage by pointing the DNS servers to a government website where it was said that this service was blocked. Protestors have been using alternative IP addresses to access Twitter via Google's DNS, but this did not last long. Turkish government then began blocking Twitter by IP adresses.

Twitter itself informed Turkish users how to use twitter via sms.

This option as well won't last long as the government already has the ISP on its side.But users have started using VPNs and Tor Browser to be able to get access to Twitter. Tor traffic directly connecting users from Turkey has seen a rise reaching over 50,000.

Sentenced To 18 Months For Hacking And Sextortion

A 20 year old California student, Jared James Abrahams, was sentenced to 18 months in federal prison for hacking into 150 online accounts to extort young females into sending him nude photos and video. James pleaded guilty on November 12 after he was arrested by the FBI. 

According to the US attorney's office, James targeted young women he knew and found more victims after hacking into Facebook pages.

By using hacking software, James took control of the victims' email account, social network accounts and even their computers. This allowed him to remotely turn on webcams and time to time, taking pictures of the victims when they were naked. He then used these photos to extort the victims by threatening to publicly post them on their social network accounts, unless, they either sent more photos or videos, or accept a Skype session with him and did what he asked them to for 5 minutes.At least two victims consented to the Skype sessions so that their photos are not posted on the internet.

In a sentencing memo filed with the court, prosecutors wrote,
As digital devices, email accounts, and social media accounts now contain the most intimate details of the public’s daily lives, the impact of this type of hacking and extortion becomes more pronounced, troubling, and far-reaching,”... “In some cases, this type of criminal behavior can be life-changing for the victims – especially for vulnerable victims who may feel it is impossible to rebuild their tarnished reputations. Stated differently, individuals like defendant have the ability to affect a person’s life in frightening ways by using the broad reach of the Internet.

Source:[US Attorney's Office]

Google Adds More Security To Gmail

Google announced today that HTTPS connection will always be used when a person checks his/her mail. This means that no one will be able to listen your messages when they are moving to and from the Gmail server. This HTTPs connection will not be affected even if someone is using a public WiFi or logging in from either a computer, phone or tablet.
"..every single email message you send or receive—100% of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations."

"Of course, being able to access your email is just as important as keeping it safe and secure. In 2013, Gmail was available 99.978% of the time, which averages to less than two hours of disruption for a user for the entire year. Our engineering experts look after Google's services 24x7 and if a problem ever arises, they're on the case immediately. We keep you informed by posting updates on the Apps Status Dashboard until the issue is fixed, and we always conduct a full analysis on the problem to prevent it from happening again."

Google also provides security tips to users through their online Security Center. These tips help many people to stay safe online.

Source:[Google Gmail Blog]
Security Center:[Click Here!]

18 Security Issues Fixed In Firefox 28

Updates are available for Firefox. A total of 18 security issues have been fixed in this release. Among these, 5 are categorized as critical, 3 as high-impact, 7 as moderate-impact, and 3 as minor security vulnerabilities. All these were discovered by Mariusz Mlynski, VUPEN, George Hotz and Jüri Aedla at the annual Pwn2own hacking contest.These vulnerabilities affect Seamonkey and Thunderbird as well.

List of issues fixed:
  • MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
  • MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
  • MFSA 2014-30 Use-after-free in TypeObject
  • MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
  • MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
  • MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
  • MFSA 2014-26 Information disclosure through polygon rendering in MathML
  • MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
  • MFSA 2014-24 Android Crash Reporter open to manipulation
  • MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
  • MFSA 2014-22 WebGL content injection from one domain to rendering in another
  • MFSA 2014-21 Local file access via Open Link in new tab
  • MFSA 2014-20 onbeforeunload and Javascript navigation DOS
  • MFSA 2014-19 Spoofing attack on WebRTC permission prompt
  • MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
  • MFSA 2014-17 Out of bounds read during WAV file decoding
  • MFSA 2014-16 Files extracted during updates are not always read only
  • MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

We advise our readers to update their Firefox as soon as possible.

Was Flight MH370 Hijacked by Hackers?

A British anti-terror expert and a former Home Office scientific adviser, Dr. Sally Leivesley, told the Sunday Express that hackers could have hijacked the plane's system and remotely program it to either crash or land.

This is a very early version of what I would call a smart plane, a fly-by-wire aircraft controlled by electronic signals,” Dr Sally said.

It is looking more and more likely that the control of some systems was taken over in a deceptive manner, either manually, so someone sitting in a seat overriding the autopilot, or via a remote device turning off or overwhelming the systems.

According to her, such attack can be carried out using USB stick or mobile phones. A set of commands and codes are inserted. These codes can initiate a series of processes.

On the other side, German security consultant, Hugo Teso, the researcher who demonstrated that an airplanes could be remotely hijacked last year, said on his website that he doesn't think the plane was hijacked.

"I spent the last days talking with countless journalists, all of them interested on the possibility that the MH370 was victim of some kind of on board systems hack; my answer to all of them was the same: I don’t think the MH370 was hacked.
Looks like that was not what they were expecting so, as far as I know, no mentions to those interviews have been published. Not going into detail about the reasons behind my opinion, being common sense one of them, I would like to make it clear here: I don’t think the MH370 was hacked.
There is very little and incomplete information about what happened to the MH370, so let’s wait for further developments and avoid speculating with highly unlikely theories.

More can be read from Sunday Express:[Click Here!]
Hugo Teso Website:[Click Here!]

Beware of Facebook Scam : Missing Malaysian Plane Found

Scammers are taking advantage of the lost Malaysian plane to spread malware on Facebook.By clicking on the scam Facebook post, users are directed to the malicious website where they are asked to share it in order to see the video. After sharing, the user will be taken to another page whare a popup 'Security Check' window will appear where the users will be asked to prove he/she is human and complete online surveys.
We advise our readers to ignore this scam post having title “Video of Malaysia MH370 Plane found in Bermuda Triangle! Passengers alive! Breaking news video footage of this miracle just released on CNN!”.

Microsoft Pirated Software Seized In Mauritius

Illicit copies of several Microsoft software were seize in a Curepipe based company by the Anti Piracy Unit. The police also found several computers in the company running pirated software and found a specific program used to crack these software. Two people were arrested for interrogation. After the RAID, representatives of Microsoft in Mauritius issued a statement where it reminded that piracy is a crime.
"Honest businesses, which sell only original software, are unfairly disadvantaged, and in the end it's whole economy that is affected," said Marius Haman, Microsoft Digital Crime's Unit Lead for sub-Saharan Africa and the Indian ocean.
Source:[Click Here!]
Translation by Bing Translator.

North Dakota University System Hacked

In February, it was discovered that one of the servers of North Dakota University System (NDUS) was breached. This server contained details of 290,000 individuals.The hackers gained access to the server by using a compromised existing account credential in October 2013. Details such as social security numbers of current and former students, and, IDs of 784 faculty and staff members were stored on the server. After conducting forensic analysis, NDUS did not find any clue whether the hackers penetrated the system to steal data.

Based on the forensic investigation, it is likely the intruder's intent was only to use the server's processing power to launch attacks on other computers and systems. The intruder may not have even been aware that the sensitive information was stored on this server,

Even if there was no such sign, the university signed a contract with AllClear ID to provide free Identity Protection Coverage for a period of one year for all the individual who's information was stored on this particular server.The university warns all those to be very careful as they may receive phishing scams.
More can be read: [Here!]

Dendroid Tool Can Turn Android App Into Malware

Security researchers from Symantec discovered a new tool which can turn application into remote access Trojan(RAT). This Trojan is designed to target android devices only.This application was developed by a person using the codename of "Soccer" and was selling his creation for $300 in underground forums. "Soccer" also promised a 24/7 support for those using his developed RAT.
Dendroid is a HTTP RAT having a sophisticated PHP panel, and an application APK binder package. This binder has many features,once the RAT is bind to an application which is then installed on an Android device,  it can delete call logs, call a phone number, open web pages, record calls and audio, intercept messages, take and upload photos and videos, open applications, initiate DOS and change the C&C server.
Experts believe that the developer of this application has been assisted by the creator of the AndroRAT binder.
Read More From Source:[Symantec]

Acunetix Online Vulnerability Scanner Launched

Acunetix vulnerability scanner is used by a huge number of security experts to test web applications and website. Last week the organisation launched its online version of vulnerability scanner. Powered by the Acunetix core web vulnerability scanning technology, businesses of all size can test their websites and applications for security holes that could be exploited by hackers. Before purchasing it, a 14 days trial is available for those who are interested. The prices vary for the number of website you intend to scan.

Two People Arrested For Hacking And Stealing Data Of 12Million Customers

South Korean police have arrested two people who they believed have breached into the systems of KT Corp, a large telecom company of South Korea.One of the suspect name Kim and who is 29 year old used his own program to penetrate the system and accessed bank details, home addresses and employment information of the customers.The information was sold to a man of 37 year and the latter used these information to sell cell phones pretending to be a representative of the company.
They started this scheme in February 2013 and they made $10.8million out of it. KT stated that it would cooperate with the police investigation in order to "minimize the damage to its customers," and "figure out the route of information leakage."


Flexcoin Shuts Down After Hackers Robbed All Bitcoin

According to the notice on Flexcoin, a Bitcoin bank, on March 2nd, they were attacked by hackers who robbed all the coins in their hot wallet.The 896 BTC were divided into two account. As the company does not have assets, they are shutting down.
"Users who put their coins into cold storage will be contacted by Flexcoin and asked to verify their identity. Once identified, cold storage coins will be transferred out free of charge. Cold storage coins were held offline and not within reach of the attacker. "
The company also stated that they will work with law enforcement to trace the source of the hack and all further updates will be posted on their official Twitter account as soon as they are available.
Source:[Click Here!]

Russia Today (RT) Hacked, "Russian" Replaced With "Nazi" In News Headlines

An unknown group of hackers defaced today by replacing "Russians"or "Russia" word with "Nazis"or "Nazi" word in the headlines. Russia Today confirmed about the hack on their official Twitter account.
Message tweeted goes as "RT website has been hacked, we are working to resolve the problem"

Hackers targeted after the Russian parliament approved the use of military force in Ukraine Crimea. The website is funded entirely by the government of Russian Federal.At the time of publishing, the website was already restored.
Source:[Click Here!]


Free counters!


MauriHackerS - Providing Latest IT Security and Hacking News !