Indian Hackers Leaked Database of Pakistan Faisalabad Police

In a pastebin document, Indian hackers of Indian Cyber Rakshak(ICR) leaked the database of Pakistan Faisalabad Police website. The document contains log-in information such as user id, username and user type. The document also contains five FIR entries and some wanted criminals details.By the time of publishing, the document was still available and reached a total view of 217.



4chan Hacked, Hacker Targeted Moderator's Accounts

The image-based bulletin board 4chan was recently hacked.This was announced by 'moot' in a blog post. The attack took place last week and the intruder accessed administrative functions and information from one of 4Chan's databases.According to the blog post, the intruder stated that their motive was to expose the posting habits of a user who they dislike.
"After careful review, we believe the intrusion was limited to imageboard moderation panels, our reports queue, and some tables in our backend database. Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted."

The intruder accessed the credentials of three 4chan Pass users. These victims have been notified and were offered refunds and lifetime Passes.

Source:[4Chan Blog]

Firefox 29 Released, 14 Vulnerabilities Fixed

Firefox 29 is now available for download. A total of 14 security issues have been addressed. Among these, 5 of them are critical, 6 are high and 3 are moderate.
List of Vulnerabilities Fixed in Firefox 29:
  • MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
  • MFSA 2014-46 Use-after-free in nsHostResolve
  • MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
  • MFSA 2014-44 Use-after-free in imgLoader while resizing images
  • MFSA 2014-43 Cross-site scripting (XSS) using history navigations
  • MFSA 2014-42 Privilege escalation through Web Notification API
  • MFSA 2014-41 Out-of-bounds write in Cairo
  • MFSA 2014-40 Firefox for Android addressbar suppression
  • MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
  • MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
  • MFSA 2014-37 Out of bounds read while decoding JPG images
  • MFSA 2014-36 Web Audio memory corruption issues
  • MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
  • MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

We advise our readers using Firefox to update their version as soon as possible.
Source:[Mozilla]

Anonymous: #Mayday Protests[Video]

Members of Anonymous posted a video on YouTube asking citizens from around the world to join them in a global protest. Up to now, the video received only 1418 views and does not seem to attract much people.Below is the video posted along with the transcript.
Video

 
TRANSCRIPT
"Citizens from around the world, we are Anonymous.
We hereby call forth this May 1st, a Global Day Of Resistance.
We call upon every person, in every nation, every state, city, county, and street, to Unite, and to rise up.
And to take back the public commons from the oppressors.
March the streets, occupy the public space; be free and reclaim your rights as human beings.
Become part of a world-wide Global Spring;
Many events are currently moving, and this May 1st is the perfect moment to make those movements go even farther.
In fact, the list of movements and events circling around the world are endless, and each corner the concerned citizen faces, needs much needed attention.
May 1st, is a declaration of priorities, and our priority, in current society, should not be to keep a broken system running.
On May 1st, let us shake the world and the very foundations of all power and authority.
Anonymous will use all the tools at our disposal to facilitate and encourage this, Global Day of Awakening.
The internet is a vital tool of open means of communications towards connecting the 99%.
Furthermore, physical actions need to take its rise. The mental awakening has passed.
Hence, we are tired of having activists, journalists, and concerned citizens around the world get hunted, jailed, and abused.
We are tired of watching our own fall.
We are tired of banks, corporations, and it's figureheads, deciding the outcome of a country, when it should be the people who decide their countries history.
We stand alongside the occupy movement, we stand with them in this fight. This is a call of general strike; against the 1%
We ask the citizens of all nations to refrain from banks, to refrain from shopping, to boycott films, music, video games and others of category.
The 1% need to realize the essential, and that essential, is that without the 99%, without us; they are nothing.
We encourage the citizens of all nations to both organize and plan this week, and to execute their movements on May 1st.
This is a shout of may day
Spread this message. Distribute through social media. Post it to your blog. And mirror it on YouTube, Vimeo, and other video platforming sites.
1 week from today, we will show the world that unity is not dead.
Anonymous will stand with our freedom fighters from all over the world, and in unity, raise our fist to the sky and shout:
We Are Not Afraid!

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
United as One, divided by zero.
Expect us.
"

Syrian Hacker Defaced UNICEF New Zealand Blog

Syrian hacker using the codename of Dr.SHA6H defaced The United Nations Children’s Fund (UNICEF) for New Zealand official blog.This was announced by the hacker himself on his official twitter account.By the time of publishing, the blog was already restored.Mirror of the defacement has been provided below.
Website
http://blog.unicef.org.nz/
Mirror:
 http://zone-h.com/mirror/id/22249481

Viber Mobile Messenger Sends User Data Unencrypted[Video]

Security researchers from the University of New Haven (UNH) in Connecticut, US, published about security vulnerability they discovered in Viber messenger.This flaw relates to how messages,photos, videos, doodles, and location images are sent, in an unencrypted form.These data are even stored unencrypted on Viber's servers rather than being deleted immediately.
How they discovered this vulnerability?
Using a Windows PC as wifi access point, the security team was able to capture data sent between two Android devices.
Security researchers, Dr Ibrahim Baggili and Jason Moore, stated that they reported the flaw to Viber but did not receive any response from them.

Video


Update
In a statement made to CNET, Viber said that they will be releasing a fix soon for Android and iOS.
"This issue has already been resolved. It is currently in QA and the fix will be released for Android and submitted to Apple on Monday. As of today we aren't aware of a single user who has been affected by this."
CNET Article: [Click Here!]

Beware of Facebook Scam "The Rock is Dead"

Facebook scammers are back with another story in order to trick users in installing shady applications. The celebrity in the story is Dwayne “The Rock” Johnson. Researchers from Malwarebytes came across this scam on Facebook and were the one to report about it.The scam goes as follow,
R. I. P. DWAYNE JOHNSON (1972 - 2014). He died filming a dangerous stunt for FAST & FURIOUS 7. Age Restricted Video.(for 18 years old and above only),

Once the user click on the link, they are directed to a page where they are instructed to share the video on their timeline in order to be able to watch it. After sharing, users are directed to another page where they are asked to install a “Facebook Media Plugin” in order to watch the video.

According to Malwarebytes, this plug in is a potentially unwanted program. We advise our readers to ignore the Facebook scam and do not click on the link, share, and install the plugin. The Rock is not dead!

Source:[Malwarebytes]

Bangalore City Police Website Hacked By Pakistani Hacker

Pakistani hacker using the codename of H4x0r10ux m1nd hacked and defaced the official website of Bangalore City Police.The hacker left the following message on the deface page,

"? Hiya Indians !!! :-*
So This Time "Banglore City Police" Website Pwned By US .....
Hey EnDians You Had a GooD Security
But Your Fckin firewalls Cant Stop Me
Govt. Of India Its Time To Repay For what you have done to our Kashmiri Brothers
You Killed Them Just Because they Support and Want to be a part of Pakistan
You Killed Many Innocent Kashmiris In The Name Of MUJAHIDDIN. Your Army Imprisoned & Killed Many Men And Children Who Protest Against Brutatilty & Stood Up for The Freedom Of Kashmir. Raped Many Innocent Women For Their Desires & After All This You Think Kashmir Is A Part Of Baharat. We Don't Think So
Also, this Hack Is A protest Of hacking Pakistani Sites By Indian KidS....
We are Sleeping Not Dead
So Back Off From Our Cyberspace
We Are H4x0r10ux M1nd | Gujjar-PCP | Connecting Friend | MadcoDe | Haxor 99 | Ch3rn0by1 | Rummy Khan | PCA PEIN | Madleets
Free Kashmir !!!!
Pakistan Will Always Remain On the Top INSHALLAh !!!
Pakistan Zinda Bad !!!
-=- You Have Been Hacked By -=- H4x0r10ux M1n[) -=-
-=- ./Logout =-
ExPecT Me
Never forgive
Never Forget
"

By the time of publishing, the website was still holding the deface page.Mirror has been provided below.

Website:
http://bcp.gov.in/index.htm
Mirror:

Samsung Galaxy S5 Fingerprint Reader Hacked [Video]

Security researchers from SRLabs posted a video on YouTube demonstrating how they tricked the scanner with a fake fingerprint made of wood glue.They stated in the video that the same approach was used in the iPhone 5s Touch ID last year.According to the researchers, fingerprints left by the owner on the phone can be snapped with a camera giving an image of sufficient quality to print a usable mold.The wood glue is then poured into it and the replica received is then swiped on the scanner.After authentication, the attacker can use sensitive application on the phone,such as PayPal. The video below shows how the security researcher managed to trick the fingerprint scanner and uses PayPal.
PayPal responded to this video by issuing the following statement,
"PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, your eligible transactions are covered by our buyer protection policy."

Video
 
Source:[Android Community]

Teenagers Claiming To Be Part Of Anonymous Arrested in South Korea

Three persons were arrested by the South Korean National Police Agency's Cyber Terror Response Center on Wednesday.They posted a video on YouTube stating that Anonymous will be attacking Government website on April 14.
According to the police, two of them are teenagers,Kang who is 17 and Bae 14. The third is a university student of 23.The police added that they do not have any hacking skills and were arrested for threatening.
Kang told the police that he is a member of Anonymous but the police became suspicious when Anonymous denied that there are any plans to attack South Korea government websites.

Video Posted

 
 
Source:[Click Here!]

Nigerian Government Launches Computer Emergency Readiness and Response Team (CERRT.ng) Ecosystem

Last Tuesday, the Nigerian government launched the Computer Emergency Readiness and Response Team(CERRT). Its main objective is to provide support in handling cyber security incidents.
Dr. Ashiru Daura, acting Director General of Nigeria’s National Information Technology Development Agency (NITDA) said at the launch in Abuja that the CERRT.ng Ecosystem is funded by the NITDA with the objective of being a trusted intermediary organisation dedicated in providing support in cyber security incidents.
He also said,
'NITDA in keeping to its mandate looks forward to sharing the cyber related policy templates it has, encouraging interested local organisations and groups to participate in hands on global cyber-drills and focusing on empowering our youth with the knowledge and tools to develop a home grown Cyber Security Solutions industry'

CERRT.ng has three main components:
  • The Fusion Centre which will monitor the cyberspace activities
  • The Awareness/Training/Liaison Communications which will bring cyber security awareness to the Nigerian and,
  • The cyber-forensic lab to analyse incidents.

Source:[AfricaTime]

Beware of Heartbleed Spam

Users are being advised to stay alert because cybercriminals are taking advantage of the heartbleed vulnerability to get victims. They did this using their old technique, that is, spamming. Rob VandenBrink from SANS Institute published a reminder to warn users to be on their guard. He stated that he started receiving emails asking him to change his password on services where he does not have any accounts. These emails had helpful links, back-ended by malware or credential harvesting.
He is also advising users not to click on links in emails,
" Helpful emails with links in them are in most cases NOT helpful.  Don't click that link!
If it's legitimate, and especially this week, by all means browse to the affected site and change your password.  That's always a good idea.  But following an email link to a password change page is a good way to get your credentials stolen, or a good way to pick up a nice "gift" of malware.
"

What is The Heartbleed Bug?
This flaw was discovered by Neel Mehta of Google Security on Monday [07 Apr 2014].
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
"

We advise all our readers concerned to apply the fix released.

Sources:
Rob VandenBrink Advisory:[Click Here!]
Heartbleed Description:[Click Here!]

Nargis Fakhri Official Website Defaced By Pakistani Hackers

Pakistani hackers using the codename "ArYaNZ KhaN" and "H4$N4!N H4XOR" defaced the official website of Bollywood actress Nargis Fakhri.She announced the launching of her website through her official Facebook fan page. And just after one hour, the hacker announced the defacement.

By the time of publishing, the website was already restored. A mirror of how the website was at the time of defacement has been provided below.
Website defaced:
http://nargisfakhri.com/
Mirror:

Fake Antivirus Application Removed From Google Store

Researchers from Android Police are those who discovered about this fake antivirus, named, "Virus Shield". Within some weeks, the application was already #1 in the store and cost $3.99. This application reached over 10,000 downloads and was rated 4.7 stars.This application did nothing except changing the 'cross' image into a 'tick' when a user clicked the enable button. The developer made a huge amount of money with this fake security application. Users can also report fake application via the link below and we advise all readers to download and use applications from trusted and known publishers.
Researchers from Android Police have decompiled the application to show how the fake antivirus worked. They even provided a download link for the source code on their Blog for those who wanted to cross check.
Report Inappropriate Applications:[Click Here!]
Read More From Source:[Android Police Blog]

5-Year-Old Boy Discovered Vulnerability In Xbox [Video]

Kristoffer Von Hassel, a five year old boy from Ocean Beach, California, discovered a vulnerability in Microsoft Xbox last month (March). Some simple steps helped the little boy get access to his father's account. He first entered a wrong password 3 times. He was then sent on the password verification screen. There, he typed a series of space keys and hit enter. He was in.
The vulnerability was patched after both father and son reported it to Microsoft. The little boy's name was listed in the March 2014 Security Researcher's list. After that, on the April 2, his father published a video on YouTube showing how his son was logging in his Xbox live account to play games.


Egyptian Military And Government Websites Defaced

A hacker using the codename of "YMH" defaced three websites, that of the Egyptian Armed Forces Training Authority, Tourist Development Authority of Egypt and that of Military Technical College.The same deface page was uploaded on each website, on which a message in Arabic language was written.
Translated Message:
Owned by Ymh! We don’t know with whom to fight, el sisi or the Muslim Brotherhood, leave all the politics behind and enjoy yourselves a little with the tea of Om Hasan ( symbol of the reversed revolution)"

At the time of publishing, all three websites were already restored.

Websites Defaced:
http://www.mcf.mil.eg/ Egyptian Armed Forces Training Authority
http://www.tda.gov.eg/  Tourist Development Authority of Egypt
http://www.mtc.edu.eg/ Military Technical College

Mirrors:

Source:[HackRead]

Hackers Are After Journalists

BlackHat Conference Official Website

Two Google researchers, Shane Huntley and Morgan Marquis-Boire, reported that 21 of the top 25 news organisations in the world have been victims of hackers. These hackers either work for, or support, a government. The two researchers have been talking about this on Friday at the Black Hat hackers conference in Singapore.

Huntley told Reuters:
"If you're a journalist or a journalistic organization we will see state-sponsored targeting and we see it happening regardless of region, we see it from all over the world both from where the targets are and where the targets are from,"

Marquis-Boire said that these attacks normally come through emails and according to him, this is only the "the tip of the iceberg" because state sponsored hackers can find several other ways to attack journalists.

Read More From Reuters: [Click Here!]

Visitors

Free counters!

Receive all updates via Facebook. Just Click the Like Button Below...

Powered By MauriHackerS

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !