Attack on Omid Farhang

Yahoo! Voice reportedly compromised, over 453,000 credentials exposed

Thu, 12 Jul 2012 08:39:00 +0000

Übergizmo wrote: If you use Yahoo! Voice a lot – Yahoo’s VoIP service via its Yahoo! Messenger instant messaging application, then you will definitely need to hear this report. Earlier today, more than 453,000 user accounts from an unidentified service owned by Yahoo were posted on a hacker site. The hackers reportedly said that they infiltrated the subdomain by using a union-based SQL injection. But the group responsible for the security breach added that the data breach was intended to be a wake-up call for Yahoo.

LinkedIn spam, exploits and Zeus: a deadly combination ?

Thu, 14 Jun 2012 11:25:00 +0000

Is this the perfect recipe for a cybercriminal ?:

Hacking LinkedIn’s password (and possibly user-) database.
Sending an email to all obtained email addresses, which is urging you to check your LinkedIn inbox as soon as possible.
A user unawarely clicking on the link.
An exploit gets loaded. Malware gets dropped. Malware gets executed.
User’s computer is now a zombie (part of a botnet).

I would definitely say YES.
A reader of my blog contacted me today, he had received an email from LinkedIn which was looking phishy. We can verify that Step 1 is accomplished, by the simple fact that in the “To” and/or “CC” field of the email below, there are about ~100 email addresses. A quick look-up of a few of them on LinkedIn reveals the unconvenient truth…
Here’s the email in question:

The Pirate Bay hit by DDoS attack

Thu, 17 May 2012 15:33:00 +0000

File-sharing website The Pirate Bay (TPB) has been hit by a Distributed Denial of Service (DDoS) attack.

The site has been largely inaccessible for the last 24 hours, and the service is intermittent in the UK.

The Pirate Bay has confirmed the attack on its Facebook page, saying that it did not know who was behind it, although it “had its suspicions”.

A provider of DDoS defense systems said that it was unlikely that the attack came from hacking group Anonymous.

Foxconn hacked by Swagg Security

Thu, 09 Feb 2012 19:44:00 +0000

The H-Online: Hackers operating under the name Swagg Security have said they were responsible for breaching the security of Chinese electronics manufacturer Foxconn. In a posting on Pastebin, the group took credit for penetrating the systems, noting that “Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly”. The posting pointed to a 6.5 MB torrent on The Pirate Bay which contained what appears to be CSV file dumps of database tables and other text files. The files included lists of what look like customer names, accounts and plain text passwords though many of those passwords are “foxconn” or “foxconn2”.

Russian Spammers Eye World Content Show

Wed, 08 Feb 2012 20:20:00 +0000

Symantec Connect: Television channels across the world are set to be at the 14th International Exhibition and Forum, World Content Show, held Feb 7- 9, 2012, in Russia. The exhibition showcases the latest technologies and trends in the TV and telecommunication industry.

This techno-fair will be attended in large numbers by leading media businesses, and spammers don’t want to miss the opportunity to circulate spam around the event. In a bid to catch the reader’s attention, one such spam email reveals some appealing facts about the event, such as Interactive Elements, Prize Drawings, Performance of Popular Leader/Star, and Colorful Musical Concerts.

Attackers taking aim at retail and food chains

Tue, 07 Feb 2012 20:15:00 +0000

v3.co.uk: The uniform infrastructure and predictable behaviors are making corporate retail and restaurant chains the choice targets for cybercriminals.

A report from security firm Trustwave found that attackers favor companies with chains of outlets, such as those commonly found in the food and retail industries, when launching targeted attacks.

The attackers like the uniform IT infrastructure that large chains deploy at individual sites, Nicholas Percoco, head of the Trustwave’s SpiderLabs team, told V3.

Twitter Malware Attack: Photos of Dead Gaddafi

Thu, 20 Oct 2011 20:38:00 +0000

Mashable: As reports of former Libyan leader Muammar Gaddafi’s death circulate on the Internet, so is a gruesome cellphone photo of what appears to be his severely wounded body and another that appears to be his dead body. Both are likely opportunities for spammers with bad intentions.

The first photo was distributed by the news agency AFP after commanders for Libya’s transitional military, the National Transitional Council (NTC), said they had captured Gaddafi after invading his hometown of Sirte. On Thursday, an NTC spokesperson told the New York Times Gaddafi had been killed, but the U.S. State Department had still not confirmed his death as of 10:00 a.m. ET.

An update on attempted man-in-the-middle attacks

Wed, 31 Aug 2011 22:19:00 +0000

Google: Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it).
Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate.

Hacker steals user data from Nokia developer forum

Mon, 29 Aug 2011 21:03:00 +0000

H-Online: A vulnerability in its forum software has been exploited by a hacker to compromise mobile phone maker Nokia‘s developer forum. The attacker used SQL injection to access the forum database at developer.nokia.com and, according to Nokia, obtained email addresses of registered users. Where configured to be publicly available, the table also includes details such as the user’s date of birth, web site URL and Skype, ICQ or other IM username; this is reported to be the case for around 7 per cent of users. The database did not contain passwords or credit card information. The issue does not, according to Nokia, affect any other Nokia accounts.

Restricting access to net resources for "good reasons"

Sat, 20 Aug 2011 18:18:00 +0000

This article is originally posted at Norman Security Blog, Credit to my friend ‘Pondus’ for sharing.

Introduction

During recent months, we have seen several examples of attempts and suggestions to restrict access to different types of net resources, and in some cases the Internet itself. Is this a method that accomplishes its end, or is it more of a “shooting the messenger” type of action?

We shall give some examples and discuss different issues in this article.

Follow up: Hacker Gains Access To WordPress.com Servers, Site Source Code Exposed

Wed, 13 Apr 2011 23:18:00 +0000

Follow up from: Hacker Gains Access To WordPress.com Servers

Tech Crunch: WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep) to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys they’ve left in the source code.

“Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.

Hacker Gains Access To WordPress.com Servers

Wed, 13 Apr 2011 17:51:00 +0000

Tech Crunch: WordPress.com has revealed that someone has gained access to several of the their servers this morning and that VIP customers’ source code was accessible. WordPress.com customers are all on ‘code red’ and in the process of changing all the passwords/api keys they’ve left in the source code.

“Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.

Massive SQL injection attack making the rounds—694K URLs so far

Fri, 01 Apr 2011 22:23:00 +0000

Thanks to my friend, Pondus!

Ars Technica: Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000 (it’s over millions of site when you are reading this)—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases, with the result that pages served up by the attacked systems include within each page one or more references to a particular JavaScript file.

Google, Yahoo, Skype targeted in attack linked to Iran

Thu, 24 Mar 2011 11:15:00 +0000

Cnet: A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today.

Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft’s Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites–the ones that are used when encrypted connections are enabled–in some circumstances.

WordPress hit with second big attack in two days

Tue, 08 Mar 2011 11:31:00 +0000

CNET wrote: The popular blogging-site hoster WordPress was hit with another distributed denial-of-service attack this morning, the second in two days.

“Unfortunately, the DDoS attack from yesterday returned in a different form this morning and affected sitewide performance,” the company said in a notice on its Automattic site, which serves as a dashboard for the service. “The good news is that we were able to mitigate it quickly and performance returned to normal around 11:15 UTC. We are continuing to monitor the situation closely.”

Dutch police website attacked after arrest of suspected hacker

Sat, 11 Dec 2010 00:02:00 +0000

Just a day after Dutch police arrested a 16-year-old boy in connection with WikiLeaks-related denial-of-service attacks, websites belonging to the Netherlands computer crime cops and prosecutors have been struck with a similar assault.

Dennis Janus, a spokesman for the National Police Service confirmed that both the police website, and that of the National Prosector’s Office had been offline for much of the day, with many theorizing that the likely reason is a distributed denial-of-service (DDoS) attack similar to that which was launched against MasterCard, PayPal and other firms.

WikiLeaks Hit By Another DDoS Attack

Tue, 30 Nov 2010 22:11:00 +0000

Controversial whistleblower website WikiLeaks was hit by another massive distributed denial of service (DDoS) attack earlier this morning. On Sunday, the site was taken down for several hours via a sustained DDoS attack, just hours before the release of thousands of secret U.S. documents.

Responsibility for Sunday’s attack was claimed by a single hacker, the Jester, though many are skeptical that it was the work of just one person.

Today’s attack, which was initially focused on http://cablegate.wikileaks.org/, has been much more intense. At 9:00 a.m. ET, WikiLeaks tweeted, “DDOS attack now exceeding 10 Gigabits a second.”

Hacker Takes Responsibility for Wikileaks Takedown

Tue, 30 Nov 2010 21:47:00 +0000

Mashable: The distributed denial of service (DDoS) attack that took down WikiLeaks as the site published secret U.S. embassy cables over the weekend could be the work of a single hacker, working for his own agenda.

The hacker, called the Jester (or th3j35t3r), describes himself as a “hacktivist for good” and posts the message “TANGO DOWN” after a successful attack, together with a link of the sites he takes down. The focus of his attacks, the Jester claims in his Twitter Bio, is “obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys.”

WikiLeaks Targeted in DDoS Attack as Latest Leak Hits the Web

Sun, 28 Nov 2010 20:48:00 +0000

Mashable: Controversial whistleblower website WikiLeaks is reporting that it’s under a “mass distributed denial of service attack” just as its much-hyped leak of secret embassy cables has been leaked early on Twitter.

According to a tweet from the website’s official Twitter account, WikiLeaks is experiencing a DDoS attack. The reported attackers are not yet known. Several reports state that the website has been experiencing intermittent downtime. We are currently attempting to verify that WikiLeaks is indeed under attack.