Tinder Can be Hacked With Just A Phone Number

2/24/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgehEVfwVifii9PVyN4jljzRWNf7Aq9CRzeVV3M8avQnbv1-oc6BWor6hyphenhypheniWs7qwFHIp5mfvgrHB6CdYIoqPANLqrhba0FOfYD1SF0UQ9B7vbJxYuBh_Da3TuSD6fqrMkqpMADMqm-976Er/s1600/Tinder-Hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Tinder vulnerability let hackers take over accounts with just a phone number" border="0" data-original-height="640" data-original-width="960" height="425" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgehEVfwVifii9PVyN4jljzRWNf7Aq9CRzeVV3M8avQnbv1-oc6BWor6hyphenhypheniWs7qwFHIp5mfvgrHB6CdYIoqPANLqrhba0FOfYD1SF0UQ9B7vbJxYuBh_Da3TuSD6fqrMkqpMADMqm-976Er/s640/Tinder-Hacked.png" title="Tinder vulnerability let hackers take over accounts with just a phone number" width="640" /></a></div>
<br />
An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.<br />
<br />
<a href="http://www.hackerschronicle.com/search/label/Indian%20Hackers" target="_blank">Indian engineer</a> Anand Prakash, a serial bug hunter, said on Wednesday, 20 February, that a flaw in a <a href="http://www.hackerschronicle.com/search/label/Facebook" target="_blank">Facebook</a>-linked program called Account Kit let attackers access profiles armed with just a phone number. Account Kit has been implemented on Tinder and it has been used by developers to let users log on to a range of apps using mobile details or email addresses without a password.<br />
<br />
That should not have been enough for an account takeover by itself, but <a href="http://www.hackerschronicle.com/search/label/Tinder" target="_blank">Tinder</a>’s implementation of Account Kit had its own vulnerability. Tinder’s login system wasn’t verifying access tokens against their associated client ID, which meant anyone with a valid access token could take over an entire account. Chained together, the two <a href="http://www.hackerschronicle.com/search/label/Vulnerability" target="_blank">vulnerabilities </a>let researchers completely take over a Tinder account — with full access to the user’s profile and chats — starting from only a phone number.<br />
<br />
According to Prakash, an ethical hacker known for finding bugs in popular websites, until recently, there was a crack in this process that could let hackers compromise "access tokens" from users' cookies. The attacker could then exploit a bug in Tinder to use the token, which stores security details, and log in to the dating account with little fuss.<br />
<br />
Earlier this year, on 23 January, a different set of “disturbing” vulnerabilities were found in Tinder's <a href="http://www.hackerschronicle.com/search/label/Android" target="_blank">Android </a>and iOS apps by Checkmarx Security Research Team.<br />
<br />
Experts said hackers could use them to take control of profile pictures and swap them for “inappropriate content, rogue advertising or other type of malicious content.” The firm claimed that nefarious attackers could “monitor the user's every move” on the application.<br />
<br />
A bug within Tinder is problematic as the app boasts an estimated 50 million users worldwide with roughly 40 percent of them based in North America, and a million dates facilitated a week according to the website, along with 1.6 billion swipes a day.<br />
<br />
Tinder declined to comment on the specifics of the report. “Security is a top priority at Tinder,” a representative said, “However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers.”</div>

An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week. Indian engine...

Multiple Zero-Day Vulnerabilities found in GitLab

2/22/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtGtTc2n2dMoS1A8Ytl8OAzmN-_VfghE3I8KAcA2WI7I4kHBGfjS-21GBkR2a4xxZ_92HdxKzQpaOLp83aSpwsnVYx9Z47I7XTh8Sxp379v_F-XXmtaeLcl-BAwLJ2OsSLCaYnFN4511BC/s1600/Zero-Day-in-GitLab.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Domain Hijacking Vulnerability found in GitLab" border="0" data-original-height="545" data-original-width="770" height="449" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtGtTc2n2dMoS1A8Ytl8OAzmN-_VfghE3I8KAcA2WI7I4kHBGfjS-21GBkR2a4xxZ_92HdxKzQpaOLp83aSpwsnVYx9Z47I7XTh8Sxp379v_F-XXmtaeLcl-BAwLJ2OsSLCaYnFN4511BC/s640/Zero-Day-in-GitLab.jpg" title="Domain Hijacking Vulnerability found in GitLab" width="640" /></a></div>
<br />
A security researcher hijacked hundreds of GitLab domains in just a few seconds by exploiting a weakness in how the company handles domain verification -- a security issue that the company has now fixed.<br />
<br />
<a href="http://www.hackerschronicle.com/search/label/GitLab" target="_blank">GitLab</a>, a web-based git repository manager that lets developers track and collaborate on source code and project development, also allows users to host their own content and projects with a custom domain name.<br />
<br />
But the company said in a security notification on February 5 that no validation was being performed when a user added a custom domain to their GitLab accounts. In the little time that a custom domain points to a recently deleted or unclaimed GitLab repo that will be added later, the domain can be hijacked.<br />
<br />
Edwin Foudil, known as EdOverflow, and founder of security consulting firm Penultimate, drew inspiration from a bug report submitted on February 1, which contained proof-of-concept code that listed vulnerable custom domains that were pointing to GitLab. GitLab marked the initial report as informative, which according to documentation means it contains "useful information but did not warrant an immediate action or a fix".<br />
<br />
Because GitLab allows pointing an unlimited number of domains for a single repository, Foudil was able to write a short script weaponizing that initial code, allowing him to mass hijack a limitless number of domains. "This resulted in <b>700 hijacked domains and subdomains in under one minute</b>," he told ina interview. Not only that, any hijacked domain is prevented from creating a GitLab repository with that domain.<br />
<br />
That was enough to catch GitLab's attention, with the company confirming that Foudil's "valuable report" was what "triggered our response" in releasing the security notification less than a day later. "I managed to escalate the issue to the point where the issue was in fact caused by GitLab," said Foudil. "GitLab allowed mass monitoring of domains prior to them even pointing to GitLab's IP address."<br />
<br />
<span class="highlight">Foudil's report was publicly released late Wednesday after the company fixed the bug. </span><br />
<br />
Foudil also said the attack isn't just limited to domains that his script could detect. Hijacking domains was as easy as scraping the domain names of thousands of high-ranking sites. Once a domain is taken over, the attacker can serve any content they want on that domain.<br />
<br />
"The <a href="http://www.hackerschronicle.com/search/label/Exploit" target="_blank">exploits </a>are endless," Foudil said. He gave several examples where an attacker can hijack a subdomain to read and set cookies on other basenames. "I can even mine <a href="http://www.hackerschronicle.com/search/label/Cryptocurrency" target="_blank">cryptocurrency</a>," he said.<br />
<br />
Kathy Wang, director of security at GitLab, said in a phone call this week that the company took responsibility for the security issue. She added that the lack of domain verification is "a widespread problem across the industry". "Implementing domain verification is an exception not a rule -- so a lot of vendors have not yet done it," she said.<br />
<br />
GitLab switched off the feature to add custom domains until a fix was made available. The company said it estimates the fix rollout will complete by the end of the month.</div>

DevOps GitLab Hacking News News Vulnerability Zero-Day Multiple Zero-Day Vulnerabilities found in GitLab

A security researcher hijacked hundreds of GitLab domains in just a few seconds by exploiting a weakness in how the company handles doma...

Tesla's Cloud Servers Hacked to mine Cryptocurrency

2/21/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqqm-HpAKvp8ZK0vh2iwUn4veaWHvZ-jCZ9zwWH12tpXaCB3cCrUiPaS-QurepFgnip3g2A5Ak1shidzjHAecuYx2vp9mEf6KiGe9Qn9Oltl-F-KoacbQHe75_CTbsaiaFy0rcoBuIp707/s1600/Tesla-Servers-Hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Kubernetes Consoles Breached" border="0" data-original-height="455" data-original-width="1250" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqqm-HpAKvp8ZK0vh2iwUn4veaWHvZ-jCZ9zwWH12tpXaCB3cCrUiPaS-QurepFgnip3g2A5Ak1shidzjHAecuYx2vp9mEf6KiGe9Qn9Oltl-F-KoacbQHe75_CTbsaiaFy0rcoBuIp707/s640/Tesla-Servers-Hacked.png" title="Kubernetes Consoles Breached" width="640" /></a></div>
<br />
Hackers have breached Tesla cloud servers used by the company's engineers and have installed malware that mines the <a href="http://www.hackerschronicle.com/search/label/Cryptocurrency" target="_blank">cryptocurrency</a>. The incident took place last year when hackers gained access to Tesla's Kubernetes server, an open-source application used by large companies to manage API and server infrastructure deployed on cloud hosting providers.<br />
<br />
Cloud security firm RedLock —whose experts discovered the hacked server— said hackers found a "pod" inside the <a href="http://www.hackerschronicle.com/search/label/Kubernetes" target="_blank">Kubernetes </a>console that stored login credentials for one of Tesla's AWS cloud infrastructure.<br />
<br />
RedLock says the <a href="http://www.hackerschronicle.com/search/label/AWS" target="_blank">AWS </a>buckets appeared to have been storing sensitive data such as telemetry, but a Tesla Motors spokesperson told  in an email the data was from "internally-used engineering test cars only." While there's no evidence intruders stole any data, they did install a mining application that utilized the vast computational resources of Tesla's AWS servers to mine the <a href="http://www.hackerschronicle.com/search/label/Monero" target="_blank">Monero cryptocurrency</a>.<br />
<br />
A Tesla spokesperson told that the company received a notification about the incident and secured the server immediately. RedLock said today the incident took place because Tesla engineers forgot to secure the Kubernetes console with an access password.<br />
<br />
"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," Tesla said. "The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”<br />
<br />
It is very clear that these hackers knew what they were doing, as they set up a private mining pool to use for their illegal mining operations only, hid the mining pool behind CloudFlare, configured the mining software to listen for commands on a non-standard port, and throttled the mining software to use only a small portion of <a href="http://www.hackerschronicle.com/search/label/Tesla" target="_blank">Tesla's</a> AWS CPU resources. All of these configuration changes were made to avoid detection. Because they used a custom mining pool, it is unclear how much money this hacker group made.</div>

AWS Cryptocurrency Hacking News Kubernetes Monero News Tesla Tesla's Cloud Servers Hacked to mine Cryptocurrency

Hackers have breached Tesla cloud servers used by the company's engineers and have installed malware that mines the cryptocurrency ....

Hackers stole $1.8 mn from City Union Bank

2/19/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCkwDGToesin2s_-u3JKcwu7EYNjhNHZPArCZ3aLVPSbJnMEp8dlwlUaTKh-E5s3eFmmbyoUgKG2d_xPJXaXyjUkIO6aB25A9eCqXfl7fNS7GwkHt7wuP4Eh_qqmrCLa18nSolezTPTyRs/s1600/city-union-bank-hacked.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="city-union-bank-hacked" border="0" data-original-height="541" data-original-width="800" height="432" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCkwDGToesin2s_-u3JKcwu7EYNjhNHZPArCZ3aLVPSbJnMEp8dlwlUaTKh-E5s3eFmmbyoUgKG2d_xPJXaXyjUkIO6aB25A9eCqXfl7fNS7GwkHt7wuP4Eh_qqmrCLa18nSolezTPTyRs/s640/city-union-bank-hacked.jpg" title="city-union-bank-hacked" width="640" /></a></div><br />
A year after the SWIFT international bank transfer system enhanced its security, another breach has emerged: an Indian bank has confirmed that criminals gained access to its systems and made <span class="highlight">transfers totaling US$1.8 million.</span><br />
<br />
The Kumbakonam-based City Union Bank <a href="https://www.cityunionbank.com/downloads/Press_Release_swift.pdf" target="_blank">issued a statement</a> on Sunday February 18, in response to local media speculation that three unauthorized transactions were initiated by staff. In it, the bank says it suffered an attack by <span class="highlight">“international cyber-criminals and there is no evidence of internal staff involvement”.</span> The statement says the transactions took place on or before February 7, when its reconciliation processes identified the three fraudulent transactions.<br />
<br />
A transfer of $500,000 through Standard Chartered to a Dubai bank was blocked at the source. That's good news, of a sort, because SWIFT launched a scanning service designed to spot fraudulent transactions in April 2017, as part of its response to the 2016 incident that saw second-hand security kit used at Bangladesh Bank let attackers into the international funds transfer system. <span class="highlight">On that occasion, $81 million was transferred.</span> The attackers tried to steal over $1bn, but were thwarted by a typo in one of their attempted transfers.<br />
<br />
SWIFT later warned banks to tighten their security.It remained a plum target, however, and in October 2017, a Taiwanese bank had $60 million pinched. Those funds were recovered, and the attackers arrested. It appears that SWIFT's dodgy-deal-detectors worked for the transfer to Dubai. But a second made it to a Turkish bank and $1m is still missing after being transferred through a Bank of America account to a Chinese destination and withdrawn by an unknown beneficiary.<br />
<br />
The Indian consulate in Istanbul is assisting with efforts to recover funds from the Turkish transfer. City Union Bank added that its SWIFT system is back in operation with “adequate enhanced security”. Just how the alleged criminals exploited the Bank's previous security regime has not been revealed, so it is unknown if SWIFT or Union Bank is the source of the problem.</div>

City Union Bank Cyber Attack Hacking News News SWIFT Hackers stole $1.8 mn from City Union Bank

A year after the SWIFT international bank transfer system enhanced its security, another breach has emerged: an Indian bank has confirmed t...

Thousands of Jenkins Servers Hacked to mine Monero

2/18/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi30dKMYj2OqNHjon8iwHK-B2-NX3L8DMpuxaf4Uz35m9U95sYLWh6_RvDzVGhuVrhQBYPWzbBpLejYYk90VBl9AMWNMvPogHpX7d3VRjqIr5V0IUmp6dSy7nu3y_d2rB5N5Vmkbf9Pebv8/s1600/JenkinsMinerMalware.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Jenkins-Hacked-to-Mine-Monero" border="0" data-original-height="455" data-original-width="1250" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi30dKMYj2OqNHjon8iwHK-B2-NX3L8DMpuxaf4Uz35m9U95sYLWh6_RvDzVGhuVrhQBYPWzbBpLejYYk90VBl9AMWNMvPogHpX7d3VRjqIr5V0IUmp6dSy7nu3y_d2rB5N5Vmkbf9Pebv8/s640/JenkinsMinerMalware.png" title="Jenkins-Hacked-to-Mine-Monero" width="640" /></a></div>
A hacker group has made over $3 million by breaking into Jenkins servers and installing malware that mines the Monero cryptocurrency.<br />
<br />
Hackers are targeting <a href="http://www.hackerschronicle.com/search/label/Jenkins" target="_blank">Jenkins</a>, a continuous integration/deployment web application built in Java that allows dev teams to run automated tests and execute various operations based on test results, including deploying new code to production servers. Because of this, Jenkins servers are extremely popular with both freelance web developers, but also with large enterprises.<br />
<br />
A cyber security research firm announced it uncovered the footprint of a large hacking operation targeting Jenkins servers left connected to the Internet.<br />
<br />
<b>Hackers using Jenkins RCE flaw</b><br />
Attackers were leveraging <a href="https://jenkins.io/security/advisory/2017-04-26/" target="_blank">CVE-2017-1000353</a>, a vulnerability in the Jenkins Java deserialization implementation that allows attackers to run malicious code remotely without needing to authenticate first. Hackers used this vulnerability to make Jenkins servers download and install a <a href="http://www.hackerschronicle.com/search/label/Monero" target="_blank">Monero </a>miner (minerxmr.exe).<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGiJBIbSv3T6AcNnIggGFU6KI9Fa7h_RMAkL2X178JZtCNr18o3UaL6pDbIrFHphdQhExL1qczWJZima4L3odaVMSPBcfBENnzYP2UvBu0xMYyf3g12jVpeh5-tHTLbcfz8CFuWHiG5EZ3/s1600/Jenkins-Servers-Hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Jenkins-Servers-Hacked" border="0" data-original-height="438" data-original-width="894" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGiJBIbSv3T6AcNnIggGFU6KI9Fa7h_RMAkL2X178JZtCNr18o3UaL6pDbIrFHphdQhExL1qczWJZima4L3odaVMSPBcfBENnzYP2UvBu0xMYyf3g12jVpeh5-tHTLbcfz8CFuWHiG5EZ3/s640/Jenkins-Servers-Hacked.png" title="Jenkins-Servers-Hacked" width="640" /></a></div>
The miner was being downloaded from an IP address located in <a href="http://www.hackerschronicle.com/search/label/Chinese%20Hackers" target="_blank">China </a>and assigned to the Huaian government network. It is unclear if this is the attacker's server, or a compromised server used to host the miner on behalf of the hackers.<br />
<br />
The attackers have been active for months. This has allowed them to mine and already <b>cash out over 10,800 Monero, which is over $3.4 million</b>, at the time of writing.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAqpuzY6xKEdjtbSmFtVncj31DDAvoeEG1EWeQhjXtUuETPrbwk2kSmDGOM-LnQyGWO_h9yvUBMqsK8YJ89JXXivyRoJryex7oY0lESJFLvrzSy6GjANkgpdJ_SN23HSFr9OMHvLoQy1vc/s1600/Monero-Mining-Malware.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Monero-Mining-Malware" border="0" data-original-height="475" data-original-width="1175" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAqpuzY6xKEdjtbSmFtVncj31DDAvoeEG1EWeQhjXtUuETPrbwk2kSmDGOM-LnQyGWO_h9yvUBMqsK8YJ89JXXivyRoJryex7oY0lESJFLvrzSy6GjANkgpdJ_SN23HSFr9OMHvLoQy1vc/s640/Monero-Mining-Malware.png" title="Monero-Mining-Malware" width="640" /></a></div>
Researchers say the group appears to have compromised mostly Jenkins instances running on Windows operating systems.<br />
<br />
<b>Over 25,000 Jenkins servers left exposed online</b><br />
Attackers aren't the only ones who've noticed the large number of Jenkins servers available online. In mid-January, security researcher Mikail Tunç published <a href="https://emtunc.org/blog/01/2018/research-misconfigured-jenkins-servers/" target="_blank">research</a> highlighting that there were over 25,000 Jenkins servers left exposed to Internet connections at the time of his research.<br />
<br />
Also on Friday, Researchers released new research on other hackers leveraging the <b>CVE-2017-10271</b> flaw to infect Oracle WebLogic servers with malware. This vulnerability has been under active exploitation <b>since early December 2017</b>, and one group has already made <b>more than $226,000</b>.<br />
<br />
Besides Jenkins and <b>Oracle WebLogic</b> servers, hackers are also targeting <b>Ruby on Rails, PHP, and IIS </b>servers, also deploying Monero-mining malware.<br />
<br />
Monero-mining malware is already this year's biggest <a href="http://www.hackerschronicle.com/search/label/Malwares" target="_blank">malware trend/problem</a>, with numerous malware distribution campaigns spreading such payloads on any unsecured computer/server crooks can get their hands on.</div>

Cryptocurrency Hacking News Jenkins Malwares Miner Monero News Thousands of Jenkins Servers Hacked to mine Monero

A hacker group has made over $3 million by breaking into Jenkins servers and installing malware that mines the Monero cryptocurrency. H...

Russian military involved in NotPetya attacks: UK

2/16/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghzYNI6Anca1BCGPLXTKDzKA8JIHruZe9_LhR5xzxe8ZwQXo9WmTcdPFX5m1gDRJ_HRv73E1fkym1SmN75JvW1fkuPTqLa0w4zl0DvFRx01JjU-MYf3BvK9XYJvqNf-aHMNXN5ZMDQwySm/s1600/Russian+military+involved+in+NotPetya+attacks.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Russian military involved in NotPetya attacks: UK" border="0" data-original-height="450" data-original-width="800" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghzYNI6Anca1BCGPLXTKDzKA8JIHruZe9_LhR5xzxe8ZwQXo9WmTcdPFX5m1gDRJ_HRv73E1fkym1SmN75JvW1fkuPTqLa0w4zl0DvFRx01JjU-MYf3BvK9XYJvqNf-aHMNXN5ZMDQwySm/s640/Russian+military+involved+in+NotPetya+attacks.jpg" title="Russian military involved in NotPetya attacks: UK" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Russian military involved in NotPetya attacks: UK</td></tr>
</tbody></table>
<br />
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
The UK government has officially accused the Russian government of June's disruptive and hugely costly NotPetya malware attack.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
"The UK Government judges that the Russian government, specifically the <a href="http://www.hackerschronicle.com/search/label/Russian%20Millitary">Russian military</a>, was responsible for the destructive NotPetya cyber-attack of June 2017," Foreign Office minister for Cyber Security, Tariq Ahmad, said in a statement.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
"The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organizations across Europe, costing hundreds of millions of pounds."</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
Initially, NotPetya was thought to be <a href="http://www.hackerschronicle.com/search/label/Ransomeware">ransomware</a>, but security researchers quickly concluded it was more likely to be destructive <a href="http://www.hackerschronicle.com/search/label/Malwares">malware</a> designed to wipe systems.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
The UK's National Cyber Security Centre (NCSC) today revealed it came to the same conclusion, noting that the malware was only masquerading as ransomware and its main purpose was to disrupt.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
The NCSC said the Russian military was "almost certainly responsible" for the NotPetya attack.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
Shipping container firm Maersk, FedEx's Dutch delivery subsidiary TNT Express, and UK firm Reckitt Benckiser were among global firms that suffered severe disruptions and several hundred million dollars in lost revenue. However, the <b>firms</b>, however, <b>were collateral damage in the ongoing conflict between Ukraine and Russia</b>.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
Below is the flow of Petya Attack Flow : </div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfrK5YZfsqC6QuFhNHu1m9yN_VZ7bbK1oGuZ3gdTmJCRxM5MnqajYsWTSdyjs9ViXPqGXr_u29ZWWuvHag9u8MigR588GTZBzHjPW2xZEIGrzqxScUBcTeKBZNaJNzFkswON6w0bYBQ0vx/s1600/petya-attack-flow.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Russian military involved in NotPetya attacks: UK" border="0" data-original-height="424" data-original-width="800" height="338" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfrK5YZfsqC6QuFhNHu1m9yN_VZ7bbK1oGuZ3gdTmJCRxM5MnqajYsWTSdyjs9ViXPqGXr_u29ZWWuvHag9u8MigR588GTZBzHjPW2xZEIGrzqxScUBcTeKBZNaJNzFkswON6w0bYBQ0vx/s640/petya-attack-flow.png" title="Russian military involved in NotPetya attacks: UK" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Russian military involved in NotPetya attacks: UK</td></tr>
</tbody></table>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
<br /></div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
<b>NotPetya employed the NSA <a href="http://www.hackerschronicle.com/search/label/Exploits">exploits </a>for Windows known as EternalBlue and EternalRomance</b> as well as credential-dumping tools to spread internally across networks once one machine was infected. The exploits were leaked in April by The Shadow Brokers.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
The malware<b> initially infected organizations via a compromised update from Ukraine</b> accounting software provider MEDoc. Its MEDoc software is one of two accounting packages required for companies doing business in Ukraine and is widely used by Ukraine agencies.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
Maersk, which used MEDoc at its Ukraine offices, recently revealed it was forced to reinstall 45,000 PCs, 4,000 servers and 2,000 applications hit by NotPetya. The company reported losses of $300m due to the incident.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
NCSC notes that Ukraine's financial, energy and government institutions bore the brunt of NotPetya. However, the "indiscriminate design" of the malware caused it to spread to other European and Russian businesses.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
Though it is unusual to officially blame another nation for a cyber attack, the US and Five-Eye partners blamed the WannaCry ransomware attack on North Korea. The idea, in part at least, is to name and shame nation-state attackers for their actions.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
<b>Russia and North Korea have consistently denied responsibility for the NotPetya, WannaCry, and other cyber attacks.</b></div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
The UK's Ahmad said the Kremlin has positioned Russia in direct opposition to the West.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
"It doesn't have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather than secretly trying to undermine it," he said.</div>
<div style="background-color: white; color: #080e14; font-family: Raleway, sans-serif; font-size: 18px; line-height: 30px; margin-bottom: 21px;">
"The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm."</div>
</div>

Hacking News Malwares News notPetya Ransomware Russian Hackers Russian Military Russian military involved in NotPetya attacks: UK

Russian military involved in NotPetya attacks: UK The UK government has officially accused the Russian government of June's di...

Millions of android devices Hacked

2/15/2018 The Hackers Chronicle 0

Android Cryptocurrency Hacking News Malwares News Millions of android devices Hacked

Millions of android devices Hacked The Android operating system and its apps are usually more exposed to security problems and the pr...

Western Union Money Transfer, Hacked

2/14/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpuAeT0_k1iZ9oL_nMOItMpEKtDe1t1oZ5fH2p9Yc7WrANYtc_enEGiSKIQ55TfJ-NmhT3Q6_FJk9DwIerAFLmaPCZHzPjbYpark9xpyPfIreyirI3DIc2LAUQQTW_tMbWA9yNviuWh30/s1600/WU_hacked.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="512" data-original-width="800" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpuAeT0_k1iZ9oL_nMOItMpEKtDe1t1oZ5fH2p9Yc7WrANYtc_enEGiSKIQ55TfJ-NmhT3Q6_FJk9DwIerAFLmaPCZHzPjbYpark9xpyPfIreyirI3DIc2LAUQQTW_tMbWA9yNviuWh30/s640/WU_hacked.jpg" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Western Union Money Transfer, Hacked</td></tr>
</tbody></table>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
<br />
Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants.</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
Someone, who wished to remain anonymous, showed us a copy of a letter dated January 31 that he received from the money-transfer outfit. The missive admitted that a supposedly secure data storage company used by Western Union was compromised: a database full of the wire-transfer giant's customer records was vulnerable to plundering, and hackers were quick to oblige.</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
"We have discovered that <b>some of your information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storage</b>," the letter read.</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
<br /></div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
<span style="font-size: 16.0000400543213px; line-height: 24.0000610351563px;">"We promptly moved our external secure storage to a different vendor's system. We immediately notified law enforcement, and are actively cooperating with its investigation. Expert assistance was also immediately engaged to determine what personal information may have been compromised."</span></div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
In other words, it sounds as though a <a href="http://www.hackerschronicle.com/search/label/Cloud%20Storage">cloud-based</a> or off-site backup storage provider was hacked. Now that system has been shut down, the cops alerted, and digital forensics teams are probing the network intrusion.</div>
<h3 class="crosshead" style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 1.0625em; margin: 0px 0px 5px;">
<span style="box-shadow: rgb(230, 231, 231) 0em -0.56em 0px inset;">Suspicious</span></h3>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
"Upon detecting suspicious activity, Western Union permanently discontinued all use of the vendor's system and the system was taken offline," a spokesperson for Western Union told.</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
"<a href="http://www.hackerschronicle.com/search/label/Western%20Union">Western Union</a> took immediate action upon learning of this intrusion to notify law enforcement authorities. The company has notified affected individuals and regulators as appropriate. Affected individuals received a customized notification that explains the specific types of his or her personal data that may have been affected."</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
According to the letter, the storage archive contained customers' contact details, bank names, Western Union internal customer ID numbers, as well as transaction amounts, times and identification numbers. Credit card data was definitely not taken, it stressed.</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
<i>El Reg</i> tweeted a redacted copy of the letter earlier this week:</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVrNxpVuL9cK13AgvKiH_UJiZswdFY6KOAXN2MDQ2fo2E7YUK7fj9eAWdPvJDPmO0dWVGME_LGJ-_pxm4JQPHvx2S8nPKhb1nZwWbQ2gR5XJzfRdS_xRF343Kw4dHMGph60yyMdOBnirsU/s1600/DV3ExpCVwAAp3Mg.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Western Union Money Transfer, Hacked" border="0" data-original-height="899" data-original-width="1199" height="478" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVrNxpVuL9cK13AgvKiH_UJiZswdFY6KOAXN2MDQ2fo2E7YUK7fj9eAWdPvJDPmO0dWVGME_LGJ-_pxm4JQPHvx2S8nPKhb1nZwWbQ2gR5XJzfRdS_xRF343Kw4dHMGph60yyMdOBnirsU/s640/DV3ExpCVwAAp3Mg.jpg" title="Western Union Money Transfer, Hacked" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><br /></td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
<span style="font-size: 16px;">The </span><b style="font-size: 16px;">red-faced biz was quick to point out that none of its internal payment or financial systems were affected in the attack</b><span style="font-size: 16px;">. It also isn’t saying who the third-party storage supplier was, giving other customers of the slovenly provider time to check whether or not they have been hacked too.</span></div>
<div style="background-color: white; font-family: Arimo, Arial, FreeSans, Helvetica, sans-serif; font-size: 16.0000400543213px; line-height: 24.0000610351563px;">
Western Union says that, so far, it isn't aware of any fraudulent activity stemming from the data security cockup, but just to be on the safe side it is enrolling affected customers in a year of free <a href="http://www.hackerschronicle.com/search/label/Identity%20Theft">identity-fraud</a> protection. </div>
</div>

Cloud Storage Cyber Attack Data Leak Hacking News News Western Union Western Union Money Transfer, Hacked

Western Union Money Transfer, Hacked Western Union has confirmed one of its IT suppliers was hacked, and that customer information ...

Zero-day vulnerability found in Telegram

2/13/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA-cNL6Fal2i1LFz43EYL7drbl57ZLgqrdAbHhdmybDGTagsG4C6Qvx_TTS5FgwQx7SMTlAIX-brWQ4pHGnAotzHZDZF_fKnWxDOBkGxr8sFLhQOXyGuoQVR0h06wHrsIZ_FwwcA0hfPX1/s1600/telegram-zeroday-vulnerability.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="466" data-original-width="732" height="404" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA-cNL6Fal2i1LFz43EYL7drbl57ZLgqrdAbHhdmybDGTagsG4C6Qvx_TTS5FgwQx7SMTlAIX-brWQ4pHGnAotzHZDZF_fKnWxDOBkGxr8sFLhQOXyGuoQVR0h06wHrsIZ_FwwcA0hfPX1/s640/telegram-zeroday-vulnerability.png" width="640" /></a></div>
<br />
Research conducted by Kaspersky showed that the zero-day flaw was based on the <a href="https://www.fileformat.info/info/unicode/char/202e/index.htm" target="_blank">RLO </a>(right-to-left override) Unicode method, which is generally used for coding languages written from right to left, such as Arabic and Hebrew. However, it can also be used by hackers to dupe unknowing recipients into downloading malware, for example disguised as images.<br />
<br />
Kaspersky analysts identified “several scenarios of <a href="http://www.hackerschronicle.com/search/label/Zero-Day" target="_blank">zero-day</a> exploitation in the wild by threat actors.” The threats identified were two-fold. First, the exploit was used to deliver mining software, allowing hackers to use the victim’s machine to mine <a href="http://www.hackerschronicle.com/search/label/CryptoCurrency" target="_blank">cryptocurrency </a>including “Monero, Zcash, Fantomcoin and others.”<br />
<br />
Second, a backdoor was installed allowing <a href="http://www.hackerschronicle.com/search/label/Cyber%20Crime" target="_blank">cybercriminals </a>to gain remote access to the victim’s computer after which it started to “operate in a silent mode,” allowing “the threat actor to remain unnoticed in the network and execute different commands, including the further installation of spyware tools.”<br />
<br />
Kaspersky says its analysis suggests the cybercriminals are of <a href="http://www.hackerschronicle.com/search/label/Russian%20Hackers" target="_blank">Russian </a>origin, and the company has offered some tips to protect your PC against attack.  These include not downloading and opening unknown files from untrusted sources, avoiding sharing sensitive personal information in messenger apps and making sure to have reliable antivirus software installed on your machine.<br />
<br />
It appears that only Russian cybercriminals were aware of this <a href="http://www.hackerschronicle.com/search/label/Vulnerability" target="_blank">vulnerability</a>, with all the exploitation cases that we detected occurring in Russia. Also, while conducting a detailed research of these attacks we discovered a lot of artifacts that pointed to involvement by Russian cybercriminals.</div>

Hacking News Malwares News Russian Hackers Telegram Vulnerability Zero-Day Zero-day vulnerability found in Telegram

Research conducted by Kaspersky showed that the zero-day flaw was based on the RLO (right-to-left override) Unicode method, which is gen...

New AndroRAT found, exploiting Rooting Vulnerability

2/13/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQaGho1rE0MYQqEGOAPLEjLxhg3aSXXE0WWpln3Vjy1GTlEcjUDJ9AR4Hwe1Gy-XrSiCg-avCQOt8RYwD6MABqpfekK-k-HBHikdwSv3Kdk1s8kVsu9TgZX4r-m90syf-YyYRwJ_o14zI/s1600/AndroRAT_malware.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="468" data-original-width="888" height="336" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQaGho1rE0MYQqEGOAPLEjLxhg3aSXXE0WWpln3Vjy1GTlEcjUDJ9AR4Hwe1Gy-XrSiCg-avCQOt8RYwD6MABqpfekK-k-HBHikdwSv3Kdk1s8kVsu9TgZX4r-m90syf-YyYRwJ_o14zI/s640/AndroRAT_malware.jpg" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">New AndroRAT found, exploiting Rooting Vulnerability</td></tr>
</tbody></table>
<br />
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a>, a publicly disclosed vulnerability in 2016 that allows attackers to penetrate a number of older Android devices to perform its privilege escalation.</div>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
RATs have long been a common Windows threat, so <b>it shouldn't be a surprise that it has come to Android</b>. A RAT has to gain root access — usually by exploiting a <a href="http://www.hackerschronicle.com/search/label/Vulnerability">vulnerability </a>— in order to have control over a system.<b> Discovered in 2012, </b>the original authors intended AndroRAT — <a href="https://forum.xda-developers.com/android/apps-games/androrat-remote-administration-tool-t2734932">initially a university project </a>— as an open-source client/server application that can provide remote control of an <a href="http://www.hackerschronicle.com/search/label/Android">Android </a>system, which naturally attracted cybercriminals.</div>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
This new variant of AndroRAT disguises itself as a malicious utility app called TrashCleaner, which is presumably downloaded from a malicious URL. The first time TrashCleaner runs, it prompts the Android device to install a Chinese-labeled calculator app that resembles a pre-installed system calculator. Simultaneously, the TrashCleaner icon will disappear from the device’s UI and the RAT is activated in the background.</div>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG_dFWhyphenhyphenokqpobyjnG8ynbQ2gJGlFK11zcZUGVZRcQluN7XUjJKE6QJpM4_oZDL2slP-VbLmcPWQauu9k4m40AcPBCGEsahR95UiL8Ah3vKqdsfZryffr1jZCtX67C1F_fL7P398YFAi0/s1600/TrachCleaner.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="139" data-original-width="129" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG_dFWhyphenhyphenokqpobyjnG8ynbQ2gJGlFK11zcZUGVZRcQluN7XUjJKE6QJpM4_oZDL2slP-VbLmcPWQauu9k4m40AcPBCGEsahR95UiL8Ah3vKqdsfZryffr1jZCtX67C1F_fL7P398YFAi0/s1600/TrachCleaner.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Icon of the malicious TrashCleaner</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4YyKssi2ASFC2VtKhwr6OrsRdetN-0OFhEBujZLtuPEGGny5IfUh71z7WEPt08JFrb8zUcBwui-oAZNQRq3XMwXyJXF0DvV4EYLS3duKHxSMFHvtq_lPCEk55mbE13HhuZvkWrdQoE3Q/s1600/AndroRAT_Calculator.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="147" data-original-width="111" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4YyKssi2ASFC2VtKhwr6OrsRdetN-0OFhEBujZLtuPEGGny5IfUh71z7WEPt08JFrb8zUcBwui-oAZNQRq3XMwXyJXF0DvV4EYLS3duKHxSMFHvtq_lPCEk55mbE13HhuZvkWrdQoE3Q/s1600/AndroRAT_Calculator.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Icon of the Chinese-labeled calculator app</td></tr>
</tbody></table>
</div>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
The configurable RAT service is controlled by a remote server, which could mean that commands may be issued to trigger different actions. The variant activates the embedded root exploit when executing privileged actions. It performs the following malicious actions found in the original AndroRAT:</div>
<ul style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Record audio</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Take photos using the device camera</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of system information such as phone model, number, IMEI, etc.</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of WiFi names connected to the device</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of call logs including incoming and outgoing calls</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of mobile network cell location</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of GPS location</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of contacts list</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of files on the device</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of list of running apps</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of SMS from device inbox</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Monitor incoming and outgoing SMS</li>
</ul>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
Apart from the original features of the <a href="http://www.hackerschronicle.com/search/label/AndroRAT">AndroRAT</a>, it also performs new privileged actions:</div>
<ul style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of mobile network information, storage capacity, rooted or not</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of list of installed applications</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of web browsing history from pre-installed browsers</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of calendar events</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Record calls</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Upload files to victim device</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Use front camera to capture high resolution photos</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Delete and send forged SMS</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Screen capture</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Shell command execution</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Theft of WiFi passwords</li>
<li style="background: transparent; border: 0px; list-style: disc; margin: 0px; outline: 0px; padding: 0px 0px 5px; vertical-align: baseline;">Enabling accessibility services for a key logger silently</li>
</ul>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
<b style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><i style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Targeting CVE-2015-1805</i></b></div>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
Google already <a href="https://source.android.com/security/advisory/2016-03-18">patched </a>CVE-2015-1805 in March 2016,<b> but devices that no longer receive patches or those with a long rollout period are at risk of being compromised by this new AndroRAT variant. </b> Older versions of Android, which are still being used by a significant number of mobile users, may still be vulnerable.</div>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
<b style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><i style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Indicators of Compromise (IoCs)</i></b></div>
<table style="background: rgb(255, 255, 255); border-collapse: collapse; border-spacing: 0px; border: 1px solid rgb(228, 228, 228); color: #777777; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; width: 619px;"><tbody style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<tr style="background: rgb(241, 241, 241); border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="295"><b style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">SHA256</b></td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="108"><b style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">App Label</b></td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="187"><b style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Package Name</b></td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="295">2733377c14eba0ed6c3313d5aaa51171f6aef5f1d559fc255db9a03a046f0e8f</td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="108">TrashCleaner</td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="187">com.cleaner.trashcleaner</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="295">fde9f84def8925eb2796a7870e9c66aa29ffd1d5bda908b2dd1ddb176302eced</td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="108">TrashCleaner</td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="187">com.cleaner.trashcleaner</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="295">2441b5948a316ac76baeb12240ba954e200415cef808b8b0760d11bf70dd3bf7</td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="108">TrashCleaner</td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="187">com.cleaner.trashcleaner</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="295">909f5ab547432382f34feaa5cd7d5113dc02cda1ef9162e914219c3de4f98b6e</td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="108">TrashCleaner</td><td style="background: transparent; border: 1px dotted rgb(228, 228, 228); margin: 0px; outline: 0px; padding: 8px; text-align: center; vertical-align: baseline; word-break: break-word !important;" width="187">com.cleaner.trashcleaner</td></tr>
</tbody></table>
<div style="background: rgb(255, 255, 255); border: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 14px; line-height: 21px; margin-bottom: 10px !important; outline: 0px; padding: 0px; vertical-align: baseline;">
<br /></div>
</div>

Android AndroRAT Hacking News Malwares News rat Rooting Trojan Vulnerability New AndroRAT found, exploiting Rooting Vulnerability

New AndroRAT found, exploiting Rooting Vulnerability Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (ide...

Winter Olympics website Hacked

2/12/2018 The Hackers Chronicle 0

Hacking News News Olympics Winter Olympics website Hacked

Winter Olympics website hacked The Pyeongchang 2018 Winter Olympics' website went down just before the event's Friday openi...

Millions of Netgear Routers Vulnerable

2/11/2018 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9Z1CuHPFx2gWwQnNmtt8u5RYO91uU3Cmb3Q5n9oefAJZR5kN-2QD85zJtbCtcL5WUEIeoeLjNvbBF0S_5111uomZufNqA48_3KEQ8RdbTAU3Y5fGt5P15xplZwYI0On9237wkjEkdGn1k/s1600/router_back_label.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="" border="0" data-original-height="192" data-original-width="750" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9Z1CuHPFx2gWwQnNmtt8u5RYO91uU3Cmb3Q5n9oefAJZR5kN-2QD85zJtbCtcL5WUEIeoeLjNvbBF0S_5111uomZufNqA48_3KEQ8RdbTAU3Y5fGt5P15xplZwYI0On9237wkjEkdGn1k/s1600/router_back_label.png" title="Netgear Routers wonderable to be Hacked" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Netgear Routers wonderable to be Hacked</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEincWcxLWVnPBm6fA4JIuoYKibbxMKRm2oSGclVczATNSqHZGWsAHd-6J6LYOIejPQh99u2fEsB0E8bl3mPGUCNYEx341q3-rSCJJ9U_2QFSU3eD8t0dE4m3sjdsgXMZD9Pg3B8IbMlRfSS/s1600/netgear_password_bypass.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="400" data-original-width="680" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEincWcxLWVnPBm6fA4JIuoYKibbxMKRm2oSGclVczATNSqHZGWsAHd-6J6LYOIejPQh99u2fEsB0E8bl3mPGUCNYEx341q3-rSCJJ9U_2QFSU3eD8t0dE4m3sjdsgXMZD9Pg3B8IbMlRfSS/s320/netgear_password_bypass.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Netgear Routers</td></tr>
</tbody></table>
<br />
<strong><span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">Security firm Trustwave has disclosed the details of several vulnerabilities affecting Netgear routers, including devices that are top-selling products on Amazon and Best Buy.</span></span></strong><br />
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">The flaws were discovered by researchers in March 2017 and they were patched by Netgear in August, September and October.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">One of the high severity vulnerabilities has been described as a password recovery and file access issue affecting 17 Netgear routers and modem routers, including best-sellers such as R6400, R7000 (Nighthawk), R8000 (Nighthawk X6), and R7300DST (Nighthawk DST).</span></span></div>
<br />
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">According to Trustwave, the web server shipped with these and other Netgear routers has a resource that can be abused to access files in the device’s root directory and other locations if the path is known. The exposed files can store administrator usernames and passwords, which can be leveraged to gain complete control of the device.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">An unauthenticated attacker can exploit the flaw remotely if the remote management feature is enabled on the targeted device. Improperly implemented cross-site request forgery (CSRF) protections may also allow remote attacks.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";"><b>Another high severity flaw affecting 17 Netgear routers, including the aforementioned best-sellers, can be exploited by an attacker to bypass authentication using a specially crafted reques</b>t. Trustwave said the vulnerability can be easily exploited.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">A flaw that can be exploited to execute arbitrary OS commands with root privileges without authentication has also been classified as high severity. Trustwave said command injection is possible through a chained attack that involves a CSRF token recovery vulnerability and other weaknesses.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">Two other command injection vulnerabilities have been found by Trustwave researchers, but they have been rated medium severity and they only affect six Netgear router models.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">One of the flaws requires authentication, but experts pointed out that an attacker can execute arbitrary commands after bypassing authentication using the aforementioned authentication bypass vulnerability.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">The other medium severity command injection is related to the Wi-Fi Protected Setup (WPS). When a user presses the WPS button on a Netgear router, a bug causes WPS clients to be allowed to execute arbitrary code on the device with root privileges during the setup process.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">“In other words, <b>if an attacker can press the WPS button on the router, the router is completely compromised</b>,” Trustwave said in an advisory.</span></span></div>
<div style="background-color: white; color: #333333; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">
<span style="font-size: small;"><span style="font-family: "trebuchet ms" , "geneva";">Netgear has put a lot of effort into securing its products, especially since the launch of its bug bounty program one year ago. In 2017, the company published more than 180 security advisories describing vulnerabilities in its routers, gateways, extenders, access points, managed switches, and network-attached storage (NAS) products.</span></span></div>
</div>

Hacking News Netgear Routers News Vulnerability Millions of Netgear Routers Vulnerable

Netgear Routers wonderable to be Hacked Netgear Routers Security firm Trustwave has disclosed the details of several vulnerabilit...

Fake tech support scam : Google Chrome users be Alert

2/07/2018 The Hackers Chronicle 0

Google Chrome Hacking News News Scam Fake tech support scam : Google Chrome users be Alert

Fake tech support scam : Google Chrome users be Alert Tech support scams are increasingly hitting Windows users on the Google Chrome br...

Is IBM Cloud Blumix insecure ?

8/03/2017 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0-WaNEDO6AXAm3Ym8BB067AYfipaSRdX1H7ejEHJK_o0nLbpSeekz1IHr6IcY1ai2IaVWUIMpZRgP0SFPiXjwghWRdhIY4ELsRDE2PqtHA9QuTA-axzW-pkS_nAyYeQbzjRNPuqKg4uk/s1600/ibm+insecure.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="399" data-original-width="1103" height="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0-WaNEDO6AXAm3Ym8BB067AYfipaSRdX1H7ejEHJK_o0nLbpSeekz1IHr6IcY1ai2IaVWUIMpZRgP0SFPiXjwghWRdhIY4ELsRDE2PqtHA9QuTA-axzW-pkS_nAyYeQbzjRNPuqKg4uk/s640/ibm+insecure.jpg" width="640" /></a></div>
<br />
An e-mail has gone out from IBM about its Bluemix cloud: after next Tuesday, the SoftLayer APIs will no longer accept connections encrypted with the ancient TLS 1.0.</div>
<div>
It's not <i>quite</i> a surprise that the 1990s-era protocol was still accepted: a great many services are still midway through their deprecation plans.</div>
<div>
To give just one example, Salesforce <a href="https://help.salesforce.com/articleView?id=TLS-1-0-Disablement-Critical-Update-Console-CRUC-Setting&type=1" rel="nofollow" target="_blank">began</a> its phase-out of TLS 1.0 in production instances on July 22, 2017.</div>
<div>
And the PCI Council, which had originally wanted TLS 1.0 gone last year, had to extend its deprecation date to 30 June 2018 (and it's still <a href="https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls" rel="nofollow" target="_blank">blogging </a>early warnings for members, in case they're still failing to catch up).</div>
<div>
In the Bluemix e-mail, IBM notes: “There should be no impact to customers using a modern web client. This notification is intended to be informative only.</div>
<div>
The two services affected by the depreciation are api.softlayer.com and api.service.softlayer.com – so there's another community that's got to pay attention, namely developers who wrote to the APIs and used TLS 1.0 to secure their API access.</div>
<div>
TLS 1.0 has long been known as insecure, as far back as 2011 when it was bitten by the BEAST exploit. ®</div>
</div>

Encryption Hacking News IBM Is IBM Cloud Blumix insecure ?

An e-mail has gone out from IBM about its Bluemix cloud: after next Tuesday, the SoftLayer APIs will no longer accept connections encry...

Millions of health records, LEAKED

6/28/2016 cyb3r.gladiat0r 0

Darknet Data Leak Hacking News Identity Theft News Millions of health records, LEAKED

The dark web seller has four batches of data, going for close to $1 million in bitcoin. A hacker is advertising hundreds of thousands...

RCE, Information Disclosure and XSS Flaws Found in PayPal

4/15/2014 cyb3r.gladiat0r 4

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuIwDgMNaan2uhQRa6VZRiUWTr7JTxgzIBKLz-HDBPC4RznLPMoODa6G5BeZfIo1MifcSy-nP72XWL_DHOY8DwNS8DiHOsRrkhGL1_ilr16MwDXTioCptQS659nbw7bwNvhKfBPK8iKaA/s1600/RCE-Information-Disclosure-and-XSS-Flaws-Found-in-PayPal-Partner-Program-Video.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="RCE, Information Disclosure and XSS Flaws Found in PayPal " border="0" height="218" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuIwDgMNaan2uhQRa6VZRiUWTr7JTxgzIBKLz-HDBPC4RznLPMoODa6G5BeZfIo1MifcSy-nP72XWL_DHOY8DwNS8DiHOsRrkhGL1_ilr16MwDXTioCptQS659nbw7bwNvhKfBPK8iKaA/s1600/RCE-Information-Disclosure-and-XSS-Flaws-Found-in-PayPal-Partner-Program-Video.jpg" title="RCE, Information Disclosure and XSS Flaws Found in PayPal " width="400" /></a></div>
<br />
A security expert has managed to identify three <a href="http://www.hackerschronicle.com/search/label/Vulnerability">vulnerabilities</a> on <a href="http://paypal-marketing.com/">paypal-marketing.com</a>, the website used by the payment processor for the <a href="http://www.hackerschronicle.com/search/label/PayPal">PayPal</a> Partner Program.<br />
<br />
Behrouz Sadeghipour has found and reported a <a href="http://www.hackerschronicle.com/search/label/XSS">cross-site scripting (XSS)</a> issue, a <a href="http://www.hackerschronicle.com/search/label/Remote%20Code%20Execution">remote code execution</a> flaw and an <a href="http://www.hackerschronicle.com/search/label/Information%20Disclosure">information disclosure vulnerability</a>.<br />
<br />
Initially, the researcher found the XSS flaw, which he reported to PayPal’s security team on March 19. The XSS was addressed on April 9.<br />
<br />
One day after the XSS was fixed, Sadeghipour identified an information disclosure issue, which he later leveraged for remote code execution. The expert said he was looking for an SQL Injection bug, but he found an RCE instead.<br />
<br />
To demonstrate the existence of the RCE to PayPal, he sent the company’s security team three links showing that he could retrieve the Process ID (PID), the script owner’s Group ID (GID) and the script owner’s User ID (UID) by replacing a parameter in the request with <a href="http://www.hackerschronicle.com/search/label/PHP">PHP</a> commands.<br />
<br />
By April 11, PayPal had addressed the vulnerability. The company has promised to reward the researcher in the next payment cycle.<br />
<br />
Sadeghipour highlights that the RCE he has found is a remote code execution, not a remote command execution bug. This vulnerability allows an attacker to run PHP functions. The flaw produces the same sort of results, but by leveraging PHP.<br />
<br />
Check out the proof-of-concept video for the PayPal Partner Program vulnerabilities. Additional technical details are available on <a href="http://nahamsec.com/2014/04/paypal-marketing-remote-code-execution/">Behrouz Sadeghipour's blog</a>.<br />
<iframe allowfullscreen="" frameborder="0" height="315" src="//www.youtube.com/embed/BB3rSd_muBc" width="560"></iframe><br />
Source: <a href="http://softpedia.com/">Softpedia</a></div>

RCE, Information Disclosure and XSS Flaws Found in PayPal

Hacking News Information Disclosure News PayPal Remote Code Execution Vulnerability XSS RCE, Information Disclosure and XSS Flaws Found in PayPal

A security expert has managed to identify three vulnerabilities on paypal-marketing.com , the website used by the payment processor for...

SQL Injection vulnerability in Yahoo

4/08/2014 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTL6tV9kV7M1jnMiGsqJkN05t-AAte545WWB5lT0nMMl0ySjeeSv-ygAOYGGJvzdimuyEVq_HIt9dcbu4rZcVtV_Z2PbTp21u8eEUudbExSQnpDf5ZFe1jmLYBwiCnMTZz5yrKpNpBlAZ5/s1600/Expert-Finds-8-Files-Vulnerable-to-SQL-Injection-in-Yahoo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Expert Finds 8 Files Vulnerable to SQL Injection in Yahoo HK Promotions Pages" border="0" height="351" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTL6tV9kV7M1jnMiGsqJkN05t-AAte545WWB5lT0nMMl0ySjeeSv-ygAOYGGJvzdimuyEVq_HIt9dcbu4rZcVtV_Z2PbTp21u8eEUudbExSQnpDf5ZFe1jmLYBwiCnMTZz5yrKpNpBlAZ5/s1600/Expert-Finds-8-Files-Vulnerable-to-SQL-Injection-in-Yahoo.png" title="Expert Finds 8 Files Vulnerable to SQL Injection in Yahoo HK Promotions Pages" width="640" /></a></div>
<br />
Security researcher <strong>Behrouz Sadeghipour</strong> has identified several <a href="http://www.hackerschronicle.com/search/label/SQL%20Injection">SQL Injection</a> <a href="http://www.hackerschronicle.com/search/label/Vulnerability">vulnerabilities</a> in a Hong Kong subdomain of <a href="http://www.hackerschronicle.com/search/label/Yahoo">Yahoo</a>. He reported his findings to the company and all the security holes have been fixed.<br />
<br />
According to the expert, the flaws have been found in various files on the Hong Kong promotions subdomain (<a href="http://hk.promotions.yahoo.com/">hk.promotions.yahoo.com</a>). <br />
<br />
He decided to analyze this subdomain because it contains a lot of Flash files and PHP scripts that could be vulnerable, and it doesn’t appear that the pages have been created by Yahoo’s core developers. <br />
<br />
Furthermore, since the pages are in Chinese, it’s likely that they’re ignored by many auditors.<br />
<br />
The expert has managed to identify a total of eight vulnerable files. Following his analysis of the Yahoo HK promotions subdomain, Sadeghipour sent 5 reports to the company. <br />
<br />
The list of pages on which he found SQL Injection vulnerabilities includes the Emotive2012 page, the <a href="http://www.hackerschronicle.com/search/label/Nikon">Nikon</a> Photo Itinerary page, and the Education page. By leveraging these bugs, the researcher managed to gain access to names, email addresses and other information.<br />
<br />
Yahoo addressed the issues within a month after being reported. The expert has told me that the company has removed the vulnerable files. <br />
<br />
As some of our readers might know, this isn’t the first time <strong>Sadeghipour</strong> finds serious vulnerabilities in Yahoo’s Hong Kong subdomains. Last month, he identified a <a href="http://www.hackerschronicle.com/2014/03/remote-code-execution-in-yahoo.html">remote code execution flaw</a>.<br />
<br />
At the time, he found an administrator panel for the hk.yahoo.net subdomain that could be accessed with <span class="highlight pop">admin/admin</span> credentials. <br />
<br />
For additional details on the SQL Injection vulnerabilities found in Yahoo, check out <a href="http://nahamsec.com/2014/04/yahoo-sql-injection/">Behrouz Sadeghipour‘s blog</a>. You can also check out the proof-of-concept videos he made for a couple of the flaws:<br />
<iframe allowfullscreen="" frameborder="0" height="315" src="//www.youtube.com/embed/8MuWtVqj4iU" width="560"></iframe><br />
<br />
<iframe allowfullscreen="" frameborder="0" height="315" src="//www.youtube.com/embed/8HN-91UxUh8" width="560"></iframe><br /></div>

Hacking News News SQL Injection Vulnerability Yahoo SQL Injection vulnerability in Yahoo

Security researcher Behrouz Sadeghipour has identified several SQL Injection vulnerabilities in a Hong Kong subdomain of Yahoo . He...

Syrian cyber space attacked, 60,000 accounts leaked

4/07/2014 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_suIU5kyLsjT9DcN83rBXHHzojnYXZs8Hc1NrXyTDIkP2dT0afL1Izbq25PNpPokaCF2_JsuqVnXwtVwywleTEn8Lkwe7_q_v3WwnNslS352nDklaCv2fS53zdDhew6nglXlA_-accm1m/s1600/Syrian+cyber+space+attacked.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="60,000 Personal Credentials Leaked From Syrian Sites" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_suIU5kyLsjT9DcN83rBXHHzojnYXZs8Hc1NrXyTDIkP2dT0afL1Izbq25PNpPokaCF2_JsuqVnXwtVwywleTEn8Lkwe7_q_v3WwnNslS352nDklaCv2fS53zdDhew6nglXlA_-accm1m/s1600/Syrian+cyber+space+attacked.jpeg" title="60,000 Personal Credentials Leaked From Syrian Sites" width="320" /></a></div>
<br />
<div dir="ltr" style="text-align: left;" trbidi="on">
Today a hacker from the European Cyber Army going by the handle <a href="https://twitter.com/Zer0Pwn" target="_blank">@Zer0Pwn</a> has announced a leak of data from two syrian based websites job.sy, realestate.sy.<br />
<br />
<a href="http://pastebin.com/7Y13ULux">The leak</a> which is titled “ECA vs. Assad | Part 1″ was posted to <a href="http://pastebin.com/7Y13ULux">pastebin</a> with a preview of some of the users data and a link to <a href="http://www.sendspace.com/file/tqa737">sendspace</a>. The attack is apart of a bigger operation that is going on towards what the hackers are claim are pro-assad targets.<br />
<br />
The data leak has resulted in over 60,000 Accounts being dumped online and between the two databases are users credentials which have encrypted passwords for job.sy but plaintext for realestate.sy. Both databases have full user details such as full names, contact phone numbers and home addresses. On the march 30th career-sy.com appears to of been breached and <a href="http://pastebin.com/wLJhHNd8">posted to pastebin</a> as well with 3 administrator credentials as well as the vuln entry point and link for the control panel login which is located on the job.sy server which career-sy.com redirects to now.<br />
<br />
Some attacks by other ECA members have been carried out and posted to twitter by <a href="https://twitter.com/ECA_Legion">@ECA_Legion</a> with data being leaked from syrianmonster.com, a syrian hosting website, ddos attacks on sites like syria-courts.com, sana.sy and moj.gov.sy. banquecentrale.gov.sy. The leak of data from the realestate.sy database appears to have plaintext passwords to accounts linked to www.scs-net.org which is one of the job.sy official partners to making all three sites linked together or even owned and operated by the same people possibly.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdO8G4iadsahZXY49VR9drtCxc6EuyXWRF1fJR5lWpcqEanBamppxMQn6vBvMylr1-B5Rna-JKFPASq5VwhkJs0dsJL0War1afHEyJOQILblFg99dZA2bq9dZn4LDEYcIM9V8z-XLWllwr/s1600/eca-leak-example-file.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="60,000 Personal Credentials Leaked From Syrian Sites" border="0" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdO8G4iadsahZXY49VR9drtCxc6EuyXWRF1fJR5lWpcqEanBamppxMQn6vBvMylr1-B5Rna-JKFPASq5VwhkJs0dsJL0War1afHEyJOQILblFg99dZA2bq9dZn4LDEYcIM9V8z-XLWllwr/s1600/eca-leak-example-file.png" title="60,000 Personal Credentials Leaked From Syrian Sites" width="400" /></a></div>
<br />
Full dump info<br />
<br />
<a href="http://realestate.sy/">http://realestate.sy/</a><br />
<br />
File realestate.sy_users.sql<br />
File Contents:  3,257 Emails that are unique out of 3,517 Total emails Found.<br />
Information: Contains user names,email addresses, clear text passwords, full names, phone numbers, locations and site related information.<br />
<br />
File realestate.sy.sql<br />
File Contents: 4,912 Emails that are unique out of 13,223 Total emails Found.<br />
Information: Complete internal messaging system, site logs and administrator login logs with ips and cookie information.<br />
<br />
<a href="http://job.sy/">http://job.sy/</a><br />
<br />
File job.sy_users.sql<br />
File Contents: 50,017 Emails that are unique out of 52,483 Total emails Found. Included in the job.sy.sql file as well.<br />
Information: Contains user names, encrypted MD5 passwords, email addresses, home addresses and contact numbers and full names as well as other site related information.<br />
<br />
File job.sy.sql<br />
File Contents: 59,575 Emails that are unique out of 84,343 Total emails Found.<br />
Information: Contains logs with ip addresses and browser information, messages between job seekers and employees between, min resumes, job comments<br />
<br />
<a href="http://syrianmonster.com/">http://syrianmonster.com</a><br />
Only contains 1 administrator account with username and password.<br />
<br />
<a href="http://career-sy.com/">http://career-sy.com/</a><br />
3 administrator credentials with user names and encrypted passwords.</div>
</div>

Data Leak European Cyber Army Hacking News News Syrian cyber space attacked, 60,000 accounts leaked

Today a hacker from the European Cyber Army going by the handle @Zer0Pwn has announced a leak of data from two syrian based websites j...