Details of Over 480,000 people stolen from The Harley Medical Group


Hackers breached the server of an UK Plastic & Cosmetic Surgery company The Harley Medical Group and compromised personal details of over 480,000 people.

The individuals who have submitted their data via an initial inquiry form on the company's website were affected by this breach.

The information accessed by attackers include the names, email IDs ,date of birth, addresses and phone numbers , according to Hot For Security.  No clinical or Financial information has been accessed by attackers.

The company said it believed the attack was an attempt to extort money from the company.

"We have informed the police and will continue to provide whatever assistance they may require to track down the perpetrator of this illegal act" Harley chairman Peter Boddy said in the letter.

LaCie Security Breach went unnoticed for a Year


If you used a credit or debit card to purchase electronic items at LaCie's website last year, you may want to eagle-eye your card statements.

LaCie, French Computer Hardware company specializing in external hard drives, announced that it fell victim to a security breach that put customers' personal information and financial information at risk.

The company says cybercriminals used malware to infiltrate their website.  After getting notification from FBI on March regarding the breach, LaCie hired cyber forensic investigation firm.

Customers who made transactions between March 27,2013 and March 10,2014 were affected by this data breach.

According to an incident notification, customers' usernames, passwords, names, addresses, email IDs, credit and debit card information are all at risk.

Customers' passwords have been reset. e-commerce portion of the site has temporarily been disabled while the company "transition to a provider that specializes in secure payment processing services".

55,000 Social Security Numbers exposed in VFW.org security breach

The Veterans of Foreign Wars(VFW.org) of the United States recently began notifying affected users that hackers were able to their personal information.

In February 2014 , attackers compromised the VFW's website and planted malicious code that infects users' system with malware who visits vfw.org from vulnerable Internet Explorer versions.  The attack was believed to be originated from China.

An investigation into the incident shows that names, addresses and social security numbers of approximately 55,000 VFW members were compromised in the breach.

The letter dated April 4 said back in March VFW became aware of the security breach.

"VFW has been informed that the purpose of the attack wasn't identity theft, but rather to gain access to information regarding military plans or contracts" The letter reads.

VFW said they are offering one free year of identity theft protection services from AllClear ID to the affected members.

Opening malicious PDF in Android version of Adobe reader allows attacker to access files


The android version of Adobe PDF Reader contains a security bug that could allow an attacker to compromise documents stored in reader and other files stored on the android's SD card.

Security researcher says the problem is there because the Adobe reader exposes few insecure javascript interfaces.  These javascript interfaces allows an attacker to run malicious javascript code inside Adobe reader.

"An attacker can create a specially crafted PDF file containing Javascript that runs when the target user views (or interacts with) this PDF file" security researcher Yorick Koster from Security said.

Researcher has successfully verified the existence of vulnerability in the version 11.1.3 of the adobe reader for Android. The bug has been fixed in the latest version 11.2.0.

He also have released a poc code that will create '.txt' file, when an user open the specially crafted .pdf on vulnerable version of reader.

9 charged for stealing millions of dollars with Zeus Malware

The Zeus malware is one of the most damaging pieces of financial malware that has helped the culprits to infect thousands of business computers and capture passwords, account numbers and other information necessary to log into online banking accounts.

U.S. Department of Justice unsealed charges against nine alleged cyber criminals for distributing notorious Zeus malware to steal millions of dollars from bank accounts.

Vyachesla V Igorevich Penchukov, Ivan Viktorvich Klepikov, Alexey Dmitrievich Bron, Alexey Tikonov, Yevhen Kulibaba, Yuriy Konov Alenko, And John Does are charged to devise and execute a scheme and artifice to defraud Bank Of America, First Federal Savings Bank, First National Bank Of Omaha, Key Bank, Salisbury Bank & Trust, Union Bank And Trust, And United Bankshares Corporation, all of which were depository institutions insured by the Federal Deposit Insurance Corporation.

They are also accused to use Zeus, or Zbot, computer intrusion, malicious software, and fraud to steal or attempt to steal millions of dollars from several bank accounts in the United States, and elsewhere.

It has also been reported that defendants and their co-conspirators infected thousands of business computers with software that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the captured information to steal millions of dollars from account-holding victims' bank accounts.

Account holding victims include Bullitt County Fiscal Court, Doll Distributing, Franciscan Sisters Of Chicago, Husker Ag, Llc, Parago, Inc., Town Of Egremont, And United Dairy...


They have also been given notice by the United States of America, that upon conviction of any defendant, a money judgment may be imposed on that defendant equal to the total value of the property subject to forfeiture, which is at least $70,000,000.00.

The United States of America has also requested that trial of the case be held at Lincoln, Nebraska, pursuant to the rules of this Court. The Metropolitan Police Service in the U.K., the National Police of the Netherlands’ National High Tech Crime Unit and the Security Service of Ukraine are assisting the investigation.

How researchers hack Google using XXE vulnerability !

What is most secure website? NOTHING.  Even Google is vulnerable to all sort of attacks!

Security researchers and Co-Founders of Detectify have discovered a critical security vulnerability in Google that allowed them to access Internal servers.

The vulnerability exists in the Google Toolbar button gallery.  The page allows users to customize their toolbar with buttons. It also allows users to create their own buttons by uploading XML file containing various meta data.

Researchers identified this function is vulnerable to XML External Entity vulnerability.

By sending a crafted XML file, researchers are able to gain access to internal files stored in one of Google's product server.  They have managed to read the 'etc/passwd' and 'etc/hosts' files of the server. 

By exploiting this vulnerability, researchers could have accessed any files on the Google's server, also they could have done SSRF Exploitation to access internal systems.

Google has rewarded the researchers with $10,000 for finding and reporting this vulnerability. 

GovWin IQ website hacked, credit card information of 25,000 at risk

GovWin IQ System run by an enterprise software and information solutions provider Deltek suffers a security breach that puts information of around 80,000 employees of federal contractors at risk.

GovWin  are designed specifically for Government Contractors aiming to grow their business.

The breach occurred sometime between July 3,2013 and November 2,2013.  However, the company came to know about the breach only on March 13,2014.  

The hacker exploited a security vulnerability in the GovWin IQ System and managed to access customers' data.  The information accessed by hackers includes Names, billing addresses, phone numbe,s. and business email IDs.

According to Federal News radio report, the hackers also had access to credit card information of about 25,000 of those affected customers. Those who had card information compromised are being offered free credit monitoring services.

The company says it is cooperating with law enforcement on this case.  They have also hired a cyber security forensic firm. They also claimed to have arrested the hacker believed to behind the breach.

Ministry of Health Saudi Arabia website defaced by Moroccan hackers


Moroccan Islamic Union-Mail hacks and deface the official website of prevention program of injuries and accidents - Ministry of Health Saudi Arabia(moh-ncd.gov.sa)

The site was showing a picture of Mohamed Morsi The President Of Egypt and member in the Muslim Brotherhood and a clear message in arabic which said :

"Penetration in response to a statement by the Ministry of Interior inclusion of the Muslim Brotherhood in the list of terrorist groups."

"Our message to the governor of Saudi Arabia: The day will come who are under it is exposed to more than what it is now Syria." hackers said.

" The most worthy AQIM contain the Two Holy Mosques to be a compromise in everything Do not be biased for a class to another, until he became Al Saud believe in all that is Islamic terrorist And all of the resistance for pursuing terrorism The injustice of kin most Reluctantly --- one of Hussam signed Mohannad. Signature: Moroccan Islamic Union-mail"

The mirror of the defacement is available here:  http://www.aljyyosh.org/mirror.php?id=125826

This is not the first time the site being targeted by hackers - Earlier this year, a hacker going by handle 'Dr.SHA6H' also defaced the website.

31 Security bugs fixed in Google Chrome 34

Google has announced the stable release of Chrome 34, an update brining number of fixes, functionality improvements and security updates.

In total, 31 security vulnerabilities have been patched in this latest version 34.0.1847.116 which includes medium to high severity bugs.

The list of high severity bugs are UXSS in V8, OOB access in V8, Integer overflow in compositor, Use-after-free in web workers, Use-after-free in DOM, Memory corruption in V8, Use-after-free in rendering, Url confusion with RTL characters and Use-after-free in speech.

The medium severity bugs include Use-after-free in speech, OOB read with window property and Use-after-free in forms.

A total of $29,500 has been awarded to researchers who reported the above security vulnerabilities.

OpenSSL vulnerability allows hackers to read 64k of memory on target server


HeartBleed: A potentially critical security vulnerability in OpenSSL has been discovered that allows an attacker to read up to 64kilobytes of memory from the server running a vulnerable OpenSSL version.

As a normal user, you may not aware what is OpenSSL.  It is cryptographic library which is used for encrypting communication between web server and users - used by plenty of websites including Google, Yahoo, Twitter.

The bug( CVE-2014-0160), dubbed as 'HeartBleed', was independently discovered by Neel Mehta from Google Security team and Codenomicon.  The bug appropriately named HeartBleed because vulnerability is located in HeartBeat extension and it leads to memory leak.

The attacker can read only up to 64k of memory during one iteration of the attack.  However, according to Heardbleed.com, an attacker can "keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed".

An attacker can retrieve the private key used for encrypting the communication that will allow to read all information passed to server and user like it wasn't encrypted at all.

How to fix it?
If your server is using OpenSSL 1.0.1 and 1.0.1f, then better upgrade to 1.0.1g. If you are using 1.0.0 and 0.9.8, you are not vulnerable to this bug.  As a temporary fix, users can remove HeartBeat extension by recompiling OpenSSL with -DOPENSSL_NO_HEARTBEATS

Check whether Your server is vulnerable or not:
"http://filippo.io/Heartbleed/" allows to find whether your server is vulnerable to this bug or not.

Details about the Bug:
TLS Heartbeat extension is to ping from one end to another end - a specific message with size of it is being sent from client to server and server responds with the same message.

But, if an attacker send a small size of data(Let's say 1 kilo byte) and claims it's large size(64k), then the server(running vulnerable OpenSSL) will respond with 1 kilo byte of attacker's data + 63 kilobytes of data read from memory of the server.

Technical details of this bug can be found here .(read only if you are good in 'C' program).

Here is POC script written in Python: https://gist.github.com/ixs/10116537

*Update:
Metasploit Module :
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb

Nessus Plugin:
http://www.tenable.com/plugins/index.php?view=single&id=73404

Nmap Script(NSE):
http://nmap.org/nsedoc/scripts/ssl-heartbleed.html

One should always be careful, when using pointers in C programming ;)