Top secret Saudi documents hacked and released to public

A group of hackers from Yemen have put out a message saying that they have hacked the servers of Saudi Arabia's Interior, Defense and Foreign and gained access to thousands of top secret documents.

"We have gained access to the Saudi Ministry of Foreign Affairs (MOFA) network and have full control over more than 3000 computers and servers, and thousands of users. We also have access to the emails, personal and secret information of hundreds of thousands of their staff and diplomats in different missions around the world," the Yemen Cyber Army (the hackers) said in a statement which has been published on many hacking related websites.

The group has published some of the documents online and have threatened the Saudi government that they would inflict greater damage on them by releasing more documents, archived since the 1980s.

The group has said that it will wipe the servers of the Foreign Ministry of Saudi Arabia at midnight on Wednesday.

The Yemen Cyber Army has been previously known for hacking

Emerson fixes SQL injection bug in AMS Device Manager

Emerson Process Management has released a patch for SQL Injection vulnerability in its AMS Device Manager application.

Emerson AMS Device Manager is a software used worldwide primarily in the oil and gas and chemical industries.

The Advisory (ICSA-15-111-01) released on the ICS-CERT website quoted that the vulnerability is not exploitable remotely and cannot be exploited without user interaction. It also stated that an attacker’s access to the vulnerability is of medium difficulty level.

"Successful attack results in administrative access to the application and its data files but not to the underlying computer system." The advisory reads.

The vulnerability affects AMS Device Manager, V12.5 and earlier.

Emerson advises the users of this application to take some steps to avoid exploitation to this vulnerability.

For AMS Device Manager application v12.5; it suggests the users to apply a patch, upgrade to v13, or apply the workaround below. For the earlier versions, the software can be configured by adding another user with full administrative privileges and making the default administrative user have read-only privileges.

ICS-CERT also recommends the users to limit user privileges on ICS running software machines, reduce network exposure for all control system device, locate control system networks and remote devices behind firewalls, and isolate them from the business network.

Will Cyber Security Companies shift their Headquarters out of US?

Until now nuclear, radiological, chemical and biological weapons considered to be a Weapon of Mass Destruction(WMD).

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution.

The tools used for extraction of data or information, from a computer or network-capable device, or the modification of system or user data, will come under this law and is being classified as Intrusion software. Also, the tools designed to avoid detection by 'monitoring tools'( Antivirus, IDS/IPS,End point security products) will be considered as a weapon.

Any penetration testing products designed to identify security Vulnerabilities of computers and network-capable devices fall under this category.

"The proposal is not beneficial. Most vulnerability scanners and penetration testing products come under it. The proposal means tools from US companies which have been used to do assessments and audits in corporate will need to go through the clearance. It could also lead to corporate getting tracked" says J.Prasanna, founder of Cyber Security and Privacy Foundation(CSPF).

Most of these Cyber Security firms either should convince their world wide clients to go through the process or shift their head quarter out of USA.

Prasanna pointed out that US government tried to stop the export of cryptography in the past. But, Russian, European and Israeli companies got advantage by the cryptography restriction.

He said that the new proposal is a bad news for the cyber security researchers. If it becomes a law, it will force them to find a new way to beat the Cyber Criminals.

"Hackers are already may steps ahead of us. Some tools like canvas and Metasploit Pro are important tool for penetration testing" said Prasanna.

Thomas Dullien, Google Researcher, said "addition of exploits to the Wassenaar arrangement is an egregious mistake for anyone that cares about a more secure and less surveilled Internet" in his personal blog.

Rapid7, a Boston-based cybersecurity firm, well known for its Metasploit Pentesting framework, said that they are investigating implications of Wassenaar for Metasploit and security research, and working on comments for the consultation.

According to the proposal, the governments of Australia, Canada, New Zealand or the UK will get favorable treatment for license applications, as they have partnered with the US on Cyber Security Policy and issues.

The BIS is seeking comments before 20th July 2015 on the proposed rule. You can submit the comments here.

Beware of emails with subject titles like ‘Internship’ ‘My Resume’

Beware of emails with a subject like: ‘Any Jobs?’, ‘Any openings’, ‘Internship’, ‘Internship questions’, ‘Job questions’ and ‘My Resume’ as researchers have discovered a new strain of point-of-sale (POS) malware being used in a spam campaign.

The attachment, which said to be a ‘protected document’, looks like a resume but is actually a Word document with an embedded malicious macro, the researchers said.

The researchers FireEye Inc, a U.S. based security company which provides automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing, said that the crooks have launched an attack campaign using emails with such subject titles. The campaign is believed to have started in May 20.

The new malware is called NitlovePoS which can capture and exfiltrate both track one and track two data from payment cards by scanning the running processes of the compromised machine.

“It is just one of several pieces of POS malware that have appeared so far in 2015, which has seen the emergence of malware such as Punkey and FighterPOS,” the researchers wrote in the blog.

They said that the criminals behind the operation have been updating the payload.

The FireEye has observed that the two payloads beacon to the same server from which they are downloaded. They then receive instructions to download additional malware hosted on the server.

"We focused on the “pos.exe” malware and suspected that it may be targeted Point of Sale machines," the researchers wrote in a blog.

“We speculate that once the attackers have identified a potentially interesting host form among their victims, they can then instruct the victim to download the POS malware. While we have observed many downloads of the various EXE’s [hosted] on that server, we have only observed three downloads of “pos.exe,” researchers added.

“NitlovePOS expects to be run with the “-” sign as argument; otherwise it won’t perform any malicious actions,””This technique can help bypass some methods of detection, particularly those that leverage automation.”

When anyone clicks on the email, he/she can see an attachment named “CV_[4 numbers].doc” or “My_Resume_[4 numbers].doc”. If they open the attachment and enabled macro, the malicious macro will download and execute a malicious executable from

The researchers said that there are some solutions, which can protect from point-of-sale malware, like NGFW (next-generation firewalls).

“The main advantage that NGFW (next-generation firewalls) provides for network segmentation is application servers and data can be designated in different segments based on their risk factors and security classifications, with access to them tightly controlled," said Monolina Sen, ABI Research’s senior analyst in digital security,” researchers said in the blog.

Security and Privacy flaw in UC Browser leaks personally identifiable information

A visual summary of privacy and security issues presented by UC Browser. PC: Citizen Lab
A report has shown that a security and privacy flaw in a popular mobile web browser in India and China - Transmits users' personal and other information without encryption.

The report titled “A Chatty Squirrel: An Analysis of Privacy and Security Issues with UC Browser” has revealed that Chinese and English-language versions of UC Browser for Android, a mobile web browser which is owned by a China-based company, allows any network operator or in-path actor on the network to get the user’s personally identifiable information like location, search details and mobile subscriber and device ids.

The application is using symmetric AES/CBC encryption for sending device IDs,location data, Wi-Fi Mac Address, SSID and other information rather than encryption. The key 'autonavi_amaploc' used for the encryption is Hard-coded in the application.

"The use of symmetric encryption with a hard-coded key means that anyone who knows the key can decrypt UC Browser (Chinese) traffic in transit. Moreover, key holders can also retroactively decrypt any historical data that they have collected or obtained." The report reads.

Personal identifiers like IMEI, IMSI, android id, build serial number is being transferred to Umeng (a mobile analytics service) in an unecrypted form.

The transmission of unencrypted search engine queries enables third parties to monitor searches. Sensitive personal information can be inferred from search results including health conditions like pregnancy, disease, mental and psychological conditions, marital relations, and medical information. Third parties can use it to develop, use, and sell user profiles and by corporate or government agents to modify or prevent access to certain search results.

“We informed our findings to Alibab on April 15, 2015 and we would publish this report on or after April 29, 2015. The company responded on April 19, 2015, indicating that Alibaba security engineers were investigating the issue. We followed up on April 23, 2015 to reiterate our intention to publish this report on or after April 29, 2015,” the report said.

The report added that on May 19, 2015 they tested version 10.4.1-576 of the Chinese language version of UC Browser, which was downloaded from the website. However, the version does not appear to send location data insecurely to AMAP.

Information of 4,000 students shared in accidental data breach

The personal information of 4,000 students who use the bus transportation system was put at risk by CPS, after they mistakenly sent out their personal information to five vendors who were seeking to do business with the district.

The 4,000 students who have been affected are a subset of 22,500 students who use the bus transportation system.

After learning of the data breach, the authorities have quickly taken measures to avoid a problem and have written confirmations from all vendors that all the sensitive information has been successfully dispose off.

The affected students and parents have also ben notified of the breach. Also, the employees of CPS have been instructed in handling personal information of people in a more sensitive and private manner.

The breach happened in March, when CPS accidentally gave the information to five vendors.

Bettys Tea Rooms firm’s website hacked

The Bettys Tea Rooms  firm’s website was hacked on Wednesday, affecting more than 120,000 customers.

In a statement released by the company, they apologized, and blamed "industry-wide software weakness" for the data breach.

The hackers gained access to the firm’s website database, and stole the personal details of the customers which includes their names, email addresses, postal addresses, encrypted passwords and telephone numbers.

"We would like to stress that your credit or debit card details have not been copied as this information is stored on a completely separate system managed by a certified third party. Bettys takes customer confidentiality extremely seriously and, whilst customer passwords were encrypted, it is important that you change your password as soon as possible by clicking this link or entering into your browser," Bettys said.

They also advised their customers to not to respond to any of the phone or email communication regarding their personal and financial information.

"To be clear, Bettys will never contact you and ask you to share any personal financial information," the tea shop chain said.

Gang of old ladies named 'Northern N00bz' is suspected to be behind the data breach. To take revenge for some disservice, they acquired  some coding skills. A full investigation is going on.

Astoria - Researchers develop a new Tor client which aims to beat NSA

With an aim to beat powerful intelligence: like NSA, researchers have developed Astoria, a new Tor client which is said to be capable of protecting user’s privacy, even from such powerful intelligence agencies.

A cyber security researcher team from America and Israel come up with a new Tor client which is designed to make spying more difficult for the world's most capable intelligence agencies.

According to the research paper, people have used Tor, a popular anonymity system for users who wish to access the Internet anonymously or circumvent censorship, to prevent their activity from being tracked as Internet anonymity becoming difficult to establish.

However, Tor is not as safe as it was supposed to be, from the powerful intelligence agencies.

As a result the researchers have developed Astoria, which particularly focuses on defeating autonomous systems that has set up to intrude into Tor’s anonymity.

“In our experiments, we find that 58% of all circuits created by Tor are vulnerable to attacks by timing correlation and colluding sibling ASes. We find that in some regions (notably, China) there exist a number of cases where it is not possible for Tor to construct a circuit that is safe from these correlation attacks,” said in the research paper.

It added, “To mitigate the threat of such attacks, we build Astoria, an AS-aware Tor client. Astoria uses leverages recent developments in network measurement to perform pathprediction and intelligent relay selection. It not only reduces the number of vulnerable circuits to 5.8%, but also considers how circuits should be created when there are no safe possibilities. It performs load balancing across the Tor network, so as to not overload low capacity relays. Moreover, it provides reasonable performance even in its most secure configuration.”

The Astoria is aimed to do a list of things:
• Deal with asymmetric attackers.
• Deal with the possibility of colluding attackers.
• Consider the worst case possibility.
• Minimize performance impact.

Hack In Paris 5th edition - The French Cyber Security Conference

 Sysdream, a French company which provides auditing skills and training from an attacker’s perspective to those companies which require a high level of security for their information systems, is organizing 5th edition of Hack in Paris (HIP) from 15th June to 19th this year in France.

The HIP, which is said to be the most awaited event for security professionals, includes training and conferences sessions.

According to an announcement, the event, which will be entirely in English, brings IT security professionals like: information system directors, managers and security officers together with hacking experts.

The announcement said for the first three days, the participants will be given 13 training classes by international experts like: Aditya Gupta, founder of Attify, Peter Van Eeckhoutte, founder of Corelan Team, Richard Hollis, Chief Executive Officer of Risk Factory Limited, Mario Heiderich, security researcher, Nikhil Mittal, researcher, Gnesa Gianni, security research and professional trainer at Ptrace Security and many others.


The training session will be held at Sysdream, 14 Place Marie-Jeanne Bassot,92300 Levallois-Perret France.

More details available about the training at:

On the remaining two days of the HIP, there will be 16 talks, including two keynote addresses and one debate with world-renowned speakers like: Winn Schwartau, Jose Lopes Esteves, Chaouki Kasmi, Mario Heiderich and others.
The conference will be held at Académie Fratellini, 1-9 rue des Cheminots 93210 La Plaine Saint Denis France.

More details available about the conferences at:

An American admits hijacking plane mid-air: FBI

A security researcher told the Federal Bureau of Investigation (FBI) he had hacked an airplane’s engine with his laptop.

Chris Roberts admitted to hijacking a plane mid-flight in Feburary  taking control of its entertainment system resulting in the aircraft to fly sideways

According to a search warrant application, which was written by Mark Hurley, a FBI agent, in April, posted on Wired on Friday, Roberts said that he controlled one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.

He was questioned last month when he was escorted off a United Airlines flight, there he had posted a tweet, which was in a humor, he gave hint in the tweet that he could control the aircraft's crew alert system and could passenger oxygen masks to drop.

After that, his computers were also seized by the FBI.

According to the application, Roberts said in a interview in February and March, he had hacked in-flight entertainment systems on 15 to 20 flights between 2011 and 2014. Every time he had pried open the cover of the electronics box which was located under passenger seats and he would connect his computer to the system with an ethernet cable. He had checked the system for security flaws and monitored communications from the cockpit.

 “We found that the electronics box under the seat in front of Roberts' showed signs of tampering,” Hurley wrote in the document.

On the same day, Roberts was removed from the flight.

Along with that the U.S. Government Accountability Office (GAO) released a report warning that hackers could bring down a plane by using onboard Wi-Fi systems.

In a report published on Sydney Morning Herald, Ken Westin, a security analyst from Tripwire said, 

“Connecting your laptop to an in-flight media system or anything on an actual plane with people on it is not the way to conduct security research."

"To also tweet a 'joke' about hacking a plane using specific technical details is also incredibly irresponsible I think," he added.