Few days back, a hacker with twitter handle @Reckz0r claimed to have breached the CNN website and leaked data.
The data published in the pastebin (http://pastebin.com/YQLv6t3E) includes server&database details, login credentials of 9 accounts that contain usernames and encrypted passwords.
"because they're a bunch of f**ng faggots trying to spread false news, your 9/11 is our 24/7. I strongly respect the Palestinian brotherhood, and it seems like CNN is on Israel's side. and you do know one thing;" He stated as reason for the attack.
He also claimed to have posted four fake articles on edition.cnn.com. We are not able to verify his claim. But my friend at Cyber War news reports that hacker provided him the vulnerability details.
The hacker also provided the screenshot of the fake article he posted : "Bill gates horrifies children by injecting poison into their buttocks". The articles has been removed.
He also said he identified Local File inclusion vulnerability in VeriSign.com
The data published in the pastebin (http://pastebin.com/YQLv6t3E) includes server&database details, login credentials of 9 accounts that contain usernames and encrypted passwords.
"because they're a bunch of f**ng faggots trying to spread false news, your 9/11 is our 24/7. I strongly respect the Palestinian brotherhood, and it seems like CNN is on Israel's side. and you do know one thing;" He stated as reason for the attack.
He also claimed to have posted four fake articles on edition.cnn.com. We are not able to verify his claim. But my friend at Cyber War news reports that hacker provided him the vulnerability details.
The hacker also provided the screenshot of the fake article he posted : "Bill gates horrifies children by injecting poison into their buttocks". The articles has been removed.
He also said he identified Local File inclusion vulnerability in VeriSign.com
A hacker known by his online name @1923Turkz has breached Federal University of Bahia website(ufba.br) - one of the Brazil University, located mainly in the city of Salvador, Bahia.
"Universidade Federal da Bahia DB Hacked http://www.anonpaste.me/anonpaste2/index.php?952af0b8ee517a5f#0i/g1qDaqpzAeg8PloenF3vKMbozGKlU2gSTIxlxw6Y= …" Hacker tweeted about the hack along with a link to the database dump.
The database dump contains hundreds of account details that include name, plain-text password and email address. I had a quick look at the password list, most of them are weak passwords.
We recommend the admin to find and fix the vulnerability and users are advised to change their password.
1923Turkz become more active in recent days and busy in dumping the database from the hacked websites. Yesterday, he hacked into the Bangladesh Air force website.
"Joinbangladeshairforce.mil.bd", serves as a portal for applying for Air Force, is reportedly breached by the hacker using the online name @1923Turkz. The SQL injection vulnerability in the website gave him the opportunity to break in.
The database breach was announced in his twitter account along with the link to the accounts leak.
The leak include login credentials of 19 accounts that contains the email addresses that ends with 'army.mil.bd' and encrypted passwords.
Although the passwords are encrypted , it won't take much time for someone to crack the hash. We have analyzed the leaked passwords and found most of the passwords are very weak passwords.
A simple google search reveals the decrypted passwords. We just like to point out one of the worst password used : "password". We recommend the Bangaldesh government to immediately fix the vulnerability and urge users to change their password.
A hacker from Turkey using twitter handle @1923Turkz has breached the Two University websites from Russia and United Kingdom.
The database servers belong to the Lomonosov Moscow State University(msu.ru) and Imperial College London(imperial.ac.uk) are breached by the hacker.
The Database-dump taken from the Lomonosov Moscow State University contains usernames, encrypted passwords and email addresses. It also includes the admin login credentials.
http://www.anonpaste.me/anonpaste2/index.php?2f4fcc3765679814#c+eRCx9jdbRZQzi2m/g45chIpsfsuMnnvX44Cfp/2Tg=
The dump said to be compromised from the Imperial college contains First &Last names, email addresses, phone numbers. There is no password leaked in this dump.
http://www.anonpaste.me/anonpaste2/index.php?422670bd5aad422f#Yu0o6TXVsy5IeMI1uEGAAEppNPkRURbOjskwkKB9XcQ=
The official website of South African Police Service has been breached by the Anonymous hacktivist with online name "DomainerAnon".
"This action is to serve as a reminder to the government regarding the murders of 34 protesting miners outside the Marikana platinum mine by police. "Hacker stated as reason for the attack.
"To date no officers have been brought to justice... This situation will NOT be tolerated. #OpMarikanaMiners"
The hacker provided a link to the database dump(pastebay.com/1232460) that includes Usernames, hashed passwords, Telephone numbers and few other details.
He also shared a 13Mb size file named "EMAILS.csv" in the DatafileHost which is said to be contain emails.
Chinese website of Bose Electronics(bose.cn) has been breached by the hacker known with handle "Ag3nt47". He managed to gain access to the database server and extracted the data.
The hacker leaked the compromised database in AnonPaste : " http://www.anonpaste.me/anonpaste2/index.php?4cbad9f598e7d75a#77V8WGbQvLhhZZAHZC+Plj79CjDesej7kvzr/WQCmz4= "
The leaked contains the login credentials of admin account. The password used by the admin apparently shows the admin are not aware of the security measures.
The leak also contains the address, mobile, name, email address, and few other data. Most of the data are in chinese language.
The same hacker recently break into the Harvad, MIT, Standford universities, Rutgers, Mazda and Suzuki.
The hacker with twitter handle Ag3nt47 who hits top university websites has breached the Suzuki and Mazda Russia websites.
The hacker tweeted links to the dump. The database dumped(pastebin.com/u01PitxP) from the Japanese automobiles manufacturer Suzuki includes password hashes, email addresses.
The data(pastebin.com/9hrwnmgC) taken from Russian website of the Japanese-based automobiles manufacturer Mazda contains no interesting data.
There is no specific reason mentioned by the Ag3nt47 for the attack. It appears the hacker randomly target high profile website.
An anonymous hacktivist with the handle CharafAnons has claimed to have hacked into more than 990 websites as part of the ongoing cyberattack operation "#OpUSA".
The list of hacked websites can be found here: "http://pastebin.com/UW3Pdqkn " The hacker has uploaded the defacement page as "jihad.htm" file.
Another hacker group named X-BLACKERZ INC has breached the official website of US Honolulu Police Department(honolulupd.org). The hackers claimed to have compromised the database.
They leaked two database dumps that contains the name, email addresses and login credentials for mail account .
http://pastebin.com/NeDLRfg2
http://pastebin.com/QFjuEbNR
*Update*:
X-BLACKERZ INC has claimed to have breached 100 US websites as part of the operation USA. The list can be found here: "http://pastebin.com/NyQ0gk7s"
The source says the hackers are going to attack the high profile websites of United States on May 7. Hackers posted the list of target "http://pastebin.com/LXHKjsfg"
The list of hacked websites can be found here: "http://pastebin.com/UW3Pdqkn " The hacker has uploaded the defacement page as "jihad.htm" file.
Another hacker group named X-BLACKERZ INC has breached the official website of US Honolulu Police Department(honolulupd.org). The hackers claimed to have compromised the database.
They leaked two database dumps that contains the name, email addresses and login credentials for mail account .
http://pastebin.com/NeDLRfg2
http://pastebin.com/QFjuEbNR
*Update*:
X-BLACKERZ INC has claimed to have breached 100 US websites as part of the operation USA. The list can be found here: "http://pastebin.com/NyQ0gk7s"
The source says the hackers are going to attack the high profile websites of United States on May 7. Hackers posted the list of target "http://pastebin.com/LXHKjsfg"
Cyber space poses an important role in the national security. A country should also remember to provide security in cyber space. But the government fails to concentrate on cyber security that lefts most of the government sites vulnerable to hack.
The security breach of Royal Thai Navy website(www.navy.mi.th) is best example for this - the navy of Thailand and part of the Royal Thai Armed Forces.
A hacker with twitter handle @WilyXem has discovered a SQL Injection vulnerability in the Thailand navy website. He managed to exploit the vulnerability and compromised the target database.
Earlier today, the hacker posted a link to the dump in twitter(sprunge.us/YHHf). The dump contains database details including database name, version, table details. He also provided a Proof-of-Concept of the SQL injection vulnerability.
The hacker also leaked 3 tables namely membern, personalacc, personalacc1 that contains username and passwords in plain-text format.
It is really sad to know that the passwords are being stored in plain-text format. But it won't take much time for a hacker to crack, even if there is an encryption. Because they use very weak password.
The official website of Dubai International Airport has been reportedly breached by a group of hacker groups. The team Portugal Cyber Army collaborated with HighTech Brazil HackTeam and have done this security breach.
Earlier today, the hacker sent notification to E Hacking News through Twitter and provided a pastebin link that contains the compromised database from the server.
The leaked data (pastebin.com/S6XjKULM) consists of more than 50 email addresses end with "@dubaiairports.ae" and encrypted passwords.
Even though the password is encrypted, it is easy for a hacker to crack those passwords. The leaked passwords are very weak passwords, a simple google search returns the decrypted password.
The TurkishAjan hacker group has defaced four sub-domains of Gigabyte Technology - a Taiwan-based manufacturer of computer hardware products best known for its motherboards.
They didn't mention any specific reason for the attack. The defacement page reads "Hacked by Hacked by TurkishAjan. Bazen birseyleri degistirmek gerekir. Sometimes must be something"
The hackers also posted a download link of Gigabyte.rar file in their official twitter account along with the link to the zone-h.
"Gigabyte Hacked ! zone: http://goo.gl/UAbkt file: http://goo.gl/PbcuI #hack #news #gigabyte" The tweet reads.
Inside the rar file , there are xls files, Backup files and member.sql file. The member's database dump(member.sql) contains the employee full name, plain-text password, email address and other details. The backup file dates to 2010 contains the website source code includes web-config file.
At the time of publishing the article, we are still able to see the defacement. Here is the list of defaced sub-domains:
http://www.zone-h.org/archive/published=0/ip=210.80.76.62
They didn't mention any specific reason for the attack. The defacement page reads "Hacked by Hacked by TurkishAjan. Bazen birseyleri degistirmek gerekir. Sometimes must be something"
The hackers also posted a download link of Gigabyte.rar file in their official twitter account along with the link to the zone-h.
"Gigabyte Hacked ! zone: http://goo.gl/UAbkt file: http://goo.gl/PbcuI #hack #news #gigabyte" The tweet reads.
Inside the rar file , there are xls files, Backup files and member.sql file. The member's database dump(member.sql) contains the employee full name, plain-text password, email address and other details. The backup file dates to 2010 contains the website source code includes web-config file.
At the time of publishing the article, we are still able to see the defacement. Here is the list of defaced sub-domains:
- websys.gigabyte.com
- gcenter.gigabyte.com/index.html
- peripheral.psn.gigabyte.com/index.html
- nbstk.gigabyte.com/index.htm
http://www.zone-h.org/archive/published=0/ip=210.80.76.62
The hacker group known as "LatinHackTeam" has breached website belong to one of the oil company of Syria - Hayan Petroleum(hpc.com.sy).
The team announced the attack in Twitter and posted a link to the database leak: "Hayan Petroleum Oli Company of Syria http://www.anonpaste.me/anonpaste2/index.php?dd4cd620a98bb2b0#818/OkWh1Vf1Hf2bKpN38KzuhRJeMswInWsiCSBCG5w= "
The leaked data contains address details, phone number. The paste also contains more than 100 email addresses and encrypted passwords.
The team announced the attack in Twitter and posted a link to the database leak: "Hayan Petroleum Oli Company of Syria http://www.anonpaste.me/anonpaste2/index.php?dd4cd620a98bb2b0#818/OkWh1Vf1Hf2bKpN38KzuhRJeMswInWsiCSBCG5w= "
The leaked data contains address details, phone number. The paste also contains more than 100 email addresses and encrypted passwords.
Kirkwood community college on Monday announced that cyber criminals has breached the college website(kirkwood.edu) and accessed personal data of students who applied to take credit classes in the last 8 years.
The college said sophisticated hackers originated from an international IP address accessed the website on March 13,2013 and gained access to archived application information from Feb 2005 until March 13,2013.
The accessed information includes applicant names, birthdates, race, contact information and social security numbers.
The college says it has contacted affected individuals to offer free services that will include personal assistance from identity theft and restoration experts who will listen, answer questions and offer expertise regarding concerns from those affected.
The security breach is part of their ongoing operation called "#opBlackSummer". The hacker informed EHN about the breach with a vulnerable link.
The group has discovered a SQL injection vulnerability in the target website, managed to exploit the vulnerability and compromised the user data.
The team said they are able to retrieve only 3500 user data , they have decided to attack again for retrieving full database.
TCA claims that the stolen user data contains clear-text login credentials, birthday, email address, Social Security Number(SSN) and address details.
Turkish Ajan Hacker Group has breached the official Taiwan website of MTV and managed to deface the main webpage (mtv.com.tw). Hackers also managed to extract the data from the target server.
EHN comes to know about this breach, when the hacker group sent notification to EHN via Twitter "Mtv Taiwan Hacked. 500+k account. File: http://goo.gl/B829n @EHackerNews".
As you can see from the tweet itself, the hacker claimed to have leaked more than 500,000 user accounts and provided the download link.
The dump file,34MB RAR , contains four files : members.sql(115.1 MB ), account1.txt(18Mb), account2.txt(22MB), account3.txt(91MB).
The account1 file contains nick names, email addresses and other details. The accont2 and account3 files contain the login ID, password(plain-text format), name, nickname, email address, and other details.
Members.sql contains the full dump of the Members' database. At the time of writing, the website still shows the defacement page.
Recently, the same group has hacked the Mcdonalds Korea, Nokia, Avast Germany and other top websites.
EHN comes to know about this breach, when the hacker group sent notification to EHN via Twitter "Mtv Taiwan Hacked. 500+k account. File: http://goo.gl/B829n @EHackerNews".
As you can see from the tweet itself, the hacker claimed to have leaked more than 500,000 user accounts and provided the download link.
 | |
| MTV Taiwan website defaced |
The account1 file contains nick names, email addresses and other details. The accont2 and account3 files contain the login ID, password(plain-text format), name, nickname, email address, and other details.
Members.sql contains the full dump of the Members' database. At the time of writing, the website still shows the defacement page.
Recently, the same group has hacked the Mcdonalds Korea, Nokia, Avast Germany and other top websites.
Tunisian Cyber Army is continuing their operation referred as "#OpBlackSummer" - an operation against United States. This time, they hacked into the United Parcel Service(UPS) website.
In an email sent to EHN, the hacker stated that they have exploit this vulnerability in Customized Express Envelopes sub-domain (customizedenvelopes.ups.com).
This time, hackers didn't provide the vulnerable link. They provide the login credentials of admin (username and plain-text password).
Hackers also included two attachments in the mail : ups.com.docx, UsersOrderDetails.xls. Those files contains the Customer information including Address, Name, Company, email address, username, phone number and other details.
Syrian Electronic Army has claimed to have hacked into the official websites of De Montfort Hall(demontforthall.co.uk) and Ministério Agnus Dei(amad.com.br).
In a dump (pastebin.com/G9c0seAu), the SEA mentioned they exploited the Blind Sql Injection vulnerability in the De Montfort Hall's website and compromised the database.
The dump contains the usernames, hashed passwords, name, email addresses and phone numbers.
In another dump(pastebin.com/Qa6By3nL), the hackers leaked the database of amad.com.br . It contains the login IDs, encrypted passwords, email addreses, IP addresses, phone numbers.
As part of their ongoing operation against United States known as "#opBlackSummer", the Tunisian Cyber Army(TCA) and Al-Qaeda Electronic Army(AQEA) has breached the websites belong to US Telecommunication companies.
The hacker group has identified three SQL Injection vulnerabilities in AT&T sub-domains and one SQLi in Verizon website. The hackers provided the vulnerable links to EHN.
The hackers also attacked the the official website for the U.S. Small Business Administration(sba.gov), Merrimack County Savings Bank(mcsbnh.com), State Bank of Park Rapids(statebankofparkrapids.com).
The team exploited the vulnerabilities and compromised information such as User IDs, security question answers, passwords, addresses and email addresses.
Speaking to EHN, the TCA said they exploited the xss vulnerability in FBI website by requesting the admin to open the crafted fbi site link. The hacker claimed that they got temporary access to their computer and downloaded some files about crimes and report.
At EHN, we can't assure that hackers claims about the data compromise are true but the vulnerability links provided by the hackers are valid one.
The hacker group has identified three SQL Injection vulnerabilities in AT&T sub-domains and one SQLi in Verizon website. The hackers provided the vulnerable links to EHN.
The hackers also attacked the the official website for the U.S. Small Business Administration(sba.gov), Merrimack County Savings Bank(mcsbnh.com), State Bank of Park Rapids(statebankofparkrapids.com).
The team exploited the vulnerabilities and compromised information such as User IDs, security question answers, passwords, addresses and email addresses.
 |
| XSS in FBI website |
Speaking to EHN, the TCA said they exploited the xss vulnerability in FBI website by requesting the admin to open the crafted fbi site link. The hacker claimed that they got temporary access to their computer and downloaded some files about crimes and report.
At EHN, we can't assure that hackers claims about the data compromise are true but the vulnerability links provided by the hackers are valid one.
Two Turkish Government websites found to be affected by critical SQL Injection vulnerabilities. The hacker known as D35m0nd142 has exploited this vulnerability in a such way that he compromised database of those websites.
The two affected sites are 'Central Finance & Contracts Unit (cfcu.gov.tr)' and 'Republic of Turkey Ministry of Economy(tcp.gov.tr)'.
In the dump(pastebin.com/GgjcKggL) belong to CFCU, the hacker leaked the 912 email addresses and encrypted passwords.
"I've hacked over 96000 accounts but I've published just 912 of them and all encrypted." D35m0nd142 wrote where the data was leaked.
In the dump (pastebin.com/ZuzMqCqA) belong to TCP.gov.tr, the hacker leaked the 96 email addresses and encrypted passwords.
We reported yesterday that the Pakistani Government websites suffers cyber attack from the Indian Hacker 'Godzilla' aka G.O.D , today he has completed the cyber attack against the Pakistan.
He has managed to compromise details from the databases of Pakistan government websites and leaked earlier today in a paste (pastebin.com/ZWdxE8CW)
The hacker found there are three admins is managing the whole stuff of important Pakistan Cyberspace and common database structure is used for all the websites. He also mentioned that all websites are vulnerable to SQL injection.
In the dump, the hacker leaked the database information such as username, password(plain-text format), database name, table name and other details.
After analyzing the dump, we found the same password is being used for all database and is very weak password.
"I must say without you it would have been difficult for us to penetrate into the system and your common password "111111" was like a magical stick for us." Hacker criticized the admin for their poor password.
"Pakistan is a country which is currently supporting terrorist activities through ISI, and if they regret Pakistan army and Ministry of Defense mail server backups are enough to proof how closely the are related to terrorism. Pakistan stop these activities before its too late." Hacker noted.
