Indexeus.org website hacked by Pernicious Developers 2014

A day after Security blogger Brian Krebs published an article entitled "Even Script Kids Have a Right to Be Forgotten", hackers breached the Indexeus website(indexeus.org)

Yesterday, Krebs wrote an article about "Indexeus" which is a new search engine containing database of stolen user names and passwords from more than 100 data breaches.

According to KrebsOnSecurity, the database contained stolen credentials from the recent Yahoo and Adobe breaches.


The site also contained databases of few hacker forums that have been hacked. It seems to have ticked off many hackers.  Today, the website was defaced by hacker group Pernicious Developers.

"This is the Original Pernicious Developers, we're still here. Even if you don't know which version of the group who did this." The defacement message reads.  At the time of writing, the website shows a blank page. 

Owner of the Indexeus has replied in one of the threads in HackForums about the hack:



Mirror:
http://www.zone-h.org/mirror/id/22702440

*Update:
The hacker group have provided a screenshot that shows they uploaded a backdoor shell to the affected website.


Hacking Any Facebook Accounts using REST API

Stephen Sclafani , a Security Researcher, has discovered a critical security vulnerability in the Social Networking giant Facebook that allowed him to hack any facebook accounts.

Stephen just need your user ID, he can hack into your account and read private messages, view email addresses, create or delete notes, on top of that he can update status and upload photos and tag you friends,  on behalf you. 

"A misconfigured endpoint allowed legacy REST API calls to be made on behalf of any Facebook user using only their user ID" Stephen explained in his blog.

The Facebook REST API is said to be predecessor of Facebook’s current Graph API.  He managed to send request to server using this API such that it will update status on behalf of victim.


Stephen found this bug in April 23 and reported to Facebook.  After getting notification, Facebook permanently fixed the bug on April 30th. Facebook awarded $20,000 bounty to him for finding and reporting this bug.

Dailymotion website visitors redirected to malicious web page


Attackers managed to compromise the popular video sharing website dailymotion and redirected visitors to malicious web page that installs malware in victim's machine.

On June 28, Symantec researchers identified an iframe in Dailymotion.com which sends users to different website hosting Sweet Orange Exploit kit.

Sweet Orange Exploit Kit is a malware toolkit used by attackers to infect victim's machine with malware by exploiting software vulnerabilities on their machine.

The vulnerabilities that Sweet Orange attempts to exploit are : Java Vulnerability(CVE-2013-2460), Adobe Flash Player vulnerability(CVE-2014-0515), Internet Explorer Vulnerability(CVE-2013-2551).

If the user's machine is vulnerable, then Trojan.Adclicker was downloaded onto the victim’s computer.

"This malware forces the compromised computer to artificially generate traffic to pay-per-click Web advertisements in order to generate revenue for the attackers" the symantec researchers said.

Data Breach at Butler University affects over 163,000 individuals

Officials at Butler University have informed approximately 163,000 individuals that a data breach has compromised their personal information.

The breach came to light when police arrested an identity theft suspect who had a flash drive containing the personal information of some Butler University employees.

An internal investigation revealed that someone hacked into the university's computer network between November 2013 and May 2014.

According to the letter, the hacker had access to files containing names, date of birth, Social Security numbers and bank account information.

The university is offering one year free credit card monitoring service to those affected.


Syrian Electronic Army hacks Reuters


Reuters, the international news agency, was reportedly been hacked by the Syrian Electronic Army - a hacking group who support the government of Syrian President Bashar al-Assad and attack news organizations.

Anyone who try to visit articles on the Reuters website were being redirected to the official website of the Syrian Electronic Army.

" Hacked by Syrian Electronic Army

Stop publishing fake reports and false articles about Syria!

UK government is supporting the terrorists in Syria to destroy it, Stop spreading its propaganda." The message posted in hacker's website reads.

According to rederic Jacobs reports, the Reuters wasn't directly compromised in this attack.  Instead, the group hacked into a third-party ad provider Taboola -which is used by Reuters to display ads.

This is not the first time the group has used such an approach to hack the websites.  Few days back, the group managed to redirect users of The Sunday Times website to their website, after they compromised a third-party server used by both sites.

Last year, the group managed to hack into the Outbrian and redirect the visitors of CNN, WashingtonPost and other news organizations to hackers' website.

Alleged "NullCrew" Hacker arrested by FBI

FBI has arrested a 20-year-old Tennessee man for allegedly conspiring to launch cyber attacks on a number of businesses and educational organizations.

Timothy Justin French, known online as 'Orbit', is believed to be part of the famous hacking group "NullCrew".  The group is best known for its hacking attacks against World Health Organization and PBS.  Earlier this year, the group also hacked into Bell Canada website.

According to the DOJ, the FBI with the help of 'confidential witness' approached members of the Nullcrew Team on Skype, Twitter and CryptoCat.

After gaining their trust, Fed's inside man engaged them in conversations that includes discussions on past,present and future attacks and their hacking techniques.

The FBI used the information gathered by witness to track the IP address of one of the computers used in some of the NullCrew attacks.

"The computer hacking charge in this case carries a maximum sentence of 10 years in prison and a $250,000 fine. If convicted, the court must impose a reasonable sentence under federal statutes and the advisory United States Sentencing Guidelines."

Dominos Pizza hacked, details of 650k customers stolen

Hackers who claimed to have compromised the database server of Domino's Pizza have demanded a ransom of €30,000 to prevent the public disclosure of customer's data.

The hacker group going by the name of Rex Mundi said they hacked into the servers of Domino's Pizza France and Belgium.

The hackers have managed to download more than 592,000 customer records from Dominos France and 58,000 records from Belgian website.

They claim the compromised database contained sensitive information such as customer's full names, addresses, phone numbers, delivery instructions, email IDs and passwords.

The group gave a deadline of 8PM CET for Dominos to pay them.

"If they do not do so, we will post the entirety of the data in our possession on the Internet." The group said.

Domino's France posted a series of tweets in which it acknowledged the hack and recommended users to change their passwords.

Avast community forum hacked, user names and passwords stolen

Antivirus firm Avast said it took its community forum offline following a hacking attack compromised its database.

User names, email addresses,nick names and passwords were compromised in this attack.  The breach did not involve any financial data, license or any other data.

While the passwords are hashed(SMF forum software uses SHA-1 with a salt to store passwords) , it will not take much time for a hacker to crack the hashes. The longer the password, the harder it is to crack.

According to Avast blog post, the security breach affects less than 0.2% (about 400,000) of Avast's 200 million users.

People who uses the same password on other websites are advised to change those passwords immediately. 

Until now, their forum used an open source community software called "Simple Machines Forum(SMF)".  It appears the Avast is using an outdated version of SMF.


Avast said it is now "We are now rebuilding the forum and moving it to a different software platform" which will be secure one.

Security Breach at TradeMotion affects customers of AutoNation

AutoNation, Inc, said to be one of the largest largest automotive retailer in the United States, is notifying its customers that hackers may have gained access to their personal and financial information.

AutoNation said one of their third party vendors 'TradeMotion' has experienced a cyber attack.

Websites of AutoNation including 'parts.autonationfordwhitebearlake.com', 'parts.championtoyotaofaustin.com' and 'www.discounttoyotaparts.com' which is maintained by TradeMotion affected by this breach.

The information accessed by hackers includes customers' names, street addresses, email addresses, telephone numbers and credit card numbers entered between March 5,2014 and May 2, 2014.

TradeMotion has contacted the FBI regarding the icident.

AutoNation advises customers to monitor their financial accounts closely and offers one year free identity theft protection to affected customers.

Researcher finds vulnerability in eBay and claims he uploaded a shell

 
Jordan Jones(@CEHSecurity), a Security researcher, claims to have discovered a critical security vulnerability in the eBay website for employees that allowed him to upload a backdoor shell.

Jordan said in his tweet that he notified about the vulnerability to eBay.  A screenshot published in his twitter account shows that he is able to upload a 'shell.php' file in the following location:

"https://dsl.ebay.com/wp-includes/Text/Diff/Engine/shell.php"
At the time of writing, the file is still there.   The last modified date of the file is December 2012. It is quite possible to modify the TimeStamp. So, we are not sure from when the file is there.

Trying to access the shell ends up in blank page.  It means either the researcher have modified the shell to run only when a particular input is passed or it is not a shell.

Jordan have also discovered a cross site scripting vulnerability in the eBay Research Labs page(labs.ebay.com).

eBay hacked, Encrypted passwords and non-financial data stolen


If you have an account in eBay, it is time to change your password!

E-commerce company eBay Inc urges users to change their passwords following a security breach impacting a database containing encrypted passwords and non-financial data.

The database accessed by hackers includes customers' information such as names, encrypted passwords, email IDs, birth dates and phone number.

eBay said it had found no evidence that any financial or credit card information, which is said to be stored in separate database server in encrypted format. 

The company also said a small number of employee login credentials have been stolen in the breach, which allowed intruders to gain access to its corporate network.

The company said the breach happened between late February and early March.

eBay can sent out all the "Offer" mails to users immediately...but why it is taking long to send a security warning?! Once they know the attack has happened and details have been compromised, why wait?!

Tata Motors website hacked by Pakistani Hackers


The official website of Tata Motors, the Largest Indian multinational automotive manufacturing company, has been breached and defaced by a Pakistani Hacker who uses the online moniker "H4$N4!N H4XOR".

The main website is not affected by this breach. The Hacker has defaced the 'connect.tatamotors.com', a sub-domain dedicated for the Auto Expo 2014.

"India B Ready I Am Coming  :P " The hacker wrote on the defaced page.

"Pakistan Haxors Crew is here to remind you of your security... Our fight is not against any individual but the system as a whole.. Should you choose to ignore security, it will reincarnate as your worst nightmare !  We just defaced your website to give you a chance to put your hands on it before others come and destroy it!"

At the time of writing, the Tata Motors' sub-domain still showed the defacement page. The mirror of defacement is available here:  http://zone-h.com/mirror/id/22337776

Two Students arrested for hacking into School System to change Score

Two students from a college in Shanghai's Songjiang District have been arrested for allegedly breaking into their school's computer systems to change their grades.

The college students named Chen and Zhang didn't attend the morning physical education class regularly.  So, they decided to break into the college's system and change their scores in December 2013.

After students heard about their successful effort, other students turned to them for help.

According to Shanghai Daily report, they charged 15 yuan to 20 yuan for each change they made in school's database.

They earned more than 80,000 yuan(more than $12,000) by helping over 200 students.

The school noticed the false records in March and fixed the vulnerability that allowed them to change the scores. 

Orange warns users of phishing attacks following 2nd security breach



France based Telecoms company Orange has been hacked second time this year, more than 1.3 Million customers are affected by this security breach.

In the mid of April, hackers gained access to the a platform used by Orange to send email and SMS to its subscribers, according to Connexion report

The company sent an email to affected customers which contains a link to "click to call back" button.  Users who clicks the link will receive call from Orange.

The personal data accessed by hackers includes names, email addresses, mobile and landline numbers, date of birth as well as names of mobile and internet operators.

No payment information or credit card numbers and no passwords have been compromised in this breach.

However, the main risk in this case is that the compromised data can be used by attackers to launch phishing attacks.  Such attacks are claimed to be from the legitimate organizations and tricks users into provide their passwords and financial data.

Back in February 2014, Orange sent letters to 800,000 customers that hackers accessed personal data including email ids, phone numbers, names, mailing addresses.

18-year-old Miami Student arrested for hacking school computer to change grades


Hacking School's computer network and changing the Grade is not the right way to get good Grades

A 18-year-old Miami High School student was arrested after he allegedly hacking into the Miami-Dade Public Schools database to his grades and grades of four other students.

Jose Bautista, was charged with multiple counts including intellectual property offence and offense against computer users, after he reportedly gave Princiapal a written confession.

He was released on a $20,000 bond.  Judge ordered him to place him under house arrest and wear a GPS tracking device.

"It's not fair to the people that really try," said Mayan Dehry, a senior student at the school."I don't know, if you're just going to be lazy and then change your grades, that's not what learning is about."

Eircom recommends customers to change password after detecting Intrusion

Eircom, an Ireland Based Telecommunications company, has apologized to its users after it was forced to shut down its email service on Wednesday, after detecting an unauthorized access to the email system.

"we took immediate steps to lock down our email service and eliminate any threat to our 350,000 eircom.net email users" The company said.

The company said they found no evidence suggesting that the Inruders have gained access to any other systems or services including customer data.

They also recommend their customers to change their email accounts passwords and on a regular basis in the future.  If you have used the same password anywhere else, it is better to change their also.

After implementing a number of system modifications, access to eircom.net email had been fully restored.

The company said it is still trying to find out the cause of intrusion and had alerted relevant bodies including the Office of the Data Protection Commissioner.

4 Cybercriminals from Vietnam arrested for using SMS malware to earn $100,000


Image Credits: Hanoimoi
Vietnam Police have arrested four individuals accused of stealing approximately $100,000 by infecting more than 100,000 mobile devices with a premium-rate SMS sending virus.

The suspects are identified as 23 year old Ha Xuan Tien, 24-year-old Nguyen Duc Luc, 25-year-old Nguyen Van Tu, 29-year-old Tran Ngoc Hai, according to Tuoitrenews.

The malicious applications which was used by suspects to infect users are said to be distributed via websites like "soundfest.com.vn", "clickdi.com". 

Once the malicious application infects a smart phone, the app will automatically send SMS messages to premium rate numbers.  Premium rate numbers allows the owner to earn money from incoming calls and SMS.

The victim will lose 15,000  Vietnamese Dong($0.71 in USD), after each message is sent from their device to these premium rate numbers.

Using this method, the cyber criminals manged to earn more than 2.1 Billion Vietnamese Dong($98,700 in USD) since late 2013.

Kali Linux website hacked by The GreaT Team

When it comes to Security, No ONE is 100% Secure.  Even the world most popular Security-related Linux provider Kali is no exception to this fact.

Earlier Today, a Libyan Hackers group "The GreaT Team(TGT)" have breached the mailing list subdomain of Kali website(lists.kali.org).

The hacker managed to change the descriptions of two lists which was being shown in the front page of the subdomain. One of the description is "Hacked By The GreaT TeAm -TGT ", other one is "Libyan Hackers".

After became aware of the breach, Kali Team immediately take down the entire sub-domain to offline.  The team said it is an inactive sub-domain.

"Looks like our inactive, 3rd party, 0 volume mailing list was hacked. DNS entry removed - back to sleep, problem solved." Kali Team's response to the breach.

It is worth to note that Kali Team has already have a bug bounty program- Researchers who report security bugs in their website will get reward.  But, Security researcher Rafay Baloch who discovered few security bugs in kali website highlighted the fact the "Bug Bounty" didn't help much.

The mirror of the defacement is here: http://www.zone-h.org/mirror/id/22278878

Popular Image Board 4chan hacked, moderator accounts targeted

The Popular Image Board 4chan has admitted to having suffered a security breach that allowed an intruder to access administrative functions and information from a 4chan database.

The breach which is said to have taken place last week was limited to moderation panels, their reports queue, and some tables in their backend database.

4Chan says the primary target of this security breach is their moderator account names and login credentials.  Hackers also managed to access pass credentials of three 4Chan pass users.

4Chan said it doesn't process any payment information, all of them are being processed by Stripe. So, there is no financial data involved in this breach.

The vulnerability responsible for the data breach has reportedly been patched, after 4chan became aware of it.

E-Bytes for this week

Google Refunds buyers scammed by fake android antivirus app:
Google has offered Refunds and $5 promotional credit to thousands of users who were scammed by fake Android app "Virus Shield".

Facebook Servers can be used by attackers to DDOS any websites:
Researcher found a bug in facebook Notes that allows anyone to launch Denial of service attack against any websites using the power of Facebook Servers. 

BJP blocks access to its website in Pakistan:
Hackers from Pakistan defaced the several websites related to Bharatiya Janata Party(BJP) including website of Senior BJP Leader LK Advani.  Following the repeated hacking attacks, BJP has blocked its website for visitors from Pakistan.

Bitcoin Malware in Google Play store:
LookOut spotted five android applications on Google Play Store that turns the infected android devices into a distributed Bitcoin mining rig. 

Nullcrew claimed to have breached servers of nine organizations including Teleco Systems, Klas Telecom, Science and Technology center, National credit union, Spokeo and leaked databases.