Today, I have come across a phishing page which is surprisingly being hosted in one of the Chinese government website that targets Paypal users.

The paypal phishing page is hosted in the "hxxp://www.121.gov.cn/app/p/index.html" that shows the fake login page of Paypal.

Once the victim enters his credentials and proceed to login, he will be redirected to another page where he will be asked to provide his financial info including name, address, credit card details.

Then users are asked to provide 3 digit secure code, password, security questions.

Once all the details have been entered, you will be redirected to page where it says: "Your information has been sent successfully. For your security, you will be automatically logged out.Thank you for using PayPal". This page redirects to the original paypal login page.

Sub-domain of the Brazilian State of Minas Gerais government website "hxxx://www.camaramontesanto.mg.gov.br" is found to be host same type of phishing page.

PhishTank record shows the 121.gov.cn hosts the phishing page from May 8 and camaramontesanto.mg.gov.br is from May 23.

1.http://www.phishtank.com/phish_detail.php?phish_id=1827926 

2. http://www.phishtank.com/phish_detail.php?phish_id=1857679

Here we go, Twitter finally introduced the most anticipated security feature "Two-Step authentication" that prevents hackers getting access to your twitter accounts.

The recent cyberattacks from Syrian Electronic army(SEA) forced the twitter to enable the 2-step verification feature.

The SEA is the syrian hacker group who recently hijacked the high profile twitter accounts including accounts of Guardian , Telegraph, FT, AP and more via Social engineering attack(Phishing).

Once i said, the only feature that can stop the Syrian Electronic army is 2-step verification :

I think 2-step authentication will prevent @official_sea12 from hacking ur Twitter account.@twitter can you make it fast?!!!!!! #EHN
— E Hacking News (@EHackerNews) May 5, 2013

Thank you twitter for enabling this feature.

What is exactly 2-step Authentication?
 Though i have already explained about this in my previous articles, i would like to explain one more time in this article.

"2-step authentication is a security feature that prompts you to enter a temporary password sent to your phone whenever you log into your account."


So how to enable this security feature?

• Go to https://twitter.com/settings/account page
• Scroll to the bottom of the page , there you can find the "Account security" option.  
• Select the option and follow the instructions 

An unknown cybercriminals compromised the official facebook page of the Miguel Ángel Mancera, the Head of Government of the Mexican Federal District.

After hackers hijacked the page, the officials immediately suspended the facebook page to prevent misuse.

"Please note that the account of # Facebook's # JefeDeGob @manceramiguelmx has been hacked." reads the message posted in the @GobiernoDF. (translated)


"We have suspended the Facebook page to detect the causes of the inadequate functioning. Thanks for your understanding" The tweet posted by the @ManceraConecta .(translated)

"The only person who know how to secure your system is the person who know how to break- Hacker." BreakTheSec.

A Romanian cybercriminal , who is six months into a 5-year sentence for supplying gadgets that conceal ATM skimmers has invented a new device that prevents ATM thefts, Reuters reported.

Valentin Boanta, 33-year-old, who was arrested in 2009 said his arrest made him happy because it helped him to get of his Blackhat hacking addiction.

"Crime was like a drug for me. After I was caught, I was happy I escaped from this adrenaline addiction." Reuters quoted as Boanta saying. "So that the other part, in which I started to develop security solutions, started to emerge."

Secure Revolving System-SRS:SRS device, funded by a technology firm called MB Telecom, can be installed in any existing ATM that prevents the operation of skimming devices.

The hacker with twitter handle Ag3nt47 who hits top university websites has breached the Suzuki and Mazda Russia websites.

The hacker tweeted links to the dump.  The database dumped(pastebin.com/u01PitxP) from the Japanese automobiles manufacturer Suzuki includes password hashes, email addresses.

The data(pastebin.com/9hrwnmgC) taken from Russian website of the Japanese-based automobiles manufacturer Mazda contains no interesting data.

There is no specific reason mentioned by the Ag3nt47 for the attack.  It appears the hacker randomly target high profile website.

This is another incident that reveals why you should be careful on the Internet. A British woman fell prey to a phishing scam and lost her £1million life savings.

The victim unwittingly handed over her personal details to fraudsters after receiving a bogus bank notification email.

Tamer Abdelhamid, the fraudster who stole the personal data then sold the info to Nigerian national, Rilwan Oshodi.  A 26 year old woman from Sierra Leone used the data to change the bank details by pretending to be the victim.

Detectives seized Oshodi's computer during a raid on his home with details of more than 11,000 credit cards, according to DailyMail report.

The fraudsters purchased cheeseburgers, high-end computers, gold with the stolen money. They are facing jail for their roles in the scam.