Ex-employee arrested for hacking into High-voltage power manufacturer's network


A Software programmer who was employed at the High-voltage power manufacturer company arrested for hacking into the computer network of the company.

According to the FBI report, Michael Meneses, was employed at the victim company as a software programmer and system manager specializing in developing and customizing the software that the company used to run its business operations.

He was one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business. His responsibilities gave him high-level access to the company’s computer network.

He had voiced displeasure at having been passed over for promotions, tendered his resignation in late December 2011.  Then, he allegedly launched cyber attack against the company and steal employee's security credentials.  He then used those credentials for accessing the network remotely via VPN.  The complaint says the company suffered over $90,000 in damages as a result of Meneses’s intrusions.

If convicted, he will face a statutory maximum sentence of years’ imprisonment, a $250,000 fine, and restitution.

Hackers compromised cPanel's proxy server used by Technical Analysts


cPanel announced that one of the cPanel proxy servers which is used by their Technical analysts for accessing customer servers has been compromised by hackers.

According to their forum post, the hacker compromised proxy machine by compromising a single workstation used by one of our Technical Analysts.

The company said "only a small group of our Technical Analysts uses this particular machine for logins".

The company also claimed that they found no evidence that any sensitive customer data was exposed and there is no evidence that the actual database was compromised.

cPanel restructured the process used to access customer server to "reduce the risk" of this type of security breach.

Syrian Electronic Army hacked into Emails of Israel News site Haaretz


The hacker group Syrian Electronic Army hacked into mail system of Israel News Paper Haaretz.

The hackers claimed that they gained access to more than 80 email accounts and passwords of Haaretz employees and leaked the data in their official website.(syrian-es.org/leaks/Haaretz/Haaretz-EmailsAndPasswords)

According to Haaretz report, the hackers sent a spoofed emails to Haaretz employees and asked them to click a link that leads to an article on website of The Guardian, about talks between the United States and the Syrian opposition.

Once the employee click the link, it redirect the victim to a page requesting them to enter their login credentials that allowed hackers to breach their work email accounts.

Haaretz take down the email server after the security breach. The Haaretz Group responded by saying that all employees' email passwords will be changed.  Readers' data from Haaretz Group websites  are not affected by this breach.

Screenshot that lists the Haaretz employees' email accounts
The employees use very simple passwords.  We have selected the Best password used by the Employees (lol) : "Abc123".

"It's just the beginning ... Next hacks will include Israeli government targets " Hackers said in their post.

NIC uses vulnerable Apache version, results in "Expect header XSS" vulnerability


The hackers who recently defaced Top level Domains of Turkmenistan by exploiting the vulnerability in NIC.tm, has discovered another vulnerability in the website.

They found that the few NIC websites uses the vulnerable version of Apache server(version 1.3.33) .   The version has a security flaw that exists in the handling of invalid Expect headers. Modifying the Expect header value to XSS code results in Cross site scripting attack.

GET / HTTP/1.1
Expect: <script>alert("E Hacking News")</script>
Host: nic.tm
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*

Expect Header xss attack


The vulnerability affects four NIC websites : www.nic.ac, www.nic.tm ,www.nic.io,www.nic.sh.

There is another important security flaw in the Apache server : Mod_rewrite which is vulnerable to buffer overflow(Vulnerability Details). 

Quick fix for IE zero-day Vulnerability (CVE-2012-4792) is available


Microsoft has released quick fix for a zero-day vulnerability in older versions of its Internet Explorer web browser that is actively being exploited by hackers.

The security flaw affects the IE 6, Internet Explorer 7 and Internet Explorer 8. Versions 9 and 10 are not affected by this vulnerability.

About CVE-2012-4792:

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

The company said that the "Fix it solution" is not intended to be a replacement for any security update.

"We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios."

Quick fix the vulnerability is available here:
http://support.microsoft.com/kb/2794220#FixItForMe

#OpIsrael: Anonymous hacked Israel news agency DEBKAfile, accounts leaked

anonymous hacker

The Anonymous hackers has hacked into the official website of an Israel News Agency, DEBKAfile(debka.com) and leaked user accounts.  The hack is an apparent retaliation for what the hacktivist claimed is Debkafiles long history of being a “tongue of the Mossad.”

The dump contains more than 80 user login credentials .  It contains email address and password in plain text. Most of the password are very simple and only 6 letter text.

"DEBKA first started around 2000 in purpose of polluting media with Zionist-Oriented news and rumors." Hacker said in the pastebin.

"DEBKA also analyzes on how people react to news and information offered by the agency in their state of art laboratory. Using these methods the agency has got the ability to release news and rumors in subjects which have most impact in the eyes of readers and political figures."

According to hacker statement, they have managed to breach their systems and acquire highly sensitive information, including employees and authors personal information, labs details and of course their subscribers.

But they have leaked only portion of what they have got which includes subscribers emails and passwords (Most of them are retired MOSSAD agents!!!).

So far there is no official statement from Debkafile about the breach.  Stay tuned..!