Flaw in D-Link switches; A threat to security

Independent security researcher Varang Amin and Aditya Sood, chief architect at Elastica’s Cloud Threat Labs discovered a flaw in DGS-1210 Series Gigabit smart switches from D-Link which could be exploited to access log and configuration files without any authentication credentials.

These switches which can be configured to store backup files, including logs, firmware and configuration files lack proper authorization and authentication controls, allowing an attacker to access the backup files found both on the device’s flash memory and the web server.

The duo also pointed out that while the web server’s root directory is easily accessible, the back files from the flash memory could be remotely accessed by knowing the IP address of target device.

The access of configuration file can pose a threat as it can expose all the details about the switch including configuration, username, etc. The file can be uploaded to another switch to obtain further information about the clients which is stored in log files.

According to Sood, the flaw was detected on October 07, but the company did not release a fix for it till now.

After waiting for a month, the researchers recently disclosed their discovery at the ToorCon security conference. However, in order to give time to the firm to address the issue, the duo did not make the exploit details public.

Microsoft provides urgent security fix for Windows

Microsoft has recently provided a security fix for its Windows operating systems to plug a lapse in security that allowed hackers access to a victims computer.

Microsoft has said that the vulnerability present in their operating system would have allowed a hacker to gain complete access to an affected computer.

The vulnerability is present in Windows Vista, Windows 7, Windows 8 and 8.1 and Windows RT. These operating systems represent two out of three computers in the world that run a Microsoft operating system.

The company had previously provided an update like this in November 2014 also.

The flaw is said to exist in the final version of Windows 10 also that will be available to users from July 29.

The security fix will be done through Windows Update

Ex-employee arrested for hacking into High-voltage power manufacturer's network

A Software programmer who was employed at the High-voltage power manufacturer company arrested for hacking into the computer network of the company.

According to the FBI report, Michael Meneses, was employed at the victim company as a software programmer and system manager specializing in developing and customizing the software that the company used to run its business operations.

He was one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business. His responsibilities gave him high-level access to the company’s computer network.

He had voiced displeasure at having been passed over for promotions, tendered his resignation in late December 2011.  Then, he allegedly launched cyber attack against the company and steal employee's security credentials.  He then used those credentials for accessing the network remotely via VPN.  The complaint says the company suffered over $90,000 in damages as a result of Meneses’s intrusions.

If convicted, he will face a statutory maximum sentence of years’ imprisonment, a $250,000 fine, and restitution.

Hackers compromised cPanel's proxy server used by Technical Analysts

cPanel announced that one of the cPanel proxy servers which is used by their Technical analysts for accessing customer servers has been compromised by hackers.

According to their forum post, the hacker compromised proxy machine by compromising a single workstation used by one of our Technical Analysts.

The company said "only a small group of our Technical Analysts uses this particular machine for logins".

The company also claimed that they found no evidence that any sensitive customer data was exposed and there is no evidence that the actual database was compromised.

cPanel restructured the process used to access customer server to "reduce the risk" of this type of security breach.

Syrian Electronic Army hacked into Emails of Israel News site Haaretz

The hacker group Syrian Electronic Army hacked into mail system of Israel News Paper Haaretz.

The hackers claimed that they gained access to more than 80 email accounts and passwords of Haaretz employees and leaked the data in their official website.(syrian-es.org/leaks/Haaretz/Haaretz-EmailsAndPasswords)

According to Haaretz report, the hackers sent a spoofed emails to Haaretz employees and asked them to click a link that leads to an article on website of The Guardian, about talks between the United States and the Syrian opposition.

Once the employee click the link, it redirect the victim to a page requesting them to enter their login credentials that allowed hackers to breach their work email accounts.

Haaretz take down the email server after the security breach. The Haaretz Group responded by saying that all employees' email passwords will be changed.  Readers' data from Haaretz Group websites  are not affected by this breach.

Screenshot that lists the Haaretz employees' email accounts
The employees use very simple passwords.  We have selected the Best password used by the Employees (lol) : "Abc123".

"It's just the beginning ... Next hacks will include Israeli government targets " Hackers said in their post.

NIC uses vulnerable Apache version, results in "Expect header XSS" vulnerability

The hackers who recently defaced Top level Domains of Turkmenistan by exploiting the vulnerability in NIC.tm, has discovered another vulnerability in the website.

They found that the few NIC websites uses the vulnerable version of Apache server(version 1.3.33) .   The version has a security flaw that exists in the handling of invalid Expect headers. Modifying the Expect header value to XSS code results in Cross site scripting attack.

GET / HTTP/1.1
Expect: <script>alert("E Hacking News")</script>
Host: nic.tm
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*

Expect Header xss attack

The vulnerability affects four NIC websites : www.nic.ac, www.nic.tm ,www.nic.io,www.nic.sh.

There is another important security flaw in the Apache server : Mod_rewrite which is vulnerable to buffer overflow(Vulnerability Details). 

Quick fix for IE zero-day Vulnerability (CVE-2012-4792) is available

Microsoft has released quick fix for a zero-day vulnerability in older versions of its Internet Explorer web browser that is actively being exploited by hackers.

The security flaw affects the IE 6, Internet Explorer 7 and Internet Explorer 8. Versions 9 and 10 are not affected by this vulnerability.

About CVE-2012-4792:

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

The company said that the "Fix it solution" is not intended to be a replacement for any security update.

"We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios."

Quick fix the vulnerability is available here:

#OpIsrael: Anonymous hacked Israel news agency DEBKAfile, accounts leaked

anonymous hacker

The Anonymous hackers has hacked into the official website of an Israel News Agency, DEBKAfile(debka.com) and leaked user accounts.  The hack is an apparent retaliation for what the hacktivist claimed is Debkafiles long history of being a “tongue of the Mossad.”

The dump contains more than 80 user login credentials .  It contains email address and password in plain text. Most of the password are very simple and only 6 letter text.

"DEBKA first started around 2000 in purpose of polluting media with Zionist-Oriented news and rumors." Hacker said in the pastebin.

"DEBKA also analyzes on how people react to news and information offered by the agency in their state of art laboratory. Using these methods the agency has got the ability to release news and rumors in subjects which have most impact in the eyes of readers and political figures."

According to hacker statement, they have managed to breach their systems and acquire highly sensitive information, including employees and authors personal information, labs details and of course their subscribers.

But they have leaked only portion of what they have got which includes subscribers emails and passwords (Most of them are retired MOSSAD agents!!!).

So far there is no official statement from Debkafile about the breach.  Stay tuned..!