EA Games website hacked to host Apple phishing page

A webserver belonging to the EA Games has been compromised by cybercriminals and it is now hosting a phishing page attempting to steal Apple IDs.

According to Netcraft report, hackers managed to break into the sub-domain by exploiting vulnerabilities in the outdated version of web calendar application.

The Web Calendar version 1.2.0 has a critical vulnerability that allows attacker to run arbitrary code.

The phishing page tricks users into handing over their login credentials for the Apple website.  After entering the Apple ID and password, it will display second form which asks to victim to enter card details, name, birth date, phone number and few other details.  Like the usual phishing pages, once victim submit the details, he will be redirected to legitimate apple site.

Netcraft says the hacker might also have gained access to the internal servers and other information.

"In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server." The blog post reads.

BitStamp hacked, users are receiving spam mail containing malware


BitStamp which is said to be largest Bitcoin Exchange, has been breached and users are receiving spam mails containing a link to malware file.

BitStamp yesterday gave a warning to its users about a new phishing attack and urged users to ignore all emails with the subject "Bitstamp trading will be suspended for 24 hours".

A few days back, a BitStamp's user reported in reddit that he received a malicious email pretending to be from MtGox which asked to him to download a document saying "please sign the papers attached.  The malicious link given in the email led to page which distributes a malware with the extension '.pif'.

The user suggested that BitStamp mailing list might be compromised by attackers.  The attackers also appear to have sent spam mail pretending to be from BTC Guild and Eobot.  

BitStamp confirmed to owner of BTC Guild 'Eleuthira' that its mailing list has been compromised by attackers.  The security breach was reportedly happened before two weeks.

Thousands of Sites Possibly Hacked by Exploiting Plesk Zero-Day

Researchers says thousands of sites being hacked each day and some believe that the phenomenon may have something to do with a zero-day vulnerability that affects Parallels’ Plesk Panel.

According to Brian Krebs, the exploit, which works for sites running Plesk 10.4.4 and earlier versions, is sold on underground hacking forums for the price of $8,000 (6,300 EUR) by a member that’s known for providing reliable “products.”

The author, who even made available a point-and-click tool, claims that the exploit can be successfully utilized to obtain administrator password.

A few days ago, SC Magazin cited Sucuri Malware Lab experts who uncovered that around 50,000 websites had been breached. Since many of them were using Plesk, it’s possible that the attackers leveraged this flaw to hack them.

Furthermore, the recent attacks that involved pseudo-randomly generated domains, might have had something to do with the security hole in Plesk Panel, as Denis Sinegubko explains on the Unmask Parasites blog.

In the meantime, Parallels’ representatives have received a lot of complaints regarding a possible new vulnerability in Plesk 10.4 and earlier versions.

“We are currently investigating this new reported vulnerability on Plesk 10.4 and earlier. At this time the claims are unsubstantiated. We have not received any claims to confirm this vulnerability,” reads the security advisory published by the company.

On the other hand, their forums are full of users who state that their sites have been hacked even with all the patches applied.

“We had changed all the passwords as per the KB, and in less than 24 hours they were back in again with the new passwords. They hacked Plesk again using all the newly generated passwords,” one user wrote.

Until new information regarding this potential zero-day becomes available, Parallels’ recommends user to update their installations to Plesk Panel 11, which comes with numerous improvements in the security section.

XBox Live(XBL) Accounts hacked to buy FIFA 12 packs


As per the eurogamer report, Xbox 360 owners account is hacked in order to buy FIFA ultimate Team content packs. 

One of victim Speedjack reported to Eurogamer first about the compromise , who on 11th October found his gamertag had been "recovered" to someone else's machine.

"I then find out that I've had 5000 then 500 MS points bought on my credit card. Better yet, all the points including the 120 I had already on my account are gone... all spent on FIFA 12 content packs yesterday afternoon while I was at work.

"Not only that, but my account now has 35 FIFA 12 achievement points on it!!! Never played the game in my life - hate football."  Speedjack spoke to Microsoft support, which suggested there exists an issue with EA's servers that leaves XBL accounts vulnerable.

There is also a similar report on forum Facepunch, and multiple users' reports on the Xbox.com forum.

In order to Investigate complaints ,Microsoft support freezed compromised accounts up to 30 days.

Firefox Russian Website hacked and defaced by T34M PakleetS

www.firefox.ru website is hacked and defaced by T34M Pakleets.
This is what hacker said:
HackeD by T34M PakleetS

Everyday Someone Get Hacked Today is your Day

FirefoX ? O_o

Impossible only means it has not been done... Now watch what I can do

" Jus a Security Reminder"

KhantastiC HaXor - InnOcent HaCker

Th3 Vip3R - ReXor haXor

T34M PAKleetS
Defacement Screenshot:


45 Indian Websites defaced By Shadow008

Shadow008, Pakistani Hacker(from Pakistan Cyber Army) hacked and defaced 45 Indian Websites .
Pastebin link(defaced sites listed):
http://pastebin.com/fvwyrbHq
Screenshot of Defacement:


Welt.de hacked Credit Card info of 30264 users Compromised

Welt.de is hacked using the SQL injection(http://boot24.welt.de/index_welt..php?ac =*** - shortened link!) Vulnerability.  He did this by his own admission, to protest against the sale of user data to a third party operator. So far, only censored excerpts from the database of all 30 264 users of Welt.de were published. However, all data should be made public operators


source:gulli

Press Release from Freedom fights and the Green party hacked

@ForFreed0m has released a press release and dump of info from the Green Party in name of #antisec.

This is what they said:
To every man, woman & child… We want an end to the glamorization of negativity in the media. We want an end to status symbols dictating our worth as individuals.

We want a meaningful and free universal education system. We want substance in the place of popularity. We will not compromise who we are to be accepted by the crowd. We want the invisible walls that separate by wealth, race & class to be torn down. We want to think our own thoughts. We will be responsible for our environment.

Dear internetz, today we bring you our release from “Freedom Fighters”. I laugh at the New World Order trying to enslave us via the media and politicians lying, we want an end to the biased press whom want to destroy our freedoms via fear. Fear is the way how the globalist’s want to control us, controlling our laws and establishing a police state which is what we are fighting against. We want our god given rights on privacy and being able to use our founding laws to control the government, not the government controlling us. We don’t want the government to be groping us in airports, we don’t want the government to enforce statutes to support the bankers but not support the citizens, we want a free government who listens to the citizens of the situating country and not listen to the globalist’s. This is why humans have revolutions for example: Libya. The Libya citizens fought up against the regime because they thought they were being suppressed and cruelly controlled. That is because we are humans and not robots, good day to you.

Our twitter: @ForFreed0m GO THERE FOR UPDATES

The Release Details:-

Oh herro Green Party, we just hacked you #Antisec

FirstName LastName Address Address2 CityHome StateHome ZipHome Phone Ofice_Email Gender Ethnicity Sexuality Under30 Disabili Active

Good day ‘ole chaps

DOWNLOAD HERE: http://www.mediafire.com/?rjzt1sc1uvlt41d

Pastebin Link:http://pastebin.com/HeZt8kXP