Monsanto hacked, 1300 individuals affected

Monsanto, a chemical and agricultural biotech corporation, has admitted that hackers managed to breach the server of its subsidiary Precision planting.

The breach occurred in late March, affecting less than 1,300 customers and employees.

The affected server contained sensitive information including customer names, addresses, tax ID numbers, Social Security numbers and financial information.

The server was also used for storing Human Resources Department data which includes employee names, addresses, social security numbers and driver's license numbers of small number of employees.

The company claims that it does not believe the breach was an attempt to steal customer information.

The affected individuals are being offered one year free membership of credit monitoring and identity theft insurance. 

Spotify suffers Data Breach, You should upgrade the android app

Music Streaming Service Spotify is the latest high-profile company to report a Data breach.  Spotify has announced on its blog that it had been hacked.

According to the blog post, the breach affected only one user.  The affect user has been notified about the incident.  The company says the breach did not involve any password, financial or payment information.

"Based on our findings, we are not aware of any increased risk to users as a result of this incident." Oskar Stål, Chief Technology Officer at Spotify said in the blog post.

As an additional security measure, the company also recommends android users to upgrade their spotify application.  iOS and Windows Phone users do not need to take any actions.

"We apologise for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users." the blog post reads.

Official websites of Taj Mahal and Agra Fort hacked by Pakistani hackers


The Pakistani hackers continue to target Indian Government and other websites.  'Pakistan Haxors Crew' is to be one of the most active groups that targeting Indian websites.

Today, the hacker known as 'H4$N4!N H4XOR' from the group hacked into one of the popular Indian Government websites ; The main page of Taj Mahal website(www.tajmahal.gov.in) is now displaying the Pakistan's flag.

The message posted on the defaced page reads follows:
"Whatever you fail to detect, will cause your downfall..Pakistan Haxors Crew is here to remind you of your Security.. Our fight is not against any individual but the system as whole"

It is not the only website defaced in the recent attack. The group also changed the contents of other popular government websites including Agra Fort official site(agrafort.gov.in) and Fatehpur Sikri site.

While other sites are modified to display the hacker's content in the front page of the site, hackers have placed their defacement page in Fatehpur Sikrisite at "http://fatehpursikri.gov.in/r00t.html"  

At the time of writing, all of the affected websites still display the contents modified by the hackers. 

New Zealand Super Computer FitzRoy Hacked


FitzRoy, one of the fastest supercomputer weighing 18 tonnes, equivalent to 7000 laptops working simultaneously, supplying information on future severe weather, as well as greater world issues such as climate change, has been targeted by a computer hacker assumed to hail from China.

FitzRoy is owned by Niwa and is housed in a specially constructed room at the National Institute for Water and Atmospheric Research base at Greta Point, Wellington.

John Morgan chief executive of Niwa confirmed the news on May 23rd that supercomputer's security has been compromised by "an unauthorized person" overnight on Thursday.

He further said- "We immediately isolated the supercomputer, and switched functionality to back-up facilities in Hamilton"

"We are . . . confident the intruder did not get beyond the supercomputer."

FitzRoy provides a Capability Class supercomputer for use by New Zealand scientists working at the forefront of some of the largest scientific challenges faced by the nation. It is the fastest machine of it's kind in the southern hemisphere and comfortably in the world's top 500 supercomputers. It has a peak speed of 34 Tflops which a low latency, high bandwidth interconnect allowing the machine to act as a unified tool to solve the largest scientific problems.

Though it has been confirmed that the attacking IP address is from China still it cannot be confirmed that the attack originated from China, Prime Minister John Key said.“I would be very wary of attributing it to any country,” he says.

Meanwhile Niwa assures that the attack was in vain and FitzRoy has resumed its work normally."After taking a number of mitigation steps, the supercomputer was back online on Saturday evening with all normal services resumed," Niwa says.

Furthermore security expert Dr Paul Buchanan — a former policy analyst for the US Secretary of Defense advising the Pentagon — told NBR the attack followed the Chinese pattern of cyber trawling.He suggests the attack was to look for a back door or weak link, if Fitzroy is connected to other government computers.

But Daniel Ayers, a one-time Ernst & Young computer forensic expert and fraud investigator now private company Special Tactics, has different interpretation.He says-the attack could be used to mount a brute force attack on encryption of the supercomputer."The culprit in this case might have been seeking to establish a ‘botnet’ of super computers to solve a particularly difficult problem — possibly cryptographic. Or they might have suspected that the machine had covert classified uses, and it may do.”-he adds.

On the way we can now be sure that the day is not far when the security of super computer can be interrogated heavily.

Hackers lock iPhones remotely and demanding $100 to unlock it


In recent hours, a number of users from Australia had a nightmare as cyber criminals locked their devices and demanding payment of a ransom.

The locked devices show the following message "Device Hacked by Oleg Pliss" and instructs victims to send $100 dollars to lock404@hotmail.com to unlock their devices.

The cyber attack came to light, after one user from Melbourne shared his experience in Apple support forum and asked help to fix the problem.  Following his post, several users have reported of being affected by this attack.

It appears hackers used stolen Apple IDs and passwords to access iCloud account that allowed them to lock victim's devices and display a message.

What you should do? Don't pay the Ransom !
Affected users are advised to contact Apple directly to regain access to their account.  

Once you have access to your account, change the password immediately and enable two step authentication feature for your account.

Hacker surrenders, after Roger Ver puts $20,000 bounty on the Hacker


Be Careful who you are messing with, An attacker realized he picked a wrong victim when the victim decided to spend $20,000 to find him.

Roger Ver, the man known as "Bitcoin Jesus, who is the Angel investor in lots of Bitcoin startups, announced a 37.6BTC reward(about $20k) for information that leads to the arrest of the hacker who hijacked his Hotmail account and threatened to ruin his life.

It all started when the hacker managed to hijack an old Hotmail account of Roger by answering the security questions.

According to reddit, the attacker used the hotmail account to gain access to Roger's old facebook account and one of his domain accounts at register.com.  The attacker also attempts to hack his primary email account and domain name. 

The attacker using the screen name 'savaged' contacted Roger via Skype and demanded "37.63289114 BTC"

"I think we both know this won't be pleasent and let's be honest there is nothing you can do to have me caught, I've been around too long" The attacker said.

"Let's be honest I will sell [SSN REDACTED] + your information to fraudsters that will credit f*** you then get your moms social and credit f*** her too and ruin both your lives"

The hacker also claimed he is the one who hacked @UberFacts twitter account which has 6.7 M followers.

A Bounty on the Hacker:
But, Roger decided to follow a technique used in the movie called 'Ransom': Rather than giving the money to criminals, he posted he was putting a bounty on the hacker instead.



When the attacker learned of the bounty on his head, he got scared and deleted Roger's hotmail and gave the password for all other accounts and ran away.

"I just need to raise funds for my mother, but since you aren't going to help, all your passwords are: Nigger55" The person on the end of skype said.

"Goodbye, Sir, I am sincerely sorry I am just a middleman I was being told what to tell you."

Roger said in his tweets the things are back to control and not a single Bitcoin was stolen. 

Doge Vault hacked, 121 Million Dogecoin appears to be stolen


A Popular Dogecoin online wallet service DogeVault has reportedly been infiltrated by cyber criminals, millions of Dogecoins missing from user's wallet.

A note on the front page of the website(www.dogevault.com) says DogeVault service compromised by attackers on May 11, resulting in a service disruption and tampering with wallet funds.

The website has not provide much information about how much they lost in the heist.  However,  Some users at reddit reported that coins have been transferred to a newly created mega wallet.

According to Dogechain records, this wallet (DHKM6NDUUv9kaHAGi1QU7MRBNKfQiAdP3F) has more than 121 million Dogecoins that is about $56,000 dollars.

"We are currently in the process of identifying the extent of the attack and potential impact on user's funds" The statement on the website reads.

DogeVault suggests users not to transfer any funds to Doge Vault addresses until they finish the investigation.

Syrian Electronic Army hacks 4 Wall Street Journal twitter accounts


Wall Street Journal was caught in the crossfire between the Syrian Electronic Army and Ira Winkler who is the CEO of security firm Secure Mentem.

The Syrian Electronic Army(SEA) hijacked four twitter accounts belong to WSJ : @WSJD,  WSJ Europe(@WSJPEurope), WSJ Africa(@WSJAfrica) and WSJ Vintage(@WSJVintage).

SEA posted the message "@Irawinkler is a cockroach" with a picture of Ira Winkler's head on the body of a cockroach.

The attack was carried out in response to a RSA Conference presentation in which Winkler talked about the hacking methods of the SEA and made fun of them.

In his presentation, Winkler also commented that "these people are like cockroaches of the Internet".

This is not the first attack carried out by SEA in response to this presentation.  Last month, the group also defaced the RSA Conference website and said "If there is a cockroach in the internet, it would be definitely you "

Wall Street Journal seems to have recovered the hijacked twitter accounts posted in twitter "We have secured our compromised Twitter accounts and they are now functioning normally."

Creepy Voice from Baby Monitor Yells at baby

It's middle of the night and 10-month-old Adam Schreck's daugher was asleep in her room.  Adam had a baby monitor that was also equipped with a camera.  Suddenly, there was a creepy voice coming from the baby monitor.

The voice said "Wake up baby.. Wake up baby" and then a long 'aaaaahhhhh'. Once Adam entered the baby's room, the camera turned towards Adam and shouted at him.

No, I'm not telling you scary stories and not even talking about the scary baby monitor scene from 'Insidious' movie.  It's real incident occurred in Cincinnati, ohio.

Someone hacked into the Adam's baby monitor and began shouting at his daughter.  The camera that was hacked is manufactured by Foscam, according to Fox19 report.

Earlier this year, security journalist Brian Krebs explained about a security bug in the Foscam's firmware.  The bug allows anyone to access the web-interface for this camera by entering a blank username and password.

This is not the first case of hackers taking control of a baby monitor, as a similar incident occurred in Houston last year.

To secure yourself, make sure you have update to date firmware and change the default user name and password of your baby monitor.

BSNL website hacked by Pakistani hacker Kai-H4xOrR


Website of Indian state-owned Telecoms company Bharat Sanchar Nigam Limited is one of the highest targets of Pakistani hackers. The site has been defaced a dozens of times in the past decade.

Today, a Pakistani hacker known as Kai-H4xOrR from Pakistan Haxors Crew has managed to deface a BSNL's sub-domain for International Roaming (http://ir.bsnl.co.in/).

" Payback For Hacking Pak Sites .!! " The hacker said in the defacement.

"And Dont mess with Pakistan else you will lose both your Name and this Game Backoff Lamers from our cyber space.. Everybody Knows whose cyber space is more vulnerable You will hack 1 we will hack thousands ./Logout "

At the time of writing, the website is still defaced.  The mirror of the defacement can be found here: http://legendhacks.com/defacements/?id=7173

The same hacker defaced the BSNL's sub-domain for the Online Certificate Programme in the mid of March, 2014.

British National Party's Twitter account and website hacked by Anonymous


A Hacker appears to affiliated with Anonymous hacktivists has hijacked the official twitter account of British National Party(BNP) and started to post anti-government and hateful messages.


The hacker also managed to deface one of the subdomains of BNP(British National Party Twitter account hacked by Anonymous ).  The defacement message simply says "Hacked by Anon_0x03, [redacted] the Government!"

When an user asked about the motive of the attack, the hacker simply replied that BNP is a random target.

"I'm not even from GB." the tweet posted from hacked BNP account(@BNP) reads.

It appears hackers have access to the account for more than 20 hours.  But, No one from BNP have noticed.  The recent tweet says "damn racist".

At the time of writing, the hacker has still access to the BNP twitter account and the subdomain is still defaced.

LK Advani's official website hacked by Pakistani Hacker

Screenshot of Defacement

The next day after Bihar BJP's official website get hacked by hacker claimed to be from Pakistan, the official website of Senior BJP Leader LK Advani (www.lkadvani.in) also got defaced by the same hacker.

The hacker who called himself Muhammad Bilal began the defacement message by saying "I'M Back ;D gOOd mOrNing Narendra Modi".  The hacker also wrote "Free Kashmir..Freedom is our goal."

The hacker also claimed to have defaced the websites of Bharti Janta Party In Lok Sabha and Bharti Janta Party In Rajya Sabha.

A screenshot published in the hacker's profile shows that he also gained access to the database server.  The accessed information includes email IDs, hashed-passwords, phone numbers and other details.

At the time of writing, the LK Advani's website is down for maintenance.

Hacker arrested for exploiting HeartBleed vulnerability to steal information

A 19-year-old computer science student has been arrested by the Royal Canadian Mounted Police (RCMP) and accused of stealing personal data by exploiting the "HeartBleed" vulnerability.

HeartBleed, the bug that left the Internet vulnerable, is a recently uncovered security flaw in the popular open-source encryption library(OpenSSL) which allows attackers to read memory of the server running vulnerable OpenSSL - means attacker can steal sensitive information.

Stephen Arthuro Solis-Reyes from London, Ontario, accused of exploiting HeartBleed bug to steal sensitive information from servers of the Canadian Revenue Agency(CRA), according to RCMP.

During the Police raid, his computer was seized by Canadian police.  He is scheduled to appear in court in Ottawa on July 17.

The arrest came after CRA announced that someone exploited the HeartBleed bug to steal 900 Social Insurance numbers of taxpayers.  The agency had shut down its site temporarily to prevent further attacks.

"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible." Assistant Commissioner Gilles Michaud said in a statement.

"Investigators from National Division, along with our counterparts in “O” Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners".

LaCie Security Breach went unnoticed for a Year


If you used a credit or debit card to purchase electronic items at LaCie's website last year, you may want to eagle-eye your card statements.

LaCie, French Computer Hardware company specializing in external hard drives, announced that it fell victim to a security breach that put customers' personal information and financial information at risk.

The company says cybercriminals used malware to infiltrate their website.  After getting notification from FBI on March regarding the breach, LaCie hired cyber forensic investigation firm.

Customers who made transactions between March 27,2013 and March 10,2014 were affected by this data breach.

According to an incident notification, customers' usernames, passwords, names, addresses, email IDs, credit and debit card information are all at risk.

Customers' passwords have been reset. e-commerce portion of the site has temporarily been disabled while the company "transition to a provider that specializes in secure payment processing services".

9 charged for stealing millions of dollars with Zeus Malware

The Zeus malware is one of the most damaging pieces of financial malware that has helped the culprits to infect thousands of business computers and capture passwords, account numbers and other information necessary to log into online banking accounts.

U.S. Department of Justice unsealed charges against nine alleged cyber criminals for distributing notorious Zeus malware to steal millions of dollars from bank accounts.

Vyachesla V Igorevich Penchukov, Ivan Viktorvich Klepikov, Alexey Dmitrievich Bron, Alexey Tikonov, Yevhen Kulibaba, Yuriy Konov Alenko, And John Does are charged to devise and execute a scheme and artifice to defraud Bank Of America, First Federal Savings Bank, First National Bank Of Omaha, Key Bank, Salisbury Bank & Trust, Union Bank And Trust, And United Bankshares Corporation, all of which were depository institutions insured by the Federal Deposit Insurance Corporation.

They are also accused to use Zeus, or Zbot, computer intrusion, malicious software, and fraud to steal or attempt to steal millions of dollars from several bank accounts in the United States, and elsewhere.

It has also been reported that defendants and their co-conspirators infected thousands of business computers with software that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the captured information to steal millions of dollars from account-holding victims' bank accounts.

Account holding victims include Bullitt County Fiscal Court, Doll Distributing, Franciscan Sisters Of Chicago, Husker Ag, Llc, Parago, Inc., Town Of Egremont, And United Dairy...


They have also been given notice by the United States of America, that upon conviction of any defendant, a money judgment may be imposed on that defendant equal to the total value of the property subject to forfeiture, which is at least $70,000,000.00.

The United States of America has also requested that trial of the case be held at Lincoln, Nebraska, pursuant to the rules of this Court. The Metropolitan Police Service in the U.K., the National Police of the Netherlands’ National High Tech Crime Unit and the Security Service of Ukraine are assisting the investigation.

31 Security bugs fixed in Google Chrome 34

Google has announced the stable release of Chrome 34, an update brining number of fixes, functionality improvements and security updates.

In total, 31 security vulnerabilities have been patched in this latest version 34.0.1847.116 which includes medium to high severity bugs.

The list of high severity bugs are UXSS in V8, OOB access in V8, Integer overflow in compositor, Use-after-free in web workers, Use-after-free in DOM, Memory corruption in V8, Use-after-free in rendering, Url confusion with RTL characters and Use-after-free in speech.

The medium severity bugs include Use-after-free in speech, OOB read with window property and Use-after-free in forms.

A total of $29,500 has been awarded to researchers who reported the above security vulnerabilities.

Syrian Electronic Army gather evidence that Microsoft selling your information to FBI

A document recently leaked by Syrian Electronic Army shows that Microsoft is charging FBI secret division to legally view customer information.  The documents are said to have been taken from Microsoft.

Syrian Electronic Army(SEA) is known for hacking social media accounts and websites of top organizations including Microsoft, CNN, Daily dot and more. 

SEA allowed the Daily Dot to analyze the documents before they published in full.

The document is said to be containing emails and invoices between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU).

The documents shows that Microsoft charged FBI $145,100 in December 2012, broken down to $100 per request for information.  But in 2013, Microsoft allegedly doubled the amount, charged FBI $200 per request for a total of $352,200.  For the recent invoice(Nov 2013), they charged $281,000.

The information provided to FBI including Live email ID, PUID, name, address, country, IP address, Date of Registration and few other details.

Here is the screenshot of documents:





Critical SSRF vulnerability in Paypal's subsidiary allows to access Internal Network

Shubham Shah, a web application pentester from Australia, has discovered a critical Server Side Request Forgery(SSRF) vulnerability in the Bill Me Later website, a subsidiary of Paypal. The vulnerability exists in the subdomain(merchants.billmelater.com).

"The vulnerability itself was found within a test bed for BillMeLater’s SOAP API, which allowed for queries to be made to any given host URL." researcher explained in his blog post.

An attacker is able to send request to any internal network through the API and get the response.  Some internal admin pages allowed him to query internal databases without asking any login credentials.

Researcher says that a successful exploitation may result in compromising the customers data.

The bug was reported to Paypal on October 2013 and he got reward from them on Jan. 2014.

Paypal has partially fixed the bug by restricting the SOAP API to access the internal servers.  However, researcher says that it still act as proxy to view other hosts.

If you would like to know more details about SSRF vulnerability and how it can be exploited for port scanning or internal network finding, you can refer the Riyaz Waliker blog post and this document.

Syrian National Coalition website and US Central Command hacked by Syrian Electronic Army


The official website of the National Coalition for Syrian Revolutionary and Opposition Forces(etilaf.org) and few other websites have been hacked and defaced by Syrian Electronic Army.

In addition to Syrian National Coalition hack, the group also hacked into Masarat Syria (masaratsyria.com) and the City Council of Daraya (darayacouncil.org).

The hacked websites went offline at the time of writing, A mirror of the defacement can be found here:
  • http://www.zone-h.org/mirror/id/22015751
  • http://www.zone-h.org/mirror/id/22015787
  • http://www.zone-h.org/mirror/id/22015855
Recently, the group also announced that they have successfully breached the US Central Command(CENTCOM) and accessed hundreds of documents.

In the meantime, the Syrian Electronic army also posted a tweet "How much does @Microsoft charge @FBIPressOffice ever month to spy on your emails? Stay tuned for their leaked documents. #SEA #PRISM".

Miley Cyrus, Taylor Swift and Britney Spears websites hacked by Ethical Spectrum

Update :
The latest tweet from the hacker shows he compromised the database containing username and password details belong to these websites "The database of #MileyCyrus, #SelenaGomez......etc with 2,5 million users and pass is for sell, anyone interested email me at my mail"

Exclusive Information:
The hacker told E Hacking News that he found multiple vulnerabilities in the Groundctrl website and gained access to the database server.

He also gained access to the CMS panel which manages the celebrities' websites.
GroundCtrl CMS Panel

Original Article:

 
A hacker going by online handle "Ethical Spectrum" has hacked into websites belong to several celebrities and defaced the sites.

The affected websites include Miley Cyrus official site(mileycyrus.com), Selena Gomez(selenagomez.com), Taylor Swift site(taylorswift.com), Britney Spears site(britneyspears.com).

We are able to confirm that these are official websites of the celebrities, as it is being linked from their twitter account.

According to hackers twitter account(@Eth_Spectrum), he hacked into the above mentioned websites on March 8th.  The website was restored after the breach.  However, hacker mentioned he once again managed to deface them.  ]

Other websites attacked by the hacker are Ground Ctrl(groundctrl.com), mypinkfriday.com, Chelsea Handler site (chelseahandler.com), Aaron Lewis(aaronlewismusic.com/), therealcocojones.com, christinagrimmieofficial.com, Kacey Musgraves(kaceymusgraves.com).

The defacement just reads "Why i hacked this site, you can ask this person greg.patterson@groundctrl.com".

Greg Patterson is the co-founder of the Groundctrl, an organization that build websites for artists.  It appears the security breach started from Groundctrl.

Other affected sites:
  • Pat Green(patgreen.com),  
  • Rob Thomas(robthomasmusic.com), 
  • Rock Mafia(rockmafia.com  ), 
  • ritawilson.com  , 
  • sum41.com
  • nickcarter.net
  • jordanknight.com
If you are not able to see the defacement, you can find the mirror here:
http://www.zone-h.org/archive/notifier=Ethical%20Spectrum

All of the affected websites are currently showing the maintenance error message except groundctrl official website.

Hacker didn't provide much information about the breach, so we are not sure how exactly he hacked into all of these websites, whether he found a zero-day exploit on the cms developed by groundctrl or all of the affected sites managed in a central place.