Wednesday, 19 March 2014
Labels:
Cyber News
German Car Manufacture Company namely Citroen got hacked by some Unknown hackers,Hackers had planted a "Phishing Page" at shop.citroen.de inorder to get customers data and which lead to DATA COMPROMISATION.The Car makers have confirmed the "USER DATA COMPROMISE" occurs,but it’s uncount in how many quantity of CUSTOMERS are impacted.
Alex Holden of Hold Security has investigated the breach.The backdoor is now successfully removed according to there officials that backdoor was planted since 2013.
Hackers exploited Adobe Coldfusion vulnerability to get access on the server and customers data,
other renown website which are exploited by the same vulnerability in past were Smucker and SecurePay.
Source : http://www.whogothacked.com/2014/03/citroen-gets-hacked-customer.html
Read More
Citroen Deutschland Hacked Users Data Compromised
German Car Manufacture Company namely Citroen got hacked by some Unknown hackers,Hackers had planted a "Phishing Page" at shop.citroen.de inorder to get customers data and which lead to DATA COMPROMISATION.The Car makers have confirmed the "USER DATA COMPROMISE" occurs,but it’s uncount in how many quantity of CUSTOMERS are impacted.
Alex Holden of Hold Security has investigated the breach.The backdoor is now successfully removed according to there officials that backdoor was planted since 2013.
Hackers exploited Adobe Coldfusion vulnerability to get access on the server and customers data,
other renown website which are exploited by the same vulnerability in past were Smucker and SecurePay.
Source : http://www.whogothacked.com/2014/03/citroen-gets-hacked-customer.html
Tuesday, 18 March 2014
Labels:
Tutorials
Read More
Hacking Facebook User 'Access Token' with Man-in-the-Middle Attack
Facebook has several security measures to protect users' account, such as a user "access token" is granted to the Facebook application (like Candy Crush Saga, Lexulous Word Game), when the user authorizes it, it provides temporary and secure access to Facebook APIs.
To make this possible, users have to 'allow or accept' the application request so that an app can access your account information with the required permissions.
The Access Token stores information about permissions that have been granted as well as information about when the token will expire and which app generated it. Approved Facebook apps can publish or delete content on your behalf using the access tokens, rather than your Facebook password.
Access tokens are pretty sensitive, because anyone who knows the access token of a user can access the user's data and can perform any actions on behalf of the user, till the token is valid.
In Past years, Many Security Researchers reported various Oauth vulnerabilities to the Facebook Security team, but if the app traffic is not encrypted, you are not protected from the man-in-the middle attack and the attacker could steal your private information, using 'access token'.
Thus, access token is enough to allow a hacker to do all that the app authorized to do. The vulnerability is not new, it has already been known for a year, but Facebook is still vulnerable to hackers and surveillance specialized agencies like the NSA.
FACBOOK CAN'T FIX IT: The Facebook Security team has acknowledged the vulnerability claimed by Ahmed Elsobky, a penetration tester from Egypt, "We'd actually received an earlier report from another researcher regarding this same issue. In response to that report, we've been working on limiting this behavior when it comes to our official apps, since they're pre-authorized. For other apps, unfortunately, fully preventing this would mean requiring any site integrating with Facebook to use HTTPS, which simply isn't practical for right now."
He demonstrated that 'How to hack a Facebook account by hijacking access token with Man-in-the-Middle attack', as shown:
Facebook apps must be protected from man-in-the middle attacks, and this can be done effectively by using HTTPS to encrypt any traffic that contains sensitive information or authentication credentials...
HOW TO PROTECT YOUR ACCOUNT: If You are a Facebook app developer, you should never send an 'access token' over unencrypted channels and Facebook users should only trust the encrypted apps and use "HTTPS Everywhere" Browser Extension for automated security...
Monday, 17 March 2014
Labels:
Cyber News
# Pakistan Zindabad
Read More
TOYOTA & RENAULT & CHEVROLET Guatemala Hacked
TOYOTA & RENAULT & CHEVROLET Guatemala Hacked
# Hacked By Team Cyber Criminals
# Pakistan Zindabad
http://www.chevrolet.com.gt/
http://www.renault.com.gt/
http://www.toyota.com.gt/
Hacked By Team Cyber Criminals
mirrors;
http://zone-h.com/mirror/id/22028173
http://zone-h.com/mirror/id/22028170
http://zone-h.com/mirror/id/22025495
Pakistani Team..
Labels:
Cyber News
Read More
Yet Another Cyber attack on Iranian Nuclear Facility
TEHRAN, Iran (AP) — Iranian Authorities have discovered another "Code Bomb" in Iran's Heavy water reactor which have been successfully Neutralized before any disaster Occurred .
Asghar Zarean , Senior nuclear security officed at the Atomic Energy Organization of Iran said on saturday"Iran's intelligence agencies were instrumental in uncovering the plot. authorities detected sabotage at the country's heavy water reactor facility and neutralized it before any damage was done."
Iran's Natanz uranium enrichment facility was already target in 2010 by so-called Stuxnet virus that disrupted operation of centrifuges, a key component in nuclear fuel production.
Asghar Zarean Further added Stuxnet and other computer virus attacks are part of a concerted campaign by Israel, the U.S. and their allies to undermine its nuclear program.
Sunday, 16 March 2014
Labels:
Cyber News
Read More
NATO Websites Targeted in Attack Claimed by Ukrainian Hackers
NATO said several of its websites were targeted in a “significant” cyber attack on Saturday that was claimed by Ukrainian hackers in what appeared to be the latest bout of virtual warfare linked to the country’s crisis.
Spokeswoman for the military alliance Oana Lungescu said on Twitter that the websites had been hit by “a significant DDoS (denial of service) attack”, but that it had had “no operational impact”.
Under DDoS attacks, hackers hijack multiple computers to send a flood of data to the target, crippling its computer system.
Lungescu said experts were working to restore normal function but the websites remained down for hours and still could not be accessed at around 0430 GMT on Sunday.
Lungescu did not say who was responsible for the attack, which was claimed by a Ukrainian hacker group called Cyber Berkut, the name given to the feared elite riot police involved in a bloody crackdown on protesters in Kiev.
In a statement on its website www.cyber-berkut.org, the group said it had targeted three NATO websites over what it claimed was the alliance’s interference in Ukraine and support of the “Kiev junta”.
“We will not allow the presence of NATO in our homeland,” said the statement, which could not be independently verified.
Ukraine has been shaken by turmoil that saw a bloody street revolt oust pro-Russian president Viktor Yanukovych in February as anger exploded over his rejection of closer ties with the European Union in favour of Moscow.
Moscow sparked anger after it sent its forces to occupy the majority Russian-speaking Black Sea peninsula of Crimea, where regional authorities declared independence and will hold a referendum on Sunday on whether to leave Ukraine and join Russia.
NATO and its members have spoken out strongly against the vote, which has escalated East-West tensions to their worst point since the Cold War.
The electronic attack is the latest of several that have seen Ukraine tensions hit cyberspace.
On March 8, British-based BAE Systems said dozens of computer networks in Ukraine had been infected by an aggressive new cyber weapon called Snake, which experts said was most likely the work of Russian hackers.
Subscribe to:
Posts
(
Atom
)
