Dubai Police social media accounts hacked on Sunday night. A previously unknown hacker group which identified itself on twitter as @TheHorsemenLulz hacked the Dubai Police’s twitter and Tumblr accounts. Dubai Police have confirmed that its official twitter account has been hacked.
The hackers also claimed several other cyber attacks in the UAE, including taking down the websites of Noor Islamic Bank, the Telecommunications Regulatory Authority and the Central Bank.
Unvalidated Redirection Vulnerability in Kaspersky website has found by security expert Ebrahim Hegazy, Cyber Security Analyst Consultant at Q-CERT.
According to Ebrahim blog post, the “Unvalidated Redirection Vulnerability” in the website of the well known Antivirus and Internet Security software developer Kaspersky could be used by attackers to trick Kaspersky.com users into visitng Malicious web-sites!
After the researcher reported the vulnerability to Kaspersky team, it took about 2 months to fix the vulnerability. The vulnerability was reported to Kaspersky web team and now it is fixed.
The video bellow demonstrates how to simulate a black-hat method to use this vulnerability to spread a Malware.
Originally posted at Internet Security Magazine
The credit and debit card information of more than 110 million Target customers was stolen by hackers
The malware at the center of Target’s recent data breach affecting millions of customers was partly written in Russian, according to a report issued Thursday by US government authorities and cyber security researchers. The data was quietly moved around on Target’s network before it was sent to a US server, then to Russia.
The report, which was only distributed to organisations that are involved or may have been attacked, describes a sophisticated cyber attack operation authorities are calling Kaptoxa, a Russian word that comes from a piece of code in the malware.
Target said the breach occurred between November 27 and December 15 and resulted in the theft of names, mailing addresses, phone numbers, e-mail addresses, and debit and credit card data of people who shopped at the retailer during those dates.
Tens of thousands of people received an e-mail from Target. In an effort to temper the repercussions of its massive data breach, Target offered to give affected customers one year of free credit monitoring from Experian – valued at $191.
Malicious advertisements served via Yahoo!
Malicious advertisements served via Yahoo, reports the Fox-IT.
Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Upon visiting the malicious advertisements users get redirected to a “Magnitude” exploit kit via a HTTP redirect to seemingly random sub-domains. This exploit kit exploits vulnerabilities in Java and installs a host of different malware. The countries most affected by the exploit kit are Romania, Great Brittain and France.
It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors. The exploit kit bears similarities to the one used in the brief infection of php.net in October 2013.
Update January 3, 1815 (GMT+1): It appears the traffic to the exploit kit has significantly decreased. It looks like Yahoo is taking steps to fix the problem.
The US National Security Agency is building a quantum computer to break the encryption that keeps messages secure, reports the Washington Post.
The NSA project came to light in documents passed to the newspaper by whistle-blower Edward Snowden.
The spying agency hopes to harness the special qualities of quantum computers to speed up its code-cracking efforts.
In room-size metal boxes secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world.
According to documents provided by former NSA contractor Edward Snowden, the effort to build “a cryptologically useful quantum computer” — a machine exponentially faster than classical computers — is part of a $79.7 million research program titled “Penetrating Hard Targets.” Much of the work is hosted under classified contracts at a laboratory in College Park, Md.
Hackers taunt Skype: Stop spying on people!
The Syrian Electronic Army targets the public faces of Skype, hacking messages to its blog and to its Twitter and Facebook accounts.
The publicity-minded Syrian Electronic Army on Wednesday targeted the public faces of Skype, posting antisurveillance messages to the video-chat service’s blog and to its Twitter and Facebook accounts.
On Skype’s Twitter account, for instance, this message appeared: “Stop spying on people! via Syrian Electronic Army.” That tweet, noted quickly by The Next Web, was removed within an hour, but a record of it lingered a bit longer on Skype’s Web site.
The Skype blog carried a similar headline: “Hacked by Syrian Electronic Army.. Stop Spying!”
Originally posted at Microsoft
File Folder Monitoring Software
Monitor Files and Folders for Changes in Real Time
ShareAlarmPro is a file folder monitoring software for detecting network access to files and folders in real time. The software monitors folders and disk drives that you choose and lists every filename that is being modified, created, or deleted while the folder is being monitored. Using ShareAlarmPro you can monitor users attempting to access secured shares and confidential files, detect and log network access to shared folders, monitor security events, monitor accessed files, disconnect users from open files or deny network users access, monitor sharing permission changes. ShareAlarmPro includes an intrusion detection system based on a security events log analyzer. Security Event Log Monitor monitors the security event logs of Windows NT/2000/XP servers or workstations and notifies the user about selected events detection. This software also provides you with the ability to manage and monitor all shares on your workstation, disable or enable default administrative shares, hide your workstation on the network, view the number of the users currently connected to each shared resource on your workstation. ShareAlarmPro also lets you easily browse your LAN and view all shared resources irrespective of whether they are hidden or not as well as view connections to shared resources on remote workstations. The program has a firewall system that blocks any unwanted connection to your shared resources. Besides, ShareAlarmPro monitors your shares permissions and alerts if “Everyone”, “Domain Users” or other selected broad access group is added to the permissions of a share. Apart from that, ShareAlarmPro includes folder watcher functions. You can perform folder monitoring and folder content change tracking. With ShareAlarmPro you can centralize all alarms, thus having the opportunity to monitor several shares on multiple servers from a single location. The program logs all detected events (access to shared folders, security events, folder watcher events) in an HTML format.