Saturday, 14 February 2015

Windows Security Bypass 10 With One Bit

Namaste! Good Morning,

In the last set of patches from Microsoft for February 2015 was closed not only notorious JASBUG , but also the vulnerability CVE-2015-0057 with the same maximum risk rating (total in the February set three critical bug). 


The vulnerability allows for escalation of privileges to gain complete control over a victim's computer and bypass all security mechanisms Windows. The bug is in the GUI-component core - module Win32k.sys. Namely, in the structure information about the scroll bars in windows on the screen.


There is a function xxxEnableWndSBArrows , which determines whether to display a scroll bar or show the scroll bar. This is where the hidden "bug", which is found by static code analysis. At some point freed memory bits, where he kept the flags of states scrollbars. These bits we use (Use After Free). 

At first glance it seems a minor vulnerability. But if it is right unleash a chain, it's in your hands full control of any system from Redmond. Exploit reliably works in all versions of Windows, from Windows XP and up to 10, with all the included security mechanisms. 

The author believes that the attackers will be successfully exploit this vulnerability for a long time.
Read More »

Thursday, 22 January 2015

Annomymous Hacker Sentenced for 5 years by Federal Judge in Dallas

Namaste! Good Morning,


Barret Brown is sentenced to 63 Months in prison by a federal judge in Dallas, including the 31 months he has already served.

Brown, 33, was pleaded guilty in April to being an accessory after the fact for attempting to assist a hacker, hiding two computers from FBI agents who were executing a search warrant and threatening an FBI agent in a video.

The accessory after the fact charge relates to an incident in December 2011 when someone Brown knew as "o" hacked the computer network of Austin, Texas-based private intelligence firm Stratfor and obtained confidential information, including credit card details, according to court papers.

Brown knew that the incident harmed Statfor's website and removed confidential data, according to court documents.

He also attempted to communicate with Stratfor's top official on behalf of the hacker to minimize damage, the papers said.

In a statement read in court on Thursday, Brown said his role was to post a link which had already been made public.

He said the government "exposed me to decades of prison time for copying and pasting a link to a publicly available file that other journalists were also linking to without being prosecuted."

Brown expressed regret for some of some of his actions, including threats made in online videos.

"The videos were idiotic, and although I made them in a manic state brought on by sudden withdrawal from Paxil and Suboxone, and while distraught over the threats to prosecute my mother, that's still me in those YouTube clips talking nonsense about how the FBI would never take me alive," he said.

Attempts to reach Brown's attorneys were unsuccessful.

 Listen Barrett Brown  in Youtube


Read More »

Hacker Arrested for Leaking Songs From Madonna's New Album Rebel Heart

Namaste! Good Morning,

Police in Israel have arrested a 39 year old man on suspicion of hacking into Madonna's compute and leaking songs from her new album "Rebel Heart".

The hacker was detained by members of the country's crime-fighting unit.

Officers are investigating allegations the suspect "broke into the personal computers of several international artists over the past few months and stole promotional final-cut singles which have yet to be released and traded them online for a fee". 

The Investigation by a security firm traced the breach of Madonna's computer to Israel. Her songs are leaked before its release date. 

"I'm profoundly grateful to the FBI, the Israeli Police investigators and anyone else who helped lead to the arrest of this hacker," Madonna, above, said in a statement.  

"Like any citizen, I have the right to privacy. This invasion into my life - creatively, professionally, and personally - remains a deeply devastating and hurtful experience, as it must be for all artists who are victims of this type of crime."

Hacking into Stars Personal Computers and into getting into their Account and stealing important data is getting easier these days. Seeing the rate of hacking into this personalities it seems that either the stars are not that good with protecting their own stuff of the hackers are becoming smarter day by day. 

Read More »

Friday, 17 October 2014

Nullcon Goa 2015 is Here Pirates! | Time to Set Sail Toward Goa

Namaste! Good Morning,

"Nullcon 2015" sets green flag to Call For Papers. This is the sixth year of Nullcon . Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. 

Motto of Nullcon is "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology.

nullcon goa 2015

The idea started as a gathering for researchers and organizations to brain storm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security.

In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

 Nullcon is managed and marketed by Payatu Technologies. The idea of nullcon emerged out of null - The open security community, a registered not-for-profit society and the largest active security community in India with over 8 chapters in major cities - Bangalore, Mumbai, Chennai, Pune, Hyderabad, Mysore, Trivandrum and Delhi.

As a tribute to the community nullcon funds null to further null's cause and supports all of its initiatives.

While submitting the research paper remember that it's yours on research work . Also the abstract must be detailed and it must not just contain the mere introduction to the research/hacks. And any Paper/research that is more of marketing based and promoting its company may be rejected.

Important Dates:
  • CFP Opens: 6th Aug 2014
  • 1st round of Speaker list Online: 6th Sept 2014
  • CFP Closing Date: 1st Nov 2014
  • Final speakers List online: 6th Nov 2014
  • Detailed Paper submission by selected speakers: 6th Jan 2015
  • Training Dates: 4th-5th Feb 2015
  • Conference Dates: 6th-7th Feb 2015
More details related to CFP of Nullcon 2015 can be read from here.

The Venue Details

Venue: The Bogmallo Beach Resort, Goa, India
Contact: +91 - 99229 00657
For Inquiries: info@nullcon.net
For Sponsorship: sponsor@nullcon.net
Registrations Open: Sep '14

This is the rare chance to meet your old friend and make new friends. You get to meet like minded peoples and an environment you would love to work in. Good luck for the event
Read More »

Tuesday, 7 October 2014

Poorly Configured Oracle Reports Database Server Leads to Huge Data Leak at MBIA Inc.

Namaste! Good Morning,

KrebsOnSecurity notified to MBIA Inc. about the huge data leak this Monday. Kreb reported that due to the misconfiguration in a company Web server, countless customer account numbers, balances and other sensitive data were exposed. This leaked sensitive data is also indexed on many popular search engines.

MBIA Inc. is a financial services company. It was founded in 1973 as the Municipal Bond Insurance Association. It is headquartered in Armonk, New York, and has approximately 400 employees. MBIA is the largest bond insurer. MBIA Inc., is based in Purchase, N.Y., is a public holding company that offers municipal bond insurance and investment management products.

After getting notification, the company disabled the vulnerable website mbiaweb.com. This Website contained customer data from Cutwater Asset Management, a fixed-income unit of MBIA that is slated to be acquired by BNY Mellon Corp.

MBIA spokesman Kevin Brown said,"We have been notified that certain information related to clients of MBIA’s asset management subsidiary, Cutwater Asset Management, may have been illegally accessed,. We are conducting a thorough investigation and will take all measures necessary to protect our customers’ data, secure our systems, and preserve evidence for law enforcement." He also added that the customers are also notified about this leak.


Documents indexed by search engines featured detailed instructions on how to authorise new bank accounts for deposits, including the forms and fax numbers needed to submit the account information.

Bryan Seely, an independent security expert with Seely Security, discovered the exposed data using a search engine. Seely said the data was exposed thanks to a poorly configured Oracle Reports database server. Another researcher Dana Taylor @miss_sudo documented the misconfigured server.


Read More »

One of San Diego FBI’s Most Wanted Cyber Fugitives John Gordon Baden Worth $5000

Namaste! Good Morning,

The Federal Bureau of Investigation (FBI) is offering a reward up to $5,000 for any information that leads to the arrest of John Gordon Baden who's 38. He is considered to be one of San Diego FBI’s Most Wanted Cyber Fugitives.

Baden is allegedly responsible for stealing the identities of 40K people and then using the stolen information to siphon funds from their brokerage or bank accounts and purchasing expensive electronic items with their credit. It is estimated that the losses caused by this fugitive are in the millions of dollars.

In July 2014, Baden along with his two co-conspirators, Jason Ray Bailey and Victor Alejandro Fernandez were indicted by a federal grand jury seated in the Southern District of California, San Diego, California, on a number of federal charges which includes, conspiracy to commit wire fraud, computer hacking, aggravated identity theft, and wire fraud. Baden was accused specifically on federal charges of conspiracy to commit wire fraud, wire fraud, and computer hacking. The charges were the result of an FBI investigation into Baden and his two co-conspirators who operated a criminal enterprise that exploited vulnerabilities in computer servers of a U.S. mortgage broker.

According to the accusation, Baden and his co-conspirators obtained mortgage applications containing customers personal identification information such as names, dates of birth, Social Security numbers, addresses, assets, tax information, and driver’s licenses by hacking into the company’s computer servers. While the criminal enterprise was based in Tijuana, Mexico, their victims stretched from California to Florida and states in between.

According to the accusation, during the period July 2011 to August 2013, Bailey, Fernandez, and Baden knowingly and intentionally engaged in a scheme whereby they would obtain and share log-in credentials that enabled them to gain unauthorized access to a U.S. mortgage broker company’s electronic customer records and the BlitzDocs computer application that the company used to manage these records.

Baden and his co-conspirators would then use log-in credentials without authorization to access BlitzDocs and the company’s electronic records and thereby steal customer’s personal identifiable information ((PII). Baden and his co-conspirators would then use this stolen PII, along with PII stolen from other victims and businesses, to defraud merchants and financial institutions, for their private financial gain.

FBI agents arrested Jason Ray Bailey and Victor Alejandro Fernandez in February 2014, on federal charges emanating from this same investigation. Those charges were superseded by a federal grand jury indictment in July 2014. Both Bailey and Fernandez remain in federal custody.

It is assumed that Baden maybe in Tijuana, Mexico, specifically the Zona Norte or Zona Centro area. Also, Baden enjoys gambling and likes to play bingo.

John Gordon Baden is described as follows: 
  • Sex: Male
  • Race: White
  • Height: 5’8” tall
  • Weight: 195 pounds
  • DOB: August 19, 1976
  • Hair: Light brown
  • Eyes: Hazel
Read More »

Sunday, 5 October 2014

New Mac OS X Botnet Discovered By Researcher's of Dr. Web Which Infected More Than 17000 Machines

Namaste! Good Morning,

Apple Mac OS X users are infected by a malware named Mac.BackDoor.iWorm . This is considered to be complex multi purpose backdoor. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. It is analysed  and recorded that the machines infected by Mac.BackDoor.iWorm is near about 17000 .

This malware was developed using C++ and Lua. It should also be noted that the malware makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the malware is launched automatically.

Doctor Web's researchers statistics show that as of September 26, 2014, 17,658 IP addresses of infected devices were involved in the botnet/malware created by Criminals using Mac.BackDoor.iWorm. Most of them—4,610 (representing 26.1% of the total)—reside in the United States. Canada ranks second with 1,235 addresses (7%), and the United Kingdom ranks third with 1,227 IP addresses of infected computers (6.9% of the total). The late September 2014 geographical distribution of the botnet/malware created with Mac.BackDoor.iWorm is shown in the following illustration:
























In order to acquire a control server address list, this malware uses the search service at reddit.com, and—as a search query—specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

The bot picks a random server from the first 29 addresses on the list and sends queries to each of them. Search requests to acquire the list are sent to reddit.com in five-minute intervals.

This malware has Lua Script which is capable to perform many actions like Get the OS  Type, Get the value from the configuration file, get Botnet uptime, Send a GET Query , Download a file, Execute a system instruction and many more .

It is said by Dr Web's Researchers that the signature of this malware has been added to the virus database, so Mac.BackDoor.iWorm poses no danger to Macs protected with Dr.Web Anti-virus for Mac OS X.

Read More »