The Government of India Leaked Personal Data of 135 Million Citizens

Indian Internet and Society Studies Center (The Centre for Internet and Society, CIS) has warned that from the state database flowed in AADHAAR number network, which is assigned to nationals system UIDAI (Unique Identification Authority of India, the Agency India's unique identification). This database is considered to be the largest biometric database in the world because it contains data from more than a billion people. Identification is based on personal data, fingerprints, and photographs of the iris. 

According to the Center for Internet and Society, the leak did not occur as a result of the attack and not because of a vulnerability in the system. The blame for the incident lies with the government agencies that govern this vast array of data and work with it. In particular, the report referred to the National Social Assistance Program (National Social Assistance Programme), the National Employment Guarantee System (National Rural Employment Guarantee Scheme), a similar regional program known as Chandranna Bima, as well as portal Daily Online Payment Reports under NREGA, which supports the National Informatics center. 

Report of The Centre for Internet and Security states says,

Since its inception in 2009, the Aadhaar project has been shrouded in controversy due to various questions raised about privacy, technological issues, exclusion and security concerns.
In the last month, there have been various reports pointing out instances of leakages of Aadhaar number through various databases, accessible easily on Twitter under the hashtag #AadhaarLeaks. Most of these leaks reported contain personally identifiable information of beneficiaries or subjects of the leaked databases containing Aadhaar numbers of individuals along with other personal identifiers
All of these leaks are symptomatic of a significant and potentially irreversible privacy harm, however we wanted to point out another large fallout of these leaks, those that create a ripe opportunity for financial fraud. For this purpose, we identified benefits disbursement schemes which would require its databases to store financial information about its subjects
During our research, we encountered numerous instances of publicly available Aadhaar Numbers along with other personally identifiable information (PII) of individuals on government websites

You can have a look into the detailed report here.

Codes Aadhaar - unique identification number consisting of 12 digits XXXX-XXXX-XXXX format. This identifier is not only stored all the data, including biometric data, as this ID, you can learn about a person almost everything: information about the place of residence, bank accounts, telephone numbers and so on. Currently, AADHAAR codes are used in India everywhere: to obtain government subsidies as identity cards for identification in the workplace, they are used in the national payment system, as well as in everyday life, for example, when buying an SIM-cards or voting at elections. 

CIS experts have warned that the "efforts" of various departments in the past few months in the Internet data flowed more than 135 million people, and the information is easy to find, even on Twitter via the hashtag #AadhaarLeaks. And since the personal data affected can be correlated with their AADHAAR code, attackers have an excellent opportunity to recreate part of the government base and start to construct a very convincing fake identity. CIS experts believe that in the first place after a leak should expect massive financial fraud cases. Also, experts believe that the government should more carefully monitor the use of UIDAI and data of third parties.

Facebook Unable To Handle The Request Due To A Temporary Overload Or Scheduled Maintenance

Facebook had a scheduled maintenance today. The reason for this is still unknown, but the problem that the mass faced during this period is huge. The main aim behind facebook is connecting the world and it failed to serve its purpose and the twitter was full of questions whether the facebook has been DDOSed or it is some other mentainance for facebook. 

People around the globe said that they had a problem loading the facebook homepage between 0600 hours to 0700 hours. according to Down Detector

It is been noted that later the website was opening on some browser but it failed to open on google chrome.

 Opera Browser was also opening the website.

Mozilla Firefox was also able to open the facebook 

and not only that the facebook  choose to even show up on Internet explorer

Uptrend reports state that Amsterdam, London, Rome, Prague, Sao Paulo, Vancouver, Toronto were still facing an error to load the home page of facebook. 

As of now the facebook is back and started serving the purpose it was built for. 

China Could Have Hacked Democratic Emails - Donald Trump

Donald John Trump is the 45th and current President of the United States said China may have hacked the emails of Democratic officials to meddle with the 2016 presidential election, countering the view of U.S. intelligence officials who have said Moscow orchestrated the hacks.

In an interview transcript published on Sunday, Trump gave no evidence backing his allegation, first made on the eve of the Nov. 8 presidential election, that China could have hacked the emails of his rivals.

"If you don't catch a hacker, okay, in the act, it's very hard to say who did the hacking," the president said in an interview with CBS Face the Nation. "(It) could have been China, could have been a lot of different groups."

The hackers roiled the presidential campaign by making public embarrassing emails sent by Democratic operatives and aides to Democratic presidential candidate Hillary Clinton. One email showed party leaders favoring Clinton over her rival in the campaign for the party's internal nomination contest.

Before Trump was elected, Donald pledged to improve relations with Moscow. Russia has denied any involvement in the hacks. Lawmakers are currently investigating whether Trump's campaign team had ties with Russia.

Like Russia, China is a longstanding cybersecurity adversary of the United States. Trump in recent weeks has softened his criticism of Chinese trade policies as Washington seeks Beijing's support in diffusing military tensions with North Korea.

2 Internet Giants Were The Victim of $100M Payment Scam

The journalists of Fortune held own investigation and shed light on the new details of a large-scale fraud, which came to light in March 2017. Then the US Department of Justice reported that 48-year-old Evaldas Rimasauskas (Evaldas Rimasauskas) was arrested in Lithuania, who is accused of that he had cheated two major technology companies, whose names were not disclosed, assigning more than 100 million dollars.

Rimasauskas  fraudulent scheme was much more sophisticated than a Nigerian spam, and other well-known techniques.

Rimasauskas made himself a fraud by the loot he established as the authority of the company producing legal computer equipment in Asia. He wanted money by sending an e-mail to senior executives of companies that regularly work with the manufacturer.

Law enforcers explained that the attacker has registered in his native Lithuania business, and the company name was exactly the same as the name of a certain Asian iron producer.

For this company Rimasauskas also opened a bank account in Latvia and Cyprus.

In the period from 2013 to 2015 Rimasauskas successfully posed as a producer of iron, using the fact that his own company called the same way. Using mail spoofing and forging invoices, contracts and letters, the attacker was able to deceive the employees affected companies and even representatives of the banks, forcing them to make major cash transfers to his account.

After receiving the money, Rimasauskas quicly did withdrawal of funds to other banks in six different countries, including Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong.

Fortune reported that the conman posing as a representative of the Taiwanese company Quanta Computer, and its victims were employees of companies Google and Facebook. 

That's two technical giants Rimasauskas managed to scam for more than 100 million dollars.

Representatives of both companies did not deny the incident and gave the journalists the following comments:

Facebook back most of the money shortly after the incident and assist law enforcement agencies in the investigation," - said representatives of the social network
We have found fraud in relation to our department on work with suppliers and immediately notified the authorities. We have already returned their money and pleased with the way everything was resolved, "- say representatives of Google.

Evaldas Rimasauskas itself is still in custody in Lithuania, but has denied all the accusations and is fighting against ekstradatsii in the United States. 

Backdoor Exploit Discovered in Popular Bitcoin Mining Equipment

BitMain is one of the leading Bitcoin mining equipment manufacturers in the world. The company’s AntMiner range of specialized hardware mining equipment makes up for over 70 percent of all the mining hardware, which could be at risk following the discovery of Antbleed security flaw.
Antminer S9

An anonymous researcher raised a storm in mayningovom community spread through Twitter about backdoor Antbleed, detected in the equipment companies Bitmain, which is the world's largest supplier of equipment for mining cryptocurrency.

It turned out that the backdoor appeared in the firmware code in July 2016, and researchers have been trying to inform Bitmain about the issue in September 2016, through the GitHub repository company, however this application ignored up until an unknown well-wisher is not attracted to the problem of public and media attention .

The official website of Antbleed explained that Bitmain device, please contact, once in 1-11 minutes, and the domain is owned by Bitmain . During each communication equipment transmits to the address provided a serial number, MAC-address and IP-address.

Bitmain can use the data to check the lists of sales and a report on the supply by identifying the device and associating it with a particular user. In turn, the piece of code above actually means that if the answer to the inquiry device will answer "False", the miner will cease its work and will be disabled.

An anonymous researcher notes that the device will be able to save not inbound-rules for the firewall, as Antbleed works through outbound-connections. It has been reported that the backdoor was discovered in the S9 Series devices and earlier versions S9s. Antbleed also likely present in the L3 models, T9 and R4, although this is only an assumption of an unknown researcher.

To find a job Antbleed check your device, the researcher proposed to modify the file / etc / hosts, add a line This will cause the device to connect to the test server researcher, is running this code , other than the code Bitmain servers - if the device is vulnerable, mining will stop at 11 minutes.

Protect against Antbleed researcher offers a proven and simple way: once again change the / etc / hosts, redirecting to localhost (

Needless to say that after the publication of this information, all the miners were indignant over the world. In fact, the backdoor allows the company to track Bitmain and disable their device and is analogous to a fairly rigid DRM-free. Worse, any attacker who carry out attacks man-in-the-middle or DNS, can also activate the backdoor, because no authentication mechanism Antbleed does not provide.

As a result, the company was forced to Bitmain justified and urgently to the official explanation. Yesterday, April 27, 2017, representatives of Bitmain published a detailed post in the blog, which explained that Antbleed - this is not the backdoor, and the company is not trying to control the user device. According to the company, this feature has been added to the code to device owners themselves can control the equipment remotely, and had a chance to disable a miner, if that is stolen or hacked. A similar function is now equipped with almost all modern smart phones. Antbleed also allows law enforcement agencies to provide more data if it is suddenly needed.

The developers admit that Antbleed never brought to mind: the development function was started with the release of Antminer S7 and should have been completed to the exit Antminer S9. However, due to some "technical problems," the plan was not implemented, and even test server was shut down in December 2016. The fact that the "backdoor" still is present in the firmware of devices - it is a bug and someone's oversight. The company reports that the problem affects the following models:

  • Antminer S9 
  • Antminer R4 
  • Antminer T9 
  • Antminer L3 
  • Antminer L3 +

Experts Bitmain apologized to users and published a new firmware on their site for all of these devices, in which the "backdoor" no longer exists.

HipChat Hacked | Company Resets Passwords

Representatives of  HipChat (popular group chat for businesses owned by Atlassian) issued an official warning , according to which in the last weekend it has discovered the invasion in one of HipChat Cloud servers. According to the company, a hacker or group of hackers took advantage of vulnerabilities in an unnamed third-party library that was used by

The attackers allegedly gained access to all instances each represented by its own URL in the format , with user account information, including their name, email and password hashes. It reported that HipChat hashes using passwords and random bcrypt salt. Also, attackers could gain access to metadata about the chat komantah, including their names and themes.

Experts from HipChat warn that hackers can compromise even the correspondence of users, as may have occurred posts leakage, and other content from some of the chat rooms. Fortunately, this problem affected only 0.05% of instances, while 99.95% in order.

The company tough says that the financial information of customers is not affected, and there was no evidence of compromised systems and other Atlassian products.

Company has resolved almost all the issues and have apologized for the disruption.

Hyundai Blue Link Application Software Potentially Expose Sensitive Information

Discoverer at Rapid7 have told that they have discovered a serious problem in the application Blue Link, Hyundai is the company develops for its cars since 2012.

Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application usernames, passwords, and PINs via a log transmission feature. This feature was introduced in version 3.9.4 on December 8, 2016, and removed by Hyundai on March 6, 2017 with the release of version 3.9.6.

Affected versions of Hyundai Blue Link mobile application upload application logs to a static IP address over HTTP on port 8080. The log is encrypted using a symmetrical key, "1986l12Ov09e", which is defined in the Blue Link application (specifically,, and cannot be modified by the user.

This vulnerability was discovered by Will Hatzer and Arjun Kumar, and this advisory was prepared in accordance with Rapid7's

Hyundai Motor America (HMA) was made aware of a vulnerability in the Hyundai Blue Link mobile application by researchers at Rapid7. Upon learning of this vulnerability, HMA launched an investigation to validate the research and took immediate steps to further secure the application. HMA is not aware of any customers being impacted by this potential vulnerability.

Teen Hacker Who Broke Into The Sun Website Now Fighting Cyber Crime

Teenage hacker who broke into The Sun newspaper's website and redirected users to a fake story saying media mogul Rupert Murdoch was dead is now a cybercrime fighter, a court has heard.

Darren Martyn was 19 years old when he, along with others, hacked into the News International website six years ago, Dublin Circuit Criminal Court heard yesterday.

Darren Martyn (Left) Donnacha O Cearbhaill (Right)

He is described in court as “highly intelligent”, told gardaĆ­ he took part in the hacking in retaliation for the UK media company's involvement in the phone hacking scandal. He was a member of Lulzsec, a part of the Anonymous hacking group at the time, the court heard.

Martyn aged 24 with an address in Cloonbeggin, Claregalway, Co. Galway pleaded guilty to two counts of criminal damage to data that was the property of News International in July 2011.

His co-accused, Donncha O’Cearbhaill, last month received a suspended sentence for his part in the hacking.

Darren  Martyn is now a security researcher for a UK consultancy firm, the court heard. Judge Karen O'Connor remanded on continuing bail to May 24 for sentence.

Because of the the hacking, the websites of The Sun and its sister news sites, The Times and The Sunday Times were shut down for a few hours. It took a further three weeks to fully restore the website and deal with security vulnerabilities, Gda Brennan said.

“Mr Martyn is someone who is highly intelligent,” Mr Mulrooney said. “He knew what he was doing was wrong, however at the time he thought it was acceptable. He no longer holds that view and he apologises for what he did.”

“He is now using the significant skills he has to prevent cyber crime,” Mr Mulrooney said.

He urged Judge O'Connor to consider imposing a non-custodial sentence, saying the chances of Martyn re-offending were “very slim”.

Arkansas JobLink Has Been Affected By A Security Incident.

Arkansas JobLink has been affected by a security incident. Between 3/2/2017 and 3/14/2017, individual job seeker account information including name, date of birth, and Social Security number may have been accessed by an unauthorized user. Additional details about the incident and how to protect your information can be found here or call the AJLA Response Center at (844) 469-3939.

"Law enforcement was immediately notified and an independent forensic firm was retained to investigate the cause and scope of the malicious activity. This investigation revealed that by exploiting a code misconfiguration, the hacker was able to see the name, date-of-birth, and social security numbers of affected job seekers accounts," the department wrote in a statement.
The breach affected 597,214 Arkansans, but only about 100,000 have been notified because they had valid emails.

Little Rock based tech company Aristotle does not host or manage the workforce website and was not involved in the cyber attack, but their president Elizabeth Bowles is an expert in the field and says the state does have a law about security breach notifications.

"It requires reporting under certain circumstances and in certain ways and email is sufficient if the breach is over 500,000 people or it costs more than $250,000 dollars to accomplish by other means." Bowles said.

"It's important the state do its due diligence to ensure those third party servers are secure and those third parties can be trusted," she said.

The threat of a future breach has been eliminated according to a statement from the Dept. of Workforce Services. Those who had their information on the website are encouraged to monitor their accounts and credit reports.

Mastermind Hacker Adam Mudd Jailed for attacks on Sony and Microsoft

Adam Mudd jailed for two years for creating attack-for-hire business responsible for more than 1.7m breaches worldwide. Adam Mudd was 16 when he created the Titanium Stresser program, which carried out more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft and TeamSpeak, a chat tool for gamers.

Adam Mudd was 16 when he created Titanium Stresser, which was used to carry out more than 1.7 million attacks. Photograph: Bedfordshire police/PA

He earned the equivalent of more than £386,000 in US dollars and bitcoins from selling the program to cybercriminals.

Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, noted that Mudd came from a “perfectly respectable and caring family”. He said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”.

Topolski said the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.”

During the two-day hearing, Jonathan Polnay, prosecuting, said the effect of Mudd’s hacking program was “truly global”. “Where there are computers, there are attacks – in almost every major city in the world – with hotspots in France, Paris, around the UK,” he said.

Adam carried out 594 of the distributed denial of service (DDoS) attacks against 181 IP addresses between December 2013 and March 2015.

He admitted to security breaches against his college while he was studying computer science. The attacks on West Herts College crashed the network, cost about £2,000 to investigate and caused “incalculable” damage to productivity, the court heard.

Polnay said there were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses. Of those, nearly 53,000 were in the UK.

Among the targets was the fantasy game RuneScape, which had 25,000 attacks. Its owner company spent £6m trying to defend itself against DDoS attacks, with a revenue loss of £184,000.

When he was arrested in March 2015, Mudd was in his bedroom on his computer, which he refused to unlock before his father intervened.

Mudd, who was expelled from college and now works as a kitchen porter, had been offline for two years, which was a form of punishment for any computer-obsessed teenager, Cooper said.

Cooper said: “This was an unhappy period for Mr Mudd, during which he suffered greatly. This is someone seeking friendship and status within the gaming community.”

The judge said: “I have a duty to the public who are worried about this, threatened by this, damaged by this all the time … It’s terrifying.”

Uber is Spying On You - Apple IPhone Users

The journalists The New York Times told about an interesting incident that occurred at the beginning of 2015. It appears, then Apple's CEO Tim Cook personally threatened the head of Uber Travis Kalanick that Uber app will be removed from the App Store, if Uber will not stop breaking the rules.

The publication says that the idea to fool Apple and circumvent the rules established by the company, there in the camp Uber 2014, when the service suffered from numerous cases of fraud. The fact that China and some other countries, the drivers began to massively buying stolen goods and a cheap iPhone in the secondary market and to create with them dozens of fake accounts. After crooks ordered with these trips and performs such bogus orders.

The problem was that Apple prohibits somehow keep track of your devices and to identify them after the removal of all data, or delete a specific application.

However, Uber developers still took a chance and together with the application the company began to implement in the iPhone users are small "tokens." Even after a complete reset the machine, these tags allow later identify specific iPhone and detect fraud.

Since this method violates the rights of Apple, Travis Kalanick proposed an original solution to the problem. He suggested that developers use geozonirovanie and obfuscate the application code, when it works at Apple headquarters in Cupertino, or somewhere nearby. In fact, Uber was not supposed to show Apple employees that he "ticks" user devices, in their presence, demonstrating good behavior.

Of course, all the secret sooner or later becomes apparent, and soon the Apple engineers who were outside Cupertino, noticed something suspicious and figured out what makes Uber app. Then, according to The New York Times, Tim Cook invited Travis Kalanick meet in person at the Apple office, and when the meeting took place, Cook reprimanded the head of Uber and warned that the application will be removed from the App Store, if Uber will not stop "tag" users of smartphones .

Uber representatives have already responded to the publication of The New York Times and deny the charges. Edition of The Verge Uber representative said that the company has never tried to track specific users after you uninstall an application.

Then Uber representatives were forced to apologize and promised to see to it that Greyball no longer used to lock the authorities.

Hard-coded Credential Flaw in Wireless Access Points Identified and Fixed

Researchers at Talos regularly exhibit a variety of problems in the network devices, targeted at home users.

Earlier this month, Talos responsibly disclosed a set of vulnerabilities in Moxa ICS wireless access points. While most of the vulnerabilities were addressed in the previous set of advisories, Talos has continued to work with Moxa to ensure all remaining vulnerabilities that Talos identified are patched.

This vulnerability was identified by Patrick DeSantis of Talos.

TALOS-2016-0231 (CVE-2016-8717) is a hard-coded credential vulnerability within Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client devices. An undocumented, root-level account with hard-coded credentials exists in these devices with no mechanism to disable or remove the account permanently. An attacker could leverage this account and gain complete control of the device remotely.

The fact that experts found in Moxa devices hardcoded credentials: Username: 94jo3dkru4 Password: moxaiwroot , are allowed to enter the undocumented Account with root-rights.

Moxa developers have already released a patch for this problem. Now Cisco experts recommend that users install the update as soon as possible, or close the remote access to your device by disabling SSH and Telnet.

Samsung Smart TV Wi-Fi Direct Improper Authentication

Samsung Smart TVs running Tizen OS are prone to a security vulnerability that allows an attacker to impersonate a trusted device to obtain unrestricted access without authentication when connected via Wi-Fi Direct.

Researchers at Neseso which is an independent security consulting company with more than 10 years of experience in security research and vulnerability assessment told about the problem . 

According to Researchers , the problem lies in the implementation of authentication with Wi-Fi Direct technology, which is used in Samsung TVs. This mechanism allows users to not to authenticate every time, instead the TV can be "paired" with any trusted device whose MAC-address eventually gets added to the white list. The user will be notified that the device is connected from the white list from the TV, but no further authentication is required.

Once connected the attacker have access to all the services provided by the TV, such as remote control service or DNLA screen mirroring. If any of the services provided by the Smart TV, once connected using WiFi-Direct, is vulnerable the attacker could gain control of the Smart TV or use it to pivot and gain access to the network where the Smart TV is connected to. 

Interestingly, the Samsung representatives did not see this as any threat, in fact, allows you to completely bypass the authentication, the developers of Samsung conducted an investigation and found no problems in this functionality. 

Neseso recommends to remove all the white listed devices and avoid using the WiFi-Direct feature for the time being.

Hack In Paris 2015 Invites All Hackers .

Namaste! Good Morning,

Woahh!!! Hold on hackers !!! Hack In Paris is here and this is the 5th time Hack In Paris is ready to Rock Paris .

Intrusion attempts are more and more frequent and sophisticated, regardless of their targets (states or corporations).It's in this context that international hacking events are multiplying. A few events take place in France, but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects.It is this gap that Hack In Paris aims to fill. 

After the success of last year, with more than 400 attendees, this 5 days corporate event will be held at the Academie Fratellini Paris. 

Hack In Paris will let its attendees discovering the concrete reality of hacking, and its consequences for companies. The program includes the state of the art of IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis and countermeasures.

Hack In Paris will be held from June 15th to 19th, 2015 and livened up exclusively in English :

  • Training : June 15 to 17, three days of trainings by 12 security officers (CISOs, CIOs) and technical experts  
  • Talks : June 18 to 19, two days of talks given by a variety of international speakers and highly technical experts
  • NEW ! : A gala-evening is organized by Sysdream on Thursday 7 P.M., June 18th, 2015 at the Academy Fratellini. More information :
You can register into the training session you like to know and learn and later research about . You will get chance to clear your concepts.

Grab your seats as soon as possible, the event will be houseful in no time.

Now Unlock Apple iPhone By Brute Forcing Using IP Box

Namaste! Good Morning,

Apple iPhone has many ways to Unlock the screen which includes Fingerprint scanning, Pattern, and Secret PIN. One thing common in this is that all such methods require human interaction .

But now there is no need of human interaction to unlock the screen of iOS devices with secret PIN. 
with some of the tools like IP Box which is connected via USB, a Sensor to check the status of the screen in case of entering the correct password and change the image.

Actually, that brute force PIN-code is only effective if the device is disabled Erase Data in the settings ( Touch ID & Passcode screen ), which has been deleted from the device after ten attempts to enter the wrong.

Researcher's initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours (that is, four and a half days) to bruteforce a 4 digit PIN.
  • 5 digits - 1.5 months
  • 6 digits - 1.25 years
  • 7 digits - 12.5 years
  • 8 digits - 125 years
Researcher's have tested the attack on an iPhone 5s running iOS 8.1

Further research suggests this could be the issue detailed in CVE-2014-4451 but this has yet to be confirmed.

It turns out that the most efficient algorithm cracker action will be: 

  1. Try to find out the real PIN-code by analyzing the state of the coating of the screen. 
  2. Manually enter the 9 most popular of PIN-codes from the list of the most popular of PIN-codes. 
  3. Restart the phone. 
  4. Start automatic brute force for the other passwords. There is also better to use the dictionary the most popular combinations, introducing them in the first place.

Windows Security Bypass 10 With One Bit

Namaste! Good Morning,

In the last set of patches from Microsoft for February 2015 was closed not only notorious JASBUG , but also the vulnerability CVE-2015-0057 with the same maximum risk rating (total in the February set three critical bug). 

The vulnerability allows for escalation of privileges to gain complete control over a victim's computer and bypass all security mechanisms Windows. The bug is in the GUI-component core - module Win32k.sys. Namely, in the structure information about the scroll bars in windows on the screen.

There is a function xxxEnableWndSBArrows , which determines whether to display a scroll bar or show the scroll bar. This is where the hidden "bug", which is found by static code analysis. At some point freed memory bits, where he kept the flags of states scrollbars. These bits we use (Use After Free). 

At first glance it seems a minor vulnerability. But if it is right unleash a chain, it's in your hands full control of any system from Redmond. Exploit reliably works in all versions of Windows, from Windows XP and up to 10, with all the included security mechanisms. 

The author believes that the attackers will be successfully exploit this vulnerability for a long time.

Annomymous Hacker Sentenced for 5 years by Federal Judge in Dallas

Namaste! Good Morning,

Barret Brown is sentenced to 63 Months in prison by a federal judge in Dallas, including the 31 months he has already served.

Brown, 33, was pleaded guilty in April to being an accessory after the fact for attempting to assist a hacker, hiding two computers from FBI agents who were executing a search warrant and threatening an FBI agent in a video.

The accessory after the fact charge relates to an incident in December 2011 when someone Brown knew as "o" hacked the computer network of Austin, Texas-based private intelligence firm Stratfor and obtained confidential information, including credit card details, according to court papers.

Brown knew that the incident harmed Statfor's website and removed confidential data, according to court documents.

He also attempted to communicate with Stratfor's top official on behalf of the hacker to minimize damage, the papers said.

In a statement read in court on Thursday, Brown said his role was to post a link which had already been made public.

He said the government "exposed me to decades of prison time for copying and pasting a link to a publicly available file that other journalists were also linking to without being prosecuted."

Brown expressed regret for some of some of his actions, including threats made in online videos.

"The videos were idiotic, and although I made them in a manic state brought on by sudden withdrawal from Paxil and Suboxone, and while distraught over the threats to prosecute my mother, that's still me in those YouTube clips talking nonsense about how the FBI would never take me alive," he said.

Attempts to reach Brown's attorneys were unsuccessful.

 Listen Barrett Brown  in Youtube

Hacker Arrested for Leaking Songs From Madonna's New Album Rebel Heart

Namaste! Good Morning,

Police in Israel have arrested a 39 year old man on suspicion of hacking into Madonna's compute and leaking songs from her new album "Rebel Heart".

The hacker was detained by members of the country's crime-fighting unit.

Officers are investigating allegations the suspect "broke into the personal computers of several international artists over the past few months and stole promotional final-cut singles which have yet to be released and traded them online for a fee". 

The Investigation by a security firm traced the breach of Madonna's computer to Israel. Her songs are leaked before its release date. 

"I'm profoundly grateful to the FBI, the Israeli Police investigators and anyone else who helped lead to the arrest of this hacker," Madonna, above, said in a statement.  

"Like any citizen, I have the right to privacy. This invasion into my life - creatively, professionally, and personally - remains a deeply devastating and hurtful experience, as it must be for all artists who are victims of this type of crime."

Hacking into Stars Personal Computers and into getting into their Account and stealing important data is getting easier these days. Seeing the rate of hacking into this personalities it seems that either the stars are not that good with protecting their own stuff of the hackers are becoming smarter day by day. 

Nullcon Goa 2015 is Here Pirates! | Time to Set Sail Toward Goa

Namaste! Good Morning,

"Nullcon 2015" sets green flag to Call For Papers. This is the sixth year of Nullcon . Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. 

Motto of Nullcon is "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology.

nullcon goa 2015

The idea started as a gathering for researchers and organizations to brain storm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security.

In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

 Nullcon is managed and marketed by Payatu Technologies. The idea of nullcon emerged out of null - The open security community, a registered not-for-profit society and the largest active security community in India with over 8 chapters in major cities - Bangalore, Mumbai, Chennai, Pune, Hyderabad, Mysore, Trivandrum and Delhi.

As a tribute to the community nullcon funds null to further null's cause and supports all of its initiatives.

While submitting the research paper remember that it's yours on research work . Also the abstract must be detailed and it must not just contain the mere introduction to the research/hacks. And any Paper/research that is more of marketing based and promoting its company may be rejected.

Important Dates:
  • CFP Opens: 6th Aug 2014
  • 1st round of Speaker list Online: 6th Sept 2014
  • CFP Closing Date: 1st Nov 2014
  • Final speakers List online: 6th Nov 2014
  • Detailed Paper submission by selected speakers: 6th Jan 2015
  • Training Dates: 4th-5th Feb 2015
  • Conference Dates: 6th-7th Feb 2015
More details related to CFP of Nullcon 2015 can be read from here.

The Venue Details

Venue: The Bogmallo Beach Resort, Goa, India
Contact: +91 - 99229 00657
For Inquiries:
For Sponsorship:
Registrations Open: Sep '14

This is the rare chance to meet your old friend and make new friends. You get to meet like minded peoples and an environment you would love to work in. Good luck for the event

Poorly Configured Oracle Reports Database Server Leads to Huge Data Leak at MBIA Inc.

Namaste! Good Morning,

KrebsOnSecurity notified to MBIA Inc. about the huge data leak this Monday. Kreb reported that due to the misconfiguration in a company Web server, countless customer account numbers, balances and other sensitive data were exposed. This leaked sensitive data is also indexed on many popular search engines.

MBIA Inc. is a financial services company. It was founded in 1973 as the Municipal Bond Insurance Association. It is headquartered in Armonk, New York, and has approximately 400 employees. MBIA is the largest bond insurer. MBIA Inc., is based in Purchase, N.Y., is a public holding company that offers municipal bond insurance and investment management products.

After getting notification, the company disabled the vulnerable website This Website contained customer data from Cutwater Asset Management, a fixed-income unit of MBIA that is slated to be acquired by BNY Mellon Corp.

MBIA spokesman Kevin Brown said,"We have been notified that certain information related to clients of MBIA’s asset management subsidiary, Cutwater Asset Management, may have been illegally accessed,. We are conducting a thorough investigation and will take all measures necessary to protect our customers’ data, secure our systems, and preserve evidence for law enforcement." He also added that the customers are also notified about this leak.

Documents indexed by search engines featured detailed instructions on how to authorise new bank accounts for deposits, including the forms and fax numbers needed to submit the account information.

Bryan Seely, an independent security expert with Seely Security, discovered the exposed data using a search engine. Seely said the data was exposed thanks to a poorly configured Oracle Reports database server. Another researcher Dana Taylor @miss_sudo documented the misconfigured server.

One of San Diego FBI’s Most Wanted Cyber Fugitives John Gordon Baden Worth $5000

Namaste! Good Morning,

The Federal Bureau of Investigation (FBI) is offering a reward up to $5,000 for any information that leads to the arrest of John Gordon Baden who's 38. He is considered to be one of San Diego FBI’s Most Wanted Cyber Fugitives.

Baden is allegedly responsible for stealing the identities of 40K people and then using the stolen information to siphon funds from their brokerage or bank accounts and purchasing expensive electronic items with their credit. It is estimated that the losses caused by this fugitive are in the millions of dollars.

In July 2014, Baden along with his two co-conspirators, Jason Ray Bailey and Victor Alejandro Fernandez were indicted by a federal grand jury seated in the Southern District of California, San Diego, California, on a number of federal charges which includes, conspiracy to commit wire fraud, computer hacking, aggravated identity theft, and wire fraud. Baden was accused specifically on federal charges of conspiracy to commit wire fraud, wire fraud, and computer hacking. The charges were the result of an FBI investigation into Baden and his two co-conspirators who operated a criminal enterprise that exploited vulnerabilities in computer servers of a U.S. mortgage broker.

According to the accusation, Baden and his co-conspirators obtained mortgage applications containing customers personal identification information such as names, dates of birth, Social Security numbers, addresses, assets, tax information, and driver’s licenses by hacking into the company’s computer servers. While the criminal enterprise was based in Tijuana, Mexico, their victims stretched from California to Florida and states in between.

According to the accusation, during the period July 2011 to August 2013, Bailey, Fernandez, and Baden knowingly and intentionally engaged in a scheme whereby they would obtain and share log-in credentials that enabled them to gain unauthorized access to a U.S. mortgage broker company’s electronic customer records and the BlitzDocs computer application that the company used to manage these records.

Baden and his co-conspirators would then use log-in credentials without authorization to access BlitzDocs and the company’s electronic records and thereby steal customer’s personal identifiable information ((PII). Baden and his co-conspirators would then use this stolen PII, along with PII stolen from other victims and businesses, to defraud merchants and financial institutions, for their private financial gain.

FBI agents arrested Jason Ray Bailey and Victor Alejandro Fernandez in February 2014, on federal charges emanating from this same investigation. Those charges were superseded by a federal grand jury indictment in July 2014. Both Bailey and Fernandez remain in federal custody.

It is assumed that Baden maybe in Tijuana, Mexico, specifically the Zona Norte or Zona Centro area. Also, Baden enjoys gambling and likes to play bingo.

John Gordon Baden is described as follows: 
  • Sex: Male
  • Race: White
  • Height: 5’8” tall
  • Weight: 195 pounds
  • DOB: August 19, 1976
  • Hair: Light brown
  • Eyes: Hazel

New Mac OS X Botnet Discovered By Researcher's of Dr. Web Which Infected More Than 17000 Machines

Namaste! Good Morning,

Apple Mac OS X users are infected by a malware named Mac.BackDoor.iWorm . This is considered to be complex multi purpose backdoor. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. It is analysed  and recorded that the machines infected by Mac.BackDoor.iWorm is near about 17000 .

This malware was developed using C++ and Lua. It should also be noted that the malware makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the malware is launched automatically.

Doctor Web's researchers statistics show that as of September 26, 2014, 17,658 IP addresses of infected devices were involved in the botnet/malware created by Criminals using Mac.BackDoor.iWorm. Most of them—4,610 (representing 26.1% of the total)—reside in the United States. Canada ranks second with 1,235 addresses (7%), and the United Kingdom ranks third with 1,227 IP addresses of infected computers (6.9% of the total). The late September 2014 geographical distribution of the botnet/malware created with Mac.BackDoor.iWorm is shown in the following illustration:

In order to acquire a control server address list, this malware uses the search service at, and—as a search query—specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

The bot picks a random server from the first 29 addresses on the list and sends queries to each of them. Search requests to acquire the list are sent to in five-minute intervals.

This malware has Lua Script which is capable to perform many actions like Get the OS  Type, Get the value from the configuration file, get Botnet uptime, Send a GET Query , Download a file, Execute a system instruction and many more .

It is said by Dr Web's Researchers that the signature of this malware has been added to the virus database, so Mac.BackDoor.iWorm poses no danger to Macs protected with Dr.Web Anti-virus for Mac OS X.

c0c0n | International Cyber Security And Policing Conference

Namaste! Good Morning,

About c0c0n

c0c0n, also known as the CyOps Con, is an annual event organized as part of the International Information Security Day. c0c0n is a two day International Information Security Conference which is organised and hosted by Kerala (India) State Police, along with the society for the Policing of Cyberspace (i.e. POLCYB) which is a not-for-profit society based in British Columbia incorporated with their goal to prevent and combat crimes in cyberspace and ISRA(i.e. Information Security Research Association ).


c0c0n is aimed at providing a platform to discuss, showcase, educate, understand and spread awareness on the latest trends in information / cyber security and hi-tech attacks and crimes. It also aims to provide a hand-shaking platform for various corporate, government organizations including the various investigation agencies, academia, research organizations and other industry leaders and players for better co-ordination in making the cyber world a better and safe place to be. The conference is split into two tracks, Track 1 dedicated for Law Enforcement's, Cyber Governance, Digital Forensics and investigative aspects of Cyber Space with this year’s major themes being:
  • Cyber Terror
  • Counter Terror in the Cyber World
  • Free Software for Cyber Crime Investigation
  • Digital strategies for prevention and detection of crimes against women
Track 2 concentrates on the Technical, research and management aspects of Information & Cyber Security and Critical Information National Infrastructure.

c0c0n Conference related Information

  • Date of Conference ( DoC ) : 
    • Pre Conference : 21 Aug 2014
    • Conference : 22-23 Aug 2014
  • Location : Kochi, India
  • Speakers List
  • Keynote Speaker : Dr. A. P. J. Abdul Kalam & Mr. Eric Filiol
  • Workshop Details 
  • Registration E-mail:  
c0c0n is doing great in spreading awareness about cyber crimes and there workshops are worth to attend. Every time they come up with something new, so lets what what they are going to come up with this time Thumps up for the effort of c0c0n Team.

List of All Bug Bounty Programs

Namaste! Good Morning,

In present time, "H4ck3rs" word brings a lot of negative taught and the general public have now started getting scared of the term "H4ck3rs". And now a days novice hackers who gets Ethical Hackers so called training feel that now they have only one path to move on and that is the wrong path where they can become black path. But, there is very bright future for the H4ckers.

One path for the present generation to show there skills is Bug Bounties Programs, instead of defacing innocent people's website whose whole family relies on that particular website, just for fun.

Many novices hackers find it hard that where to find the bugs and where they can report the bugs they found and also they don't know how to submit the website.

Today we are going to tell you  every thing about bug bounties and all the bug bounty programs that are there in WWW.

Some of the bounty programs gives rewards & Hall of Fame, some give only reward, some include the bounty hunters into there Hall of Fame and give Swags too, some gives space in there Hall of Fame only and some just give away swag and no hall of Fame.



Active Campaign

Active Prospect




  Amazon Web Services










Constant Contact


And many more will be updated soon....