Friday, 17 October 2014

Nullcon Goa 2015 is Here Pirates! | Time to Set Sail Toward Goa

Namaste! Good Morning,

"Nullcon 2015" sets green flag to Call For Papers. This is the sixth year of Nullcon . Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. 

Motto of Nullcon is "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology.

nullcon goa 2015

The idea started as a gathering for researchers and organizations to brain storm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security.

In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

 Nullcon is managed and marketed by Payatu Technologies. The idea of nullcon emerged out of null - The open security community, a registered not-for-profit society and the largest active security community in India with over 8 chapters in major cities - Bangalore, Mumbai, Chennai, Pune, Hyderabad, Mysore, Trivandrum and Delhi.

As a tribute to the community nullcon funds null to further null's cause and supports all of its initiatives.

While submitting the research paper remember that it's yours on research work . Also the abstract must be detailed and it must not just contain the mere introduction to the research/hacks. And any Paper/research that is more of marketing based and promoting its company may be rejected.

Important Dates:
  • CFP Opens: 6th Aug 2014
  • 1st round of Speaker list Online: 6th Sept 2014
  • CFP Closing Date: 1st Nov 2014
  • Final speakers List online: 6th Nov 2014
  • Detailed Paper submission by selected speakers: 6th Jan 2015
  • Training Dates: 4th-5th Feb 2015
  • Conference Dates: 6th-7th Feb 2015
More details related to CFP of Nullcon 2015 can be read from here.

The Venue Details

Venue: The Bogmallo Beach Resort, Goa, India
Contact: +91 - 99229 00657
For Inquiries: info@nullcon.net
For Sponsorship: sponsor@nullcon.net
Registrations Open: Sep '14

This is the rare chance to meet your old friend and make new friends. You get to meet like minded peoples and an environment you would love to work in. Good luck for the event
Read More »

Tuesday, 7 October 2014

Poorly Configured Oracle Reports Database Server Leads to Huge Data Leak at MBIA Inc.

Namaste! Good Morning,

KrebsOnSecurity notified to MBIA Inc. about the huge data leak this Monday. Kreb reported that due to the misconfiguration in a company Web server, countless customer account numbers, balances and other sensitive data were exposed. This leaked sensitive data is also indexed on many popular search engines.

MBIA Inc. is a financial services company. It was founded in 1973 as the Municipal Bond Insurance Association. It is headquartered in Armonk, New York, and has approximately 400 employees. MBIA is the largest bond insurer. MBIA Inc., is based in Purchase, N.Y., is a public holding company that offers municipal bond insurance and investment management products.

After getting notification, the company disabled the vulnerable website mbiaweb.com. This Website contained customer data from Cutwater Asset Management, a fixed-income unit of MBIA that is slated to be acquired by BNY Mellon Corp.

MBIA spokesman Kevin Brown said,"We have been notified that certain information related to clients of MBIA’s asset management subsidiary, Cutwater Asset Management, may have been illegally accessed,. We are conducting a thorough investigation and will take all measures necessary to protect our customers’ data, secure our systems, and preserve evidence for law enforcement." He also added that the customers are also notified about this leak.


Documents indexed by search engines featured detailed instructions on how to authorise new bank accounts for deposits, including the forms and fax numbers needed to submit the account information.

Bryan Seely, an independent security expert with Seely Security, discovered the exposed data using a search engine. Seely said the data was exposed thanks to a poorly configured Oracle Reports database server. Another researcher Dana Taylor @miss_sudo documented the misconfigured server.


Read More »

One of San Diego FBI’s Most Wanted Cyber Fugitives John Gordon Baden Worth $5000

Namaste! Good Morning,

The Federal Bureau of Investigation (FBI) is offering a reward up to $5,000 for any information that leads to the arrest of John Gordon Baden who's 38. He is considered to be one of San Diego FBI’s Most Wanted Cyber Fugitives.

Baden is allegedly responsible for stealing the identities of 40K people and then using the stolen information to siphon funds from their brokerage or bank accounts and purchasing expensive electronic items with their credit. It is estimated that the losses caused by this fugitive are in the millions of dollars.

In July 2014, Baden along with his two co-conspirators, Jason Ray Bailey and Victor Alejandro Fernandez were indicted by a federal grand jury seated in the Southern District of California, San Diego, California, on a number of federal charges which includes, conspiracy to commit wire fraud, computer hacking, aggravated identity theft, and wire fraud. Baden was accused specifically on federal charges of conspiracy to commit wire fraud, wire fraud, and computer hacking. The charges were the result of an FBI investigation into Baden and his two co-conspirators who operated a criminal enterprise that exploited vulnerabilities in computer servers of a U.S. mortgage broker.

According to the accusation, Baden and his co-conspirators obtained mortgage applications containing customers personal identification information such as names, dates of birth, Social Security numbers, addresses, assets, tax information, and driver’s licenses by hacking into the company’s computer servers. While the criminal enterprise was based in Tijuana, Mexico, their victims stretched from California to Florida and states in between.

According to the accusation, during the period July 2011 to August 2013, Bailey, Fernandez, and Baden knowingly and intentionally engaged in a scheme whereby they would obtain and share log-in credentials that enabled them to gain unauthorized access to a U.S. mortgage broker company’s electronic customer records and the BlitzDocs computer application that the company used to manage these records.

Baden and his co-conspirators would then use log-in credentials without authorization to access BlitzDocs and the company’s electronic records and thereby steal customer’s personal identifiable information ((PII). Baden and his co-conspirators would then use this stolen PII, along with PII stolen from other victims and businesses, to defraud merchants and financial institutions, for their private financial gain.

FBI agents arrested Jason Ray Bailey and Victor Alejandro Fernandez in February 2014, on federal charges emanating from this same investigation. Those charges were superseded by a federal grand jury indictment in July 2014. Both Bailey and Fernandez remain in federal custody.

It is assumed that Baden maybe in Tijuana, Mexico, specifically the Zona Norte or Zona Centro area. Also, Baden enjoys gambling and likes to play bingo.

John Gordon Baden is described as follows: 
  • Sex: Male
  • Race: White
  • Height: 5’8” tall
  • Weight: 195 pounds
  • DOB: August 19, 1976
  • Hair: Light brown
  • Eyes: Hazel
Read More »

Sunday, 5 October 2014

New Mac OS X Botnet Discovered By Researcher's of Dr. Web Which Infected More Than 17000 Machines

Namaste! Good Morning,

Apple Mac OS X users are infected by a malware named Mac.BackDoor.iWorm . This is considered to be complex multi purpose backdoor. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. It is analysed  and recorded that the machines infected by Mac.BackDoor.iWorm is near about 17000 .

This malware was developed using C++ and Lua. It should also be noted that the malware makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the malware is launched automatically.

Doctor Web's researchers statistics show that as of September 26, 2014, 17,658 IP addresses of infected devices were involved in the botnet/malware created by Criminals using Mac.BackDoor.iWorm. Most of them—4,610 (representing 26.1% of the total)—reside in the United States. Canada ranks second with 1,235 addresses (7%), and the United Kingdom ranks third with 1,227 IP addresses of infected computers (6.9% of the total). The late September 2014 geographical distribution of the botnet/malware created with Mac.BackDoor.iWorm is shown in the following illustration:
























In order to acquire a control server address list, this malware uses the search service at reddit.com, and—as a search query—specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

The bot picks a random server from the first 29 addresses on the list and sends queries to each of them. Search requests to acquire the list are sent to reddit.com in five-minute intervals.

This malware has Lua Script which is capable to perform many actions like Get the OS  Type, Get the value from the configuration file, get Botnet uptime, Send a GET Query , Download a file, Execute a system instruction and many more .

It is said by Dr Web's Researchers that the signature of this malware has been added to the virus database, so Mac.BackDoor.iWorm poses no danger to Macs protected with Dr.Web Anti-virus for Mac OS X.

Read More »

Saturday, 2 August 2014

c0c0n | International Cyber Security And Policing Conference

Namaste! Good Morning,

About c0c0n

c0c0n, also known as the CyOps Con, is an annual event organized as part of the International Information Security Day. c0c0n is a two day International Information Security Conference which is organised and hosted by Kerala (India) State Police, along with the society for the Policing of Cyberspace (i.e. POLCYB) which is a not-for-profit society based in British Columbia incorporated with their goal to prevent and combat crimes in cyberspace and ISRA(i.e. Information Security Research Association ).

c0c0n

c0c0n is aimed at providing a platform to discuss, showcase, educate, understand and spread awareness on the latest trends in information / cyber security and hi-tech attacks and crimes. It also aims to provide a hand-shaking platform for various corporate, government organizations including the various investigation agencies, academia, research organizations and other industry leaders and players for better co-ordination in making the cyber world a better and safe place to be. The conference is split into two tracks, Track 1 dedicated for Law Enforcement's, Cyber Governance, Digital Forensics and investigative aspects of Cyber Space with this year’s major themes being:
  • Cyber Terror
  • Counter Terror in the Cyber World
  • Free Software for Cyber Crime Investigation
  • Digital strategies for prevention and detection of crimes against women
Track 2 concentrates on the Technical, research and management aspects of Information & Cyber Security and Critical Information National Infrastructure.

c0c0n Conference related Information

  • Date of Conference ( DoC ) : 
    • Pre Conference : 21 Aug 2014
    • Conference : 22-23 Aug 2014
  • Location : Kochi, India
  • Speakers List
  • Keynote Speaker : Dr. A. P. J. Abdul Kalam & Mr. Eric Filiol
  • Workshop Details 
  • Registration E-mail: c0c0n@is-ra.org  
c0c0n is doing great in spreading awareness about cyber crimes and there workshops are worth to attend. Every time they come up with something new, so lets what what they are going to come up with this time Thumps up for the effort of c0c0n Team.

Read More »

Monday, 28 July 2014

List of All Bug Bounty Programs

Namaste! Good Morning,

In present time, "H4ck3rs" word brings a lot of negative taught and the general public have now started getting scared of the term "H4ck3rs". And now a days novice hackers who gets Ethical Hackers so called training feel that now they have only one path to move on and that is the wrong path where they can become black path. But, there is very bright future for the H4ckers.

One path for the present generation to show there skills is Bug Bounties Programs, instead of defacing innocent people's website whose whole family relies on that particular website, just for fun.

Many novices hackers find it hard that where to find the bugs and where they can report the bugs they found and also they don't know how to submit the website.

Today we are going to tell you  every thing about bug bounties and all the bug bounty programs that are there in WWW.

Some of the bounty programs gives rewards & Hall of Fame, some give only reward, some include the bounty hunters into there Hall of Fame and give Swags too, some gives space in there Hall of Fame only and some just give away swag and no hall of Fame.


99designs


Acquia


Active Campaign

Active Prospect

Adapcare






Airbnb 



Alcyon




  Amazon Web Services




at&t


Attack-Secure


Automattic





Avira






Basecamp

Beanstalk














Buffer











Codepen
  




Compilr 

Constant Contact














https://www.dropbox.com/special_thanks 





And many more will be updated soon....
Read More »