Skip to content

CNET attacked by Russian hacker group

2014 July 15
by admin

A Russian hacker collective says it broke into CNET servers over the weekend and stole a database of usernames and passwords.

A Russian hacker group that has attacked some of the biggest news and business sites in the world claims it penetrated CNET’s website over the weekend and stole a database of registered reader data.

A representative from the group calling itself W0rm told CNET News in a Twitter conversation that it stole a database of usernames, emails, and encrypted passwords from CNET’s servers.

W0rm is claiming that the database of stolen information includes data on more than 1 million users.

A CBS Interactive spokeswoman said that “a few servers were accessed” by the intruder. “We identified the issue and resolved it a few days ago. We will continue to monitor,” for potential impact, she said.

W0rm said it found its way into CNET’s servers through a security hole in CNET.com’s implementation of the Symfony PHP framework, a popular programming tool that provides a skeleton on which developers can construct a complex website.

Properties owned by CBS Interactive, which includes CNET, were the ninth-most visited sites in the US during May. According to ComScore, CNET had 27.1 million U.S. unique visitors on desktop and mobile in June 2014.

The W0rm representative, a non-native English speaker, said the group had no plans to decrypt the passwords or to complete the sale of the database. W0rm tweeted Monday that it will sell the database for 1 bitcoin — around $622. But the group’s spokesperson said they offered to sell the database to gain attention — “nothing more.”

Hacker collective W0rm’s screenshot, posted to their Twitter account, of the CNET hack. W0rm

W0rm claims that its goals are altruistic, and that it hacked CNET servers to improve the overall security of the Web. By targeting high-profile sites, the group says it can raise awareness about security flaws. W0rm claims to have successfully hacked the BBC in late 2013, as well as earlier hacks of Adobe Systems and Bank of America websites.

CNET’s popularity is what motivated the group to target the site. “[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright,” W0rm said in a Twitter exchange on Monday. “I want to note that the experts responsible for bezopastnost [security] in cnet very good work but not without flaws.”

Robert Hansen, a Web security expert at White Hat Security, said CNET readers might not be at risk.

“It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it’s actually a good thing,” Hansen said. “W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred.”

Update at 11:30 a.m. PT, July 15, to clarify that the number of people listed in the database comes from the hacker group.

Source: http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/

OpenSSL Vulnerability Discovered

2014 April 10
by admin

A two year old vulnerability in OpenSSL–the default cryptographic library used in many software applications (including web servers, operating systems, email, and instant-messaging clients)–has been discovered. This vulnerability could make it possible for external parties to mine server memory for data including private encryption keys, passwords, and other credentials.

If you are hosting a web server using a vulnerable version of OpenSSL (including most variants of Linux), it is recommended that you:

* Patch the OpenSSL vulnerability

* Revoke and re-issue TLS certificates

* Change any credentials that could have been compromised

* Enable Perfect Forward Secrecy (PFS) if possible

As always, it is highly recommended that all software be kept up-to-date to the latest patch version, if possible.

Redspin will continue to analyze this attack vector and, if possible, will identify specific methods to block. You can test the stance of your externally-facing web servers at: http://filippo.io/Heartbleed/ (NOTE: The site is quite busy and may be susceptible to False Negatives due to server load.)

Further details on the vulnerability may be found at: heartbleed.com

Source: https://www.redspin.com/blog/2014/04/08/openssl-vulnerability-discovered/

Brazilian hackers make plans for the World Cup

2014 February 27
by admin

Brazilian hackers are said to be preparing for a string of cyberattacks to FIFA and sponsor websites during the World Cup.

Self-proclaimed members of international hacker group Anonymous told Reuters that the network is “already making plans” for denial-of-service (DDoS) attacks, as well as website defacement and data theft – and that there is not much that can be done to stop them.

The hacker group was also active during last year’s wave of protests – which were about themes including the amount of public money spent on the World Cup - and indicated that DDoS attacks will be their preferred method for the upcoming sporting event as they are “fast, damaging and relatively simple to carry out.”

Meanwhile, Brazil says it is as prepared as it can be:

“It would be reckless for any nation to say it’s 100 percent prepared for a threat,” General José Carlos dos Santos, the head of the cyber command for Brazil’s army, told Reuters. “But Brazil is prepared to respond to the most likely cyber threats.”

The lack of effective policies to protect telecommunications and data traffic across internet networks is a common issue in Brazil and 31 other Latin American countries.

Particularly in Brazil, the government’s leniency created a situation where the country has become one of the top five largest consumers of telecoms equipment and services – and yet citizens, companies and public institutions remain exposed to all manner of cyberattacks.

This continued to be the case until revelations of spying activities on Brazil by the United States’ National Security Agency (NSA) increased that perception of vulnerability and the realization that the country could, after all, be caught off-guard given its poor defences.

The espionage scandal then prompted the announcement of a series of new projects around cybersecurity, but the cohesion of these projects is questionable.

It is safe to say that the cybersecurity topic has never received so much attention before in the whole history of Brazilian technology. However, considering the opportunities that the World Cup will provide to groups such as Anonymous and LulzSec, one can’t help but wonder if it’s all a bit too little, too late.

Source: http://www.zdnet.com/brazilian-hackers-make-plans-for-the-world-cup-7000026861/

New Apple iOS 7 Security Vulnerability Allows Hackers to Secretly Monitor Your iPhone

2014 February 26
by admin

Even if your iPhone or iPad hasn’t been jailbroken, malicious apps have the ability to record and transmit every key stroke or touch you make on Apple devices running the iOS 7 mobile operating system, thanks to a second security vulnerability that has just been discovered.

A proof-of-concept app created by security firm FireEye has proved that hackers are able to covertly monitor users’ handsets and there is currently no fix for the problem, as the vulnerability affects not only iOS 7 versions 7.0.4, 7.0.5 and 6.1.x, but also the latest version of iOS 7 – namely version 7.0.6 – which was only just released over the weekend.

Apple released the new update to fix a critical flaw affecting the Secure Sockets Layer (SSL) code that was found on 8 January, which is used to create secure connections between iOS devices and websites by authenticating SSL certificates.

One flaw fixed, another pops up

Cybercriminals use fake SSL certificates to pretend to be a popular website so that they can capture users’ login details, and this is a problem for both iOS devices running iOS 7 and Apple Mac computers running OS X Mavericks 10.9.1.

While one flaw may have been fixed, this new security flaw makes it even easier for hackers to spy on users, as the flaw is able to bypass Apple’s strict app review process.

A user could be tricked into downloading a malicious app by a phishing website, but cybercriminals could also choose to exploit a vulnerability in an innocent-looking app so that the app quietly monitors every single touch the user makes on the smartphone screen, as well as presses on the home button, volume button or TouchID.

All this data can then be quietly sent from the app to a remote server, where cybercriminals would be able to reconstruct passwords from the characters the user typed.

What you can do now

“Before Apple fixes this issue, the only way for iOS users to avoid this security risk is to use the iOS task manager to stop the apps from running in the background to prevent potential background monitoring,” FireEye researchers Min Zheng, Hui Xue and Tao Wei wrote in a blog post.

“iOS7 users can press the Home button twice to enter the task manager and see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running on the background.”

Last month, IBTimes UK showcased a piece of malware that a Trustwave researcher produced to infect Android devices and jailbroken iOS devices, but FireEye says that their app and research had been conducted independently prior to the Trustwave research.

Source: http://www.ibtimes.co.uk/new-apple-ios-7-security-vulnerability-allows-hackers-secretly-monitor-your-iphone-1437992

The 400Gbps largest DDoS attack has hit Europe using NTP Amplification

2014 February 12
by admin

For temporary abandoning the services of the host that is connected to some internet, the most widely used and favorite method that is employed by hackers is the “Distributed Denial of Services DDoS”. Almost all the big websites till date have fall victim to this attack at different times.the-400gbps-largest-ddos-attach-has-hit-europe-using-ntp-amplification

For the purpose of boosting these attacks, hackers since 2013 are using the Amplification Attack technique. The benefit with such tactics is that it obscures the attack’s source, and enables the attack’s bandwidth to be used for multiplying the size of such attack. The day before yesterday, unknown hackers have gone on to succeed in reaching newer heights of DDoS attack by targeting the anti-DDoS and content delivery firm known as Cloudfare. The attack reached 400Gbps and above at the peak of its traffic, striking the data servers of the company in Europe.

  • “Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating,” Cloudflare CEO Matthew Price said in a tweet. “Someone’s got a big, new cannon. Start of ugly things to come,”

This attack is recorded as the biggest in the history as it broke the previous biggest record of 300Gbps. Hackers took the leverage from the weakness of NTP which is used for synchronizing the computer locks.

In the last few months, the frequency of tacks against the NTP have evidently increased. On the other hand, researchers have predicted from a long time that NTP has the potential to become an ideal DDoS tool and Vector for DDoS attacks someday. The trend has quite picked up in recent times and this has caused to create a lot of concerns for service provider and gaming websites.

US-CERT has recently given a warning in which it has listed out some UDP Protocols which have been identified as potential vectors of Amplification Attacks. They also include the NTP, DNS, NetBIOS, CharGEN, BitTorrent, QOTD, Quake Network, Kad, and the Protocol Steam Protocol.

The versions of the ntpd that have been prior to the version 4.2.7 have by default vulnerability in them. Therefore a simple recommendation is that the publically accessible version should be upgraded to at least the version 4.2.7. Therefore the mis-configured servers of NTP need to be cleaned up, or else the attacks will continue.

Source: http://hackread.com/the-400gbps-largest-ddos-attach-has-hit-europe/