botnet | Breaking Cybersecurity News | The Hacker News

Browser-based botnets are the T-1000s of the DDoS world. Just like the iconic villain of the old Judgment Day movie, they too are designed for adaptive infiltration. This is what makes them so dangerous. Where other more primitive bots would try to brute-force your defenses, these bots can simply mimic their way through the front gate. By the time you notice that something`s wrong, your perimeter has already been breached, your servers were brought down, and there is little left to do but to hang up and move on. So how do you flush out a T-1000? How do you tell a browser-based bot from a real person using a real browser? Some common bot filtering methods, which usually rely on sets of Progressive Challenges , are absolutely useless against bots that can retain cookies and execute JavaScripts. The alternative to indiscriminately flashing CAPTCHA's for anyone with a browser is nothing less than a self-inflicted disaster - especially when the attacks can go on for weeks a

Security expert Ebrahim Hegazy , Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability . Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script code or system compromise. According to Ebrahim, when a developer creates a new application for Twitter  i.e. dev.twitter.com - they have an option to upload an image for that application. While uploading the image, the Twitter server will check for the uploaded files to accept certain image extensions only, like PNG, JPG and other extensions won't get uploaded. But in a Video Proof of Concept he demonstrated  that, a vulnerability allowed him to bypass this security validation

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

With all the popular social networking websites there on the web, managing them from several different internet browser tabs or windows can get frustrated very quickly. Besides our own Facebook Page, Twitter account, and Google+ profile, I also manage several others and, YES, I feel the " time management " pain! To make social media management and monitoring easier for users, some very innovative desktop applications and mobile apps were developed to help organize multiple platforms and information sharing across selected networks. Using online tools like TweetDeck, Seesmic, Hootsuite , Feedly, Twuffer and Buffer App for scheduling and posting directly from a web page has become an absolute necessity especially where Twitter is concerned. Additionally these apps gives you the ability to post on one or all of your connected accounts together i.e Multiple Facebook, Twitter or Google+ profiles. These applications don't require your passwords for social me

According to a Security Analyst ' Maarten Boone ' working  at Fox-IT company, the Developer of notorious Blackhole Exploit Kit  developer ' Paunch ' and his partners were arrested in Russia recently. Blackhole Exploit Kit  which is responsible for the majority of web attacks today, is a crimeware that makes it simple for just about anyone to build a botnet . This Malware kit was developed by a hacker who uses the nickname "Paunch" and his Team, has gained wide adoption and is currently one of the most common exploit frameworks used for Web-based malware delivery. The Blackhole exploit kit is a framework for delivering exploits via compromised or third-party websites, serve up a range of old and new exploits for Oracle's Java, Adobe's Flash and other popular software to take control of victim's machines. It the point of writing No Police Authority or Press has confirmed the claim made by Maarten about the arrest of Malware author. Plea

IT Security is the name of the game and no matter how big or small the size of your organization, you will always invest enough on securing certain aspects of your IT network. In many organizations, it starts with monitoring your network for vulnerabilities that may enter the network to access potentially sensitive information in the form of security attacks . For example, you may have firewalls as your first line of defense, followed by vulnerability management, intrusion detection and prevention systems, managing your network configurations and so on.  These are crucial because: Your routers can be easily breached without proper configuration and restrictions.  If a firewall isn't configured correctly, a hacker can easily spot a port that is accidentally left open and can gain access to the network.  Rogue access points, botnet malware and social engineering can make your wireless a porthole into your LAN. Why Logs? The very purpose of IT security is to be

An illegal service that sells personal data of US citizens online, which can then be used for identity theft hacked into the networks of three major data brokers and Hacker stole their databases. Cyber attack has given them access to Social Security Numbers , dates of birth, and other personal details that could put all our finances at risk. Krebs's blog revealed that the service, known as SSNDOB ( ssndob.ms)  (Social Security Number Date of Birth) used malware to obtain secret access to the databases of LexisNexis, Dun & Bradstreet and Kroll Background America. Hackers are charging from 50 cents to $2.50 per record and from $5 to $15 for credit and background checks. It was discovered in March that another website, exposed.su was using data collected by SSNDOB to sell to its customers.  Through the use of a botnet Malware, ID thieves the ID thieves gained access to the networks of LexisNexis, that it provides coverage of more than 500 million unique consumer identities.

There is currently a Mega cyber attack campaign being launched on a large number of WordPress websites across the Internet.  In April, 2012 we reported about a large distributed brute force attack against millions of WordPress sites were occurring, out of that hackers are successful to compromise 90,000 servers to create a large Botnet  of Wordpress hosts. According to the DDOS attack logs report  received from a ' The Hacker News ' reader ' Steven Veldkamp ', victim's website was under under heavy DDOS attack recently, coming from various compromised Wordpress based websites. Possibly using the brute force attack on WordPress administrative portals with the a world list of the most commonly used username and password combinations, attackers are taking control of many poorly secured WordPress Hosts. After analyzing the piece of a DDOS attack Log file from timing 23/Sep/2013:13:03:13 +0200 to 23/Sep/2013:13:02:47 +0200, we found that in 26 second attacker was

Argentinian police have arrested a 19-year-old " superhacker " who was making $50,000 a month,  working from his bedroom in Buenos Aires, by targeting international money transfer and gambling websites. Police say it took them a year to close in on the teenager, who was part of a six-strong gang which planted viruses on a gaming site which infected the computers of website visitors. Police raiding his Buenos Aires residence and identified six more people who were involved in the criminal network. The criminal  is reportedly the son of an IT engineer and officials found high-capacity computers from his room. The hackers used malware to run a Botnet network of thousands of zombie computers, which were then used to illegally divert money from accounts leaving virtually no trace behind. Police seized electronic equipment, including cables, routers and over 14 hard drives. The police department dubbed it Operation Zombie began in 2012. His activities were brought

Recently, Tor Project Director - Roger Dingledine described a sudden increase in Tor users on the Tor Network after the events related to disclosure of the PRISM surveillance program, Since August 19, 2013, there has been an impressive growth in the number of Tor users. At first, No one knew who or what is responsible for this spontaneous growth of Tor users, but Security researchers at Fox-IT firm found evidence that the spike in Tor traffic is caused by a Mevade Botnet, that hides its Command-and-Control server in the anonymizing network. The security firm documented the presence of the Mevade malware architecture based on the anonymizing network, " The malware uses a command and control connectivity via Tor .Onion links using HTTP. While some bots continue to operate using the standard HTTP connectivity, some versions of the malware use a peer-to-peer network to communicate (KAD based). " " Typically, it is fairly clear what the purpose of malw

Password theft has been a growing problem within the security community. Researchers at Arbor Networks have uncovered a botnet called Fort Disco that was used to compromise more than 6000 websites based on popular CMSs such as WordPress , Joomla and Datalife Engine. The Fort Disco botnet is currently made up of nearly 25,000 Windows machines and receives a list of sites to attack from a central command and control server. The bots receive also a list of common username-password combinations, typically composed of default combinations with password options including admin or 123456. Arbor Networks security researcher Matthew Bing said the attack has several advanced features that make it next to impossible to fully track and they obtained precious info on the botnet exploiting a misconfiguration on the attackers' side that made possible the analysis of logs on several of the six command and control servers discovered. " We stumbled upon these detailed logs the attacker left open o

Almost all Android handsets are  vulnerable to a  flaw that could allow hackers to seize control of a device to make calls, send texts, or build a mobile botnet , has been uncovered by Bluebox Security .i.e almost 900 million Android devices globally. Or simply, The Flaw allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the OS. When an application is installed and a sandbox is created for it, Android records the application's digital signature and all subsequent updates for that application need to match its signature in order to verify that they came from the same author and anything without the signature certificate won't install or run on a user's device. The vulnerability has existed since at least Android 1.6, which means that it potentially affects any Android device released during the last four years.  Samsung 's flagship Galaxy S4 has a

The notorious Zeus Trojan , a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security appliances. Trend Micro experts spotted another new variant of  ZBOT Malware which is capable of spreading  itself automatically via USB Flash Drives or removable drives. According to report , this particular ZBOT variant arrives through a malicious PDF file disguised as a sales invoice document and when user opens this file using Adobe Reader, it triggers an exploit . Malware also has an auto update module, so that it can download and run an updated copy of itself. To self propagate, it creates a hidden folder with a copy of itself inside the USB drive with a shortcut pointing to the hidden ZBOT copy. Another variant of ZeuS #Malware spotted, with new feature of spreading itself automati

Microsoft and the FBI have taken down a botnet that controlled millions of infected PCs, which was responsible for massive bank fraud.  Botnets are networks of computers infected with viruses that let them be controlled by hackers. The outfit runs the Citadel Botnets and is believed to have stolen more than $500 million from bank accounts over the past 18 months. Citadel is one of the biggest botnets in operation today. Citadel is a banking Trojan that has been in existence since 2011. As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks. Citadel infected as many as 5 million PCs around the world including here in Australia and according to Microsoft, was used to steal from dozens of financial institutions, including American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC, JPM

Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc , Hackers are exploiting a known and patched vulnerability in coding language Ruby on Rails, which allows a remote user to edit the web server's crontab to download a file to the /tmp directory where it is compiled and executed. The exploit that is currently being used by attackers adds a custom cron job (a scheduled task on Linux machines) that executes a sequence of commands. " Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers ," Jarmoc blogged. " There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands ." The original fla

#OpUSA campaign is officially started, the day has come, today May 7 as announced by Anonymous , a coordinated online attack will hit Banking and government websites. The announcement made by popular group of hacktivists is creating great concerns between US security experts in charge of defense the potential targets. The message passed sent by Anonymous to US authorities is eloquent, " We Will Wipe You Off the Cyber Map "  A new wave of attacks, presumably distributed-denial-of-service attack , is expected to hit principal US financial institutions exactly as already happened in the last months. The hacktivists participating to OpUSA campaign protest against the policy of the US Government blamed to have committed war crimes in foreign states and in its countries. "A nonymous will make sure that's this May 7 will be a day to remember. On that day anonymous will start phase one of operation USA. America you have committed multiple war crimes in Iraq, Afg