Phishing | Breaking Cybersecurity News | The Hacker News

Yesterday Night Microsoft has faced another targeted attack by the Syrian Electronic Army (SEA), a group supposed to be aligned with Syrian President Bashar al-Assad . The SEA group is popular for its advance phishing attack and using the same technique they also hacked into the Official Twitter account of Microsoft News, Xbox Support, Skype and also defaced the Microsoft, Skype Official Blog pages in the past few weeks. Yesterday, Just after the Microsoft uploaded the newly designed website of it ' Microsoft Office ' blog, the Syrian Electronic Army gang again compromised it successfully. SEA uploaded the hacked blog screenshots on their twitter account, with a defacement article titled " Hacked by the Syrian Electronic Army ", as shown. Before, they also taunted Microsoft that " changing the CMS will not help you if your employees are hacked and they don't know about that ." The Group kept their promise to continue their attacks

More than 15.2% of the Algerian population use Internet service which is provided by around 30 Internet Service Providers and one of the largest shares is served by Algerie Telecom .  Algerie Telecom provides  TP-LINK TD-W8951ND  Router to most of their home customers who Opt-In for Internet services and each of which has ZYXEL embedded firmware installed in it. ABDELLI Nassereddine, penetration tester and Algerian Computer Science Student has reported highly critical unauthorized access and password disclosure vulnerabilities in the Routers provided by Algerie Telecom. He told ' The Hacker News ' that the vulnerabilities can be exploited by any remote hacker just by exploiting a very simple loophole in the firmware. First, he found that an unauthorized access is available to ' Firmware/Romfile Upgrade'  Section on the Router's panel that can be accessed without any login password i.e. https://IP//rpFWUpload.html This page actually allows a user to upgrade

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

LinkedIn's iOS application is prone to a vulnerability that may permit remote attackers to execute arbitrary code. Security Researcher Zouheir Abdallah  has disclosed HTML parsing vulnerability in LinkedIn iOS an app, that can be used to phish for credentials or be escalated into a full blown attack. LinkedIn's vulnerability occurs when the messaging feature of LinkedIn's mobile app parses invalid HTML and an attacker can exploit this vulnerability remotely from his/her account, which could have serious impact on LinkedIn's users.  He created Proof of concept of the flaw and submitted it to the LinkedIn Security team in September 2013. Later in October 2013, the vulnerable application was patched. One of the possible attack vector is that, using this vulnerability attacker can easily phish LinkedIn user on iOS app. As shown in the screenshot, POC message says: Hey, Can you please view my LinkedIn profile and endorse me! Thanks! I appreciate it! The iOS app will d

Security Researcher Dan Melamed discovered an Open URL redirection vulnerability in Facebook that allowed him to have a facebook.com link redirect to any website without restrictions. An open URL Redirection flaw is generally used to convince a user to click on a trusted link which is specially crafted to take them to an arbitrary website, the target website could be used to serve a malware or for a phishing attack . An Open URL Redirection url flaw in Facebook platform and third party applications also exposes the user's access token at risk if that link is entered as the final destination in an Oauth dialog . The Facebook Open URL Redirection vulnerability exists at landing.php  page with " url " parameter, i.e. https://facebook.com/campaign/landing.php?url=https://yahoo.com This URL will always redirects user to the Facebook 's homepage, but it is sufficient to manipulate the "url" parameter assigning a random string: https://facebo

A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links. Sophos experts detected this week an intriguing case of phishing against the Italian postal service Poste Italiane , the scheme attracted the researcher's attention due the reuse of an old social engineering trick. The brand Poste Italiane includes postal, Financial and payment services in its product portfolio and was considered top brand victims by recent F-Secure Threat report. The number of attacks against Poste Italiane is remarkable, the purpose is always to induce its customers into unwittingly submitting their credentials to fake login sites. In the recent attack criminals sent the classic email containing an HTML attachment which the recipient is enticed into opening. " To activate the "Security web Postepay " you need to : - Downlo

A new Mac OS Malware has been discovered called OSX/Leverage . A , which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user's machine. The Trojan named ' Leverage ' because the Trojan horse is distributed as an application disguised as a picture of two people kissing, possibly a scene from the television show " Leverage ". The attack launched via a Java applet from a compromised website and which drops a Java archive with the backdoor to the visitor's computer and launches it without a user intercation. To perform the attack, Malware uses two recently disclosed Java vulnerabilies  known as CVE-2013-2465 and CVE-2013-2471. Once it's installed, the Trojan connects to the C&C server on port 7777. Security vendor Intego said that Malware linked to Syrian Electronic Army (SEA) , because after installation Malware attempt to download an image associated with the Syrian Electronic A

A Russian Exploit writer and underground Hacker who goes by the handle " fil9 " put up an Android Firefox Zero-Day Exploit for Sale in an open Exploit Market. Author claims a Zero Day vulnerability in Firefox for Android, which works on Firefox versions 23/24/26 (Nightly). The advertisement was spotted by Joshua, Malware Intelligence Analyst at Malwarebytes. Hacker Selling exploit with a starting price of $460 only. According to the proof of concept video uploaded by the Hacker, the exploit forces the mobile Firefox browser to download and execute a malicious app, on just visiting a malicious link only. What's worrisome is that many major websites are compromised frequently and a large number of visitors of those hacked sites can fall victim to this attack. " The biggest problem in this situation is that Firefox automatically executes certain known files once they're downloaded, and doesn't give users an option to disable this. Without some sort of

The Syrian Electronic Army (SEA) , a pro-regime hacker group that emerged during Syrian anti-government protests in 2011, and involved in cyber attacks against western media organizations are now in the FBI's wanted list. The Federal Bureau of Investigation has issued an alert warning of cyber attacks by the Syrian Electronic Army and finally put them on its radar. " The SEA'S primary capabilities include spear-phishing, web defacements, and hijacking social media accounts to spread propaganda. " they said. The FBI also has increased its surveillance of Syrians living in the US. According to some anti-Assad activists, the group was founded by former intelligence agents and hardcore Assad supporters. SEA had compromised social media profiles for Western news organizations by sending fake email messages to news staff in an attempt to gain access to login credentials. Most recently, the group grabbed international attention after commandeering the webs

Security firm ESET has discovered  a new and effective banking trojan , targeting online banking users and designed to beat the mobile multi-factor authentication systems. Hesperbot detected as Win32/Spy.Hesperbot is very identical to the infamous Zeus and SpyEye Banking Malwares and infects users in Turkey, the Czech Republic, Portugal, and the United Kingdom. Trojan has functionalities such as keystroke logging , creation of screenshots and video capture, and setting up a remote proxy. The attackers aim to obtain login credentials giving them access to the victim's bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone. Some other advanced tricks are also included in this banking Trojan, such as creating a hidden VNC server on the infected system and can do network traffic interception with HTML injection capabilities. So far, the Trojan hasn't spread too far. The campaign was first detec

Last week, we exclusively reported that the popular messenger Viber was hacked by the Syrian Electronic Army, and Support page was defaced with the message, " The Israeli-based - Viber is spying and tracking you. " Today we found that Viber's Apple App Store description has been defaced as well. The new modified description read " We created this app to spy on you, PLEASE DOWNLOAD IT! ", It's not clear at this point if this new hack is also performed by  Syrian Electronic Army or not, but it is possible that the hackers have gained access to the other various developer-facing functions. Viber later responded after a previous attack that one of its employee's fell victim to a phishing attach and attackers could gain access to a customer support panel and support administration system, insisting that no sensitive user data was exposed. Last week, SEA was able to access the Popular messaging app Tango's website and also a World's biggest

There's a scam spreading through Twitter Direct messages (DMs) and fake emails, appealing users to visit a fake twitter phishing site i.e " twittler.com ". Scam uses a hijacked Twitter account to send out direct messages that appear completely legitimate. Security blogger, Janne Ahlberg blogged about this new phishing scam, " This is a nasty trick especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a person you know and trust, just warn him/her – the account is most likely hijacked and controlled by the attackers. " The webpage resembles a Twitter login page and is trying to obtain your Twitter login credentials with a domain name looks very similar to original Twitter.com , with two extra word "LL" in it.   To play it safe, double-check your browser address bar to make sure that's where you are on orginal website  twitter.com before logging in. If you enter your Twitter usern

Serious security vulnerability was recently discovered on the Samsung flagship Galaxy S4 device, claiming that attackers can use it to silently send text messages. Qihoo 360 Technology, an antivirus company based in China, said that this particular vulnerability is related to the " cloud backup " feature of Galaxy S4, which is not properly protected and can be abused. This vulnerability was first discovered on June 17 and already reported the issue to Samsung and the company is already in the process of developing an official update to fix the vulnerability. A rogue mobile application could contain code exploiting the vulnerability to send fraudulent scam text messages ordering premium-rate services, the firm said. By exploiting the vulnerable cloud backup feature, malware could pretend to be the identity of any contact, friend, relative, or organization when faking phishing SMS messages. When these phishing SMS messages are received, users may be tricked i

Skype … once upon a time a VOIP application considered very secure and wiretap-proof, it was the common belief that no one could intercept such communications due a complex mechanism for the management of audio / video and text streams. One day, Microsoft decided to buy the product, according to many to catch a significant portion of users fond of Skype, but according many experts the company of Redmond wasn't interested only to acquire new market share. The architecture of the popular VOIP infrastructure was improved according Microsoft, in reality it is common thought that it was implemented the possibility to intercept every conversation, as requested by US government to major service providers. The claim is that Law enforcement and intelligence agencies are today able to access the communications exchanged by Skype users and Microsoft has still not been adequately answered to various question on the matter. The German associates to H security magazine at heise Security have be

The hacktivist group Syrian Electronic Army (SEA) briefly took over the Twitter account of the satirical news publication The Onion, posting a series of anti-Israeli joke stories and an anti-Obama meme image. In a post on The Onion tech team's GitHub blog , the fake news site explains that the Syrian Electronic Army didn't wrestle control of its Twitter account using some advanced hacker scheme. The hack attack penetrated the publication with at least three methods of phishing attacks, where a false e-mail redirected people to a fake Website which then asked for Google Apps credentials. Previously the Syrian Electronic Army (SEA) has shanghaied its way into the official Twitter feeds of AP and the Guardian, using the former to post a tweet falsely claiming that there had been an explosion at the white House. Exposing details about an attack is not the normal approach companies take after they are hacked. The New York Times revealed earlier this year how Chinese hackers breac

A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when logging into a UK online banking session. The Ramnit worm was discovered in 2010, but in 2011 researchers spotted a new strain that had incorporated source code from the notorious Zeus banking trojan. Cyber criminals are stepping up their use of social engineering techniques to bypass increasingly security-aware users of online banking and e-commerce sites.   The malware reportedly avoids detection by going into an idle sleep mode until its intended victim logs into their online bank account, at which point it activates and presents them with a fraudulent phishing message. Ramnit circumvented the OTP feature at the target bank using a 'Man in the Browser' attack to in

The Guardian's Twitter accounts have been taken over by pro-Syrian government hackers ' Syrian Electronic Army ' , who previously targeted the Associated Press BBC , al-Jazeera, the Qatari government and National Public Radio in the United States, as well as France 24 TV. " We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this ," a Guardian spokesperson said. Nine bogus tweets were broadcast in an hour, including some with anti-Israeli sentiments, and others saying " Long Live Syria " and " Syrian Electronic Army Was Here ".  Cyber-security experts believe the SEA have targeted a series of western media organisations in an apparent attempt to cause disruption and spread support for President Bashar al-Assad's regime, which has been under increasing Western pressure to end an ongoing bloody civil war in Syria. The group's domain names were apparently registered by the Syr

FireEye experts have been tracking the Operation Beebus campaign for a few months now, and new same gang of hackers are being blamed for a set of recently discovered spear-phishing attacks that aim to steal information related to American drones . These attacks exploited previously discovered vulnerabilities via document files delivered by email in order to plant a previously unknown backdoor onto victim systems. Operation Beebus is an APT-style attack campaign targeting government agencies in the United States and India as well as numerous aerospace, defense, and telecom industry organizations. FireEye Labs has linked the attacks to the China-based Comment Group hacker collective (a prolific actor believed to be affiliated with the Chines government), and Operation Beebus. " The set of targets cover all aspects of unmanned vehicles, land, air and sea, from research to design to manufacturing of the vehicles and their various subsystems. Other related malware have been discov

Spammy Facebook apps are nothing new, the web giant has been dealing with suspicious behavior apps since the website launched the Facebook Platform for developers in 2007. As an open source app development tool, anyone can create an app, including people who really just want to steal your information, and your money. With cyber crime  including identity theft, on the rise, more Facebook users should begin to pay closer attention to what they click on, especially if it is shared in a spammy way. Sophos reports that nearly 60,000 people have clicked on one scam in particular, which is one that promises to allow you to see who has viewed your profile. The app automatically posts a comment to the users timeline, and sometimes posts as a photo with the message ' OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile ! on (link here). ' The app does not actually allow users to see profile views but instead leads them, and anyone who clic

Once again Google Security Team Shoot itself in the foot. Ansuman Samantaray , an Indian penetration tester discovered a small, but creative Security flaw in Google drive that poses phishing threat to million of Google users was ignored  by Google Security team by replying that," It is just a mare phishing attempt,not a bug in Google ". According to Ansuman , he reported a JavaScript Script Execution vulnerability in Google Drive Files on 20th December 2012 to Google Security Team and but Google rejected the report on 21st December. Ability to execute malicious script through Google drive files poses security threats, not just phishing attack, but an attacker able to extends the attack to malware spreading, etc. The flaw exist in the way Google Drive preview the documents in the browser. Online preview of the files executing code written in doc files as HTML/JavaScript just by changing the value of a parameter called " export " in the URL. ie.  

Another phishing campaign come in action recently targeting Facebook accounts and company pages with millions of followers. Phishers continue to devise new fake apps for the purpose of harvesting confidential information. Not a new method, but very creative phishing example in Facebook hacking scene, where hacker host a phishing page on Facebook app sub domain itself. Designed very similar to Facebook Security team with title ' Facebook Page Verification ' and using Facebook Security Logo as shown in the screenshot posted above. Phishing app URL: https://apps.facebook.com/verify-pages/ Application hosted on:   https://talksms.co.uk/ The phishing page asking users to enter Page URL and Page Name that victim own and his Facebook login email ID with password. Once victim trapped in hacker web, the phisher records your information. Another interesting fact is that, the phishing domain https://talksms.co.uk/ is a HTTPS site with with verified SSL from GeoTrust