server hacking | Breaking Cybersecurity News | The Hacker News

Cryptographer Professor Jean-Jacques Quisquater has become the part of a targeted attack by the US National Security Agency (NSA) and its British counterpart GCHQ, first reported on Saturday morning by De Standaard . A few months back in September 2013 it was revealed that, Belgacom , the largest telecommunications company in Belgium was hacked and number of employees on Belgacom's network, including their servers were compromised. Later in November 2013 , it was revealed that the NSA and GCHQ were behind the infiltration of the company's computers, according to the document provided by the former NSA contractor Edward Snowden . The document detailed that the British intelligence agency GCHQ created fake ' LinkedIn ' and ' Slashdot ' pages to spy on computers of Belgacom network engineers. They used a method called " quantum insert ", to redirect employees to fake websites that contained malware using Man in the middle attack to a spoofed server ( codenamed "

Facebook has paid out its largest Bug Bounty ever of $33,500 to a Brazilian security researcher for discovering and reporting a critical Remote code execution vulnerability, which potentially allows the full control of a server. In September, ' Reginaldo Silva' found an XML External Entity Expansion vulnerability affecting the part of Drupal that handled OpenID, which allows attacker to read any files on the webserver. As a feature, Facebook allows users to access their accounts using OpenID in which it receives an XML document from 3rd service and parse it to verify that it is indeed the correct provider or not i.e. Receives at https://www.facebook.com/openid/receiver.php  In November 2013, while testing Facebook's ' Forgot your password ' functionality, he found that the OpenID process could be manipulated to execute any command on the Facebook server remotely and also allows to read arbitrary files on the webserver. In a Proof-of-Concept ,

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

In 2013, we have seen a significant increase in the use of a specific distributed denial of service (DDoS) methodology known as Distributed Reflection Denial of Service attacks (DrDoS). Open and misconfigured DNS (Domain Name System) can be used by anyone to resolve domain names to IP addresses are increasingly abused to launch powerful DDoS attacks. But not only the DNS servers, Security Researchers at Symantec  have spotted Network Time Protocol (NTP) reflection DDoS attacks being launched by cyber criminals during the Christmas Holidays. ' Network Time Protocol (NTP) ' is a distributed network clock time synchronization protocol that is used to synchronize computer clock times in a network of computers and runs over port 123 UDP. NTP is one of those set-it-and-forget-it protocols that is configured once and most network administrators don't worry about it after that. Unfortunately, that means it is also not a service that is upgraded often, leaving it vulnerable to th

File transfer services such as FTP or HTTP has been the most common way of file transfer for business requirements. Typically what a file transfer means is that a file transfer protocol such as FTP or HTTP is used to send the stream of bits stored as a single unit in a file system including file name, file size, timestamp and other metadata from one host to another host over a TCP-based network such as the Internet. But this process is not foolproof. FTP, by itself, is not a secure file transfer protocol and it has a lot of security vulnerabilities. It's a known fact that FTP doesn't provide any encryption for data transfer. Most of the times, the requirement in any business is pretty simple: to transfer files between two endpoints in different locations, and the parties involved do not think much about how secure the file transfer process is going to be. Using FTP for official file transfer can leave your data transmission exposed to many security attacks: FTP Bounce Attack Gener

Takashi Katsuki, a researcher at Antivirus firm Symantec has discovered a new cyber attack ongoing in the wild, targeting an open-source Web server application server Apache Tomcat with a cross platform Java based backdoor that can be used to attack other machines. The malware, dubbed as " Java.Tomdep " differs from other server malware and is not written in the PHP scripting language. It is basically a Java based backdoor act as Java Servlet that gives Apache Tomcat platforms malicious capabilities. Because Java is a cross platform language, the affected platforms include Linux, Mac OS X, Solaris, and most supported versions of Windows. The malware was detected less than a month ago and so far the number of infected machines appears to be low. You may think that this type of attack only targets personal computers, such as desktops and laptops, but unfortunately that isn't true. Servers can also be attacked. They are quite valuable targets, since they are usu

Cyber security of many organizations being attacked at an extremely high rate this month, well another alarming cyber crime report become public today. A widely unpatched and two years old critical vulnerability in JBoss Application Server (AS) that enable an attacker to remotely get a shell on a vulnerable web server. JBoss Application Server is an open-source Java EE-based application server very popular, it was designed by JBoss, now a division of Red Hat. In late 2012, JBoss AS was named as " wildFly ", since disclosure of the exploit code many products running the affected JBoss Application Server have been impacted, including some security software. Tens of thousands of enterprise data center servers are vulnerable to this attack, with at least 500 actively compromised, according to the Imperva report. Many systems administrators have yet to properly configure their servers to mitigate the threat, and the number of potential targets has increased over

It should be the busiest day of the year for your business, but your website has just disappeared off the Internet and orders have dried up. If this happens to you, then you likely just become yet another victim of a distributed denial of service (DDoS) attack . By now, everyone who uses the Internet has come across DDoS attacks . It is one of the oldest attack technologies on the web, and a popular way of paralyzing the huge data centers. Just yesterday we have reported about a massive 100Gbps DDoS attack that hit World's 3rd Largest Chinese Bitcoin exchange for 9 hours. Arbor Networks, a leading provider of DDoS and advanced threat protection solutions, today released data on global distributed denial of service (DDoS) attack trends for the first three quarters of 2013, revealed that this kind of attack still represents a serious menace for IT security communities.  The document provides an interesting overview into Internet traffic patterns and threat evolutio

LeaseWeb , one of the World's largest hosting provider has been defaced by Palestinian hackers, named as KDMS Team . LeaseWeb was also hosting provider for one of the biggest file-sharing website Megaupload in the past. Later Megaupload Founder, Kim Dotcom claimed that  Leaseweb had deleted all Megaupload user data from 690 servers without warning. The hacker group replaced the Homepage of the website for just a few hours with an Anonymous Palestine , homepage titled " You Got Pwned " and the defacement message says: Hello Lease Web Who Are You ? Who is but the form following the function of what and what are you is a hosting company with no security KDMS Team : Well ,, We Can See That :P We noticed that Attacker has just changed the DNS server to point the Domain to another server at 67.23.254.6, owned by the attacker. At the time of writing, Leaseweb team resolved the issue and get their Domain back to the original server . But because the hac

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network resources for various types of devices and users.  The reported flaw affects Cisco Secure ACS for Windows versions 4.0 through 4.2.1.15. Successful exploitation requires that Cisco Secure Access Control Server is configured as a RADIUS server EAP-FAST authentication. The Cisco Security advisory said: " The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server ," The newly patched vulnerabili

OpenX, a leading provider of digital and mobile advertising technology has accordingly served backdoors that are injected into the Code and allows hackers to control over your Web server. German tech site the Heise notified Germany's computer emergency response team (CERT) this week about the OpenX Ad Server (2.8.10) backdoor, allowing an attacker to execute any PHP code via the "eval" function  and could have provided attackers full access to their web sites. The OpenX team has confirmed the breach  and OpenX senior application security engineer Nick Soracco said that two files in the binary distribution of 2.8.10 had been replaced with modified files that contained a remote code execution vulnerability . The attack code is written in PHP but is hidden in a JavaScript file that is part of a video player plugin ( vastServeVideoPlayer ) in the OpenX distribution. This vulnerability only applies to the free downloadable open source product, OpenX Source.

Underground sites more commonly offer access to networks of compromised machines or stolen credit card information. Webroot has uncovered a criminal underground store dedicated to selling access to more than tens of thousands of hacked legitimate websites. Their customers can buy an administrator account or shell access in a hacked website, at cheap price i.e. $0.5 to $10 and then allows to perpetrate criminal activities from it, distribute malware, install a botnet  command & control infrastructure, upload illegal content, send spam, and so on. In Screenshots Researchers shows an underground market proposition, whose inventory is currently listing over 6000 compromised/hacked shells internationally. Sites are listed based on the price, page rank, age of the domain, Alexa ranking, language, and number of pages indexed by Google. The site promised access to any number of the compromised websites and the store seems to be quite profitable. The website found to be

Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc , Hackers are exploiting a known and patched vulnerability in coding language Ruby on Rails, which allows a remote user to edit the web server's crontab to download a file to the /tmp directory where it is compiled and executed. The exploit that is currently being used by attackers adds a custom cron job (a scheduled task on Linux machines) that executes a sequence of commands. " Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers ," Jarmoc blogged. " There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands ." The original fla

22 million Yahoo! Japan's user IDs may have been stolen during an unauthorised attempt to access the administrative system of its Japan portal. " We don't know if the file of 22 million user IDs was leaked or not, but we can't deny the possibility given the volume of traffic between our server and external terminals ", Yahoo said. The information did not include passwords and the kind of data necessary to verify a user's identity or reset passwords, it said, adding that the company had updated its security measures to prevent a repeat of the incident. In 2011, Sony said information such as usernames, passwords and birth dates of more than 100 million people may have been compromised after hackers struck the PlayStation Network and Sony Online Entertainment services. Japan acknowledges that its preventative measures against cyberattacks remain underdeveloped, with the national police agency having announced this month it would launch a team to analyze and combat cyberatt

In recent months the DDoS world has shifted from complex small scale Botnet attacks to much larger network based DDoS attacks , perpetrated largely by hijacked web servers. How many of these hijacked servers are out there remains to be seen. However, Incapsula recently got a very good idea of just how large these DDoS cannons are getting. Last Saturday Incapsula mitigated a rather small, 4Gbps DDoS attack, but this time it had a different pattern that attracted our attention. At first sight the attack seemed rather simple, generating 8 million DNS queries per second, to many domains, from spoofed IP addresses (using real domain name servers' IPs). But this time it included a hint about where it was coming from: all that traffic was coming from the same source. Probably on the same network, maybe even the same device. Tracing it to a single Source - TTL Giveaway Incapsula were able to trace the attack to a single source because this time the attackers slipped-u

Incapsula announced this week that they're offering an intriguing Backdoor Protection feature for sites using their cloud-based website security and performance services. What's a Backdoor? A backdoor is a malicious function that enables hackers to remotely operate a site or server, even after whatever exploit they used for initial access has been patched. Installing a backdoor is often the first thing a hacker will do after gaining access to your site - so if you've been hacked before, there's a good chance you've already got one. Hackers love backdoors because they provide easy return access to the site. Once installed, backdoors can used to distribute spam and malware, launch distributed denial of service (DDoS) attacks, or to help steal valuable data like credit card numbers. Recently, Incapsula reported how during the ongoing DDoS attacks against United States banks, a backdoor was used to turn a compromised site into a unwilling foot-soldier in the hackers Zombie Bo

Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.1.9.95 SSH Tectia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely. Description :  An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the "SSH USERAUTH CHANGE REQUEST" routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication. Download Exploit Code : Click Here A default installation on Linux (version 6.1.9.95 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it :) Command Source : https://goo.gl/BHqWd

This morning I received the news of new attacks against Adobe, an Egyptian Hacker named ViruS_HimA hacked into Adobe servers and leaked private data. The hacker claims to have violated Adobe servers gaining full access and dumping the entire database with more of 150,000 emails and hashed passwords of Adobe employees and customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and many other companies. The leaked file contains a list of for each account the following information: Firstname Lastname Title Phone Email Company Username Password hash The hacker declare that his intent was far from to destroy the business of the company, that's why he posted data leaked related only to Adobe, and belonging the domains "*.mil" and ".gov". Which is the motivation of the attack? The attack hasn't a politic motivation, ViruS_HimA desire to demonstrate that despite Adobe is one of the most important company in IT l