The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: vulnerability assessment

Oracle Database stealth password cracking vulnerability

Oracle Database stealth password cracking vulnerability

September 20, 2012Mohit Kumar
Oracle suffered with serious vulnerability in the authentication protocol used by some Oracle databases. This Flaw enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user's password. A researcher - Esteban Martinez Fayo, a researcher with AppSec tomorrow will demonstrate a proof-of-concept attack. Martinez Fayo and his team first reported the bugs to Oracle in May 2010. Oracle fixed it in mid-2011 via the 11.2.0.3 patch set, issuing a new version of the protocol. " But they never fixed the current version, so the current 11.1 and 11.2 versions are still vulnerable ," Martinez Fayo says, and Oracle has no plans to fix the flaws for version 11.1. The first step in the authentication process when a client contacts the database server is for the server to send a session key back to the client, along with a salt. The vulnerability enables an attacker to link a specific session key with a specific password hash. Th
Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

September 19, 2012Mohit Kumar
Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer browser is being actively attacked in the wild. Four active exploits of a zero-day vulnerability in the browser exists. Microsoft will push out an out-of-cycle Windows patch to temporarily fix the critical Internet Explorer flaw. Security researcher Eric Romang identified the exploit code on a server used by the "Nitro" hacking group, believed to have exploited the Java zero-day vulnerability reported last month.  Security firm Rapid7 advises that Internet users try a different Web browser. The malware may be linked to an ongoing attack on companies that has been dubbed "Nitro", and was first discovered in October by Symantec. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability , similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT)
Android 4.0.4 multiple Zero-Day Vulnerabilities

Android 4.0.4 multiple Zero-Day Vulnerabilities

September 19, 2012Mohit Kumar
The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone, security researchers demonstrated during the Mobile Pwn2Own contest in Amsterdam. Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications). NFC is a technology that allows data to be sent over very short distances. For mobile devices, the protocol allows digital wallet applications to transfer money to pay at the register. While the technology has been slow to take off, despite the adoption by Google for its Wallet payment application, a number of recent high-profile announcements have boosted its adoption. " Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability
WhatsApp vulnerability can be misused for Spreading Malware

WhatsApp vulnerability can be misused for Spreading Malware

September 13, 2012Mohit Kumar
A Cross site scripting (XSS) vulnerability in WhatsApp website reported to The Hacker News by Edgard Chammas. WhatsApp is one of the most famous cross-platform mobile messaging app for iPhone, BlackBerry, Android, Windows Phone and Nokia used to send text, video, images, audio b/w Whatsapp users. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users. Reported vulnerability exist on payment procedure page as shown in above picture. The Sample code given below to demonstrate the vulnerability. Recently, there has been an increase in web malware and spam activities and such vulnerabilities can be misused by attackers to spread Malwares and rogue applications. Edgard also demonstrate that How this can be used to trick users to download a fake application (Malware - WhatsApp.apk) from o
Plugx RAT targeting government organizations in Japan using spear phishing

Plugx RAT targeting government organizations in Japan using spear phishing

September 11, 2012Mohit Kumar
Roland Dela Paz (Threat Researcher) at TrendMirco reported that last year a Malware Campaign to target specific users in Japan, China, and Taiwan once again on rise using new breed of Remote Access Tool (RAT) called Plugx (also known as Korplug). This new custom made version comes for less recognition and more elusiveness from security researchers. He also mention that last year campaign used the Poison Ivy RAT, but now its Plugx take its place. " Similar to previous Poison Ivy campaigns, it also arrives as an attachment to spear-phished emails either as an archived, bundled file or specially crafted document that exploits a vulnerability in Adobe Acrobat Reader or Microsoft Office. We've also encountered an instance of Plugx aimed at a South Korean Internet company and a U.S. engineering firm ." Roland mentioned . The attached pdf exploits CVE-2010-2883 (with  Plugx  (RAT) payload connects to a command and control (C&C) server named {BLOCKED}eo.flower-show.org. CVE-2
CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

September 08, 2012Mohit Kumar
Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS. The new attack has been given the name CRIME by the researchers.The CRIME attack is based on a weak spot in a special feature in TLS 1.0, but exactly which that feature is has not been revealed by the researchers. They will say that all versions of TLS/SSL including TLS 1.2, on which the BEAST attack did not work are vulnerable. Once they had the cookie, Rizzo and Duong could return to whatever site the user was visiting and log in using her credentials. HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. But the new attack, devis
Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

September 08, 2012Mohit Kumar
The infamous Aurora Trojan horse is just one of many attacks launched by the same group of malware authors over the past three years, according to researchers at Symantec. Security researchers with Symantec have issued a report outlining the techniques used by the so-called " Edgewood " hacking platform and the group behind it. The group seemingly has an unlimited supply of zero-day vulnerabilities. The company said that the group is well-funded and armed with more than a half-dozen unpublished security vulnerabilities. " They are definitely shifting their methodology, and there are open questions about why that is ," said Eric Chien, senior technical director for Symantec's security response group. " They may be finding that older techniques are no longer working ." " The number of zero-day exploits used indicates access to a high level of technical capability. "The researchers said that the group appears to favour "watering hole&quo
#Antisec Hackers hack FBI laptop and leak 12 Million Apple Device Records

#Antisec Hackers hack FBI laptop and leak 12 Million Apple Device Records

September 04, 2012Mohit Kumar
The hacker group AntiSec released a file of a million and one UDIDs unique device identifiers which it claims to have hacked it off an FBI computer via a Java vulnerability. UDIDs are unique IDs for iPhone, iPad and iPod Touch devices. They said they obtained the file in March by hacking into the laptop of a Federal Bureau of Investigation agent in the bureau's New York field office. In an unusually lengthy note on Pastebin , a member of AntiSec said the group had culled some personal data such as full names and cell numbers from the published data. Instead, the group said it published enough information such as device type, device ID and Apple Push Notification Service tokens to let users determine whether their devices are on the list. The hackers issued a statement saying: ' During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was
New Ransom malware infecting computers

New Ransom malware infecting computers

September 03, 2012Mohit Kumar
The Metropolitan Police have issued an urgent warning about a new ransom malware that is in circulation. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. " The "malware" infects personal computers after users have accessed certain websites. *(It should be noted that there are several similar designs currently in circulation) " Ransomware typically propagates like a typical computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload which will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is th
Critical buffer overflow vulnerability in Photoshop CS6

Critical buffer overflow vulnerability in Photoshop CS6

September 01, 2012Mohit Kumar
Adobe has released an update for Photoshop CS6 that closes a critical heap-based buffer overflow vulnerability ( CVE-2012-4170 ) in its popular graphics editing program. Both the Mac and Windows versions of Photoshop CS6 (aka Photoshop 13.0) contain a critical vulnerability that could allow an attacker to take control of affected systems. Furthermore, company officials say Adobe is unaware of any attacks against this vulnerability.That said, the Photoshop 13.0.1 update contains 75 other bug fixes, including 31 for problems known to cause crashes, 18 pertaining to 3D features, and 15 for drawing and graphics features. Adobe said that users and administrators can download and install the patch by lunching the "update" tool within the Photoshop help menu.The company credited a pair of Secunia researchers in discovering and reporting the flaw directly. According to a Secunia advisory , the problem is caused by a boundary error in the "Standard MultiPlugin.8BF" modul
security researchers found yet another vulnerability in JAVA after update

security researchers found yet another vulnerability in JAVA after update

August 31, 2012Mohit Kumar
Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed. Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit. Security Explorations sent a report about the vulnerability to Oracle on Friday together with a proof-of-concept exploit, Adam Gowdiak, the security company's founder and CEO said Friday via email. The compa
Air Force openly Seeks Offensive Cyber Weapons

Air Force openly Seeks Offensive Cyber Weapons

August 31, 2012Mohit Kumar
The Air Force Life Cycle Management Center posted a broad agency announcement recently, calling on contractors to submit concept papers detailing technological demonstrations of 'cyberspace warfare operations' capabilities.  Air Force is seeking to obtain the abilities to 'destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain for his advantage' and capabilities that would allow them to intercept, identify, and locate sources of vulnerability for threat recognition, targeting, and planning, both immediately and for future operations. According to the document the issuing Program Office "is an organisation focused on the development and sustainment of Cyberspace Warfare Attack capabilites that directly support Cyberspace Warfare capabilities of the Air Force." Technologies that can map data and voice networks, provide access to the adversary's information, networks, systems or devices, manip
Oracle releases patches for Java vulnerability CVE-2012-4681

Oracle releases patches for Java vulnerability CVE-2012-4681

August 31, 2012Mohit Kumar
Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers. " Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible ," Eric Maurice, the company's director of software security assurance. The out-of-band Security Alert CVE-2012-4681 includes fixes for "three distinct but related vulnerabilities and one security-in-depth issue" affecting Java running within the browser. Users with vulnerable versions of Java installed can have malware silently planted on their systems just by browsing to a hacked or malicious website unknowingly.Java is a free programming language widely used to enable every day programs and website elements to function, including some games, apps and chat, as well as enterprise apps. The attacks using this vulnerability so far have been Windows-based, the exploit was demonstrated on other platforms supported by Java
FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

August 27, 2012Mohit Kumar
FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.Researcher. Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China. The vulnerability allows computers to be infected by simply visiting a specially crafted web page, and the malware served in the current attacks contacts a C&C server in Singapore. Researchers from heise Security have also created a PoC page using information that is publicly available. A separate post published on Monday by researchers Andre M. DiMino and Mila Parkour said the number of attacks, which appear to install the Poison Ivy Remote Access Trojan, were low. But they went on to note that the typical delay in issuing Java patches, combined with the circulation of exploit code, meant it was only a matter of time until the vulnerability is exploited more widely by other attackers.
Half Million Chinese Android Devices got infected with SMSZombie

Half Million Chinese Android Devices got infected with SMSZombie

August 21, 2012Mohit Kumar
The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat has affected 500,000 devices in China so far. Analysts at TrustGo Security Labs have discovered the Trojan!SMSZombie.A. It is a complex and sophisticated malware that exploits a vulnerability in the China Mobile SMS Payment System to fund unauthorised payments, steal bank card numbers and receipt information regarding money transfers. The trojan is difficult to detect, and even more difficult to remove.  SMSZombieA was first discovered on August 8, and the malware is embedded in several wallpaper apps. The wallpaper apps are noted to use provocative titles and nude images to encourage users to download. The trojan installs itself on a device after its user has downloaded and installed the app
Security Firm Reveals Flaw in Dirt Jumper Bot

Security Firm Reveals Flaw in Dirt Jumper Bot

August 16, 2012Mohit Kumar
A team of researchers has discovered a weakness in the command-and-control infrastructure of one of the major DDoS toolkits, Dirt Jumper, that enables them to stop attacks that are in progress. The command and control (C&C) servers of the Dirt Jumper DDoS toolkit can be compromised and, in principle, completely taken over via SQL injection holes. SQL injection involves inserting database instructions in unexpected and unprotected places, effectively taking charge of a web application's database from the outside. According to the Prolexic report, the open source penetration testing tool sqlmap can be used to dump the contents of Dirt Jumper's database configuration file in a matter of seconds, revealing administrative usernames and passwords. The company's research includes Dirt Jumper v.3, Pandora and Di BoT. According to Prolexic, the Dirt Jumper family of DDoS botnet kits was originally authored by an individual who uses the handle 'sokol.' Various versions of Dir
CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

July 24, 2012Mohit Kumar
Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug. Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim's cookies of a domain of the attacker's choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains. Upon success, a sub-domain points to the attacker's IP, which enables the latter to steal wild card
CVE-2012-0217 - Intel SYSRET FreeBSD Privilege Escalation Exploit Released

CVE-2012-0217 - Intel SYSRET FreeBSD Privilege Escalation Exploit Released

July 24, 2012Mohit Kumar
The Vulnerability reported on 06/12/2012, dubbed as " CVE-2012-0217 " - according to that Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. Inj3ct0r team today released related private exploit on their website , which allow normal FreeBSD users to Privilege Escalation. All systems running 64 bit Xen hypervisor running 64 bit PV guests onIntel CPUs are vulnerable to this issue. However FreeBSD/amd64 running on AMD CPUs is not vulnerable to thisparticular problem.Systems with
Hack a Server - The man behind the idea

Hack a Server - The man behind the idea

July 24, 2012Mohit Kumar
" Choose a job you love, and you will never have to work a day in your life " said Confucius. These would be the words that describe Marius Corîci the most. In 2003 he started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing installations retailer from South-Eastern Europe. In 2007 he moved into Artificial Intelligence field and founded Intelligentics, a group for Natural Language Processing. Now, he is very focused on infosec and got involved in all the biggest independent security projects in Romania: S3ntinel , Hack Me If You Can , Hack a Server and DefCamp . Marius considers himself a serial entrepreneur and is very passionate about Artificial Intelligence. Never a quitter, always a perfectionist, looking for challenges that will change the world we live in. He believes in people and the power of great teams, and he intends to start blogging in the near future. What determined you to shift your attention towar
Reliance Communications Server Compromised with Information disclosure Vulnerability

Reliance Communications Server Compromised with Information disclosure Vulnerability

July 22, 2012Mohit Kumar
Hacker with nickname " mr.hack3r420 " has successfully compromise the web server of Reliance Communications ( rcom.co.in ) as shown in image ( screenshot taken by THN team and we make link hidden to save site from further misuse of damage ). Hacker most probably get this access because of Information disclosure Vulnerability in Reliance website.Most of the Folders on website are visible to everyone publicly and there is a interesting file called "Upload_AppId_VId.php" available , using which hacker may be able to upload his own php shell on the server to get access to FTP and Linux User account. This is not the first time Reliance become the victim, a few months back, hacker named "ISAC" was able to access  Reliance Communications ISP  server, and he release the list of all blocked sites by Reliance to Protest against Internet Censorship.
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.