Tuesday, 29 January 2013

US host maximum number of botnet servers in the world

US host maximum number of botnet servers in the world
According to new data from McAfee, US is responsible for the highest number of botnet servers in the world. A botnet describes a group of computers that have been compromised by malware. As such, these computers, or zombies, can be controlled by cyber criminals to send out spam, viruses, and even distributed denial-of-service attacks to other computers.

A total of 631 botnet control servers are actually hosted in the Land of the Free, which is hardly surprising as the US is still the Mecca for cheap hosting. The British Virgin Islands ranked second, with 237 servers. The global distribution of active botnet control servers can be seen in image.

SCADA lovers releases password brute-force tool for Siemens S7 PLCs& iOS install priated apps without jailbreak

Two SCADA security researchers Alexander Timorin, Dmitry Sklyarov releases a offline password brute-force tool for Siemens S7 PLCs (programmable logic controllers). ICS-CERT has issued a pdf regrading the issue and availability of the proof-of-concept exploit code on Pastebin. In order to be able to use the tool, an attacker must first capture TCP/IP traffic containing the authentication data in the challenge-response form, and then by using the script, tries out different passwords until it finds a match. The possibility exists that this code may be modified to be used against other vendor products.
Hackers abusing iOS feature to install pirated apps without jailbreak
A new service has found a way to let users install pirated iPhone and iPad apps without the need for an iOS jailbreak. This was made possible by certain Chinese app store-like services. Question is, How ? The features that allow enterprises to deploy their own custom apps have now been abused to deliver pirated apps to users. This is now opening the door for piracy on millions of Apple devices and increase in number of fake, malware apps. The iOS app may try to send out some personal privacy information to external server which creates privacy data leakage problem. Mobile private information leak always starts from installing malicious app on the device, either its iOS or Android. TrendMicro Report on mobile security issues.

SSH Backdoor accounts in multiple Barracuda Products

Firewall, VPN and spam filtering products from Barracuda Networks contains hidden hard coded backdoor ed SSH accounts, that allow any hacker to remotely log in and root access sensitive information.
According to an advisory published by Stefan Viehböck of SEC Consult Vulnerability Lab reported the vulnerabilities in default firewall configuration and default user accounts on the unit. Barracuda were informed of the vulnerabilities at the end of November.
All Barracuda Networks appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected i.e Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda SSL VPN, CudaTel.
Barracuda recommended that all customers immediately update their Barracuda security definitions to v2.0.5, ensure the products' security definitions are set to on, and check that they're using the most recent firmware. In an attempt to limit access to the backdoor, Barracuda added network rules which only allow access to SSH from certain IP addresses.

Hackers targeting Africa Nigeria inclusive a new security threats ....

team ghostshell

The Hacktivist group Team GhostShell today exposes data including 700,000 accounts / records from African universities and businesses during a campaign named ProjectSunRise.

Hacker mention, "GhostShell's new project focuses on Africa, mainly, for the time being, South Africa and to some extent other countries from the continent, such as Algeria, Nigeria, Kenya and Angola."

In this new campaign hackers have targeted a many companies and universities i.e Angola's National Diamond Corporation, Ornico Marketing, Moolmans Africa Mining Corporation, South African Express Petroleum, State University, Kenyan Business Directory, PostNet Internet Services and also PressOffice linked to BidOrBuy which is South Africa's largest online store.

Hacker release Mysql databases dumps of all these sites via pastebin notes. Hackers said, "Companies like Anglo American have decimated our vast natural resources and have paid our local workers next to nothing. In a result of that they have become angry leading to multiple strikes that have crippled our economy. But you must be thinking, strikes mining industries pah! A fast developing country like South Africa should be able to shake that off with all that 1st world investment they are getting! But corrupt politicians from both the ANC and the DA have put the country into a spiralling economic disaster!"

Team Ghostshell also declare that under a new operation #OpSAfrica with Anonymous Group they will fight against corruption and will make all knowledge free and help South Africa out of crime, corruption and poverty.

Before this Team Ghostshell hack and leak 120,000 records from Major Universities Around the Globe and leaked, 2.5 million records from Russian government and 1.6 million accounts from major organisations.

Cyber 9/11 may be on horizon, Homeland Security chief warns

With the possibility of a massive cyberattack hitting the U.S. in the near future, Homeland Security Secretary Janet Napolitano urges the government to pass cybersecurity legislation. Homeland Security Secretary Janet Napolitano warns that a massive cyberattack on the nation's infrastructure could happen "imminently."

The head of Homeland Security announced today that she believes a "cyber 9/11" could happen "imminently," according to Reuters. If such an event were to occur it could cripple the country -- taking down the power grid, water infrastructure, transportation networks, and financial networks.

"We shouldn't wait until there is a 9/11 in the cyber world," Homeland Security Secretary Janet Napolitano said during a talk at the Wilson Center think tank today, according to Reuters. "There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage."

Napolitano was referring to the possibility of Congress passing cybersecurity legislation. Several elected officials have been working to get a cybersecurity law passed for years, but have repeatedly run into road blocks.

Sen. Joseph Lieberman spent years fighting unsuccessfully for a so-called Internet kill switch that would grant the president vast power over private networks during a "national cyberemergency." Currently, he is working to get Senate to pass a more modest version of his proposal. By the same token, President Obama also signed an executive order last July that could give the government control over the Internet in an emergency.Defense Secretary Leon Panetta has also strongly advocated for increased governmental cybersecurity. During his first major policy speech on cybersecurity last October, he echoed previous statements that the United States is facing the possibility of a "cyber-Pearl Harbor" perpetrated by foreign hackers.

"A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11," he said during a speech. "Such a destructive cyber terrorist attack could paralyze the nation."

According to Reuters, Napolitano said today that a massive cyber attack could cause the same amount of damage as last year's Superstorm Sandy, which downed electricity and information networks throughout the Northeastern U.S.

"The clarion call is here and we need to be dealing with this very urgently," Napolitano said. "Attacks are coming all the time. They are coming from different sources, they take different forms. But they are increasing in seriousness and sophistication."

Visa Issues ATM Cash-Out Warning

Card Issuers Alerted to Organized Global Fraud Schemes

Visa has issued an advisory to U.S. payment card issuers, advising them to be on alert for suspected ATM cash-out fraud schemes. Visa could not be reached for comment about the Jan. 10 advisory. But a copy of the advisory was obtained from an executive at a top-tier issuing institution who asked not to be named. The advisory states international law enforcement agencies have determined global ATM cash-out schemes could be on an upswing, based on a recent case involving a limited number of stolen payment cards used to conduct thousands of withdrawals at ATMs in numerous countries over the course of a single weekend.

Card issuers have been asked to increase their monitoring of ATM traffic and report any suspicious activity, especially ATM withdrawals involving prepaid cards.

Meanwhile, FICO Card Alert Service, which analyzes card transactions across a network of 11,000 institutions to detect counterfeit card use, issued an alert to its member banks and credit unions the week of Jan. 14 about ATM cash-outs. In the alert, FICO notes that fraudulent ATM withdrawals in certain northeastern U.S. cities had been identified by law enforcement, and a global connection was suspected.
ATM Cash-outs

ATM cash-out schemes involve a coordinated effort to make withdrawals at multiple ATMs over a short period of time, typically within hours of each other. Fraudsters collect card numbers and PINs over time - either through skimming attacks, network hacks or purchases in underground carding forums - and hold the information until they reach a relatively massive number.

Fraudsters create fake cards with the stolen details and then use the cards at multiple ATMs simultaneously or within a short period of time in an effort to make numerous withdrawals before fraud-detection systems pick up on suspicious activity.

What is a Web Application Penetration Testing?

A penetration test is a method of evaluating the security of a computer system or network by simulating
an attack. A Web Application Penetration Test focuses only on evaluating the security of a web application The process involves an active analysis of the application for any weakness, technical flaws or vulnerabilities. Any security issues that are found will be presentd to the system owner together with an assessment of theor impact and often with a propsal for mitigation or a technical solution.

In a perfect world, we would all learn about preventing hack attacks before they happen. But sometimes the hack happens first and the lessons come second. This is the tale we are talking about today – based, in true Hollywood tradition, on a true story.

The lead in this story is a mid-sized organization – large enough that its website plays an important public role in operations but small enough that the few full-timers are very busy and there is no budget for any dedicated IT staff.