Thursday, 7 March 2013

This leads to one question who is next?

 You dont have to wait till you are a victim you can prevent this hack attacks.

This reminds me of a major cyber attack that took place in Ghana before the incident they have been warned times without number, but unfortunately after over 8 months some groups struck the  site and hacked them leading to loss over $50,000 dollars.

Recently a well known ISP provider  Nigeria had a vulnerability in their web application. I sent a mail stating their vulnerability but till date nothing has been done so far. The worst aspect is alot of online transaction which takes place on this application . So if they haven't checked their web application using the Top Ten Vulnerabilities then they should not use online payment in the first place. If some groups get hold of this website dump the customer details and Payment info: like credit cards of customers. The problem is they may not notice that for a long time.

My advice to anyone having a website is to try to secure the website, even if you dont do online transaction on it, your site could be used to do other malicious activities if you are careless with the security.

For those who dont know the technical know how on implementing security you can contact Information security professional in your location feel free to contact me for further information.

There are ways in which you can guard your website, by placing an alert this will notify you when something malicious is going. But before that could be implemented one has to be sure the application is tested and secure. Cause there is no point in having a security man at the gate when there are holes in the fences which the thief could enter from rather than using the main gate.


Multiple Venezuela Government sites hacked by Hmei7

The Indonesian top defacer, Hmei7 continuing his mass defacement journey.  Today, he managed to breach multiple Venezuela Government websites. he hacked Venezuela government websites : The Mayoralty Salias(, SITSSA - Integral System of Surface Transport SA (, As usual, the hacker simply uploaded a x.txt file in the hacked site instead of defacing the main page. The defacement page has a simple message "hacked by hmei7". Earlier this year, the hacker defaced more than 5000 websites with in two or three days and uploaded the x.txt file.

Arabian Gulf Oil Company(Agoco) website hacked by QuisterTow

A hacker with online handle QuisterTow has claimed to have identified a critical SQL Injection vulnerability in Agoco website( - Arabian Gulf Oil Company based in Benghazi, Libya, engaged in crude oil and natural gas exploration, production and refining. The hacker exploit this vulnerability and managed to dump the database from the server.  He has leaked the login credentials from the database along with the database details. The leak contains usernames and passwords of admin and few users.  The password used by admin is very weak one and leaked in plain-text format.

The hacker also provided the vulnerable link along with the proof-of-concept to exploit this SQL injection vulnerability that lists the username &password information.

Security Flaw in Samsung allow hackers to bypass Android Lock screen

A Security flaw in the Samsung phones allows hacker to bypass the lock screen and launch apps and dial phone numbers on a locked device. The vulnerability has been discovered by a mobile enthusiast Terence Eden.

To exploit this security flaw, the hacker should activate the screen and press Emergency Call. Then,  Press the "ICE" button on the bottom left and hold down physical home key for a few seconds and then release. Now, you can access the Home screen and launch any app or widget.

La Rioja's Ministry of Education hacked and defaced by @LIberoamericaMu

A hacker with twitter handle @LIberoamericaMu affiliated to Anonymous hacktivist has hacked into the La Rioja's Ministry of Education and defaced the main page of the site. The hacker defaced the front page of and posted a simple message :  " Hacked By Libero . I Love Revolution !" The hacker recently hacked and defaced the Government websites of PUERTO MADRYN ( website hacked by a hacker group claiming Al-Qaeda connection

A Hacker group claiming to be part of Al-Qaeda has breached the Washington State Community College ( and defaced it. According to The News center report, hackers replaced the front page of the website with an image of Osama bin Laden around 4 p.m.. In the image the hacker posted "Hacked by Al-Qaeda Hacker Team&TKL "When a student tried to log in to his student account, he saw the defacement page instead.  Immediately , he informed the newsroom about the breach. At the time of press time, the site has been restored by the administrator.  The security breach is being investigated by Ohio State Highway Patrol.

Tunisian Cyber Army hacked CBN website and AT&T

Tunisian Cyber Army claimed to have breached CBN and AT&T websites by exploiting the SQL Injection vulnerabilities. In an email sent to Ethical Hackers News, the hacker provided the screenshots along with the vulnerable link . Hacker recommended the News not to publish the vulnerable links.

He claimed to have compromised 19,800 user details from the CBN website( - The Christian Broadcasting Network. The hacker claimed that this is part of operation called "#opblucksummer", a hacking-operation against United States. So far, the hackers hacked into American Express, Nasa and few other websites.

Cyber Crime gang arrested for hacking Dubai exchange companies accounts

Cyber Crime gang arrested for hacking Dubai exchange companies accounts
The Dubai Police have arrested a cyber crime gang who were able to transfer more than 2 Million dollars(Dh7 million) from Dubai Exchange companies' accounts.

The police said that a gang of Asians and Africans work with hackers to hack into websites and systems of companies in Dubai to transfer the money. The police have found cheques worth more than Dh6 billion with the gang after their arrest.

The police take action after they received complaints about a scam and transfer of $2 million from a company's account. “This was done through hacking the e-mails of this company by someone outside the UAE,”GulfNews quoted Colonel Salem Khalifa Al Rumaithi, deputy director of the General Department of Criminal and Investigation for research.