Thursday, 30 May 2013

City of Lansing website hacked and database leaked by TurkishAjan


The City of Lansing, capital of the U.S. State of Michigan, official website(lansingmi.gov) has been hacked by the Turkey hacker group known as TurkishAjan.  The group defaced the website an leaked the database.

The home page(index.jsp) of the website is not affected by the defacement.  Hackers seem to have uploaded the defacement page in "index.html" page. The defacement is still available at "www.lansingmi.gov/index.html".

In case you missed it, you can still check the mirror of the defacement at zone-h record : goo.gl/PnmX6



5.83MB size RAR file has been uploaded in the Speedyshare.  As you can see in the above image, the RAR file contains 20 folders.  Each folder contains few 'xls' files.

After analyzing the files, EHN found the files contain username, email address and plain-text passwords and few other details.

Recently, the same group breached the City of Akron , Akron-Canton Airport  websites and left their home page defaced.

Cybercriminals hijacked Twitter accounts of Cher and Alec Baldwin

American singer and actress Cher fell victim to the twitter account hacks.  Cybercriminals hijacked her account and posted a message about a diet brand.

She come to know about the security breach after her followers told her account was hijacked.

"You guys I’m really upset about this hacking thing ! What diet are you all talking about ?!" In one of the tweets , she said.

She is not the only celebrity whose account compromised by the cybercriminals.  There are a number of celebrities fell victim to the twitter account hijack.  The list includes Alec Baldwin, Australian model Miranda Kerr and Donald Trump.

"This fu**ing hacking weight loss shit. GOOOOOODDD!!!" Tweets posted by Alec Baldwin. "IGNORE this weight loss trash. I mean, I'm all for weight loss. But DAMN!!!"

Secunia apologises after accidentally disclosing zero-day vulnerability on public mailing list



Secunia, an international IT Security firm specialized in vulnerability management , has apologized after an unpatched zero-day vulnerability was accidentally sent to a public mailing list.

The story published yesterday by Security Week revealed the mistake Secunia made while forwarding the a zero-day details within an image viewing app. The email was supposed to be addressed to the vuln address at Secunia.  However the auto-fill mistake address sent the details to the vim[at]attrition.org.

"While coordinating with the researcher, one email was accidentally sent from Secunia to a public emailing list, thereby making information about one of the vulnerabilities publically available." Secunia commented on the disclosed vulnerability.

"Upon realizing the mistake, Secunia immediately informed the vendor in question, who is currently working to create a patch for the vulnerability. Secunia is going through all procedures to ensure that this cannot happen in future.