Malaysia flight MH370 found Trick again in Facebook

This is another #Phising trick.

Some sluggish people making this! :p

Firstly RIP to those dumbass...!! :P

But still, some people are becoming goose for those nasty tricks!

If you click on this link,  ==>  http://infinitis.pw/ <== it'll redirect to a page that exactly looks like Facebook login page.
If you type any shit in there, it'll be recorded in LOG file they'd already created. That leads to many critical situation! 

That exactly looks like Image1

You can see that The URL is quite different!

When you type any shit as creditentials and try logging in, you will be redirected to another page. But that page is real and that video too.
That is tubesube.com website.

These type of tricks are growing more and more. I strongly warning all of you not to become dumbs for such things!

Read more

Shocking Video - Flight MH370 Found In Indian Ocean - Facebook Video Scam

The Facebook post below: "[SHOCKING VIDEO]

Flight MH370 FOUND in Indian Ocean!" is another Facebook video survey scam and hoax, which claims that Malaysian Flight MH370 has been found in the Indian Ocean. This scam will trick you into 'liking', sharing or completing surveys, which it claims you have to do in order to watch the video in the post. But, there is no video, so do not be fooled into completing the surveys, liking or sharing it.

"[SHOCKING VIDEO] Flight MH370 FOUND in Indian Ocean!" Scam

They have not found the missing plane of Flight MH370 and the plane in the photo above is not it. The plane is the Lion Air plane that crashed into the sea off Bali in 2013.

What the cybercriminals did was to remove name "Lion", in red writing, from the plane using photoshop or some other image editing software.

Read more

Worst Data Breach in German History, 18 Million Email Passwords Compromised

Germany has confirmed its biggest Data theft in the country's history with usernames and passwords of some 18 million email accounts stolen and compromised by hackers.

The Story broke by the German press, Der Spiegel on Thursday, when German Authorities revealed another mass hacking of private data belonged to German citizens and major Internet companies both in Germany and abroad.

16 million and now 18 million

Authorities in the northwestern city of Verden unearthed a treasure of personal information, a list of about 18 million stolen email addresses and passwords, and seized it just after only two months from the previous major data breach, when researchers came across 16 million compromised email accounts of German users while conducting research on a botnet, a network of computers infected with malware. 

The accounts were compromised by hackers in the mid of January, and Der Spiegel suggests that the same group of hackers is responsible for both thefts and that they may be based in one of the Baltic countries.

million on spam.. shop.. theft

According to Investigators, some of the accounts are used to send spam emails and some combinations of email and password are used for online shopping portals, as these mass of stolen personal information could also be used to obtain the financial details of users account. 

To help in securing the Internet users, German authorities warned to take additional security measures to prevent cyber criminals using their data while shopping online.

"It is suspected that these stolen records are being actively misused," said Lutz Gaebel, spokesman of the prosecutor's office in Verden.

source of data

Till now, It has not been revealed by the investigators that how much they know about this massive data Breach and How the attackers get their evil hands on the personal data of over 18 million users. Lutz Gaebel declined to give more information due to the ongoing investigation.

It is estimated that at least three million of the accounts belonged to German citizens and some of the compromised email accounts have international domain extensions such as ‘.COM’. But in real, the number could be much larger than the visible one as the investigation is ongoing.

The German prosecutor investigating the latest major data theft informed the country's IT watchdog, Federal Office for Information Security (BSI), to introduce additional security measures to help the Internet users.

Follow us on Google+ , Twitter, Facebook

Read more

Pakistani Hacker Arrested for Hacking Telecom Company Database

Pakistan’s Federal Investigation Agency (FIA) has arrested a Pakistani Hacker allegedly involved in hacking into a telecom company and uploaded their database on his website.

With the help of the National Response Center for Cyber Crime (NR3C) of Pakistan’s Federal Investigation Agency, the local authorities were able to trace and arrest the hacker suspected of infiltrating into the systems of Warid Telecom, an Abu-Dhabi-based telecoms company that provides services in Congo, Pakistan and Uganda.

The suspect, Mubashar Shahzad, a resident of Kasur, is believed to have downloaded Warid Telecom’s customer information from the company’s databases and exposed it online, which was published on earlysms.com, a site hosted with HosterPK.

Investigation started after one of the senior manager of a cellular company filed a complaint saying the ‘information of its consumers till 2006 had been exposed over the internet.’

“A technical/forensic analysis found that the website was being hosted by hosterpk. The FIA traced the IP address, email address and phone number of the suspect through the host company,” Usman Anwar, the Director of FIA told The Express Tribune.

The suspects IP address was traced to a shop in Ghalla Mandi, Kasur, from where the authorities arrested the suspect Mubashar Shahzad. The Investigation Team also detected and seized Shahzad’s computers which contained folders named ‘Warid Data’. In addition to that, two desktop systems, hard drives and portable Hard drives were also seized by the authorities.

The website on which the stolen data was posted by the hacker has now been shut down.

Read more

5-year-old Boy discovers Microsoft Xbox Password Bypass vulnerability

A 5-year-old San Diego boy managed to hack one of the most popular gaming systems in the world, Xbox and has now been acknowledged as a security researcher by Microsoft.

Kristoffer Von Hassel uncovered a vulnerability in Xbox Live's password system, that would allow someone to log into a Xbox player's account without their password. Kristoffer's parents noticed he was logging into his father's Xbox Live account simply by tapping the space bar.

Yes, Backdoor entry with just a space bar.

His father noticed that Kristoffer logged in as his Xbox Live account to play video games that he wasn't meant to be playing and asked how he had done it. 

Kristoffer revealed that by typing in the wrong password and then by pressing the spacebar, he bypassed the password verification through a backdoor, and it was pretty simple!

5-year-old gamer actually hacked the authentication system of a multi-billion dollar company, and his feeling "was like yeah!", Kristoffer said to local news station KGTV.

His father reported the vulnerability to Microsoft Security Team, and it has been fixed by them. Microsoft issued a statement, “We're always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it.”

Microsoft awarded the junior security researcher with some cool games, $50 bugs, a one-year free subscription to Xbox Live and listed his name on their website among other security researchers.

I wish a bright Infosec career ahead of him. Cheers!

Read more

Most Sophisticated Android Bootkit Malware ever Detected; Infected Millions of Devices

Hardly two month ago there's a report about the first widely spread Android Bootkit malware, dubbed as 'Oldboot.A', which infected more than 500,000 Smartphone users worldwide with Android operating system in last eight months, especially in China.

Oldboot is a piece of Android malware that's designed to re-infect Mobile devices even after a thorough cleanup. It resides in the memory of infected devices;  It modify the devices’ boot partition and booting script file to launch system service and extract malicious application during the early stage of system’s booting.

Yet another alarming report about Oldboot malware has been released by the Chinese Security Researchers from '360 Mobile Security'. They have discovered a new variant of the Oldboot family, dubbed as 'Oldboot.B', designed exactly as Oldboot.A, but new variant has advance stealth techniques. Especially, the defense against with antivirus software, malware analyzer, and automatic analysis tools. "The Oldboot Trojan family is the most significant demonstration of this trend." researchers said.

Oldboot.B, Android Bootkit malware has following abilities:

1. It can install Malicious apps silently in the background
2. It can inject malicious modules into system process
3. Prevents malware apps from Uninstalling
4. Oldboot.B can modify the browser's home page
5. It has ability to uninstall or disable installed Anti-virus from the device

Infection and Installing more malware apps:

Once an Android device is infected by Oldboot.B trojan, it will listen to the socket continuously and receive and execute commands received from the attacker's command-and-control server.

Malware has some hidden ELF binaries, that includes steganographically encrypted strings, executable codes and configuration file downloaded from C&C server, located at az.o65.org (IP is 61.160.248.67).

After installation, Oldboot Trojan install lots of other malicious android applications or games in the infected device, which are not manually installed by the user.

Malware architecture:

Oldboot.B architecture includes four major Components, those automatically executes during the system startup by registering itself as a service in the init.rc script:

1) Boot_tst:

uses remote injection technique to inject an SO file and a JAR file to the 'system_server' process of the Android system, continuously listen to the socket, and execute commands sent.

2) adb_server:

replaces pm script of Android system with itself and used for anti-uninstallation functionality.

3) meta_chk:

update the configuration file, download and install Android Apps promoted in the background. The Configuration file is encrypted, that greatly increases the time required to analyze.

To evade detection, meta_chk destroys itself from the file system, and left with only the injected process. Android Antivirus software does not support the process memory scan in the Android platform, so they cannot detect or delete the Oldboot Trojan which resides in the memor.

4) agentsysline:

module written in C++ programming language, run as a daemon in the background to receive commands from command-and-control server. This component can uninstall anti-virus software, delete the specific files and enable or disable network connection etc.

Problems for Security researches:

To increase the problem of malware analyzers:

1. It add some meaningless code and trigger some behaviour randomly
2. Check for Sim card availability in the device, and will not perform certain behaviour if there is no Sim card available to fool the sandbox and emulators
3. Check for the existence of antivirus software, and may uninstall the anti-virus software before doing anything malicious.

Malware uses the steganography techniques to hide its configuration file into images:

"But after some analysis, we found that the configuration of meta_chk is hidden in this picture, which contains the command will be executed by meta_chk and other information." researchers said. The size of this configuration file is 12,508 bytes.

"Depending on the commands sent from the C&C server, it can do many different things, such as sending fake SMS messages or phishing attacks, and so on. Driven by profit, the Oldboot Trojan family changes very fast to react to any situation."

Oldboot.B is one of the most advanced Android malware that is very difficult to remove, but antivirus firm 360 Mobile Security also released Oldboot detection and removing tool for free, you can download it from their website.

To avoid infection, Smartphones users should only install apps from trusted stores; make sure the Android system setting 'Unknown sources' is unchecked to prevent dropped or drive-by-download app installs; don't use untrusted custom ROMs and install a mobile security app.

Read more

W3C website fell victim to an SQL injection

It has come to to light today that the website of W3C (World Wide Web Consortium) has fallen victim to an SQL injection from an unknown party.

W3C announced today in a blog post that they had hired external penetration testing firm Cure53 to conduct a routine test on their infrastructure and had discovered several vulnerabilities, one of which was an SQL injection.

Upon further investigation, the W3C systems team had determined that the SQL injection had been leveraged by an unknown party and their database had been breached. The database was full of user credentials which we presume at the least contained Usernames, Encrypted passwords and E-mails. 

The W3C systems team have now fixed all of the discovered exploits and tightened their security by decommissioning all unused services and undertaken other security measures.

The passwords are encrypted but it is unknown what encryption method was used so it is not possible to determine how quickly an attacker could decrypt the hashes and be left with plaintext login information.

W3C have asked all users to reset their passwords immediately and to use the forgotten password function on the website should they have lost this information. 

Read more