news bytes - january 2013
DESCRIPTION
null Bangalore Chapter, January 2013 MeetTRANSCRIPT
Information security news
News Bytes
Cisco VoIP vulnerability allows eavesdropping remotely
The lack of input validation at the syscall interface allows arbitrary modification of kernel memory from userland as well as arbitrary code execution within the kernel This in turn allows the attacker to become root gain control over the DSP buttons and LEDs on the phone
And the saga continues
New java 0-day vulnerability discovered that allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system Oracle delivers an unusual emergency patch to Javas critical 0-Day vulnerability Two days later a Java exploit is advertised for $5000 a piece in an underground Internet forum is apparently already in at least one attackers hands
Operation Red October
Large scale and complex cyber-espionage operation has been discovered named Red October Started in 2007 and mainly targeting international diplomatic service agencies The attackers had evaded detection for over five years giving them access to victims passwords network configurations and sensitive information on workstations and mobile devices
Malware Infects US power Plants through USB Drives
Some unknown malware infected two power plants control systems using unprotected USB drives as an attack vector Reports that current antivirus softwares would have found the malware
Child porn on Indian Govt websites
entegramamgovin forums hosting Child Porn content from last four months and authorities or the moderators of the website were not aware about the issue even after Google giving notification This site may be compromised for few websites
Internet explorer vulnerable to remote code execution
Remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website
Hacking facebook password like changing your own password
Flaw allows anyone to reset the password of any Facebook user without knowing his last password The Vulnerability was very simple to execute but now patched by Facebook Security Team
httpswwwfacebookcomhacked httpswwwfacebookcomcheckpointcheckpointmef=[userid]ampr=web_hacked
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
Cisco VoIP vulnerability allows eavesdropping remotely
The lack of input validation at the syscall interface allows arbitrary modification of kernel memory from userland as well as arbitrary code execution within the kernel This in turn allows the attacker to become root gain control over the DSP buttons and LEDs on the phone
And the saga continues
New java 0-day vulnerability discovered that allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system Oracle delivers an unusual emergency patch to Javas critical 0-Day vulnerability Two days later a Java exploit is advertised for $5000 a piece in an underground Internet forum is apparently already in at least one attackers hands
Operation Red October
Large scale and complex cyber-espionage operation has been discovered named Red October Started in 2007 and mainly targeting international diplomatic service agencies The attackers had evaded detection for over five years giving them access to victims passwords network configurations and sensitive information on workstations and mobile devices
Malware Infects US power Plants through USB Drives
Some unknown malware infected two power plants control systems using unprotected USB drives as an attack vector Reports that current antivirus softwares would have found the malware
Child porn on Indian Govt websites
entegramamgovin forums hosting Child Porn content from last four months and authorities or the moderators of the website were not aware about the issue even after Google giving notification This site may be compromised for few websites
Internet explorer vulnerable to remote code execution
Remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website
Hacking facebook password like changing your own password
Flaw allows anyone to reset the password of any Facebook user without knowing his last password The Vulnerability was very simple to execute but now patched by Facebook Security Team
httpswwwfacebookcomhacked httpswwwfacebookcomcheckpointcheckpointmef=[userid]ampr=web_hacked
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
And the saga continues
New java 0-day vulnerability discovered that allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system Oracle delivers an unusual emergency patch to Javas critical 0-Day vulnerability Two days later a Java exploit is advertised for $5000 a piece in an underground Internet forum is apparently already in at least one attackers hands
Operation Red October
Large scale and complex cyber-espionage operation has been discovered named Red October Started in 2007 and mainly targeting international diplomatic service agencies The attackers had evaded detection for over five years giving them access to victims passwords network configurations and sensitive information on workstations and mobile devices
Malware Infects US power Plants through USB Drives
Some unknown malware infected two power plants control systems using unprotected USB drives as an attack vector Reports that current antivirus softwares would have found the malware
Child porn on Indian Govt websites
entegramamgovin forums hosting Child Porn content from last four months and authorities or the moderators of the website were not aware about the issue even after Google giving notification This site may be compromised for few websites
Internet explorer vulnerable to remote code execution
Remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website
Hacking facebook password like changing your own password
Flaw allows anyone to reset the password of any Facebook user without knowing his last password The Vulnerability was very simple to execute but now patched by Facebook Security Team
httpswwwfacebookcomhacked httpswwwfacebookcomcheckpointcheckpointmef=[userid]ampr=web_hacked
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
Operation Red October
Large scale and complex cyber-espionage operation has been discovered named Red October Started in 2007 and mainly targeting international diplomatic service agencies The attackers had evaded detection for over five years giving them access to victims passwords network configurations and sensitive information on workstations and mobile devices
Malware Infects US power Plants through USB Drives
Some unknown malware infected two power plants control systems using unprotected USB drives as an attack vector Reports that current antivirus softwares would have found the malware
Child porn on Indian Govt websites
entegramamgovin forums hosting Child Porn content from last four months and authorities or the moderators of the website were not aware about the issue even after Google giving notification This site may be compromised for few websites
Internet explorer vulnerable to remote code execution
Remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website
Hacking facebook password like changing your own password
Flaw allows anyone to reset the password of any Facebook user without knowing his last password The Vulnerability was very simple to execute but now patched by Facebook Security Team
httpswwwfacebookcomhacked httpswwwfacebookcomcheckpointcheckpointmef=[userid]ampr=web_hacked
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
Malware Infects US power Plants through USB Drives
Some unknown malware infected two power plants control systems using unprotected USB drives as an attack vector Reports that current antivirus softwares would have found the malware
Child porn on Indian Govt websites
entegramamgovin forums hosting Child Porn content from last four months and authorities or the moderators of the website were not aware about the issue even after Google giving notification This site may be compromised for few websites
Internet explorer vulnerable to remote code execution
Remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website
Hacking facebook password like changing your own password
Flaw allows anyone to reset the password of any Facebook user without knowing his last password The Vulnerability was very simple to execute but now patched by Facebook Security Team
httpswwwfacebookcomhacked httpswwwfacebookcomcheckpointcheckpointmef=[userid]ampr=web_hacked
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
Child porn on Indian Govt websites
entegramamgovin forums hosting Child Porn content from last four months and authorities or the moderators of the website were not aware about the issue even after Google giving notification This site may be compromised for few websites
Internet explorer vulnerable to remote code execution
Remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website
Hacking facebook password like changing your own password
Flaw allows anyone to reset the password of any Facebook user without knowing his last password The Vulnerability was very simple to execute but now patched by Facebook Security Team
httpswwwfacebookcomhacked httpswwwfacebookcomcheckpointcheckpointmef=[userid]ampr=web_hacked
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
Internet explorer vulnerable to remote code execution
Remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website
Hacking facebook password like changing your own password
Flaw allows anyone to reset the password of any Facebook user without knowing his last password The Vulnerability was very simple to execute but now patched by Facebook Security Team
httpswwwfacebookcomhacked httpswwwfacebookcomcheckpointcheckpointmef=[userid]ampr=web_hacked
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
Hacking facebook password like changing your own password
Flaw allows anyone to reset the password of any Facebook user without knowing his last password The Vulnerability was very simple to execute but now patched by Facebook Security Team
httpswwwfacebookcomhacked httpswwwfacebookcomcheckpointcheckpointmef=[userid]ampr=web_hacked
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
Facebook Hacker cup 2013
bull Jan 7 mdash Jan 27 mdash Registration bull Jan 25 mdash Jan 27 mdash Online
Qualification Round bull Feb 2 mdash Online Elimination
Round 1 bull Feb 9 mdash Online Elimination
Round 2 bull Feb 16 mdash Online Elimination
Round 3 bull March 22 -23 mdash Onsite Finals
at Facebook Registration httpswwwfacebookcomhackercupregister
RIP Aaron Swartz
RIP Aaron Swartz