Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Database hacked. Show all posts

Here's why a Greece Hacker Easily Hacked Croatian University?

 

A hacker from Greece has published the database of the University of Rijeka in the context of Croatia supporting the anti-Serb movement. Reportedly, the hacker was fueled by the prevailing situation in the Balkans, and his acts were motivated by the same; addressing his Serbian brothers he wrote, "it's time to defend our land and our history". 

Hashing is a one-way road to security and a reliable password storage strategy that makes storing passwords less risky and complex by creating a strong foundation for securely storing passwords.
 
The database contains a table that compares every username with a password. The server receives a request for authentication with a payload containing a username and a password when a user logs in; then the username is being looked up in the database and matched with the stored password, and when the right match is being found, the user gets the access to the application or the website. 
 
The strength of security depends upon the format of storing the password, one of the most basic ways of password storage is 'cleartext', which however is also the least secure of all as it is readable data stored in the clear, for instance, unencrypted. To say, using cleartext for storing passwords is the real-world equivalent of writing them down on paper – here a digital one.  
 
Notably, the University website has been using Md5 to store the passwords which is yet another outdated format that can be easily cracked. Now coming back to hashing – it uses an algorithm to map data regardless of its size to a fixed length, one must not confuse hashing with encryption as encryption is a two-way function and hence reversible while hashing is a one-way function and hence is not reversible. The computing power required to reverse-hash something is unfeasible. 
 
What is salting?
 
Salting is a unique value that is added at the end of the password to distinguish its hash value from that of a similar password, without salting the same hash will be created for two identical passwords. It is done to strengthen security by complicating the cracking process. However, in the abovementioned hash, there are no additional values added to the passwords. 

They have simply used the md5 method without salting and as the main virtue of a secure hash function is to make its output difficult to predict, this method used by the University defies the whole purpose – making passwords weak and easy to crack. Some of the pre-cracked passwords are shown below. 



China hacked TCS, 7 other major firms: Report

‘Operation Cloud Hopper’ — a global cyber espionage campaign — first made headlines when Chinese hackers reportedly broke past IBM and Hewlett Packard Enterprise. Now, it seems that they weren’t the only ones attacked.

Hackers working for China’s Ministry of State security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients, according to sources familiar with the attacks.

Technology service providers such as Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services (TCS), NTT Data, Dimension Data, Computer Sciences Corporation (CSC) and DXC Technology, HPE’s spun-off services arm, were the target of Cloud Hopper attributed to the Chinese government by the United States and its Western allies.

It isn’t just TCS that was hacked. The service provider was used as a jumping off point to gain access to their client’s networks.

Meanwhile, China is denying all involvement in the attacks and companies are claiming that no sensitive information was compromised, but the Reuters report shows otherwise.

A U.S. indictment in December outlined an elaborate operation to steal Western intellectual property in order to advance China’s economic interests but stopped short of naming victim companies.

Reuters has identified more than a dozen victims who were clients of the service providers. That list includes Swedish telecoms giant Ericsson, U.S. Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre.

HPE said it worked “diligently for our customers to mitigate the attack and protect their information.” DXC said it had “robust security measures in place” to protect itself and clients, neither of which have “experienced a material impact” due to Cloud Hopper.

NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment. IBM has previously said it has no evidence sensitive corporate data was compromised by the attacks.

Sabre said it had disclosed a cybersecurity incident in 2015 and an investigation concluded no traveler data was accessed. A Huntington Ingalls spokeswoman said the company is “confident that there was no breach of any HII data,” via HPE or DXC.

Docker Hub hack exposes sensitive data of 190,000 users

                                                                   

An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. Docker says the hacker had access to this database only for a short moment and the data accessed is only five percent of Docker Hub's entire userbase.

This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories used for Docker autobuilds.

GitHub and Bitbucket access tokens stored in Docker Hub allow developers to modify their project's code and have it automatically build, or autobuild, the image on Docker Hub. If a third-party gains access to these tokens, though, it would allow them to gain access to a private repositories code and possibly modify it depending on the permissions stored in the token.

Docker Hub lost keys and tokens which could have downstream effects if hackers used them to access source code at big companies.

Docker Hub is the official repository for Docker container images. It makes software tools for programmers and developers.

According to a security notice sent late Friday night, Docker became aware of unauthorized access to a Docker Hub database on April 25th, 2019.

Docker disclosed the breach in an email to customers and users of Docker Hub, its cloud-based service that’s used by several companies and thousands of developers all over the world. In the email, obtained by Motherboard, Docker said that the stolen data includes “usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

"On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data," said Kent Lamb, Director of Docker Support.

Experts Motherboard spoke to said that, in a worst-case scenario, the hackers would have been able to access proprietary source code from some of those accounts. Specifically, Docker allows developers to run software packages known as “containers.” It is used by some of the largest tech companies in the world, though it is not yet publicly known what information was accessed and which companies’ accounts were affected.

Hacker attacks Copenhagen’s Bycyklen, deletes entire database


Bycyklen, Copenhagen’s public bike-sharing system, announced on Saturday that their entire database was erased in a hack by unknown hackers on the night between Friday and Saturday, causing their systems to be out of operation on Saturday.

“The manner in which the attack was performed is really primitive, but demonstrates that it was done by a person with a high level of knowledge of the IT structure of our system, and at the same time, we can see that the person(s) have entered using a password,” Bycyklen wrote in a Facebook post on Sunday, 6 May.

All of the organisation’s 1,860 bikes were affected by the hack, which had to be manually restored by Bycyklen staff, out of which only 200 were able to be restored by the organisation’s staff on Sunday.

The system works by using Android tablets attached to the bikes that connect to Bycyklen’s database to record the details of bikes spread across the city. Due to the erasure of the database, users were unable to unlock the bikes, and the staff had to manually reboot the Android tablets after tracking down the bikes.

The organisation launched a “treasure hunt” to track down the bicycles for the same, offering users an hour of free riding time as a reward for finding one.

In an update posted on its website on Monday, Bycyklen assured users that after analysing their servers, there have been “no signs that we have lost data.”

“The attack has been aimed directly at our business, not our users,” the company wrote. “We do not store payment card information. The only information we keep is our users' email addresses, phone numbers and their PIN codes for the Bycyklen bikes. In our databases we use "salted password hashing", that is, all PINs are encrypted and cannot be read or recreated, neither by Bycyklen nor any other player."

Currently active bicycles can be found using the organisation’s “Find a bike” page.

Edinburgh Council cyber attack, details of more than 13,000 stolen

For the second time in five years, Edinburgh City Council has been hacked again. More than 13,000 email addresses were stolen from the counsel’s database after a “malicious cyber attack” on 26 June.

A spokesman of the council said, “This was a malicious cyber attack on the council’s website which is hosted in a UK data centre. It was dealt with swiftly and at no point were any council services affected.”

“We want to reassure the public the ongoing security of our website is critically important,” he added.

According to a news report published on Edinburgh Evening News, cyber security experts have warned local authorities “don’t stand a chance” against hackers.

“The attack is believed to have taken place on Friday, June 26, with council officials alerted by its data centre provider. No details have been released regarding the source of the attack, which targeted 
the council’s website service provider,” the report read.

The Information Commissioner has been informed of the incident, as has the UK government’s computer emergency response team, which monitors incidents of hacking against the public sector.

The council is now contacting 13,134 individuals who have had their details stolen. Similarly, the city’s director of corporate governance, Alastair Maclean, has been asking them to change any passwords used to access the council’s website.

Napier University cyber security expert Professor Bill Buchanan warned that hackers would be likely to try to use the data in “phishing” scams, which attempt to con victims out of sensitive information like bank details and passwords using bogus e-mails.

“Data like this is worth a lot. It is really quite sloppy to lose that information. Without a doubt, in this case, the intruders could link e-mails to the council in some way. A targeted phishing e-mail could say, in regards to a parking ticket, ‘You contacted us in May, please could you click on this link and give your details. G-mail addresses in particular are quite sensitive because they tend to be the core of your online identity. If an intruder can get into that address, they can access every single account,” Buchanan added.

In December 2011, the personal information of people who had contacted the council’s debt advice service was taken, with potential victims advised to check bank and credit card statements.

European Cyber Army leaks 60k credentials compromised from Syrian sites


More than 60,000 accounts details have been leaked by a hacker from European cyber army(ECA) going by handle "Zer0Pwn".

The database dump is said to be compromised from two syrian websites : job.sy and realestate.sy.

Hacker posted a sample data in a paste(http://pastebin.com/7Y13ULux) entitled "ECA vs. Assad" along with a link to full database dump.  The dump contains names, email ids, passwords, phone number and other details.

While the passwords compromised from job.sy are encrypted, the passwords from realestate.sy are in plain text format.

Lee J from Cyber War News analyzed the full database dump and reported that database dumps from realestate.sy contain more than 4000 unique login credentials and database dumps from jobs.sy contains more than 50,000 login credentials.

Some other members from ECA has attacked syrianmonster.com and compromised admin's login credential.


Vegastripping.com hacked, database leaked


A hacker with the twitter handle @zVapor has claimed to have hacked VegasTripping website(Vegastripping.com), a website providing guide for Las Vegas Hotel & Casino.

Speaking to E Hacking News, the hacker told a SQL Injection vulnerability in the Board section allowed him to compromise the database server.  The vulnerability has been fixed at the time of writing.

The hacker leaked all user information compromised from the target server in pastebin(http://pastebin.com/raw.php?i=ujgVuvX1).

The database dump contains usernames, hashed passwords, email address, country and other details.  It includes the credentials of admin account.

The hacker also doxed the admin account and published the personal info(address, phone number) of the admin.

If you ever have signed up for this website and used the same password anywhere else, you are recommended to change it now.

JPMorgan Chase & Co's UCard website hacked, 465,000 users affected

JPMorgan Chase & Co, an American multinational banking and financial services holding company, has issued warning to around 465,000 card users regarding a security breach that might have allowed hackers to steal personal information.

According to the Reuters, the cyber attack happened back in July on their UCARD website "www.ucard.chase.com". However, the breach was only detected in the mid-September.

The company says the personal info of customers are encrypted. However, during the cyber attack, some data temporarily "appeared in plain text in files the computers use to log activity".

Though small amount of data was accessed, the company found no evidence showing that sensitive data such social security number, email id,date of birth were compromised.

Only Ucard users are affected by this security breach, others are not affected. Affected customers are being offered free credit-monitoring services for one year.

The company says it has fixed the issued and FBI & Secret service are investigation the incident to find out the attackers behind the breach.

E! Online website hacked by Tesla Team


TeslaTeam, one of the infamous hacker group from Serbia, claimed to have hacked into one of the most famous celebrity fashion sites E!NEWS.

E! News is one of the high profile website that has alexa rank around 600, provides entertainment news, celebrities, celeb news, and celebrity gossip.

The group has discovered a SQL injection vulnerability in one of the subdomain of E News(br.eonline.com), the poc for this vulnerability has been provided along with the database dump(pastebin.com/2c28RJDe)

The database dump contains the list of tables, username and password phone of admin and other users.

The same group recently hacked into the Vevo website and leaked the database.

Simple Machines Forum website hacked & Users passwords compromised


Simple Machines Forum(SMF), one of the top free open Source forum software, has revealed that its official website was compromised by intruders on the 20th of July.

Hacker compromised one of the admins account password that allowed him to gain access to the database server which contains the users' data.

SMF admitted that user data has been compromised by saying "we are 100% sure that our user database has been stolen".   The stolen data includes password, personal messages and other info.

"This is !!NOT!! a security issue with the SMF software. If you are running the latest SMF version you have nothing to fear from this hack if you use different passwords." SMF said in their community page.

Users are urged to change the passwords.  If you have used the same password anywhere else, it is recommended to change the password there also.

According to the SMF report, the attackers get the admin password by hacking into another website where the admin is one of the member.  The admin is reportedly used the same password in their website also that helped the attackers to take advantage of.

This is just an example of why you shouldn't use the same password on multiple websites. We are thankful to one of EHN's Greek reader "IGuru" to inform us about the announcement .

Philippines Navy website hacked by Pr3 H4ck3r


A Hacker with handle "Pr3 H4ck3r" from Philippine Cyber Army has claimed to have hacked into the database of the Navy website.

According to hacker's statement, he compromised the data by exploiting the SQL Injection vulnerability in the Navy's "BRP Alcaraz blog" page (navy.mil.ph/alcaraz).

However, we are not able to access the given link at the time of writing. It appears the admin has taken down the link.  The news was first reported by local hacking news site PinoyHackNews.

In a pastebin post(pastebin.com/5xhP6zft), hackers leaked the login credentials compromised from the database.  It includes the Admin login credentials.  What's worse is that they are using very weak username and password.

They have used the "userpassword" as password.  Even if there is no bug, hacker could have guessed the password or get the password by brute-forcing. It is sad to know that the Navy website itself has poor security and weak passwords.

Ubuntu Forums Hacked - Millions of Username, password, email address stolen


Canoncial , the company behind the Ubuntu Distro, has announced that their official forum "Ubuntu Forums" has been breached by a hacker with the handle @sputn1k_ . 

The company admitted that the hackers have compromised the database contains all user's username, password and email addresses.

They said that the passwords are not stored in plain text. However, if you are using the same password anywhere else, it is better change it now because it won't take much time for the attacker to crack the hash.


Image Credits: @nuke_99

The hackers left the site defaced with a message saying ""None of this "y3w g0t haxd by albani4 c3bir 4rmy" stuff.  Straight up, you dun goofed.  It's as simple as that"

The company stated in the announcement that "Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach."

Currently, Ubuntuforums.org displays the splash page saying "Ubuntu Forums is down for maintenance".

Exclusive: Tango App website hacked , more than 1.5 TB daily database backup compromised

Here comes, another security breach update from Syrian Electronic Army.  Today, they have hacked into Tango.me and compromised more than 1.5 TB Daily backup of the servers.

The databases is reportedly contains more than millions of  the Application users phone numbers and contacts and their emails.

"Sorry @TangoMe, We needed your database too, thank you for it! http://tango.me  #SEA #SyrianElectronicArmy" The tweet posted by Syrian Electronic Army.

The Hackers breached the Tango.me with same method- The outdated Wordpress CMS allowed them to gain unauthorized access to the database server.

Exclusive Admin Panel Screenshot provided by Hackers, shows the out-dated version "Wordpress 3.2.1" used by the Tango website :


Speaking to E Hacking News, Syrian Electrionic Army said that Tango has 4- servers for the website : 199.83.168.224, 199.83.168.225, 199.83.168.227, 199.83.168.224. All of the servers has been shutdown , after hackers breached the website.

The website currently redirects to Tango's facebook page.  Hackers said they will provide the compromised data to Syrian Government.

*Update:*
"Tango experienced a cyber intrusion that resulted in unauthorized access to some data. We are working on increasing our security systems." Tango confirmed the security breach in Their official Twitter account.

"We sincerely apologize for any inconvenience this breach may have caused our members."

Hackers also provide the screenshot of the database backup. We have split the screenshot into four images:

Screenshot Provided by SEA , shows Backup of database




UbiSoft website hacked, urges users to change passwords

 
Ubisoft, a French global video game publisher and developer,has confirmed the security breach on their website and sent out email to their customers urging them to change the passwords.

"We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems." The company said in the FAQ page.

The company said that the hackers compromised one of their website to gain unauthorized access to the database that contains user names, email addresses and encrypted passwords.

However, the company claimed "No personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion."

The company urges users to change their password on its website as well as on any other website where you use the same or a similar password.

St. Francis Preparatory School website database leaked by Group Hp-Hack


A new hacking group named "Group Hp-Hack" has found a way to break into the database server of St. Francis Preparatory School website and accessed the data.

Today, we received a notification from the team that they have hacked the sfponline.org website and leaked the data compromised from the server.

Talking to EHN, the group also provided a sql injection vulnerable link that gave them access to the server.   The leak contains a list of username and password(plain text format). 

The group also claimed to have breached the auto-dress.ru website which is said to be Russian auto company.  The group leaked thousands of user id, name, email and password data.

Pakistan Intelligence job board website defaced by Anonymous



A security flaw in pakistanintelligence.com, a pakistani job portal gave an opportunity to Anonymous hacker to gain access to their server.

Anonymous left the about us page "www.pakistanintelligence.com/text_pages.php?id=1
" defaced with the text "hacked by anonymous "

"You b33n h4ck3d by #F**kYouSec. OHai all....time to look for a job using some other service...we haz ALL UR infoz...Y?... cuz i can...and U b33n sold out by poor security
" The message posted by the hacker.

The hackers also claimed to have leaked 2Gb of logs zipped into 24Mb file, uploaded to anonfiles website.

This is not the first time the site is being under the cyber attack. The same page was defaced in 2011. We are not sure whether the same vulnerability allowed him to gain the access.

 Update:
Cyber War News analyzed the dump and found the leak contains personal data of individuals who registered in the portal which include name, contact info, job type and more. It also includes the login credentials of admin account.

@1923Turkz hits Jharkhand police website

*Update: 1923Turkz is one of the fake claimer.  We have confirmed the leak is fake one.


The attack was announced in his twitter account. He provided an anonpaste link that reportedly contains the database dump of the jhpolice.gov.in.


The leak includes login credentials of more than 20 accounts.  It contains the email addresses and passwords.  I'm not able to believe my eyes when i read the password list. All of them are using "123" as password.

Jharkhand police is the only police dept. in India that recently launched a facility for Responsible disclosure where bug hunters can safely report their vulnerability finding.

*Update*: The hacker didn't provide any valid POC that proves his claim.  It is more likely to be fake one.

Hacker @Reckz0r breached CNN website and posted fake articles

*Update*: Cyber War news reports the leak is fake.


Few days back, a hacker with twitter handle @Reckz0r claimed to have breached the CNN website and leaked data.

The data published in the pastebin (http://pastebin.com/YQLv6t3E) includes server&database details, login credentials of 9 accounts that contain usernames and encrypted passwords.

"because they're a bunch of f**ng faggots trying to spread false news, your 9/11 is our 24/7. I strongly respect the Palestinian brotherhood, and it seems like CNN is on Israel's side. and you do know one thing;" He stated as reason for the attack.

He also claimed to have posted four fake articles on edition.cnn.com. We are not able to verify his claim.


The hacker also provided the screenshot of the fake article he posted : "Bill gates horrifies children by injecting poison into their buttocks". The articles has been removed.

He also said he identified Local File inclusion vulnerability in VeriSign.com

Hacker @1923Turkz breached Federal University of Bahia website


*Update*:  @1923Turkz is fake claimer.  Sorry for this article.  Anyway, This article will be reference for his fake claim. 


A hacker known by his online name @1923Turkz has breached Federal University of Bahia website(ufba.br) - one of the Brazil University, located mainly in the city of Salvador, Bahia.

"Universidade Federal da Bahia DB Hacked http://www.anonpaste.me/anonpaste2/index.php?952af0b8ee517a5f#0i/g1qDaqpzAeg8PloenF3vKMbozGKlU2gSTIxlxw6Y= …" Hacker tweeted about the hack along with a link to the database dump.

The database dump contains hundreds of account details that include name, plain-text password and email address. I had a quick look at the password list, most of them are weak passwords.

We recommend the admin to find and fix the vulnerability and users are advised to change their password.

1923Turkz become more active in recent days and busy in dumping the database from the hacked websites.  Yesterday, he hacked into the Bangladesh Air force website.

Bangladesh Air Force Career website's database hacked by @1923Turkz

*Update*:  @1923Turkz is fake claimer.  Sorry for this article.  Anyway, This article will be reference for his fake claim.

A hacker has managed to gain access to the database server of the official career website of Bangladesh Air Force and leaked the accounts' login credentials.

 "Joinbangladeshairforce.mil.bd", serves as a portal for applying for Air Force, is reportedly breached by the hacker using the online name @1923Turkz.  The SQL injection vulnerability in the website gave him the opportunity to break in.

The database breach was announced in his twitter account along with the link to the accounts leak.

The leak include login credentials of 19 accounts that contains the email addresses that ends with 'army.mil.bd' and encrypted passwords.

Although the passwords are encrypted , it won't take much time for someone to crack the hash.  We have analyzed the leaked passwords and found most of the passwords are very weak passwords.

A simple google search reveals the decrypted passwords.  We just like to point out one of the worst password used : "password".  We recommend the Bangaldesh government to immediately fix the vulnerability and urge users to change their password.