Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Facebook Hacking. Show all posts
Facebook Hacking
Breaking News Facebook Hacking

Hackers get to Prince's facebook page

Prince's Facebook page made a quick re-appearance on the social media site on Saturday for few hours before being it was taken down for being a hacked one.

Prince, who has been in the music industry for about forty years had avoided social media until last year. In an era where reaching close to the audience has been the aim of most musicians, Prince chose to avoid the buzz of online socializing. It was only in 2014 October that he opened a Facebook page and hosted a fan Q&A but  replied to only one question before taking the page down in November.

He even shut his Twitter account and deleted videos from the official You Tube account. The page was activated with promises of new music, but then it started being self-deprecating and rude with messages like " My name is Prince and I don't care about my fans, I put my hit and run pause on tour so I can be the true asshole I am." Some were funny as well, with one saying, “Bring omelets to my next show, free entry.”

The surge of insulting and absurd messages pointed towards a hack and the page was promptly taken down by the site.
Read more »
Hacking News
Breaking News Facebook Bug bounty Facebook Hacking Hacking News

Hacking Any Facebook Accounts using REST API

Stephen Sclafani , a Security Researcher, has discovered a critical security vulnerability in the Social Networking giant Facebook that allowed him to hack any facebook accounts.

Stephen just need your user ID, he can hack into your account and read private messages, view email addresses, create or delete notes, on top of that he can update status and upload photos and tag you friends,  on behalf you. 

"A misconfigured endpoint allowed legacy REST API calls to be made on behalf of any Facebook user using only their user ID" Stephen explained in his blog.

The Facebook REST API is said to be predecessor of Facebook’s current Graph API.  He managed to send request to server using this API such that it will update status on behalf of victim.


Stephen found this bug in April 23 and reported to Facebook.  After getting notification, Facebook permanently fixed the bug on April 30th. Facebook awarded $20,000 bounty to him for finding and reporting this bug.
Read more »
Malware Report
Android Malware Breaking News Facebook Hacking Hacking News Malware Report

Android malware iBanking helps attackers to hack Facebook account

An attacker can't hack a facebook account which has enabled two-step authentication, even if he know the username and password.  But, if you think Two-Step authentication is enough to keep your faebook account safe from hackers, Think Again!

Cyber criminals have started to use Android Banking Trojan "iBanking" to bypass Facebook's two-factor verification.

iBanking is malicious android application capable of intercepting SMS messages, forwarding incoming voice calls to any number and record victim's voice using mic.

Recently, RSA noted the release of source code for the iBanking trojan.  This source code leak helped other cyber criminals to customize this trojan according to their needs.

ESET reports that a customized iBanking malware targeting Facebook users is being delivered via a new variant of Computer Banking Trojan Qadars 

When a system is infected with Qadars Trojan, it will show a message when user is logging into Facebook telling them "Facebook introduces new extra safety protection system" and instructs them to install an android app.  This app will help cybercriminals to intercept SMS so that they can bypass the Facebook's two-factor verification.

"The way iBanking is installed on the user’s mobile is quite common, but it is the first time we have seen such a mobile application targeting Facebook users for account fraud." Researchers said.
Read more »
Vulnerability
Facebook Hacking Facebook Vulnerability Featured Vulnerability

Facebook Hack: vulnerability allows attacker to launch DOS attack against any user


Chris C. Russo, Security expert, has discovered critical vulnerability in the Facebook Chat module that allows an attacker to launch Denial of Service (DOS) attack against any Facebook users.

He discovered a security flaw on 'www.facebook.com/ajax/mercury/send_messages.php' specifically in the parameter 'message_batch[0][body]'. It doesn't have any kind of limit in the amount of characters that can be sent.

So, it is possible for attackers to send a long message that results in DOS condition to a remote user. Since Facebook allows to send message to almost every user, it can be launched against any user.

The researcher has tested the flaw with 3 different testing users. One of the users who use tablet said his tablet got restarted and he is not able to access the Facebook app anymore, since the chat log would remain there and it would make the app crash again.

"In order to prevent this, the length of that parameter should be analyzed *before* sending the information to the addressee user by the asynchronous connection." Researcher said.

"Personally I believe that there must be something wrong with XSRF tokens as well, because it would allow me to send several packets using the same token that I initially extracted,however I couldn't this information due the ban prevention mechanism."

The researcher notified the Facebook before 6 weeks but fb team replied that there is no flaw, So he published the details in seclists.

In the past, he has discovered a security flaw in MSN messenger that allows hacker to send huge amount of big packets cause denial of service.
Read more »
Facebook Hacking
Breaking News Cyber Crime Facebook Hacking

Ethical Hacker "Glenn Mangham" admits Facebook Hacking



Software development Student from York, Glenn Mangham admitted hacking into the Facebook between April and May of this year, but argued that he only wanted to show Facebook how to improve its security as he had done for Yahoo(Mangham, who had previously been rewarded by Yahoo for finding vulnerabilities in its systems).
Facebook discovered evidence that pointed back to Mangham and he was arrested by the Metropolitan Police Central e-Crime Unit (PCeU) in June.

He hacked into Facebook systems and downloaded “highly sensitive intellectual property”, said prosecutor Sandip Patel.

Mangham's defence has argued that he was an "Ethical Hacker", he was attempting to discover the vulnerabilities so that Facebook can fix it.

"That was his plan here but the activity was found by accident," said barrister Tom Ventham.

Facebook said its users’ personal data was not compromised in the security breach. Mangham will be sentenced on 17 February 2012.
Read more »
Hackers News
Anonymous Hackers Breaking News Facebook Hacking Hackers News

Anonymous says Facebook Fawkes Virus Attack initiated already

Anonymous hackers says they already infected the Facebook with Fawkes Virus. They released a video on youtube. According to the video, the beta testing of this worm is completed.

They claimed that they release this worm on Facebook already, they planned to release this worm on other Social Networks.

Some Anonymous hackers says Fawkes Virus is fake operation and others claimed the attack actually failed.

"The Fifth of November was not "a fail" as many people called it, but [only] the start of the attack. The Fifth of November is only the beginning." Anonymous said in youtube.

The full Transcript of the Video:
Greetings, Citizens of the world.
We are Anonymous.

When corruption and lies are attached with the system and function as one evil form of power, even the machines will side with The people. We are moving towards the new system of political and social functioning and governance in this world. We are moving very rapidly towards achieving that goal. We the people from all over the world are collaborating with each other through the Internet.

We are watching you all and your machines are working for us. The Fawkes Virus is here. It's beta testing has completed and is now a fully armed and operational piece of weaponry. It has already been released on Facebook and will be released on other social networking sites very soon. The Fifth of November was not "a fail" as many people called it, but [only] the start of the attack. The Fifth of November is only the beginning.

You cannot run from us. We have your personal data. We have your psychological profiles. Corrupters will be exploited. The innocent will be deleted. The world will be reclaimed.

The corrupt fear us, the honest support us, the heroic fight with us.

Project Mayhem 2012, engaged.

We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.

The Youtube Video:

On Nov 11th, anonymous hackers claimed they are going to unleash the Fawkes virus. On Nov12th, the BitDefender Safego detected a virus that approximately function like a worm mentioned by Anonymous.

Recently, Facebook is flooded with porn images,some security expert said it might be anonymous attack. But facebook reported that it is "Self-XSS" Social engineering attack.
Read more »
Spam Report
Breaking News Facebook Hacking Spam Report

Indian Accounts were not affected by Spam Attack says Facebook


Across the world, there are lot of Facebook users affected by Facebok spam attack that distribute Porn Images. But Facebook has denied Facebook spam attack in India.

Facebook has 25 million users in India. 2 Lakh peoples reported they are affected by this attack in Bangalore.  However, BA Mahesh, who heads the cyber cell of the Bangalore police says no formal complaints have been received.

"This is not true. Users photos are not being transferred to an unwanted site and no accounts have been compromised, Protecting the people who use Facebook from spam and malicious content is a top priority for us. We are always working to improve our systems to isolate and remove material that violates our terms, and take action on those who is responsible for these types of content." a Facebook executive said.  

BreakTheSecurity Says don't fall for the social engineering attack. If anyone ask you to paste any unknown code in browser , don't do this. Know more about the Self-Xss attack and prevention.


Read more »
XSS Vulnerability
Browser Vulnerability Facebook Hacking Spam Report Web Application Vulnerability XSS Vulnerability

Facebook blames Browser Vulnerability for the pornographic spam Attack


Yesterday, The pornographic spam hits Facebook, Explicit and Violence posted in lot of users wall(without user knowledge).


Facebook have acknowledged for this spam attack.  According to their statement , the attackers exploits the Browser Vulnerability that allows "Self-XSS".

Self-XSS(Cross site Scripting)-An attacker can execute Malicious Javascript code on your browser that bring the access to the whatever website you visit (not only Facebook).

Most of time, the spam message ask you to copy the javascript and enter in the browser url box in order to get something(Eg: Gift card or Facebook Stalker).  This results in executing the Malicious code and results in account hacking or spreading spam message.

It is unclear which browser is vulnerable to .  Hope they will fix it soon.

If you like to know more about Self-XSS Attack, please check here:
Self-XSS, one of Social Engineering Attack.


Read more »
Subscribe to: Posts (Atom)