Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Website Hacked. Show all posts

DoS Attackers are Employing ‘TCP Middlebox Reflection’ to Knock Websites Offline

 


Distributed denial-of-service (DDoS) hackers are employing a new amplification technique called TCP Middlebox Reflection to target websites. Last week, researchers at Akamai, a content distribution network firm, detected the novel attack methodology for the first time in the wild, six months after the technique was published in theory. 

"The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers stated in a blog post. "This type of attack dangerously lowers the bar for DDoS attacks, as the attacker needs as little as 1/75th (in some cases) the amount of bandwidth from a volumetric standpoint."

Generally, most DDoS assaults exploit the User Datagram Protocol (UDP) to amplify packet delivery by sending packets to a server that replies with a larger packet size, which is then forwarded to the victim. In these attacks, the attacker sends thousands of DNS or NTP requests containing a fake source IP address to the victim, causing the destination server to return the responses back to the spoofed address in an amplified manner that exhausts the bandwidth issued to the target. 

The amplification technique was published in a research paper in August 2021, which showed that malicious actors could exploit middleboxes such as firewalls via TCP to magnify denial of service attacks.  

While UDP reflection vectors DoS amplification attacks have traditionally been used in DoS amplification assaults due to the protocol’s connectionless nature. The novel attack approach exploits TCP non-compliance in middleboxes such as deep packet inspection (DPI) tools to launch TCP-based reflective amplification assaults.  

The first wave of this novel campaign is said to have occurred around February 17, targeting Akamai customers across banking, travel, gaming, media, and web hosting industries with high amounts of traffic that peaked at 11 Gbps at 1.5 million packets per second (Mpps).  

"The vector has been seen used alone and as part of multi-vector campaigns, with the sizes of the attacks slowly climbing," Chad Seaman, lead of the security intelligence research team (SIRT) at Akamai, explained.  

The basic thought of attackers with TCP-based reflection is to exploit the middleboxes that are used to enforce censorship laws and enterprise content filtering policies by sending specially designed TCP packets to trigger a volumetric response. Indeed, in some cases, Akamai noted that a single SYN packet with a 33-byte payload triggered a 2,156-byte response, effectively achieving an amplification factor of 65x (6,533%).  

"The main takeaway is that the new vector is starting to see real world abuse in the wild. Typically, this is a signal that more widespread abuse of a particular vector is likely to follow as knowledge and popularity grows across the DDoS landscape and more attackers begin to create tooling to leverage the new vector,” Seaman explained.

Scammers in Russia Offer Free Bitcoin on a Hacked Government Website

 

The website of the Russian government was recently hacked. The fraudsters started a phoney Bitcoin (BTC) scheme, which they then re-published after being taken down several times. An unnamed gang of hackers began promoting the Free BTC Giveaway scam on the Ryazan administration's website, according to the local Russian news source Izvestia. 

Hackers had disputed the distribution of 0.025 BTC to everyone who installed the specified programme on their device in the aforementioned scam. In addition, the hackers added in the re-post that five lucky winners will each receive an extra $1,000. As of late, all messages, including the second post, have been removed. 

The Russian government has tightened its grip on all crypto-crime in the country. Last month, Russia's Federal Financial Monitoring Service in Moscow, known as Rosfinmonitoring, launched the latest cryptocurrency tracing system. This will deanonymize traders' identities by further analysing their actions and movements. The tracing system in Russia, according to Rosfinmonitoring, is focused on combating money laundering and terrorist funding rackets.

In 2021, the global volume of cryptocurrency-related fraud grew substantially. According to specialists from the IT security firm Zecurion, losses in the first half of this year were an estimated $1.5 billion, which is two to three times more than the sum recorded in the same period last year. According to a study released, the Russian Federation is responsible for 2% of the total — some $30 million, or over 2.2 billion rubles.

The Central Bank of Russia (CBR) said in July that in the first six months of the year, it had discovered 146 financial pyramid schemes. In comparison to the same period in 2020, the number is 1.5 times greater. According to the regulators, consumers with poor financial literacy are frequently duped into investment schemes involving cryptocurrency or crypto mining. According to the CBR, the increase is due to increased activity by "unfair market participants" and increased investment demand in Russia. 

The primary reasons for the increase, according to analysts, are consumers' increasing exposure to digital assets as well as a desire to earn rapid profits in a burgeoning industry with few rules amid instability in traditional financial markets. They also predict crypto fraud to continue to climb this year, with an annual increase of 15% expected.

Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords

 

The community of British Mensa, which is popularly known for its people with high IQs, they have failed to secure the passwords on their website properly and it has resulted in a massive heck of their sensitive credentials including their member’s personal data. 

According to the former director and technology officer at British Mensa, Eugene Hopkinson has made a statement that the organization had failed to secure the data of its 18,000 members accurately, the report reads in the FT. 

Hopkinson claimed, “that the stored passwords of Mensa members were not hashed, potentially allowing hackers to unscramble them”. The unprecedented security attack has become all the more serious this week when the people of the community acknowledged it had been the victim of a cyber attack. Currently, the Mensa website is unavailable and a message is displaying on the website which notifies that “site under maintenance”. 

In an emergency directors’ meeting, a Mensa member told the FT that “it was confirmed that the Mensa site had been hacked this morning, using the credentials of one of the organization’s directors. It was also confirmed that there were lots of Mensa members’ passwords stored in plain text. The society had sent him his password in plain text within the past year”. It has also been observed that several stashes of Mensa personal credentials have been posted onto the Pastebin website, whilst some data have been removed from the website. 

Hopkinson told the FT that “the Mensa website held lots of sensitive information on its members, including payment details, instant messaging conversations, and IQ scores of both current members and failed applicants. “If a breach is found to have taken place, I have no faith that the [Mensa] board and office will report it adequately... or take sufficient mitigating action to prevent further harm,” Hopkinson has written this in an open letter announcing his resignation. A fellow board member resigned in protest at the same issue. Meanwhile, a spokesperson for Mensa told the FT that “the data such as members’ passwords had been encrypted and that the organization was in the process of hashing passwords,”

Additionally, “the spokesperson has denied that passwords were ever sent out in plain text and that it had handed details of the cyberattack to Britain’s Information Commissioner with a view to pursuing a criminal investigation”. Mensa is a non-profit organization, which is only open to those people who score high marks in standardized IQ test such as in the 98th percentile

Google Project Zero Discovers Malicious Website Exploits which Affected iPhone Users



Researchers at Google Project Zero discovered an attack against iOS users which is present in the form of a malware hidden in hacked websites.

The malware stealthily installs itself for the users surfing any of the hacked websites, which have a readership base of thousands.

Once the malware is installed, it makes the iPhone act as a clandestine spying device which traces the contacts, location and messages, allowing hackers to get an overview of the victim's life and habits.

The malware extends the collection of data up to the popular third party apps such as Gmail, Whatsapp and Google Maps; it is configured to steal files and upload live location data of the owner.

The hub of white hat hackers, Google's Project Zero Division, which excelled in discovering multiple bugs and vulnerabilities, said that these attacks are based in a series of hacked sites, that were said to be randomly disseminating malware to iOS users.

The particular series of attack stands out as most of the attacks are more targeted in scope, however these attacks affected people who happened to surf one of the hacked websites.

Explaining  the issue, Ian Beer from Project Zero, says, "Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.

"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."

Paraguay Embassy website hacked in Taiwan



Paraguay embassy website has been hacked in Taiwan by Kapustkiy, and the hacked database is published on pastebin.com(pastebin.com/1f0EbeDs).

The leaked database is written in a chinese language which raises questions that there is the involvement of the Chinese hackers in this.

The targeted website is www.embapartwroc.com.tw, they revealed the name of the current user:  cboss@localhost, targeted the SQL version of  4.1.22, current DB, and the system user.

The leaked database has six tables such as  the name of the company, their contact details,  downloads, news, pages, and the product. The table contact has five columns with 1119  entries and company table has nine columns with 55 entries.

The company table includes the company name, email-id, password, and ename. While, the contact table has a name, mobile number, and email id.

It has been less than a week when websites of the Indian embassy in seven countries has been hacked and published in the same  manner on the website (Pastebin).


EA Games website hacked to host Apple phishing page

A webserver belonging to the EA Games has been compromised by cybercriminals and it is now hosting a phishing page attempting to steal Apple IDs.

According to Netcraft report, hackers managed to break into the sub-domain by exploiting vulnerabilities in the outdated version of web calendar application.

The Web Calendar version 1.2.0 has a critical vulnerability that allows attacker to run arbitrary code.

The phishing page tricks users into handing over their login credentials for the Apple website.  After entering the Apple ID and password, it will display second form which asks to victim to enter card details, name, birth date, phone number and few other details.  Like the usual phishing pages, once victim submit the details, he will be redirected to legitimate apple site.

Netcraft says the hacker might also have gained access to the internal servers and other information.

"In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server." The blog post reads.

BitStamp hacked, users are receiving spam mail containing malware


BitStamp which is said to be largest Bitcoin Exchange, has been breached and users are receiving spam mails containing a link to malware file.

BitStamp yesterday gave a warning to its users about a new phishing attack and urged users to ignore all emails with the subject "Bitstamp trading will be suspended for 24 hours".

A few days back, a BitStamp's user reported in reddit that he received a malicious email pretending to be from MtGox which asked to him to download a document saying "please sign the papers attached.  The malicious link given in the email led to page which distributes a malware with the extension '.pif'.

The user suggested that BitStamp mailing list might be compromised by attackers.  The attackers also appear to have sent spam mail pretending to be from BTC Guild and Eobot.  

BitStamp confirmed to owner of BTC Guild 'Eleuthira' that its mailing list has been compromised by attackers.  The security breach was reportedly happened before two weeks.

Thousands of Sites Possibly Hacked by Exploiting Plesk Zero-Day

Researchers says thousands of sites being hacked each day and some believe that the phenomenon may have something to do with a zero-day vulnerability that affects Parallels’ Plesk Panel.

According to Brian Krebs, the exploit, which works for sites running Plesk 10.4.4 and earlier versions, is sold on underground hacking forums for the price of $8,000 (6,300 EUR) by a member that’s known for providing reliable “products.”

The author, who even made available a point-and-click tool, claims that the exploit can be successfully utilized to obtain administrator password.

A few days ago, SC Magazin cited Sucuri Malware Lab experts who uncovered that around 50,000 websites had been breached. Since many of them were using Plesk, it’s possible that the attackers leveraged this flaw to hack them.

Furthermore, the recent attacks that involved pseudo-randomly generated domains, might have had something to do with the security hole in Plesk Panel, as Denis Sinegubko explains on the Unmask Parasites blog.

In the meantime, Parallels’ representatives have received a lot of complaints regarding a possible new vulnerability in Plesk 10.4 and earlier versions.

“We are currently investigating this new reported vulnerability on Plesk 10.4 and earlier. At this time the claims are unsubstantiated. We have not received any claims to confirm this vulnerability,” reads the security advisory published by the company.

On the other hand, their forums are full of users who state that their sites have been hacked even with all the patches applied.

“We had changed all the passwords as per the KB, and in less than 24 hours they were back in again with the new passwords. They hacked Plesk again using all the newly generated passwords,” one user wrote.

Until new information regarding this potential zero-day becomes available, Parallels’ recommends user to update their installations to Plesk Panel 11, which comes with numerous improvements in the security section.

XBox Live(XBL) Accounts hacked to buy FIFA 12 packs


As per the eurogamer report, Xbox 360 owners account is hacked in order to buy FIFA ultimate Team content packs. 

One of victim Speedjack reported to Eurogamer first about the compromise , who on 11th October found his gamertag had been "recovered" to someone else's machine.

"I then find out that I've had 5000 then 500 MS points bought on my credit card. Better yet, all the points including the 120 I had already on my account are gone... all spent on FIFA 12 content packs yesterday afternoon while I was at work.

"Not only that, but my account now has 35 FIFA 12 achievement points on it!!! Never played the game in my life - hate football."  Speedjack spoke to Microsoft support, which suggested there exists an issue with EA's servers that leaves XBL accounts vulnerable.

There is also a similar report on forum Facepunch, and multiple users' reports on the Xbox.com forum.

In order to Investigate complaints ,Microsoft support freezed compromised accounts up to 30 days.

Firefox Russian Website hacked and defaced by T34M PakleetS

www.firefox.ru website is hacked and defaced by T34M Pakleets.
This is what hacker said:
HackeD by T34M PakleetS

Everyday Someone Get Hacked Today is your Day

FirefoX ? O_o

Impossible only means it has not been done... Now watch what I can do

" Jus a Security Reminder"

KhantastiC HaXor - InnOcent HaCker

Th3 Vip3R - ReXor haXor

T34M PAKleetS
Defacement Screenshot:


Welt.de hacked Credit Card info of 30264 users Compromised

Welt.de is hacked using the SQL injection(http://boot24.welt.de/index_welt..php?ac =*** - shortened link!) Vulnerability.  He did this by his own admission, to protest against the sale of user data to a third party operator. So far, only censored excerpts from the database of all 30 264 users of Welt.de were published. However, all data should be made public operators


source:gulli

Press Release from Freedom fights and the Green party hacked

@ForFreed0m has released a press release and dump of info from the Green Party in name of #antisec.

This is what they said:
To every man, woman & child… We want an end to the glamorization of negativity in the media. We want an end to status symbols dictating our worth as individuals.

We want a meaningful and free universal education system. We want substance in the place of popularity. We will not compromise who we are to be accepted by the crowd. We want the invisible walls that separate by wealth, race & class to be torn down. We want to think our own thoughts. We will be responsible for our environment.

Dear internetz, today we bring you our release from “Freedom Fighters”. I laugh at the New World Order trying to enslave us via the media and politicians lying, we want an end to the biased press whom want to destroy our freedoms via fear. Fear is the way how the globalist’s want to control us, controlling our laws and establishing a police state which is what we are fighting against. We want our god given rights on privacy and being able to use our founding laws to control the government, not the government controlling us. We don’t want the government to be groping us in airports, we don’t want the government to enforce statutes to support the bankers but not support the citizens, we want a free government who listens to the citizens of the situating country and not listen to the globalist’s. This is why humans have revolutions for example: Libya. The Libya citizens fought up against the regime because they thought they were being suppressed and cruelly controlled. That is because we are humans and not robots, good day to you.

Our twitter: @ForFreed0m GO THERE FOR UPDATES

The Release Details:-

Oh herro Green Party, we just hacked you #Antisec

FirstName LastName Address Address2 CityHome StateHome ZipHome Phone Ofice_Email Gender Ethnicity Sexuality Under30 Disabili Active

Good day ‘ole chaps

DOWNLOAD HERE: http://www.mediafire.com/?rjzt1sc1uvlt41d

Pastebin Link:http://pastebin.com/HeZt8kXP