h4ck3r _ N3w5

Multiple Serious vulnerabilities have been discovered in the most famous ‘All In One SEO Pack’ plugin for WordPress, that put millions of WordPress websites at risk.

WordPress is easy to setup and use, that’s why large number of people like it. But if you or your company is using ‘All in One SEO Pack’ WordPress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6.

Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service.

More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization.

According to Sucuri, the reported privilege escalation vulnerabilities allow an attacker to add and modify the WordPress website’s meta information, that could harm its search engine ranking negatively.

“In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags.” Sucuri said.

Also the reported cross-site scripting vulnerability can be exploited by malicious hackers to execute malicious JavaScript code on an administrator’s control panel. “This means that an attacker could potentially inject any JavaScript code and do things like changing the admin’s account password to leaving some backdoor in your website’s files in order to conduct even more “evil” activities later.” Sucuri blog post said.
Vulnerability in WordPress plugins is the root cause for the majority of WordPress exploitation and this is one of the main tools in the web hackers’ arsenal. The plugin vulnerabilities can be exploited to access sensitive information or to allow for the sites to be easily defaced, can web used to redirect visitors to any malicious site, or to DDoS other websites.
Website owners are recommended to update their All in One SEO Pack WordPress plugin to the latest version immediately.

via The Hacker News http://ift.tt/1kX3wX0

Criminals will not let any way to cheat an ATM machine out of its cash, as it’s one of the easiest way for them to get the hands on cash. ATM skimmers have now discovered a new and high-tech approach to target cash machines directly by inserting a physical notorious device into it instead.
According to the Chinese press, two Ukrainian men arrested in Macau for reportedly planting the malicious software program in the seven Macau bank ATMs. This could came out as the quickest method to hack the cash machines.

HACKING ATM MACHINES

The two accused were arrested this week by the authorities in Macau, a Chinese territory approximately west of Hong Kong, but the two are from Ukraine and had successfully stolen almost $100,000 by corrupting more than seven ATMs with a computer virus.

According to the authorities, the men allegedly used a green object device (as shown in the image) to carry out the money fraud. They first connected the device to a laptop and then inserted it in the card slot on the ATMs. The device used by the criminals resembles a circuit strip wider as credit card but much longer than it. After inserting the device physically into the ATMs card slot, the criminals successfully installed the malware that has ability to fetch customer’s credit card information, including PINs.

Sources at the bank said once the device is inserted in the cash slot, it caused the malicious program running on the ATM machines to crash leaving the cash machine black. The machine would then restart, as soon as the device is removed. Now whosoever used the compromised ATM machine, became victim of the card fraud, as the hidden virus program started recording the cash card number, PINs and other information entered by customers.

CONVERTING COLLECTED INFORMATION INTO CASH

The suspects then returned to the ATMs after few days to gather the card information by using the same kind of green strips and then another special chip to destroy the evidence of the crime program. It is believed that the prisoner has accumulated at least 63 stolen card information.

The skimmers then used this cash card information to clone the cash cards. They primarily used to “write” the stolen data obtained from the magnetic stripe on the back of a card onto a new blank card to develop a cloned cash card and once a card has been cloned it is recognized by machines as the original card.

MALICIOUS USB ATTACK

Using physical device on Banks ATMs is not something new that the criminals have adopted. At the beginning of the year, a team of researchers at the Chaos Computing Congress in Hamburg, Germany has presented that how skimmers have been targeting cash machines directly using infected USB sticks.

BLUETOOTH ENABLED CREDIT CARD SKIMMERS

Also, in January this year, we reported about the Credit Card fraud in which the criminals stole users’ banking information using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the Southern United States. The skimming devices were internally installed in the gas station in such a way that it was undetectable to the people who paid at the pumps.

CLONING CHIP-N-PIN PAYMENT CARDS

After the largest data breach at the U.S. retailer Target, the payment card companies have become more serious in providing their users a secure credit and debit card. They also have launched Chip-n-PIN payment cards. But, Are they safe? Are they able to protect the financial information from payment card frauds?

Simply No! We have reported in our previous articles about two critical vulnerabilities the security researchers found in the Chip-n-PIN smart card payment system that makes EVM vulnerable to “pre-play” attack and the vulnerability could be exploited by the cybercriminals to clone the credit and debit cards in such a manner that even bank procedures won’t differentiate between the legitimate and fraud transactions.

via The Hacker News http://ift.tt/1pGWkPd

A Swedish man accused of being involved in the creation of the malicious software used to infect over half a million systems in more than dozens of countries, has pleaded not guilty in New York on Thursday to computer hacking charges brought against him.
Alex Yucel, 24, who is the co-author of the Blackshades Remote Access Trojan (RAT), owned and operate an organization called Blackshades, which sold the notorious software to the other people and hackers across the country for prices ranging from $40 to $50. This allowed the hackers to remotely control the victims’ computers and to steal keystrokes, passwords and access to victims’ private files, according to the authorities.

Blackshades malware is designed to steal victims’ usernames and passwords for email and Web services, instant messaging applications, FTP clients and lots more. In worst cases, the malicious software program even allows hackers to take remote control of users’ computer and webcam to take photos or videos without the knowledge of the computer owner.

Yucel a.k.a. “marjinz,” a.k.a. “Victor Soltan,” was arrested in November 2013 in Moldova, as part of an International crackdown on the malicious BlackShades RAT and during the same time the source code of the tool was also leaked on the Internet. He was extradited to the United States shortly after it. The accused developed the RAT along with the help of US citizen Michael Hogue, who has already pleaded guilty.

“Yucel ran his organization like a business—hiring and firing employees, paying salaries, and updating the malicious software in response to customers’ requests. He employed several administrators to facilitate the operation of the organization, including a director of marketing, a website developer, a customer service manager, and a team of customer service representatives,” the FBI said in a statement.

Alex Yucel faces two counts of computer hacking, one count of conspiring to commit access device fraud, one count of access device fraud and one count of aggravated identity theft. But, during Thursday’s hearing in Manhattan federal court, Yucel told U.S. District Judge Kevin Castel that he pleaded not guilty to the charges brought against him that included conspiring to commit access device fraud and access to device fraud.

However, according to prosecutor Sarah Lai, their are several evidence against him, including a number of laptops, computers, tablets, e-mail accounts and BlackShades subscriber records as well, and if convicted, he faces up to 17 years in prison.

In mid-May, the law enforcement authorities in the United States and Europe announced a large-scale operation of International raids against individuals suspected of developing, selling and using the notorious BlackShades RAT.

The raids took place in more than 100 countries and the federal authorities have seized 1,900 command and control domains and arrested more than 100 people worldwide involved in the purchasing, selling or using of the Blackshades malware.

In 2012, the BlackShades RAT was also used to infect and Spy on Syrian activists, while a very serious and bloody internal war between the government and the opposition forces.

BlackShades tool was actually developed by an IT surveillance and security-based company, as a tool for parents to monitor their Children activities and for finding the cheating partners in relationship. But, as usual the cyber criminals have made it a favourite tool to carry out illicit activities.

via The Hacker News http://ift.tt/1hJaw5j

The Iranian hackers may have spent years in running a creative and most dedicated cyber espionage campaign to steal government credentials with the help of Social Media including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger.
A Dallas-based computer-security firm, iSIGHT Partners, has exposed today a three-year old cyber espionage campaign which they believe to have originated in Iran, targeting a number of military and political leaders in the United States, Israel and other countries by creating false social networking accounts and a fake news website.
The security firm dubbed the cyber espionage operation as ‘Newscaster’, under which the iranian hackers are using more than a dozen social-media accounts of fake personas on social media sites such as Facebook, Twitter, and LinkedIn and targeted at least 2,000 people.

Since 2011, the Iranian hackers group has targeted current and former senior U.S. military officials, including a four-star U.S. Navy admiral, U.S. lawmakers and ambassadors, members of the U.S.-Israeli lobby, diplomats, journalists from Washington D.C., as well as personnel from more than 10 U.S. and Israeli defense contractors, according to the cyber security research firm.

“We’ve never seen a cyber espionage campaign from the Iranians as complex, broad reaching and persistent as this one,” says Tiffany Jones, senior vice president of client services at iSIGHT “The dozen or so primary fictitious personas have done a pretty successful job over the last few years in gleaning thousands of connections and ultimately targeting legitimate individuals through their social media networks.”

The core part of the operation is the fake news site known as NewsOnAir.org, registered in Tehran and located on a server that hosted mostly Iranian Web sites. The website is owned and operated by a fake media mogul named Joseph Nillson, whom they illustrated using a photo of Alexander McCall Smith, author of The No.1 Ladies’ Detective Agency.

This fake news website served the articles from other legitimate news sites but post under the names of six fake authors and thereby linked the published article from the fake identities in order to masquerade their targets. The fake personas impersonated to be working as a journalist, government employee or a defense contractor.

Once they gain the trust of their targets and befriend them through fake profiles, the hackers sent malicious links by emails which when accessed, would unleash malware designed primarily to steal email account credentials. The link directs people to fake login screens in order to steal their usernames and passwords.

The firm has not revealed the identity of the victims and the kind of data the hackers had stolen, who were seeking credentials to access government and corporate networks, as well as infect machines with malicious software. It’s also unclear that how many credentials hackers had captured till now.

“If it’s been going on for so long, clearly they have had success,” iSight Executive Vice President Tiffany Jones told Reuters.

The purpose of the hack is also not clear, but the cyber-threat intelligence firm suggested that Newscaster’s accesses may support the development of weapon systems or provide insight into U.S. military actions and negotiations with Middle Eastern countries.

via The Hacker News http://ift.tt/1k5yEEL

After Whatsapp, The Chinese WeChat is the second most popular messaging application and currently being targeted by cybercriminals to spread a new Banking Trojan in order to steal the financial information from its users.

WeChat is a famous mobile instant messaging app developed by Chinese company Tencent, with more than 355 million users across the world. The app offers people to chit-chat with their friends and relatives, and also allows users to make payments for goods and services on WeChat.

The Payment feature of the app requires users’ bank account details to their messenger account and this is what tempting cybercriminals to develop new and more sophisticated banking Trojans and malwares.

The security researchers at Kaspersky Lab have uncovered such banking Trojan, dubbed as Banker.AndroidOS.Basti.a, which looks exactly like the legitimate WeChat application for Android devices. While installation, it also requires the same permissions such as to access the Internet, received SMSs, and other services just like the real Wechat app.
Researchers found that some modules of the malware app are encrypted and this feature makes it different and sophisticated from other Mobile banking malwares. The malware authors have used an effective encryption in order to prevent Banker.AndroidOS.Basti.a trojan from reverse engineering of the code.
However, the Kaspersky researchers have successfully managed to decode the threat module and found that the malware is capable to perform various types of malicious tasks, including its more professional GUI, which makes it an efficient phishing tool.

Once the malicious WeChat app installed on the victims’ android devices, they are served a page asking to enter some useful information including their phone numbers, payment card numbers, PINs and other financial data.

As soon as a victim provides the personal details to the fake app, it sends them back to an email account controlled by the malware author. “This Trojan-Banker also registered a BootReceiver. It will monitor newly received text messages and uninstall broadcasts from the infected mobile.” they noticed.

The email account name and password details are hard-coded in the source code of the trojan and researchers have successfully retrieved it. They logged into the attackers email account and found that the banking trojan has already made lots of victims.

As the online apps are becoming more popular among the people, hence becoming an easy and a tempting target for cyber thieves. So, its up to you to better safeguard your data privacy.

Make sure that you have installed a reputed mobile security software in your devices. Always update your software applications to the latest version and avoid providing your sensitive information to any suspicious websites or downloading any app from any untrusted source.

via The Hacker News http://ift.tt/STVP9C

TrueCrypt, the popular and reputed open source file and disk encryption utility for Windows, OSX and Linux, has abruptly closed down Wednesday recommending its users to use Microsoft’s Bitlocker.

TrueCrypt is a free, open-source and cross-platform encryption program, thereby one of the world’s most-used encryption tool, trusted by tens of millions of users and recommended by NSA whistleblower Edward Snowden.

TRUECRYPT IS NOT SECURE

On Wednesday afternoon, the users of TrueCrypt encryption tool redirected to the project’s official SourceForge-hosted page that displays a mysterious security warning message that the popular encryption tool has been discontinued and that users should switch to an alternative.
The official website for the TrueCrypt software warns the user that the open source encryption software is no longer secure and informs that the development of the software has been terminated.

At the top of TrueCrypt page on SourceForge displays a text in red colour that states, “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.”

“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform,” Truecrypt website warned.

WEBSITE HIJACKED ? SUGGESTING TO USE BITLOCKER!

The encryption software abruptly ended its support without providing any explanation from its developers side and recommended Microsoft’s BitLocker as an alternative for Windows users, along with a detailed guide on how to migrate your encrypted data to BitLocker instead.

Now, this sudden security warning and suggesting Microsoft’s Bitlocker as an alternate raise many questions. Many people around the web have assumed that some hacker has compromised the SourceForge account of TrueCrypt, but yet it’s quite unclear whether it’s a defacement of the site or something controversial. Otherwise why the developers of free and open source encryption tool provider would recommend its users to switch on to the most controversial Microsoft’s Bitlocker drive encryption tool.

It could be possible that the developers of the TrueCrypt may be aware of some critical vulnerability or backdoor that according to them would imperil the integrity of the reputed software, which has been downloaded more than 28 million times. Some other possibilities could be:

• Government or Intelligence Agency forced the developers to include a backdoor for them, but they refused and shut it down like Lavabit encrypted email service.
• Someone hijacked the website and Crypto keys to raise false alarms.

Matthew Green, who is a professor specializing in cryptography at Johns Hopkins University and also involved with the TrueCrypt audit, tweeted that he believes that the announcement is a legitimate exit on the part of the developer, and not a hack.

Significantly, the current version listed on the SourceForge page, version 7.2, was signed yesterday with the official TrueCrypt private signing key, the same key used by the TrueCrypt Foundation for as long as two years. This means the warning on the official homepage of TrueCrypt isn’t a hoax posted by some hacker or cyber criminal.

TRUECRYPT AUDIT

TrueCrypt had recently just cleared its first stage of a security audit that focused on the TrueCrypt bootloader and Windows kernel driver; architecture and its code review. The security community has took this initiative to perform a public Security Audit of TrueCrypt in response to the Edward Snowden’s disclosures and concerns that National Security Agency (NSA) may have tampered with it.

The second phase of audit has to begun, which includes a thorough analysis of the various encryption cipher suites and implementation of random number generators and critical key algorithms.

Is it the end of popular encryption tool? Whatever be the reason behind the sudden shut-down of the most popular encryption service, but if the warning is legitimate, it might be time for the users to migrate their encrypted files to another encryption tool like DiskCryptor.

via The Hacker News http://ift.tt/1rjq49m

I am considering that you all must have read my last article on OpenSSL Heartbleed, a critical bug in the OpenSSL’s implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data, that the server did not intend to reveal.
The Heartbleed vulnerability made headlines around the world and my last article explains everything about probably the biggest Internet vulnerability in recent history, but still some readers are not aware of its nature, otherwise they would not have been a victim of the spam campaigns.

Spammers are very smart on gaining from every opportunity they get, so this time they are taking advantage of the infamous Heartbleed bug and frighten the users into installing Anti-Heartbleed Software onto their systems, which is obviously a malware.

The researchers at Symantec have unearthed a spam campaign targeting people by sending spam emails that warns them their system may still be “infected” with the Heartbleed bug and request them to run the Heartbleed bug removal tool (attached to the email, as shown below) in order to remove the virus from their system.

The people with a little knowledge of the OpenSSL Heartbleed Bug may follow what the spammers say, despite websites around the world flooded with the Heartbleed articles, explaining how it works, how to protect, and exactly what it is. Yet many didn’t get it right.

We too explained almost everything related to the nature of the bug and the foremost myth of the people about the bug is answered in our top question that explained Heartbleed is not a Virus or Malware, instead it’s a vulnerability resided in TLS heartbeat mechanism built into certain versions of the popular open source encryption standard OpenSSL. So, how could you go with the spammers in cleaning up your system to protect your systems from Heartbleed infection or malware?
Now, this is something which is unacceptable and allows cybercriminals to targets users with less technical knowledge to know that the Heartbleed vulnerability is not at all an infection or a malware.

“The spam email uses the social and scare tactics to lure users into opening the attached file,” reads the blog post.

The email tricks users by masquerading itself to come from a very popular password management company, with the details to run the attached removal tool, along with the measures if users’ antivirus software blocks it.

Users feel safe to open the attachment as the attached file seems to be a docx file, but once it is opened, it will serve an encrypted zip file to the user. When the user extracts the zip file content, they will find a malicious .exe file that represents itself as the Heartbleed bug removal tool.

Once the .exe file is executed by the user, it downloads a keylogger in the background without their knowledge, whereas the user shows a popup on the screen with a progress bar. After a while, a message flash on the screen reporting users that Heartbleed bug was not found and the computer is clean.

The user may feel relieved after knowing that the Heartbleed bug has not affected them, but during the same time they are unaware of the key-logger software installed in background and recording keystrokes, screenshots and sending all the personal information of users to the cyber criminals.

Users are recommended not to click on any link in the suspicious messages and better use your common sense and knowledge at right time and right place, because security researchers, experts and we sitting here can only provide you knowledge about the various vulnerabilities and measures to get rid of it, but else is up to you to protect yourself from these kind of security threats.

via The Hacker News http://ift.tt/1k1hZ5e

Two weeks ago, it was revealed that NSA has been reportedly intercepting and accessing routers, servers, and other computer networking hardware to plant data gathering “backdoors” and other spywares before they were exported and delivered to the international customers.
Now, the journalist Glenn Greenwald is set to publish a list of names of those U.S citizens who have been illegally spied on by the NSA.
Glenn Greenwald is the journalist from the Guardian newspaper who helped former National Security Agency contractor Edward Snowden reveal confidential documents about the widely spread surveillance programs conducted by the government intelligence agency such as NSA and GCHQ.
Greenwald is promoting his latest forthcoming book, “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State” that underlines the interest of NSA in conducting massive Internet surveillance program. He said the about to release list will be the biggest revelation out of the 2 million classified documents Snowden obtained working with the agency.

“One of the big questions when it comes to domestic spying,” says Greenwald. “‘Who have been the NSA’s specific targets?’ Are they political critics and dissidents and activists? Are they genuinely people we’d regard as terrorists? What are the metrics and calculations that go into choosing those targets and what is done with the surveillance that is conducted? Those are the kinds of questions that I want to still answer.”

His new book is based upon the leaked documents from 2010 provided by the former NSA contractor Edward Snowden that detailed the NSA receiving or intercepting various devices in the US before exporting them to foreign countries, which he apparently obtained from Snowden.

Greenwald slammed the NSA in preventing Snowden from stealing 1.7 million documents from the intelligence agency systems before fleeing to Hong Kong and eventually receiving asylum in Russia.

He also pointed out the weakness of the agency and government in safeguarding the confidential documents as well as their limited success in figuring out the lost data.

“There is this genuinely menacing [spy] system and at the same time, [they] are really inept about how they operate it. Not only was he out there under their noses downloading huge amounts of documents without being detracted, but to this day, they’re incapable of finding out what he took,” said Greenwald.

The list of those Americans in the United States targeted by the NSA will be soon published on The Intercept, the website Greenwald established after he left The Guardian earlier this year. The website aims at providing “a platform to report on the documents previously provided by NSA whistleblower Edward Snowden.”

via The Hacker News http://ift.tt/1k1brT2

Today, the popular Music streaming service Spotify said the company has suffered a Data breach and warned users of its Android app to upgrade it in the wake of a potential data breach in their servers.

Spotify is a commercial music streaming service launched in October 2008 by Swedish start-up Spotify AB and is freely available for Android and iOS devices as well as for desktop computers with more than 40 million active users, out of which about 10 million users are its paid subscribers. It offers offline listening and ad-free playback are also available for Premium subscribers of the service.

The company announced that a hacker had allegedly broken into its systems and gained unauthorized access to the internal company data. So far only one of its users’ accounts has been accessed in the data breach, but the company believes that their is no harm to the financial information, payment details or password of the affected user.

“Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial, or payment information,” Spotify chief technology officer Oskar Stal said in a blog post on Tuesday. “We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident.“

The company takes the matters seriously and immediately launched an investigation. But they does not believe users are at any extended risk following the breach.

However, Stal said the company takes such matters very seriously, and as “general precautions,” Spotify will signed out some of their desktop, iOS, Android and Windows Phone apps users in the coming days and will ask them to log-in again by re-entering their username and password, just some extra steps to ensure its customers’ private data stays safe.

Spotify will release the updates this week and will also guide its Android users to upgrade the Android app. “Please note that offline playlists will have to be re-downloaded in the new version,” Stål said. “We apologize for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users.”

In their statements, Spotify has not given any details that how attackers were able to compromise the database, but the above Android app recommendation hints that users of Android app are likely at great risk, as there are possibilities that the data breach was caused because of a vulnerability in the Android app. Whereas, Spotify said, ‘no action recommended for iOS and Windows Phone users’ at this time.

The news comes after the latest eBay massive data breach that affected 145 million registered users across the world after the company’s database was compromised by the hackers.

via The Hacker News http://ift.tt/1nwrAAW

It has been months ago since the release of Samsung’s latest Smartphone, Galaxy S5 and we have seen a portion of International units receive root, but a couple of the carrier variants including the developer edition of Samsung Galaxy S5 for Verizon and At&T hasn’t been in the list, sadly.

The Interesting part is that till now no hacker has found a way out to gain the root-rights of the Verizon as well as AT&T version of the Samsung Galaxy S5.

Now, the Verizon and AT&T users who own Samsung Galaxy S5 are reportedly itching to get Android rooting technique for their devices, so that they can do tons of things such as customizations, patching apps, installing third-party ROMs etc.
This situation is something unacceptable to the developers and Galaxy S5 users, and finally the senior members of XDA developers in collaboration with the group of Verizon and AT&T customers have started a Crowd funded Bounty program for achieving the root on Verizon and AT&T Samsung Galaxy S5 devices.

As of writing this, members of XDA forum has raised total $17,600, and the first person who will provide a working technique for rooting Verizon device will be awarded $9,970.00 and for AT&T the awarded amount is $7,700.00.

The root-breaker would get even high bounty as the developer community XDA Developers is continuing to collect donations to replenish the prize fund.

While a cash reward is always a great motivator to those who are good enough to find security holes in devices locked up, but this doesn’t guarantee that a root will be produced for Verizon and AT&T’s Galaxy S5, however it’s an excellent effort for sure.

XDA developers have place some requirements to fetch the bounty:

• Be the first person to create or find a method to achieve the following:
• • Exploiting a fully stock VRU1ANCG build to gain root access
• Make a post in this thread with the following:
• • Proving it works with appropriate photos and/or screenshots and
  • Providing full step-by-step instructions for which anyone else can follow.
• Wait for at least one member to follow the same method and confirm it works the same on their fully stock device with VRU1ANCG build.
• Claim your bounty via PM from pledger(s).

Good Luck!

via The Hacker News http://ift.tt/1kbz3j5