Showing posts with label Top News. Show all posts
Showing posts with label Top News. Show all posts
Friday, February 22, 2013
1500 Hacked PayPal Accounts Sold on Underground Website
Security firm Webroot has identified an underground shop that’s selling access to over 1,500 PayPal accounts. Most of the compromised accounts belong to users from the United States.
The cybercriminals who sell the information provide potential buyers with information such as account holder’s first name, selling price, account type, balance, and if the associated credit card and bank account are confirmed or not.
For instance, a verified account with a balance of $3 (2 EUR) with the card and the bank confirmed is sold for $3 (2EUR). For $20 (15 EUR), anyone can purchase a verified “premier” account with a balance of $337 (252 EUR).
“What’s particularly interesting regarding this E-shop is the fact that the cybercriminal behind it tried to come up with a value-added service, in this case a built-in Socks5 proxy checker, to be used when interacting with the hacked PayPal accounts for greater anonymity,” Webroot’s Dancho Danchev explained.
The servers are apparently compromised hosts used as anonymization proxies that help cybercriminals avoid being tracked down too easily.
The cybercriminals who sell the information provide potential buyers with information such as account holder’s first name, selling price, account type, balance, and if the associated credit card and bank account are confirmed or not.
For instance, a verified account with a balance of $3 (2 EUR) with the card and the bank confirmed is sold for $3 (2EUR). For $20 (15 EUR), anyone can purchase a verified “premier” account with a balance of $337 (252 EUR).
“What’s particularly interesting regarding this E-shop is the fact that the cybercriminal behind it tried to come up with a value-added service, in this case a built-in Socks5 proxy checker, to be used when interacting with the hacked PayPal accounts for greater anonymity,” Webroot’s Dancho Danchev explained.
The servers are apparently compromised hosts used as anonymization proxies that help cybercriminals avoid being tracked down too easily.
Monday, February 11, 2013
Pak web domain .pk remains vulnerable to cyberattacks
PKNIC - a shared registry system that manages the .pk domain name space (DNS) for Pakistani websites - which was hacked twice in the last three months, remains vulnerable to basic-level cyberattacks.
Though the company has thwarted the recent attack, it is still investigating the security breach, reports The Express Tribune.
PKNIC, which hosts 23,000 users of the .pk domain, including national-level websites, was attacked this Monday after a group of hackers penetrated and defaced several websites, including those of Pakistan's famous newspapers.
The hackers - ZombiE_KsA, Z3r0Byt3, Xploiter and Dr Freak - criticised PKNIC for being unable to fix the vulnerabilities in its DNS servers.
This was the second successful attack on PKNIC, a private company based in California, United States.
In November 2012, Eboz, a Turkish hacker, entered PKNIC servers, taking down about 284 websites with the .pk domain including google.com.pk. Later on, PKNIC issued a statement, claiming it had fixed the vulnerabilities and the website was secured.
PKNIC has not mentioned what measures it is considering to protect its website from attacks in future.
The attack on DNS is considered a very basic hacking technique in cyberworld, according to Barrister Zahid Jamil, an expert in assessing cyber crime. Jamil believes that the recent attack was the result of security flaws in the clients' own websites.
Rafay Baloch, a professional white hat who recently bagged $10,000 in Paypal's bug bounty programme after exposing a critical vulnerability in the website, also called it a basic-level attack.
However, he said it is believed across many online forums that PKNIC is also vulnerable to SQL injection - the most powerful cyberattack, according to Open Web Application Security Project (OWASP). OWASP is the world's largest organisation in terms of web application security and penetration testing.
At present, there are no laws in Pakistan to govern this type of cybervandalism.
Though the company has thwarted the recent attack, it is still investigating the security breach, reports The Express Tribune.
PKNIC, which hosts 23,000 users of the .pk domain, including national-level websites, was attacked this Monday after a group of hackers penetrated and defaced several websites, including those of Pakistan's famous newspapers.
The hackers - ZombiE_KsA, Z3r0Byt3, Xploiter and Dr Freak - criticised PKNIC for being unable to fix the vulnerabilities in its DNS servers.
This was the second successful attack on PKNIC, a private company based in California, United States.
In November 2012, Eboz, a Turkish hacker, entered PKNIC servers, taking down about 284 websites with the .pk domain including google.com.pk. Later on, PKNIC issued a statement, claiming it had fixed the vulnerabilities and the website was secured.
PKNIC has not mentioned what measures it is considering to protect its website from attacks in future.
The attack on DNS is considered a very basic hacking technique in cyberworld, according to Barrister Zahid Jamil, an expert in assessing cyber crime. Jamil believes that the recent attack was the result of security flaws in the clients' own websites.
Rafay Baloch, a professional white hat who recently bagged $10,000 in Paypal's bug bounty programme after exposing a critical vulnerability in the website, also called it a basic-level attack.
However, he said it is believed across many online forums that PKNIC is also vulnerable to SQL injection - the most powerful cyberattack, according to Open Web Application Security Project (OWASP). OWASP is the world's largest organisation in terms of web application security and penetration testing.
At present, there are no laws in Pakistan to govern this type of cybervandalism.
Saturday, November 3, 2012
BackBox Linux v3.0
BackBox is a Linux distribution based on Ubuntu Desktop, and designed for performing penetration testing, incident response, computer forensics, and intelligence gathering. It uses the Xfce desktop environment, and is developed by Raffaele Forte and a small but dedicated team.
This release include features such as the new Linux Kernel 3.2 flower and Xfce 4.8. Apart from the system major upgrade, all auditing tools are up to date as well.
What's new- System upgrade
- Bug corrections
- Performance boost
- Improved start menu
- Improved Wi-Fi dirvers (compat-wireless aircrack patched)
- New and updated hacking tools
- 32-bit or 64-bit processor
- 512 MB of system memory (RAM)
- 4.4 GB of disk space for installation
- Graphics card capable of 800×600 resolution
- DVD-ROM drive or USB port
Subscribe to:
Posts (Atom)
