NSA purchased zero-day exploits from French security firm Vupen

NSA purchased zero-day exploits from 

French security firm Vupen

The National Security Agency bought hacking tools from a security firm, based on 

documents unearthed by a FOI request.

The bombshell media leaks that exposed the U.S. National Security Agency's surveillance 

projects were easily one of the main stories of the year -- with international and political 

repercussions -- but now a Freedom of Information request has unearthed the additional 

purchase of hacking tools.

Ex-NSA contractor Edward Snowden is wanted by the U.S. government for leaking 

confidential documents to the media which exposed the agency's surveillance techniques 

used not only on American citizens, but allegedly other countries and their residents.

While Snowden is currently living in Russia under guard and silent, revelations continue to 

surface. One of the latest reports claims that the NSA is able to access data from Apple 

iPhones, BlackBerry devices, and phones that use Google's Android operating system. In 

addition, following document leaks which suggested the NSA was accessing email records, 

a number of companies offering secure email shut down, and in their place, encrypted 

mobile phone communication applications have risen.

A fresh report, brought on by a Freedom of Information (FOI) request by government 

transparency site MuckRock, shows that the NSA purchased data on zero-day vulnerabilities 

and the software to use them from French security company Vupen.

According to the documents, the NSA signed up to a one-year "binary analysis and exploits 

service" contract offered by Vupen last September.

Vupen describes itself as "the leading provider of defensive and offensive cyber security 

intelligence and advanced vulnerability research." In other words, the security firm finds 

flaws in software and systems and then sells this data on to governments.

In addition, Vupen offers offensive security solutions, including "extremely sophisticated 

and 

government grade zero-day exploits specifically designed for critical and offensive cyber 

operations."

Zero-day vulnerabilities are security flaws in systems discovered by researchers and 

cyberattackers which have not been found or patched by the vendor. These flaws can then 

be exploited to gain access to a system and its information, or the vulnerabilities can be 

sold 

on the black market. White-hat hackers may reveal the flaw to the vendor for free or as 

part 

of a 'bug bounty' program.

The finding isn't all that surprising, considering a report released in May previously claimed 

that the United States is the world's "biggest buyer" of malware.

Russian telecommunication authorities temporarily blacklist Facebook [RT]

Russian telecommunication authorities temporarily blacklist Facebook [RT]

According to  RT report . Facebook was added to Russia’s internet blacklist after content on one of the social network’s pages was deemed to be illegal.

The Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor) added the social networking site to the blacklist on Thursday.

The federal service did not specify which content violated its policies, but said it had received 10 complaints against the site. Details of the individual complaints have not been disclosed.

“Three applications have been examined, including those not related to advertising of smoking blends. Facebook has eliminated the violations under two inquiries, and the third has been included to the register. We have already sent a notification to the hosting providers. Facebook has three days to remove the violation, and avoid a ban in Russia,” Roskomnadzor spokesman Vladimir Pikov told ITAR-TASS news agency.

Facebook removed the content later on Thursday. According to media reports, however, the site was never informed that it was facing a ban.

Roskomnadzor acknowledged that Facebook complied with the service’s requirements, adding that the social network would be removed from the register of controversial websites.

On Monday, an advertisement promoting the sale of smoking blends on the site sparked a lively discussion among Facebook users, with many suggesting that such ads are illegal.

The advertisement also caused a stir in Russia’s Federation Council. The head of the Committee on Information Policy, Ruslan Gatarov, said that he appealed to the Federal Drug Control Service to take action against the promotion of drugs and tobacco online.

“We need to do everything so a situation like this does not happen again. I believe this is a clear violation of Russian law, with all the relevant consequences,” Gatarov said.

Russia’s internet blacklist law, which is aimed at protecting children from harmful web content, came into effect in November 2012.

The law enables authorities to force certain web pages offline, even before a trial takes place. This applies to internet sites which contain child pornography, suicide instructions, or promote the use of drugs. In other cases, the decision is to be taken to court.

Top Dangerous attack in the history of the Cyberspace::

Top Dangerous attack in the history of 

the Cyberspace::

Robert Tappan Morris and the Morris Worm (1988):

Creator of the first computer worm transmitted through the Internet, Morris, a student at Cornell Univeristy in the USA, claimed it his progeny was not aimed to harm but was made for the innocuous intent to determine the vastness of the cyberspace.
Things went pear-shaped when a the worm encountered a critical error and morphed into a virus which replicated rapidly and began infecting other computers resulting in denial of service. The damage? 6000 computers were reportedly affected causing an estimated $10-$100 million dollars in repair bills.
While this event could be pinned as being an unfortunate accident, it no doubt played a part in inspiring the calamitous distributed denial-of-service (DdoS) type of attacks we see today.

MafiaBoy causes $1 billion dollars in damages (2000):

Another 15 year old that caused mischief in cyber space was Michael Calce a.k.a. MafiaBoy.
In 2000, Calce, now 25, was just a Canadian high school student when decided to unleash a DDoS attack on a number of high-profile commercial websites including Amazon, CNN, eBay and Yahoo!.An industry expert estimated the attacks resulted in a $US1.2 billion dollar damage bill.
He was later apprehended. Because he was still a juvenile, Calce was sentenced in 2001 to eight months in open custody, meaning his movements and actions would be restricted. His online access was also limited by the court.
Calce and since scored gigs as a columnist and recently published a book about his ordeal.

Google China hit by cyber attack (2009):

When Google's Chinese headquarters detected a security breech in mid-December, it opened up a whole can of worms (pun intended) implicating the Chinese Government.
Hackers had gained access to several Google’s corporate servers and intellectual property was stolen.
In a blog, Google said it has “evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinse human rights activists”. As the company dug deeper, they found numerous Gmail of users from US, China and Europe had been routinely been accessed without permission. Those emails belonged to advocates of human rights in China.
All eyes darted towards the Chinse Government, which has been accused of flagrantly disregarding human rights for years.
Google entered the Chinese market with www.google.cn in 2006 and capitulated to China’s stringent Internet censorship regime. The cyber attacks in December 2009 resulted in the company’s re-evaluation of its business in the country.
In March 2010, Google relocated its servers for google.cn to Hong Kong in order to escape China’s Internet filtering policy.

Teen hacks NASA and US Defense Department:

The year was 1999. Jonathan James was 15 at the time but what he did that year secured him a place in the hacker’s hall of fame.
James had managed to penetrate the computers of a US Department of Defense divison and installed a ‘backdoor’ on its servers. This allowed him to intercept thousands of internal emails from different government organisations including ones containing usernames and passwords for various military computers.
Using the stolen information, James was able to steal a piece of NASA software which cost the space exploration agency $41,000 as systems were shutdown for three weeks.
According to NASA, “the software [purported to be worth $1.7 million] supported the International Space Station’s physical environment, including control of the temperature and humidity within the living space.”
James was later caught but received a light sentence due to his young age.
He committed suicide in 2008 after he was accused of conspiring with other hackers to steal credit card information. James denied the allegation in his suicide letter.

Phone lines blocked to win Porsche (1995)

Kevin Poulsen is famous for his work in hacking into the Los Angeles phone system in a bid to win a Ferrari on a radio competiton.
LA KIIS FM was offering a Porsche 944 S2 to the 102th caller. Poulsen guaranteed his success as he took control of the phone network and effectively blocked incoming calls to the radio station’s number.
He won the Porsche but the law caught up to him and he was sentenced to five years in prison.
Poulsen later became the senior editor for IT security publication, Wired News.

Hacker targets Scientology (2008):

In January 2008, a New Jersey teenager along with a gang of hackers launched a DDoS attack that crippled the Church of Scientology website for several days.
The group is dubbed Annoymous and is staunchly against the ‘religion’.
Dmitriy Guzner, who was 19 years old, was charged and convicted for the DDoS attack. The maximum penalty was 10 years prison and a $250,000 fine but he was ultimately sentenced to two years probation and was ordered to pay the Church of Scientology $37,500.
A second man has been charged for the attack

security researchers found yet another vulnerability in JAVA after update

security researchers found yet another vulnerability in JAVA after update

Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed.

Critical buffer overflow vulnerability in Photoshop CS6

Critical buffer overflow vulnerability in Photoshop CS6

Adobe has released an update for Photoshop CS6 that closes a critical heap-based buffer overflow vulnerability (CVE-2012-4170) in its popular graphics editing program. Both the Mac and Windows versions of Photoshop CS6 (aka Photoshop 13.0) contain a critical vulnerability that could allow an attacker to take control of affected systems.

Two alleged IndiShell hackers arrested for hacking cell recharge site

Two alleged IndiShell hackers arrested for hacking cell recharge site

Two alleged members of the Indian Hacker group 'IndiShell', were arrested on Saturday after an extensive investigation by the Gautam Budh Nagar cyber crime cell.

According to Times of India report, the accused, who did BTech in computer science, were charged with hacking into an e-commerce website that specializes in mobile recharge. Cops said four members of the gang with pan-India operations were at large.

Sumit Gupta (24) and Ankit Singh (22), from Moradabad in UP, accused for cheating a Delhi-based company of more than Rs 50 lakh. They were arrested from Noida and booked under Sections 420 of the IPC and 66C of the IT Act, 2008.

"We received a complaint from the head of recharge of Memory Electronics Pvt Ltd about the website being hacked," said Triveni Singh, DSP (cyber crime cell) GB Nagar.

"After hacking into the server, the accused obtained administrative rights of the website. when users asked for recharge of their cellphones, DTH cards, net cards, etc, the hackers would just key in the cell number and the amount to be topped up. However, no bill would be generated as the hackers had bypassed the payment page," Triveni added.

The other accused who are yet to be arrested are also BTech graduates from across India. "Shrinivas, facebook name 'neo', is from Kohlapur in Maharashtra; Ajay Dhaka, alias dark look, is from Jaipur; Raman Kumar Rana, facebook name 'google warrior', is a resident of Pathankot; and Manmohan, alias 'mack', is from Muradabad," Triveni said.

According to the report, the Shrinivas is the founder and president of a cyber security and anti-hacking organization. But now he is involved in hacking himself and has made a business out of it.

Iran still on target of 'Mahdi' malware after detection

Iran still on target of 'Mahdi' malware after detection

In JULY Kaspersky Lab and Seculert revealed the presence of a new cyber-espionage weapon known targeting users in the Middle East. Despite the recent uncovering of the 'Madhi' malware that has infected several hundred computers in the Middle East, researchers say the virus is continuing to spread.

Anonymous Hacker take down GoDaddy with IRC Bots



GoDaddy.com, which hosts millions of websites mostly for small businesses, said Monday it was investigating an outage that had knocked some of its customers offline. A hacker using the "Anonymous Own3r" Twitter account claimed credit for the outage, "Hello http://godaddy.com/ now yes! all servers #tangodown by @AnonymousOwn3r," a tweet said.

Ankit Fadia site again Hacked and Suspended by Hosting provider

Ankit Fadia site again Hacked and Suspended by Hosting provider


Another Funny news, today India’s most popular but Self Claimed Hacker - Ankit Fadia's website just got hacked by a 17 Year old kid Kul Verma. His official Website http://ankitfadia.in/ got hacked and seems like his Hosting Provider has suspended his website on noticing something not correct with his site.

Plugx RAT targeting government organizations in Japan using spear phishing

Plugx RAT targeting government organizations in Japan using spear phishing



Roland Dela Paz (Threat Researcher) at TrendMirco reported that last year a Malware Campaign to target specific users in Japan, China, and Taiwan once again on rise using new breed of Remote Access Tool (RAT) called Plugx (also known as Korplug). This new custom made version comes for less recognition and more elusiveness from security researchers.

Sony Mobile’s Data Leaked in China

Sony Corp has confirmed the data breach of its mobile unit in China and Taiwan. Company said that the hackers have got access to email addresses and names of as many as 400 that was on the server of third party vendor. No other secure information like passwords, credit card details have been breached.

Reliance Net Connect website Defaced by Hackers

Reliance Net Connect website Defaced by Hackers

Reliance Net Connect , a venture of Reliance Communications , one of the leading CDMA & GSM Service providers in India website was Defaced by Hackers two days back. No reason mentioned by hackers but on deface page, Hackers wrote "Hacked by Dr-FreaK and Napsters Cr3w".

Al Jazeera SMS service Hacked, Fake messages spread by Hackers

Al Jazeera SMS service Hacked, Fake messages spread by Hackers

Anonymous dump 2.5 GB data from email of priest accused for child abuse

In July 2012 Italy police have arrested a Catholic priest over allegations he abused a teen girl. Father Don Giacomo Ruggeri , 43, was immediately suspended from all priestly duties and police had raided his home and seized his computer.

Anonymous Hackers today publish 2.5 GB of private mails from the Gmail of a priest recently protagonist of a story related to alleged child abuse on official blog of Anonymous Italy.

hacked a computer of Federal Bureau of Investigation's

A hacker group said to be AntiSec claimed that they hacked a computer of Federal Bureau of Investigation's Agent inside the office of the department that was located in New York.
Furthermore, it was claimed by a member of AntiSec that they have retrieved some personal data from the computer of agent. According to the hackers group the file was taken into account during the month of march via Java software.

blog named media.geniushackers.net

Voice Of Grey Hat
Enough is enough.... few months ago we have been reported that a blog named media.geniushackers.net have continuously stealing content from Voice Of Grey Hat 1st we send friendly warning & told the site admin to maintain proper decorum, but he ignored. So here comes DMCA take-down. The website has been banned.....

Dominos India website Hacked

Dominos India website Hacked and 37,000 user data leaked

Domino's Pizza, India's fastest growing fast food pizza company's website(dominos.co.in) reportedly has been hacked by a hacker using the handle Maxney who is part of the Turkish Hacker group "Turkish Ajan Hacker Group".

Electromagnetic Pulse Attacks : Are we prepared ?

An electromagnetic pulse (EMP) attack is a threat few Americans are familiar with, yet one which could easily destroy their lives. What would you do if your electricity suddenly went out and didn't come back on for months or even years? How long would you last with the food in your pantry, the bottled water you have shelved, and your net worth reduced to the cash in your pocket? These are the factual consequences of EMP attack.

BlackHole Exploit Kit 2.0 released with more latest Exploits

According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security holes in order to install malicious software on victim's systems.

Bank of America Website under Cyber Attack from Islamic Hackers

Bank of America's website experienced periodic outages Tuesday due to cyber attacks launched in retaliation for "Innocence of Muslims," the amateurish film whose mocking portrait of the Prophet Muhammad has incited deadly riots throughout the Middle East.