unlock
Hacks and Incidents

Ubuntu Forums hack exposes 2 million users

Ubuntu Forums hack exposes 2 million users: The company that builds Ubuntu, a popular Linux distribution, has said its forums were hacked Thursday. Canonical, which develops the operating system, said in a statement on Friday that two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.

The single best way to protect yourself against credit card fraudThe attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.

The statement stressed that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.Since the breach, the servers were wiped, rebuilt, and hardened, passwords were changed, and the forum software was fully patched.

Standard
ibm_screen3
Hacks and Incidents

Wget Arbitrary Commands Execution

SSD Advisory – Wget Arbitrary Commands Execution: A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands. The commands are executed with the privileges with which wget is running. This could prove to be quite severe when wget is launched as ‘root’.

Standard
android-malware
Security Techniques

Decrypting Android M adopted storage

Android Explorations: Decrypting Android M adopted storage: One of the new features Android M introduces is adoptable storage. This feature allows external storage devices such as SD cards or USB drives to be ‘adopted’ and used in the same manner as internal storage. What this means in practice is that both apps and their private data can be moved to the adopted storage device. In other words, this is another take on everyone’s (except for widget authors…) favorite 2010 feature — AppsOnSD. There are, of course, a few differences, the major one being that while AppsOnSD (just like app Android 4.1 app encryption) creates per-app encrypted containers, adoptable storage encrypts the whole device. This short post will look at how adoptable storage encryption is implemented, and show how to decrypt and use adopted drives on any Linux machine.

Standard
risk
Hacks and Incidents

Zero-day flaw lets hackers tamper with your car through BMW portal

Zero-day flaw lets hackers tamper with your car through BMW portal: Researchers have disclosed zero-day vulnerabilities affecting the BMW web domain and ConnectedDrive portal which remain unpatched and open to attack.

According to researchers from Vulnerability Labs, there are two main bugs both related to the BMW online service web app for ConnectedDrive, the connected car hub for new, internet-connected vehicles produced by the automaker.

The first flaw, found in the ConnectedDrive portal, is a VIN session vulnerability. The VIN, or vehicle identification number, is used to identify individual models connected to the service. The bug is found within the session management of VIN usage, and remote attackers can bypass validation procedures using a live session.

The session validation flaw can be exploited with a low-privilege user account, leading to manipulation of VIN numbers and configuration settings — such as compromising registered and valid VIN numbers through the ConnectedDrive portal.

The second bug is a cross-site scripting vulnerability the researchers discovered client-side on the BMW web domain in the password reset token system. The researchers call the problem a “classic” cross-site scripting vulnerability, as the security flaw does not need privileged user accounts to be exploited; instead, “low user interaction” is needed through only a payload injection into the vulnerable module.

If exploited, attackers can inject malicious code into the domain’s modules, potentially leading to session hijacking, phishing campaigns, or diverting users to malicious domains.

Standard
risk
Hacks and Incidents

TP-LINK Loses Control of Two Device Configuration Domains

TP-LINK Loses Control of Two Device Configuration Domains – Slashdot: Security researcher Amitay Dan warns that tplinklogin.net, a domain through which TP-LINK router owners can configure their devices, is no longer owned by the company, and that this fact could be misused by malware peddlers. TP-LINK has confirmed that they no longer own the domain in question, and will not be trying to buy it from the unknown seller for now. Instead, they intend to change the domain in the manuals to a newer one that’s already in use.

More details:

Standard
acunetix
Hacks and Incidents

Acunetix WVS 10 0Day SYSTEM remote command execution

Acunetix WVS 10 0Day SYSTEM remote command execution: Acunetix WVS 10 0Day SYSTEM remote command execution by Italian researcher Daniele Linguaglossa.

This poc show the exploitation of 2 flaw affecting Acunetix WVS 10, by exploiting them is possibile to execute command on victim machine just by scanning it, and then using a second flaw is possibile to elevate privilege till SYSTEM.

Not the first time Acunetix has serious flaws: in 2014 a simple Stack Overflow was found by Vaibhav Deshmukh:

http://cybersecwarriors.blogspot.it/2014/09/finally-hacked-hacker-acunetix-suffers.html

acunetix-exploit2 acunetix-exploit

Standard
website-security
Hacks and Incidents

How the Pwnedlist Got Pwned

How the Pwnedlist Got Pwned: Indeed, after about a minute of instruction, I was able to replicate Hodges’ findings, successfully adding Apple.com to my watchlist. I also found I could add basically any resource I wanted. Although I verified that I could add top-level domains like “.com” and “.net,” I did not run these queries because I suspected that doing so would crash the database, and in any case might call unwanted attention to my account. (I also resisted the strong temptation to simply shut up about this bug and use it as my own private breach alerting service for the Fortune 500 firms).

Standard
wordpress-hacked
Hacks and Incidents

When a WordPress Plugin Goes Bad

When a WordPress Plugin Goes Bad: Custom Content Type Manager (CCTM) is a relatively popular plugin with three years of development, 10,000+ active installs, and a satisfaction rating of 4.8. It helps create custom post types. Website owners find the classical “blog format” too restrictive, use the plugin to add custom elements to their posts. So far so good.

This week we cleaned one infected site and found a very suspicious auto-update.php file inside wp-content/plugins/custom-content-type-manager/.

Standard
175195728-ed
Hacks and Incidents

Hackers tried and failed to steal a billion dollars from bank

Hackers tried and failed to steal a billion dollars from bank: Hackers stole $80 million from a bank, but it could have been a lot worse if they had just Googled the name of a company, according to Reuters. Thieves got inside servers of the Bangladesh Bank, stealing the credentials used to make online transfers. They then bombarded the Federal Reserve Bank in New York with up to 13 money transfer requests to organizations in the Philippines and Sri Lanka. The Fed allowed four to go through totaling $81 million, but the next one was flagged by a routing bank in Germany because the hackers misspelled “foundation” as “fandation.”

Standard
APPLE-HACK
Security Techniques

How to bypass Apple Passcode in 9.1 and laterSecurity Affairs

How to bypass Apple Passcode in 9.1 and later: “An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone5&6|iPad2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the apple iphone via an application update loop issue. The issue affects the device security when processing to request a local update by an installed mobile ios web-application.” states the technical description published by the vulnerability-lab.com.

 

Standard