Hacking,tips and trick

New Botnet created by hackers......  The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing  Mirai botnet  that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks  last year. According to the federal court documents unsealed Tuesday,  Paras Jha  (21-year-old from New Jersey),  Josiah White  (20-year-old Washington) and  Dalton Norman  (21-year-old from Louisiana) were indicted by an Alaska court last week on multiple charges for their role in massive cyber attacks conducted using Mirai botnet. Mirai  is a piece of nasty IoT malware that scans for insecure routers, cameras, DVRs, and other Internet of Things devices which are still using their default passwords and then add them into a botnet network, which is then used to launch DDoS attacks on websites and Internet infrastructure. According to his plea agreement, Jha " conspired to c

Top 10 OWASP vulnerability...... OWASP Top 10 Application Security Risks - 2017 A1-Injection Injection flaws, such as SQL, OS, XXE, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. A2-Broken Authentication and Session Management Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities (temporarily or permanently). A3-Cross-Site Scripting (XSS) XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user supplied data using a browser API that can create JavaScript. XSS allows attackers to e

Uber Paid $100,000 to Stop Hackers Who Stole Data From 57 Million Users, Drivers This is dangerous data breach....  The Uber chief said he only recently learned that outsiders had broken into a cloud-based server used by the company for data and downloaded a "significant" amount of information. Updated on:  November 22, 2017, 12:14 PM San Francisco:  Uber said Tuesday that hackers compromised personal data from some 57 million riders and drivers in a breach kept hidden for a year. "None of this should have happened, and I will not make excuses for it," said a statement from chief executive Dara Khosrowshahi, who took over at the ridesharing giant in August. Two members of the Uber information security team who "led the response" that included not alerting users that their data was breached were let go from the San Francisco-based company effective Tuesday, according to Khosrowshahi. Stolen files included names, email addresses, and mobile phone

Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread   Thursday, October 26, 2017 This is new and different website Defacement ransomware....  A new widespread ransomware worm, known as " Bad Rabbit ," that hit over 200 major organisations, primarily in Russia and Ukraine this week leverages a stolen NSA exploit released by the Shadow Brokers this April to spread across victims' networks. Earlier it was reported that this week's crypto-ransomware outbreak did not use any National Security Agency-developed exploits, neither EternalRomance  nor  EternalBlue , but a recent report from Cisco's Talos Security Intelligence revealed that the Bad Rabbit ransomware did use EternalRomance exploit. NotPetya ransomware  (also known as ExPetr and Nyetya) that infected tens of thousands of systems back in June also leveraged the EternalRomance exploit , along with another NSA's leaked Windows hacking exploit EternalBlue, whic

U.S. Believes Russian Spies Used Kaspersky Antivirus to Steal NSA Secrets   Friday, October 06, 2017 Do you know—United States Government has banned federal agencies from using Kaspersky antivirus software over spying fear? Though there's no solid evidence yet available, an article published by WSJ claims  that the Russian state-sponsored hackers stole highly classified NSA documents from a contractor in 2015 with the help of a security program made by Russia-based security firm Kaspersky Lab. Currently, there is no way to independently confirm if the claims on the popular security vendor published by the Wall Street Journal is accurate—and the story does not even prove the involvement of Kaspersky. "As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight," Kaspersky  said  in a statement. The NSA contrac

Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach   Friday, October 06, 2017 Another day, Another data breach disclosure. This time the popular commenting system has fallen victim to a massive security breach. Disqus, the company which provides a web-based comment plugin for websites and blogs, has admitted that it was breached 5 years ago in July 2012 and hackers stole details of more than 17.5 million users. The stolen data includes email addresses, usernames, sign-up dates, and last login dates in plain text for all 17.5 million users. What's more?  Hackers also got their hands on passwords for about one-third of the affected users, which were salted and hashed using the weak SHA-1 algorithm. The company said the exposed user information dates back to 2007 with the most recently exposed from July 2012. According to Disqus, the company became aware of the breach Thursday (5th October) evening after an independent s