Check (or) Checkmate to ransomware hackers.

Check (or) Checkmate to Ransomware hackers.

        Good, news for victims .........................................................Bad news to ransomware hacker.

What is good news?

Good news is no more Ransome attacks.So our data is secured we don't need to pay money for our own data.

Ok, Ransomware is a small malware code is used to encrypt a file illegally.To decrypt, hackers will ask money for encrypted files.

Recently many firms and organisations are affected with a ransomware virus.I read in a website ransomware hackers demanded 17000$ to a hospital to decrypting virus encrypted files.

So bad right,Here is the solution. 

Decrypt all encrypted files for free.

About the project:

The following  below text copied from https://www.nomoreransom.org.Click here to know more

Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.

The “No-More-Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The more parties supporting this project the better the results can be. This initiative is open to other public and private parties.

Funny Conclusion: Unity is the strength.Quotes are quotes.Huh, thank you No-More-Ransom I can decrypt my files now for free.

One hundred Million dollars valuable information was steal by 4th Member of "X box Underground ".

One hundred Million dollars valuable information  was steal by 4th Member of "X box Underground ".

Group of "Xbox Underground" (XU) has pled guilty to steal more than $100 Million in intellectual property and data from Microsoft, Epic Games, and Valve Corporation.

Austin Alcala, a 19-year-old of McCordsville, Indiana, along with two other Americans and a Canadian, has found guilty to charges of computer hacking conspiracies and criminal copyright infringement involving theft of information related to then-unreleased Xbox One gaming console and

 Xbox Live games.

All the other members of the hacking group have been pleaded guilty before. 

Two members, Sanadodeh Nesheiwat, 28, and David Pokora, 22, pleaded guilty last September, while a third member, Nathan Leroux, 20, pleaded guilty to the same conspiracy charge in January.

The tools like Keylogger and sql injection were  used to gain  access  targeted computers.

SQL injection is one of the most popular attack  among all traditional  attacks.HAVIJ is one of the most popular tool for SQl injection.

Keylogger is also a best tool  for capturing a keyboard and mointor of pc ie means is the action of  recording  the key struck on a keyboard and mointor.

By using these tools they gained intellectual  information of microsoft and zomabie studios.

As per court information , Austin Alcala(19 years old),Sanadodeh Nesheiwat(28 years old),David Pokora( 22 years old) and Nathan Leroux(20 years old) all these were  involved in cyber crime.

The value of the confidential data stolen by the XU Group and the cost to the victims’ companies to recover it after the intrusions is estimated to range between $100 Million and $200 Million.

For this crime prosecutors were able to recover some $620,000 in cash and other proceeds that hackers had earned related to their thefts.

     

(ISIS) ISLAMIC STATE MEDIA ACCOUNTS HACKED BY HACKTIVIST GROUP ANONYMOUS

WE SEE WE JUDGE WE NEVER FORGIVE -HACKERS THEME 

The hacktivist group Anonymous has embark  a massive cyber attack against the Islamic State of Iraq and Syria (ISIS) — the radical Islamic terrorist group who were responsible for the terrorist attack against the Paris offices of satirical magazine Charlie Hebdo.

With huge social media presence, ISIS is the most active terror group on Facebook, Twitter, YouTube and Instagram accounts. But unluckily, over dozens of Facebook and Twitter accounts linked to ISIS has recently been taken by the Anonymous group.
since the group released the first list in June, 2014 and dozens of militant recruiting websites were knocked offline using collective DDoS Attack.

list of accounts hacked:

1. ________________________________________________________
2. ISIS Twitter accounts:
3.  
4. https://twitter.com/Daash
5. https://twitter.com/DaashISIS
6. https://twitter.com/DaashConnect
7. https://twitter.com/DaashConnect1
8. https://twitter.com/DaashConnect2
9. https://twitter.com/DaashConnect3
10. https://twitter.com/DaashConnect4
11. https://twitter.com/DaashConnect5
12. https://twitter.com/DaashConnect6
13. https://twitter.com/DaashConnect7
14. https://twitter.com/DaashConnect8
15. https://twitter.com/DaashISIS
16. https://twitter.com/ISISConnect
17. https://twitter.com/ISISConnect2
18. https://twitter.com/ISISConnect3
19. https://twitter.com/ISIS_Connect
20. https://twitter.com/D3ichy1
21. https://twitter.com/Nour_zalam
22. https://twitter.com/fadou7_ilma3bar
23. https://twitter.com/Faysal_da3iche
24. https://twitter.com/sam7anA7mar
25. https://twitter.com/Salman7asoun
26. https://twitter.com/far7at_naser_3
27. https://twitter.com/Asad3oumran
28. https://twitter.com/AbouHilal_bader
29. https://twitter.com/Abou7amadElrasy
30. https://twitter.com/Dafiq_ISIS
31. https://twitter.com/Salman_Anwar
32. https://twitter.com/Jazib_moutawakil
33. https://twitter.com/Albakistani_JN
34. https://twitter.com/umar_media_ttp
35. https://twitter.com/Din1080
36. https://twitter.com/abu_elbaraa91
37. https://twitter.com/Din1080
38. https://twitter.com/ZawahiriRafidhi
39. https://twitter.com/interditAuPaien
40. https://twitter.com/Qan9Yaman
41. https://twitter.com/Abouyamany
42. https://twitter.com/AlRani1
43. https://twitter.com/AMouwahidin
44. https://twitter.com/AbouMoustapha1
45. https://twitter.com/Abou_illabaisse
46. https://twitter.com/Ja3faralsadik
47. https://twitter.com/E7sanALsadiq
48. https://twitter.com/Ja3far_aboumahdi
49. https://twitter.com/imam_3antar
50. https://twitter.com/AbuBicha
51. https://twitter.com/OumShaheed1
52. https://twitter.com/aboomusab69
53. https://twitter.com/riahizaid12
54. https://twitter.com/Khaled_nousra
55. https://twitter.com/MouvementSalafi
56. https://twitter.com/akhypotteur
57. https://twitter.com/Dz_Bara_ah
58. https://twitter.com/UmmSherazzade
59. https://twitter.com/Salam_nour
60. https://twitter.com/Abou_OmarAlchamy
61. https://twitter.com/Abou_jabal
62. https://twitter.com/Baghdadid1
63. https://twitter.com/Ra2if_w
64. https://twitter.com/Amin_3abdala
65. https://twitter.com/Qouyas7
66. https://twitter.com/zalmour_3aziz
67. https://twitter.com/karkhan_el_nour
68. https://twitter.com/Barlous_3antar
69. https://twitter.com/karim_soura
70. https://twitter.com/SrhZtn
71. https://twitter.com/Monimelperso
72. https://twitter.com/Abounizar_sadim
73. https://twitter.com/AbouNasir_nousra
74. https://twitter.com/khalid_da3ichy
75. https://twitter.com/Mouhran_salam_alah
76. https://twitter.com/Mounir3abed_nousra
77. https://twitter.com/MinhajNoubouwa
78. https://twitter.com/abou_suisse
79. https://twitter.com/dawlaReporter
80. https://twitter.com/FatimaYouYouu
81. https://twitter.com/Nour_Da3ich
82. https://twitter.com/aylan7x
83. https://twitter.com/Parigi6
84. https://twitter.com/moujahidardent
85. https://twitter.com/patience1900
86. https://twitter.com/alfuratwadijlah
87. https://twitter.com/CassKhattab
88. https://twitter.com/ibnhouss > Rachid Abou Houdeyfa
89. https://twitter.com/aboushaheed_
90. https://twitter.com/abubakr99amb
91. https://twitter.com/Salashh
92. https://twitter.com/jamilnousran
93. https://twitter.com/jamilnousran1
94.  
95. Anonymous says the following Facebook accounts are in close contact with ISIS in Syria and Iraq. They advise us to “keep a close eye” on them.
96.  
97. https://www.facebook.com/azizi.salina
98. ————————————–
99. https://www.facebook.com/mujahiddin.bolzan
100. ————————————–
101. https://www.facebook.com/sinar.cahaya.73
102. ————————————–
103. https://www.facebook.com/putraijamarul77
104. ————————————–
105. https://www.facebook.com/profile.php?id=100007817504822 ====> This are Junaid Hussain AkA TriCk.
106. ————————————–
107. https://www.facebook.com/najmi.mie.9
108. ————————————–
109. https://www.facebook.com/mohdazril.matsoom
110. ————————————–
111. https://www.facebook.com/mohdrahemyl.remy
112. ————————————–
113. https://www.facebook.com/safwan.wan.5661
114. ————————————–
115. https://www.facebook.com/LanMazPasForAll
116. ————————————–
117. https://www.facebook.com/cikgu.ihsan
118. ————————————–
119. https://www.facebook.com/buxy.bux ====> (Recruiter) This woman she to brainwash young people to go to Syria to fight alongside Terrorists of the Islamic State.
120. 
     

indian govt's ,rajasthan state government websites were hacked by Pakistan hackers....

Over 30 Rajasthan Government websites 

hacked by Pakistan Hacker "H4x0r 

HuSsY" 

More than 30 India's state 'Rajasthan' Government websites has been hacked and defaced by a Pakistani hacker named as "H4x0r HuSsY 
The motivation of the hack is appeared to be increasing defacement notification in Zone-h.  The hacker claims he is the "person with the highest number of special (.IN) Notifs."

"Proved to be Hell For India!  I might Opt Out of the Cyber World As I don't get much time. But Here's a Peace Message.  To All Indian Hackers etc etc  U Gotta Look at my Zone-H Archive Whenever you have Intentions of hacking (.PK) Sites"  The defacement message reads.

It appears hacker does not like to deface the main page because it will be easily detected by admins.  He just uploaded 1337.html which contains the defacement contents instead.

This is not the first time these Rajasthan Government Government websites being hacked by Pakistani hackers; Last year, KhantastiC haXor defaced them.

The hacker also mentioned that the server was previously compromised by the Khantastic and he again compromised the server with another security flaw in the server.
H4x0r HuSsY also hacked more than 15 Goa government websites.

Full list of hacked websites:
http://dpipraj.gov.in/1337.html
http://bor.rajasthan.gov.in/1337.html
http://bpe.rajasthan.gov.in/1337.html
http://bpl.rajasthan.gov.in/1337.html
http://collegeeducation.rajasthan.gov.in/1337.html
http://doitc.rajasthan.gov.in/1337.html
http://dop.rajasthan.gov.in/1337.html
http://finance.rajasthan.gov.in/1337.html
http://ftmsdemo.rajasthan.gov.in/1337.html
http://governorhouseonline.rajasthan.gov.in/1337.html
http://gpck.rajasthan.gov.in/1337.html
http://gwpcjpr.rajasthan.gov.in/1337.html
http://igprgvs.rajasthan.gov.in/1337.html
http://jalabhiyan.rajasthan.gov.in/1337.html
http://jawaharkalakendra.rajasthan.gov.in/1337.html
http://jrrsanskrituniversity.ac.in/1337.html
http://krishi.rajasthan.gov.in/1337.html
http://lokayukt.rajasthan.gov.in/1337.html
http://mail.rajasthan.gov.in/1337.html
http://hcmripa.gov.in/1337.html
http://minorityaffairs.rajasthan.gov.in/1337.html
http://rajamb.com/1337.html
http://rerc.gov.in/1337.html
http://rajasthankrishi.gov.in/1337.html
http://rajeduboard.rajasthan.gov.in/1337.html
http://rajftms.rajasthan.gov.in/1337.html
http://rajind.rajasthan.gov.in/1337.html
http://rajpanchayat.gov.in/1337.html
http://rajsec.rajasthan.gov.in/1337.html
http://rfconline.org/1337.html
http://rhbonline.com/1337.html
http://ric.rajasthan.gov.in/1337.html
http://sdri.rajasthan.gov.in/1337.html
http://techedu.rajasthan.gov.in/1337.html
http://testrpsc.rajasthan.gov.in/1337.html
http://transport.rajasthan.gov.in/1337.html
http://ttctest.rajasthan.gov.in/1337.html
http://uitbhilwara.rajasthan.gov.in/1337.html 

Advanced Power" botnet attempts to hack website using victim's machine

  Advanced Power" botnet attempts to       

   hack website using victim's machine       

S ecurity researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines. 

The malware disguise itself as a legitimate Firefox add on called "Microsoft .NET Framework Assistant" is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.

Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites.  So, it will probably help the attacker to increase the number of infected websites and systems.

Advanced Power test SQL Injection vulnerability

The malware also capable of stealing sensitive information.  However, the feature is not appeared to be activated on infected systems.

Alex Holden, chief information security officer at Hold Security LLC, analyzed the malware and believes the malware authors are from Czech Republic, based on the text string available in the threat.

E! Online website hacked by Tesla Team

E! Online website hacked by Tesla Team

TeslaTeam, one of the infamous hacker group from Serbia, claimed to have hacked into one of the most famous celebrity fashion sites E!NEWS. E! News is one of the high profile website that has alexa rank around 600, provides entertainment news, celebrities, celeb news, and celebrity gossip. The group has discovered a SQL injection vulnerability in one of the subdomain of E News(br.eonline.com), the poc for this vulnerability has been provided along with the database dump(pastebin.com/2c28RJDe) The database dump contains the list of tables, username and password phone of admin and other users. The same group recently hacked into the Vevo website and leaked the database. - See more at: http://www.ehackingnews.com/2013/11/e-online-website-hacked-by-tesla-team.html#sthash.onKGRMUl.dpuf

How the NSA's MUSCULAR program collects too much data from Yahoo and Google

How the NSA's MUSCULAR program collects too much data from Yahoo and Google

This document is an excerpt from Special Source Operations Weekly, an internal National Security Agency publication dated March 14, 2013. It describes a common NSA problem of collecting too much information – and how the agency is attempting to control it.
FOR MORE DETAILS CLICK HERE

Google engineers over surveillance scandal : NSA MIND GONE ,FOR THAT READ THIS STORY

Google engineers over surveillance scandal : NSA MIND GONE ,FOR THAT 

READ THIS STORY

NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say

In this slide from a National Security Agency presentation on “Google Cloud Exploitation,” a sketch shows where the “Public Internet” meets the internal “Google Cloud” where user data resides. Two engineers with close ties to Google exploded in profanity when they saw the drawing.

The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials.

By tapping those links, the agency has positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.

According to a top-secret accounting dated Jan. 9, 2013, the NSA’s acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — including “metadata,” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.

The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, the Government Communications Headquarters . From undisclosed interception points, the NSA and the GCHQ are copying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants.

The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process.

The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies.

In a statement, the NSA said it is “focused on discovering and developing intelligence about valid foreign intelligence targets only.”

“NSA applies Attorney General-approved processes to protect the privacy of U.S. persons — minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination,” it said.

In a statement, Google’s chief legal officer, David Drummond, said the company has “long been concerned about the possibility of this kind of snooping” and has not provided the government with access to its systems.

“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said.

A Yahoo spokeswoman said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

Under PRISM, the NSA gathers huge volumes of online communications records by legally compelling U.S. technology companies, including Yahoo and Google, to turn over any data that match court-approved search terms. That program, which was first disclosed by The Washington Post and the Guardian newspaper in Britain, is authorized under Section 702 of the FISA Amendments Act and overseen by the Foreign ­Intelligence Surveillance Court (FISC).

Hacker stole $100,000 from Users of California based ISP using SQL Injection.

Hacker stole $100,000 from Users of California based ISP using SQL Injection.

Recently a hacking Group named 'TeamBerserk' claimed on Twitter that, they have stolen $100,000 by leveraging user names and passwords taken from a California ISP Sebastian (Sebastiancorp.com)to access victims' bank accounts.

A video proof was uploaded on the Internet, shows that how hackers used a SQL injection attack against the California ISP Sebastian to access their customers' database includes  e-mail addresses, user names and clear text passwords and then using the same data to steal money from those customers.

Let's see what SQL Injection is and how serious an attack like this actually can be.

SQL Injection is a type of web application vulnerability in which the attacker adds Structured Query Language (SQL) code to web inputs to gain access to an organization's resources. Using this technique, hackers can determine the structure and location of key databases and can download the database or compromise the database server.

Hackers took just 15 minutes to hack into the website using SQLmap (Automated SQL Injection Tool) -- stole customers' database and then immediately accesses the victim's Gmail account, linked PayPal accounts and Bank accounts also.

It's so hard to remember multiple passwords, some people just use the same one over and over. Is your Facebook password the same as your Twitter password? How about the password for your bank's website?

Now the hack explains that this us why it's extremely dangerous to use the same password on more than one Web site. In the POC video, hacker randomly chooses one Sebastian username and his relative password against Paypal, Gmail and even Citibank account logins and seriously that actually worked, because the victim is using the same passwords for all websites.

Now that you've control of the situation, don't let this happen again! If you have a bank account, a few credit cards, and several other important sensitive accounts, conduct a thorough security audit on them. Be sure that you know when you last logged in. Be sure to keep using different and Strong passwords for each website.

New Phishing attack targets Italian Postal and Financial service again

New Phishing attack targets Italian Postal and Financial service again

A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links..

Sophos experts detected this week an intriguing case of phishing against the Italian postal service Poste Italiane, the scheme attracted the researcher's attention due the reuse of an old social engineering trick.

The brand Poste Italiane includes postal, Financial and payment services in its product portfolio and was considered top brand victims by recent F-Secure Threat report.

The number of attacks against Poste Italiane is remarkable, the purpose is always to induce its customers into unwittingly submitting their credentials to fake login sites.

In the recent attack criminals sent the classic email containing an HTML attachment which the recipient is enticed into opening.

"To activate the "Security web Postepay " you need to:- Download the attachment, open it in the browser and follow the steps requested."

The message informs the victim that attached file is password protected and provide the passcode in the body of the email: "To protect your personal information, the attached file is protected by a password. Your word is unique: A2345L90"

When user tries to open the attachment a dialog box is prompted to ask for the password:

Let's see the source code for the attachment :

It is a very simple JavaScript that requests the user's password, if the victim inserts the correct one (A2345L90 in this case), the password provided is used as a key to decode an embedded string and written back to the page. The returned code loads the phish page via the frame, which references a bit.ly shortened URL.

The smart aspect of this attack is the use of a password protected attachment, a technique already seen in the past by security firms. The use of this technique for phishing attack is probably motivated by following needs:

• To avoid defense mechanism that scans HTML content.
• As a social engineering trick, users could be conditioned by the presence of the password that provides a false sense of security and credibility to the victims.

Be aware ... Cybercrime never sleeps ;-)