Skip to main content

Posts

Showing posts from March, 2016

18 Million Stolen Login Credentials Found In A Japanese Company’s Server

The stolen usernames, as well as passwords of up to 18 million internet users, have been identified on a server that is owned by a Japanese Company and it is said that it have provided this information to the Chinese hackers.
Even the Japanese Newspaper, The Yomiuri Shimbun reported that the Metropolitan Police Department of Tokyo have been arrested the company president as well as various employees at the Tokyo-based Nicchu Shinsei Corp. in November. And the authorities of that Japanese Company determined the company’s server that it has more than the 18 million login credentials in which at least 1.78 million users that belong to Yahoo Japan(90%), Twitter, Facebook as well as of an e-commerce company Rakuten and many other sites. 
Yahoo Japan have reset the passwords for all the affected users accounts. And it is also said that the Japanese Company provided illegally those stolen credentials as well as the proxy services to the Chinese hackers. Then hackers send the fake messages to th…

Pakistani Cyber Criminals Targeting Indian Military Personnel In Data Theft Campaign.

A group of Cyber Attackers of  Pakistan were making target to the Indian Military Force for stealing their personnel data through a data-theft campaign in which not only social engineering but also malicious malware involved. 

When the researchers of Trend Micro observes the attacks, then they found the information about this operation which is known as  “C-Major".
Even researchers added that they discovered about the operation of those attackers that the hackers want to steal at least 160 military officer's information, their consultants, attaches and also information about the Indian re-sellers in which not only including their personal photographs, confidential documents, information about their financial records, strategies, passports and also photo IDs.

The security firms said that the attackers initiated their attacks through fake emails that will be sent to the targeted user individually. And this would be possible because the attackers use the phishing technique in which…

US charges seven Iranian hackers over cyber-attacks on banks

The US government has unsealed an indictment against Iranian hackers, who were charged with hacking the US banks along with a small dam between 2011 and 2013. The US authorities believe that the hackers are working on behalf of the Iranian government.

The development of events marked a shift in the relations between Iran and the United States after the countries negotiated a nuclear treaty. Media reports did link the hack to the Islamic Republic, but the indictment against the Iranians has been sitting on Justice Department shelves for more than a year before being partly released. It turned out that specific Iranians were accused of engaging in cyber attacks against critical infrastructure of the United States. The men, linked to Iranian tech firms, were accused of blocking access to 46 American financial institution websites, including PNC, Bank of America, NYSE and Capital One.

The DDoS attacks were carried out by bombarding the bank sites with useless traffic from drone machines, di…

Anand Prakash Hacked Facebook and earned $15,000 USD

This post is about a simple vulnerability found on Facebook which could have been used to hack into other user's Facebook account easily without any user interaction. This gave Anand Prakash full access of another users account by setting a new password. He was able to view messages, his credit/debit cards stored under payment section, personal photos etc. Facebook acknowledged the issue promptly, fixed it and rewarded $15,000 USD considering the severity and impact of the vulnerability. Description: Whenever a user Forgets his password on Facebook, he has an option to reset the password by entering his phone number/ email address on https://www.facebook.com/login/identify?ctx=recover&lwv=110 ,Facebook will then send a 6 digit code on his phone number/email address which user has to enter in order to set a new password. He tried to brute the 6 digit code on www.facebook.com and was blocked after 10-12 invalid attempts. Then He looked out for the same issue on beta.facebook.com an…