Remotely Exploitable ‘Bash Shell’ Vulnerability Affects Linux, Unix and Apple Mac OS X

bash-shellshock

A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash, aka the GNU Bourne Again Shell, leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals

REMOTELY EXPLOITABLE SHELL SHOCK
The vulnerability (CVE-2014-6271) affects versions 1.14 through 4.3 of GNU Bash and being named as Bash Bug, and Shellshock by the Security researchers on the Internet discussions.
According to the technical details, a hacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables. “In many common configurations, this vulnerability is exploitable over the network,”

Traffic Lights systems are easy to hack than a website

Traffic-light-red-light-jpg

We are covered with technologies and Signal Lights on roads also operated through the digital network and it is revealed and proved that Hacking Traffic lights is not a hard hack and even a college student able to hack the Traffic Lights.

According to the researchers at the University of Michigan claimed to hacked the traffic light signals in real life practically, Red Lights could be hacked easily through anyone by using a laptop and the right kind of ratio.

Biggest Data Breach exposed 56 million cards to hackers

 

 

home-depot-1024x540

 

 

 

 

 

 

 

All of you knows about the Target Breach, which is said to be the biggest breach ever in the history. In Target breach, more than 40 million debit and credit cards were exposed to hackers, and NOW one more breach which is Biggest than the Target one has been done in Home Depot.

Home Depot is an American retailer of home improvement and construction products and services.

It has been confirmed by the company itself on Monday, that it has been hacked. Nearly 60 milliondebit and credit cards have been exposed and now It is the breach which has the highest number ofcards hacked ever in the history

USB is the latest favorite hacking tool

usb-flash-drive

Users are being warned about a new security vulnerability related to USBs. New research reveals the USB standard boasts a security flaw that can give a hacker the ability to take over any device the USB is connected to.

The researchers were able to hack into USB devices, where they accessed the USB controller chip that allows the device to communicate with the computer. The researchers then were able to change the device’s firmware.

ll USB devices, from a USB key to an external keyboard connected through a USB, can be hit and compromised, said researchers Karsten Nohl and Jakob Lell. The two said they will present their proof-of-findings at the Black Hat conference next week.

“These problems can’t be patched,” says Nohl. “We’re exploiting the very way that USB is designed.”

“You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s clean, [but] the cleaning process doesn’t even touch the files we’re talking about.”

Virus protectors? Not going to work here, as even if your computer is fully protected against malware.

It is the latest privacy and security issue to hit the tech world, which has been rocked over the past 18 months by privacy and cybersecurity concerns. That applies especially after whistleblower Edward Snowden revealed a massive surveillance project by the National Security Agency against regular citizens.

The issue of cybersecurity has become a main point of interest for users, and Tech Times reported recently that the ability to defend against cyberattacks remains limited and more efforts need to be made to ensure users are safe from outside hackers.

A study published by the Ponemon Institute and Unisys revealed critical infrastructure industries across the planet have major security gaps.

Nearly 70 percent of the surveyed companies are also responsible for water, power and other critical functions, and all of them reported a breach in security at their companies that led to either a disruption in operations or loss of sensitive information in the last 12 months.

Russian Hackers Amass Over a Billion Internet Passwords

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.

06bighack-web1-articleLarge-v2

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”

Mr. Holden, who is paid to consult on the security of corporate websites, decided to make details of the attack public this week to coincide with discussions at an industry conference and to let the many small sites he will not be able to contact know that they should look into the problem.

There is worry among some in the security community that keeping personal information out of the hands of thieves is increasingly a losing battle. In December, 40 million credit card numbers and 70 million addresses, phone numbers and additional pieces of personal information were stolen from the retail giant Target by hackers in Eastern Europe.

And in October, federal prosecutors said an identity theft service in Vietnam managed to obtain as many as 200 million personal records, including Social Security numbers, credit card data and bank account information from Court Ventures, a company now owned by the data brokerage firm Experian.

But the discovery by Hold Security dwarfs those incidents, and the size of the latest discovery has prompted security experts to call for improved identity protection on the web.

“Companies that rely on user names and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at the research firm Gartner. “Until they do, criminals will just keep stockpiling people’s credentials.”

Websites inside Russia had been hacked, too, and Mr. Holden said he saw no connection between the hackers and the Russian government. He said he planned to alert law enforcement after making the research public, though the Russian government has not historically pursued accused hackers.

So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.

But selling more of the records on the black market would be lucrative.

While a credit card can be easily canceled, personal credentials like an email address, Social Security number or password can be used for identity theft. Because people tend to use the same passwords for different sites, criminals test stolen credentials on websites where valuable information can be gleaned, like those of banks and brokerage firms.

Like other computer security consulting firms, Hold Security has contacts in the criminal hacking community and has been monitoring and even communicating with this particular group for some time.

The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are thought to be in Russia.

“There is a division of labor within the gang,” Mr. Holden said. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”

They began as amateur spammers in 2011, buying stolen databases of personal information on the black market. But in April, the group accelerated its activity. Mr. Holden surmised they partnered with another entity, whom he has not identified, that may have shared hacking techniques and tools.

Since then, the Russian hackers have been able to capture credentials on a mass scale using botnets — networks of zombie computers that have been infected with a computer virus — to do their bidding. Any time an infected user visits a website, criminals command the botnet to test that website to see if it is vulnerable to a well-known hacking technique known as an SQL injection, in which a hacker enters commands that cause a database to produce its contents. If the website proves vulnerable, criminals flag the site and return later to extract the full contents of the database.

“They audited the Internet,” Mr. Holden said. It was not clear, however, how computers were infected with the botnet in the first place.

By July, criminals were able to collect 4.5 billion records — each a user name and password — though many overlapped. After sorting through the data, Hold Security found that 1.2 billion of those records were unique. Because people tend to use multiple emails, they filtered further and found that the criminals’ database included about 542 million unique email addresses.

“Most of these sites are still vulnerable,” said Mr. Holden, emphasizing that the hackers continue to exploit the vulnerability and collect data.

Mr. Holden said his team had begun alerting victimized companies to the breaches, but had been unable to reach every website. He said his firm was also trying to come up with an online tool that would allow individuals to securely test for their information in the database.

The disclosure comes as hackers and security companies gathered in Las Vegas for the annual Black Hat security conference this week. The event, which began as a small hacker convention in 1997, now attracts thousands of security vendors peddling the latest and greatest in security technologies. At the conference, security firms often release research — to land new business, discuss with colleagues or simply for bragging rights.

U.S. Marshals to auction bitcoin seized in raid on Silk Road market

The U.S. government plans to auction about 30,000 bitcoin, the electronic currency, valued at about $17.4 million, on June 27 the U.S. Marshals Service said.

The bitcoin were seized during an FBI raid in October on the Internet marketplace Silk Road, known as a hub for transactions involving illegal drugs and criminal activities.

The bitcoin up for auction were contained in wallet files on the Silk Road servers and do not include the bitcoins contained on the computer hardware belonging to Silk Road owner Ross William Ulbricht, known online as “Dread Pirate Roberts.”

The virtual currency is transacted independent of central control and is not backed by any government or central bank.

The FBI arrested Ulbricht in October and charged him with one count each of narcotics trafficking conspiracy, computer hacking conspiracy and money laundering conspiracy.

The auction will take place on June 27 on the U.S. Marshals Service website over a 12-hour period and consists of nine blocks of 3,000 bitcoins and one block of 2,657 bitcoins. (r.reuters.com/tuv99v)

The U.S. Marshals Service said it would notify the winning bidders by June 30.

FBI spokeswoman Kelly Langsmesser confirmed that about 144,342 additional seized bitcoins were transferred from the FBI e-wallet to the U.S. Marshals Service e-wallet. The seized bitcoins are part of the civil forfeiture and criminal action brought against Ulbricht and the assets of Silk Road, the U.S. Marshals Service said in a statement. These coins have not been put up for auction.

Bitcoin prices fell about 6.74 percent to $585.56 today, on the news, according to the digital currency exchange Coindesk.com.