I have talked about ApacheKiller flaw in detail here with possible workaround to mitigate this flaw.
Last week, a DDoS mitigation service vendor Arbor Networks revealed a detailed report can be download from here which say,
Category: News
Cyber War between two countries Pakistan & India is again seems re-established. I remember one meeting between Pakistan Cyber Army & Indian Cyber Army where they commit to stop these attacks and utilize their skills for good.
There are many websites related to Pakistani & indian government were defaced by these two groups.
This time two people Ro0t_d3vil & StRangeR from ICA involved in defacement of Chief Minister Khyber PukhtunKhwa Official Goverment website
We tried to check the site security and it looks really funny.
HG Analysis :
- Google Index
- SQL Dorks found (May be RFI by ICA)
- Original Site (Google Cache) can be view here
That’s from us. Stay tune for more updates.
Recently we released a bulletin about X-NerD 250+ domains defacement. This time X-NerD targets PandaSecurity’s channel domain for Pakistan.
Panda Security is a well known AntiVirus Company that delivery Antivirus applications globally to million of home and business users world wide.
As usual X-NerD publishes a message at http://www.pandasecurity.com.pk/why_panda.php
"OoooOOPss...I am ShockeD At YouR SecuritY..S3cuR!tY L3vEL Z3r0...YOu Dont KnoW HOw To SecurRe Your AsS n Pr0vidinG SEcurity to 0therS...Big LauGh..."
X-NerD performed SQL injection. There is no news about server’s security breach.
Once again Linux.com, Linuxfoundation.org and sub-domains have been taken offline for a possible security breach that is discovered on 8th September, 2011.
News bulletin from Linux.com says in the best interest of Linux community and security precautions we have taken all domains offline. Initial analysis shows this breach is connected to intrusion on kernel.org
Recommendations for the Linux.com users :
Change your password, if you are using the same password on other sites.
Services affected :
- Linux.com
- Open Printing
- Linux Mark
- Linux Foundation events.
Note : Kernel repositories are not affected. It is safe.
We will update you further, as soon we have further announcements from Linux.com
Categories
250+ domains hacked by X-NerD
X-NerD identify his self as a part of Pakistan Cyber Army. X-NerD has defaced many websites that includes blogs, forums, brand domains. This time the attacked seems to be RFI/LFI type.
A sample page can be seen on
http://www.cga.com.pk/x.php
You can see complete list of domains on pastbin
http://pastebin.com/b6wSGzC8
Google suggested all users that access gmail accounts from Iran. Google broadcasted this news on GoogleOnlineSecurity Official blog.
Last month Google updated a similar thread on blog where MITM (Man in the middle attack) was attempted.
Some precautions recommended by Google is as follows
- Change your Gmail password.
- Verify your account recovery options. e.g second mail address, phone numbers, and other info that is filled to use in account recovery time.
- Review websites that is allowed to access your account.
- Check for suspicious forwarders/remote smtp.
- Be smart to warnings/popups appears.