4. WHMCS 5.2.7 vulnerability revealed on the 3rd of October 2013 on http://localhost.re/
/includes/dbfunctions.php:
<?php
function update_query($table, $array, $where) {
#[...]
if (substr($value, 0, 11) =='AES_ENCRYPT') { $query .=$value.','; continue; }
#[...]
$result =($query, $whmcsmysql); }
?>
http://localhost.re/res/whmcs.p
y
The Python script to perform the SQL
injection
5. Posted on the 8th of October 2013 - exploit-db.com : http://www.exploit-db.com/exploits/28807/
The same day On the news: VPN provider hacked, fake emails scare customers
Customers of Hong Kong-based virtual private network (VPN) provider PureVPN received a major scare over the
weekend after a fake email was sent out to them, saying their accounts would be closed and the information handed
over to unspecified authorities. to the authorities? And why? VPN = privacy often used by black hat hackers,
and not only by the black ones
6. BBC NEWS: Kids 'using coding skills to hack' friends on games,
expert says.
Children as young as 11 years old are writing malicious
computer code to hack accounts on gaming sites and social
networks, experts have said.
A report from antivirus company AVG detailed evidence of
programs written to "steal" virtual currency.
More than 1.1 billion EUR
Bitcoins
7.
8.
9. The control structure discovered is very complex and extended,
more than 60 domain names and several server hosting located
in many countries mainly Germany and Russia. A particularity
of the C&C architecture is that the network is arranged to hide
the mothership-server true proxy functionality of every node in
the malicious structure.
15. EXAMPLE: """CGI-Telnet Unit-x Team Connected to *.com"" OR ""CGI-Telnet Unit-x Team Connected to"""
"intitle:phpMyAdmin ""Welcome to phpMyAdmin ***"" ""running on * as root@*"""
"inurl:""nph-proxy.cgi"" ""Start browsing through this CGI-based proxy"""
"inurl:""amfphp/browser/servicebrowser.swf"""
filetype:inc inc intext:setcookie
18. Baby monitor hacked, spies on Texas
child
According to ABC News, Gilbert was washing dishes on the
night of Aug. 10. 2103, when he heard noises coming from his
daughter's room. He and his wife went in to investigate the
situation, when they witnessed something more disturbing
than they thought possible.
A voice coming through a baby monitor, that was hooked up to
the home's wireless Internet system, appeared to be operating
on its own. CNN reports that the hacker used the device to
curse and say sexually explicit things to the sleeping girl --
calling her by name and telling her to wake up.
19.
20. Nicknamed “the homeless hacker,” Adrian Lamo used coffee
shops, libraries and internet cafés as his locations for hacking.
Apart from being the homeless hacker, Lamo is widely-known
for breaking into a series of high-profile computer networks,
which include The New York Times, Microsoft, Yahoo!, and MCI
WorldCom.
In 2002, he added his name to the The New York Times’
internal database of expert sources and utilized LexisNexis
account to conduct research on high-profile subjects. The
Times filed a complaint, and a warrant for Lamo’s arrest was
issued, followed by a 15-month investigation by federal
prosecutors in New York.
21.
22. Iran's chief of the Cyber War Headquarters, Mojtaba Ahmadi, is
the latest person said to be killed in a string of murders
targeting the country's nuclear scientists and security bosses.
Ahmadi was said to be found dead with two bullet wounds
near his heart in the outskirts of a town near the capital
Tehran, according to the Telegraph.
While the details are still forthcoming, the Telegraph reports
that the Iranian government claims outside forces committed
the alleged assassination. The government alleges it was most
likely done by Israel's external intelligence agency, the Mossad
25. Defendants Elvis Rafael
Rodriguez
(left) and Emir Yasser Yeje
Members of the scheme allegedly hacked
computer systems to steal data on prepaid
debit cards. The cards are pre-loaded with
funds rather than being linked to a bank
account or a line of credit.
They cancelled withdrawal limits and
distributed information to accomplices
referred to as "cashers" around the world.
The cashers then loaded other magnetic stripe
cards, such as gift cards or old hotel keys, with
the stolen data and used them to withdraw
huge sums.
A gang of cybercriminals stole
$45m (£29m) by hacking into a
database of prepaid debit cards
and draining cash machines
around the world, US
prosecutors say.
26. The ZEUS BOT
set_url http://www.xyzbank.com/login.html GP
data_before
name=”password”*</tr>
data_end
data_inject
<tr><td>PIN:</td><td><input type=”text” name=”pinnumber”
id=”pinnumber” /></td></tr>
data_end
data_after
data_end
27. Hackers Target the Unemployed as Money Mules
Christine Palmer thought she’d finally had a stroke of luck. After
spending months unemployed and living off disability
payments, in February she submitted her résumé to CS Office
Services, a company that helps businesses find office space. An
HR employee called to tell her she got the job, a flexible gig
that paid by the assignment and required her to help process
transactions. On Mar. 3, after a few weeks of online training,
she woke up to find that $98,000 had been deposited in her
account at Bank of America (BAC). An e-mail instructed her to
withdraw $9,000, wire it to the Ukraine via Western Union
(WU), then transfer most of the rest of the funds to a Ukrainian
bank account. As a fee, Palmer could keep $1,800 of the total.
While she was completing the wire transfer, a man with an
Eastern European accent called, identifying himself as a
manager and urging her to speed things up. “He sounded very
concerned, which made me think I was going to lose my job,”
she says.
Victim of $440K wire fraud can't blame bank
for loss, judge rules
Western Union, Interac
28. No computer is safe from viruses. Every day, cyber
criminals are infecting thousands of machines around the
world.
Although many believe that Apple Macs are immune to
infection, just this month more than 600,000 Apple
computers were infected with the so-called Flashback
Trojan.
And hacking mobile phones has become a real business
in Russia, Asia, and other places where pre-paid phones
are common.
"We estimate that criminals who target mobile phones
earn from $1,000 to $5,000 per day per person," says Mr
Kaspersky.
Eugene Kaspersky says he is seriously worried
about the future of our world
1) All the mobile device have a browser (and a cookie).
2) Most of the data still reside in a server (cloud).
3) The experiment of the phishing email (PC and mobile device).
4) Tinyurl.
Super Global Variables (PHP)… 80% of the
websites use PHP!!!
29. News: Google knows almost every
WiFi password, users use in Android
News: Anonymous’ four claims to prove “iPhone 5s
Fingerprint Database links to U.S Govt
iOS 7 Jailbreak Status: Evad3rs Investigate Unpatched
Exploits for Next Jailbreak