Turkish hacking group defaces UPS, TheRegister, Acer, Telegraph, Vodafone

04/09/2011 Written by Kevin Fernandez (Siegfried)

At the time of writ­ing these web­sites are still defaced, with a black page writ­ten “Turkgu­ven­Ligi” and “4 Sept. We TurkGu­ven­ligi declare this day as World Hack­ers Day - Have fun ;) h4ck y0u”.

What do ups​.com, voda​fone​.com, thereg​is​ter​.co​.uk, acer​.com, bet​fair​.com, nation​al​geo​graphic​.com and tele​graph​.co​.uk have in com­mon? They all use Net­Names as their reg­is­trar. It appears that the turk­ish attack­ers man­aged to hack into the DNS panel of Net­Names using an SQL injec­tion and mod­ify the con­fig­u­ra­tion of arbi­trary sites, to use their own DNS (ns1​.yumur​tak​abugu​.com and ns2​.yumur​tak​abugu​.com) and redi­rect those web­sites to a defaced page.

Read more

Zone-H banned by some Indian ISPs: some workarounds

20/07/2011 Written by Kevin Fernandez (Siegfried)

As some of you prob­a­bly know, Zone-​H has been banned from some indian ISPs fol­low­ing the E2-​labs scan­dals and a law­suit from E2labs and Zaki Qureshey in an indian court, who claimed our doc­u­ments and arti­cles were defam­a­tory (great joke!).

Zone-​H was unable to defend itself as we didn’t receive any noti­fi­ca­tion from the court. What is even fun­nier (scarier?), is that blog​gernews​.net has also been banned… for writ­ing about the case!

Read more

New attack vector in DDoS observed

19/05/2011 Written by minor

This arti­cle is a result of the com­mon research of Jakub Alimov from the Sez​nam​.cz and minor from Zone​-​h​.org. If you have any­thing to say about this, write to com­ments [a} zone-h{dot]org. The topic was pre­sented at the SPI con­fer­ence in Brno/​CZ.

While pro­tect­ing the users from receiv­ing a huge amount of the unso­licited bulk mail, a new attack­ing sce­nario against the DNS servers was observed. The sce­nario involves send­ing the spam mes­sages to the SMTP ser­vices with a big band­width. Since such ser­vices are mostly the free email ser­vices such as Google, Yahoo, Hot­mail, etc, they are the main can­di­dates to be a “white horse”. But because of the SMTP def­i­n­i­tion, all the SMTP ser­vices have to behave on the same way, there­fore they are also poten­tial candidates.

Read more

The old "new" Japanese scams

16/03/2011 Written by Boris Mutina (minor.float)

Dear friends, in these days we all turned our minds to Japan, to the Japan­ese peo­ple, some of them are our friends, or some of our friends live in Japan.
We would like to express the con­do­lences to the fam­i­lies which lost their fam­ily mem­bers. We are deeply con­cerned about the injuries and losses caused by the earth­quake set, tsunami flood­ing and the nuclear cat­a­stro­phe.

Nev­er­the­less, we have to express also our anger. We already recorded first set of the scam emails ask­ing the unaware users to donate for the char­ity, but as usual the money will never come to the vic­tims. The scam sce­nario is very sim­i­lar to other scams using donat­ing over Pay­Pal, WU, Mon­ey­gram etc…

Another form of the scam is the Face­book clickjacking/​likejacking scam with the sick title “Japans Tsunami Sends whale Smash­ing Into A Build­ing” or sim­i­lar. While the peo­ple are hot for the news from Japan, this and sim­i­lar scams serve to the viral spread­ing of the link, some of them also deliver an unso­licited ads. Already many secu­rity com­pa­nies informed about this issue (for exam­ple Sophos reported it here).
Such scam web­sites are also try­ing to trick the users into enter­ing their data into the fake surveys…

Read more

Defacements Statistics 2010: Almost 1,5 million websites defaced, what's happening?

06/01/2011 Written by Marcelo Almeida (Vympel), Boris Mutina (Minor)

Last year the Zone-​H archived a sad record num­ber, we archived 1.419.203 web­sites deface­ments.
Why and how this is hap­pen­ing?
If you are look­ing at on the stats, the things remain the same: file inclu­sion, sql injec­tion, web­dav attacks and shares mis­con­fig­u­ra­tion are still at the top ranks of the attack meth­ods used by the defac­ers to gain first access into the server. As an impor­tant fac­tor influ­enc­ing the stats we con­sider the fact that last year brought a very high num­ber of the local linux ker­nel exploits.

Since many years ago, Linux became the most used OS for web­servers and of course the pre­ferred tar­get for the defac­ers. Last year we archived 1.126.987 attacks against web­sites run­ning on the Linux sys­tems. The most used exploit by the defac­ers is the CVE-​2010 – 3301,
that was fixed in 2007 and was mys­te­ri­ously rein­tro­duced in 2008, in a large pile of ker­nel ver­sions x86_​64.

But should be the out-​of-​date Linux server the only rea­son of this huge amount of deface­ments?
Yes and no.

Read more

1 2 3 4 5 6 7 8 9 10
ZONE-H In Numbers
  • News: 4.738
  • Admins: 6
  • Registered Users: 100.368
  • Early Warning subscriptions: 11184
  • Digital Attacks: 9.874.597
  • Attacks On Hold: 117.458
  • Online Users: 459
Login




 Lost password ?

Events
  • M
  • T
  • W
  • T
  • F
  • S
  • S
  •  
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  •  
  •  
  •