Embed Size (px)
Citation preview
Information Warfare Center: www.informationwarfarecenter.com
1
0
10
20
30
40
50
60
70
80
Websitedefacements
2/18/2013
2/19/20132
2/20/20133
2/21/20134
2/22/20135
2/23/20136
2/24/20137
Attackers Ashiyane Digital Security Team
1923Turk
Barbaros-DZ
brwsk007
Dr.SHA6H
DZ27
HighTech
Hmei7
Micky
TurkHackArmy
The IWC CIR is an OSINT resource focusing on advanced persistent threats and other digital dangers. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage.
Last week, Obama signed a new cyber security order that has inflamed many of the privacy advocates
and hacking groups. With the release of the “ADMINISTRATION STRATEGY ON MITIGATING THE
THEFT OF U.S. TRADE SECRETS”, and news like “New 'cyber cold-war' erupts between China, US”,
China is now offended. Accusations of hacking, espionage, or intellectual property theft y China has
been responded with “nuh-uh” or the Bart Simpson quote "I didn't do it. Nobody saw me do it. You can't
prove anything!" To be fair, China is also the victim of hackers around the world. Most of the website
defacements that hit “.gov” domains seem to end in a “.cn”. With the proliferation of vulnerable
software and the DMCA lawsuit threats from the vendors against anyone who finds the vulnerabilities, I
am amazed that there aren’t more problems. With the fear mongering by the current administration, and
the monitoring/censorship laws, it is no wonder why the Whitehouse just warned of more “hacktivism”.
If you actually think about the cyber-attacks, why are the industry alerts still GREEN if things are so dire?
georgiacourts.gov, co.okaloosa.fl.us
BurgerKing, Facebook, Microsoft, NBC, Oracle, and Twitter were among to most known targets
CIR
2
Legal (6)
European Parliament To Discuss Raft Of Cyber Security Law Changes
Privacy advocates: Cybersecurity bill faces tough odds in Congress
Ransomware gang nabbed by European cops
Rogers to expand cyber order
Sentencing Delayed For LulzSec Boss Sabu
U.S. officials say report of Chinese hacking proves need for cybersecurity bill
Mobile (6)
BlackBerry patches BES security vulnerability
BlackBerry Posts Patch For Enterprise Server Flaw
HTC Settles With FTC Over Smartphone Security Holes
iPhone 5S: Apple’s Newest Patents Tell Us ‘S’ is for Security
Many companies likely affected by compromise of popular iOS developer forum
Mobile platforms attractive to cybercriminals: McAfee
Government (32)
Bruce Schneier Warns Of Arms Race Due To Chinese Attacks
China biggest, but not the only country engaged in cyberespionage
China Military Unit 'Behind Prolific Hacking'
China Says U.S. Hacking Accusations Lack Technical Proof
Congressional staff, lawmakers must beef up their cybersecurity, experts say
Cyber attacks on private sector reaching a tipping point: U.S. commander
Cyber criminals masquerade as the ICE Cyber Crimes Center to extort money from web users
Death Toll From U.S. Drones At 4,700 People
Global Homeland Security Market Worth $544.02 Billion by 2018
Growth of military cyber security could benefit Fort Gordon
Himes appointed to intelligence panel addressing cyber security
IRS, state give tips on filing taxes, avoiding scammers
LA Secretary of State begins email notification system to warn businesses of scams
Many agencies get expanded cyber roles
Obama adopts new strategy on cyberattacks
Obama Reveals Plan to Counter Foreign Cyber-Espionage
Obama's New Cyber-Security Tactics Finger Corrupt Staff, China
Ohio State’s national-security major attracts undergraduates
Portrait of a cyberspy unit is emerging
Report shows China military involved in U.S. hacking
Report: Chinese military engaged in 'extensive cyber espionage'
SC House Committee Plan Would Fund Cyber Security, Other Items
CIR
3
State defends against cyber attacks with ongoing training
The cyber war is real -- and our defenses are weak
The looming certainty of a cyber Pearl Harbor
The State of our Union? Threatened by Cyber Attacks – Professional Cyber Threat Assessments Chart the Course to Fortifying Security Posture
Thieves, spies move to AVTs: advanced volatile threats
U.S. Ups Ante For Spying On Firms
US Government Shares Hacking Intelligence After Slew Of Attacks On Nation
US ready to strike back against China
W.H. cyber policy will be slow in wake of Chinese hackers
White House Warns Of Hacktivist Threats
Technology (66)
13 IT security myths debunked
2013 year of cyber attacks?
25% of DDoS attacks in 2013 will be application-based
9 Tips To Stay Safe On Public Wi-Fi
Add Microsoft To List Of Hacked Companies
Adobe Confirms Patch For Zero-Day Exploit
Adobe Zero Days Under Attack
Ad-Titan Google Blocks Adblock Plus In Android Security Tweak
Amazon, eBay, Banks Snub Anti-DNS Fraud Tech
Antibot: Network-based botnet removal tool
Antivirus software not enough protection
Apple ships Java update, malware scrubber after confirming attacks on own Macs
Apple, Macs Hit By Hackers Who Targeted Facebook
Arms vendors turn to cyber security as sales drop
Attacks Spreading to Other Industries
Burger King Twitter Account Hacked
Business Applications Are The Biggest Threat
Cameron To Ink Cyber Deal With India, Protect Brit Outsourced Data
Colorado tops charts for identity theft
Commercial cyberspying and theft gives rich payoff
Computer scam threatens prosecution for child porn, demands payment
Cyber-Attacks On Financial Institutions, Biggest Threat to Economies
DNA Crunchers Ditch Hadoop For Homegrown Software
Dutch MP Must Cough Up €750 For Hacking Into Medical Lab
Expert Says Everyone Should Be Prepared For Hacking
Experts urge government to set cyber-security standards for private sector
Facebook employees ambushed by zero-day exploit
Facebook gets unwelcome look at hackers' dark side
Florida Hit by 'Tsunami' of Tax Identity Fraud
Google Engineers Found More Than Half of Microsoft's Bugs
CIR
4
Google Slashes Account Hijackings By 99.7%
Grad students to use innovative tech grant
Hackers Doing No Favors for China's Image
Hacking Group Anonymous Latest Victim Of Twitter Hack
Hidden security threats on enterprise networks
How CSOs are enabling secure BYOD
Identity Fraud Reports Increased By More Than A Million Last Year
Kim Dotcom's Mega Is Now Accepting Bitcoins
Komando: The five biggest tech myths
Malware Getting Smarter, Says McAfee
NBC.com Was Infected; Facebook, Google Blocked Access
Online Crims Are Getting Away With It Down Under
OpLastResort Hacks Investment Firm, Cites Stratfor Ties
Oxford University briefly blocks Google Docs in anti-phishing effort
PayPal, Lenovo Launches FIDO, Replaces Passwords for More Secure Methods
Phishing and hacking during e-commerce transactions
Phishing email: Ways to defend inbox from harm
Pint-Sized Backdoor For OS X Discovered
Private US firms take major role against cyberattacks
Researchers Borrow DNA Tricks To Identify Malware's Genetic Code
Researchers Uncover Polymorphic AutoRun Worm
Rid Yourself Of Adobe: New Firefox 19.0 Gets JavaScript PDF Viewer
Rogue Chrome extension hijacks Facebook accounts
Security firms slow to react to spear phishing like that used in China hack
The Curious World Of HDMI Copy Protection
Twitter Adds Email Security To Help Block Phishing Attempts
Twitter calls for smarter password habits following Jeep, Burger King hacks
Twitter implements DMARC standard to fight phishing
U.S. announces strategy to fight cyber theft of trade secrets
US students get cracking on Chinese malware code
Use protection when engaging in social media
VMware Promises Better Security, Considers Scheduled Patches
Warning: Purported Delta email is phishing scam
Website Attacks up 600%
Who's watching? 'Techie Peeping Toms’ hacking into web cams
Zendesk Security Breach Affects Twitter, Tumblr, And Pinterest
CIR
5
CIR
6
FBI News
FBI Law Enforcement Bulletin is Now Online
Government (7)
Congressional Candidate Charged with Violation of the Federal Election Campaign Act
Final Defendant in San Diego Federal Courthouse Bombing Sentenced
Former Albuqerque Corrections Officer Pleads Guilty to Obstruction of Justice
Kodiak Man Charged with Murders of Two Coast Guard Employees
New York City Man Sentenced for Entering an Aircraft in Violation of Security Requirements
Technology (4)
Federal Grand Jury Indicts Dallas Man for Aiming a Laser Pointer at Aircraft
Former California Assemblyman Admits Defrauding Banks out of $193,661 by Falsely Claiming to be Identity Theft Victim
CPKP / Human trafficking(12)
Brown County Man Sentenced to 188 Months in Federal Prison for Using the Internet to Collect and Share Hundreds of Images of Child Pornography
FBI Seeks to Identify Two Individuals Who May Have Information Regarding a Child Sexual Exploitation Investigation
Former Conroe Resident Gets 30 Years for Conspiring to Produce Child Pornography
Former South Plainfield Police Captain Charged with Sexually Exploiting a Minor
Man Sentenced to 14 Years in Prison on Child Pornography Charge
Nashville Musician Pleads Guilty in Federal Court to Attempted Enticement of a Minor
Palm Beach County Residents Arrested for Sex Trafficking of Minors
Parker Man Pleads Guilty to Abusive Sexual Contact with a Minor
Parkville Man Sentenced to 27 Years in Prison for Sexual Bondage of 15-Year-Old Girl
Tonawanda Man Pleads Guilty to Possessing Child Pornography
CIR
7
Mobile (4)
Samsung Galaxy S3 Screen-Lock Bypass
USB Sharp v1.3.4 iPad iPhone - Multiple Vulnerabilities
Android hacking with the usb rubber ducky
Android 4-digit pin hack in 16 hours
Exploits (10)
BigAnt Server 2 SCH And DUPF Buffer Overflow
BigAnt Server DUPF Command Arbitrary File Upload
IPMap 2.5 Shell Upload
MS Office 2010 Download Execute
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
MyFi Wireless Disk 1.2 CSRF / LFI / Code Execution
Netgear DGN2200B Command Execution / Cross Site Scripting
OpenEMR PHP File Upload Vulnerability
Piwigo 2.4.6 Arbitrary File Read / Delete
Windows Manage User Level Persistent Payload Installer
This section of the CIR is dedicated to inform the public exploits, tools, and whitepapers that may directly affect the security posture of an organization. The term “Proof of Concept (PoC)” is another term for working exploit. Many of these PoCs will eventually find themselves in malicious logic such as viruses, Trojans, and root kits.
CIR
8
Web (40)
Air Transfer 1.2.0 Local File Inclusion
Alt-N MDaemon Email Body Cross Site Scripting
Alt-N MDaemon WebAdmin Remote Code Execution
Alt-N MDaemon WorldClient / WebAdmin Cross Site Request Forgery
Alt-N MDaemon WorldClient Credential Disclosure
Alt-N MDaemon WorldClient Predictable Session ID
Alt-N MDaemon WorldClient Username Enumeration
CKEditor 4.0.1 CSRF / XSS / Path Disclosure
EasyWebScripts eBay Clone Script SQL Injection
glFusion 1.2.2 - Multiple XSS Vulnerabilities
glFusion 1.2.2 Cross Site Scripting
Kayako Fusion 4.51.1891 Cross Site Scripting
Kodak Insite Creative Workflow System SQL Injection
MIMEsweeper For SMTP 5.5 Cross Site Scripting
Nagios NRPE 2.13 Code Execution
Open Review Script Cross Site Scripting
OpenEMR 4.1.1 Cross Site Scripting
OpenEMR PHP File Upload
Photodex ProShow Producer 5.0.3297 Insecure Library Load
PHP-Fusion CMS 7.02.05 SQL Injection
PHPMyGallery 1.51.010 XSS / Local File Disclosure
phpMyRecipes 1.2.2 SQL Injection
Rix4Web Portal Remote Blind SQL Injection
RTTucson Quotations Database Authentication Bypass
RTTucson Quotations Database Script XSS / SQL Injection
Scripts Genie Pet Rate Pro 4.9.9 SQL Injection / Command Execution
Skype Community Cross Site Scripting
Squirrelcart 3.5.4 Cross Site Scripting
USB Sharp 1.3.4 Local File Inclusion / Cross Site Scripting
Various Applications Include ZeroClipboard XSS
Web Cookbook File Disclosure / SQL Injection
WordPress Marekkis Watermark Cross Site Scripting
WordPress Pretty Link 1.6.3 Cross Site Scripting
WordPress Responsive Logo Slideshow Cross Site Scripting
Zenphoto 1.4.4.1 Blind SQL Injection
ZeroClipboard 1.0.7 Cross Site Scripting
RTTucson Quotations Database - Multiple Vulnerabilities
CKEditor 4.0.1 - Multiple Vulnerabilities
CIR
9
Cometchat Application - Multiple Vulnerabilities
Scripts Genie Hot Scripts Clone (showcategory.php, cid param) - SQL Injection Vulnerability
Tools (5)
HexInject 1.5
ipset 6.17
OWASP Bricks Betwa Release
PACK (Password Analysis and Cracking Kit) 0.0.3
SI6 Networks' IPv6 Tookit 1.3
Papers (6)
CloudFlare vs Incapsula vs ModSecurity
Abusing, Exploiting, And Pwning With Firefox Add-Ons
How To Hack A Website With Metasploit
Hiding Data In Hard-Drive's Service Areas
APT1 - Exposing One Of China's Cyber Espionage Units
APT1 Digital Appendix And Indicators
CIR
10
Oracle is the focus os a lot of vulnerabilities and exploits this week
Software
Vendor Advisory Description
Apple Apple Security Advisory 2013-02-19-1
Apple Security Advisory 2013-02-19-1 - Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_41.
Foswiki Foswiki MAKETEXT 1.1.7 / 1.0.10 Code Execution
This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext, which Foswiki uses to provide translations when {UserInterfaceInternationalization} is enabled in the configuration. Because of this vulnerability it may be possible for a user to invoke arbitrary perl modules on the server through a crafted macro.
HP HP Security Bulletin HPSBMU02836 SSRT101056
HP Security Bulletin HPSBMU02836 SSRT101056 - Potential security vulnerabilities have been identified with HP ArcSight Connector Appliance and HP ArcSight Logger. These vulnerabilities could be exploited remotely to allow disclosure of information, command injection and cross-site scripting (XSS). Revision 1 of this advisory.
Onapsis SAP CCMS Agent Code Injection
Onapsis Security Advisory - The SAP CCMS agent is built as an RFC external server, exposing several RFC functions. One of these functions allows a remote unauthenticated user to execute arbitrary commands which are executed with SIDADM privileges (the highest possible in the SAP world).
Onapsis SAP Enterprise Portal Cross Site Scripting
Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.
Onapsis SAP J2EE Core Service Arbitrary File Access
Onapsis Security Advisory - By exploiting an arbitrary file access vulnerability in the SAP J2EE Core Services, a remote unauthenticated attacker may be able to compromise the entire ERP system.
Onapsis SAP Portal PDC Information Disclosure
Onapsis Security Advisory - The SAP Portal "Federation" configuration pages do not properly handle authentication, exposing the entire Portal infrastructure.
Onapsis SAP SDM Denial Of Service
Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.
CIR
11
Onapsis SAP SMD Agent Code Injection
Onapsis Security Advisory - Abuse of the SAP SMD agent unauthenticated interface will allow a remote attacker to install an arbitrary application and achieve a full compromise of the SMD agent and the SAP instances installed on the server.
Oracle Oracle 11g Stealth Password Cracking
Team SHATTER Security Advisory - There is a flaw in the way that Authentication Session Keys are generated and protected by Oracle Database Server during the authentication process. It is possible to use this flaw to perform unlimited password guesses (cracking) of any user password in a similar way as if the password hash would be available. Oracle Database version 11gR1 and 11gR2 are affected.
Oracle Oracle Alter FBA Table SQL Injection
Team SHATTER Security Advisory - Renaming a table having flashback archive using specially crafted table name triggers internal SQL injection. This allows users to execute code with elevated privileges. Oracle Database Enterprise Edition version 11.1 and 11.2 are affected
Oracle Oracle Database GeoRaster API Overflow
Team SHATTER Security Advisory - GeoRaster is a feature of Oracle Spatial that lets you store, index, query, analyze, and deliver GeoRaster data. One of the GeoRaster APIs is prone to stack-based overflow.
Oracle Oracle Enterprise Manager advReplicationAdmin Cross Site Scripting
Team SHATTER Security Advisory - It appears that /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager suffers from multiple cross site scripting vulnerabilities. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
Oracle Oracle Enterprise Manager advReplicationAdmin SQL Injection
Team SHATTER Security Advisory - An attacker hosting a malicious web site can execute SQL statements in the backend database when an administrator with an open session in Oracle Enterprise Manager web application visits the malicious web site. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
Oracle Oracle Enterprise Manager dBClone SQL Injection
Team SHATTER Security Advisory - Some parameters of /em/console/database/dbclone/dBClone in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3
Oracle Oracle Enterprise Manager HTTP Response Splitting
Team SHATTER Security Advisory - The 'pagename' parameter of web page /em/console/ecm/policy/policyViewSettings in Oracle Enterprise Manager is vulnerable to HTTP response splitting attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
CIR
12
Oracle Oracle Enterprise Manager Resource Manager SQL Injection
Team SHATTER Security Advisory - Some parameters of /em/console/database/instance/rsrcpln in Oracle Enterprise Manager Resource Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
Oracle Oracle Enterprise Manager SCPLBL_COLLECTED SQL Injection
Team SHATTER Security Advisory - Some parameters of /em/console/ecm/config/savedConfig in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
Oracle Oracle Enterprise Manager Segment Advisor URL Redirection
Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable to an arbitrary URL redirection/phishing vulnerability. An attacker may inject an arbitrary URL into the web application and force the application to redirect to it without any validation. This vulnerability can be used in phishing attacks to trick legitimate users to visit malicious sites without realizing it. The affected link and parameter are /em/console/database/xdb/XDBResource and cancelURL. Versions affected include Oracle Enterprise Manager
Oracle Oracle Enterprise Manager Streams Queue SQL Injection
Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/streams/queue in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
Oracle Oracle Enterprise Manager XDBResource cancelURL XSS
Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control XML Database Resources page is vulnerable to a cross site scripting vulnerability. An attacker may inject malicious code into the web application and trick a legitimate user into executing it by various methods. Affected versions include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
Oracle Technical Cyber Security Alert 2013-51A
Technical Cyber Security Alert 2013-51A - Multiple vulnerabilities in Java could allow an attacker to execute arbitrary code on a vulnerable system.
Ruby Parser Ruby Parser 2.0.4 Insecure File Creation
Ruby Parser version 2.0.4 insecurely creates files in /tmp that can allow for a denial of service condition.
CIR
13
Linux / Unix Advisories
Distro Advisory Description
Debian Debian Security Advisory 2612-2
Debian Linux Security Advisory 2612-2 - This update to the previous ircd-ratbox DSA only raises the version number to ensure that a higher version is used than a previously binNMU on some architectures.
Debian Debian Security Advisory 2619-1
Debian Linux Security Advisory 2619-1 - A buffer overflow was found in the e1000e emulation, which could be triggered when processing jumbo frames.
Debian Debian Security Advisory 2620-1
Debian Linux Security Advisory 2620-1 - Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.
Debian Debian Security Advisory 2622-1
Debian Linux Security Advisory 2622-1 - Multiple vulnerabilities have been found in OpenSSL
Debian Debian Security Advisory 2623-1
Debian Linux Security Advisory 2623-1 - Kevin Cernekee discovered that a malicious VPN gateway can send crafted responses which trigger stack-based buffer overflows.
Debian Debian Security Advisory 2624-1
Debian Linux Security Advisory 2624-1 - Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Shorten, Chines AVS video, VP5, VP6, AVI, AVS and MPEG-1/2 files could lead to the execution of arbitrary code.
Debian Debian Security Advisory 2624-1
Debian Linux Security Advisory 2624-1 - Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Shorten, Chines AVS video, VP5, VP6, AVI, AVS and MPEG-1/2 files could lead to the execution of arbitrary code.
Debian Debian Security Advisory 2625-1
Debian Linux Security Advisory 2625-1 - Multiple vulnerabilities were discovered in the dissectors for the CLNP, DTLS, DCP-ETSI and NTLMSSP protocols, which could result in denial of service or the execution of arbitrary code.
Debian Debian Security Advisory 2625-1
Debian Linux Security Advisory 2625-1 - Multiple vulnerabilities were discovered in the dissectors for the CLNP, DTLS, DCP-ETSI and NTLMSSP protocols, which could result in denial of service or the execution of arbitrary code.
Debian Secunia Security Advisory 52038
Secunia Security Advisory - Debian has issued an update for xen-qemu-dm-4.0. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Debian Secunia Security Advisory 52180
Secunia Security Advisory - Debian has issued an update for rails. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
CIR
14
Debian Secunia Security Advisory 52209
Secunia Security Advisory - Debian has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service) of the application using the library.
Mandriva Mandriva Linux Security Advisory 2013-009
Mandriva Linux Security Advisory 2013-009 - The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service via a Client: Diffie-Hellman Key Exchange Init packet. The updated packages have been upgraded to the 0.5.4 version which is not affected by this issue.
Mandriva Mandriva Linux Security Advisory 2013-010
Mandriva Linux Security Advisory 2013-010 - Multiple security issues were identified and fixed in OpenJDK. The updated packages provides icedtea6-1.11.6 which is not vulnerable to these issues.
Mandriva Mandriva Linux Security Advisory 2013-011
Mandriva Linux Security Advisory 2013-011 - The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a IFRAME element. Cross-site request forgery vulnerability in the Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. The updated packages have been patched to correct these issues.
Mandriva Mandriva Linux Security Advisory 2013-012
Mandriva Linux Security Advisory 2013-012 - PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
Mandriva Mandriva Linux Security Advisory 2013-012
Mandriva Linux Security Advisory 2013-012 - PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
CIR
15
Red Hat Red Hat Security Advisory 2013-0248-01
Red Hat Security Advisory 2013-0248-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
Red Hat Red Hat Security Advisory 2013-0249-01
Red Hat Security Advisory 2013-0249-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
Red Hat Red Hat Security Advisory 2013-0250-01
Red Hat Security Advisory 2013-0250-01 - ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue.
Red Hat Red Hat Security Advisory 2013-0253-01
Red Hat Security Advisory 2013-0253-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that an excessive amount of information was logged when invalid tokens were requested, resulting in large log files. An attacker could use this flaw to consume an excessive amount of disk space by requesting a large number of invalid tokens. The CVE-2013-0247 issue was discovered by Dan Prince of Red Hat.
CIR
16
Red Hat Red Hat Security Advisory 2013-0254-01
Red Hat Security Advisory 2013-0254-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Red Hat Red Hat Security Advisory 2013-0256-01
Red Hat Security Advisory 2013-0256-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.
Red Hat Red Hat Security Advisory 2013-0257-01
Red Hat Security Advisory 2013-0257-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.
CIR
17
Red Hat Red Hat Security Advisory 2013-0258-01
Red Hat Security Advisory 2013-0258-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.
Red Hat Red Hat Security Advisory 2013-0259-01
Red Hat Security Advisory 2013-0259-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.
Red Hat Red Hat Security Advisory 2013-0261-01
Red Hat Security Advisory 2013-0261-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.
Red Hat Secunia Security Advisory 52142
Secunia Security Advisory - Red Hat has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to conduct spoofing attacks
CIR
18
Red Hat Secunia Security Advisory 52154
Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
Red Hat Secunia Security Advisory 52155
Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, which can be exploited malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
Red Hat Secunia Security Advisory 52183
Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform. This fixes a security issue and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
Red Hat Secunia Security Advisory 52203
Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
Slackware Slackware Security Advisory - OpenSSL Updates
Slackware Security Advisory - New openssl packages are available for Slackware 14.0, and -current to fix a bug in openssl-1.0.1d.
Slackware Slackware Security Advisory - Pidgin Updates
Slackware Security Advisory - New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.
SUSE Secunia Security Advisory 52077
Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
SUSE Secunia Security Advisory 52135
Secunia Security Advisory - SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to conduct clickjacking attacks.
SUSE Secunia Security Advisory 52148
Secunia Security Advisory - SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library.
SUSE Secunia Security Advisory 52149
Secunia Security Advisory - SUSE has issued an update for ruby on rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system
SUSE Secunia Security Advisory 52150
Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.
SUSE Secunia Security Advisory 52151
Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
CIR
19
SUSE Secunia Security Advisory 52152
Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
SUSE Secunia Security Advisory 52153
Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
SUSE Secunia Security Advisory 52159
Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes multiple vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks.
SUSE Secunia Security Advisory 52160
Secunia Security Advisory - SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
SUSE Secunia Security Advisory 52204
Secunia Security Advisory - SUSE has issued an update for opera. This fixes a vulnerability with an unknown impact.
Ubuntu Secunia Security Advisory 52172
Secunia Security Advisory - Ubuntu has issued an update for kernel. This fixes a weakness, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
Ubuntu Secunia Security Advisory 52174
Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
Ubuntu Secunia Security Advisory 52205
Secunia Security Advisory - Ubuntu has issued an update for kernel. This fixes a weakness, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
Ubuntu Ubuntu Security Notice USN-1716-1
Ubuntu Security Notice 1716-1 - It was discovered that gnome-screensaver did not start automatically after logging in. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session.
Ubuntu Ubuntu Security Notice USN-1717-1
Ubuntu Security Notice 1717-1 - Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service.
CIR
20
Ubuntu Ubuntu Security Notice USN-1719-1
Ubuntu Security Notice 1719-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.
Ubuntu Ubuntu Security Notice USN-1720-1
Ubuntu Security Notice 1720-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.
Ubuntu Ubuntu Security Notice USN-1721-1
Ubuntu Security Notice 1721-1 - It was discovered that curl incorrectly handled SASL authentication when communicating over POP3, SMTP or IMAP. If a user or automated system were tricked into processing a specially crafted URL, an attacker could cause a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
Ubuntu Ubuntu Security Notice USN-1722-1
Ubuntu Security Notice 1722-1 - It was discovered that jQuery incorrectly handled selecting elements using location.hash, resulting in a possible cross-site scripting (XSS) issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
Ubuntu Ubuntu Security Notice USN-1723-1
Ubuntu Security Notice 1723-1 - Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. Stephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. Various other issues were also addressed.
Ubuntu Ubuntu Security Notice USN-1724-1
Ubuntu Security Notice 1724-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
Ubuntu Ubuntu Security Notice USN-1724-1
Ubuntu Security Notice 1724-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
CIR
21
Ubuntu Ubuntu Security Notice USN-1725-1
Ubuntu Security Notice 1725-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.
Ubuntu Ubuntu Security Notice USN-1725-1
Ubuntu Security Notice 1725-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.
Ubuntu Ubuntu Security Notice USN-1726-1
Ubuntu Security Notice 1726-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.
Ubuntu Ubuntu Security Notice USN-1726-1
Ubuntu Security Notice 1726-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.
CIR
22
: (281)
Notifier L Domain OS View
[IN]SecInjection
mzkp.ft.gov.cn/r.txt Win 2003 mirror
1923Turk
lz.qdswsj.gov.cn/aL_Pars.htm Win 2003 mirror
1923Turk
www.fjsw.gov.cn/aL_Pars.htm Win 2003 mirror
1923Turk
xj.dzgtj.gov.cn/aL_Pars.htm Win 2003 mirror
1923Turk
gsl.cznq.gov.cn/aL_Pars.htm Win 2003 mirror
1923Turk
www.ppp.gouv.qc.ca Linux mirror
1923Turk
old.shitai.gov.cn/aL_Pars.htm Win 2003 mirror
1923Turk
www.slsgs.gov.cn/aL_Pars.htm Win 2003 mirror
3viL666
tvdigital.kominfo.go.id Linux mirror
Ak Ecks
www.cc-bellegardois.fr Linux mirror
AL.MaX HaCkEr
www.comune.borgoforte.mn.it/cms/ Linux mirror
ali ahmady
sosapatz.gob.mx Linux mirror
AnonGhost
www.jdmv.gov.do Linux mirror
Append-Hc.com
mylcd.gsd.harvard.edu/?s=9 Linux mirror
Ashiyane Digital Security Team
www.comune.montalbano.mt.it/ta... Win 2003 mirror
Ashiyane Digital Security Team
www.comune.guardiaperticara.pz... Win 2003 mirror
Ashiyane Digital Security Team
www.comune.noepoli.pz.it/tak_a... Win 2003 mirror
Ashiyane Digital Security Team
www.rayong.go.th/index1.php Linux mirror
Ashiyane Digital Security Team
www.comune.trecchina.pz.it/tak... Win 2003 mirror
Ayrbyte
clajj.zjjcl.gov.cn/Ayrbyte/ Win 2003 mirror
Barbaros-DZ
jljiangyuan.lss.gov.cn Win 2003 mirror
Barbaros-DZ
dycl.dongying.gov.cn/ljx/x.htm Win 2003 mirror
Barbaros-DZ
www.gsl.changzhi.gov.cn Win 2003 mirror
Barbaros-DZ
www.gbd.gov.cn Win 2003 mirror
Barbaros-DZ
swskx.shaowu.gov.cn Win 2003 mirror
Barbaros-DZ
www.wlcblsj.gov.cn/dz.htm Win 2003 mirror
Barbaros-DZ
stz.cqfd.gov.cn Win 2003 mirror
Barbaros-DZ
dangjian.wensheng.gov.cn Win 2003 mirror
Barbaros-DZ
www.nxkjt.gov.cn/dz.htm Win 2008 mirror
Barbaros-DZ
cg.zhuxi.gov.cn Win 2003 mirror
This section of the CIR is dedicated to inform the public of website defacements that have targeted either larger organizations or government agencies. The perpetrators of these attacks are all over the world and have different reasons for hacking that range from curiosity to hacktavism to state sponsored espionage/cyber warfare activity.
CIR
23
Barbaros-DZ
fhjd.ezhou.gov.cn Win 2003 mirror
Barbaros-DZ
cps.dalang.gov.cn Win 2008 mirror
BD GREY HAT HACKERS
munidc.gob.pe Linux mirror
Black Angels
www.bappeda.probolinggokab.go.... Linux mirror
BMPoC
webserver.eln.gov.br/licitacao... Win 2003 mirror
bogel
mersinegitimdenetmenleri.gov.tr Linux mirror
Bozkurt97
kanwiljatim.perbendaharaan.go.id Linux mirror
Bozkurt97
old.fiji.gov.fj FreeBSD mirror
By_aGReSiF
www.pde.ufjf.br/4gre.php Linux mirror
Clone-Security
spf.gov.kg Linux mirror
CLONING
www.sisaketspecial.go.th/56/un... Linux mirror
CLONING
www.lalo.go.th/Joomla_1.5.22-S... Linux mirror
CLONING
www.bareknuea.go.th/attach/unl... Linux mirror
ColdHackers
www.erdemlimuftulugu.gov.tr Unknown mirror
crazy-3r3r
www.swa.gov.sa Win 2003 mirror
DaiLexX
gokana.rv.gov.ng Linux mirror
DaiLexX
www.srednjobanatski.okrug.gov.rs Linux mirror
DevilzSec
www.coop-sy.gov.cn/textshow.as... Win 2003 mirror
DevilzSec
www.bhxzfw.gov.cn/ts_tsgk.asp Win 2003 mirror
DiE_AucH
governor.vic.gov.au/images/ind... Linux mirror
DiE_AucH
www.mtss.go.cr/images/ Linux mirror
DiE_AucH
www.inta.go.cr/logs/ Linux mirror
Digital Boys Underground Team
warranty.benq.net/db.txt Win 2008 mirror
Digital Boys Underground Team
www.escoex.ms.gov.br/db.txt Linux mirror
Digital Boys Underground Team
www.tce.ms.gov.br/portal/db.txt Linux mirror
Distorsi Lulaby
www.yonarmed13.mil.id Linux mirror
Dr.HaCkEr
www.pastoraledesjeunes31.cef.fr Linux mirror
Dr.SHA6H
www.mpu.furg.br/index.html Unknown mirror
Dr.SHA6H
gxirno2.jaz.gov.sa Linux mirror
Dr.SHA6H
www.karatal.gov.kz Unknown mirror
Dr.SHA6H
camarachapadaodosul.ms.gov.br Linux mirror
Dr.SHA6H
dei.gov.ua Linux mirror
Dr.SHA6H
www.quirimbas.gov.mz Linux mirror
Dr.SHA6H
www.subaru.co.ke Linux mirror
Dr.SHA6H
gallery.unicef.by/workspace/ Linux mirror
Dr.SHA6H
kazki.unicef.by/workspace/ Linux mirror
Dr.SHA6H
www.unicef.by/worspace/thumb/i... Linux mirror
Dr.SHA6H
glan.gov.ph Linux mirror
Dr.SHA6H
www.ppdhuluperak.gov.my Linux mirror
Dr.SHA6H
www.bata.gov.ba Linux mirror
Dr.SHA6H
www.hinoperu.com.pe Linux mirror
DZ27
cc-aspres.fr Linux mirror
DZ27
www.mairie-nersac.fr Linux mirror
DZ27
www.cc-paysdesaintaulaye.fr Linux mirror
DZ27
ville-saint-germain-les-arpajo... Linux mirror
CIR
24
DZ27
www.ville-pierrelatte.fr Linux mirror
DZ27
www.tj.ufrj.br/logs/DZ27.html Linux mirror
DZ27
www.ippur.ufrj.br/administrato... Linux mirror
DZ27
colloquegeii.univ-lille1.fr/ad... Linux mirror
DZ27
ugsf-umr-glycobiologie.univ-li... Linux mirror
DZ27
temir.univ-lille1.fr/test/dz27... Linux mirror
DZ27
iemndoc.univ-lille1.fr/cv/dz27... Linux mirror
DZ27
flaxomics.univ-lille1.fr/Flaxo... Linux mirror
DZ27
metamos.univ-lille1.fr/dz27.txt Linux mirror
DZ27
myconf.univ-lille1.fr/dz27.txt Linux mirror
DZ27
bibliotheque.mairie-seyssinet-... Win 2008 mirror
DZ27
www.bm.mairie-belfort.fr///Opa... Win 2008 mirror
DZ27
mediatheque.ville-loudeac.fr//... Win 2008 mirror
DZ27
bm.mairie-thionville.fr//OpacW... Win 2003 mirror
DZ27
www.mediatheque.ville-guerande... Win 2003 mirror
DZ27
mediatheque.ville-arles.fr/Opa... Win 2003 mirror
DZ27
bm.ville-caluire.fr//OpacWebAl... Win 2003 mirror
DZ27
ww2.pierrepaul24.catholique.fr... Linux mirror
DZ27
village-natal-sjmv-dardilly.ca... Linux mirror
DZ27
troisvallees91.catholique.fr/D... Linux mirror
DZ27
www.stirenee-stjust-lyon.cef.f... Linux mirror
DZ27
www.soeurs-blanches.cef.fr/DZ2... Linux mirror
DZ27
www.comune.cornedo-vicentino.v... Linux mirror
Dz-Boy Marwane
www.stc.gov.ae/news.php Linux mirror
erreur404
www.fireworks.gov.cn/dz.txt Win 2003 mirror
F15
www.ringwood.gov.uk/syria.htm FreeBSD mirror
fiofa fado
www.matlock.gov.uk Linux mirror
GAPING
www.gadnuevoquito.gob.ec/index... Linux mirror
ghost-dz
www.comune.sommavesuviana.na.i... Linux mirror
ghost-dz
www.inspectbk.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect9.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect8.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect7.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect5.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect4.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect2.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect12.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect11.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect10.moe.go.th/gh.html Linux mirror
ghost-dz
www.inspect1.moe.go.th/gh.html Linux mirror
Grayhatz
www.bbi.ba Linux mirror
Grayhatz
bbibanka.com.ba Linux mirror
h4x0r HuSsY
media.gov.lk Linux mirror
h4x0r HuSsY
mpowerraj.gov.in Win 2008 mirror
h4x0r HuSsY
cdrcestat.gov.in Win 2008 mirror
CIR
25
h4x0r HuSsY
sameer.gov.in Win 2008 mirror
h4x0r HuSsY
pwddelhi.gov.in Win 2008 mirror
h4x0r HuSsY
bihartourism.gov.in Win 2008 mirror
HacKed By LaMiN3 DK
www.sites.univ-rennes2.fr/cent... Win 2003 mirror
HACKER DZ
www.nevsehirkutup.gov.tr/image... Unknown mirror
Hacker-Fire
zebi.hsfq.gob.ec/zebi.txt Linux mirror
HaYaL-ET-06
pasaportes.gov.do Linux mirror
HeavenCode
www.bag-organisasi.probolinggo... Linux mirror
HighTech
www.kalymnos.gov.gr Win 2012 mirror
HighTech
www.xzdx.gov.cn Win 2003 mirror
HighTech
www.qzgdj.gov.cn/ck.txt Win 2003 mirror
HighTech
www.transparencia.seip.gob.hn Win 2008 mirror
HighTech
ikwezi.local.gov.za Win 2003 mirror
HighTech
www.capaobonito.sp.gov.br Win 2008 mirror
HighTech
www.geologia.ufrr.br Unknown mirror
HighTech
www.pmaver.gob.mx Win 2008 mirror
HighTech
itaobim.mg.gov.br Linux mirror
HighTech
juegos.minedu.gob.bo Linux mirror
HighTech
www.cnum-unesco.org.mz Linux mirror
HighTech
safedrivemedical.vicroads.vic.... Unknown mirror
HighTech
www.gpl.gov.za Linux mirror
HighTech
www.programaanticorrupcion.gob.mx Linux mirror
HighTech
www.cepagri.gov.mz Linux mirror
HighTech
www.ipex.gov.mz Linux mirror
HighTech
www.ouvidoria.defesacivil.rj.g... Linux mirror
HighTech
ns2.interpol.go.id Linux mirror
HighTech
www.mj.gov.mz Linux mirror
HighTech
www.cmchimoio.gov.mz Linux mirror
HighTech
www.cebucity.gov.ph Unknown mirror
HighTech
www.dar.gov.ph Win 2008 mirror
HighTech
www.scboristrajkovski.gov.mk Linux mirror
HighTech
www.iacm.gov.mz Linux mirror
HighTech
www.bba.gov.bd Linux mirror
HighTech
dp-pb.jusbrasil.com.br/noticia... Linux mirror
HighTech
jaboticatubas.mg.gov.br Linux mirror
HighTech
www.ekibastuz.gov.kz Linux mirror
HighTech
www.biritibamirim.sp.gov.br/site/ Linux mirror
HighTech
www.defesa.gov.cv Unknown mirror
HighTech
www.ccs.gov.cv Unknown mirror
HighTech
pu.pohuwatokab.go.id Linux mirror
HighTech
www.sage.coppe.ufrj.br Win 2003 mirror
HighTech
omossoroense.uol.com.br Linux mirror
Hmei7
www.ematerce.ce.gov.br/x.txt Unknown mirror
Hmei7
www.dilmiltama.go.id Unknown mirror
Hmei7
www.dhn.mil.ve/x.txt Win 2003 mirror
CIR
26
Hmei7
dbpe.mef.gob.pa/x.txt Win 2003 mirror
Hmei7
pt-palu.go.id/x.txt Linux mirror
Hmei7
orhei.chamber.md/x.txt Linux mirror
Hmei7
bomberosloja.gob.ec Linux mirror
Hmei7
www.gsm.kyoto-u.ac.jp/x.txt FreeBSD mirror
Hmei7
w2.georgiacourts.gov/x.txt Unknown mirror
Hmei7
btip.postel.go.id/x.txt Unknown mirror
Hmei7
www.uaf.gob.pa/x.txt Linux mirror
Hmei7
revistaespresso.uol.com.br/x.txt Linux mirror
Hmei7
bappeda.kayongutarakab.go.id/x... Linux mirror
Hmei7
www.action.hat.gov.mg/x.txt Linux mirror
Hmei7
selyuchenko-potters.gov.ua/x.txt Unknown mirror
Hmei7
poshyvailo-potters.gov.ua/x.txt Unknown mirror
Hmei7
opishne-museum.gov.ua/x.txt Unknown mirror
Hmei7
ceramology-inst.gov.ua/x.txt Unknown mirror
Hmei7
ceramology.gov.ua/x.txt Unknown mirror
Indishell
www.pakpost.gov.pk/1.txt Solaris 9/10 mirror
Iranian DataCoders Security Team
prefeituradepaudosferros.com.b... Linux mirror
Islamic Ghosts Team
www.maraguatown.go.ke Linux mirror
Islamic Ghosts Team
agpc.gov.ly/modules/news/index... Linux mirror
Islamic Ghosts Team
haras.gov.ly/index.php?option=... Linux mirror
Islamic Ghosts Team
mpc.gov.ly/afde/ Linux mirror
JeeN-7Frawy
www.aljoufedu.gov.sa Linux mirror
Jihad
www.iniap.gob.ec/j4.html Linux mirror
JusTic4
sapnet.gov.in/justic4.htm Win 2003 mirror
KiRaa
www.pn-tapaktuan.go.id/index.html Linux mirror
Kzsg
iremu.falcon.gob.ve/index.php Linux mirror
Learnersofcuriosity
www.fcfrp.usp.br FreeBSD mirror
M3QD4D
fl.bjpg.gov.cn/m3.htm Unknown mirror
M3QD4D
hbg.bjpg.gov.cn/m3.htm Win 2003 mirror
MAX|Ethical|Savior|Mx-Me
www.cnc.gob.pe/break.html Linux mirror
mhDx92
www.comune.gaggiano.mi.it/News... Win 2003 mirror
MJHOOL-HKR
www.dneapmpd.gov.mz Linux mirror
MoroccanGhosts
www.parliament.gov.na/html/ Linux mirror
MoroccanHunters
www.penamiller.gob.mx/index.html Linux mirror
Mr.H4rD3n
www.gis.ambon.go.id Linux mirror
mustireiS
www.agritex.gov.zw Linux mirror
N1Gh7 F0x
www.fef.gov.pk Linux mirror
NaSaH
nfsm.gov.in/WriteReadData/inde... Win 2003 mirror
newbie-herbet
herbet.pa-tegal.go.id Linux mirror
newbie-herbet
soce.gov.np/herbet.php Linux mirror
NinjaVirus
www.whwg.gov.cn/Nilux.htm Win 2003 mirror
Nob0dy
doc.peam.gob.pe Linux mirror
NoEntry Phc
hmc.ntuh.gov.tw/pwn.html Win 2003 mirror
OverDz
en.conaphuehue.gob.gt Linux mirror
CIR
27
Over-X
www.vco.cuhk.edu.hk Win 2008 mirror
Over-X
jolt.law.harvard.edu/digest/ Linux mirror
Over-X
www.biophym.iem.csic.es/biophym/ Linux mirror
Over-X
b2bmagazine.consumidormoderno.... Unknown mirror
Over-X
www.tp-link.gr/adminstathis/im... Linux mirror
Over-X
www.tplink.gr/adminstathis/imp... Linux mirror
RainsevenDotMy
www.karoncity.go.th/images/per... Linux mirror
RainsevenDotMy
www.janhae.go.th/images/ Linux mirror
RainsevenDotMy
www.thapo.go.th/images/news/ Linux mirror
RainsevenDotMy
www.krc.go.th/images/personnel/ Linux mirror
RainsevenDotMy
www.thungyai.go.th/images/acti... Linux mirror
RainsevenDotMy
www.bortru.go.th/images/travel... Linux mirror
RedHack
ide.yok.gov.tr Win 2008 mirror
S.V Crew
agrikutuphane.gov.tr Linux mirror
S:6T_i-#07
www.bbjw.gov.cn Win 2003 mirror
SaccaFrazi
www.moi-cpc.gov.ae/ar/newsmore... Win 2008 mirror
SaccaFrazi
www.xsxzfw.gov.cn/ts_detail1.a... Win 2003 mirror
SaccaFrazi
www.co.okaloosa.fl.us/news_upd...
Win 2003 mirror
SaccaFrazi
www.zyszwdt.gov.cn/ts_detail1.... Win 2003 mirror
SaccaFrazi
www.csng.gov.cn/index.htm Win 2003 mirror
SaccaFrazi
rsjy.hnforestry.gov.cn/show.as... Win 2003 mirror
Sa-Dz
ville-periers.fr Linux mirror
sahrawihacker
www.dgac.gob.gt/index.php/info... Linux mirror
sahrawihacker
www.camaralivramento.rs.gov.br... Unknown mirror
Sizzling Soul
acehtimurkab.bps.go.id Linux mirror
SLYHACKER
www.toyota.az Linux mirror
Syndrom2211
disperindag.pamekasankab.go.id... Linux mirror
Syndrom2211
bappeda.pamekasankab.go.id/xxx... Linux mirror
SystemX
www.munipacanga.gob.pe Linux mirror
SystemX
www.condado.pe.gov.br Linux mirror
SystemX
www.camarasarzedo.mg.gov.br Linux mirror
TeaM MosTa
bljd.bl.gov.cn Win 2003 mirror
THE GAZETTE
spcnu.gov.ve Linux mirror
The UnderTaker
service.benq.com.hk/Policy.asp... Win 2003 mirror
TheHackersArmy
nhaag.ub.gov.mn Linux mirror
TheHackersArmy
bzd.ub.gov.mn Linux mirror
TheHackersArmy
pl.ub.gov.mn/index.php?option=... Linux mirror
TheHackersArmy
cholistan.gov.pk Linux mirror
TheHackersArmy
cmutinga.ba.gov.br Linux mirror
TheHackersArmy
acourt.gov.np/library/admin/po... Win 2008 mirror
TheHackersArmy
dcourt.gov.np/library/admin/po... Win 2008 mirror
TheHackersArmy
supremecourt.gov.np/library/ad... Win 2008 mirror
Thunderhacks
www.arapoti.pr.gov.br/index.ph... Linux mirror
Tn_Scorpion
www.ville-varennes-vauzelles.f... Linux mirror
Troyan_black
www.ess.ufrj.br Linux mirror
CIR
28
TUNOVATO
www.senavitat.gov.py Win 2008 mirror
TurkishAjan.com
newweb.honda.co.th/th/news_rel... Win 2003 mirror
TurkishAjan.com
www.ocasion.renault.bg Linux mirror
ulow
dindik.kayongutarakab.go.id/a.htm Linux mirror
ulow
www.simbiosis.ufsc.br/images/a... Linux mirror
ulow
www.comune.pietrelcina.bn.it/i... Linux mirror
ulow
www.mairipora.sp.gov.br/images... Linux mirror
ulow
transparencia.presidencia.gob.sv Unknown mirror
ulow
sbuda-rada.gov.ua/images/a.txt FreeBSD mirror
V!rù$ No!r
opp.go.th/sitemap.php Linux mirror
V!rù$ No!r
oppn.opp.go.th Linux mirror
WeWe ArAr
www.pastoralejeunes40.cef.fr Linux mirror
xatli
www.25aralikdh.gov.tr/uyar.php Linux mirror
xatli
www.ville-langon.fr/index.php?... Linux mirror
Xcrusher
kejari-kualakapuas.go.id Linux mirror
xdieka-civilx
www.serantajpm.gov.my F5 Big-IP mirror
X-Line
www.gobiernomontufar.gob.ec Linux mirror
xtremee_killar
blog.fdc.gov.bd Linux mirror
xXM3HM3TXx
www.mazda.md Linux mirror
xXM3HM3TXx
invest.gov.kz Unknown mirror
ZiqoR
ispirsaglik.gov.tr/ziqor.txt Linux mirror
ZiqoR
kepsuttarim.gov.tr Linux mirror
ZoRRoKiN
aphdept.nc.gov.lk Linux mirror
علي حافظ االسد
www.pejsib.gob.pe/paginaweb/ Linux mirror
مستر هزام
www.ncrp.gov.bt Linux mirror
CIR
29
Notifier Single def. Mass def. Total def. Homepage def. Subdir def. 1 Barbaros-DZ 3404 164 3568 1193 2375 2 Ashiyane Digital Security Team 2578 3388 5966 1166 4800 3 Hmei7 2319 1372 3691 738 2953 4 LatinHackTeam 1428 1276 2704 2254 450 5 iskorpitx 1322 953 2275 784 1491 6 Fatal Error 1032 1145 2177 1797 380 7 chinahacker 886 1342 2228 4 2224 8 MCA-CRB 852 625 1477 372 1105 9 By_aGReSiF 749 1424 2173 802 1371
10 3n_byt3 644 1882 2526 858 1668 11 HEXB00T3R 604 630 1234 405 829 12 Red Eye 579 1551 2130 2093 37 13 uykusuz001 554 159 713 38 675 14 brwsk007 537 187 724 24 700 15 Mafia Hacking Team 496 589 1085 322 763 16 Swan 496 258 754 219 535 17 Digital Boys Underground Team 461 442 903 179 724 18 Iran Black Hats Team 458 326 784 417 367 19 1923Turk 434 1569 2003 436 1567 20 misafir 424 434 858 226 632 21 Over-X 423 1585 2008 1302 706 22 DeltahackingSecurityTEAM 415 443 858 232 626 23 ZoRRoKiN 397 204 601 115 486 24 D.O.M 392 645 1037 824 213 25 kaMtiEz 391 390 781 238 543 26 HighTech 389 1779 2168 1754 414 27 Triad 375 315 690 397 293 28 [#elite top team] 362 303 665 570 95 29 sinaritx 359 98 457 160 297 30 k4L0ng666 353 1206 1559 222 1337 31 core-project 313 325 638 629 9 32 Ma3sTr0-Dz 313 736 1049 300 749 33 linuXploit_crew 312 166 478 478 0 34 Turkish Energy Team 311 224 535 319 216 35 ISCN 275 128 403 102 301 36 !nf3rN.4lL 263 376 639 177 462 37 NeT-DeViL 253 258 511 335 176 38 Poizonb0x 251 3 254 254 0 39 eMP3R0r TEAM 240 308 548 136 412 40 PowerDream 237 164 401 174 227 41 Vezir.04 234 111 345 152 193 42 KHG 233 281 514 210 304 43 S4t4n1c_S0uls 230 144 374 311 63 44 Hi-Tech Hate 223 6 229 229 0 45 XTech Inc 223 328 551 548 3 46 BeLa 210 123 333 147 186 47 m0sted 209 207 416 107 309 48 spook 209 31 240 40 200 49 Prime Suspectz 205 0 205 205 0 50 the freedom 198 136 334 22 312
CIR
30
Top 10 Ports Top 10 Source IPs
by Reports by Targets by Sources
Port Reports
80 684203
22 662594
53 592910
23 576790
21 560339
179 555953
137 515307
445 461086
36300 372591
3389 232490
Port Targets
3389 70138
22 65444
1433 63334
445 40943
80 33401
8080 21505
443 16736
5060 14464
3306 13911
179 12704
Port Sources
445 20483
36300 20297
3389 10889
80 9746
443 6801
37656 6224
57695 4920
57778 4805
7263 4751
57694 4737
IP Address Reports Target IPs First Seen Last Seen
069.175.126.170 (US) 1,990,602 138,482 2012-07-11 2013-02-25
218.026.089.179 (CN) 343,731 120,102 2012-12-26 2013-02-24
060.211.241.131 (CN) 245,707 105,130 2012-09-29 2013-02-24
176.010.035.241 (IS) 327,526 89,891 2013-01-26 2013-02-24
069.175.054.106 (US) 1,418,510 88,592 2012-07-14 2013-02-25
211.066.184.087 (CN) 261,790 85,799 2012-12-22 2013-02-24
173.045.104.226 (US) 145,428 72,642 2012-09-03 2013-02-24
198.020.069.074 () 372,506 71,802 2012-11-08 2013-02-24
061.143.207.106 (CN) 556,101 71,737 2013-01-25 2013-02-24
198.020.069.098 () 381,494 71,605 2012-11-08 2013-02-24
: DC3 DISPATCH [email protected]
FBI In the New [email protected] Zone-h www.zone-h.org Xssed www.xssed.com Packet Storm Security www.packetstormsecurity.org Sans Internet Storm Center isc.sans.org Exploit Database www.exploit-db.com Exploits Database www.exploitsdownload.com Hack-DB www.hack-db.com Infragard www.infragard.org ISSA www.issa.org Information Warfare Center informationwarfarecenter.com Secunia www.secunia.org Tor Network
