Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT...
Transcript of Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT...
Information Warfare Center’s Cyber Intelligence Report (CIR) Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT/CHFI, CREA/CEPT/CSSA/CCFE
www.informationwarfarecenter.com
1
The IWC CIR is a weekly OSINT resource focusing on advanced persistent threats and other digital dangers. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage.
Remember remember the 5th
of November: @OpVendetta2012 & Marchondcnov5th.wordpress.com
Both groups have plans to protesting on November 5th.
"The Revolution to Restore the Republic of the United States.” ... “On November 5th 2012 WE THE PEOPLE will
march on Washington DC peacefully and unarmed to arrest all members of congress, the president, and all supreme
court justices where they will be held without bond until a full independent investigation and trial have been
completed. We must re-elect our government within 90 days in order to stave of unrest."
Anonymous Warning: 5th November 2012 sent from , an offshoot of Anonymous. @FawkesSecurity
https://www.youtube.com/watch?v=gteHUvz1_x8 & http://pastebin.com/DKvrtiFU
“Dear citizens of the world, We are Anonymous. As of today 200 kilograms of composite Nitroglycerin and commercial explosives have effectively been concealed in a government building, situated in the united states of America. On the 5th of November 2012 the device will detonate remotely via the transmission control protocol, leaving behind severe consiquences. We would like to advise that the contraption is built inside a tamper proof apparatus sensitive to physical intrusions or attempted disarmament, thus resulting in the desired effect, if the military grade device is found before the 5th of November. There is no intention, risks or circumstances what so ever to cause harm to innocent people, but we can not, say the same for the people who are the real terrorists, oppressors and war creators. We are anonymous We are legion We do not forget We do not forgive...”
The pattern of the bomb threat does not seem match normal Anonymous messages... This does not appear to be the same person(s) that release most of the other videos with the grammar and writing style used... Anonymous’ response: https://www.youtube.com/watch?v=D_7oIuGX_pk
Section Page # Country Gov’t Defaced sites OS defaced #
In the News 2 123 United States 1 Windows 125
Exploits 5 18 Brazil 13 Linux 209
Web Exploits 5 26 China 50 FreeBSD 10
Tools 6 7 Mexico 10 F5 Big-IP 3
Papers 5 8 Turkey 12 Unknown 3
Advisories 7 112 Bangladesh 10
Websites defaced 17 350 Indonesia 90
Alerts
AppleNetWeaverAdobeAvayaHPHuaweiIBMMicrosoftMozillaOracleVMWareWordPress
CIR
2
Anonymous (13)
Anonymous deface UK Police forum and Dating Portal
Anonymous going to lauch wikileaks like project called TYLER
Anonymous Group Posts Bomb Threat For Nov. 5, Pisses Off Anonymous
Anonymous Hackers leaks 1.35GB Italian State Police Data
Anonymous hacking group target police web forum
Anonymous leaks Classified Documents from Greek Finance Ministry server
Anonymous Takes Aim At Zynga
Anonymous Warns Of Attack On Facebook And Zynga
Anonymous: FawkesSecurity bomb threat: False flag?
Hacker claiming ties to Anonymous posts bomb threat for November 5 on YouTube
Operation Vendetta
Anonymous Documentary “We Are Legion” Now Available
'Anonymous' to Rove: 'We Are Watching You, We Know That You Will Attempt to Rig the Election'
Government (27)
.Gov, .Mil URL-Shortener Spam Attack Curtailed
Asia Pacific Computer Emergency Response Team: Security Awareness.
AT&T Government Solutions Receives Authority to Operate for Cloud Storage Service
Canada's cyber-security lacking, says report
Consolidation Strengthens Virginia's Cybersecurity Efforts
Cyber Security Research Alliance: Intel, Lockheed And Others Team Up To Tackle CyberSecurity
Cyberspace the new battlefield in Tehran's war
DHS broadens public-private efforts to combat cyber risks
Funniest Tweets Of The Final Presidential Debate
Georgia Turns The Tables On Russian Hacker
Give Social Networks Fake Details, Advises Government Official
Half of capital may have been victims of cyber crime
Huawei Partner Offered US Tech To Iran
Israeli Cops Penetrated By Army Of Fake Generals With Trojans
Millions Of SSNs Lifted From South Carolina Database
Napolitano: DHS Is ‘Infant That Needs to Walk and Run’ Right Now
New FBI Initiative Will Identify And Trace Hackers
NIST's Hash Algorithm Refresh Possibly Premature
Parallel Vote Count In Jeopardy Because Of Hacker Attacks
Police Make Three Arrests In Phishing Scam Sting
Test Our Cyber Security, Huawei Says
The anatomy of cyber security exercises
U.S. Looks To Replace Human Surveillance With Computers
UN: More international cooperation needed to fight cyberterrorism
Unencrypted Flight Barcode Warning
US-Cert Warns DKIM Email Open To Spoofing
WikiLeaks releases hacked US military detention policies
SCADA/ICS (3)
Another Systematic SCADA Vuln
Critical infrastructure managing software vulnerable to Unauthorized access
Triconex: PLCs Remain Safe
CIR
3
Forensics (1)
Turning Tables: ID'ing The Hacker Behind The Keyboard
Financial (9)
Barnes & Noble halts use of PIN pad devices after data breach
Barnes & Noble Stores Targeted In Nationwide Payment Card-Skimming Scam
DDoS attacks against banks raise question: Is this cyberwar?
Hackers Crack Texan Bank, Experian Credit Records Come Flooding Out
Hackers Steal Customer Data From Barnes And Noble Keypads
Hackers stole Credit Card details from 63 'Barnes & Noble' stores
Insurer Launches Cyber Insurance For Small Businesses
Stoke Fined £120K Over Email Privacy Blunder
Verizon: Most Intellectual Property Theft Involves Company Insiders
Legal (11) Court To Notify Current And Former Norton Customers About $10 Cash Refunds For Antivirus Software Upgrades And Renewals
Cybersecurity legislation makes Panetta's lame duck to-do list
Deceptive Web Tracker Settles With FTC
Dyson Goes To Court Over Stolen Trade Secrets
FTC Issues Privacy Guidelines For Facial Recognition
Hacker Attack Warnings Don't Budge Opposing Sides On Cyber Bill
Judge Says PSN Hack Can't Spark Class Action
Russian coder puts Microsoft botnet accusation behind him
Security Order Calls for Cyberthreat Info Sharing
US Rules Jailbreaking Tablets Is Illegal
What An Executive Order On Cybersecurity May Mean For Enterprises
Mobile (6)
AlienVault Launches Threat Intelligence Resource Center & iOS Mobile Apps
Android Adware abusing permissions, Collecting more than they need
Sharp rise in Android Malwares in Third Quarter of 2012
Smartphone wireless chipset vulnerable to DoS attack
TeleCommunication Systems Receives 12 U.S. Patents Advancing Public Safety, Mobile Location, Messaging, Wireless Data, Mapping and Secure Communications Technologies
Technology (35)
10 Certifications Every IT Pro Needs To Have For 2013
Adobe Plugs Up Buffer Overflow Holes In Shockwave Update
Assassinations using heart implants
BitTitan Announces Beta for Cloud-Based Email Automation Solution
Cyber crimes become prevalent on college campuses
Cybersecurity Study. [REPORT]
Facebook Donates $250k Taken From Spammers To Cyber CSI Lab
First look at Windows 8 security features
France Euromillions Site Hit By Religious Hackers
How A Google Headhunter's E-Mail Unraveled A Massive Net Security Hole (WIRED)
Huawei Says It Would Offer Access To Its Source Code Via Independent Testing Center (SECURITY WEEK)
Hunting Botnets On A Bigger Scale
Lacklustre Security Making Corporate Data Easy Prey For Hackers
Malware Bypasses Antivirus
CIR
4
Malware Hijacks Your Email, Sends Death Threats
McGraw Announces New Iniative to Combat Identity Theft
Medical Devices Vulnerable to Hacking
Microsoft Has No Plans For A Second Windows 7 Service Pack
Microsoft releases Windows 8
New cybercrime monetization methods
New windows malware can target smart cards for full remote access
Next-Generation Malware: Changing The Game In Security's Operations Center
Qualys Introduces Predictive Analytics Engine For Zero-Day And Microsoft Patch Tuesday Vulnerabilities
Recognized vulnerabilities fuel growth in cybersecurity
Researcher to demonstrate feature-rich malware that works as a browser extension
Researchers To Launch New Tools For Search Engine Hacking
Saudi Cyber Attack Seen As Amateur Iranian Hackers
Skimming, Identity Theft and How Online Business Defend Against Cybercrime
Sony Hack Useless To Regular PS3 Gamers
Sony PlayStation 3 hacked with custom firmware
Verizon DBIR Analysis: Insiders Often Complicit in Breaches of Intellectual Property
Verizon Releases Industry-by-Industry Snapshots of Cybercrime
Websites Knocked Offline By Super-Storm Sandy
Xerox, McAfee announce first printers with McAfee Embedded Control software
Zero-Day Attacks Long-Lived, Presage Mass Exploitation
Conference (2)
1st Annual Maryland Digital Forensics Investigation Challenge
National Initiative for Cybersecurity Education (NICE) Workshop
FBI News (17) CPKP (9)
Belleville Man Sentenced for Enticement of a Minor and Transportation of Child Pornography
Cincinnati Man Sentenced to 148 Months in Prison for Possessing Child Pornography
Macy Man Sentenced for Assault on a Child
Man Pleads Guilty to Arranging for Sexual Contact with a Minor
Monroe County Man Sentenced to Five Years in Prison for Child Pornography Offense
Pennsylvania Man Pleads Guilty to Receipt of Child Pornography
Rochester Man Sentenced on Child Pornography Charges
Sex Offender Faces Minimum Sentence of 15 Years in Prison
Trio of Child Pornographers Sentenced
Government (3)
FBI Releases 2011 Crime Statistics
Local Man Charged with Conveying Hoax Bomb Threats
Virginia Man Indicted on Additional Charges, Including a D.C. Terrorism Offense
Technology (5)
Computer Printer Technician Acknowledges Defrauding Children’s of Alabama
Cyber Division Focusing on Hackers and Intrusions
NYPD Officer: Kidnapping Conspiracy and Illegally Accessing Federal Database
Online Dating Extortion and Other Scams
Orlando Man Indicted for Shining Laser at Police Helicopter
CIR
5
Mobile (1)
Grandstream GXP1405 Executive IP Phone 1.0.1.110 XSS
DoS (4)
Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 Multiple Vulnerabilities
Apple QuickTime Player 7.7.2 Crash PoC
hMailServer 5.3.3 Remote Denial Of Service
Microsoft Office Word 2010 Crash PoC
Local (10)
Apple QuickTime Player 7.7.2 Crash
Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack
Microsoft Internet Explorer "scrollIntoView" Use-After-Free
Microsoft Office Excel 2010 Memory Corruption
Microsoft Office Picture Manager 2010 Memory Corruption
Microsoft Office Publisher 2010 Proof Of Concept
Microsoft Office Word 2012 Stack Overflow
Microsoft Paint 5.1 Memory Corruption
Microsoft Windows Help Program Memory Corruption
TP-LINK TL-WR841N Local File Inclusion
Remote (3)
Aladdin Knowledge System Ltd Buffer Overflow
HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
This section of the CIR is dedicated to inform the public exploits, tools, and whitepapers that may directly affect the security posture of an organization. The term “Proof of Concept (PoC)” is another term for working exploit. Many of these PoCs will eventually find themselves in malicious logic such as viruses, Trojans, and root kits.
CIR
6
Web (26)
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
Allscripts Homecare Client Local Memory Corruption
Bitweaver 2.8.1 Cross Site Scripting / Local File Inclusion
Bitweaver 2.8.1 Multiple Vulnerabilities
ClanSphere 2011.3 Local File Inclusion / Remote Code Execution
Contao 2.11.6 Path Disclosure
Gramophone 0.01b1 Cross Site Scripting
Inout Article Base Ultimate SQL Injection / CSRF
Inventory 1.0 Cross Site Scripting
Inventory 1.0 SQL Injection
Layton Helpbox 4.4.0 Authorization Bypass
Layton Helpbox 4.4.0 Cross Site Scripting
Layton Helpbox 4.4.0 Login Bypass
Layton Helpbox 4.4.0 Password Disclosure
Layton Helpbox 4.4.0 SQL Injection
Layton Helpbox 4.4.0 Stored Cross Site Scripting
ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection
NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection
NASA Tri-Agency Climate Education (TrACE) 1.0 XSS
SMF 2.0.2 Cross Site Scripting
VaM Shop 1.69 Cross Site Scripting / SQL Injection
VicBlog Path Disclosure / SQL Injection
WordPress Easy Webinar Blind SQL Injection
WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
Wysiwyg Imagelibrary Traversal
Zomorrod Web Design SQL Injection
Tools (7)
360-FAAR Firewall Analysis Audit And Repair 0.3.3
360-FAAR Firewall Analysis Audit And Repair 0.3.4
Hook Analyser Malware Tool 2.1
OATH Toolkit 2.0.1
Packet Fence 3.6.0
WAF-FLE ModSecurity Console 0.6.0rc1
Xplico Network Forensic Analysis Tool 1.0.1
Papers (8)
Bypassing Avast Sandbox Using Alternate Data Streaming
DIMVA 2013 Call For Papers
Facing Facts - FCC Whitepaper
How Did They Get In? A Guide To Tracking Down The Source Of An APT
Monitoring And Controlling Privileged User Access
Network Monitoring As A SecurityTool
Positive Hack Days III Call For Papers
Using Ontologies In A Cognitive-Grounded System
CIR
7
Adobe (1)
Secunia Security Advisory 51090
Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
Apache (1)
Secunia Security Advisory 51052
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in Apache OFBiz.
Avaya (1)
Secunia Security Advisory 51077
Secunia Security Advisory - Avaya has acknowledged a weakness and some vulnerabilities in Avaya Aura Presence Services, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and to disclose system information and by malicious people to cause a DoS.
HP (6)
Secunia Security Advisory 51081
Secunia Security Advisory - Some vulnerabilities have been reported in multiple HP products, which can be exploited by malicious people to disclose potentially sensitive information.
HP Security Bulletin HPSBHF02819 SSRT100920
HP Security Bulletin HPSBHF02819 SSRT100920 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
HP Security Bulletin HPSBHF02819 SSRT100920
HP Security Bulletin HPSBHF02819 SSRT100920 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
Secunia Security Advisory 51096
Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
HP Security Bulletin HPSBUX02824 SSRT100970
HP Security Bulletin HPSBUX02824 SSRT100970 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code and other vulnerabilities. Revision 1 of this advisory.
HP Security Bulletin HPSBHF02819 SSRT100920 2
HP Security Bulletin HPSBHF02819 SSRT100920 2 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 2 of this advisory.
Huawei (1)
HP/H3C And Huawei SNMP Weak Access To Critical Data
HP/H3C and Huawei networking equipment suffers from a serious weakness in regards to their handling of SNMP requests for protected h3c-user.mib and hh3c-user.mib objects.
CIR
8
IBM (1)
Secunia Security Advisory 51106
Secunia Security Advisory - IBM has acknowledged a vulnerability in BIND included in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
Microsoft (5)
Microsoft Internet Explorer OnMove Use-After-Free
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "onMove" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
Microsoft Office Excel 2010 Memory Corruption
Microsoft Office Excel 2010 memory corruption proof of concept exploit.
Microsoft Paint 5.1 Memory Corruption
Microsoft Paint version 5.1 memory corruption proof of concept exploit.
Microsoft Office Publisher 2010 Proof Of Concept
Microsoft Office Publisher 2010 crash proof of concept denial of service exploit.
Microsoft Windows Help Program Memory Corruption
Microsoft Windows Help memory corruption proof of concept exploit.
Mozilla (1)
Secunia Security Advisory 51144
Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
NASA (2)
NASA Tri-Agency Climate Education (TrACE) 1.0 XSS
The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from a reflected cross site scripting vulnerability when input is passed to the 'product_id', 'pi', 'project_id' and 'funder' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 1.0 is affected.
NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection
The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from an SQL Injection vulnerabilities when input is passed to the 'product_id' and 'grade' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 1.0 is affected.
Oracle (5)
Secunia Security Advisory 50926
Secunia Security Advisory - Oracle has acknowledged a vulnerability with an unknown impact in 7-zip included in Solaris.
CIR
9
Secunia Security Advisory 51078
Secunia Security Advisory - Oracle has acknowledged a vulnerability in BIND included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
Oracle Java Font Processing "maxPointCount" Heap Overflow
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
Oracle Java Font Processing Glyph Element Memory Corruption
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
Secunia Security Advisory 51151
Secunia Security Advisory - ERPScan has reported a vulnerability in Oracle Business Intelligence, which can be exploited by malicious people to conduct cross-site scripting attacks.
VMWare (1)
EMC Avamar Client For VMware Information Disclosure
The Avamar Server root user password is stored in plain text on Avamar VMWare proxy client. This could allow a malicious user with network access to proxy client and Avamar Server to gain privileged access to the Avamar server
WordPress (9)
Secunia Security Advisory 50834
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Cimy User Manager plugin for WordPress, which can be exploited by malicious people to disclose certain sensitive information.
Secunia Security Advisory 50981
Secunia Security Advisory - Han Lee has discovered a vulnerability in the Spider Calendar plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
Secunia Security Advisory 50873
Secunia Security Advisory - Charlie Eriksen has discovered two vulnerabilities in the FireStorm Professional Real Estate plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
Secunia Security Advisory 50975
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Zingiri Bookings plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
Secunia Security Advisory 50875
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the UnGallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Secunia Security Advisory 50977
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Thank You Counter Button plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
CIR
10
Secunia Security Advisory 50983
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Zingiri Form Builder plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
Secunia Security Advisory 50910
Secunia Security Advisory - Multiple vulnerabilities have discovered in the Poll plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
WordPress Easy Webinar Blind SQL Injection
WordPress Easy Webinar plugin suffers from a remote blind SQL injection vulnerability.
Misc: (37)
Secunia Security Advisory 51041
Secunia Security Advisory - A vulnerability has been reported in ViewVC, which can be exploited by malicious users to conduct script insertion attacks.
Secunia Security Advisory 51095
Secunia Security Advisory - A security issue and some vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to bypass certain security restrictions.
Secunia Security Advisory 51069
Secunia Security Advisory - Two vulnerabilities have been discovered in ManageEngine Security Manager Plus, which can be exploited by malicious people to disclose potentially sensitive system information and conduct SQL injection attacks.
Secunia Security Advisory 51021
Secunia Security Advisory - MustLive has reported a vulnerability in Bitrix Site Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
Secunia Security Advisory 51091
Secunia Security Advisory - Multiple vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks.
Secunia Security Advisory 50928
Secunia Security Advisory - A vulnerability has been discovered in ManageEngine SupportCenter Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.
Secunia Security Advisory 50829
Secunia Security Advisory - Janek Vind has discovered multiple vulnerabilities in phpMyBitTorrent, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting and SQL injection attacks.
Secunia Security Advisory 51045
Secunia Security Advisory - A weakness and a vulnerability has been reported in F5 FirePass, which can be exploited by malicious people to conduct spoofing and SQL injection attacks.
Secunia Security Advisory 51058
Secunia Security Advisory - HTTPCS has discovered two vulnerabilities in Dolibarr ERP/CRM, which can be exploited by malicious people to conduct cross-site scripting attacks.
CIR
11
Secunia Security Advisory 50917
Secunia Security Advisory - SEC Consult has reported a vulnerability in the Unirgy uStoreLocator extension for Magento, which can be exploited by malicious people to conduct SQL injection attacks
Secunia Security Advisory 51036
Secunia Security Advisory - SySS has reported a security issue in Palo Alto Networks GlobalProtect, which can be exploited by malicious people to conduct spoofing attacks.
Secunia Security Advisory 51076
Secunia Security Advisory - A vulnerability has been reported in the Commedia component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Drupal Time Spent 6.x / 7.x XSS / CSRF / SQL Injection
Drupal Time Spent third party module versions 6.x and 7.x suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Secunia Security Advisory 50631
Secunia Security Advisory - Zhao Liang has discovered some vulnerabilities in Winmail Server, which can be exploited by malicious users and malicious people to conduct script insertion attacks.
Drupal MailChimp 7.x Cross Site Scripting
Drupal MailChimp third party module version 7.x suffers from a cross site scripting vulnerability.
Secunia Security Advisory 51092
Secunia Security Advisory - Some vulnerabilities have been reported in TIBCO Formvine, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
Secunia Security Advisory 51084
Secunia Security Advisory - A vulnerability has been reported in OpenAthens SP, which can be exploited by malicious people to bypass certain security restrictions.
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
The Aladdin Knowledge System Ltd. PrivAgent active-x control version 2.0 suffers from buffer overflow and insecure file download vulnerabilities. Buffer overflow proof of concept included.
Secunia Security Advisory 51083
Secunia Security Advisory - A security issue has been reported in JetPort 5600, which can be exploited by malicious people to compromise a vulnerable device.
Inventory 1.0 SQL Injection
Inventory version 1.0 suffers from multiple remote SQL injection vulnerabilities.
Inventory 1.0 Cross Site Scripting
Inventory version 1.0 suffers from multiple cross site scripting vulnerabilities.
Layton Helpbox 4.4.0 SQL Injection
Layton Helpbox version 4.4.0 suffers from multiple remote SQL injection vulnerabilities.
Layton Helpbox 4.4.0 Authorization Bypass
Layton Helpbox version 4.4.0 suffers from an authorization bypass vulnerability.
CIR
12
Layton Helpbox 4.4.0 Unencrypted Login
Layton Helpbox version 4.4.0 fails to use encrypted transport for logging users into the system.
Layton Helpbox 4.4.0 Password Disclosure
Layton Helpbox version 4.4.0 discloses login and password information for the database in an error page.
Layton Helpbox 4.4.0 Stored Cross Site Scripting
Layton Helpbox version 4.4.0 suffers from embedded cross site scripting vulnerabilities.
Layton Helpbox 4.4.0 Login Bypass
Layton Helpbox version 4.4.0 suffers from login bypass vulnerabilities due to improper cookie design.
Layton Helpbox 4.4.0 Cross Site Scripting
Layton Helpbox version 4.4.0 suffers from a reflective cross site scripting vulnerability.
Realplayer Watchfolders Long Filepath Overflow
Realplayer version 15.0.5.109 is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility.
WAF-FLE ModSecurity Console 0.6.0rc2
WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.
Perl 5 Memory Corruption
The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
Allscripts Homecare Client Local Memory Corruption
Allscripts Homecare client versions 6.1.0 and 7.0.1 suffer from a local memory corruption vulnerability.
Gramophone 0.01b1 Cross Site Scripting
Gramophone version 0.01b1 suffers from a cross site scripting vulnerability.
Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack
Arora version 0.10.0 suffers from a DLL hijacking vulnerability
hMailServer 5.3.3 Remote Denial Of Service
hMailServer version 5.3.3 IMAP remote crash proof of concept exploit.
Secunia Security Advisory 51152
Secunia Security Advisory - ERPScan has reported a vulnerability in SAP NetWeaver Process Integration, which can be exploited by malicious people to disclose potentially sensitive information.
Secunia Security Advisory 51154
Secunia Security Advisory - Ubuntu has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
CIR
13
Linux Distributions
Debian (18)
Secunia Security Advisory 51112
Secunia Security Advisory - Debian has issued an update for request-tracker3.8. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct spoofing attacks, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
Debian Security Advisory 2565-1
Debian Linux Security Advisory 2565-1 - Multiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser.
Debian Security Advisory 2562-1
Debian Linux Security Advisory 2562-1 - cups-pk-helper, a PolicyKit helper to configure cups with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The user would have to explicitly approve the action.
Debian Security Advisory 2563-1
Debian Linux Security Advisory 2563-1 - Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories.
Debian Security Advisory 2564-1
Debian Linux Security Advisory 2564-1 - gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers.
Debian Security Advisory 2565-1
Debian Linux Security Advisory 2565-1 - Multiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser.
Debian Security Advisory 2562-1
Debian Linux Security Advisory 2562-1 - cups-pk-helper, a PolicyKit helper to configure cups with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The user would have to explicitly approve the action.
Debian Security Advisory 2563-1
Debian Linux Security Advisory 2563-1 - Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories.
Debian Security Advisory 2564-1
Debian Linux Security Advisory 2564-1 - gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers.
Secunia Security Advisory 51074
Secunia Security Advisory - Debian has issued an update for tinyproxy. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Secunia Security Advisory 50970
Secunia Security Advisory - Debian has issued an update for iceweasel. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
CIR
14
Secunia Security Advisory 51072
Secunia Security Advisory - Debian has issued an update for viewvc. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.
Debian Security Advisory 2566-1
Debian Linux Security Advisory 2566-1 - It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.
Debian Security Advisory 2567-1
Debian Linux Security Advisory 2567-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
Debian Security Advisory 2568-1
Debian Linux Security Advisory 2568-1 - IT was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class.
Debian Security Advisory 2569-1
Debian Linux Security Advisory 2569-1 - Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client.
Secunia Security Advisory 51115
Secunia Security Advisory - Debian has issued an update for exim4. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Secunia Security Advisory 51111
Secunia Security Advisory - Debian has issued an update for rtfm. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
Mandriva (1)
Mandriva Linux Security Advisory 2012-168
Mandriva Linux Security Advisory 2012-168 - hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service via a small TLS Message Length value in an EAP-TLS message with the More Fragments flag set. The updated packages have been patched to correct these issues.
Red Hat (5)
Red Hat Security Advisory 2012-1401-01
Red Hat Security Advisory 2012-1401-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service
Red Hat Security Advisory 2012-1401-01
Red Hat Security Advisory 2012-1401-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service
CIR
15
Red Hat Security Advisory 2012-1407-01
Red Hat Security Advisory 2012-1407-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Firefox to execute arbitrary code.
Red Hat Security Advisory 2012-1413-01
Red Hat Security Advisory 2012-1413-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code.
Secunia Security Advisory 51146
Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
Slackware (1)
Slackware Security Advisory - mozilla-firefox Updates
Suse (2)
Secunia Security Advisory 51099
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and potentially gain escalated privileges and malicious people to cause a DoS.
Secunia Security Advisory 51155
Secunia Security Advisory - SUSE has issued an update for exim. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
Ubuntu (13)
Ubuntu Security Notice USN-1603-2
Ubuntu Security Notice 1603-2 - USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. Various other issues were also addressed.
Ubuntu Security Notice USN-1614-1
Ubuntu Security Notice 1614-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the corresponding updates for Ubuntu 12.10. Peter Bex discovered that Ruby incorrectly handled file path strings when opening files. An attacker could use this flaw to open or create unexpected files. Various other issues were also addressed.
Secunia Security Advisory 51087
Secunia Security Advisory - Ubuntu has issued an update for python3.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information and malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
CIR
16
Ubuntu Security Notice USN-1615-1
Ubuntu Security Notice 1615-1 - It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. Various other issues were also addressed.
Secunia Security Advisory 51087
Secunia Security Advisory - Ubuntu has issued an update for python3.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information and malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
Secunia Security Advisory 51089
Secunia Security Advisory - Ubuntu has issued an update for python3.2. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to cause a DoS (Denial of Service).
Ubuntu Security Notice USN-1616-1
Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
Ubuntu Security Notice USN-1617-1
Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice USN-1618-1
Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
Ubuntu Security Notice USN-1620-1
Ubuntu Security Notice 1620-1 - Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. Various other issues were also addressed.
Ubuntu Security Notice USN-1619-1
Ubuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
Secunia Security Advisory 51147
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
CIR
17
Notifier L
Domain OS View
@UGBrazil
www.camarasaoborja.com.br F5 Big-IP mirror
1923Turk
redeuniva.acidi.gov.pt Linux mirror
1923Turk
webserv.acidi.gov.pt/eacidi/ Linux mirror
1923Turk
paai.acidi.gov.pt Linux mirror
1923Turk
www.biblioteca.provincia.cosen... Linux mirror
3n_byt3
ketenagaan.pptkpaudni.kemdikna... Linux mirror
3n_byt3
new.paudni.kemdikbud.go.id/dik... FreeBSD mirror
3n_byt3
new.paudni.kemdiknas.go.id/dik... FreeBSD mirror
ABCsHack
anati.gob.pa/indexno.php Linux mirror
AL.MaX HaCkEr
www.dicrep.gob.cl/contra_to/in... Linux mirror
AL.MaX HaCkEr
www.remcommission.gov.za/x.html FreeBSD mirror
AL.MaX HaCkEr
app.mohfw.gov.bd/leave/x.html Linux mirror
alex_owners
inspektorat.slemankab.go.id Linux mirror
alex_owners
bpbd.slemankab.go.id Linux mirror
alex_owners
bkd.slemankab.go.id Linux mirror
alex_owners
dprd.slemankab.go.id Linux mirror
alex_owners
capilwp.slemankab.go.id Linux mirror
alex_owners
bp3kprambanan.slemankab.go.id Linux mirror
alex_owners
berbahkec.slemankab.go.id Linux mirror
alex_owners
wisata.bengkuluprov.go.id Linux mirror
alex_owners
kp2t.bengkuluprov.go.id Linux mirror
alex_owners
bkpmd.bengkuluprov.go.id Linux mirror
alex_owners
satpolpp.bengkuluprov.go.id Linux mirror
This section of the CIR is dedicated to inform the public of website defacements that have targeted either larger organizations or government agencies. The perpetrators of these attacks are all over the world and have different reasons for hacking that range from curiosity to hacktavism to state sponsored espionage/cyber warfare activity.
CIR
18
alex_owners
rsudmyunus.bengkuluprov.go.id Linux mirror
alex_owners
rsmy.bengkuluprov.go.id Linux mirror
alex_owners
latihan.bengkuluprov.go.id Linux mirror
alex_owners
kpid.bengkuluprov.go.id Linux mirror
alex_owners
inspektorat.bengkuluprov.go.id Linux mirror
alex_owners
esdm.bengkuluprov.go.id Linux mirror
alex_owners
elearning.bengkuluprov.go.id Linux mirror
alex_owners
dkp.bengkuluprov.go.id Linux mirror
alex_owners
distan.bengkuluprov.go.id Linux mirror
alex_owners
dispenda.bengkuluprov.go.id Linux mirror
alex_owners
disnakkeswan.bengkuluprov.go.id Linux mirror
alex_owners
disnaker.bengkuluprov.go.id Linux mirror
alex_owners
diskoperindag.bengkuluprov.go.id Linux mirror
alex_owners
dishut.bengkuluprov.go.id Linux mirror
alex_owners
dishubkominfo.bengkuluprov.go.id Linux mirror
alex_owners
dinkessos.bengkuluprov.go.id Linux mirror
alex_owners
dinaspu.bengkuluprov.go.id Linux mirror
alex_owners
dinasperkebunan.bengkuluprov.g... Linux mirror
alex_owners
diknas.bengkuluprov.go.id Linux mirror
alex_owners
bpmpd.bengkuluprov.go.id Linux mirror
alex_owners
bpad.bengkuluprov.go.id Linux mirror
alex_owners
blh.bengkuluprov.go.id Linux mirror
alex_owners
bkp.bengkuluprov.go.id Linux mirror
alex_owners
balitbang.bengkuluprov.go.id Linux mirror
alex_owners
bakorluh.bengkuluprov.go.id Linux mirror
alex_owners
bengkuluprov.go.id Linux mirror
alex_owners
badandiklat.bengkuluprov.go.id Linux mirror
Ali TOOFAN
mendereshem.gov.tr/images/HZ.htm Win 2003 mirror
AngryCustomers
www.comcaja.gov.co Linux mirror
Armadillo.DZ
www.inteko.gov.rw/parliament/i... Win 2008 mirror
Armadillo.DZ
www.rwandaparliament.gov.rw/pa... Win 2008 mirror
ArTiN
dslr.kerala.gov.in/templates/k... Unknown mirror
ArTiN
sabarimala.kerala.gov.in//temp... Linux mirror
ArTiN
www.swd.kerala.gov.in FreeBSD mirror
ArTiN
www.homoeopathycouncil.kerala.... Win 2000 mirror
ArTiN
www.elephantcentre.kerala.gov.... Win 2000 mirror
As_x0rs
rsj.jabarprov.go.id/media.php?... FreeBSD mirror
As_x0rs
disnakertrans.jabarprov.go.id FreeBSD mirror
Ashiyane Digital Security Team
bangkok.cad.go.th/templates/an... Win 2003 mirror
CIR
19
Ashiyane Digital Security Team
chiangmai.cad.go.th/angola.html Win 2003 mirror
Ashiyane Digital Security Team
www.jsmfm.gov.cn Win 2003 mirror
Ashiyane Digital Security Team
phayayen.go.th/crypt0.htm Linux mirror
Ashiyane Digital Security Team
muaklek.go.th/crypt0.htm Linux mirror
Ashiyane Digital Security Team
bangkhanoon.go.th Linux mirror
Audisoft Hacker Team
www.ministeriodeltrabajo.cl Linux mirror
Audisoft Hacker Team
www.minecon.gob.cl Linux mirror
Audisoft Hacker Team
www.minecon.cl Linux mirror
Audisoft Hacker Team
www.economia.cl Linux mirror
Audisoft Hacker Team
www.economia.gob.cl Linux mirror
Baader Meinhof
ww2.prt23.mpt.gov.br/agendaCor... Linux mirror
BaDBoY-ALbania
www.fatihism.gov.tr Linux mirror
Bangladesh Cyber Army
ibten.gob.bo/portal/index.php?... Linux mirror
Bangladesh Cyber Army
paulistas.mg.gov.br/home/?p=414 Linux mirror
Bangladesh Cyber Army
ctpmsj.sc.gov.br/cc/ Linux mirror
Barbaros-DZ
www.xxjw.gov.cn Win 2003 mirror
Barbaros-DZ
cazx.pljy.gov.cn Win 2003 mirror
Barbaros-DZ
jhj.sqds.gov.cn Win 2008 mirror
Barbaros-DZ
pytj.pingyuan.gov.cn Win 2000 mirror
Barbaros-DZ
kcscgwh.shaheshi.gov.cn Win 2003 mirror
Barbaros-DZ
xnfb.gssn.gov.cn Win 2008 mirror
Barbaros-DZ
bmj.zhumadian.gov.cn Win 2008 mirror
Barbaros-DZ
www.hljsunwu.gov.cn/swfda/ Win 2003 mirror
Barbaros-DZ
jz.smehen.gov.cn Win 2003 mirror
Barbaros-DZ
txlyj.tx.gov.cn Unknown mirror
BD GREY HAT HACKERS
www.sednortedesantander.gov.co... Linux mirror
BD GREY HAT HACKERS
www.semitagui.gov.co/tmp/ Linux mirror
BD GREY HAT HACKERS
saburaijuakab.go.id Linux mirror
Black Angels
summary.bappenas.go.id/?id=425 Linux mirror
Black Angels
ibau.bappenas.go.id/data/index... Linux mirror
Black Angels
irtama.bappenas.go.id/?page=home Linux mirror
Black Angels
kgm.bappenas.go.id/index.php?h... Linux mirror
busabos
tourism.cityofsanfernando.gov.... Linux mirror
BY DRISS
www.tako.moph.go.th/takmoph_new Linux mirror
c1m
prepare.surabaya.go.id/data/ke... Win 2003 mirror
chinahacker
www.hbsjgj.gov.cn/dhthacker.co... Win 2003 mirror
chinahacker
csgh.hbsjst.gov.cn/dhthacker.c... Win 2003 mirror
chinahacker
www.lhkgh.gov.cn/dhthacker.com... Win 2003 mirror
chinahacker
www.gsgh.gov.cn/dhthacker.com.htm Win 2003 mirror
CIR
20
chinahacker
csgh.hbzfhcxjst.gov.cn/dhthack... Win 2003 mirror
chinahacker
www.tmgh.gov.cn/dhthacker.com.htm Win 2003 mirror
chinahacker
www.dayegh.gov.cn/dhthacker.co... Win 2003 mirror
chinahacker
www.hbzfhcxjst.gov.cn/dhthacke... Win 2003 mirror
chinahacker
www.ezjsw.gov.cn/dhthacker.com... Win 2003 mirror
chinahacker
www.hbza.gov.cn/dhthacker.com.htm Win 2003 mirror
COod,PiiN 17
chiangpin.go.th Linux mirror
CoRiNgA CrAcKeR
www.globoteatro.com.br/fotos-1... Win 2008 mirror
Cyb3rSec
www.munisantiagodechuco.gob.pe... Linux mirror
Cyberhackerteam
www.zjgcz.gov.cn Linux mirror
DaiLexX
www.ksk.pkink.gov.my/images/ko... Linux mirror
DaiLexX
www.pkink.gov.my/v3/images/kos... Linux mirror
DaiLexX
komunavelipoje.gov.al Linux mirror
Dbuzz
bimakab.go.id/db.txt Linux mirror
Dbuzz
dekranasda.bimakab.go.id/db.txt Linux mirror
Dbuzz
dishubkominfo.bimakab.go.id Linux mirror
De vinclous
dremhuanuco.gob.pe Linux mirror
DevilzSec
www.bangkeiad.go.th//images/ba... Linux mirror
direxer
foxmoviespremium.fox.co.id/pro... Linux mirror
Dr.3aBQaReNo
napongloei.go.th Unknown mirror
Dr.SHA6H
yonkav2tank.mil.id/tmp/ Linux mirror
Dr-TaiGaR
imagerie-digestive.med.univ-to... Linux mirror
Dr-TaiGaR
scanner_urgence_abdo.med.univ-... Linux mirror
Flan Bn Flan
www.sigpad.gov.co Win 2003 mirror
GARWASHA
eoin.gov.sa/vb Linux mirror
Ghost Italian Hackers
www.napo.gob.ec Linux mirror
HacKed By LaMiN3 DK
static.alcaldiadeibague.gov.co... Linux mirror
HacKed By LaMiN3 DK
u618.univ-tours.fr/robots.txt Linux mirror
hatrk
newrussiatownship-oh.gov/cms/t... Linux mirror
HeavenCode
www.maetom.go.th/index.php Linux mirror
HeavenCode
www.ku.go.th/index.php Linux mirror
HeavenCode
www.krasaesin.go.th/index.php Linux mirror
HighTech
hncj.hnbys.gov.cn/index.html Win 2003 mirror
HighTech
fenorte.rj.gov.br Win 2008 mirror
Hmei7
suzuki.com.bo Linux mirror
Hmei7
www.geoportal.e-kyzylorda.gov.... Win 2003 mirror
Hmei7
motorola.hr Linux mirror
Indishell
www.imli.gov.bd Linux mirror
Indishell
www.tourismboard.gov.bd Linux mirror
CIR
21
Indishell
www.moc-bd.gov.bd Linux mirror
Indishell
www.dphaha-nipsom.gov.bd Linux mirror
Indishell
www.hsttimymensingh.gov.bd Linux mirror
Indishell
www.d8dhaka.gov.bd Linux mirror
Indishell
www.bnfe.gov.bd Linux mirror
Indishell
brussels.mofa.gov.bd Linux mirror
Indishell
lbra.mofa.gov.bd Linux mirror
Indishell
www.multan.gov.pk/upload Linux mirror
Indishell lamers
www.poultry.punjab.gov.pk/agre... Win 2008 mirror
Indishell lamers
unido.org.pk/unido/libya.txt Linux mirror
Invectus
dig.xvm.mit.edu/redmine/activity/ Linux mirror
IR-security-LAMERS
www.shaanxigrain.gov.cn/l0rd.htm Win 2003 mirror
IR-security-LAMERS
cgs.tyjj.gov.cn/l0rd.htm Win 2003 mirror
islamic ghosts team
www.nuped.letras.ufba.br Linux mirror
Jas0nz666
dkbbkftz.go.id Linux mirror
Jas0nz666
dinkes.jogjaprov.go.id/jkt48.php Linux mirror
Jas0nz666
www.bbkkp.go.id/jkt48.php Linux mirror
KHS
gevgelija.gov.mk Linux mirror
Kinoz TD
www.ubonmet.tmd.go.th/vision.php Linux mirror
klod fajraoui
www.far.fiocruz.br/farmanguinhos/ Linux mirror
klod fajraoui
www2.far.fiocruz.br/farmanguin... Linux mirror
Kzsg
www.mairie-chateau-landon.fr Linux mirror
LUN4T1C0
fauna.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sismagrov1.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-valparaiso.sag.gob.cl/x... Win 2003 mirror
LUN4T1C0
segcom-tarapaca.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-ohiggins.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-metropolitana.sag.gob.c... Win 2003 mirror
LUN4T1C0
segcom-maule.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-magallanes.sag.gob.cl/x... Win 2003 mirror
LUN4T1C0
segcom-loslagos.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-coquimbo.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-aysen.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-atacama.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-arica.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-araucania.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
segcom-antofagasta.sag.gob.cl/... Win 2003 mirror
LUN4T1C0
furihistorico.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
furi.sag.gob.cl/x.txt Win 2003 mirror
CIR
22
LUN4T1C0
idase.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
lobesia.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
lotes.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
maestrosag.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
microimagenes.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
monitor-regexppec.sag.gob.cl/x... Win 2003 mirror
LUN4T1C0
predistribucion.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
repsisveg.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
reqmercado.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
reqpecuario.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sf-sipec.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sipecflash.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sipec-regapicola.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sisacr-monitor.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sisber.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
siscexp.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sisimp-monitor.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sislab-monitor.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sispmex.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sispusa.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
sjs.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
snaa.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
svyv.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
wsipec.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
descolgados.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
defensa.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
csm.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
controlrechazos.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
biblioteca.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
alimentos.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
agendamientousda.sag.gob.cl/x.txt Win 2003 mirror
LUN4T1C0
agendamiento.sag.gob.cl/x.txt Win 2003 mirror
m0m0
pn-kisaran.go.id Linux mirror
m0m0
lampungtengahkab.go.id Linux mirror
m0m0
pa-kudus.go.id Linux mirror
malware
www.esechitaraque.gov.co Linux mirror
Maxney
pizzahut.co.id Linux mirror
mcstone
hospitallibano.gov.co Linux mirror
MDS
www.mete.gov.al/foto/index.php Win 2008 mirror
CIR
23
MexicanH
vivedigital.gov.co Linux mirror
MexicanH
compartel.gov.co Linux mirror
MexicanH
mintic.gov.co Linux mirror
Micky
ntprcc.gov.vn Linux mirror
MindCracker
dinkes.sijunjung.go.id Linux mirror
MindCracker
eproc.sijunjung.go.id Linux mirror
MindCracker
sulawesitenggaraprov.go.id Linux mirror
MindCracker
pa-tangerangkota.go.id Linux mirror
MindCracker
galerifoto.pa-tangerangkota.go.id Linux mirror
MoroccanGhosts
keno.fr Linux mirror
MoroccanGhosts
www.euromillions.fr Linux mirror
MoroccanGhosts
parionssport.fr Linux mirror
ms_dz
www.coren-pb.gov.br Linux mirror
ms_dz
www.corenpb.gov.br Linux mirror
n4pst3r
www.parquesnacionales.gov.co/i... Linux mirror
NeT-Hawks
www.maraguacountycouncil.go.ke Linux mirror
Over-X
www1.southindianbank.com/index... Win 2008 mirror
Over-X
www2.southindianbank.com/asp/ Win 2008 mirror
Over-X
www.eu-pregovori.hr/images/ Win 2003 mirror
PAOK
hplsa2012.mam.gov.tr/paok.html Win 2003 mirror
PAOK
durak.mam.gov.tr/dekos/paok.html Win 2003 mirror
PAOK
biyoteknolojiyazokulu.mam.gov.... Win 2003 mirror
PAOK
trijen.mam.gov.tr/paok.html Win 2003 mirror
PcChoLik
www.ylsdhb.gov.cn/index.htm Win 2003 mirror
PcChoLik
www.wbhb.gov.cn/index.htm Win 2003 mirror
PcChoLik
ylyyhb.gov.cn/index.htm Win 2003 mirror
PcChoLik
ylzzhb.gov.cn/index.htm Win 2003 mirror
PcChoLik
jbhb.gov.cn/index.php Win 2003 mirror
privatex
marina.gov.ph Win 2008 mirror
privatex
mtc.gov.ph Win 2008 mirror
PrivateX
ntc.gov.ph Linux mirror
Q8 Spy
www.imer.gob.mx/haCked.php Linux mirror
Q8 Spy
www.vieja.imer.gob.mx/haCked.php Linux mirror
Q8 Spy
www.cursosrmi.imer.gob.mx/haCk... Linux mirror
Q8 Spy
www.cursosglobal.imer.gob.mx/h... Linux mirror
Q8 Spy
www.capsulas.imer.gob.mx/haCke... Linux mirror
Q8 Spy
www.blogprogramas.imer.gob.mx/... Linux mirror
Q8 Spy
www.adserver.imer.gob.mx/haCke... Linux mirror
Q8 Spy
www.promociones.imer.gob.mx/ha... Linux mirror
CIR
24
Q8 Spy
www.recursos.imer.gob.mx/haCke... Linux mirror
Q8 Spy
www.horizonte.imer.gob.mx/haCk... Linux mirror
RainsevenDotMy
www.namnoi.go.th//images/otop/... Linux mirror
RainsevenDotMy
www.padangbezarcity.go.th/imag... Linux mirror
RainsevenDotMy
www.kohyai.go.th/index.php Linux mirror
s13doeL
shyrk.gov.cn/zongg/daima.asp?i... Win 2003 mirror
SaccaFrazi
www.wdjw.ynwd.gov.cn/Sf.txt Win 2003 mirror
SanFour25
rciregistration.nic.in/rehabco... Linux mirror
SanFour25
policewb.gov.in/wbp/counter.txt Linux mirror
SanFour25
birapdbt.nic.in/video/Dz.php Linux mirror
SanFour25
gpra.nic.in/writereaddata/Dz.php Linux mirror
SanFour25
www.diu.gov.in/departments/Dz.php Linux mirror
SanFour25
www.rac.gov.in/experts/Dz.php Linux mirror
SanFour25
iii.gov.in/tmp/Dz.php Linux mirror
Saudi - Hack
amp.gob.sv Win 2008 mirror
Sheep139
tejakula.bulelengkab.go.id/nul... Linux mirror
Sheep139
sawan.bulelengkab.go.id/null.php Linux mirror
Sheep139
pu.bulelengkab.go.id/null.php Linux mirror
Sheep139
pkk.bulelengkab.go.id/null.php Linux mirror
Sheep139
kpt.bulelengkab.go.id/null.php Linux mirror
Sheep139
kopdagperin.bulelengkab.go.id/... Linux mirror
Sheep139
kominfo.bulelengkab.go.id/null... Linux mirror
Sheep139
kesbanglinmas.bulelengkab.go.i... Linux mirror
Sheep139
kbpp.bulelengkab.go.id/null.php Linux mirror
Sheep139
hutbun.bulelengkab.go.id/null.php Linux mirror
Sheep139
gerokgak.bulelengkab.go.id/nul... Linux mirror
Sheep139
dprd.bulelengkab.go.id/null.php Linux mirror
Sheep139
distanak.bulelengkab.go.id/nul... Linux mirror
Sheep139
dispenda.bulelengkab.go.id/nul... Linux mirror
Sheep139
disnakertrans.bulelengkab.go.i... Linux mirror
Sheep139
diskanla.bulelengkab.go.id/nul... Linux mirror
Sheep139
dishutbun.bulelengkab.go.id/nu... Linux mirror
Sheep139
disbudpar.bulelengkab.go.id/nu... Linux mirror
Sheep139
dinkes.bulelengkab.go.id/null.php Linux mirror
Sheep139
busungbiu.bulelengkab.go.id/nu... Linux mirror
Sheep139
bulelengkab.go.id/null.php Linux mirror
Sheep139
bkd.bulelengkab.go.id/null.php Linux mirror
Sheep139
bappeda.bulelengkab.go.id/null... Linux mirror
Sheep139
bankdata.bulelengkab.go.id/nul... Linux mirror
CIR
25
Sheep139
banjar.bulelengkab.go.id/null.php Linux mirror
Sheep139
lpse.bengkulutengahkab.go.id/i... Linux mirror
Sheep139
dprd.bengkulutengahkab.go.id/i... Linux mirror
Sheep139
bkd.bengkulutengahkab.go.id/id... Linux mirror
Sheep139
bappeda.bengkulutengahkab.go.i... Linux mirror
ShinoBi-Dz
phsmun.go.th Linux mirror
ShinoBi-Dz
nakornphitsanulokgames.phsmun.... Linux mirror
ShinoBi-Dz
calendar.phsmun.go.th Linux mirror
SQLulZ
www.mct.gov.az/headers/index.html Linux mirror
storm511
www.eva.gov.sa Linux mirror
Terminal_Pk
www.cinep.pb.gov.br/site/sistema Linux mirror
The UnderTaker
softekwebsrv.dtop.gov.pr/notic... Win 2003 mirror
TURK KURSUNU
www.livestock.kerala.gov.in FreeBSD mirror
TURK KURSUNU
www.cwb.kerala.gov.in FreeBSD mirror
TURK KURSUNU
www.cimat.kerala.gov.in FreeBSD mirror
TURK KURSUNU
www.dsya.kerala.gov.in FreeBSD mirror
ulow
wap.hcqrd.gov.cn/a.htm Win 2003 mirror
ulow
oa.hcqrd.gov.cn/a.htm Win 2003 mirror
ulow
www.llc.gov.cn/zongg/daima.asp... Win 2003 mirror
ulow
sj.fengkai.gov.cn/zongg/daima.... Win 2003 mirror
ulow
www.barangay.gov.ph Linux mirror
ulow
www.jlsjtysj.gov.cn/zongg/daim... Win 2008 mirror
ulow
www.bansud.gov.ph Linux mirror
ulow
pzrf.gov.cn/zongg/daima.asp?id=69 Win 2003 mirror
UTEPA
www.cxmeerutzone.gov.in/aboutu... Win 2008 mirror
UTEPA
www.mairie-prechac-sur-adour.f... Linux mirror
uykusuz001
www.ynwd.gov.cn/tr.txt Win 2003 mirror
uykusuz001
www.wgwj.gov.cn/tr.txt Win 2003 mirror
uykusuz001
www.chrk.gov.cn/tr.txt Win 2003 mirror
uykusuz001
wenlian.kashi.gov.cn/tr.txt Win 2003 mirror
uykusuz001
waiban.kashi.gov.cn/tr.txt Win 2003 mirror
uykusuz001
unit.kashi.gov.cn/tr.txt Win 2003 mirror
uykusuz001
pbc.kashi.gov.cn/tr.txt Win 2003 mirror
uykusuz001
caizheng.kashi.gov.cn/tr.txt Win 2003 mirror
uykusuz001
bianban.kashi.gov.cn/tr.txt Win 2003 mirror
uykusuz001
subsite.kashi.gov.cn/tr.txt Win 2003 mirror
uykusuz001
www.yunxi.gov.cn/tr.txt Win 2003 mirror
uykusuz001
www.hyjtw.gov.cn/tr.txt Win 2003 mirror
VolcanoHacker
www.fsi.gov.ph Linux mirror
CIR
26
web hacker
jdp.cri2.go.th/data/research_1... Linux mirror
wesker Hacker
www.pkdcity.go.th Linux mirror
wesker Hacker
csdc.go.th Linux mirror
Y3OULS
www.concejodecartago.gov.co/wp... F5 Big-IP mirror
ynR !
www.mnrt.go.tz/images/ynr.php Linux mirror
z3ran gaza hack3er tema
starizanati.gov.rs F5 Big-IP mirror
ZiqoR
www.sedarauca.gov.co/arauca/tmp/ Linux mirror
ZiqoR
www.keciorenmuftulugu.gov.tr/z... Linux mirror
ZiyaretCi
www.meramram.gov.tr Linux mirror
ZiyaretCi
sahinbeyram.gov.tr/img Win 2003 mirror
ZiyaretCi
www.trabzonkanuni.gov.tr Linux mirror
ZiyaretCi
www.trabzonnumune.gov.tr Linux mirror
ZoRRoKiN
concejodepopayan.gov.co Linux mirror
ZoRRoKiN
eoi.extalcaladehenares.arganda... Linux mirror
ZoRRoKiN
ww2.semptoshiba.com.br/express... Win 2003 mirror
CIR
27
N° Notifier Single def. Mass def. Total def. Homepage def. Subdir def.
1. Barbaros-DZ 3209 157 3366 1020 2346
2. Ashiyane Digital Security Team 2496 3228 5724 1047 4677
3. Hmei7 2072 1170 3242 706 2536
4. LatinHackTeam 1428 1276 2704 2254 450
5. iskorpitx 1322 953 2275 784 1491
6. Fatal Error 1017 1127 2144 1764 380
7. chinahacker 883 1317 2200 4 2196
8. MCA-CRB 851 621 1472 367 1105
9. By_aGReSiF 748 1424 2172 802 1370
10. 3n_byt3 626 1809 2435 848 1587
11. HEXB00T3R 604 630 1234 405 829
12. Red Eye 579 1551 2130 2093 37
13. uykusuz001 540 153 693 34 659
14. brwsk007 525 177 702 24 678
15. Mafia Hacking Team 496 589 1085 322 763
16. Swan 495 258 753 219 534
17. Digital Boys Underground Team 461 441 902 179 723
18. Iran Black Hats Team 458 326 784 417 367
19. 1923Turk 422 1487 1909 421 1488
20. DeltahackingSecurityTEAM 415 443 858 232 626
21. Over-X 403 1469 1872 1219 653
22. D.O.M 392 645 1037 824 213
23. kaMtiEz 391 390 781 238 543
24. ZoRRoKiN 386 198 584 107 477
25. Triad 375 315 690 397 293
26. [#Elite Top Team] 362 303 665 570 95
27. sinaritx 359 98 457 160 297
28. k4L0ng666 350 1204 1554 222 1332
29. core-project 313 325 638 629 9
30. Ma3sTr0-Dz 313 735 1048 300 748
31. linuXploit_crew 311 166 477 477 0
32. misafir 299 298 597 219 378
33. Turkish Energy Team 284 216 500 296 204
34. ISCN 274 123 397 96 301
35. !nf3rN.4lL 262 376 638 176 462
36. PoizonB0x 251 3 254 254 0
37. NeT-DeViL 249 258 507 334 173
38. eMP3R0r TEAM 240 306 546 136 410
39. PowerDream 237 164 401 174 227
40. Vezir.04 236 111 347 152 195
41. KHG 233 281 514 210 304
42. S4t4n1c_S0uls 230 144 374 311 63
43. Hi-Tech Hate 223 6 229 229 0
44. XTech Inc 223 328 551 548 3
45. BeLa 210 123 333 147 186
46. spook 209 31 240 40 200
47. m0sted 208 207 415 106 309
48. Prime Suspectz 205 0 205 205 0
49. the freedom 198 136 334 22 312
50. c4uR 191 383 574 397 177
CIR
28
Internet Storm Center Top 10 Ports
Top 10 Source IPs
IP Address Reports Attacks First Seen Last Seen
069.175.126.170 (US) 667,102 143,938 2012-07-11 2012-10-30
115.248.142.082 () 726,327 134,063 2012-10-03 2012-10-30
183.063.031.122 (CN) 299,995 116,310 2012-09-04 2012-10-30
037.009.053.002 (RU) 469,874 107,028 2012-09-12 2012-10-30
222.043.097.006 (CN) 582,465 106,643 2012-06-27 2012-10-30
203.171.230.050 (CN) 81,390 80,068 2012-10-19 2012-10-29
069.175.054.106 (US) 1,274,772 79,566 2012-07-14 2012-10-30
061.147.110.057 (CN) 99,631 75,652 2012-10-30 2012-10-30
199.030.059.172 (US) 171,494 73,949 2012-06-14 2012-10-30
199.030.058.121 (US) 182,969 73,465 2012-09-07 2012-10-30
Resources: DC3 DISPATCH [email protected] FBI In the New [email protected] Zone-h www.zone-h.org Xssed www.xssed.com Packet Storm Security www.packetstormsecurity.org Sans Internet Storm Center isc.sans.org Exploit Database www.exploit-db.com Exploits Database www.exploitsdownload.com Islamic Republic of Iran Security Team irist.ir Hack-DB www.hack-db.com Infragard www.infragard.org ISSA www.issa.org Information Warfare Center informationwarfarecenter.com Secunia www.secunia.org Tor Network If you do not want to receive future emails from us, contact [email protected]
by Reports by Targets by Sources
Port Reports
445 1010483
3389 588006
443 563127
80 374478
22 274012
5060 254687
57695 238588
57778 230173
57694 190135
135 173854
Port Targets
22 96906
3389 73498
5060 67614
443 62811
135 58838
3306 57955
445 50878
1433 49051
8080 38499
5901 36087
Port Sources
445 49766
57778 22025
57692 21927
57695 21813
57694 21602
31302 20440
57691 20165
46012 20040
57687 19973
45915 19956