Archive for September, 2012

WordPress/joomla CMS brute force attacks (more than 25k sites)

It came to our notice today a targeted bruteforce attack on worpress/joomla/drupal and other CMS based websites. The list of the attacked hosts contains more than 25000 websites (http://my-audit.gr/attacked_cms_list.html) and considering that it’s starting from the letter m and below this appears to be just a part of a larger document.
The attack is being initiated through compromised windows systems where the following files are being uploaded:
30/03/2012  08:57 πµ           624.640 ctfmon.exe
25/09/2012  03:13 µµ                 0 good.txt
21/07/2012  12:50 µµ                 …

Continue Reading →
1

Vodafone Greece hacked…

ΖΗΜΙΑ ΠΟΥ ΑΓΓΙΖΕΙ ΤA 690.000 ΕΥΡΩ
ΑΠΑΤΗ ΣΕ ΒΑΡΟΣ ΤΗΣ VODAFONE
Με το ποσό των 690 χιλιάδων ευρώ ζημιώθηκε η Vodafone από τη μη καταγραφή χρήσης mobile internet που πραγματοποιήθηκε μέσω του δικτύου της. Το γεγονός έγινε γνωστό από τη Δίωξη Ηλεκτρονικού Εγκλήματος ως εξής: Με προηγμένη μέθοδο ηλεκτρονικής διείσδυσης, τύπου cracking, στα υπολογιστικά συστήματα της εταιρείας, οι εμπλεκόμενοι αποκτούσαν πρόσβαση στα δεδομένα διαχείρισης και πωλούσαν παράνομα στην Κούβα συνδέσεις στο διαδίκτυο. Ειδικότερα, οι τρεις δράστες κατάφεραν να διεισδύσουν ηλεκτρο- …

Continue Reading →
0

Fujitsu hacked by Anonymous..

As reported on pastebin.com, Fujitsu general DB’s leaked last week.
http://pastebin.com/1YMJPa8h
The method used was SQL Injection on
http://www.fujitsugeneral.com.br/onde-encontrar.aspx?estado=UF&cidade=cidade&bairro=bairro&tabela=Revendas which seems to have been corrected at this point but this is once again an example on how vulnerable our personal information is and how cautious we must be as far as posting our personal details is even in big and trustful sites.
Let us not forget what happened last year with Sony, even if Fujitsu has much less information on …

Continue Reading →
0

Greece International Airport (AIA / El. Venizelos) hacked!!

Last night Iranian hackers compromised AIA’s page, demonstrating once again how loosen the security is in major Greek sites.
As said in the past, in Greece organisations and government are paying a lot of money for simple web site development and promotion but are not considering the security at all.
Up to this minute www.aia.gr remains hacked (and will probably remain until tomorrow), my-audit.gr has informed the Airport security for this hack but as usual we are not expecting any …

Continue Reading →
0