How To Dodge iOS 6.1.2 Passcode - Vulnerability Exploited And Explained


Apple has been a bit bitter past a few of its iOS releases making it that much easier for iOS device users to spit out what they chew. After the release of iOS 6.1.2, we imagined Apple to have gotten on its high horse to resolve security issues that haunted iOS 6.1. Unfortunately, our dreams remain shattered. Apple has been unable to fix 3G connectivity and Exchange Calendar bugs in iOS 6.

DOM Based XSS In AVG


Lately, i have been researching on DOM based XSS a bit, Recently i found a DOM based XSS in AVG, DOM based XSS is caused due to lack of input filtering inside client side javascripts, since most of the code is moving towards client side, therefore DOM based xss have been very common now a days, It is predicted by the experts that the DOM based xss mostly occurs in the websites that heavily rely upon javascripts.

Adobe Zero Day Malware - Upgrade Adobe Reader and Acrobat



A few days ago we blogged about Adobe's Zero-Day Malware affecting Adobe Reader and Acrobat. The malware was investigated on by Sophos Lab and they uncovered an ample amount of information. We reported that while Adobe was trying to fix the vulnerability, users could defend themselves by following a few simple steps. Well, Adobe has kept its promise and we shall fear no more. The emergency update for Adobe Reader and Acrobat have been released.

All Problems And Solutions Related To SQL injection

                             SQL1.bmp

Today I'll write a tutorial for you that covers most problems while applying SQL injection and solutions to them. Probably every person who has looked at tutorials to hack a website have noticed that there are too many SQL tutorials. Almost every forum has 10 tutorials and blogs 5 tutorials about SQL injection, but actually those tutorials are stolen from somewhere else and the author most of the time doesn't even know why does SQL injection works. All of those tutorials are like textbooks with their ABC's and the result is just a mess. Everyone is writing tutorials about SQL, but nobody covers the problems what will come with that attack.

Jailbreak iOS 6.1.2 Untethered On All iDevices



Apple has been quick to patch the last of the bugs found in the iOS 6.1.1. With the release of iOS 6.1.2 it seemed that Apple would patch the jailbreak exploit as well. Fortunately, they haven't. The developers of the jailbreak tool Evasi0n are on a roll as they have updated the software to support iOS 6.1.2. Evasi0n v1.4 can now untether jailbreak iOS 6.1.2.

BlackBerry Users At Risk



Attention all BlackBerry users! You are vulnerable to remote attacks by hackers.

It has been reported by Blackberry security advisory that it is possible for hackers to infiltrate BlackBerry Enterprise Server. Hackers can also run malicious code on BES which is used by many companies. These exploits are considered to be grave in nature.

Facebook's Security Breeched - Java Zero-Day Vulnerability Found


Facebook was attacked by unidentified hackers on Friday. The attack was carried out when Facebook Co.'s employees visited a developer's website which was, you guessed it, compromised. The malware was installed on their laptops and so began the journey of Facebook's self-enlightenment.

Facebook has over 1 million users to its disposal who share sensitive information on the social networking site, giving Facebook the edge to control and use it freely. However, none of these 1 billion users want their private content to be spread out for everyone's eyes to see. Facebook is very aware of what attacks like such could mean for their following. It could bring down the very foundation of Facebook as we know it.

Blind SQL Injection - Detection And Exploitation


In our previous post "SQL Injection Basics - Union Based", I explained the basic technique not only to find detect sql injection vulnerabilities also how to exploit SQL Injection vulnerabilities with Union based method. However, In this post a security researcher and a good friend of mine ahmad ashraff decided to contribute to RHA and present his research on some blind sqli techniques, So enough from me, Over to Ahmed.

OWASP TOP 10 Security RISKS For 2013






The OWASP or the Open Web Application Security Project's "top 10" has been designed to raise awareness about crucial security threats faced by organisations. The data is based on 8 companies specialising in application security out of which 4 are consulting firms and the rest are tool vendors.

Adobe Zero Day - How To Protect Yourselves?

A couple of hours ago, we wrote a detailed blog on Adobe's Zero-Day malware, found by Fireeye and investigated by Sophos Lab. The malware consisted of an exploit to hack Adobe Reader and Adobe Acrobat softwares. The recent upgrades of the two softwares have found to be insufficient in providing security to the PC running them. The exploits remain unlatched (as for now) and the user vulnerable.

Adobe is doing its part and has begun by issuing a formal bulletin offering its users advice on the matter:

Adobe Zero-Day Malware Stripped by SophosLabs


A day has gone by since Fireeye Security Firm claimed to have discovered a zero-day vulnerability affecting Adobe Reader and Acrobat XI softwares. According to Fireeye;


Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.

Abode, in turn, began to investigate this highly-crucial and exasperating matter. The investigation led to an interesting development when SophosLabs was contacted by the concerned companies to do a little digging on their part into the malware. SophosLabs' Gabor Szappanos and Peter Szabo share their intriguing findings.

TV Channels Hacked To Broadcast Zombie Apocalypse Emergency Alert




What would you do if you were watching your favourite TV show and it was interrupted by an Emergency Broadcast claiming that Zombies have "finally" takeover the world? Run. Hide. Lock yourself in your Panic Room? The possibilities are endless and frankly, our personal choice would be to go insane for a single day! Steal a Ferrari and drive off into the sunset with the woofers blaring with "It's my life". Ah, the fantasy that never fades.

Pope Benedict's Resignation Spurs Spam On Twitter






Pope Benedict XVI decided to resign today and as soon as the news broke out so did the spam on Twitter. Spammers began to post messages with hashtag #pope on Twitter which were completely unrelated to the first Papal resignation in centuries.

Imagine a religious affair turning into ashes of ridicule as these tweets are being posted from accounts featuring young women who aren't as "decent" as the Catholic devotees who are following @Pontifex would want them to be.

Chat Malware - Skype and MSN Messenger Affected



The hacking geniuses have put all forms of communication at test till now. From infiltrating PCs through Android devices to defaming the most secure websites, hackers have done it all. But wait! They aren't just going to halt right here. You wish! They are taking their under-the-sleeve tactics to a whole new level of online-privacy invasion.
Hackers are putting all their concentration into gaining access to millions of internet users through traces of a new malware which spreads via messaging applications such as Skype and MSN Messenger. Hence, everyone who uses the mentioned programs is at stake here and we all know that that puts half the world's 'PC population' at risk of catching this virus that is spreading rapidly in the world of Internet.

Android Malware That Infiltrates Your PC

There has been a rise in the demand and purchase of Android-based devices. Typically, the reason is the easiness of use, accessibility and cost. Inexpensive Android smartphones have been taking over much of the market since the OS was first introduced and people who purchase low-cost Android phones look for ways to speed up their devices. This leads to them trusting third-party applications on Play Store. Where some of these apps are legit, most of them happen to be malicious and only fake the process of cleaning up the system. An app with the likes of the above example has recently been discovered and reported by Kaspersky Lab.


The app, Superclean, basically spreads from your Android smartphone to your PC and can be found on the Play Store. Ironically, it has a rating of 4.5 on the Play Store which is not bad for a malware.

SQL Injection Basics - Union Based [Detailed Tutorial]

Well, I would not be blogging about some thing new, however, it was missing at RHA for a long long time, thought there are tools out there to carry out all sorts of SQL Injection attacks however if you don't know what your tool is exactly doing at the backend then it's useless and the best way to learn according to me is doing it manually. As there is a saying that "A fool with a tool is always a fool", With that being said, i would like to summarize what i would be talking about in this post. Basically, i would be targeting a live website that is known to be vulnerable to SQL Injection, i have reported them many times, however they don't care so therefore i am making a full disclosure. Also in this post i would not be explaining what a SQL injection is (In Detail), because i feel that there are tons and tons of websites that have already written about it. However, i would talk more about the testing process.

What Is SQL Injection?

SQL Injection is one of the most commonly found vulnerabilities present on the web, It holds the number one place in Owasp Top 10. A SQL Injection can be defined as an attack in which we append SQL queries in order to extract the data present in the database. This normally occurs due to lack of input validation. SQL Injection can also commonly used by attackers to bypass authentication, however here, we would focus on Data extraction with SQL Injection.

Sky News's Twitter & Facebook Accounts Hacked By Syrian Electronic Army

Sky News Arabia's Twitter accounts, Facebook Page and Email Accounts have been compromised. Infiltrating the Sky News Network is the Syrian Electronic Army.

The accounts that faced the worst consequences were the channel's main Twitter Accounts including @skynewsarabia. The twitter accounts that were hacked were used for cultural and entertainment news. As far as the Facebook page is concerned - Facebook/skynewsarabia - was also penetrated by the hackers. Sky News later managed to regain control of its networks, accounts and pages from the harsh claws of the hackers.

The hackers at Syrian Electronic Army said during an interview that they first targeted Sky News's Outlook Web App Email panel. Screenshot of the hacked inbox can be seen below:



The hackers than reset the password of Twitter and Facebook accounts and pages which were associated with that email address using the "Forgot Password" option. Pretty simple for professional hackers.

The attack was carried out in solidarity with the rebels in the Syrian conflict, according to the hackers involved and against the foreign media's biased view against the Syrian President Bashar al-Assad.

For more information, please stay tuned to RHA.

Cheers!

How To Hack A Facebook Status

images58

Many of you are willing to hack a Facebook status ( means to post status by his/her Facebook account). That is actually not much difficult and here we are gonna expose the easy way to do - what you are willing for. Here is the step-by-step tutorial on how to hack a Facebook Status of someone(you want to target) on Facebook. Follow the instructions below:

How To Hack Wordpress And Joomla - Password Cracker

Friends, allies, partners-in-crime and haters, we know what you are looking for - the title above is proof enough, isn't it? I scream, you scream, we all scream for tools to hack Joomla and Wordpress. Don't fret as we offer salvation to your Joomla/Wordpress hacking needs.
 
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.