Very little time has passed from the last Microsoft defacement (Microsoft Technet), when yesterday Saudi Arabia crackers successfully compromised another Microsoft website: Microsoft.co.uk at the page http://www.microsoft.co.uk/events/net/eventdetail.aspx?eventid=8399.
At the time being, the defacement is still up and running even though not every browser will be capable to show it as too many users are trying now to load the hacker’s injected CSS (Cascading Style Sheet) located on an external host (h.1asphhost.com) which now has is suffering slow response time.
SANS Internet Storm Center published a bulletin on Friday that casts a new light on the capabilities of Social Engineering. The report describes a website whose visitors were infected with malware. And here is the problem since according to the author, Mr. Bojan Zdrnja, the site didn’t use the nearly universal technique of an iframe, which allows exploit code to be siphoned in from another website .
So what? We are facing a case of pure Social Engineering technique.. and quite an effective one.
As reported by the Internet Storm Center, “ When visited, the web page in question (a game site related to RuneScape) shows couple of broken icons and all links just point to another web page that conveniently inform the user that his version of Macromedia Flash Player needs to be updated. After this notice, the user is redirected to a web site hosting a complete replica of the Shockwave Player Download Center”.
French officials aren’t any longer allowed to use Blackberry to send and receive e-mails because of security concerns, the newspaper Le Monde reports .
The fear for potential espionage activities - specifically, snooping by the U.S. National Security Agency (NSA)- convinced French authorities to forbid the use of Blackberry devices in ministries and in other governmental areas.A similar warning had been already released 18 months ago by France’s General Secretariat for National Defense.
The warning was based on a study by French head of economic intelligence, pointing out the security threats brought about Blackberries.
On June 21st, the Defence Secretary Robert Gates confirmed that the previous day the Pentagon suffered a digital intrusion into a US Defence Department mail server, prompting authorities to take 1500computers offline.
Gates declared that “Elements of the OSD (Office of the Secretary of Defense) unclassified email system were taken offline yesterday afternoon due to a detected penetration,” also adding that “A variety of precautionary measures are being taken. We expect the system to be online again very soon.”
Three different DDoS attacks temporarily took Zone-H offline for some days, preventing Zone-H team to publish news and to update our Attacks Archive. Now that all Zone-H activities have been restored we point out some important digital events that affected both companies and governmental websites during last weeks .
One of the most worth noticing attack was carried out by a Turkish defacer against AOL’s website, based in Puerto Rico.