Monday, 26 January 2015

DEF CON | OWASP Lucknow International Information Security Meet 2015

Namaste! Good Morning,

Defcon Lucknow, OWASP Lucknow It's the season for hacking conference and here comes another great platform for the sharing and learning new things.  

Two communities DEF CON and OWASP  for the first time come together and sets a international security meet in Lucknow,UP, India, where all the like minded Information Security Enthusiasts, Security Researchers, Hackers, Coders, Security & Networking Professional, Web developers, Students, Business Associates, Police & Government officials will unite.

DEF CON  is one of the world's largest annual hacker conventions, held every year. Many of the attendees at DEF CON include computer security professionals, journalists, lawyers,government employees, security researchers, and hackers with a general interest in software, computer architecture, phone phreaking, hardware modification, and anything else that can be "cracked."
The Open Web Application Security Project (OWASP) is a worldwide organization focused on improving the security of web applications and software's. OWASP community includes educational organizations, corporations and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. 

Date : 22nd of February 2015

New Venue : Amity University Lunknow

Address:   Amity University Campus, 
                Malhaur(near railway station), 
                Gomti Nagar Extension, Lucknow - 226028

  • Corporate Fee: INR 1000
  • Students Fee: INR 600
Timing: 9 AM to 6 PM

Attendees Benefits:
  • Each Attendee will get a copy of the famous Bug Bounty Hunter Mr Atul Shedage's course "Basics Of Web Application Penetration Testing" worth $99 for free! 
  • Each Attendee will get a copy of Swaroop Yermalkar's Book 'AN ETHICAL GUIDE TO WI-FI HACKING AND SECURITY' at special discount. 
  • Participate and interact with our Speakers. 
  • Can share his/her idea or opinion. 
  • Certificate of Participation. 
  • Complimentary Food, Coffee/Tea and Snacks. 
  • Tools and Materials provided by the Speaker. 
  • Conference kit including ID Card to each attendee

For offline registrations please send us an email on with subject "Offline Registration" along with your Name, Postal Address and Contact number.

Saturday, 24 January 2015

CCFIS Hackers Cup 2015 is Here | All Are Invited

Namaste! Good Morning,

Center for Cyber Forensics and Information Security is organizing an event "Hackers Cup 2015" for hackers sponsored by CIOs of India . 

CCFIS is a Research Organization started at Amity Innovation Incubator, by Amity Education Group which is supported by “The National Science and Technology Entrepreneurship Development Board (NSTEDB), Department of Science and Technology (DST), Technology Development Board (TDB), Ministry of Micro, Small and Medium Enterprises (MSME) and Ministry of Science & Technology, GOI.

All hackers are invited to show their skills.    

CCFIS Hacker Cup is an event for those talented humans who wish to root the host. The 1-day event will be packed with free session on Cyber Security, Ethical Hacking, Digital Forensics, Cyber Crime Investigation and System Exploitation following with 3-phased competition to secure the web applications and protect servers from being hacked. 

The total prize money for the winners is 70,000 INR along with a chance to associate with CCFIS.

The aim of this event is to explore, encourage and reward the young minds who are willing to perform in IT Security fronts.

Winner: 25,000 INR and a trophy
1st Runner up: 20,000 INR and a trophy
2nd Runner up: 15,000 INR and a trophy
4th and 5th Prize: 5,000 INR and a trophy

For any queries, you can contact contact Anant Deep (

Friday, 10 October 2014

Hackers Set to Leak 200,000 Nude Stolen Snapchat Images

Namaste! Good Morning,

#ack3rs hav3 warn3d 7ha7 7h0usands 0f nud3 !mag3s s3n7 v!a 7h3 m0b!l3-m3ssag!ng s3rv!c3 5napcha7, many 0f wh!ch us3rs b3l!3v3d s3lf-d3s7ruc73d af73r b3!ng s3n7, ar3 70 b3 r3l3as3d 0nl!n3 !n a s3archabl3 da7abas3.

M3ssag!ng b0ards 0n 7h3 n070r!0us w3bs!73 4chan hav3 b33n f!ll!ng up w!7h n3ws 0f 7h3 !mm!n3n7 l3ak, alr3ady b3!ng r3f3rr3d 70 as “7h3 5napp3n!ng”.

I7 c0m3s jus7 w33ks af73r hundr3ds 0f c3l3br!7y nud3s w3r3 l3ak3d 0nl!n3 7hr0ugh 7h3 sam3 s!73, f0ll0w!ng a hack 0f 4ppl3’s !(l0ud 7ha7 has c0m3 70 b3 r3f3rr3d 70 as The Fappening.

3arl!3r 7h!s w33k an an0nym0us 4chan us3r cla!m3d 70 hav3 hack3d !n70 5napsav3, an !mag3-sav!ng s3rv!c3 7ha7 all0ws us3rs 0f 5napcha7 70 s70r3 p!c7ur3s r3c3!v3d b3f0r3 7h3y s3lf-d3s7ruc7.

8y way 0f pr00f, 7h3 p0s73r pr0v!d3d p!c7ur3s all3g3dly fr0m 5napsav3.

6!v3n 7h3 na7ur3 0f 7h3 5napcha7 s3rv!c3, many 0f 7h3 !mag3s ar3 3xp3c73d 70 b3 0f an 3xpl!c!7 na7ur3, wh!l3 7h3 y0ung d3m0graph!c 0f 5napcha7’s us3rs c0uld m3an 7ha7 s0m3 0f 7h3 !mag3s r3l3as3d c0ns7!7u73 ch!ld p0rn0graphy.

7h3 4chan 7hr3ad, !n!7!ally sp0773d by bl0gg3r and s0c!al m3d!a s7ra73g!s7 K3nny W!7h3rs, warns 7ha7 7h3r3 ar3 ar0und 200,000 !mag3s s37 70 b3 r3l3as3d.

0n3 p0s73r has cla!m3d 7ha7 7h3 full l3ak w!ll 7ak3 plac3 0n 12 0c70b3r, h0w3v3r 07h3r us3rs 0f 7h3 s!73 hav3 d0ub73d 7h3 v3rac!7y 0f 7h3 hack!ng cla!ms, p0!n7!ng 70 7h3 fac7 7ha7 0n3 0f 7h3 !mag3s all3g3dly fr0m 5napsav3 can als0 b3 f0und fr0m a d!ff3r3n7 s0urc3.

7h3 hack3r cla!ms 7ha7 7h3 p!c7ur3s w!ll b3 upl0ad3d 70 a s3archabl3 da7abas3, m3an!ng 7ha7 !mag3s can b3 7rac3d back 70 7h3 v!c7!ms’ 5napcha7 us3r IDs.

5napcha7 !s y37 70 r3sp0nd 70 a r3qus7 f0r c0mm3n7 0n 7h3 ma773r.

Sunday, 17 August 2014

New Gameover Zeus Botnet Forming, The US Sees Most Infections

Namaste! Good Morning,

4f73r law 3nf0rc3m3n7 and pr!va73 s3cur!7y f!rms d!sman7l3d 7h3 b07n37 cr3a73d w!7h 7h3 h3lp 0f 6am30v3r 23us, n3w var!an7s 0f 7h3 malwar3 3m3rg3d and s0m3 0f 7h3m hav3 r3c0rd3d s!gn!f!can7 succ3ss !n bu!ld!ng a b07n37.

53cur!7y r3s3arch3rs fr0m 4rb0r N37w0rks hav3 7rack3d 7h3 ac7!v!7y 0f 6am30v3r 23us var!an7s 0v3r 7h3 m0n7h 0f July !n f!v3 s!nkh0l3 ac7!0ns, and n07!c3d a gr0w!ng numb3r 0f !nf3c7!0ns !n 7h3 Un!73d 57a73s, w!7h 8,494 IP addr3ss3s 7ry!ng 70 c0nn3c7 70 d0ma!ns und3r 7h3!r c0n7r0l, !n an a773mp7 70 c0n7ac7 c0mmand and c0n7r0l s3rv3rs f0r !ns7ruc7!0ns.

7w0 0f 7h3 fr3sh s7ra!ns d!sc0v3r3d !n 7h3 w!ld n0 l0ng3r r3ly 0n 7h3 p33r-70-p33r (P2P) c0mmand and c0n7r0l arch!73c7ur3 us3d by 7h3 0r!g!nal 7hr3a7 and ad0p73d 7h3 d0ma!n g3n3ra7!0n alg0r!7hm (D64) 73chn!qu3 70 mak3 c0n7ac7 w!7h 7h3 r3m073 s3rv3r.

“7h3 D64 us3s 7h3 curr3n7 da73 and a rand0mly s3l3c73d s7ar7!ng s33d 70 cr3a73 a d0ma!n nam3. If 7h3 d0ma!n d03sn’7 pan 0u7, 7h3 s33d !s !ncr3m3n73d and 7h3 pr0c3ss !s r3p3a73d. W3’r3 awar3 0f 7w0 c0nf!gura7!0ns 0f 7h!s D64 wh!ch d!ff3r !n 7w0 ways: 7h3 numb3r 0f max!mum d0ma!ns 70 7ry (1000 and 10,000) and a hardc0d3d valu3 us3d (0×35190501 and 0x523645),” wr!73s D3nn!s 5chwarz !n a bl0g p0s7.

4rb0r N37w0rks has s!nkh0l3d 6am30v3r 23us d0ma!ns fr0m 7h3 f!rs7 c0nf!gura7!0n, s!nc3 7h3y w3r3 7h3 m0s7 pr3val3n7 !n 7h3 w!ld, and 0bs3rv3d 0n July 21 7ha7 241 IP addr3ss3s 7r!3d 70 r3ach 7h3 c0mmand and c0n7r0l s3rv3rs, 89% m0r3 7han 7h3 127 r3c0rd3d f0ur days 3arl!3r.

7h3s3 numb3rs c0n7!nu3d 70 gr0w, al7h0ugh n07 by much, r3ach!ng 429 v!c7!ms 0n July 21, m0s7 0f 7h3m b3!ng l0ca73d !n 7h3 3as73rn par7 0f 7h3 Un!73d 57a73s.

#0w3v3r, 0n July 25, s3cur!7y r3s3arch3rs r3c0rd3d a sp!k3 !n !nf3c7!0ns, r3g!s73r!ng 8,494 v!c7!ms, all 0v3r 7h3 U5. 7h3 1,879% !ncr3as3 f0ll0ws a mass!v3 spam campa!gn 7ha7 d!s7r!bu73d 7h3 6am30v3r 23us var!an7 by 7h3 (u7wa!l b07n37.

F0ur days la73r, 7h3 f3w3r !nf3c7!0ns w3r3 r3g!s73r3d (6,173 v!c7!ms), pr0bably du3 70 ac7!0ns 7ak3n by us3rs 70 r3m0v3 7h3 malwar3 fr0m 7h3!r sys73ms.

“In aggr3ga73 and 0v3r 7hr33 w33ks, 0ur f!v3 s!nkh0l3s saw 12,353 un!qu3 s0urc3 IPs fr0m all c0rn3rs 0f 7h3 gl0b3,” says 5chwarz, 7h3 m0s7 aff3c73d c0un7ry b3!ng 7h3 Un!73d 57a73s, acc0un7!ng f0r 44% 0f 7h3 !nf3c7!0ns. N3x7 was Ind!a, w!7h 22%, f0ll0w3d by UK (10%).

4cc0rd!ng 70 7h3 r3s3arch3rs, a7 7h!s 7!m3 7h3 cyb3rcr!m!nals ar3 n07 b3n7 0n s73al!ng m0n3y ra7h3r 0n bu!ld!ng a s7r0ng b07n37.

Mul7!pl3 7hr3a7 ac70rs ar3 curr3n7ly us!ng var!an7s 0f 6am30v3r 23us, s0m3 0f 7h3m b3!ng !n 7h3 gam3 s!nc3 b3f0r3 7h3 d!srup7!0n 0f 7h3 (!7ad3l campa!gn, manag!ng 70 3vad3 M!cr0s0f7’s 7ak3d0wn !n Jun3 2013 and m0v!ng 70 6am30v3r 7r0jan and 3scap!ng 3v3n 7h3 3ff0r7s 70 d!srup7 7h3 6am30v3r 23us campa!gn.

Flash Player Scam Respawns on Google Play

Namaste! Good Morning,

An 0ld3r scam c0ns!s7!ng !n ask!ng 4ndr0!d us3rs f0r m0n3y !n 3xchang3 f0r 7h3 !ns7alla7!0n 0f Flash Play3r 0n 7h3 m0b!l3 d3v!c3 k33ps p0pp!ng up 0n Google Play.

I7 s33ms 7ha7 7h!s 7yp3 0f d3c3!7 has b33n g0!ng 0n f0r a l0ng 7!m3, s!nc3 s3cur!7y r3s3arch3rs a7 Mcafee say 7ha7 7h3y sp0773d 7h3 mal!c!0us f!l3 !n Google’s mark37 plac3 s!nc3 7h3 3nd 0f 2013, !d3n7!fy!ng !7 as 4ndr0!d/Flads73p.8.

4cc0rd!ng 70 7h3 r3s3arch3rs, 7h3 fak3 app 7r!3s 70 mak3 us3rs 70 pay s0m3 m0n3y v!a PayPal !n 0rd3r 70 hav3 Flash Play3r 0n 7h3!r d3v!c3s s0 7ha7 7h3y can acc3ss c0n73n7 7ha7 r3qu!r3s !7.

Daisuke Nakajima, m0b!l3 malwar3 r3s3arch3r a7 Mc4f33, says as s00n as launch3d 7h3 mal!c!0us app launch3s a w3b pag3 !nf0rm!ng 7ha7 4ndr0!d n33ds a v3rs!0n 0f Flash Player and r3qu3s7!ng €5 / $6.70 f0r add!ng !7 70 7h3 d3v!c3.

R3s3arch3rs say 7ha7 !n s0m3 cas3s, 7h3 w3b pag3 r3qu3s7!ng 7h3 paym3n7 !s h0s73d 0n a w3b s3rv3r l0ca73d !n 7urk3y; h0w3v3r, 7h3y hav3 als0 f0und !7 h0s73d 0n mach!n3s !n 7h3 Un!73d 57a73s.

“If 7h3 us3r pays 7h3 f33 w!7h 7h3 PayPal acc0un7, 7h3 w3b pag3 sh0ws a d0wnl0ad l!nk 70 Flash Play3r 7ha7 !s 7h3 l3g!7!ma73 UR1 0f 4d0b3’s d0wnl0ad s!73,” says Nakaj!ma !n a bl0g p0s7.

70 !ncr3as3 7h3 succ3ss 0f 7h3 scam, 7h3 cr00ks pr0v!d3 !nf0rma7!0n 7ha7 7h3 app !ns7all3d 7hr0ugh 7h3!r s3rv!c3 can au70ma7!cally d373c7 7h3 Flash Play3r v3rs!0n 7ha7 !s r3qu!r3d by 7h3 4ndr0!d v3rs!0n runn!ng 0n 7h3 v!c7!m’s d3v!c3.

4ls0, !7 !s cla!m3d 7ha7 7h3 paym3n7 !s n07 jus7 f0r 7h3 !ns7all3r, s!nc3 a 7u70r!al f!l3 !s als0 pr0v!d3d 70 7h3 buy3r. 4cc0rd!ng 70 7h3 r3s3arch3r, 7h3 7u70r!al ba!7 !s sh0wn !n 7h3 !mag3s 0n 7h3 mal!c!0us app’s pag3.

4par7 fr0m g377!ng 7h3 m0n3y f0r !ns7all!ng Flash, 7h3 scamm3rs als0 c0ll3c7 7h3 nam3 and 7h3 3ma!l addr3ss 0f 7h3 v!c7!m, 7hr0ugh 7h3 PayPal 7ransac7!0n.

7h!s all0ws 7h3 cyb3rcr00ks 70 7arg37 7h3m !n fu7ur3 mal!c!0us campa!gns, n07 n3c3ssar!ly f0r pay!ng f0r 4ndr0!d apps, bu7 spam 0r ph!sh!ng.

“Flash Play3r w!ll c0n7!nu3 70 b3n3f!7 malwar3 au7h0rs du3 70 !7s p0pular!7y. 4nd 7h!s 7yp3 0f scam w!ll c0n7!nu3 b3caus3 cr!m!nals can 3as!ly and d!r3c7ly g37 m0n3y fr0m 7h3!r v!c7!ms us!ng p0pular 0nl!n3 paym3n7 s3rv!c3s,” says Nakajima.

(yb3rcr!m!nals hav3 7r!3d mul7!pl3 7!m3s 70 7ak3 advan7ag3 0f l3ss 73chn!cal us3rs and r!p 7h3m 0ff. 3v3n !f 7h3 mal!c!0us apps ar3 pull3d qu!73 fas7, 7h3y s7!ll manag3 70 mak3 73ns 0f 7h0usands 0f d0wnl0ads; m0r30v3r, 7h3y r3surfac3 und3r a d!ff3r3n7 nam3 and d3v3l0p3r acc0un7.

4d0b3 r3m0v3d supp0r7 f0r Flash 0n 4ndr0!d, bu7 7h3r3 ar3 s7!ll s0m3 arch!v3s ava!labl3 0nl!n3 7ha7 w0rk w!7h 0ld3r v3rs!0ns 0f 7h3 0p3ra7!ng sys73ms, Ic3(r3am 5andw!ch !n 7h3 c0n73x7 0f 7h!s scam.

BigPond Email Users Targeted By Phishing Scam

Namaste! Good Morning,

A ph!sh!ng campa!gn curr3n7ly aff3c7!ng 4us7ral!an us3rs a773mp7s 70 lur3 7h3m 70 a mal!c!0us w3bs!73 by !nf0rm!ng 7ha7 7h3!r 8!gP0nd acc0un7 !s ab0u7 70 b3 canc3ll3d unl3ss 7h3y r3ac7!va73 !7 by l0gg!ng !n.

7h3 r3as0n 0ff3r3d f0r 7h3 d3c!s!0n 70 canc3l 7h3 3ma!l !nb0x !s 7ha7 7h3 s3rv!c3 !s upgrad!ng 7h3 da7abas3 and n33ds “70 cr3a73 m0r3 spac3 f0r n3w acc0un7s.”

8!gP0nd !s 0n3 0f 7h3 larg3s7 In73rn37 pr0v!d3rs !n 4us7ral!a, als0 0ff3r!ng w3bma!l s3rv!c3s 70 !7s cl!3n7s. 4s such, 7h3 p073n7!al !mpac7 0f 7h!s curr3n7 spam campa!gn !s qu!73 w!d3spr3ad.

“7h!s m3ssag3 !s fr0m w3bma!l.b!gp0nd.c0m adm!n m3ssag!ng c3n73r 70 all acc0un7 0wn3rs. W3 ar3 curr3n7ly upgrad!ng 0ur da7abas3 and 3ma!l acc0un7 c3n73r s0 w3 ar3 canc3ll!ng unus3d and us3d 8I6P0ND.(0M acc0un7 70 cr3a73 m0r3 spac3 f0r n3w acc0un7s,” r3ads 7h3 fak3 m3ssag3.

Und3r 7h!s 73x7, cyb3rcr!m!nals pr0v!d3 7h3 l!nk 7ha7 cla!ms 70 l3ad 70 7h3 l3g!7!ma73 8!gP0nd l0g!n pag3. #0w3v3r, 7h3 fak3 w3bs!73 r3s3mbl3s 7h3 0r!g!nal, bu7 all 7h3 !nf0rma7!0n 3n73r3d !n 7h3 us3rnam3 and passw0rd f!3lds !s s3n7 au70ma7!cally 70 7h3 cr00ks.

As r3p0r73d by Hoax-Slayer, wh0 caugh7 an 3ma!l sampl3, “cl!ck!ng 0n 7h3 upgrad3 l!nk w!ll 7ak3 y0u 70 a scam w3bs!73 7ha7 asks y0u 70 pr0v!d3 y0ur acc0un7 us3rnam3, 3ma!l addr3ss, and passw0rd. 4f73r y0u 3n73r 7h3 r3qu3s73d !nf0rma7!0n and cl!ck 7h3 '53nd M3ssag3' bu770n, y0u w!ll b3 7ak3n 70 a s3c0nd fak3 pag3 7ha7 cla!ms 7ha7 7h3 upda73 has b33n succ3ssful and y0ur acc0un7 !s aga!n ac7!va73d.”

W!7h 7h3 cr3d3n7!als !n 7h3!r hands, 7h3 cr00ks can acc3ss 7h3 3ma!l acc0un7 unr3s7r!c73dly. 7h3!r ma!n g0al !s 70 mak3 m0n3y, by us!ng 7h3 c0mpr0m!s3d addr3ss f0r d3pl0y!ng spam campa!gns 0r c0ll3c7!ng cr3d3n7!als fr0m !nd!v!duals kn0wn 70 7h3 v!c7!m.

(0ll3c7!ng p3rs0nal !nf0rma7!0n fr0m 7h3 3ma!ls !n 7h3 acc0un7 can h3lp 7h3m bu!ld a s7ra73gy f0r s73al!ng cr3d3n7!als f0r f!nanc!al !ns7!7u7!0ns 7ha7 w0uld all0w 7h3m 70 3mp7y 7h3 v!c7!m’s bank acc0un7.

Us3rs sh0uld d3l373 such m3ssag3s 7h3 m0m3n7 7h3y h!7 7h3!r !nb0x; c0mpan!3s w0uld n3v3r ask us3rs 70 l0g !n70 a w3b acc0un7 !n 0rd3r 70 s!gnal 7ha7 7h3y d0 n07 wan7 70 b3 b0073d fr0m 7h3 s3rv!c3.

M0r30v3r, c0mpan!3s w0uld n07 r3m0v3 cus70m3rs fr0m 7h3!r da7abas3 7h3ms3lv3s, and 3v3n !f 7h3y d!d, !7 w0uld n3v3r b3 0n acc0un7 0f fr33!ng up spac3.

0n3 way 70 pr073c7 aga!ns7 m0s7 0f 7h3s3 scams !s 70 ch3ck 7h3 s0urc3 0f 7h3 m3ssag3 and l00k f0r 7h3 3ma!l addr3ss 0f 7h3 r3c!p!3n7. If !7 !s n07 r3la73d 70 7h3 pr0v!d3r 0f 7h3 s3rv!c3, 7h3n 7h3 m3ssag3 !s scam.

In 7h!s par7!cular cas3, 7h3 l0g!n pag3 acc3ss3d 7hr0ugh 7h3 l!nk !n 7h3 m3ssag3 sh0uld 0ff3r a s3cur3, #77P5 c0nn3c7!0n.