These two hacking organizations have made posts on Twitter that they’ve joined forces. This could be one of the largest and most dangerous hacking organizations on the internet today. LulzSec (Lulz Security) and the group Anonymous took down the UK police web site as part of “Operation Anti-Security” on Monday.

Anonymous made a post on Twitter yesterday, stating – “The Governments and Banking Systems won’t know what hit them”. Lulz Security declared “Top priority is to steal and leak any classified government information, prime targets are banks and other high-ranking establishments.”

This is a major threat to sensitive information and I highly recommend that everyone take precautionary measures by changing passwords and keeping track of banking information and any other online activity.

Anonymous announced its plan for the coming twelve months in this video.

Sydney infosec technologist Daniel Grzelak can help you keep track of the latest breaches, by visiting hack to help.

You can see if you’re in any of a number of recently-spilled leakages by simply searching for your email address at: https://shouldichangemypassword.com/

Sources: Naked Security, H Security

Related LulzSec Articles
Tango Down – Lulz Takes Down CIA
LulzSec Hacker Group On a Roll!

I am not praising anyone here, but to breach the CIA web site is just one more notch in this hacker group’s belt. It amazes me that they have breached so many well known companies. The Lulz group certainly provided enough evidence that they’re capable of anything when it comes to online breaches. You would think that the CIA would have stepped up their security to prevent any more attacks. I guess the CIA just thought they were untouchable, NOT!

Security analysts have downplayed the significance of these attacks, saying the hackers are just looking to show off and get as much attention as possible.

Huh? Attention? Please, are you just in denial pocket protector?

This group is far from done in my opinion and if it’s just for attention, they should be getting a lot of it as the press has provided enough noise that even Anthony Weiner is now taking a back seat.

Lulz, whose members are strewn across the globe, announced the attack shortly before 6 p.m. East Coast time.

Who’s next?

LulzSec Related Articles
LulzSec Hacker Group On a Roll!

In the past couple of weeks, the so-called LulzSec (Lulz Security) group has breached a number of popular sites and brands, such as; Sony, PBS, FBI Security Affiliate and British National Health Services. They’re still going strong, and this time they hacked into the U.S. Senate, issuing on its own site a small sample of internal data from Senate.gov as proof of their latest breach.

The hackers are crafty and smart and are known for their taunts and mischief. On their site they write – “is this an act of war, gentlemen? Problem?” This statement goes back earlier this month that cyber-attacks would be considered acts of war by the Pentagon. The group today also released source code and database passwords for the video game maker Bethesda Softworks, a subsidiary of ZeniMax Media.

If you can’t beat them, hire them. The government needs to learn from this crafty, intelligent group to protect all assets of the U.S. government. It seems clear they’re one step ahead of any security defense that is in front of them. The sites that were hacked hold sensitive data on the local and national level and this information is critical to the tax payers.

If this continues it could be an apocalypse of sorts and right now, the LulzSec group is leading the charge!

Is it time to declare anarchy of sorts by taking our hard earned money from the bank and stuffing it in our mattresses? Today, more and more banks are being targeted by cyber crimnals and there is no end in sight.

You can bet that Citibank is now back peddling because of their recent attack by a group of hackers that resulted in a loss of Personally Identifiable Information for more 200,000 customers. They say it only affected 1% of all its customers and only customers’ names, account numbers, contact details and email addresses were stolen in this breach. I feel better already, NOT! Even one person is too much, but 200,000, come on!

I dislike it when big corporations play down the significant of this attack. I also think Citibank is holding back the truth. Citibank is the world’s largest credit card provider (150,000,000) worldwide. This means that at least 1.5 million customer accounts were compromised. Do the math – 1 percentage of 150 million. You would think a bank would get the math right.

I wouldn’t feel to secure being a customer at Citibank right now. The security hole was found during routine checking in early May. If this is the case, why did the bank wait so long to inform its customers? A communication should have been sent immediately after the assessment of the breach. It looks as though Citibank was covering it up so that the press didn’t get wind of this breach.

It makes me wonder how safe my information and money is in this day and age. One day, and soon, we all may be stuffing our money in our mattresses.

Parasites are websites that are hacked and infected with hidden illicit content.

There are way too many script kiddies on the internet. These script kiddies are at the bottom of the hacker food chain, but are still considered dangerous. Just like seasoned veteran hackers, script kiddies utilize Blackhat SEO tactics to lure in their victims.

These n00b hackers use iframes and external scripts to redirect users to websites that are malicious. These websites harvest user information and use this information for credit card fraud and identity theft. Some of these websites also try to sell rogue software.

URLVoid and Unmask Parasites provide a service that will scan any website for parasites. I prefer URLVoid the most as it provides more link information. They are both good services and it doesn’t hurt to use both.

This service will scan any web address you enter into the form field and will output all the live links, iframes and external scripts found. You can use this service to analyze your website and see if there are unknown iframes or links that point to unknown domains.

The results will be included below the form. You can scan each link from the domain or sub-domain that’s included in the report by clicking on (Scan) to the right of each link to check its reputation.

If you find a parasite on your blog, you will need to look through all your templates to find the parasite and remove it. It’s highly recommended that you backup your blog daily in the event you need to restore your blog from a clean backup.

Give URLVoid and Unmask Parasites a try to see if your website is free from parasites.

Related Articles
How to Detect if a Website is Dangerous
How to Fix the Recent WordPress Hack
How to Check for Malware on a Web Page

More than half of the people who are on social networks or instant messaging will click on a link that a person shares. That’s a large number and it’s why there are so many people who get scammed and or get viruses.

Facebook and Twitter the two most popular social networks are also a hackers playground. These two networks are primary targets for attacks. Because of this, social networks have become one of the most significant vectors for data loss and identity theft.

Be careful about clicking on links that a friend sends via a chat application or on a social network, because your friend, in most cases, doesn’t know if something they’re sending is safe.

There’s an automated tool that poses convincingly as a real human in Internet Relay Chats (IRC) and instant messaging sessions. It lets an attacker glean personal and other valuable information from victims via these chats, or lure them into clicking on malicious links. And the researchers had plenty of success in their tests: They were able to get users to click onto malicious links sent via their chat messages 76 percent of the time. Source: Dark Reading.

You should also be careful clicking on shorten URLS.

Are you familiar with Zero Day Exploits? Do you know the dangers of a Zero Day Exploit? I was approached about the subject from one of my social network friends and I thought it would be best to share this information with everyone.

A zero-day exploit is when someone takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. Once a person identifies that an application or program contains a potential security vulnerability, that person can notify the publisher of the application or program so that action can be taken to repair or patch the vulnerability or defend against its exploitation.

The worst part of a zero day exploit is that some companies may not react fast enough to fix or patch the vulnerability. This will leave many users exposed and many might already be infected. The good news is that sometimes the hackers can’t expose or distribute the exploit faster than the fix. Hopefully this happens more often and suppresses any wrong doing from the hackers.

Hackers are getting smarter and are able to expose vulnerabilities much faster. In some cases, a hacker may be the first to discover the vulnerability. In these situations, the vulnerability and the exploit may become apparent on the same day. There is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection of an exploit.

I hope that you find this information useful.

This vulnerability has nothing to do with downloading software. Any user can be affected by visiting a site that has been hacked, and there are thousands that have already. In fact, hackers have known about this hole in Microsoft’s Active X Control for a week.

According to Microsoft Corp., the vulnerability has not been fixed, but they’re offering a work around in the mean time.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

How do hackers exploit this vulnerability? It can allow hackers to remotely take control of victims’ machines. The victims don’t need to do anything to get infected except visit a Web site that’s been hacked.

Do not click on any links that may look suspicious in emails or links shared through social networks.

To apply the fix, visit Microsoft’s Knowledge base article 972890 and click the “Enable workaround” Fix it link. Then run the downloaded .msi file to disable the ActiveX control. To reverse the change, download and run the .msi from the “Disable workaround” link.

Hackers thrive on holidays and major headline stories. Michael Jackson’s death is no small story. More than 13,000 blogs have been published since the story broke about his tragic death. Hackers are now setting up Phishing scams to lure in their victims. Phishing and pharming are two popular forms of fraud that aim to dupe victims into believing they are at a trusted Web site such as their bank, when in fact they have been enticed to a bogus Web site that intends to steal their identity and drain their financial resources.

Cybercrime is motivated by fraud, typified by the bogus emails sent by “phishers” that aim to steal personal information. The tools driving their attacks and fueling the blackmarket are crimeware – bots, Trojan horses, and spyware.

With the passing of Michael Jackson, hackers are now preparing the ultimate scam to convince online users to make donations to the Michael Jackson Foundation or something to that affect. It’s cold and cruel to play on people’s hearts and especially fans of the King of Pop.

Do not share or click on any information that portrays itself as a foundation, fund, connected to Michael Jackson. These scams will start to percolate over the next week.

What To Do If You’re a Victim?

You can visit http://www.fraud.org/ to report on the following crimes:

• Telemarketing Fraud
• Internet Fraud
• Scams Against Businesses
• Scams Against Elderly
• Counterfeit Drugs
• Fraud News

Surf safe and surf smart!

Here we go again! Just over a week ago there have been many Acai Berry tweets being sent throughout Twitter from bogus accounts. These Twitter messages are promoting a free trial of an acai berry dietary supplement. Security experts say that social-networking spam is particularly effective because it can’t be filtered at the corporate firewall and appears to come from a friend of the recipient.

These messages aren’t coming from friends you may know, as these accounts were hacked. Not only hacked accounts are spreading the dietary supplement, but they’re also coming from new squatted accounts created months ago. This strategy allows the spammer to build up followers before tempting their trickery.

However, these links that are shortened can fool anyone into believing they’re legitimate, but think again. The links are going to websites that are full of Malware.

Here are some facts about Malware infected sites:

Web-based Malware more likely to be found on older domains

The common assumption that most web-based Malware resides on less reputable websites, perhaps touting adult content, was called into question when MessageLabs Intelligence identified that cybercriminals appear to be more likely to hide malicious content on older domains that have been well-established, but perhaps compromised or Malware being hosted in breach of their terms of use. The latter being typical of domains connected with social networking environments, providing mainly user-generated content.

MessageLabs Intelligence data3 from the week of 5 May 2009 revealed that:

• 84.6% of website domains blocked for hosting malicious content are well-established domains that are over a year old
• 15.4% of domains blocked are domains that are less than a year old
• 10.2% are domains that are less than a month old
• And 3.1% are domains that are less than a week old

Older domains are almost certainly more likely to be well-established and more reputable, and the likelihood that they are legitimate sites that have been compromised in some way is increased.

Domains that are only a week old or less and implicated in hosting Malware are more likely to be temporary sites set up with the sole purpose of distributing Malware or spam, such as in the numerous domains that exist solely to distribute rogue anti-spyware or anti-Malware products.

Very new sites are often found to be used by affiliates, in order to redirect visitors to another site. This helps to ensure that they receive payment for any click-thrus that their sites generate, but sometimes they will include drive-by attacks, using hidden HTML IFRAME exploits, for example.

Be extra careful before clicking on any link on any of the social networks.