author: jeremy martin, cissp-issmp/issap, cism, ceh/lpt...

28
Information Warfare Center’s Cyber Intelligence Report (CIR) Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT/CHFI, CREA/CEPT/CSSA/CCFE www.informationwarfarecenter.com 1 The IWC CIR is a weekly OSINT resource focusing on advanced persistent threats and other digital dangers. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage. Remember remember the 5 th of November: @OpVendetta2012 & Marchondcnov5th.wordpress.com Both groups have plans to protesting on November 5th. "The Revolution to Restore the Republic of the United States.... “On November 5th 2012 WE THE PEOPLE will march on Washington DC peacefully and unarmed to arrest all members of congress, the president, and all supreme court justices where they will be held without bond until a full independent investigation and trial have been completed. We must re-elect our government within 90 days in order to stave of unrest." Anonymous Warning: 5th November 2012 sent from , an offshoot of Anonymous. @FawkesSecurity https://www.youtube.com/watch?v=gteHUvz1_x8 & http://pastebin.com/DKvrtiFU “Dear citizens of the world, We are Anonymous. As of today 200 kilograms of composite Nitroglycerin and commercial explosives have effectively been concealed in a government building, situated in the united states of America. On the 5th of November 2012 the device will detonate remotely via the transmission control protocol, leaving behind severe consiquences. We would like to advise that the contraption is built inside a tamper proof apparatus sensitive to physical intrusions or attempted disarmament, thus resulting in the desired effect, if the military grade device is found before the 5th of November. There is no intention, risks or circumstances what so ever to cause harm to innocent people, but we can not, say the same for the people who are the real terrorists, oppressors and war creators. We are anonymous We are legion We do not forget We do not forgive...” The pattern of the bomb threat does not seem match normal Anonymous messages... This does not appear to be the same person(s) that release most of the other videos with the grammar and writing style used... Anonymous’ response: https://www.youtube.com/watch?v=D_7oIuGX_pk Section Page # Country Gov’t Defaced sites OS defaced # In the News 2 123 United States 1 Windows 125 Exploits 5 18 Brazil 13 Linux 209 Web Exploits 5 26 China 50 FreeBSD 10 Tools 6 7 Mexico 10 F5 Big-IP 3 Papers 5 8 Turkey 12 Unknown 3 Advisories 7 112 Bangladesh 10 Websites defaced 17 350 Indonesia 90 Alerts Apple NetWeaver Adobe Avaya HP Huawei IBM Microsoft Mozilla Oracle VMWare WordPress

Upload: others

Post on 31-Mar-2020

11 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

Information Warfare Center’s Cyber Intelligence Report (CIR) Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT/CHFI, CREA/CEPT/CSSA/CCFE

www.informationwarfarecenter.com

1

The IWC CIR is a weekly OSINT resource focusing on advanced persistent threats and other digital dangers. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage.

Remember remember the 5th

of November: @OpVendetta2012 & Marchondcnov5th.wordpress.com

Both groups have plans to protesting on November 5th.

"The Revolution to Restore the Republic of the United States.” ... “On November 5th 2012 WE THE PEOPLE will

march on Washington DC peacefully and unarmed to arrest all members of congress, the president, and all supreme

court justices where they will be held without bond until a full independent investigation and trial have been

completed. We must re-elect our government within 90 days in order to stave of unrest."

Anonymous Warning: 5th November 2012 sent from , an offshoot of Anonymous. @FawkesSecurity

https://www.youtube.com/watch?v=gteHUvz1_x8 & http://pastebin.com/DKvrtiFU

“Dear citizens of the world, We are Anonymous. As of today 200 kilograms of composite Nitroglycerin and commercial explosives have effectively been concealed in a government building, situated in the united states of America. On the 5th of November 2012 the device will detonate remotely via the transmission control protocol, leaving behind severe consiquences. We would like to advise that the contraption is built inside a tamper proof apparatus sensitive to physical intrusions or attempted disarmament, thus resulting in the desired effect, if the military grade device is found before the 5th of November. There is no intention, risks or circumstances what so ever to cause harm to innocent people, but we can not, say the same for the people who are the real terrorists, oppressors and war creators. We are anonymous We are legion We do not forget We do not forgive...”

The pattern of the bomb threat does not seem match normal Anonymous messages... This does not appear to be the same person(s) that release most of the other videos with the grammar and writing style used... Anonymous’ response: https://www.youtube.com/watch?v=D_7oIuGX_pk

Section Page # Country Gov’t Defaced sites OS defaced #

In the News 2 123 United States 1 Windows 125

Exploits 5 18 Brazil 13 Linux 209

Web Exploits 5 26 China 50 FreeBSD 10

Tools 6 7 Mexico 10 F5 Big-IP 3

Papers 5 8 Turkey 12 Unknown 3

Advisories 7 112 Bangladesh 10

Websites defaced 17 350 Indonesia 90

Alerts

AppleNetWeaverAdobeAvayaHPHuaweiIBMMicrosoftMozillaOracleVMWareWordPress

Page 2: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

2

Anonymous (13)

Anonymous deface UK Police forum and Dating Portal

Anonymous going to lauch wikileaks like project called TYLER

Anonymous Group Posts Bomb Threat For Nov. 5, Pisses Off Anonymous

Anonymous Hackers leaks 1.35GB Italian State Police Data

Anonymous hacking group target police web forum

Anonymous leaks Classified Documents from Greek Finance Ministry server

Anonymous Takes Aim At Zynga

Anonymous Warns Of Attack On Facebook And Zynga

Anonymous: FawkesSecurity bomb threat: False flag?

Hacker claiming ties to Anonymous posts bomb threat for November 5 on YouTube

Operation Vendetta

Anonymous Documentary “We Are Legion” Now Available

'Anonymous' to Rove: 'We Are Watching You, We Know That You Will Attempt to Rig the Election'

Government (27)

.Gov, .Mil URL-Shortener Spam Attack Curtailed

Asia Pacific Computer Emergency Response Team: Security Awareness.

AT&T Government Solutions Receives Authority to Operate for Cloud Storage Service

Canada's cyber-security lacking, says report

Consolidation Strengthens Virginia's Cybersecurity Efforts

Cyber Security Research Alliance: Intel, Lockheed And Others Team Up To Tackle CyberSecurity

Cyberspace the new battlefield in Tehran's war

DHS broadens public-private efforts to combat cyber risks

Funniest Tweets Of The Final Presidential Debate

Georgia Turns The Tables On Russian Hacker

Give Social Networks Fake Details, Advises Government Official

Half of capital may have been victims of cyber crime

Huawei Partner Offered US Tech To Iran

Israeli Cops Penetrated By Army Of Fake Generals With Trojans

Millions Of SSNs Lifted From South Carolina Database

Napolitano: DHS Is ‘Infant That Needs to Walk and Run’ Right Now

New FBI Initiative Will Identify And Trace Hackers

NIST's Hash Algorithm Refresh Possibly Premature

Parallel Vote Count In Jeopardy Because Of Hacker Attacks

Police Make Three Arrests In Phishing Scam Sting

Test Our Cyber Security, Huawei Says

The anatomy of cyber security exercises

U.S. Looks To Replace Human Surveillance With Computers

UN: More international cooperation needed to fight cyberterrorism

Unencrypted Flight Barcode Warning

US-Cert Warns DKIM Email Open To Spoofing

WikiLeaks releases hacked US military detention policies

SCADA/ICS (3)

Another Systematic SCADA Vuln

Critical infrastructure managing software vulnerable to Unauthorized access

Triconex: PLCs Remain Safe

Page 3: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

3

Forensics (1)

Turning Tables: ID'ing The Hacker Behind The Keyboard

Financial (9)

Barnes & Noble halts use of PIN pad devices after data breach

Barnes & Noble Stores Targeted In Nationwide Payment Card-Skimming Scam

DDoS attacks against banks raise question: Is this cyberwar?

Hackers Crack Texan Bank, Experian Credit Records Come Flooding Out

Hackers Steal Customer Data From Barnes And Noble Keypads

Hackers stole Credit Card details from 63 'Barnes & Noble' stores

Insurer Launches Cyber Insurance For Small Businesses

Stoke Fined £120K Over Email Privacy Blunder

Verizon: Most Intellectual Property Theft Involves Company Insiders

Legal (11) Court To Notify Current And Former Norton Customers About $10 Cash Refunds For Antivirus Software Upgrades And Renewals

Cybersecurity legislation makes Panetta's lame duck to-do list

Deceptive Web Tracker Settles With FTC

Dyson Goes To Court Over Stolen Trade Secrets

FTC Issues Privacy Guidelines For Facial Recognition

Hacker Attack Warnings Don't Budge Opposing Sides On Cyber Bill

Judge Says PSN Hack Can't Spark Class Action

Russian coder puts Microsoft botnet accusation behind him

Security Order Calls for Cyberthreat Info Sharing

US Rules Jailbreaking Tablets Is Illegal

What An Executive Order On Cybersecurity May Mean For Enterprises

Mobile (6)

AlienVault Launches Threat Intelligence Resource Center & iOS Mobile Apps

Android Adware abusing permissions, Collecting more than they need

Sharp rise in Android Malwares in Third Quarter of 2012

Smartphone wireless chipset vulnerable to DoS attack

TeleCommunication Systems Receives 12 U.S. Patents Advancing Public Safety, Mobile Location, Messaging, Wireless Data, Mapping and Secure Communications Technologies

Technology (35)

10 Certifications Every IT Pro Needs To Have For 2013

Adobe Plugs Up Buffer Overflow Holes In Shockwave Update

Assassinations using heart implants

BitTitan Announces Beta for Cloud-Based Email Automation Solution

Cyber crimes become prevalent on college campuses

Cybersecurity Study. [REPORT]

Facebook Donates $250k Taken From Spammers To Cyber CSI Lab

First look at Windows 8 security features

France Euromillions Site Hit By Religious Hackers

How A Google Headhunter's E-Mail Unraveled A Massive Net Security Hole (WIRED)

Huawei Says It Would Offer Access To Its Source Code Via Independent Testing Center (SECURITY WEEK)

Hunting Botnets On A Bigger Scale

Lacklustre Security Making Corporate Data Easy Prey For Hackers

Malware Bypasses Antivirus

Page 4: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

4

Malware Hijacks Your Email, Sends Death Threats

McGraw Announces New Iniative to Combat Identity Theft

Medical Devices Vulnerable to Hacking

Microsoft Has No Plans For A Second Windows 7 Service Pack

Microsoft releases Windows 8

New cybercrime monetization methods

New windows malware can target smart cards for full remote access

Next-Generation Malware: Changing The Game In Security's Operations Center

Qualys Introduces Predictive Analytics Engine For Zero-Day And Microsoft Patch Tuesday Vulnerabilities

Recognized vulnerabilities fuel growth in cybersecurity

Researcher to demonstrate feature-rich malware that works as a browser extension

Researchers To Launch New Tools For Search Engine Hacking

Saudi Cyber Attack Seen As Amateur Iranian Hackers

Skimming, Identity Theft and How Online Business Defend Against Cybercrime

Sony Hack Useless To Regular PS3 Gamers

Sony PlayStation 3 hacked with custom firmware

Verizon DBIR Analysis: Insiders Often Complicit in Breaches of Intellectual Property

Verizon Releases Industry-by-Industry Snapshots of Cybercrime

Websites Knocked Offline By Super-Storm Sandy

Xerox, McAfee announce first printers with McAfee Embedded Control software

Zero-Day Attacks Long-Lived, Presage Mass Exploitation

Conference (2)

1st Annual Maryland Digital Forensics Investigation Challenge

National Initiative for Cybersecurity Education (NICE) Workshop

FBI News (17) CPKP (9)

Belleville Man Sentenced for Enticement of a Minor and Transportation of Child Pornography

Cincinnati Man Sentenced to 148 Months in Prison for Possessing Child Pornography

Macy Man Sentenced for Assault on a Child

Man Pleads Guilty to Arranging for Sexual Contact with a Minor

Monroe County Man Sentenced to Five Years in Prison for Child Pornography Offense

Pennsylvania Man Pleads Guilty to Receipt of Child Pornography

Rochester Man Sentenced on Child Pornography Charges

Sex Offender Faces Minimum Sentence of 15 Years in Prison

Trio of Child Pornographers Sentenced

Government (3)

FBI Releases 2011 Crime Statistics

Local Man Charged with Conveying Hoax Bomb Threats

Virginia Man Indicted on Additional Charges, Including a D.C. Terrorism Offense

Technology (5)

Computer Printer Technician Acknowledges Defrauding Children’s of Alabama

Cyber Division Focusing on Hackers and Intrusions

NYPD Officer: Kidnapping Conspiracy and Illegally Accessing Federal Database

Online Dating Extortion and Other Scams

Orlando Man Indicted for Shining Laser at Police Helicopter

Page 5: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

5

Mobile (1)

Grandstream GXP1405 Executive IP Phone 1.0.1.110 XSS

DoS (4)

Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 Multiple Vulnerabilities

Apple QuickTime Player 7.7.2 Crash PoC

hMailServer 5.3.3 Remote Denial Of Service

Microsoft Office Word 2010 Crash PoC

Local (10)

Apple QuickTime Player 7.7.2 Crash

Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack

Microsoft Internet Explorer "scrollIntoView" Use-After-Free

Microsoft Office Excel 2010 Memory Corruption

Microsoft Office Picture Manager 2010 Memory Corruption

Microsoft Office Publisher 2010 Proof Of Concept

Microsoft Office Word 2012 Stack Overflow

Microsoft Paint 5.1 Memory Corruption

Microsoft Windows Help Program Memory Corruption

TP-LINK TL-WR841N Local File Inclusion

Remote (3)

Aladdin Knowledge System Ltd Buffer Overflow

HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow

HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow

This section of the CIR is dedicated to inform the public exploits, tools, and whitepapers that may directly affect the security posture of an organization. The term “Proof of Concept (PoC)” is another term for working exploit. Many of these PoCs will eventually find themselves in malicious logic such as viruses, Trojans, and root kits.

Page 6: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

6

Web (26)

Aladdin Knowledge System Ltd. Active-X Buffer Overflow

Allscripts Homecare Client Local Memory Corruption

Bitweaver 2.8.1 Cross Site Scripting / Local File Inclusion

Bitweaver 2.8.1 Multiple Vulnerabilities

ClanSphere 2011.3 Local File Inclusion / Remote Code Execution

Contao 2.11.6 Path Disclosure

Gramophone 0.01b1 Cross Site Scripting

Inout Article Base Ultimate SQL Injection / CSRF

Inventory 1.0 Cross Site Scripting

Inventory 1.0 SQL Injection

Layton Helpbox 4.4.0 Authorization Bypass

Layton Helpbox 4.4.0 Cross Site Scripting

Layton Helpbox 4.4.0 Login Bypass

Layton Helpbox 4.4.0 Password Disclosure

Layton Helpbox 4.4.0 SQL Injection

Layton Helpbox 4.4.0 Stored Cross Site Scripting

ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection

NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection

NASA Tri-Agency Climate Education (TrACE) 1.0 XSS

SMF 2.0.2 Cross Site Scripting

VaM Shop 1.69 Cross Site Scripting / SQL Injection

VicBlog Path Disclosure / SQL Injection

WordPress Easy Webinar Blind SQL Injection

WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite

Wysiwyg Imagelibrary Traversal

Zomorrod Web Design SQL Injection

Tools (7)

360-FAAR Firewall Analysis Audit And Repair 0.3.3

360-FAAR Firewall Analysis Audit And Repair 0.3.4

Hook Analyser Malware Tool 2.1

OATH Toolkit 2.0.1

Packet Fence 3.6.0

WAF-FLE ModSecurity Console 0.6.0rc1

Xplico Network Forensic Analysis Tool 1.0.1

Papers (8)

Bypassing Avast Sandbox Using Alternate Data Streaming

DIMVA 2013 Call For Papers

Facing Facts - FCC Whitepaper

How Did They Get In? A Guide To Tracking Down The Source Of An APT

Monitoring And Controlling Privileged User Access

Network Monitoring As A SecurityTool

Positive Hack Days III Call For Papers

Using Ontologies In A Cognitive-Grounded System

Page 7: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

7

Adobe (1)

Secunia Security Advisory 51090

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.

Apache (1)

Secunia Security Advisory 51052

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in Apache OFBiz.

Avaya (1)

Secunia Security Advisory 51077

Secunia Security Advisory - Avaya has acknowledged a weakness and some vulnerabilities in Avaya Aura Presence Services, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and to disclose system information and by malicious people to cause a DoS.

HP (6)

Secunia Security Advisory 51081

Secunia Security Advisory - Some vulnerabilities have been reported in multiple HP products, which can be exploited by malicious people to disclose potentially sensitive information.

HP Security Bulletin HPSBHF02819 SSRT100920

HP Security Bulletin HPSBHF02819 SSRT100920 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.

HP Security Bulletin HPSBHF02819 SSRT100920

HP Security Bulletin HPSBHF02819 SSRT100920 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.

Secunia Security Advisory 51096

Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

HP Security Bulletin HPSBUX02824 SSRT100970

HP Security Bulletin HPSBUX02824 SSRT100970 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code and other vulnerabilities. Revision 1 of this advisory.

HP Security Bulletin HPSBHF02819 SSRT100920 2

HP Security Bulletin HPSBHF02819 SSRT100920 2 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 2 of this advisory.

Huawei (1)

HP/H3C And Huawei SNMP Weak Access To Critical Data

HP/H3C and Huawei networking equipment suffers from a serious weakness in regards to their handling of SNMP requests for protected h3c-user.mib and hh3c-user.mib objects.

Page 8: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

8

IBM (1)

Secunia Security Advisory 51106

Secunia Security Advisory - IBM has acknowledged a vulnerability in BIND included in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).

Microsoft (5)

Microsoft Internet Explorer OnMove Use-After-Free

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "onMove" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.

Microsoft Office Excel 2010 Memory Corruption

Microsoft Office Excel 2010 memory corruption proof of concept exploit.

Microsoft Paint 5.1 Memory Corruption

Microsoft Paint version 5.1 memory corruption proof of concept exploit.

Microsoft Office Publisher 2010 Proof Of Concept

Microsoft Office Publisher 2010 crash proof of concept denial of service exploit.

Microsoft Windows Help Program Memory Corruption

Microsoft Windows Help memory corruption proof of concept exploit.

Mozilla (1)

Secunia Security Advisory 51144

Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.

NASA (2)

NASA Tri-Agency Climate Education (TrACE) 1.0 XSS

The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from a reflected cross site scripting vulnerability when input is passed to the 'product_id', 'pi', 'project_id' and 'funder' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 1.0 is affected.

NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection

The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from an SQL Injection vulnerabilities when input is passed to the 'product_id' and 'grade' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 1.0 is affected.

Oracle (5)

Secunia Security Advisory 50926

Secunia Security Advisory - Oracle has acknowledged a vulnerability with an unknown impact in 7-zip included in Solaris.

Page 9: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

9

Secunia Security Advisory 51078

Secunia Security Advisory - Oracle has acknowledged a vulnerability in BIND included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

Oracle Java Font Processing "maxPointCount" Heap Overflow

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

Oracle Java Font Processing Glyph Element Memory Corruption

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

Secunia Security Advisory 51151

Secunia Security Advisory - ERPScan has reported a vulnerability in Oracle Business Intelligence, which can be exploited by malicious people to conduct cross-site scripting attacks.

VMWare (1)

EMC Avamar Client For VMware Information Disclosure

The Avamar Server root user password is stored in plain text on Avamar VMWare proxy client. This could allow a malicious user with network access to proxy client and Avamar Server to gain privileged access to the Avamar server

WordPress (9)

Secunia Security Advisory 50834

Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Cimy User Manager plugin for WordPress, which can be exploited by malicious people to disclose certain sensitive information.

Secunia Security Advisory 50981

Secunia Security Advisory - Han Lee has discovered a vulnerability in the Spider Calendar plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory 50873

Secunia Security Advisory - Charlie Eriksen has discovered two vulnerabilities in the FireStorm Professional Real Estate plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

Secunia Security Advisory 50975

Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Zingiri Bookings plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory 50875

Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the UnGallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

Secunia Security Advisory 50977

Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Thank You Counter Button plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Page 10: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

10

Secunia Security Advisory 50983

Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Zingiri Form Builder plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory 50910

Secunia Security Advisory - Multiple vulnerabilities have discovered in the Poll plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

WordPress Easy Webinar Blind SQL Injection

WordPress Easy Webinar plugin suffers from a remote blind SQL injection vulnerability.

Misc: (37)

Secunia Security Advisory 51041

Secunia Security Advisory - A vulnerability has been reported in ViewVC, which can be exploited by malicious users to conduct script insertion attacks.

Secunia Security Advisory 51095

Secunia Security Advisory - A security issue and some vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to bypass certain security restrictions.

Secunia Security Advisory 51069

Secunia Security Advisory - Two vulnerabilities have been discovered in ManageEngine Security Manager Plus, which can be exploited by malicious people to disclose potentially sensitive system information and conduct SQL injection attacks.

Secunia Security Advisory 51021

Secunia Security Advisory - MustLive has reported a vulnerability in Bitrix Site Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory 51091

Secunia Security Advisory - Multiple vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory 50928

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine SupportCenter Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory 50829

Secunia Security Advisory - Janek Vind has discovered multiple vulnerabilities in phpMyBitTorrent, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting and SQL injection attacks.

Secunia Security Advisory 51045

Secunia Security Advisory - A weakness and a vulnerability has been reported in F5 FirePass, which can be exploited by malicious people to conduct spoofing and SQL injection attacks.

Secunia Security Advisory 51058

Secunia Security Advisory - HTTPCS has discovered two vulnerabilities in Dolibarr ERP/CRM, which can be exploited by malicious people to conduct cross-site scripting attacks.

Page 11: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

11

Secunia Security Advisory 50917

Secunia Security Advisory - SEC Consult has reported a vulnerability in the Unirgy uStoreLocator extension for Magento, which can be exploited by malicious people to conduct SQL injection attacks

Secunia Security Advisory 51036

Secunia Security Advisory - SySS has reported a security issue in Palo Alto Networks GlobalProtect, which can be exploited by malicious people to conduct spoofing attacks.

Secunia Security Advisory 51076

Secunia Security Advisory - A vulnerability has been reported in the Commedia component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Drupal Time Spent 6.x / 7.x XSS / CSRF / SQL Injection

Drupal Time Spent third party module versions 6.x and 7.x suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

Secunia Security Advisory 50631

Secunia Security Advisory - Zhao Liang has discovered some vulnerabilities in Winmail Server, which can be exploited by malicious users and malicious people to conduct script insertion attacks.

Drupal MailChimp 7.x Cross Site Scripting

Drupal MailChimp third party module version 7.x suffers from a cross site scripting vulnerability.

Secunia Security Advisory 51092

Secunia Security Advisory - Some vulnerabilities have been reported in TIBCO Formvine, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

Secunia Security Advisory 51084

Secunia Security Advisory - A vulnerability has been reported in OpenAthens SP, which can be exploited by malicious people to bypass certain security restrictions.

Aladdin Knowledge System Ltd. Active-X Buffer Overflow

The Aladdin Knowledge System Ltd. PrivAgent active-x control version 2.0 suffers from buffer overflow and insecure file download vulnerabilities. Buffer overflow proof of concept included.

Secunia Security Advisory 51083

Secunia Security Advisory - A security issue has been reported in JetPort 5600, which can be exploited by malicious people to compromise a vulnerable device.

Inventory 1.0 SQL Injection

Inventory version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Inventory 1.0 Cross Site Scripting

Inventory version 1.0 suffers from multiple cross site scripting vulnerabilities.

Layton Helpbox 4.4.0 SQL Injection

Layton Helpbox version 4.4.0 suffers from multiple remote SQL injection vulnerabilities.

Layton Helpbox 4.4.0 Authorization Bypass

Layton Helpbox version 4.4.0 suffers from an authorization bypass vulnerability.

Page 12: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

12

Layton Helpbox 4.4.0 Unencrypted Login

Layton Helpbox version 4.4.0 fails to use encrypted transport for logging users into the system.

Layton Helpbox 4.4.0 Password Disclosure

Layton Helpbox version 4.4.0 discloses login and password information for the database in an error page.

Layton Helpbox 4.4.0 Stored Cross Site Scripting

Layton Helpbox version 4.4.0 suffers from embedded cross site scripting vulnerabilities.

Layton Helpbox 4.4.0 Login Bypass

Layton Helpbox version 4.4.0 suffers from login bypass vulnerabilities due to improper cookie design.

Layton Helpbox 4.4.0 Cross Site Scripting

Layton Helpbox version 4.4.0 suffers from a reflective cross site scripting vulnerability.

Realplayer Watchfolders Long Filepath Overflow

Realplayer version 15.0.5.109 is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility.

WAF-FLE ModSecurity Console 0.6.0rc2

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Perl 5 Memory Corruption

The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.

Allscripts Homecare Client Local Memory Corruption

Allscripts Homecare client versions 6.1.0 and 7.0.1 suffer from a local memory corruption vulnerability.

Gramophone 0.01b1 Cross Site Scripting

Gramophone version 0.01b1 suffers from a cross site scripting vulnerability.

Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack

Arora version 0.10.0 suffers from a DLL hijacking vulnerability

hMailServer 5.3.3 Remote Denial Of Service

hMailServer version 5.3.3 IMAP remote crash proof of concept exploit.

Secunia Security Advisory 51152

Secunia Security Advisory - ERPScan has reported a vulnerability in SAP NetWeaver Process Integration, which can be exploited by malicious people to disclose potentially sensitive information.

Secunia Security Advisory 51154

Secunia Security Advisory - Ubuntu has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

Page 13: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

13

Linux Distributions

Debian (18)

Secunia Security Advisory 51112

Secunia Security Advisory - Debian has issued an update for request-tracker3.8. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct spoofing attacks, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.

Debian Security Advisory 2565-1

Debian Linux Security Advisory 2565-1 - Multiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser.

Debian Security Advisory 2562-1

Debian Linux Security Advisory 2562-1 - cups-pk-helper, a PolicyKit helper to configure cups with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The user would have to explicitly approve the action.

Debian Security Advisory 2563-1

Debian Linux Security Advisory 2563-1 - Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories.

Debian Security Advisory 2564-1

Debian Linux Security Advisory 2564-1 - gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers.

Debian Security Advisory 2565-1

Debian Linux Security Advisory 2565-1 - Multiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser.

Debian Security Advisory 2562-1

Debian Linux Security Advisory 2562-1 - cups-pk-helper, a PolicyKit helper to configure cups with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The user would have to explicitly approve the action.

Debian Security Advisory 2563-1

Debian Linux Security Advisory 2563-1 - Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories.

Debian Security Advisory 2564-1

Debian Linux Security Advisory 2564-1 - gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers.

Secunia Security Advisory 51074

Secunia Security Advisory - Debian has issued an update for tinyproxy. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Secunia Security Advisory 50970

Secunia Security Advisory - Debian has issued an update for iceweasel. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

Page 14: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

14

Secunia Security Advisory 51072

Secunia Security Advisory - Debian has issued an update for viewvc. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

Debian Security Advisory 2566-1

Debian Linux Security Advisory 2566-1 - It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.

Debian Security Advisory 2567-1

Debian Linux Security Advisory 2567-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.

Debian Security Advisory 2568-1

Debian Linux Security Advisory 2568-1 - IT was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class.

Debian Security Advisory 2569-1

Debian Linux Security Advisory 2569-1 - Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client.

Secunia Security Advisory 51115

Secunia Security Advisory - Debian has issued an update for exim4. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Secunia Security Advisory 51111

Secunia Security Advisory - Debian has issued an update for rtfm. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

Mandriva (1)

Mandriva Linux Security Advisory 2012-168

Mandriva Linux Security Advisory 2012-168 - hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service via a small TLS Message Length value in an EAP-TLS message with the More Fragments flag set. The updated packages have been patched to correct these issues.

Red Hat (5)

Red Hat Security Advisory 2012-1401-01

Red Hat Security Advisory 2012-1401-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service

Red Hat Security Advisory 2012-1401-01

Red Hat Security Advisory 2012-1401-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service

Page 15: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

15

Red Hat Security Advisory 2012-1407-01

Red Hat Security Advisory 2012-1407-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Firefox to execute arbitrary code.

Red Hat Security Advisory 2012-1413-01

Red Hat Security Advisory 2012-1413-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code.

Secunia Security Advisory 51146

Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.

Slackware (1)

Slackware Security Advisory - mozilla-firefox Updates

Suse (2)

Secunia Security Advisory 51099

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and potentially gain escalated privileges and malicious people to cause a DoS.

Secunia Security Advisory 51155

Secunia Security Advisory - SUSE has issued an update for exim. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

Ubuntu (13)

Ubuntu Security Notice USN-1603-2

Ubuntu Security Notice 1603-2 - USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. Various other issues were also addressed.

Ubuntu Security Notice USN-1614-1

Ubuntu Security Notice 1614-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the corresponding updates for Ubuntu 12.10. Peter Bex discovered that Ruby incorrectly handled file path strings when opening files. An attacker could use this flaw to open or create unexpected files. Various other issues were also addressed.

Secunia Security Advisory 51087

Secunia Security Advisory - Ubuntu has issued an update for python3.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information and malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Page 16: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

16

Ubuntu Security Notice USN-1615-1

Ubuntu Security Notice 1615-1 - It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. Various other issues were also addressed.

Secunia Security Advisory 51087

Secunia Security Advisory - Ubuntu has issued an update for python3.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information and malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Secunia Security Advisory 51089

Secunia Security Advisory - Ubuntu has issued an update for python3.2. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to cause a DoS (Denial of Service).

Ubuntu Security Notice USN-1616-1

Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

Ubuntu Security Notice USN-1617-1

Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-1618-1

Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.

Ubuntu Security Notice USN-1620-1

Ubuntu Security Notice 1620-1 - Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. Various other issues were also addressed.

Ubuntu Security Notice USN-1619-1

Ubuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.

Secunia Security Advisory 51147

Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.

Page 17: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

17

Notifier L

Domain OS View

@UGBrazil

www.camarasaoborja.com.br F5 Big-IP mirror

1923Turk

redeuniva.acidi.gov.pt Linux mirror

1923Turk

webserv.acidi.gov.pt/eacidi/ Linux mirror

1923Turk

paai.acidi.gov.pt Linux mirror

1923Turk

www.biblioteca.provincia.cosen... Linux mirror

3n_byt3

ketenagaan.pptkpaudni.kemdikna... Linux mirror

3n_byt3

new.paudni.kemdikbud.go.id/dik... FreeBSD mirror

3n_byt3

new.paudni.kemdiknas.go.id/dik... FreeBSD mirror

ABCsHack

anati.gob.pa/indexno.php Linux mirror

AL.MaX HaCkEr

www.dicrep.gob.cl/contra_to/in... Linux mirror

AL.MaX HaCkEr

www.remcommission.gov.za/x.html FreeBSD mirror

AL.MaX HaCkEr

app.mohfw.gov.bd/leave/x.html Linux mirror

alex_owners

inspektorat.slemankab.go.id Linux mirror

alex_owners

bpbd.slemankab.go.id Linux mirror

alex_owners

bkd.slemankab.go.id Linux mirror

alex_owners

dprd.slemankab.go.id Linux mirror

alex_owners

capilwp.slemankab.go.id Linux mirror

alex_owners

bp3kprambanan.slemankab.go.id Linux mirror

alex_owners

berbahkec.slemankab.go.id Linux mirror

alex_owners

wisata.bengkuluprov.go.id Linux mirror

alex_owners

kp2t.bengkuluprov.go.id Linux mirror

alex_owners

bkpmd.bengkuluprov.go.id Linux mirror

alex_owners

satpolpp.bengkuluprov.go.id Linux mirror

This section of the CIR is dedicated to inform the public of website defacements that have targeted either larger organizations or government agencies. The perpetrators of these attacks are all over the world and have different reasons for hacking that range from curiosity to hacktavism to state sponsored espionage/cyber warfare activity.

Page 18: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

18

alex_owners

rsudmyunus.bengkuluprov.go.id Linux mirror

alex_owners

rsmy.bengkuluprov.go.id Linux mirror

alex_owners

latihan.bengkuluprov.go.id Linux mirror

alex_owners

kpid.bengkuluprov.go.id Linux mirror

alex_owners

inspektorat.bengkuluprov.go.id Linux mirror

alex_owners

esdm.bengkuluprov.go.id Linux mirror

alex_owners

elearning.bengkuluprov.go.id Linux mirror

alex_owners

dkp.bengkuluprov.go.id Linux mirror

alex_owners

distan.bengkuluprov.go.id Linux mirror

alex_owners

dispenda.bengkuluprov.go.id Linux mirror

alex_owners

disnakkeswan.bengkuluprov.go.id Linux mirror

alex_owners

disnaker.bengkuluprov.go.id Linux mirror

alex_owners

diskoperindag.bengkuluprov.go.id Linux mirror

alex_owners

dishut.bengkuluprov.go.id Linux mirror

alex_owners

dishubkominfo.bengkuluprov.go.id Linux mirror

alex_owners

dinkessos.bengkuluprov.go.id Linux mirror

alex_owners

dinaspu.bengkuluprov.go.id Linux mirror

alex_owners

dinasperkebunan.bengkuluprov.g... Linux mirror

alex_owners

diknas.bengkuluprov.go.id Linux mirror

alex_owners

bpmpd.bengkuluprov.go.id Linux mirror

alex_owners

bpad.bengkuluprov.go.id Linux mirror

alex_owners

blh.bengkuluprov.go.id Linux mirror

alex_owners

bkp.bengkuluprov.go.id Linux mirror

alex_owners

balitbang.bengkuluprov.go.id Linux mirror

alex_owners

bakorluh.bengkuluprov.go.id Linux mirror

alex_owners

bengkuluprov.go.id Linux mirror

alex_owners

badandiklat.bengkuluprov.go.id Linux mirror

Ali TOOFAN

mendereshem.gov.tr/images/HZ.htm Win 2003 mirror

AngryCustomers

www.comcaja.gov.co Linux mirror

Armadillo.DZ

www.inteko.gov.rw/parliament/i... Win 2008 mirror

Armadillo.DZ

www.rwandaparliament.gov.rw/pa... Win 2008 mirror

ArTiN

dslr.kerala.gov.in/templates/k... Unknown mirror

ArTiN

sabarimala.kerala.gov.in//temp... Linux mirror

ArTiN

www.swd.kerala.gov.in FreeBSD mirror

ArTiN

www.homoeopathycouncil.kerala.... Win 2000 mirror

ArTiN

www.elephantcentre.kerala.gov.... Win 2000 mirror

As_x0rs

rsj.jabarprov.go.id/media.php?... FreeBSD mirror

As_x0rs

disnakertrans.jabarprov.go.id FreeBSD mirror

Ashiyane Digital Security Team

bangkok.cad.go.th/templates/an... Win 2003 mirror

Page 19: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

19

Ashiyane Digital Security Team

chiangmai.cad.go.th/angola.html Win 2003 mirror

Ashiyane Digital Security Team

www.jsmfm.gov.cn Win 2003 mirror

Ashiyane Digital Security Team

phayayen.go.th/crypt0.htm Linux mirror

Ashiyane Digital Security Team

muaklek.go.th/crypt0.htm Linux mirror

Ashiyane Digital Security Team

bangkhanoon.go.th Linux mirror

Audisoft Hacker Team

www.ministeriodeltrabajo.cl Linux mirror

Audisoft Hacker Team

www.minecon.gob.cl Linux mirror

Audisoft Hacker Team

www.minecon.cl Linux mirror

Audisoft Hacker Team

www.economia.cl Linux mirror

Audisoft Hacker Team

www.economia.gob.cl Linux mirror

Baader Meinhof

ww2.prt23.mpt.gov.br/agendaCor... Linux mirror

BaDBoY-ALbania

www.fatihism.gov.tr Linux mirror

Bangladesh Cyber Army

ibten.gob.bo/portal/index.php?... Linux mirror

Bangladesh Cyber Army

paulistas.mg.gov.br/home/?p=414 Linux mirror

Bangladesh Cyber Army

ctpmsj.sc.gov.br/cc/ Linux mirror

Barbaros-DZ

www.xxjw.gov.cn Win 2003 mirror

Barbaros-DZ

cazx.pljy.gov.cn Win 2003 mirror

Barbaros-DZ

jhj.sqds.gov.cn Win 2008 mirror

Barbaros-DZ

pytj.pingyuan.gov.cn Win 2000 mirror

Barbaros-DZ

kcscgwh.shaheshi.gov.cn Win 2003 mirror

Barbaros-DZ

xnfb.gssn.gov.cn Win 2008 mirror

Barbaros-DZ

bmj.zhumadian.gov.cn Win 2008 mirror

Barbaros-DZ

www.hljsunwu.gov.cn/swfda/ Win 2003 mirror

Barbaros-DZ

jz.smehen.gov.cn Win 2003 mirror

Barbaros-DZ

txlyj.tx.gov.cn Unknown mirror

BD GREY HAT HACKERS

www.sednortedesantander.gov.co... Linux mirror

BD GREY HAT HACKERS

www.semitagui.gov.co/tmp/ Linux mirror

BD GREY HAT HACKERS

saburaijuakab.go.id Linux mirror

Black Angels

summary.bappenas.go.id/?id=425 Linux mirror

Black Angels

ibau.bappenas.go.id/data/index... Linux mirror

Black Angels

irtama.bappenas.go.id/?page=home Linux mirror

Black Angels

kgm.bappenas.go.id/index.php?h... Linux mirror

busabos

tourism.cityofsanfernando.gov.... Linux mirror

BY DRISS

www.tako.moph.go.th/takmoph_new Linux mirror

c1m

prepare.surabaya.go.id/data/ke... Win 2003 mirror

chinahacker

www.hbsjgj.gov.cn/dhthacker.co... Win 2003 mirror

chinahacker

csgh.hbsjst.gov.cn/dhthacker.c... Win 2003 mirror

chinahacker

www.lhkgh.gov.cn/dhthacker.com... Win 2003 mirror

chinahacker

www.gsgh.gov.cn/dhthacker.com.htm Win 2003 mirror

Page 20: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

20

chinahacker

csgh.hbzfhcxjst.gov.cn/dhthack... Win 2003 mirror

chinahacker

www.tmgh.gov.cn/dhthacker.com.htm Win 2003 mirror

chinahacker

www.dayegh.gov.cn/dhthacker.co... Win 2003 mirror

chinahacker

www.hbzfhcxjst.gov.cn/dhthacke... Win 2003 mirror

chinahacker

www.ezjsw.gov.cn/dhthacker.com... Win 2003 mirror

chinahacker

www.hbza.gov.cn/dhthacker.com.htm Win 2003 mirror

COod,PiiN 17

chiangpin.go.th Linux mirror

CoRiNgA CrAcKeR

www.globoteatro.com.br/fotos-1... Win 2008 mirror

Cyb3rSec

www.munisantiagodechuco.gob.pe... Linux mirror

Cyberhackerteam

www.zjgcz.gov.cn Linux mirror

DaiLexX

www.ksk.pkink.gov.my/images/ko... Linux mirror

DaiLexX

www.pkink.gov.my/v3/images/kos... Linux mirror

DaiLexX

komunavelipoje.gov.al Linux mirror

Dbuzz

bimakab.go.id/db.txt Linux mirror

Dbuzz

dekranasda.bimakab.go.id/db.txt Linux mirror

Dbuzz

dishubkominfo.bimakab.go.id Linux mirror

De vinclous

dremhuanuco.gob.pe Linux mirror

DevilzSec

www.bangkeiad.go.th//images/ba... Linux mirror

direxer

foxmoviespremium.fox.co.id/pro... Linux mirror

Dr.3aBQaReNo

napongloei.go.th Unknown mirror

Dr.SHA6H

yonkav2tank.mil.id/tmp/ Linux mirror

Dr-TaiGaR

imagerie-digestive.med.univ-to... Linux mirror

Dr-TaiGaR

scanner_urgence_abdo.med.univ-... Linux mirror

Flan Bn Flan

www.sigpad.gov.co Win 2003 mirror

GARWASHA

eoin.gov.sa/vb Linux mirror

Ghost Italian Hackers

www.napo.gob.ec Linux mirror

HacKed By LaMiN3 DK

static.alcaldiadeibague.gov.co... Linux mirror

HacKed By LaMiN3 DK

u618.univ-tours.fr/robots.txt Linux mirror

hatrk

newrussiatownship-oh.gov/cms/t... Linux mirror

HeavenCode

www.maetom.go.th/index.php Linux mirror

HeavenCode

www.ku.go.th/index.php Linux mirror

HeavenCode

www.krasaesin.go.th/index.php Linux mirror

HighTech

hncj.hnbys.gov.cn/index.html Win 2003 mirror

HighTech

fenorte.rj.gov.br Win 2008 mirror

Hmei7

suzuki.com.bo Linux mirror

Hmei7

www.geoportal.e-kyzylorda.gov.... Win 2003 mirror

Hmei7

motorola.hr Linux mirror

Indishell

www.imli.gov.bd Linux mirror

Indishell

www.tourismboard.gov.bd Linux mirror

Page 21: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

21

Indishell

www.moc-bd.gov.bd Linux mirror

Indishell

www.dphaha-nipsom.gov.bd Linux mirror

Indishell

www.hsttimymensingh.gov.bd Linux mirror

Indishell

www.d8dhaka.gov.bd Linux mirror

Indishell

www.bnfe.gov.bd Linux mirror

Indishell

brussels.mofa.gov.bd Linux mirror

Indishell

lbra.mofa.gov.bd Linux mirror

Indishell

www.multan.gov.pk/upload Linux mirror

Indishell lamers

www.poultry.punjab.gov.pk/agre... Win 2008 mirror

Indishell lamers

unido.org.pk/unido/libya.txt Linux mirror

Invectus

dig.xvm.mit.edu/redmine/activity/ Linux mirror

IR-security-LAMERS

www.shaanxigrain.gov.cn/l0rd.htm Win 2003 mirror

IR-security-LAMERS

cgs.tyjj.gov.cn/l0rd.htm Win 2003 mirror

islamic ghosts team

www.nuped.letras.ufba.br Linux mirror

Jas0nz666

dkbbkftz.go.id Linux mirror

Jas0nz666

dinkes.jogjaprov.go.id/jkt48.php Linux mirror

Jas0nz666

www.bbkkp.go.id/jkt48.php Linux mirror

KHS

gevgelija.gov.mk Linux mirror

Kinoz TD

www.ubonmet.tmd.go.th/vision.php Linux mirror

klod fajraoui

www.far.fiocruz.br/farmanguinhos/ Linux mirror

klod fajraoui

www2.far.fiocruz.br/farmanguin... Linux mirror

Kzsg

www.mairie-chateau-landon.fr Linux mirror

LUN4T1C0

fauna.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sismagrov1.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-valparaiso.sag.gob.cl/x... Win 2003 mirror

LUN4T1C0

segcom-tarapaca.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-ohiggins.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-metropolitana.sag.gob.c... Win 2003 mirror

LUN4T1C0

segcom-maule.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-magallanes.sag.gob.cl/x... Win 2003 mirror

LUN4T1C0

segcom-loslagos.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-coquimbo.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-aysen.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-atacama.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-arica.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-araucania.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

segcom-antofagasta.sag.gob.cl/... Win 2003 mirror

LUN4T1C0

furihistorico.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

furi.sag.gob.cl/x.txt Win 2003 mirror

Page 22: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

22

LUN4T1C0

idase.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

lobesia.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

lotes.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

maestrosag.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

microimagenes.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

monitor-regexppec.sag.gob.cl/x... Win 2003 mirror

LUN4T1C0

predistribucion.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

repsisveg.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

reqmercado.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

reqpecuario.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sf-sipec.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sipecflash.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sipec-regapicola.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sisacr-monitor.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sisber.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

siscexp.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sisimp-monitor.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sislab-monitor.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sispmex.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sispusa.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

sjs.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

snaa.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

svyv.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

wsipec.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

descolgados.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

defensa.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

csm.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

controlrechazos.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

biblioteca.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

alimentos.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

agendamientousda.sag.gob.cl/x.txt Win 2003 mirror

LUN4T1C0

agendamiento.sag.gob.cl/x.txt Win 2003 mirror

m0m0

pn-kisaran.go.id Linux mirror

m0m0

lampungtengahkab.go.id Linux mirror

m0m0

pa-kudus.go.id Linux mirror

malware

www.esechitaraque.gov.co Linux mirror

Maxney

pizzahut.co.id Linux mirror

mcstone

hospitallibano.gov.co Linux mirror

MDS

www.mete.gov.al/foto/index.php Win 2008 mirror

Page 23: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

23

MexicanH

vivedigital.gov.co Linux mirror

MexicanH

compartel.gov.co Linux mirror

MexicanH

mintic.gov.co Linux mirror

Micky

ntprcc.gov.vn Linux mirror

MindCracker

dinkes.sijunjung.go.id Linux mirror

MindCracker

eproc.sijunjung.go.id Linux mirror

MindCracker

sulawesitenggaraprov.go.id Linux mirror

MindCracker

pa-tangerangkota.go.id Linux mirror

MindCracker

galerifoto.pa-tangerangkota.go.id Linux mirror

MoroccanGhosts

keno.fr Linux mirror

MoroccanGhosts

www.euromillions.fr Linux mirror

MoroccanGhosts

parionssport.fr Linux mirror

ms_dz

www.coren-pb.gov.br Linux mirror

ms_dz

www.corenpb.gov.br Linux mirror

n4pst3r

www.parquesnacionales.gov.co/i... Linux mirror

NeT-Hawks

www.maraguacountycouncil.go.ke Linux mirror

Over-X

www1.southindianbank.com/index... Win 2008 mirror

Over-X

www2.southindianbank.com/asp/ Win 2008 mirror

Over-X

www.eu-pregovori.hr/images/ Win 2003 mirror

PAOK

hplsa2012.mam.gov.tr/paok.html Win 2003 mirror

PAOK

durak.mam.gov.tr/dekos/paok.html Win 2003 mirror

PAOK

biyoteknolojiyazokulu.mam.gov.... Win 2003 mirror

PAOK

trijen.mam.gov.tr/paok.html Win 2003 mirror

PcChoLik

www.ylsdhb.gov.cn/index.htm Win 2003 mirror

PcChoLik

www.wbhb.gov.cn/index.htm Win 2003 mirror

PcChoLik

ylyyhb.gov.cn/index.htm Win 2003 mirror

PcChoLik

ylzzhb.gov.cn/index.htm Win 2003 mirror

PcChoLik

jbhb.gov.cn/index.php Win 2003 mirror

privatex

marina.gov.ph Win 2008 mirror

privatex

mtc.gov.ph Win 2008 mirror

PrivateX

ntc.gov.ph Linux mirror

Q8 Spy

www.imer.gob.mx/haCked.php Linux mirror

Q8 Spy

www.vieja.imer.gob.mx/haCked.php Linux mirror

Q8 Spy

www.cursosrmi.imer.gob.mx/haCk... Linux mirror

Q8 Spy

www.cursosglobal.imer.gob.mx/h... Linux mirror

Q8 Spy

www.capsulas.imer.gob.mx/haCke... Linux mirror

Q8 Spy

www.blogprogramas.imer.gob.mx/... Linux mirror

Q8 Spy

www.adserver.imer.gob.mx/haCke... Linux mirror

Q8 Spy

www.promociones.imer.gob.mx/ha... Linux mirror

Page 24: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

24

Q8 Spy

www.recursos.imer.gob.mx/haCke... Linux mirror

Q8 Spy

www.horizonte.imer.gob.mx/haCk... Linux mirror

RainsevenDotMy

www.namnoi.go.th//images/otop/... Linux mirror

RainsevenDotMy

www.padangbezarcity.go.th/imag... Linux mirror

RainsevenDotMy

www.kohyai.go.th/index.php Linux mirror

s13doeL

shyrk.gov.cn/zongg/daima.asp?i... Win 2003 mirror

SaccaFrazi

www.wdjw.ynwd.gov.cn/Sf.txt Win 2003 mirror

SanFour25

rciregistration.nic.in/rehabco... Linux mirror

SanFour25

policewb.gov.in/wbp/counter.txt Linux mirror

SanFour25

birapdbt.nic.in/video/Dz.php Linux mirror

SanFour25

gpra.nic.in/writereaddata/Dz.php Linux mirror

SanFour25

www.diu.gov.in/departments/Dz.php Linux mirror

SanFour25

www.rac.gov.in/experts/Dz.php Linux mirror

SanFour25

iii.gov.in/tmp/Dz.php Linux mirror

Saudi - Hack

amp.gob.sv Win 2008 mirror

Sheep139

tejakula.bulelengkab.go.id/nul... Linux mirror

Sheep139

sawan.bulelengkab.go.id/null.php Linux mirror

Sheep139

pu.bulelengkab.go.id/null.php Linux mirror

Sheep139

pkk.bulelengkab.go.id/null.php Linux mirror

Sheep139

kpt.bulelengkab.go.id/null.php Linux mirror

Sheep139

kopdagperin.bulelengkab.go.id/... Linux mirror

Sheep139

kominfo.bulelengkab.go.id/null... Linux mirror

Sheep139

kesbanglinmas.bulelengkab.go.i... Linux mirror

Sheep139

kbpp.bulelengkab.go.id/null.php Linux mirror

Sheep139

hutbun.bulelengkab.go.id/null.php Linux mirror

Sheep139

gerokgak.bulelengkab.go.id/nul... Linux mirror

Sheep139

dprd.bulelengkab.go.id/null.php Linux mirror

Sheep139

distanak.bulelengkab.go.id/nul... Linux mirror

Sheep139

dispenda.bulelengkab.go.id/nul... Linux mirror

Sheep139

disnakertrans.bulelengkab.go.i... Linux mirror

Sheep139

diskanla.bulelengkab.go.id/nul... Linux mirror

Sheep139

dishutbun.bulelengkab.go.id/nu... Linux mirror

Sheep139

disbudpar.bulelengkab.go.id/nu... Linux mirror

Sheep139

dinkes.bulelengkab.go.id/null.php Linux mirror

Sheep139

busungbiu.bulelengkab.go.id/nu... Linux mirror

Sheep139

bulelengkab.go.id/null.php Linux mirror

Sheep139

bkd.bulelengkab.go.id/null.php Linux mirror

Sheep139

bappeda.bulelengkab.go.id/null... Linux mirror

Sheep139

bankdata.bulelengkab.go.id/nul... Linux mirror

Page 25: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

25

Sheep139

banjar.bulelengkab.go.id/null.php Linux mirror

Sheep139

lpse.bengkulutengahkab.go.id/i... Linux mirror

Sheep139

dprd.bengkulutengahkab.go.id/i... Linux mirror

Sheep139

bkd.bengkulutengahkab.go.id/id... Linux mirror

Sheep139

bappeda.bengkulutengahkab.go.i... Linux mirror

ShinoBi-Dz

phsmun.go.th Linux mirror

ShinoBi-Dz

nakornphitsanulokgames.phsmun.... Linux mirror

ShinoBi-Dz

calendar.phsmun.go.th Linux mirror

SQLulZ

www.mct.gov.az/headers/index.html Linux mirror

storm511

www.eva.gov.sa Linux mirror

Terminal_Pk

www.cinep.pb.gov.br/site/sistema Linux mirror

The UnderTaker

softekwebsrv.dtop.gov.pr/notic... Win 2003 mirror

TURK KURSUNU

www.livestock.kerala.gov.in FreeBSD mirror

TURK KURSUNU

www.cwb.kerala.gov.in FreeBSD mirror

TURK KURSUNU

www.cimat.kerala.gov.in FreeBSD mirror

TURK KURSUNU

www.dsya.kerala.gov.in FreeBSD mirror

ulow

wap.hcqrd.gov.cn/a.htm Win 2003 mirror

ulow

oa.hcqrd.gov.cn/a.htm Win 2003 mirror

ulow

www.llc.gov.cn/zongg/daima.asp... Win 2003 mirror

ulow

sj.fengkai.gov.cn/zongg/daima.... Win 2003 mirror

ulow

www.barangay.gov.ph Linux mirror

ulow

www.jlsjtysj.gov.cn/zongg/daim... Win 2008 mirror

ulow

www.bansud.gov.ph Linux mirror

ulow

pzrf.gov.cn/zongg/daima.asp?id=69 Win 2003 mirror

UTEPA

www.cxmeerutzone.gov.in/aboutu... Win 2008 mirror

UTEPA

www.mairie-prechac-sur-adour.f... Linux mirror

uykusuz001

www.ynwd.gov.cn/tr.txt Win 2003 mirror

uykusuz001

www.wgwj.gov.cn/tr.txt Win 2003 mirror

uykusuz001

www.chrk.gov.cn/tr.txt Win 2003 mirror

uykusuz001

wenlian.kashi.gov.cn/tr.txt Win 2003 mirror

uykusuz001

waiban.kashi.gov.cn/tr.txt Win 2003 mirror

uykusuz001

unit.kashi.gov.cn/tr.txt Win 2003 mirror

uykusuz001

pbc.kashi.gov.cn/tr.txt Win 2003 mirror

uykusuz001

caizheng.kashi.gov.cn/tr.txt Win 2003 mirror

uykusuz001

bianban.kashi.gov.cn/tr.txt Win 2003 mirror

uykusuz001

subsite.kashi.gov.cn/tr.txt Win 2003 mirror

uykusuz001

www.yunxi.gov.cn/tr.txt Win 2003 mirror

uykusuz001

www.hyjtw.gov.cn/tr.txt Win 2003 mirror

VolcanoHacker

www.fsi.gov.ph Linux mirror

Page 26: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

26

web hacker

jdp.cri2.go.th/data/research_1... Linux mirror

wesker Hacker

www.pkdcity.go.th Linux mirror

wesker Hacker

csdc.go.th Linux mirror

Y3OULS

www.concejodecartago.gov.co/wp... F5 Big-IP mirror

ynR !

www.mnrt.go.tz/images/ynr.php Linux mirror

z3ran gaza hack3er tema

starizanati.gov.rs F5 Big-IP mirror

ZiqoR

www.sedarauca.gov.co/arauca/tmp/ Linux mirror

ZiqoR

www.keciorenmuftulugu.gov.tr/z... Linux mirror

ZiyaretCi

www.meramram.gov.tr Linux mirror

ZiyaretCi

sahinbeyram.gov.tr/img Win 2003 mirror

ZiyaretCi

www.trabzonkanuni.gov.tr Linux mirror

ZiyaretCi

www.trabzonnumune.gov.tr Linux mirror

ZoRRoKiN

concejodepopayan.gov.co Linux mirror

ZoRRoKiN

eoi.extalcaladehenares.arganda... Linux mirror

ZoRRoKiN

ww2.semptoshiba.com.br/express... Win 2003 mirror

Page 27: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

27

N° Notifier Single def. Mass def. Total def. Homepage def. Subdir def.

1. Barbaros-DZ 3209 157 3366 1020 2346

2. Ashiyane Digital Security Team 2496 3228 5724 1047 4677

3. Hmei7 2072 1170 3242 706 2536

4. LatinHackTeam 1428 1276 2704 2254 450

5. iskorpitx 1322 953 2275 784 1491

6. Fatal Error 1017 1127 2144 1764 380

7. chinahacker 883 1317 2200 4 2196

8. MCA-CRB 851 621 1472 367 1105

9. By_aGReSiF 748 1424 2172 802 1370

10. 3n_byt3 626 1809 2435 848 1587

11. HEXB00T3R 604 630 1234 405 829

12. Red Eye 579 1551 2130 2093 37

13. uykusuz001 540 153 693 34 659

14. brwsk007 525 177 702 24 678

15. Mafia Hacking Team 496 589 1085 322 763

16. Swan 495 258 753 219 534

17. Digital Boys Underground Team 461 441 902 179 723

18. Iran Black Hats Team 458 326 784 417 367

19. 1923Turk 422 1487 1909 421 1488

20. DeltahackingSecurityTEAM 415 443 858 232 626

21. Over-X 403 1469 1872 1219 653

22. D.O.M 392 645 1037 824 213

23. kaMtiEz 391 390 781 238 543

24. ZoRRoKiN 386 198 584 107 477

25. Triad 375 315 690 397 293

26. [#Elite Top Team] 362 303 665 570 95

27. sinaritx 359 98 457 160 297

28. k4L0ng666 350 1204 1554 222 1332

29. core-project 313 325 638 629 9

30. Ma3sTr0-Dz 313 735 1048 300 748

31. linuXploit_crew 311 166 477 477 0

32. misafir 299 298 597 219 378

33. Turkish Energy Team 284 216 500 296 204

34. ISCN 274 123 397 96 301

35. !nf3rN.4lL 262 376 638 176 462

36. PoizonB0x 251 3 254 254 0

37. NeT-DeViL 249 258 507 334 173

38. eMP3R0r TEAM 240 306 546 136 410

39. PowerDream 237 164 401 174 227

40. Vezir.04 236 111 347 152 195

41. KHG 233 281 514 210 304

42. S4t4n1c_S0uls 230 144 374 311 63

43. Hi-Tech Hate 223 6 229 229 0

44. XTech Inc 223 328 551 548 3

45. BeLa 210 123 333 147 186

46. spook 209 31 240 40 200

47. m0sted 208 207 415 106 309

48. Prime Suspectz 205 0 205 205 0

49. the freedom 198 136 334 22 312

50. c4uR 191 383 574 397 177

Page 28: Author: Jeremy Martin, CISSP-ISSMP/ISSAP, CISM, CEH/LPT ...informationwarfarecenter.com/cir/archived/pre/IWC... · CIR 2 Anonymous (13) Anonymous deface UK Police forum and Dating

CIR

28

Internet Storm Center Top 10 Ports

Top 10 Source IPs

IP Address Reports Attacks First Seen Last Seen

069.175.126.170 (US) 667,102 143,938 2012-07-11 2012-10-30

115.248.142.082 () 726,327 134,063 2012-10-03 2012-10-30

183.063.031.122 (CN) 299,995 116,310 2012-09-04 2012-10-30

037.009.053.002 (RU) 469,874 107,028 2012-09-12 2012-10-30

222.043.097.006 (CN) 582,465 106,643 2012-06-27 2012-10-30

203.171.230.050 (CN) 81,390 80,068 2012-10-19 2012-10-29

069.175.054.106 (US) 1,274,772 79,566 2012-07-14 2012-10-30

061.147.110.057 (CN) 99,631 75,652 2012-10-30 2012-10-30

199.030.059.172 (US) 171,494 73,949 2012-06-14 2012-10-30

199.030.058.121 (US) 182,969 73,465 2012-09-07 2012-10-30

Resources: DC3 DISPATCH [email protected] FBI In the New [email protected] Zone-h www.zone-h.org Xssed www.xssed.com Packet Storm Security www.packetstormsecurity.org Sans Internet Storm Center isc.sans.org Exploit Database www.exploit-db.com Exploits Database www.exploitsdownload.com Islamic Republic of Iran Security Team irist.ir Hack-DB www.hack-db.com Infragard www.infragard.org ISSA www.issa.org Information Warfare Center informationwarfarecenter.com Secunia www.secunia.org Tor Network If you do not want to receive future emails from us, contact [email protected]

by Reports by Targets by Sources

Port Reports

445 1010483

3389 588006

443 563127

80 374478

22 274012

5060 254687

57695 238588

57778 230173

57694 190135

135 173854

Port Targets

22 96906

3389 73498

5060 67614

443 62811

135 58838

3306 57955

445 50878

1433 49051

8080 38499

5901 36087

Port Sources

445 49766

57778 22025

57692 21927

57695 21813

57694 21602

31302 20440

57691 20165

46012 20040

57687 19973

45915 19956