Category Archives: Security Response News

Phishers Offer Rita Ora’s Video

Contributor: Avdhoot Patil
Celebrity scandals are always popular and phishers are keen on incorporating them into their phishing sites. Recently, we observed a phishing site featuring British singer and actress Rita Ora. The phishing site was hosted on…

Increase in Pump and Dump Stock Spam

In the last few weeks we have observed a drastic increase in “penny stock” spam emails. In 2011 Symantec published a blog entitled Global Debt Crises News Drives Pump-and-Dump Stock Scams, which also dealt with this type of spam.

Penny stocks, also known as cent stocks, are shares in small companies that trade at low prices, often as low as a few cents per share. Penny stocks are a very popular topic used by spammers. The spam emails advertise the cheap shares and state that the company is on the verge of becoming very successful and that the value of the shares will rise significantly. The emails make out that the company is more valuable than it actually is and implies that they have just created some major product or are on the verge of a breakthrough and that the share value is tipped to rise dramatically. The aim is to increase sales of the stock, which in turn raises the value, then the fraudster can sell their penny stocks for significantly more than they paid for them. This stock fraud method is known as “pump and dump.”

We are seeing various spam methods being used in stock spam such as broken words, obfuscation with irrelevant line spaces, and insertion of randomized characters in the header or body of the emails etc.

Figure1.png

Figure 1. Penny stock spam emails

Symantec is observing an increase in spam volume related to stock spam, which can be seen in the below graph.

Figure2.jpg

Figure 2: Volume trend of stock spam email

Below are the most frequently observed subject lines in these attacks:

  • Subject: Stock Picking Contest, Sign Up Today
  • Subject: “Before The Close” From Standout Stocks!
  • Subject: A Royal Treat To Start The Week
  • Subject: Expect More from this Bull
  • Subject: Explosive Pick Coming
  • Subject: It Is Our Hot New Trade Alert!
  • Subject: Its trading levels could be Set to Explode!
  • Subject: Let`s Do It Again! Tonight We Have Another Breaking Bull!
  • Subject: This Company Shows Gains
  • Subject: This Company shows Strength
  • Subject: What a Fantastic Week! Our Members had the Opportunity to Make Some Serious Gains!

Symantec advises users to be cautious when handling unsolicited or unexpected emails and to update antispam signatures regularly. Symantec is closely monitoring these “pump and dump” spam attacks and will continue monitoring this trend to keep our readers updated.

Microsoft Patch Tuesday – May 2013

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing 10 bulletins covering a total of 33 vulnerabilities. Eleven of this month’s issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the May releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-May

The following is a breakdown of the issues being addressed this month:

  1. MS13-037 Cumulative Security Update for Internet Explorer (2829530)

    Internet Explorer Use After Free Vulnerability (CVE-2013-1306) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    JSON Array Information Disclosure Vulnerability (CVE-2013-1297) MS Rating: Important

    An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access and read the contents of JSON data files.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1309) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1307) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1308) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1310) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-0811) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1311) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-2551) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1312) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1313) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS13-038 Security Update for Internet Explorer (2847204)

    Internet Explorer Use After Free Vulnerability (CVE-2013-1347) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

  3. MS13-039 Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)

    HTTP.sys Denial of Service Vulnerability (CVE-2013-1305) MS Rating: Important

    A denial of service vulnerability exists in Windows Server 2012 and Windows 8 when the HTTP protocol stack (HTTP.sys) improperly handles a malicious HTTP header. An attacker who successfully exploited this vulnerability could trigger an infinite loop in the HTTP protocol stack by sending a specially crafted HTTP header to an affected Windows server or client.

  4. MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)

    XML Digital Signature Spoofing Vulnerability (CVE-2013-1336) MS Rating: Important

    A spoofing vulnerability exists when the Microsoft .NET Framework fails to properly validate the signature of a specially crafted XML file. An attacker who successfully exploited this vulnerability could modify the contents of an XML file without invalidating the signature associated with the file.

    Authentication Bypass Vulnerability (CVE-2013-1337) MS Rating: Important

    A security feature bypass vulnerability exists in the way that the Microsoft .NET Framework improperly creates policy requirements for authentication when setting up custom WCF endpoint authentication. An attacker who successfully exploited this vulnerability would have access to the endpoint functions as if they were authenticated, allowing an attacker to steal information or take any actions in the context of an authenticated user.

  5. MS13-041 Vulnerability in Lync Could Allow Remote Code Execution (2834695)

    Lync RCE Vulnerability (CVE-2013-1302) MS Rating: Important

    A remote code execution vulnerability exists when the Lync control attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing a target user to accept an invitation to launch specially crafted content within a Lync or Communicator session. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

  6. MS13-042 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)

    Publisher Negative Value Allocation Vulnerability (CVE-2013-1316) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Corrupt Interface Pointer Vulnerability (CVE-2013-1318) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Integer Overflow Vulnerability (CVE-2013-1317) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Buffer Overflow Vulnerability (CVE-2013-1320) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Return Value Handling Vulnerability (CVE-2013-1319) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Return Value Validation Vulnerability (CVE-2013-1321) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Invalid Range Check Vulnerability (CVE-2013-1322) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Incorrect NULL Value Handling Vulnerability (CVE-2013-1323) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Signed Integer Vulnerability (CVE-2013-1327) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Pointer Handling Vulnerability (CVE-2013-1328) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Buffer Underflow Vulnerability (CVE-2013-1329) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  7. MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)

    Word Shape Corruption Vulnerability (CVE-2013-1335) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Word parses content in Word files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  8. MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)

    XML External Entities Resolution Vulnerability (CVE-2013-1301) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Visio parses specially crafted XML files containing external entities.

  9. MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

    Windows Essentials Improper URI Handling Vulnerability (CVE-2013-0096) MS Rating: Important

    An information disclosure vulnerability exists when Windows Writer fails to properly handle a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system.

  10. MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)

    DirectX Graphics Kernel Subsystem Double Fetch Vulnerability (CVE-2013-1332) MS Rating: Important

    An elevation of privilege vulnerability exists when the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory.

    Win32k Buffer Overflow Vulnerability (CVE-2013-1333) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause system instability.

    Win32k Window Handle Vulnerability (CVE-2013-1334) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

??????????????????????????

      No Comments on ??????????????????????????

2013 年 4 月、シマンテックは、ヨーロッパの限定された組織を標的として高度なソーシャルエンジニアリング攻撃が続いているという警告を受け取りました。一連の攻撃で最も際立った特徴は、従業員または業務関係者になりすました攻撃者からの電話を被害者が受けているという点です。電話口の相手はフランス語で話し、電子メールで送信した請求書を処理してほしいと依頼してきます。

この攻撃で送られてきた電子メールの例を以下に示します。電子メールには通常、悪質なリンクが記載されているかファイルが添付されており、添付ファイルの正体はリモートアクセス型のトロイの木馬(RAT)、W32.Shadesrat の亜種です。
 

Email_Orangeless.png

図 1. スピア型フィッシング攻撃の電子メール
 

この攻撃は、2013 年 2 月には始まっていたことを示す証拠がありますが、フィッシングメールが送られてくるよりも前に電話がかかってくるようになったのは、ごく最近の 4 月になってからです。この攻撃は現在、フランスの企業に合わせてローカライズされていますが、フランス国外で営業している子会社も標的になっています。
 

Flags_2_Luxembourg.png

図 2. 感染した組織の国別の数
 

攻撃者が、攻撃に先立って被害者のメールアドレスと電話番号を入手していたことは明らかであり、その意味で準備は万端です。この攻撃で被害者になる傾向があるのは、企業の経理部門や財務部門に勤務する従業員です。請求書の処理が日常的な業務の一環なので、このワナが説得力を持ったとしても不思議ではありません。攻撃の各段階では慎重な計画を要しますが、ひとたび計画できれば最終的な攻撃の成功率は高くなります。
 

image3_1.png

図 3. 攻撃の一連のサイクル
 

今回の攻撃者の動機は、金銭の詐取以外に考えられません。企業の経理部門に勤務する従業員を標的にすれば、重要な会計情報にアクセスできる確率は高くなります。こうした従業員は、企業を代表して取引を処理する権限を持っている可能性もあるので、従業員がオンライン取引や大切な銀行口座情報に必要なセキュリティ証明書にアクセスできるとしたら、これほど価値のある標的はありません。このような従業員が、さらにソーシャルエンジニアリング攻撃を続けるために必要な情報源になってしまうことも考えられます。請求書や契約書からは、万全の攻撃を実行し続けるために必要なあらゆる情報(電子メール、電話、関連する購買/販売契約など)が手に入ります。

このような攻撃は現在までに増え続けていることから、企業は高度なソーシャルエンジニアリング攻撃に対してさらに厳重な警戒が必要です。攻撃者が限られた情報しか持っていない場合でも、電話で質問を重ねれば請求の正当性を判断できる可能性があります。また、個人を特定できる従業員情報が社外に保管されている場合には、たとえ請求書という形にすぎなくても、業務関係者が侵入を受けたときには不利な材料になってしまうことを意識してください。機密性の高い情報を扱う従業員は、そういった情報を安全な場所に必ず暗号化して保管すべきです。そのうえで、アクセスする際には、完全にパッチ適用済みで万全のセキュリティ対策を実施済みのコンピュータを使うようにしてください。

今回の攻撃に使われたトロイの木馬は、リモートアクセス型のトロイの木馬(RAT)、W32.Shadesrat です。W32.Shadesrat(別名 Blackshades)は、さまざまな攻撃者に利用されており、そのスキルレベルも多様です。一般に入手できるトロイの木馬であり、ライセンス料は年間 40~100 ドル程度です。2012 年 6 月には、FBI が世界的に展開していたおとり捜査の一環として、Blackshades プロジェクトの関係者のひとり、Michael Hogue(通称「xVisceral」)が逮捕されました。しかし、この RAT は依然としてさかんに開発が続いており、短期間で一掃される気配すらありません。
 

chart2234_0.png

図 4. W32.Shadesrat の感染件数(重複を数えず): 上位 10 カ国

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

Web ??????????

      No Comments on Web ??????????

過去数カ月間、Web サーバーが改ざんされ、そこでホストしているすべての Web サイトに悪質なリダイレクト機能がインジェクトされるケースの増加が確認されています。このブログで以前にご報告した悪質な Apache モジュール(Linux.ChaproTrojan.Apmod)もその一例でした。新たな例としては Linux.Cdorked があり、これについてはセキュリティ企業 ESET 社もブログ記事を掲載しています。

Linux.Cdorke の場合、悪質な Apache モジュールを設定リストに追加するのではなく、メインの httpd バイナリファイルを、改ざんしたバージョンに置き換えます。これにより、Linux.Cdorke は特殊な要求に反応し、応答を改ざんできるようになります。

http デーモンファイルを改ざんすることによって、昔ながらの逆接続シェルを通じて、または完全に共有メモリに格納されている設定を変更する特殊な HTTP 要求を通じて、制御が可能になります。要求文字列から解析されるコマンドトークンとしては、”DU”、”ST”、”T1″、”D1″ など 23 種類が特定されています。これらのコマンドが共有メモリのセクションを改ざんし、ブラックリストやリダイレクト先アドレスを変更したり、その他の機能を実行したりします。Linux.Cdorke の最大の狙いは、すでに述べたように、ホストされているあらゆる Web サイトにアクセスしたユーザーを別のサイトにリダイレクトすることです。このリダイレクトで、悪用ツールキットが仕込まれているドライブバイダウンロードのサイトやスパムサイトに誘導し、トラフィックを生成することができます。ブラックリストへの登録をすり抜けるためにリダイレクト先の URL が頻繁に更新されることは、言うまでもありません。

リダイレクトが発生するのは、特定の条件が満たされた場合に限られます。つまり、アクセス元の IP アドレスがブラックリストに載っていないこと、URI が管理ページに関連する特定のキーワードに一致しないこと、ユーザーエージェントがブラックリストに載っていないこと、クライアントに以前リダイレクトしたときの cookie がないこと、という条件があります。管理者のローカル IP アドレスはブラックリストに載っている場合が多く、アクセス先の URI もブラックリストに載っているので、管理者は悪質なサイトにリダイレクトされません。この点でも、Web サイトの管理者が感染を突き止めるのは難しくなります。

Explanation_Image_599px.png

図 1. 攻撃の特徴

この攻撃は、たとえば Web サイトのコンテンツ管理システム(CMS)に対する SQL インジェクション攻撃などを利用して悪質な iframe を静的な HTML Web サイトにインジェクトする通常の方法より、明らかに高度なものです。Web ページは処理中に改ざんされるので、ファイルが変更されていないかどうかを検証するために FTP 経由でサーバーにログインしても、改ざんがあったという証拠は得られません。そのレベルでは実際に改ざんは発生していないからであり、感染の痕跡を特定することは困難です。

しかも、この手口は何重にも巧妙になっています。サーバーにホストされている Web サイトはどれもデフォルトで感染しているためで、短時間で多数の被害者が出るおそれがあります。また、設定情報はすべて共有メモリセクションに保管されており、特殊なコマンド要求は Web サーバーのログにも残らないため、Linux.Cdorked はきわめて高いステルス性を備えています。そのため、感染しても長期にわたって見過ごされてしまう可能性があります。このタイプの攻撃は、今後も増えると予測されます。

攻撃者が、この Web サーバーにそもそも最初にどうやってアクセスできたのかという疑問に対しては、多くの答えが考えられます。これまでにも、cPanel や Plesk などの管理フレームワークの脆弱性を悪用することによってアクセスを許してしまった例がありました。もちろん、多くの場合に攻撃者が試すように、これらのパネルや SSH に対してパスワードの推測が実行された可能性もあります。いつものように、管理者はシステムを最新の状態に保ち、監視を続けるようにしてください。MD5 のハッシュ値をベンダーから提供されている正常なバイナリのリストと比較するか、または Debian プラットフォームであれば ‘rpm-verify’ などのコマンドを使って、Web サーバーのバイナリを検証することもお勧めします。ただし、攻撃者がサーバーにアクセスできることを忘れてはなりません。システムに残る痕跡すら改ざんされているかもしれないということです。

シマンテックは、このような悪質なリダイレクト攻撃からお客様を保護するために、IPS とウイルス対策の各種シグネチャを提供しています。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

A Phone Call, a Phish, and a Remote Access Trojan

In April 2013, Symantec was alerted to a series of sophisticated social-engineering attacks targeting a limited set of organizations in Europe. The most distinguishing feature of these attacks is that the victim will receive a phone call from the attac…

When Web Servers Serve Evil

      No Comments on When Web Servers Serve Evil

In the last few months, we have witnessed a rise in the number of cases of modified Web servers that inject malicious redirections into every website that it hosts. One example was the malicious Apache module (Linux.Chapro and Trojan.Apmod) that we blo…

Fake Promotional Offers Targeting UEFA Champions League 2013

The 58th season of the UEFA Champions League is coming to an end with the final being played on May 25 at Wembley Stadium in London. Nowadays, cybercriminals are gaining a lot of interest in football, at least inasmuch as how to exploit interest in foo…

Escrow Scams Searching New Avenues

Contributor:  Binny Kuriakose
People dream big when buying expensive items like a car or a property. When those dreams are seen with very affordable price tags it certainly attracts everybody’s interest. There are lots of websites available …

OpUSA begins today, is your organization ready?

Following on from recent concerted campaigns by Anonymous against Israel on April 7 and Facebook on April 5, the latest target for the online hacktivist collective is the USA and American online interests. Today, hackers and script kiddies of various a…