Hackers associated with the group Anonymous known as the Lords of Dharamaja leaked what appears to be another 1.27 gigabytes of source code from Symantec Monday night, what they claim is the source code of the Symantec program PCAnywhere.

A 1.2GB file labeled “Symantec’s pcAnywhere Leaked Source Code” has been posted to The Pirate Bay.

The leak comes as little surprise: Symantec had previously revealed that the hackers had obtained 2006 versions of that code along with other Symantec products from the same time period, and warned users of PCAnywhere to disable its functionality until they patched the program earlier this month.

The emails between Symantec employee Sam Thomas and the hacker(s) Yamatough, began in January. Symantec confirmed in a statement that it had contacted law enforcement after confirming the theft of the code and that the email exchange was, in fact, part of a criminal investigation. The email thread ended yesterday with Yamatough threatening to immediately release the code.

In Joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update

Overview:
Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.

Features:

• Exact version Probing
• Common Joomla! based web application firewall detection
• Searching known vulnerabilities of Joomla! and its components
• Reporting to Text & HTML output
• Immediate update capability via scanner or svn

Requirement:
Perl 5.6 or up

Download: joomscan-latest.zip

Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via MITM through ARP spoofing / ARP poisoning.

Features:
– Uses very few resources
– Uses no resources if Wi-Fi is disabled
– Nearly zero battery consumption
– Requires very few permissions. Requests only absolutely necessary permissions
– No configuration required, works off the shelf for novices
– Experts can change many settings to adapt the app to their needs
– Undetectable by the bad guy
– 100% silent and passive inside the network. Generates no noise
– Highly customizable notifications
– Plays ringtone on attack (optional)
– Vibrates in a given pattern on attack (optional)
– Easy to use one-click-interface as well as detailed network view for experts
– “Immunity” protects you without disabling Wi-Fi (root required)
– Can also disable Wi-Fi if you don’t have root access to your phone
– Logging of all spoofing attempts with details about the network and the attacker
– Works in complex wireless LANs, like vWLAN and WDS (please see FAQ)
– Detects networks already under attack
– Automatic countermeasures

Download:
https://market.android.com/details?id=com.gurkedev.wifiprotector

From all appearances, Anonymous retrieved the sensitive access code information and a list of attendees from an FBI email account. The group released a roughly 15-minute-long recording of what appears to be a Jan. 17 conference call devoted to tracking and prosecuting members of the loose-knit hacking group.

The email, titled “Anon-Lulz International Coordination Call”, was published on pastebin earlier today. The email with details for accessing the call was sent to law enforcement officials in Britain, France, the Netherlands and others but the only people who identify themselves on the call are from the FBI and Scotland Yard.In a message on Twitter, Anonymous posted links to the audio recording and said the FBI “might be curious how we’re able to continuously read their internal comms for some time now.”

The initial link to the conference call was for an mp3 download, but it was also made available to stream on YouTube.

The FBI and Scotland Yard have now confirmed that their internal conference call describing their investigation into Anonymous hackers was illegally intercepted, as was the email containing the conference call details. The Metropolitan Police also confirmed it, saying:“We are aware of the video which relates to an FBI conference call involving a PCeU representative. The matter is being investigated by the FBI. We continue to carry out a full assessment. We are not prepared to discuss further.”

Karen Todner, a lawyer for Cleary, said that the recording could be “incredibly sensitive” and warned that such data breaches had the potential to derail the police’s work.“If they haven’t secured their email it could potentially prejudice the investigation,” she told. Following a spate of arrests across the world, the group and its various offshoots have focused their attention on law enforcement agencies in general and the FBI in particular.

He also posted a video on his blog demonstrating an attack he carried out against the U.S. government, and created and offered for sale a computer program used to hack Web sites. Through his exploits, Cernaianu blocked access to systems and seriously disabled their proper functioning, authorities said.

Currently, Cernăianu is being taken to Bucharest for questioning and he is charged with breaching a computing system without authorization, unauthorized transfer of data from a computing system, and the disruption of a computing system. Romanian authorities said the FBI and NASA took part in the investigation.

This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

The sources supported are:
– Google – emails,subdomains/hostnames
– Google profiles – Employee names
– Bing search – emails, subdomains/hostnames,virtual hosts
– Pgp servers – emails, subdomains/hostnames
– Linkedin – Employee names
– Exalead – emails,subdomain/hostnames

New features:
– Time delays between requests
– XML and HTML results export
– Search a domain in all sources
– Virtual host verifier
– Shodan computer database integration
– Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion)
– Basic graph with stats

Some Examples:
Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:

./theharvester.py -d microsoft.com -l 500 -b google

Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.

./theharvester.py -d microsoft.com -b pgp

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

./theharvester.py -d microsoft.com -l 200 -b linkedin

Searching in all sources at the same time, with a limit of 200 results:

./theHarvester.py -d microsoft.com -l 200 -b all

Download: https://code.google.com/p/theharvester

The Bureau is asking companies to build software that can effectively scan social media online for significant words, phrases and behavior so that agents can respond.

A paper posted on the FBI website asks for companies to build programs that will map sentiment and wrongdoing.

“The application must be infinitely flexible and have the ability to adapt quickly to changing threats to maintain the strategic and tactical advantage,” the Request for Information said, “The purpose of this effort is to meet the outlined objectives…for the enhancement [of] FBI SOIC’s overall situation awareness and improved strategic decision making.”The tool would be used in “reconnaisance and surveillance missions, National Special Security Events (NSS) planning, NSSE operations, SOIC operations, counter intelligence, terrorism, and more.

Although the police, including in Britain, already use Facebook routinely to ascertain the whereabouts of criminals, automatically filtering out irrelevant information remains challenging. The new FBI application will be able to automatically highlight the most relevant information.

The FBI is seeking responses by 10 February.

Instead of just launching distributed denial-of-service attacks, cyber-attackers have started hijacking domain names and redirecting traffic from legitimate sites to malicious ones.

The hacker group Anonymous recently managed to hijack the Domain Name System record for CBS.com and redirected all traffic to another Web server that displayed an empty directory structure. It appeared as if the contents of CBS.com had been wiped, but it was actually a different server altogether. CBS.com managed to regain control of its domain after the DNS poisoning attack.

A group of attackers called UGNazi, which may or may not have Anonymous sympathies, was behind a similar attack on the Website of the Ultimate Fighting Championship over the weekend. The UFC had supported the controversial Stop Online Piracy Act and Protect IP Act bills, which are now temporarily shelved in Congress. The same group hijacked two domains belonging to luxury handbag and leather goods retailer Coach and diverted the traffic.

“We arn’t done…not even close,” the attackers wrote on their Website. A short list of “targets” on the site explained the attacks were a result of the organizations’ support of SOPA.

Both Coach and UFC registered their domains through Network Solutions. It was evident the attackers had accessed Network Solutions’ domain management accounts. While it was unclear how they had done so, the cause is usually weak or compromised user passwords or a vulnerability in the registrar’s Website.

SOPA-related attacks continued this week and don’t appear to be abating. Anonymous attacked OnGuardOnline, a government-managed Website devoted to keeping users secure online. Some Anonymous members said the OnGuardOnline attack was in retaliation for SOPA and PIPA, as well as the proposed international agreement on combating online piracy, according to a message posted Jan. 23 on text-sharing site Pastebin,.

“If SOPA/PIPA/ACTA passes we will wage a relentless war against the corporate Internet, destroying dozens upon dozens of government and company Websites,” the message read.

According to the security firm’s AVG Community Powered Threat Report – Q4 2011, QR codes are becoming more popular with mobile users when it comes to accessing web pages or information without the need for typing in text or a URL, as the codes can simply be scanned by a handset and then automatically direct the user to the information. However, hackers are beginning to exploit this popularity as the user does not know what lurks behind the QR code until the malware is already installed and running on their device.

“In Q4 we clearly saw the convergence between computers and mobile phones applies to malware too. As phones become more like computers, so do the risks,” said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies.

“Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater.”

AVG also revealed 2011 saw a surge in the number of Android malware samples detected as well as the number of smartphones running Google’s operating system. Furthermore, stolen digital certificates, which are used to trick a user into believing the application is genuine, are also being used to target mobile device owners along with Rootkits, which AVG said are “evolving to be much more sophisticated”.

The security firm said the Blackhole toolkit is currently the most active threat on the web, accounting for half of all detected instances and over 80 percent of all toolkits found this quarter. The USA remains the largest source of spam, but is now followed by the UK, which jumped from fourth to second place overtaking India and Brazil this quarter.

Multiple vulnerabilities have been discovered in Tor:

• When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
• When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
• An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).

Impact:
A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user’s connection.

Vulnerable Versions:
< 0.2.2.35

Workaround:
There is no known workaround at this time.

Resolution:
All Tor users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=net-misc/tor-0.2.2.35″

References:
– CVE-2011-2768
– CVE-2011-2769
– CVE-2011-2778