The two forces named NullCrew and Horsemen of Lulz have teamed up and hacked Al Arabiya, the second largest news agency in the Middle East. Hackers breached the server of the news agency and published a list of mail servers and a vulnerability link found in the root file that was used to penetrate the system.
Hackers successfully found a vulnerability in the web client software Zimbra and email server and revealed usernames and passwords of the mail server. Several@mbc.net email address was also leaked that indicates the mail server belongs to the Middle East broadcasting center. Almost all Al Arabiya employees including admin have mbc.net email accounts.
NullCrew FTS utilized a vulnerable Local File Inclusion (LFI) to get access to the Zimbra LDAP and MySQL database that resides Comcast’s usernames and passwords.
Hackers have also told Softpedia that they have exposed lot of data but uncertain about the leakage of potential data.
NullCrew has also breached Comcast’s server that was ignored by company at that time. The intention of NullCrew is to get pain to media mega corporations. The Zimbra vulnerability is the same unpatched vulnerability found in Comcast breach.
A member of the NullCrew collective said, “Do we plan to release more? It all depends on how much use it holds to us, things of particular use can be used over, and over again. We treat certain data the same way we treat 0day. Why leak it when it can be used properly down the road?”
Author Bio:
Jason Parms is a Marketing Manager at SSL2BUY Inc. He also loves to bring awareness about cyber crime and online security with writing and sharing different articles, press releases and blogs.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.