Monthly Archives: November 2016

winter training

Router hack makes 9,00,000 Germans go offline

Category : Blog

Router hack makes 9,00,000 Germans go offline

 

Router hack forces 9,00,000 Deutsche Telekom customers offline on this Sunday and Monday.  Serious attempts were made to compromise  broadband routers and turn them into a botnet.

Zyxel and Speedport router hack by malicious hackers as the vulnerabilities were exploited. Routers were coded to transform into botnet which can be remotely used to launch a DDos  attack against websites.

The vulnerability exploits the TR-069 and TR -064 protocols which were used by internet service providers to manage internet devices remotely.

router hack

What can be done?

The attacker in this situation was able to fool the vulnerable routers into downloading malicious code with the intention to exploit them. Hackers can change the DNS settings of the routers, steal WI-FI credentials or can attack websites with unwanted traffic (DDOS attack)

 

The effected users were advice to switch off there routers for 30 seconds and then turn it on. During the bootup process the routers will update the new firmware from the Telekom servers and this will patch up the existing vulnerabilities.

 

Check the video which describes in details:

 

Germany’s BSI states that the attack on routers was an attempt to disturb the government system s but failed due to effective preventive measures taken from their end.

 

Popular training by Indian Cyber Security Solutions

 

CEHv9 Global Certification training

Ethical Hacking Hands on Training

CCNA – Cisoco Certification

Network Penetration Testing

Android Penetration Testing

Web Penetration Testing


Android Banking Malware uses social engineering to bypass battery saving process

Category : Blog

Android Banking Malware  uses social engineering to bypass battery saving process

 

Android banking malware can stay connected with its control servers even after the android device is off.

 

 

Flaw in Doze functionality in Android

 

 

Doze is a power mode that activates once the android device haven’t been interacting with the owner of the device for a period of time. This was first introduced in the Android 6.0 Marshmallow.

When this functionality in the android device is activated it restricts all applications access to the network and other services  on the device to save battery i.e unless it is included in the battery optimization whitelist.

 

There is the Flaw

 

The Android banking  malware just need to add it self into the whitelist in the battery optimization.  The android banking malware are using social engineering techniques to get the permission.

Basically they are generating a pop up permission message by invoking  “REQUEST_IGNORE_BATTERY_OPTIMIZATIONS”  . This displays the permission pop up message to the android device user.

an

 

The android banking malware can hide itself commonly known as binds itself with any authentic application. For example it can bind itself with a banking app of HDFC. It will pop up a message to fake the user to get the “yes” button clicked by the user and get the necessary permission.

It is important for the users to apply common sense and be alert when they are in the cyber space. It is important that you should not click on the OK or Yes button every time as rightly explained by Dinesh of Symantac. Check it out

 

If the victim clicks on the yes button the android banking malware will be added to the whitelist of the battery optimization allowing the application to stay connected to its attacker even when the device is switched off.

 

What does the android banking malware do ?

 

Once the malware had go the access it can now have full access to the SMS – Messages, install shortcuts, check the phone status.

The actual function of this android banking malware is to check any of the banking applications are installed on the device.

If the android banking malware finds any banking application s in the device it will remove or uninstall it automatically without the permission of the user. The android banking malware will re-create a copy of the application which it had deleted and ask the user to install the updated copy of it. In this process the android banking malware might ask for credentials which the user happily provides it.

android banking malware

How to be safe in the cyber space ?

 

With all ATM hacking recently this android banking malware had created a panic in the minds of the android users who frequently uses banking applications. With recent currency denomination people have no other option other than using banking application or doing transections using android devices.

  1. Please use your common sense which is highly not common among the users. Do not click and allow permission to applications.
  2. Read the applications display messages very carefully.
  3. Most importantly use a updated anti-virus
  4. And the last one please be alert. We know it is individual trait which differ among individuals but the more you are alert the more you are not vulnerable to cyber attacks.

 

 

Related Topics:

Android  Ransomeware

Android Trojan in Google play store

 

 

Most Popular trainings at Indian Cyber Security Solutions, Kolkata

 

 

Ethical Hacking Training – Certified Ethical Hacking Professional

 

Hands on training by experts with 10 years of cyber security experience. You can go for online training from any were in the world and the best part your LIVE classes gets recorded and uploaded in the YouTube Chanel of Indian Cyber Security Solutions. You will have a life time access to all the videos which is a huge boost. For people who prefer class room training can come down to Kolkata where you can have 3 months course. We provide 100% money refund guarantee if you are not satisfied with our delivery. In ethical hacking training we provide in depth training on how to use Kali Lynx, Metasploit, N-Map, Back Box and many more. You can also go for the CEH v9 training from us as. CEH v9 is a global certification course valid in more than 160 countries and all MNCs made it compulsory to be eligible for cyber security jobs.

 

 

Python training – Best training in Kolkata

 

Hackers are familiar with python programming as many hacking tools like port scanner and many more are coded in Python. You will learn from the makers of the tools how to use python programming as per the industry requirement. It is highly recommended to students of IT, CSE, BCA and MCA who are interested in web security and ethical hacking should learn python programming. Our experts led training program is of 3 months. You can go for online or class room training depending on your choice. Our Advance level python training is a new course launched by ICSS focusing on in-depth use of python in diverse fields


IPhone passcode bypass

IPhone passcode bypass – IOS vulnerability

Category : Blog

 IPhone passcode bypass

 

IPhone passcode bypass is not new as attackers had been attacking your IOS devices and accessing your private data.

IPhone users were exited as the new IOS 10 from Apple would prevent IPhone passcode bypass. Hackers got better of it and still can bypass the passcode of IOS 10.

 

 

Find it how an attacker can break into you IPhone even you have a touch ID and passcode turned on  

 

 

Step 1:

You need to have an access of the IPhone physically

 

Step 2:

IPhone passcode bypass hacker must be knowing your phone number or  the hacker need to activate Siri by holding down the IPhone button and ask “Who am I ?”

Siri will provide the phone number being used in the device.

Now that’s will take you very close to access the owners personal data like photos, messages and many more.

IPhone passcode bypass

Step 3.

Call the number from any other device

 

Step 4.

Once you receive the call in the IPhone you need to click on the message icon and select a custom message as a reply to the incoming call

 

 

Step 5.

“Turn on Voice over” – Voice over is an IOS feature that provide gesture based screen reading functionality.

 

Step 6.

Turn on the message screen and  click on the bar where the contact info will be displayed and immediately click on the screen keyboard.

It may be a tedious task as it might not be in the first time to make the timing right. When you see the photo icon and other options slide in you know you have touched success.

 

Step 7.

Ask Siri to display Voice over and after typing the character into the top bar to access the contact details and you can create new contacts as well.

 

Step 8.

You can now add photos and access to the gallery. You can check out the messages

 

It is highly probable that apple brings out a new patch for the IPhone passcode bypass in the new security update.

IPhone vulnerability

How to prevent this ?

 

Disable Siri on your IPhone lock screen.

You can do it by going to Settings– Touch ID & Passcode – Disable Siri on the lock screen.

It is obvious that you might face difficulties if you have disabled Siri but it is more dangerous and might face huge difficulties if anyone can access your personal data.

 

 

Most Popular trainings at Indian Cyber Security Solutions, Kolkata

 

 

Ethical Hacking Training – Certified Ethical Hacking Professional

 

Hands on training by experts with 10 years of cyber security experience. You can go for online training from any were in the world and the best part your LIVE classes gets recorded and uploaded in the YouTube Chanel of Indian Cyber Security Solutions. You will have a life time access to all the videos which is a huge boost. For people who prefer class room training can come down to Kolkata where you can have 3 months course. We provide 100% money refund guarantee if you are not satisfied with our delivery. In ethical hacking training we provide in depth training on how to use Kali Lynx, Metasploit, N-Map, Back Box and many more.

 

 

Python training – Best training in Kolkata

 

Hackers are familiar with python programming as many hacking tools like port scanner and many more are coded in Python. You will learn from the makers of the tools how to use python programming as per the industry requirement. It is highly recommended to students of IT, CSE, BCA and MCA who are interested in web security and ethical hacking should learn python programming. Our experts led training program is of 3 months. You can go for online or class room training depending on your choice


android trojan

Million Android users downloaded Trojan from Google Play Store

Category : Blog

Android Trojan downloaded from Google Play Store

Android trojan

 

Android Trojan is now being downloaded by millions of users from the Google Play Store.  The Russian Security Agency “Doctor Web” found the malware popularly known as Android.MulDrop.924. The new Android Trojan disguise itself as games and other apps in Google play store.  The Android Trojan can download exploits and gives them root privileges and it may also allow download software’s without the prior permission of the user.

 

Millions of users have been compromised

 

Currently available in Google Play Store is the new application “ Multiple Accounts: 2 Accounts “ is an Android Trojan. To be very precise  technically the Android Trojan had masked itself with the application with had already affected millions of Google Android users across the globe. The main frame utility of this application is to help the users to set up multiple accounts for playing games, email, messages and other software on the single device.

 

The Android Trojan unique module architecture with two auxiliary modules.  The two modules are hidden inside a PNG image in the resource catalog of Android.Mul.924.

 

Once installed the Android Trojan extracts and copies both the modules to the local directory section and then install them into the memory.

 

Do-not be fooled with the REVIEWS

 

 

android trojan

 

The main.jar module have several plugins which allows advertisements to pop up. It is designed to generate revenue. It pops up unwanted advertisements which irritates the user.

 

Main.jar can also carry Triada “ the android Trojan which allows exploits to have root privileges in the device” . This Traida can actually allow other malicious software’s get downloaded in the device and extract critical information’s.

 

 

How to be safe

 

In the world of technology it is highly difficult to come up with a great check list of safety when it comes to mobile devices.

  1. It is highly recommended to update the antivirus they are using in the devices regular.
  2. Download applications from trusted android develops from Google Play Store.

 

 

Most Popular Training at Indian Cyber Security Solutions

 

C | EH v9 – Get the global certification from EC Council

 

Trained more than 200 students world wide. Highest rated training in Google Reviews. You can go for the online LIVE classes and get all your classes recorded and uploaded in YouTube. Come down to Kolkata for 100% Lab based classes.

 

Python Programming Language

 

Hands on training on Python Programming. As this is a scripting language we provide LIVE projects to prepare hacking tools like port scanner with it. We don’t have faculties teaching you Python but have Hackers who will share there experience in developing hacking tools with Python Programming

 

 

Related topics

 

Android Ransomeware Attack

 

Pseudorandom passcode is a custom System Error message window which appears on every visible user interface of the infected android device.  The Android Ransomware also displays message through this window asking the victim / user to interact with the attacker to unlock the android device.

 

Whatsapp Hacking

 

Whatsapp Hacking is an interesting topic where all are interested to know in details. Today we will unleash the real details and how a hacker can conduct a watsapp hacking remotely and you will not be aware of it. Black hat hackers are always  one step ahead of finding out the flaws in a software and so does they have done it now. Mobile phone or the new generation smart phone have made common people live easy but at the same time had made their privacy at stake.

 


Pupy RAT

Category : Blog

Pupy a Killer RAT

 

Pupy is an open source Remote Administration Tool which have an embedded Python interpreter. It is a cross platform based interpreter which allows to load Python packages from memory and access python objects. As it uses reflection dill injection in windows leaving no traces of it on the disk. Due to this feature malware scanners detects it as it dosent touch the  disk like the meterpreter reverse _shell.

pupy rat

Pupy Features   

  • On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. it does not touch the disk
  • It can reflectively migrate into other processes
  • Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd).
  • Modules are quite simple to write and pupy is easily extensible.
  • A lot of awesome modules are already implemented !
  • It uses rpyc and a module can directly access python objects on the remote client
  • Communication transports are modular and it can communicate using obfsproxy pluggable transports
  • All the non interactive modules can be dispatched on multiple hosts in one command
  • Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu, osx)
  • Modules can be executed as background jobs and their output be retrieved later
  • Commands and scripts running on remote hosts are interruptible
  • Auto-completion for commands and arguments
  • Nice colored output
  • Commands aliases can be defined in the config

 

 

Want to know more:

Read Now

 

Most Popular Courses

  1. Ethical Hacking Training
  2. C | EH v9 Global Certification
  3. Winter Training for CSE | IT | MCA | BCA students

 

 


facebook spam

Facebook spam – New way to hack Android Devices – Be aware

Category : Uncategorized

Facebook spam to hack your android devices

 

Facebook spam with a news of DONALD TRUMPH dead in a heart attack is new way to hack into your android device.

 

What it Does ?

Victims if click on the Facebook spam post are redirected to new page and the phone starts vibrating.

Victim is forced to click OK button and the application gets downloaded in the device.

The application automatically shares its post on the timeline of the victim.

 

Facebook spam

 

This post is harmless if you open it from your laptop or Desktop.

 

Clever and a new way to hack into your android devices.

 

Following are the screen shots on the Android devices after you click on the post

After You Click on the post 

hacking news Kolkata

After you click on the cross button on the pop up option of Facebook Share 

facebook phishing

The previous page automatically redirects to this page and the option pops up and your Smart Phone starts vibrating

facebook hacking

Ethical Hacking Training in Kolkata

 

Get hired by MNCs as a security professional. According to NASSCOM research 77,000 ethical hackers are demanded in India every month. Due to high rise in cyber attack all over the world MNCs are attacked by malware’s and are facing huge risk.

Get the best training in Kolkata

  1. CEH v9 | Global certification by EC Council
  2. CCNA training in Kolkata
  3. Diploma in Network Security
  4. Android Penetration Testing 

 

Free online LIVE training video of Indian Cyber Security Solutions | CEH v9 Training

 


sms phishing

SMS phishing scam to hack into Apple ID

Category : Blog

SMS phishing scam to hack into Apple ID

 

SMS phishing also known as smishing is not new to the world of technology. We at Indian Cyber Security Solutions think that this SMS phishing scams are increasing in huge numbers and victims have no clue how to be safe. In this article today we will explain how a scammer hacked into Apple ID know as icloud of various customers who use apple devices recently through SMS phishing. We will also discuss the countermeasures if you become a victim or witness a sms phishing.

Humans best friend is the SMART –PHONE.  Yes they are with you every time and yes they contain huge sensitive personal data of individual. What if it is public ? What if it is used against you ?

sms phishing

 

Apple ID hacked

Due to rising popularity of Iphones and Ipads it had become one of the prime target for SMS phishing by the scammers.

You will receive an SMS stating that your ID will expire on certain date and please re-login with a link or a SMS stating your account was being accessed from a different location and due to several attempts to log in it is locked. Click on the link to unlock your ID.

As  the internet remains some for every one scammers face an Icloud login page where you can provide your actual ID and Password.

Scammers can even ask you provide your credit cart details.

 

 Hacking training in Kolkata – Get trained from cyber security professionals

 

  1. CEH v9 training – Global certification
  2. Ethical Hacking Training – National Certification
  3. Python Training – National Certification
  4. Android penetration Testing Training – National Certification

training in kolkata

 

What to do if you receive a SMS phishing link ?

  1. Report the number to your service provider
  2. Forward the message to aware other about this
  3. Report the link to Google. They will make sure that Google chrome and other browsers will ban this link to open and delete this eventually.

 

 

Advice to ICloud – Apple users

Apple users should enable 2 factor authentication. This will ensure that even scammers if manage to get your password have to face many level of security to eventually hack into your profile. This minimizes the risk and this is a risk mitigation policy for all apple users.

 

 

Online training | Free training on CEH v9 | EC – Councile Global certification 

 

 

Related Topics:

  1. ICloud Hacked – Celebrities Apple accounts hacked
  2. Ransomware attack on Android devices
  3. Android Devices vulnerable to Linux kernal flaw

Tesco bank

Tesco Bank Hacked

Category : Blog

Tesco Bank Hacked – 20,000 Accounts are compromised by a Black Hat Hacker

 

Tesco Bank Hacked as over 20,000 bank accounts of customers where compromised in United Kingdom. After the Tesco bank hacked bank authority had frozen all online transactions from those accounts. Tesco bank hacked had forced the bank authority to implement a quick contingency plan to safeguard their customers.

 

For customers Tesco bank authority had allowed them to use their Debit and Credit cards for transection.  Bank authority officially had not disclosed the actual cause in details but CEO – Benny Higgins of Tesco Bank had said 40,000 accounts where compromised and hackers have stolen money from them.

 

Tesco Bank

He added Tesco officially can not disclose the amount stolen from individual account but it is not a huge sum of money. CEO had apologized for the inconvenience caused and announced that all the financial losses will be taken care by the bank and will be repaid to the individual accounts.

 

Protect your personal details. Do not be a VICTIM

 

Learn Ethical Hacking

CEHv9 training and secure a Job

 

How did Tesco Bank understand about the HACK !!

 

Tesco bank authority said it had found some suspicious activity within the customers accounts on late Saturday Night and early Sunday Morning.  It was a planed hack as they had selected a week end time.

 

There was huge panic among the customers due to the sudden balance reduction from individual accounts. Few customers had mailed the bank authority for explanation but were un-answered as the Tesco Bank was working with the Feds to catch hold of the issue.

 

You May also Like :

DDos Attack on Website

Hackers love for Linux

 

About Kolkata:

Kolkata is the city of joy and the capital of state of West Bengal in India. Kolkata famous for its food and sweets is also the hub of technical startup companies. Kolkata sector V surrounded by big IT players like TCS, Wipro, cognizant and RS Software makes it the best place for cyber security lovers. As IT industry is booming in Kolkata and rise of e-commerce across the globe demand for IT security and ethical hackers are increasing sharply. Btech students are hired by software companies if they have a sound cyber security knowledge.

 

Jobs for Ethical Hackers in Kolkata:

Apply for all Jobs


DDoS attack

DDoS attack

Category : Blog , Uncategorized

DDoS attack set Liberia out of internet- culprit Mirai Botnet

 

DDoS attack had put the whole country of Liberia under distress, when people of the country could not access to internet. The culprit used Mirai malware to shut down the internet of insecure IoT devices. Mirai malware is remotely controlled by the bots, the systems that runs on Linux and have tendency to attack in large scale network.

 

It started just after, when a cyber-criminal published the source code of Mirai Malware that is designed to target IoT devices that exploits into botnet network; this leads to the attack and affects massively.

An enormous DDoS attack had caused internet outage of a DNS provider called Dyn using same Mirai which was later reported that approximately 100,000 were IoT devices were infected.

DDoS attack

Few days back, past a week hackers have taken down the internet of entire Liberia using another botnet that is known as Botnet 14. Major concern of attacks had been briefed by the experts that 10Tbps DDoS attacks can happen which is too large a number that can make whole country go out of internet. Again, in another incident Keivin Beaumont, security researcher did notice that a telecommunication company, Lonestar Cell MTN has faced faced the same, that provides internet services in Liberia to 10-15% from undersea fiber cable via single entry point.

 

Shocking isn’t it?

 

Liberia has faced civil war in past decade which has unestablished the telecommunications infrastructure of the country. Very small amount of citizen could actually access to internet through satellite communication. However the country is trying well to rebuild the infrastructure undersea fiber optics.

5.12 Tbps is the total capacity of the cable of 23 countries, since a massive DDoS attack has just turned down the IoT devices using Mirai botnet which leads capability of hacking of almost 1 million IoT devices.

With these capacity not the attackers could

disrupt not only Liberia bot all of Europe and Africa that completely thrives on internet of ACE fiber cable.

 

Know the cause

Vulnerable IoT devices leads to insecurity that will build more Mirai bots. Questions is how to protect your device? Answer to that will be be more alert towards to the smartness of the devices that is use because u must remember that they can be tracked down.

 

 

 

You may also like

WhatsApp hacking- Your privacy is at stake

Hackers targeting the election system of United States

 

Courses Indian Cyber Security Solutions (ICSS) offers

 

 


Linux is hacker’s first choice

Category : Blog

Linux is hacker’s first choice

Linux is hacker’s first choice as it is an operating system that is based on open source. By open source we mean, the user or the programmer can use source code that has been applied to design Linux as per programmers or developers requirement. Hence one can easily modify the specification required and a hacker can do that easily in order to carry out own purpose.

 

Linux is hacker’s first choice

Sharing transparency

Linux shares transparency, hence understanding the operating system to the core will help hackers to work effectively.  Since no other operating system such as Windows and Mac provides the level of transparency as it does, it comes to the lime light and becoming as Linux, first choice of hacker’s. Linux gives this privilege to hackers and making their work effective and efficient.

Not A Control Freak                    

Linux provides control over granular, which means a user can have a great level of control over the operating system from a small input to bigger one. Hence this ability of Linux makes languages easy to understand and code in better manner.

Linux provides best hacking tools

Linux provides best hacking tools

Most of the tools for hacking are programmed for Linux since it has great range of diversity and flexibility that helps users to perform effectively which other operating system does not provides to this level. Linux is hacker’s first choice as it provide great customization readily available to the hackers.

 

Linux has great advantages in future

Linux was advantageous operating system in the past and will maintain the stability in the future and in regards of reliability and robustness too, hence Linux is upcoming grand thing in IT industry where it will be prior web servers’ choice. Most of the networking devices and virtualization are in application of kernel of Linux. Now coming to the smart phones or tablets most of the bands are using Linux/ UNIX over Windows now this is a big thing that’s crowding up and most part of the world are using Linux as their operating system for the smart phones or tablets.

 

The future lies with Linux, the hackers or the upcoming hackers would join an elite profession if they took this part seriously. Linux is next big thing in IT industry and job demand is ample in the industry to thrive well security criteria are major concern. Remember , Linux is hackers first choice.

 

Other related topics:

Top 5 Free Hacking software

Know how hackers can hack your Whatsapp 

 

Training & Certification provided by Indian Cyber Security Solutions:

1. C|EHv9 / Ethical Hacking Training

2. CCNA Training

3. Network Penetration Testing

4. Python Programming

5. Android Penetration Testing Course

6. Summer training course for Btech and BCA students

7. Winter Training for college students of Btech and BCA

 

 

 


Show Buttons
Hide Buttons