Monthly Archives: February 2017

Scam iTunes Receipt Found

Scam iTunes Receipt Found

Category : Blog

 

Scam iTunes Receipt Found

Scam iTunes Receipt Found.  Want to go for a Movie?  Everyone loves to.  But before booking the Movie Ticket you should check whether it’s legit or not. Yes, you heard it right. A new campaign started a fake iTunes for buying movie tickets online and taking Apple users sensitive information.

Fortinet researchers first spotted iTunes Receipt Scam  over the weekend of 17 February.

The incident becomes worse when the Apple user received a receipt from iTunes. It actually an email from Norway sent this message. That receipt contains a list of movies to purchase which is debuted in theaters recently making the victims fool by making them believe it to be real.

This is not the first time target for the Apple Users. Users from United Kingdom , Australia and United States have been similarly witnessed from this attacker few years back. It also attacked Canadian Users which proved it as a scam.

Of course, the users who got such receipt may wonder how come it charged so much of money. They would certainly click the link at the bottom that claims they can refund the money back.

Fortinet researchers explained "At the bottom of the receipt, there’s a link to request a “full refund” in case of an unauthorised transaction. Needless to say, it does not redirect to the legitimate “My Apple ID” website, but to the URL hy654reewe.serveftp.org/serveritunescanada/index.html"

Scam iTunes Receipt Found

The phishers want to target the user’s Social insurance number, which Canadian people have to work or talk with the government services.

How to get protected?

  • Users should look at the email id before sending any information
  • Before paying any cash online one should go through all the details to find any flaws.
  • Setup a transaction notification of their payment cards.
  • Credit card or any card numbers should not be given until you find it safe.

Be safe And Keep Other safe.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Web mail disasters

Web Mails disasters

Category : Blog

Web Mails disasters

Web Mails disasters. Checking mails is the regular schedule in everyone’s daily life. But one hacker will think who else has read his emails.

Web Mails disasters

Sounds Strange? It’s obvious. If you used a web based email services like Gmail, Outlook365 , the answer can be shocking.

Have you ever seen after reading your own mail from a computer or mobile, the mail got removed. No, there still a copy of it somewhere. Web mail is cloud-based, so anyone can access it from any device from anywhere. For example, if you are using Gmail, a copy of every mail sent and received through that Gmail account is stored on various servers worldwide at Google. This is also valid if you are using mail systems provided by Yahoo, Apple, AT&T, Comcast, Microsoft. Any mail you send can be inspected by hosting company. Yes, third parties can do access to your mails for their own reasons.

The least you can do is to make it harder for them to read it.

Start With Encryption

Famed Hacker Kevin Mitnick explainedMost web-based email services use encryption when the email is in transit. However, when some services transmit mail between Mail Transfer Agents (MTAs), they may not be using encryption, thus your message is in the open. To become invisible you will need to encrypt your messages.

Most email encryption uses what’s called asymmetrical encryption. That means I generate two keys: a private key that stays on my device, which I never share, and a public key that I post freely on the internet. The two keys are different yet mathematically related.”

For example: A wants to send B a secure email. He finds B’s public key on the internet or obtains it directly from B, and when sending a message to her encrypts the message with her key. This message will stay encrypted until B—and only B—uses a passphrase to unlock her private key and unlock the encrypted message.

Method of Email Encryption

The method of email encryption is PGP, which stands for “Pretty Good Privacy” which is not free. It is a product of the Symantec Corporation. But its creator, Phil Zimmermann, also authored an open-source version, OpenPGP, which is free. And a third option, GPG (GNU Privacy Guard), created by Werner Koch, is also free. The good news is, all three are interoperational.

From the article of Kevin Mitnick’s article we get to know that, “When Edward Snowden first decided to disclose the sensitive data he’d copied from the NSA, he needed the assistance of like-minded people scattered around the world. Privacy advocate and filmmaker Laura Poitras had recently finished a documentary about the lives of whistle-blowers. Snowden wanted to establish an encrypted exchange with Poitras, except only a few people knew her public key.

Snowden reached out to Micah Lee of the Electronic Frontier Foundation. Lee’s public key was available online and, according to the account published on the Intercept, he had Poitras’s public key. Lee checked to see if Poitras would permit him to share it. She would.

Given the importance of the secrets they were about to share, Snowden and Poitras could not use their regular e mail addresses. Why not? Their personal email accounts contained unique associations—such as specific interests, lists of contacts—that could identify each of them. Instead Snowden and Poitras decided to create new email addresses.

How would they know each other’s new email addresses? In other words, if both parties were totally anonymous, how would they know who was who and whom they could trust? How could Snowden, for example, rule out the possibility that the NSA or someone else wasn’t posing as Poitras’s new email account? Public keys are long, so you can’t just pick up a secure phone and read out the characters to the other person. You need a secure email exchange.

By enlisting Lee once again, both Snowden and Poitras could anchor their trust in someone when setting up their new and anonymous email accounts. Poitras first shared her new public key with Lee. Lee did not use the actual key but instead a 40-character abbreviation (or a fingerprint) of Poitras’s public key. This he posted to a public site—Twitter.

Sometimes in order to become invisible you have to use the visible.

Now Snowden could anonymously view Lee’s tweet and compare the shortened key to the message he received. If the two didn’t match, Snowden would know not to trust the email. The message might have been compromised. Or he might be talking instead to the NSA. In this case, the two matched.

Snowden finally sent Poitras an encrypted e mail identifying himself only as “Citizenfour.” This signature became the title of her Academy Award–winning documentary about his privacy rights campaign.

That might seem like the end—now they could communicate securely via encrypted e mail—but it wasn’t. It was just the beginning.”

Not fully but some part of the mails third party can read.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Android Malware to hack Bank Accounts

Android Malware Hack Bank Accounts Credentials

Category : Blog

Android Malware Hack Bank Accounts Credentials

Android Malware  Hack Bank Accounts Credentials. Few Days back a New Android Banking Malware ESET discovered on Google Play was spotted. Recently one more Malware was spotted which is targeting banks and taking their important credentials. Through investigation, threat has uncovered its code which was build using source code was public about a month ago.

Previously, a version was detected by ESET as Trojan.Android/Spy.Banker.HU (version 1.1), reported on February 6th. .  That malware was distributed as a trojanized version on a weather forecast application “Good Weather”. It targeted 22 Turkish mobile banking app taking their all important credentials by using a login forms. Through this login the Trojan could lock and unlock that device.

A new version of Trojan was discovered on Google play Last Sunday and this time in another weather app called “World Weather”. This Trojan was detected by ESET as Trojan.Android/Spy.Banker.HU (version 1.2), reported on February 14th.  Was available in Google Play Store and pulled from the Google store on February 20th. .
Android Malware to hack Bank Accounts

Victims by Country

  • Turkey (2144)
  • Unknown (331)
  • Syria (202)
  • South Africa (24)
  • Germany (10)
  • Ghana (10)
  • Nigeria (10)
  • United states (7)
  • Great Britain (5)
  • Other (67)

Victims by malware version

  1. v1.2 – Android /Spy.Banker.HW (1919)
  2. v1.2 – Android /Spy.Banker.HH (675)
  3. v1.2 – Android /Spy.Banker.HU (216)

How it works?

The New Trojan works same as the previous version found. Trojan.Android/Spy.Banker.HW sets a lock screen password and is able to lock and unlock infected devices remotely. The only difference is the malware the malware now affects users of 69 British, Austrian, German and Turkish banking apps – and a more advanced obfuscation technique.

The Trojan has an inbuilt notification functionality, because of which it could only be verified after having accessed the C&C server. Then the malware is able to display fake notifications, prompting the user to launch one of the targeted banking apps on behalf of an “important message” from the respective bank. By doing this a fake login screen is triggered.

How to know you device is infected? How to avoid it?

If you have installed any weather app from Google play store make sure you haven’t been one of the victims of this banking Trojan.

In case you have downloaded an app named Weather, look into Settings -> Application Manger. If you see the app in downloads, and also find “System update” under Settings -> Security -> Device administrators, your device has been infected.

To avoid, you turn to a mobile security solution, or you can remove the malware manually.

To manually uninstall the Trojan, it is first necessary to deactivate its device administrator rights found under Settings -> Security -> System update. With that done, uninstall the malicious app in Settings -> Application Manger -> Weather.

Some Targeted applications

 

Android/Spy.Banker.HH and Android/Spy.Banker.HU:

com.garanti.cepsubesi
com.garanti.cepbank
com.pozitron.iscep
com.softtech.isbankasi
com.teb
com.akbank.android.apps.akbank_direkt
com.akbank.softotp
com.akbank.android.apps.akbank_direkt_tablet
com.ykb.androidtablet
com.ykb.android.mobilonay
com.finansbank.mobile.cepsube
finansbank.enpara
com.tmobtech.halkbank
biz.mobinex.android.apps.cep_sifrematik
com.vakifbank.mobile
com.ingbanktr.ingmobil
com.tmob.denizbank
tr.com.sekerbilisim.mbank
com.ziraat.ziraatmobil
com.intertech.mobilemoneytransfer.activity
com.kuveytturk.mobil
com.magiclick.odeabank

Android/Spy.Banker.HW:

com.garanti.cepsubesi
com.garanti.cepbank
com.pozitron.iscep
com.softtech.isbankasi
com.teb
com.akbank.android.apps.akbank_direkt
com.akbank.softotp
com.akbank.android.apps.akbank_direkt_tablet
com.ykb.android
com.ykb.androidtablet
com.ykb.android.mobilonay
com.finansbank.mobile.cepsube
finansbank.enpara
com.tmobtech.halkbank
biz.mobinex.android.apps.cep_sifrematik
com.vakifbank.mobile
com.ingbanktr.ingmobil
com.tmob.denizbank
tr.com.sekerbilisim.mbank
com.ziraat.ziraatmobil
com.intertech.mobilemoneytransfer.activity
com.kuveytturk.mobil
com.magiclick.odeabank
com.isis_papyrus.raiffeisen_pay_eyewdg
at.spardat.netbanking
at.bawag.mbanking
at.volksbank.volksbankmobile
com.bankaustria.android.olb
at.easybank.mbanking
com.starfinanz.smob.android.sfinanzstatus
com.starfinanz.smob.android.sbanking
de.fiducia.smartphone.android.banking.vr
com.db.mm.deutschebank
de.postbank.finanzassistent
de.commerzbanking.mobil
com.ing.diba.mbbr2
de.ing_diba.kontostand
de.dkb.portalapp
com.starfinanz.mobile.android.dkbpushtan
de.consorsbank
de.comdirect.android
mobile.santander.de
de.adesso.mobile.android.gad
com.grppl.android.shell.BOS
uk.co.bankofscotland.businessbank
com.barclays.android.barclaysmobilebanking
com.barclays.bca
com.ie.capitalone.uk
com.monitise.client.android.clydesdale
com.monitise.coop
uk.co.northernbank.android.tribank
com.firstdirect.bankingonthego
com.grppl.android.shell.halifax
com.htsu.hsbcpersonalbanking
com.hsbc.hsbcukcmb
com.grppl.android.shell.CMBlloydsTSB73
com.lloydsbank.businessmobile
uk.co.metrobankonline.personal.mobile
co.uk.Nationwide.Mobile
com.rbs.mobile.android.natwest
com.rbs.mobile.android.natwestbandc
com.rbs.mobile.android.rbsm
com.rbs.mobile.android.rbsbandc
uk.co.santander.santanderUK
uk.co.santander.businessUK.bb
com.tescobank.mobile
uk.co.tsb.mobilebank
com.rbs.mobile.android.ubn
com.monitise.client.android.yorkshire

 

Please do check before installing any weather app and follow above steps. Hope it will help you all and prevent from Android Malware  Hack Bank Accounts Credentials.

 

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 

 


Ransomware targets Mac

MacOS under Ransomware attack

Category : Blog

MacOS under Ransomware attack

MacOS under Ransomeware attackMacOS under Ransomware attack. Crypto-ransomware is more popular nowadays and is more common amongst cybercriminals. Mostly it affects windows systems  but also affected Linux or macOS in 2016 like  KillDisk affecting Linux and KeRanger attacking OS X.

We have seen a new Ransomware campaign for Mac, last week. This new ransomware, written in Swift, is distributed via Bit Torrent sites, calls itself “Patcher”.

Torrent contains one zip file- application bundle where we two different fake application “Patchers” are present – one for Adobe Premiere Pro and one for Microsoft Office for Mac.

The application is poorly coded and it’s impossible to reopen the window if it is closed.

The application has the bundle identifier NULL.prova and is signed with a key that has not been signed by Apple.

 

$ codesign -dv “Office 2016 Patcher.app”

Executable=Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher

Identifier=NULL.prova

Format=app bundle with Mach-O thin (x86_64)

CodeDirectory v=20100 size=507 flags=0x2(adhoc) hashes=11+3 location=embedded

Signature=adhoc

Info.plist entries=22

TeamIdentifier=not set

Sealed Resources version=2 rules=12 files=14

Internal requirements count=0 size=12

 

The a window will open where you need to click the start button and the encryption process will start. It will copy a file called README.txt. Its content is shown later in the article.

The ransomware will generate a random 25-character string to use as the key to encrypt the files. The same key is used for all the files, which are enumerated with the find command line tool; the zip tool is then used to store the file in an encrypted archive.

Finally, the original file is deleted with rm and the encrypted file’s modified time is set to midnight, February 13th 2010 with the touch command. The reason for changing the file’s modified time is unclear. After the /Users directory is taken care of, it does the same thing to all mounted external and network storage found under /Volumes.

Once all the files are encrypted there is code to try to null all free space on the root partition with diskutil, but the path to the tool in the malware is wrong. It tries to execute /usr/bin/diskutil, however the path to diskutil in macOS is /usr/sbin/diskutil.

The instructions left for the victims in the README!.txt files are hardcoded inside the Filecoder, which means that the Bitcoin address and email address are always the same for every victim

 

NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ?All of your files were protected by a strong encryption method. What do I do ? So , there are two ways you can choose: wait for a miracle or start obtaining BITCOIN NOW! , and restore YOUR DATA the easy wayIf You have really valuable DATA, you better NOT WASTE YOUR TIME, because there is NO other way to get your files, except make a PAYMENT FOLLOW THESE STEPS:1) learn how to buy bitcoin https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version)2)send 0.25 BTC to 1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (If you can not wait 24 hours make a payment of 0.45 BTC your files will be unlocked in max 10 minutes) KEEP IN MIND THAT YOUR DECRYPTION KEY WILL NOT BE STORED ON MY SERVER FOR MORE THAN 1 WEEK SINCE YOUR FILE GET CRYPTED,THEN THERE WON’T BE ANY METHOD TO RECOVER YOUR FILES, DON’T WASTE YOUR TIME!

There is one big problem with MacOS under Ransomware attack. It Does not have any code to communicate. This new crypto-ransomware, designed specifically for macOS. Unfortunately, it’s still effective enough to prevent the victims accessing their own files and could cause serious damage.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


SBI Vulnerability Exposed

SBI Vulnerability Exposed

Category : Blog

SBI Vulnerability ExposedSBI Vulnerability Exposed

SBI Vulnerability Exposed….A One-Time Password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or session. An OTP is more secure than a static password, especially a user-created password, which is typically weak. OTPs may replace authentication login information or may be used in addition to it, to add another layer of security.

“But what if we can bypass the OTP?” said  Neeraj Edwards.

Yes you heard right. You can bypass the OTP. Neeraj shared his experience about SBI Vulnerability.

 

Neeraj explained One of the most popular bank in India, State Bank of India (SBI). When we make transaction at last stage we were sent to One Time Password Screen. Approximately 3 months ago, i was searching for bug in State Bank of India, after spending 1 hr on https://retail.onlinesbi.com,  I found that when I am making transaction {on last stage of transaction} there is the parameter passing in POST request called

smartotpflag is set to Y i.e. smartotpflag=Y

Initially it was already set to value Y

Here we can easily understand that smartotpflag parameter is used to generate OTP, and Y represent yes generate the OTP and send it to my mobile.

But what if we change this Y to N.

Yes, exactly I have done is changed the value from Y to N, and the result was shocking to me. The transaction have been successfully completed without entering the OTP.”

He has also proved and shown it in a video. But he mentioned that this SBI vulnerability has already been patched. No reward  have been given for this vulnerability, also no acknowledgement.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 

 


Google Disclosed Microsoft vulnerability

Google Disclosed Microsoft Vulnerability- Microsoft’s Delay Their Latest Updates

Category : Blog

Google Disclosed Microsoft Vulnerability- Microsoft’s Delay Their Latest Updates                

Google Disclosed Microsoft Vulnerability and in the eleventh hour Microsoft decided to delay their latest updates.

All Windows users are so accustomed on getting updates on windows gadgets and waited for their latest updates to come on public…On Second Tuesday of every month…

But this time something went wrong and suddenly in the last hour Microsoft decided to delay this month’s update (February 14th).

According to the policy, Google notified unpatched vulnerabilities in third-party software within seven days..

Google Disclosed Microsoft Vulnerability in Microsoft’s software update code which Google’s Project Zero team went public, disclosed an unpatched vulnerability in the operating system. Google warned Microsoft that hackers can make use of the situation to upgrade their advantages.

Google Disclosed Microsoft vulnerabilityGoogle Project Zero Team member Mateusz Jurczyk discovered vulnerability in gdi32.dll allows attackers to attack windows operating system. Along with MS16-074,

Microsoft accepted the flaws and tried to solve (patch it) released in June 2016 but only part of the problem is fixed. He said to the tech users “We’ve discovered that not all of the DIB-related problems are gone. As a result, it is possible to disclose uninitialized or out-of-bounds heap bytes via pixel colors, in Internet Explorer and other GDI clients which allow the extraction of displayed image data back to the attacker”.

This is not the first time, Google discloses previously in November 2016.

That time Windows boss Terry Myerson said “We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure. Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk”.

This time Google Disclosed Microsoft Vulnerability, released proof-of-concept code and at the last hour Microsoft decided to delay their latest updates. While all Microsoft users are eagerly waiting for the problem to be resolved soon.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 

 


Show Buttons
Hide Buttons