Monthly Archives: March 2017

  • 0
Scareware scammers lock iOS Safari

Scareware scammers lock iOS Safari

Category : Blog

Scareware scammers lock iOS Safari

Scareware scammers lock iOS safari to extort ransom money from iOS users. As researchers Andrew Blaich and Jeremy Richards at the San Francisco- firm explain in a blog post based mobile security:

“The user reported that he had lost control of Safari after visiting a website and was no longer able to use the browser. The user provided a screenshot (below) showing a ransomware message from pay-police[.]com, with an overlaid ‘Cannot Open Page’ dialog from Safari. Each time he tapped ‘OK’ he would be prompted to tap ‘OK’ again, effectively putting the browser into an infinite loop of dialog prompts that prevented him from using the browser.”

The scammers get this infinite pop-up loop by using the fact that Mobile Safari handled pop-up dialogs on a per-app basis. In other words, if an iOS user encountered a JavaScript-based pop-up ad in Mobile Safari, they saw it across all their open tabs. Such behavior left many victims to use the app ie, unless they agreed to the attackers’ demands by sending over a SMS message containing a code for 100 pounds worth of iTunes gift cards.

Scareware scammers lock iOS Safari
The infection reported to Lookout occurred after the user visited pay-police[.]com. But this campaign, which leverages Javascript code stolen from another operation, uses multiple URLs to display different messages based on a user’s country code identifier. These payloads originate from unique phishing domains and email addresses, like “us.html networksafetydept@usa[.]com” for the United States and “nz.html cybercrimegov@post[.]com” for New Zealand.

Blaich and Richards elaborate on this point:

“The victim could regain access without paying any money. Lookout determined the best course of immediate action for the user who initially reported it was to clear the Safari cache to regain control of the browser. (Settings > Safari > Clear History and Website Data) Once a person erases all web history and data, effectively starting Safari as a fresh app, the ransom campaign is defeated.”

Apple has since made it even easier. With the recent update to iOS (version 10.3), the tech giant changed Mobile Safari’s handling of pop-ups to a per-tab basis. This means that users who encounter persistent pop-ups in Mobile Safari can now close out the affected tab and switch to another one.
To protect against this type of campaign, every users should avoid suspicious links and email attachments and should be careful about what websites they visit on all their devices.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0

Sensitive Information Leaked Publicly

Category : Blog

Sensitive Information Leaked Publicly

“Think twice before you click” We often shared to computer users to help them protect from unreliable links and malware infected email links. Wait a moment and look at the pop-up “Do not show this message again”. This is a warning message which we face daily. It is trying to say that if we “really” know what we are about to do. Sensitive Information Leaked Publicly

But this weekend we were once again reminded of the risk of clicking on the “Do not show this message again” option.

UK-based security architect Kevin Beaumont writes on Twitter, after noticing that personal and sensitive information like passwords, social security numbers, dates of birth, credit card statements, medical details were being shared publicly on Microsoft’s document-sharing website, docs.com.

Rob Griffiths writes on his blog that when we upload a file to docs.com, it makes it publicly accessible by default:

Sensitive Information Leaked Publicly

Microsoft clearly realised this might be a problem as its docs.com site displays a warning when you attempt to publish the document.

Sensitive Information Leaked Publicly

And there lies the risk. The warning isn’t really a strong message. But then things get even worse because it is so easy to tell this dialog to go away and never show its face again.

Griffiths summarise the issue:-

“I really don’t think Microsoft should default to public share for any uploaded file; that’s just not a safe strategy. (The other setting is Limited, which means a user must have a link to your document to view it. This would protect users from accidentally sharing files that were intended to be privately shared, not publicly visible.)And if, for whatever reason, Microsoft doesn’t want to default to Limited, then that warning dialog should pop up every single time, with no way to bypass it. If you’ve used docs.com, you may want to double-check that what you thought was private is actually private.”

Ultimately you are the user of your personal and sensitive information. If you feel to use a cloud-based service to store your confidential data, then please be careful to think twice before you click – especially when it comes to warning message that conclude with the dangerous words “Do not show this message again”.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


  • 0

How to generate Word list using Crunch ?

Category : Blog

How to generate Word list using Crunch ?

How to generate Word list using Crunch ? In our previous blog, we discussed about how to hack or recover any unknown passwords. In this blog, we will tell you how to generate word list using Crunch. In password cracking, we often need to use a word list. The word lists are intended primarily for use with password crackers such as hashcat , John the Ripper and with password recovery utilities.

This is a tutorial for newbies and anyone who hasn’t yet used Crunch before.

Crunch is a utility that is used to create word lists using letters, numbers, and symbols for every possible combination or according to specific rules.

Here in this tutorial you will get to know about generate word list using crunch.

Want to know how to hack any password? Click here to know about this.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Crack Any Password And Identify Unknown Password

Crack Any Password And Identify Unknown Password

Category : Blog

Crack Any Password And Identify Unknown Password

Crack Any Password And Identify Unknown Password. Password Cracking refers to guess or crack passwords to gain access to a computer system. It is a common approach to identify an unknown or forgotten password. Password crackers will usually use a variety of tools, scripts or software to crack a system password.

Methods of Password Crackers

Two Primary Methods are implemented to identify correct passwords: brute-force and dictionary searches.

  • If a password is recovered by brute-force, it runs through combinations of characters within a predetermined length until it finds the combination accepted by the computer system.
  • When applying a dictionary search, a password cracker searches each word in the dictionary for the correct password.

John the Ripper is a free and open source password hacking software tool build in Kali Linux. Here is the tutorial . Click to view the tutorial.

 

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 


  • 0
USG Protects Hacking Attacks

USG Protects Hacking Attacks

Category : Blog

USG Protects Hacking Attacks

USG Protects Hacking Attacks. Do you ever feel the need for a hardware firewall for your USB ports? USG v1.0 is one such effective device that users can use to identify the maliciousness stored on suspicious USB drive. It is fully open firmware and two STM32F4 microprocessors make this possible.

So, what if you find a random USB drive on a table? You will pick it up and use it? Can you trust it properly? What if the firmware running on your computer has already been modified by the manufacturer? There is no simple method to get an answer of these questions.

But a device automatically trusts every device you plug in, which may increase you risk. You have to take precautions.

To identify this problem, USG was created. . It’s a small tool for the privacy-oriented people who are habitual of adding extra layers of security in their digital lives.

What is USG? How does this hardware firewall work?

USG Protects Hacking Attacks

To use USG, you need to put its one end to your PC and the suspected USB device into the other. It automatically scans the USB device for USB attacks, which can harm you via USB driver exploits and hidden/visible evil functionality.

The USG uses two STM32F4 microprocessors communicating over a high-speed serial link which allows only a restricted set of commands to pass. So, a malicious host is barred from corrupting the USB drive’s firmware.

The USG supports mass storage devices, flash drives, keyboard, and mice. In future updates, you can expect to see some extra devices. Talking about the speed, USG Version 1 uses 12 Mbps hardware, so the storage transfer should run around 1MBytes per second.

You should note that the USG protects you from low-level USB attacks, but it can’t save you from viruses stored in the drive’s file system. Also, it wasn’t designed to resist physical voltage overload attacks. So, it doesn’t claim to protect you fully from the USB Killer. However, it might be possible that after destroying the USG’s circuits, the voltage surge will be reduced to a safe level.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


  • 0
Student Hacked Professors’ Emails

Student Hacked Professors’ Email

Category : Blog

Student Hacked Professors’ Email

Student Hacked Professors’ Email. A University has expelled a student for hacking their several Professors’ email.

Technion Institute of Technology, a public research institute based in Haifa, Israel, revealed the disciplinary actions it took against the student to Ynetnews:

We are taking this case very seriously, as it is very unusual. The student, who acted in a manner that is most reprehensible, was punished severely by the disciplinary committee and was immediately and indefinitely expelled from the institution. A complaint was also filed against him with the police for the suspicion of cyber crimes.”

Student Hacked Professors’ Emails

The university said “The student is guilty of implanting files for the purpose of transferring email from accounts of several professors.” With that unauthorized access, the student took it upon themselves to change their grades. Their actions violated Technion’s acceptable use policy for university-owned computers.

Associate Dean for Undergraduate Student Affairs Prof. M. Orenstein says Technion disclosed the incident to its community in the interest of protecting honest students who don’t cheat: “Cheating in tests and exams hurt honest students first of all, and so to better safeguard these students we notify all students in the faculty of verdicts given to those who were caught in their wrongdoing. These event are being made public is a way to inform you that this subject is important to us as is handled thoroughly, and so the name of the student is usually reducted.”

Universities should not only make faculty and students aware of best security practices. They should also create information security degree programs. These efforts will help them in future.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
US Air Force documents backup leaks

US Air Force documents backup leaks

Category : Blog

US Air Force documents backup leaks

US Air Force documents backup leaks. Sensitive information of United States Air Force got exposed publicly on Internet. It allows anyone to use them without any authorisation and password. Only via web connection anyone can access it.

Security researchers at MacKeeper discovered that they found gigabytes of files on a internet – connected backup files which was not password-protected.

US Air Force documents backup leaksWe get to know from MacKeeper blog that The most shocking document was a spreadsheet of open investigations that included the name, rank, location, and a detailed description of the accusations. The investigations range from discrimination and sexual harassment to more serious claims. One example is an investigation into a Major General who is accused of accepting $50k a year from a sports commission that was supposedly funneled into the National Guard”.

ZDNet reports said, “The names and addresses, ranks, and social security numbers of more than 4000 US Air Force officers were included in the stash of personal information”.

Other Documents contains phone numbers and contact information for workers and their spouses.

We don’t know that how long the information can be  accessible online. You should keep in mind that if you decide to store backup information on internet , and specially when the information is sensitive, you should ensure that you have reduced the risk of it falling into wrong hands.

You should always keep your computer patched and run an up-to-date anti-virus, use encryption, enable passwords and ensure that the password should be a strong one.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


  • 0
Popular Smartphone Infected with Malware

Popular Smartphone Infected with Malware

Category : Blog

Popular Smartphone Infected with Malware

Want to buy a new android Smartphone? Or Already bought new android Smartphone? Do not expect it to be a clean sheet. Popular Smartphone Infected with Malware.  Pre-installed android malware found in 36 Smartphone’s.

Popular manufacturing companies like Samsung, LG, Xiaomi , Asus, Nexus, Oppo and Lenovo distributed by two unidentified companies have been found pre-loaded with malware programs.

These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker.

According to a blog “The malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed”.

Popular Smartphone Infected with Malware

In February 2016Loki Trojan injects devices inside core Android operating system to gain powerful root privileges. The Trojan includes spyware-like features, like grabbing the list of current applications, browser history, contact list, call history, and location data.

SLocker is a mobile ransomware that locks victim’s devices for ransom and communicates through Tor in order to hide the identity of its operators.

List of Popular Smartphone Infected with Malware

  • Galaxy Note 2
  • LG G4
  • Galaxy S7
  • Galaxy S4
  • Galaxy Note 4
  • Galaxy Note 5
  • Xiaomi Mi 4i
  • Galaxy A5
  • ZTE x500
  • Galaxy Note 3
  • Galaxy Note Edge
  • Galaxy Tab S2
  • Galaxy Tab 2
  • Oppo N3
  • Vivo X6 plus
  • Nexus 5
  • Nexus 5X
  • Asus Zenfone 2
  • LenovoS90
  • OppoR7 plus
  • Xiaomi Redmi
  • Lenovo A850

 

Remove the malware from Smartphone

Though it’s hard to remove, still to remove the malware from the infected devices, either you can root your device and uninstall the malware apps easily, or you would need to completely reinstall the phone firmware/ROM via a process called “Flashing.”

Flashing is a complex process, in which users power off their device and approach a technician/mobile service provider.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Fortune 1000 Companies Vulnerability

Fortune 1000 Companies Vulnerability

Category : Blog

Fortune 1000 Companies Vulnerability

Fortune 1000 Companies Vulnerability. A recent report reveals about the Fortune 1000 Companies Face Data Breaches. This Fortune 1000 company suffer twice the amount of data breaches their peers.

BitSight’s latest report revealed “How Secure Are America’s Largest Business Partners? and Rating Cybersecurity Performance of Fortune 1000,” companies which are part of this list are very likely to suffer a data breach. The report shows that the companies, who have a Security rating 900 are at the top and safest ,while companies with Security rating 500 or lower have five times more chances to experience public disclosed breach compared to other companies who have Security rating 700 or higher.

Fortune 1000 Companies Data Breaches

“Understanding security maturity of the Fortune 1000 companies provided greater context for any organisation looking to benchmark their own performance,” said Stephen Boyer, the co-founder and CTO of BitSight. “Moreover, the data can be used to improve inform companies of the risks posed when they are sharing data or network access with the Fortune 1000 organisations.”

One out of every 20 Fortune 1000 companies has experienced publicly disclosed breach. Those companies that had a deal over the Internet experiences a data breach.

There is also the greater problem that a majority of Fortune 1000 companies are found to have at least one remote administration service running on an open port, which may allow unauthorized access to machines. This vulnerability should be solved.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
DNA Digital Data Storage

DNA Digital Data Storage

Category : Blog

DNA Digital Data Storage

DNA Digital Data Storage. Usually , You all have heard about computer storage devices like floppy disks, USB flash drives, memory cards, memory sticks, tape cassettes, zip cassettes, computer hard drives, CD’s and DVDs etc

Have you ever heard about DNA storage? Yes, Researchers are discovering and investing lots of efforts into new storage techniques like DNA storage. Even they are able to read the data without any error. Including 6 files, a movie and even a virus is stored on DNA strand.

Quite Interesting right? Let us know something more.

Researchers are working on DNA storage apart from working on tons of data on tiny USB drives .  DNA storage have some advantages like it has high data storage capacity and long lasting ability. Companies like Microsoft are spending a lot of money on this technology.

DNA Digital Data Storage

Recently, the scientists from the Data Science Institute at Columbia University and the New York Genome Center published a new paper that showed how the DNA-based data storage technique can be used to store digital information like operating system, malware, or movie.

How DNA storage work?

From an Article we get to know “Yaniv Erlich, from California University and Dina Zielinski, from the New York Genome Center, looked for algorithms that were being used to encode and decode data. The files were converted into the binary strings of 1s and 0s. Then, they were compressed into one master file and the data was divided into short strings of binary code.

 To randomly pick these short strings and reassemble them in proper order later, they developed an algorithm called DNA fountain. This was followed by the creation of DNA strands.

To decode the strands, the sequences were fed into a computer that translated it into binary and reassembled the original files. The files which were created after this process contained zero errors.”

Future APPLICATION

This is very costly and unsuitable for large scale of application. The researchers had to spend $7000 to create the strands with 2 MB data and another $2000 to read it. Erlich said that “We are still in early days, but it also took magnetic media years of research and development before it became useful”.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Show Buttons
Hide Buttons