Snow
Forest
Mountains
Snow
Snow

Monthly Archives: April 2017

Karmen low-cost ransomware found

Karmen low-cost ransomware found

Category : Blog

Karmen low-cost ransomware found

Karmen low-cost ransomware found. Yes, security experts have spotted a new “ransomware as a service” (RaaS) called Karmen from threat intelligence firm Recorded Future. This service permits anyone to set up an account and customize their own ransomware campaign.

Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key. Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.

Read more about MacOS under Ransomware attack and Unique Ransomware Vulnerability Attack

The Karmen RaaS is very cheap, it costs just $175, buyers can decide the ransom prices and the duration of the period in which the victims can pay the ransom.

Karmen low-cost ransomware found

It is a multi-threaded and multi-language ransomware that supports .NET 4.0 and uses the AES-256 encryption standard. The malware is .NET dependent and requires PHP 5.6 and MySQL.

It works like any typical ransomware infections, Karmen encrypts files on the infected PC using the strong AES-256 encryption protocol, making them inaccessible to the victim until he/she pays a large sum of money to obtain the decryption key from the attacker.

Karmen automatically deletes its decryptor if analysis software is detected on the victim’s computer to make security researchers away from investigating the threat.

According to Recorded Future, “Karmen Ransomware is sold as a standalone malware variant, only requiring a one-time upfront payment, allowing a buyer to retain 100 percent of payments from infected victims”.

The ransomware is sold in both light and full versions, with the light version omitting sandbox identification functionality; therefore offering a much smaller file size. The RaaS variant is based on the abandoned open-source ransomware building toolkit dubbed Hidden Tear and is being sold on Dark Web forums from Russian-speaking hacker named DevBitox for $175.

Further investigation discovered that “DevBitox” a Russian-speaking cyber criminal, was the seller behind the Karmen malware in March 2017.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


Suspected Russian hackers targeting French Presidential elections

Suspected Russian hackers targeting French Presidential elections

Category : Blog

Suspected Russian hackers targeting French Presidential elections

It was Suspected Russian hackers targeting French Presidential elections in France by launching a new cyber attack against the campaign offices of the front-runner candidate Emmanuel Macron, claimed by Trend Micro, A Tokyo-based cyber security firm.

On Tuesday the report was released by the firm. The researchers doubted that those who were responsible for the hack of the US Presidential election are now trying to attack the French Presidential elections. Same digital fingerprints were found as the suspected Russian hacking of the Democratic National Committee and others.

The research group did not reveal any of the “potential fallout of the infiltration on the campaign of Macron.”

Pawn Storm, a Cyber spying group targeted Macron’s campaign in March and April.

Suspected Russian hackers targeting French Presidential elections

Rik Ferguson, vice president of Trend Micro’s security research program, told the Washington Post that, “There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example. We found similarities in the IP addresses and malware used in the attacks”.

Extra elements added by Ferguson, “We cannot say for sure whether this was directed by the Russian government, but the group behind the attacks certainly appears to pursue Russian interests”.

According to the Washington Post’s report, the cyber security agency of the France, ANSSI, has confirmed the cyber attacks against Macron.

However, the government control itself from blaming Russia for any kind of attack, it might be possible that “other high-level” hackers could be behind the attack and they are just copying their style so that everyone would blame them (Russain Hackers) for the attacks.

According to the researchers, “the hackers created several email addresses on a fake server with the URL onedrive-en-marche.fr, operating from computers with IP addresses in multiple European nations, including Britain.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Facebook Twitter Snapchat paying hackers to recover technical bugs

Facebook Twitter Snapchat paying hackers to recover technical bugs

Category : Blog

Facebook Twitter Snapchat paying hackers to recover technical bugs

In our day to day lives we socialize and interact with many different types of people, including family, friends, colleagues, or even complete “strangers”. Yes, most of the people we meet on social sites are strangers. Many have fake accounts, sending requests to people and people in term of “Friendship” without knowing that person accept their requests and start connecting with these strangers. The result can be very dangerous as strangers can mislead the laws of social media by hacking your profiles. Now, Facebook Twitter Snapchat paying hackers to recovers technical bugs.

The news may surprise you, but Facebook, Twitter, and Snapchat have a found a unique way to find such faults. Truly they are paying big amounts to white hat hackers around the world to keep them updated about the glitches in their system. They are spending almost around £156,000 every day, to keep their system hassle free.

Facebook Twitter Snapchat paying hackers to recovers technical bugsOne of the hackers known as Topiary online, Jake Davis, who was previously a black hat hacker, was arrested in 2011, but now works for the giant technical companies. He explains his work to Newsbeat, he is now paid by Twitter to hack their website,” Twitter have paid me for disclosing bugs to them. It’s very simple.”

According to Jake Davis, the hackers would be happy to do this work even if they are not paid, so the money is just a extra bonus for them. For them, the main reward is “kudos from other hackers. They’re good at hacking, and they want to be seen to be good at the thing.”

“Facebook are particularly good, they have got a £500 minimum for disclosing bugs to them,” says Jake.

He says that till now Twitter has paid $800,000 (£625,000) to nearly 642 hackers.

This is a good way to stop hackers by paying to be hacked and this can help Facebook Twitter Snapchat paying hackers to recover technical bugs So hackers are having a very good time. That is the reality of today’s online security.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Hackers collecting Pre-Hack data using Pixel tracking.

Hackers Collecting Pre-Hack data

Category : Blog

Hackers Collecting Pre-Hack data

Marketers and Advisers use a simple trick to track web users and email recipients. It is email marketing. This also been abused by cyber criminals and online spies to collect information on possible targets or to improve the efficiency of phishing attacks, both mass and targeted in scope. Hackers  collecting Pre-Hack data using Pixel tracking.

Donald Meyer of Check Point Software Technologies Ltd said “We’ve seen a lot more use of this tactic recently as a probing or information-gathering tool, by phishers and other cyber criminals”.

Pixel tracking is a decades-old email marketing technique that depends on embedding a one-by-one pixel image, usually transparent or of the same color of the email’s background which prevents users from noticing them in most cases. Tracking pixels or web beacons are downloaded when a user opens an email or visits a website unless the user blocks the loading of images inside his emails which lets the advertiser know a user has opened one of its emails.

With a code as simple as  “<img src=”http://example.com/cgi-bin/program?e=email-address”>”, the marketing tools ping a website whenever someone downloads an image.

Most email programs and web browsers work, tracking pixels, once downloaded, can collect and report information about the user’s email address, operating system, device, software, IP address, hostname, cookie usage settings, usage of webmail and date and time of opening the email. Email marketers can use this data to measure the effectiveness of their campaigns

Sadly, everything which makes tracking pixels great for marketers and advertisers, automaticity and the amount of data captured — makes them great for hackers’ reconnaissance. Using the same trick if a hacker gets hold of all this information, they can misuse it to carry out malicious campaigns.

 Hackers  collecting Pre-Hack data using Pixel tracking.On Monday, Meyer said in a blog post that,” In phishing attacks, tracking pixels can be used to learn which recipients are most likely to open scam emails. Since some scammers retool mass phishing attacks against random users to target high-value enterprise users, scammers are turning to pixel tracking to increase the odds a spear phishing attack will succeed…. Our security researchers have already discovered tracking pixels being used in the wild as a surveillance tool to gather information for use in phishing scams”.

Hackers trying to break into a network have to explore its architecture first to find points of entry and ways to move around the system undetected. An attacker will often send phishing emails to map out the network, locate potential weak points and figure out who in the organization is most likely to open suspicious-looking mail and click on links or attachments.

Those employees using webmail clients, it is possible that the company uses a managed cloud services to handle internal operations.  An attacker that can identify that cloud platform could find it very easy to hone future attacks around vulnerabilities in that platform.

Thankfully, it’s not difficult to protect against this clever threat.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Protect Your Device From Hackers

Protect Your Device From Hackers

Category : Blog

Protect Your Device From Hackers

First thing to keep in mind that hacking a system for unauthorised access that does not belong to you is an illegal practice, whatever intention it may be. This is not the first time when any hacker has been watchful, we have seen many more cases in which hackers have used malware to compromise thousands of devices, but instead of hacking them, they forced owners to make them secure. A new malware family known as Hajime is worming its way through DVRs, CCTV systems, and other poorly-protected Internet of Things (IoT) devices. Dubbed Hajime, has already infected at least 10,000 home routers, Internet-connected cameras, and other smart devices. So Protect Your Device From Hackers.

It doesn’t rely on a command and control server (C&C) but instead leverages a peer-to-peer network to send command modules to all its infected devices, which makes the malware more resistant to takedowns. These techniques have helped Hajime grow over time.

Researcher Waylon Grange elaborates in his blog that:

Over the past few months, Hajime has been spreading quickly. Symantec has tracked infections worldwide, with large concentrations in Brazil and Iran. It is hard to estimate the size of the peer-to-peer network, but modest estimates put it in the tens of thousands.”

At this time, the purpose of Hajime remains is not known to anyone.

Protect Your Device From HackersHajime botnet works like Mirai — “it spreads via unsecured IoT devices that have open Telnet ports and uses default passwords — and also uses the same list of username and password combinations that Mirai botnet is programmed to use, with the addition of two more”.

However, what’s interesting about Hajime botnet is that, unlike Mirai, it secures the target devices by blocking access to four ports (23, 7547, 5555, and 5358) known to be vectors used to attack many IoT devices, making Mirai or other threats out of their bay.

Unlike Mirai, Hajime uses a decentralized peer-to-peer network (instead of command and control server) to issue commands and updates to infected devices, which makes it more difficult for ISPs and Internet backbone providers to take down the botnet.

Hajime botnet also takes steps to hide its running processes and files on the file system, making the detection of infected systems more difficult.

The malware currently doesn’t pass off distributed denial of service (DDoS) capabilities to its bots. Instead it displays a message that says :

“Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!”

The Symantec researchers explained that: “One day a device may belong to the Mirai botnet, after the next reboot it could belong to Hajime, then the next any of the many other IoT malware/worms that are out there scanning for devices with hard coded passwords. This cycle will continue with each reboot until the device is updated with a newer, more secure firmware”.

Whether it is good or bad, a malware infection on an IoT device is unwanted. Users should do everything to secure a product they purchase. This begins with researching each device carefully before they purchase it. Be careful before buying!!!!!!!

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


Hackers announces NSA’s powerful Windows hacking tool

Hackers announces NSA’s powerful Windows hacking tool

Category : Blog

Hackers announces NSA’s powerful Windows hacking tool

Hackers announces NSA’s powerful Windows hacking tool .The Shadow Brokers, a hacking group, who previously stole and leaked a portion of the NSA hacking tools has just released a collection of spy tools that is allegedly used by the National Security Agency online.

On Friday, the group published the exploits that were designed to target vulnerabilities in Windows computers and servers, along with the files and other important documents that contain the details the way agency used to carry out clandestine surveillance.

According to the reports, the Windows hacking tools were used by the NSA to target several banks, including the SWIFT banking system.

On Friday, Microsoft said that they have patched the exploits in previous updates. Windows users are notified and advised to update their software and upgrade to Windows 7 or a newer version.

Hackers announces NSA’s powerful Windows hacking tool

Matthew Hickey, founder of security firm Hacker House said “This is quite possibly the most damaging thing I’ve seen in the last several years, this puts a powerful nation-state-level attack tool in the hands of anyone who wants to download it to start targeting servers.”

It appears that the exploits targeted a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.

Hickey said, “The individual consumer is a little less at risk, as these kinds of tools are targeted at enterprise and business environments“.

A Microsoft’s spokesperson stated to CNN Tech that, “We’ve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products. Customers with up-to-date software are already protected.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training