Monthly Archives: June 2018

  • 0

Docker Images Removed From Docker Hub

Category : Blog

Docker Images Removed From Docker Hub

Docker is a computer program that performs operating-system-level virtualization also known as containerization. It is developed by Docker, Inc. Docker is primarily developed for Linux, where it uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces.

The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users’ servers for the past year.

The malicious Docker container images have been uploaded on Docker Hub, the official repository of ready-made Docker images that sysadmins can pull and use on their servers, work, or personal computers.

These Docker images allow sysadmins to quickly start an application container within seconds, without having to create their own Docker app container, a complicated and painstaking process that not all users are technically capable or inclined to do.

 

Docker

 

 

Malicious Docker images remained online for a year

Just like it happened with other package repositories in the past —such as Python and npm— malicious actors have uploaded malicious packages on the main Docker Hub repository.

Because new Docker images don’t go through a security audit or testing process, these images were listed on the Docker Hub portal right away, where they remained active between May 2017 and May 2018, when the Docker team finally intervened to pull them down.

All 17 images were uploaded on the Docker Hub portal by the same person/group, using the pseudonym of “docker123321.” Some of these packages have been installed more than one million times, while others were used hundreds of thousands of times.

 

Malicious Docker images

 

Took a while before users caught on to what was happening

Signs that something was wrong on the Docker and Kubernetes (app for managing Docker images at a large scale) scene started appearing last September and continued through the winter. Users reported that malicious activity was happening on their cloud servers running Docker and Kubernetes instances. Reports of security incidents involving Docker images were posted on GitHub and Twitter.

Several security firms and security researchers such as Sysdig, Aqua Security, and Alexander Urcioli also published reports about security incidents they’ve observed.

 

Github

 

 

Malicious Docker images taken offline

While the number of security incidents grew, it was only when Fortinet and Kromtech got involved that all the pieces surrounding these hacks got put together, and researcher tracked down all these incidents to the docker123321 account.

Docker removed the 17 backdoored images from Docker Hub on May 10, this year, a week after Fortinet published a report about some of the cryptocurrency mining incidents linking back to Docker images created by the docker123321 account.

 

security

 

Some affected servers may still be compromised

Kromtech researchers warn that some of these images also contained backdoor-like capabilities thanks to the embedded reverse shells.

This means that even if victims stopped using or removed the malicious Docker images, the attacker could have very easily obtained persistence on their systems through other means, possibly granting them access to the system at a later time.

 

Kromtech

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


  • 0
Monero

Monero Currently in Circulation Has Been Mined Using Malware

Category : Blog

Monero Currently in Circulation Has Been Mined Using Malware

Monero cryptocurrency currently in circulation has been mined using malware, and about 2% of the total daily hashrate comes from devices infected with cryptocurrency-mining malware. These numbers are the results of in-depth research of the coin-mining malware scene by security researchers from Palo Alto Networks.

The report, released June 11, has analyzed 629,126 malware samples that have been detected as part of coin-mining operations. The research didn’t analyze in-browser miners (cryptojackers), but only traditional malware families that infected desktops and servers since June last year, when there was a significant spike in coin-mining operations.

The research team at Palo Alto discovered because malware needs to be built directly into the source code of cryptocurrency mining pool. The malware also requires a Monero address under which it operates and handles any illegal funds generated from mining the cryptocurrency.

 

Monero

 

 

Monero is the most popular cryptocoin

According to researchers, 84% of all malware samples they’ve detected were focused on mining for the Monero cryptocurrency, by far the most popular coin among malware groups.

Because Monero-based coin-mining malware must embed in its source code the mining pool and Monero address through which the malware operates and collects ill-gotten funds, researchers have been able to track most of the money these groups generated on infected devices.

By querying nine mining pools (which allow third-parties to query their payment stats) with the 2,341 Monero addresses researchers found embedded in the 531,6663 malware samples that focused on mining Monero, they were able to determine the amount of funds these groups have made in the past year.

 

coin-mining

 

Malware groups made over $108 million worth of Monero

According to Palo Alto Networks researchers, criminal groups have mined an approximate total of 798,613.33 Monero coins (XMR) using malware on infected devices.

That’s over $108 million in US currency, just from coin-mining operations alone. This sum also represents around 5% of all the Monero currently in circulation —15,962,350 XMR.

Furthermore, since mining pools also reveal a miner’s hash rate —the speed at which a miner completes an operation— researchers were also able to determine the amount of Monero coin-mining botnets have been generating per day.

Researchers say that during the past year, infected devices were responsible for 19,503,823.54 hashes/second, which is roughly 2% of the entire hashing power of the Monero network.

 

Malware

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


  • 0
Ethereum

Ethereum “Giveaway” Scammers Have Tricked People Out of $4.3 Million

Category : Blog

Ethereum “Giveaway” Scammers Have Tricked People Out of $4.3 Million

Ethereum is a distributed public blockchain network. the Ethereum blockchain focuses on running the programming code of any decentralized application.

In the Ethereum blockchain, instead of mining for bitcoin, miners work to earn Ether, a type of crypto token that fuels the network.

Online crooks promoting fake “giveaways” have tricked people out of 8,148 Ether, currently worth around $4.3 million, according to statistical data compiled in EtherScamDB.

The EtherScamDB website was created by the team behind the MyCrypto wallet service for the purpose of tracking various types of online scams centering around the Ethereum platform and associated cryptocurrencies and assets.

For the past few months, the website has been inventorying various types of Ethereum scams, such as classic phishing sites that imitate legitimate apps and wallets, trust-trading sites that push inaccurate advice or recommendations, but also online giveaways scams that promise to multiply Ether funds if victims transfer crooks a small sum of money.

 

Ethereum

 

Twitter’s “Ether giveaway” scam problem

The latter category has recently become rampant on Twitter, and on a daily basis, the social network’s most popular tweets are often inundated by these “Ether giveaway” scams.

More precisely, this particular trend caught fire with crooks this past February after Bleeping Computer first reported that one particular scammer made $5,000 in one night just by posing as Elon Musk, John McAfee, and a few other celebrities on Twitter.

Soon after our report, scams of these types started to flood Twitter left and right, with crooks registering Twitter accounts with names similar to legitimate ones, and then posting misleading messages, asking users to donate funds to an Ethereum address to receive a multiplied sum as part of a limited offer giveaway.

 

scams

 

EtherScanDB tracks hundreds of fake giveway addresses

Some of these scams and the Ether addresses where crooks have been collecting “donations” for the fake giveaways have been tracked in the EtherScamDB.

According to a recent tweet by John Backus, founder of Bloom and Cognito, two blockchain-powered apps, crooks promoting these giveaway scams have made 8,148 Ether ($4.3 million) just from the Ether funds sent to the 468 Ethereum addresses tracked by the site.

This sum is obviously larger, since the website does not track all giveaway scams, but even so, this small statistics shows how big this problem is today.

 

blockchain

 

Twitter’s been slow to react

Twitter, in particular, has been slow to respond to users reporting ake accounts, sometimes taking days or weeks to suspend obvious clones. Nevertheless, with a limited support staff, and with all the hate speech and terrorist propaganda happening on the platform, it is somewhat understandable why Twitter has been slow to react.

In the meantime, spreading the word about this scam is probably the best way to educate users and remind them to pay attention to the Twitter handle from which these offers are being made.

But while some might think the consensus advice is to tell users to “pay attention to the Twitter handle pushing an Ethereum giveaway,” the actual sensible advice is to “not participate in giveaways” to begin with, since most of these are just plain ol’ scams.

 

Twitter

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


  • 0
Weight Watchers

Weight Watchers IT Infrastructure Exposed via No-Password Kubernetes Server

Category : Blog

Weight Watchers suffered a small Security Breach

Weight Watchers is the registered trademark of Weight Watchers International, Inc.

Just like many companies before it, weight loss program Weight Watchers suffered a small security breach after security researchers found a crucial server exposed on the Internet that was holding the configuration info for some of the company’s IT infrastructure.

The exposed server was a Kubernetes instance, a type of software for managing large IT networks and easily deploying app containers across multiple servers, usually on a cloud infrastructure.

Dozens of servers containing Weight Watcher’s data were left exposed after the company failed to password protect software used for managing application containers, according to German cybersecurity firm Kromtech.

An Amazon cloud infrastructure used by Weight Watchers was left vulnerable—46 Amazon S3 buckets in total—including logs, passwords, and private encryption keys, Kromtech found.

 

Weight Watchers

 

Weight Watchers ran a no-password Kubernetes instance

Researchers from German cyber-security firm Kromtech discovered that Weight Watchers forgot to set a password for the administration console of one of its Kubernetes instances.

This granted anyone knowing where to look (port 10250) access to this servers, without the need to enter a username and password.

All in all, the Kubernetes instances exposed an administrator’s root credentials, access keys for 102 of their domains, and 31 IAM users including users with administrative credentials and applications with programmatic access.

Weight Watchers added that its internal team and a third-party forensics company investigated the incident and that “each has independently confirmed that there was no indication that any personally identifiable information was exposed,” a spokesperson said.

The exposure was the result of a misconfigured Kubernetes instance, Kromtech said. Kubernates is a tool developed by Google for managing large numbers of applications. Notably, a Kubernetes instance on Telsa’s cloud infrastructure was hacked earlier this year, and then used by the perpetrators to mine cryptocurrency.

 

Kubernetes

 

Unclear what data was exposed

It is unclear if someone else besides the Kromtech team discovered this Kubernetes instance, but an attacker with access to this server would have been able to access a large part of Weight Watchers’ network.

It is also unclear what kind of data (user details?) these servers were storing, as the Kromtech team could not go wandering off inside Weight Watchers’ network without violating a slew of laws.

Diachenko and the Kromtech team said they reported the exposed server to Weight Watchers, who quickly remediated the issue, thanking the researchers.

 

Unclear Data

 

Weight Watchers claims it was a non-production network

“We really appreciate the community working to make us all safer,” a Weight Watchers spokesperson said in its response to Kromtech.

“We have confirmed the issue – a security group for a test cluster in our non-production account was misconfigured during testing. The issue should be resolved and keys should be revoked. We’ve also implemented some safeguards to protect against this issue from recurrence.”

But Kromtech disputes Weight Watchers’ explanation that this was a non-production account. Nonetheless, today, a Weight Watchers spokesperson stood by its initial statement.

“Last week, Weight Watchers received a report from security researchers related to the exposure of credentials in one non-production AWS account,” a company spokesperson told Bleeping Computer via email. “The account was in a testing environment clearly labeled ‘nonprod’ and is used only to test new services and features.”

“To be able to test and innovate securely, we keep test environments completely separate from production environments. Our internal team and a reputable third-party security forensics team have investigated the exposed account key scope and activity, and each has independently confirmed that there was no indication that any personally identifiable information was exposed,” the spokesperson told us.

Weight Watchers is certainly not the first company to have to deal with a leaky or non-protected server. Other companies that suffered a similar fate include Tesla, Honda, Universal, and Bezop, just to name a few.

 

Kromtech

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 

 

 


  • 0

Cisco Removes Backdoor Account, Fourth in the Last Four Months

Category : Blog

Cisco Removes Backdoor Account, Fourth in the Last Four Months

Cisco is the largest networking company in the world. The stock was added to the Dow Jones Industrial Average on June 8, 2009, and is also included in the S&P 500 Index, the Russell 1000 Index, NASDAQ-100 Index and the Russell 1000 Growth Stock Index.

For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.

This time around, the hardcoded password was found in Cisco’s Wide Area Application Services (WAAS), which is a software package that runs on Cisco hardware that can optimize WAN traffic management.

 

Cisco

 

Harcoded SNMP community string

This backdoor mechanism (CVE-2018-0329) was in the form of a hardcoded, read-only SNMP community string in the configuration file of the SNMP daemon.

SNMP stands for Simple Network Management Protocol, an Internet protocol for collecting data about and from remote devices. The community string was there so SNMP servers knowing the string’s value could connect to the remote Cisco device and gather statistics and system information about it.

 

SNMP

 

Hardcoded creds is invisible to device owners

Making matters worse, this SNMP community string is hidden from device owners, even from the ones with an admin account, meaning they couldn’t have located it on their own during regular security audits.

The string came to light by accident, while security researcher Aaron Blair from RIoT Solutions was researching another WaaS vulnerability (CVE-2018-0352).

This second vulnerability was a privilege escalation in the WaaS disk check tool that allowed Blair to elevate his account’s access level from “admin” to “root.” Normally, Cisco users are permitted only admin access. The root user level grants access to the underlying OS files and is typically reserved only for Cisco engineers.

 

vulnerability

 

WaaS updates released to remove hardcoded SNMP creds

The researcher reported the issue to Cisco in March. Cisco released updates for WaaS this week. There are no mitigations or workarounds for avoiding the exploitation, and users must apply the WaaS software updates.

The Cisco WaaS patches are part of a batch of 28 security fixes that Cisco released on June 6, this week.

Twice in March and again in May, Cisco removed other similar backdoor accounts and mechanisms in other software such as the Prime Collaboration Provisioning (PCP), the IOS XE operating system, and the Digital Network Architecture (DNA) Center. Unlike this latest issues, the first three were discovered by Cisco engineers during internal audits.

 

WaaS

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


  • 0

F-Secure Fixes Serious Vulnerability in Antivirus Products

Category : Blog

F-Secure Fixes Serious Vulnerability in Antivirus Products

F-Secure Corporation (formerly Data Fellows) is a Finnish cyber security and privacy company based in Helsinki, Finland. The company has 20 country offices and a presence in more than 100 countries, with Security Lab operations in Helsinki, Finland and in Kuala Lumpur, Malaysia. The company develops and sells antivirus, password management, endpoint security, and other cyber security products and services.

F-Secure has fixed a severe vulnerability in its home and enterprise antivirus products that could have allowed an attacker to execute malicious code on the user’s machine and take over affected PCs

The actual vulnerability doesn’t affect F-Secure directly, but the 7-Zip file archiving software, which F-Secure uses to decompress archives, scan them for threats, and repackage the original file.

 

F-Secure

 

Vulnerability really resides in 7-Zip

A security researcher going by the pseudonym of “landave” discovered this particular vulnerability (CVE-2018-10115) in March and worked with 7-Zip team to fix the problem.

This was landave’s third vulnerability affecting 7-Zip after he previously also discovered CVE-2017-17969 and CVE-2018-5996. Similarly, the researcher found two 7-Zip-related bugs affecting the Bitdefender antivirus last year, in 2017.

 

7-Zip

 

Vulnerability exploited via poisoned RAR file

According to a technical write-up explaining the 7-Zip vulnerability in more detail, the 7-Zip bug can be exploited by creating a malformed RAR archive that when decompressed triggers the execution of malicious code on a user’s computer.

Since F-Secure antivirus products automate some of these file decompression operations during their scanning procedure, exploiting this bug was as trivial as tricking a malicious user into accessing a malicious URL that initiated a file download.

Landave says that F-Secure products will automatically scan every newly downloaded file that’s under 5MB in size, meaning that once the download of the malicious RAR file finishes, the malicious code inside the RAR exploits CVE-2018-10115 and runs malicious operations on the user’s computer.

 

exploited

 

Exploit chain bypasses ASLR

The researcher says that even if F-Secure implemented Address Space Layout Randomisation (ASLR), a security feature to prevent such exploits, he was able to find a bypass that would allowed him to run the attack regardless.

F-Secure users don’t have to take any action to receive this update unless they’ve turned off the auto-update feature. A list of affected products is included in this F-Secure security advisory. Only F-Secure for Windows versions were affected, and not the company’s Mac and Linux products.

 

ASLR

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


  • 0
CrowdStrike

CrowdStrike customers suffers data breach

Category : Blog

CrowdStrike customers suffers data breach

CrowdStrike is an American cybersecurity technology company based in Sunnyvale, California, and a wholly owned subsidiary of CrowdStrike Holdings, Inc. The company provides endpoint security, threat intelligence, and incident response services to customers in more than 170 countries. The company has been involved in countermeasure efforts to several high-profile cyber-attacks, including the Sony Pictures hack the 2016 Democratic National Committee email leak, and the Democratic National Committee cyber attacks.

When data breaches occur, often, the problem can be traced down to third-parties in a supply chain, or basic, lax security processes in IT environments.

US cyber-security firm CrowdStrike announced a new warranty program for its customers, offering to cover up to $1 million in expenses if a customer protected by its top-tier endpoint protection solution suffers a security breach.

On Tuesday, the cybersecurity firm announced the launch of a warranty worth up to $1 million should customers of its endpoint security software experience a successful data breach caused by exploits, ransomware, zero-day vulnerabilities, and more.

 

CrowdStrike

 

The warranty can be used to cover data breach expenses

CrowdStrike says customers can use the warranty to cover certain breach response fees and expenses incurred by the customer following the breach, such as legal consultation, forensic services, notification expenses, identity theft and credit monitoring, public relations and cyber extortion payments.

The warranty is offered on a “take it or leave it” basis, and CrowdStrike doesn’t plan to allow customers to negotiate its terms and coverage.

The warranty will only cover security breaches during its duration, and pre-existing security incidents are not eligible.

 

warranty

 

The problem of inexistent security software warranties

“Other industries have long offered product warranties to assure customers that the products they purchase will function as advertised,” CrowdStrike said on Tuesday in a canned presser. “This has not been the case in cybersecurity, where customers generally have little recourse when security products fail to protect them.”

The company claims it’s the first to offer such a data breach warranty protection to clients. This may be true for “data breaches,” but not true for other types of security incidents.

 

data breaches

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


  • 0
Crypto

Crypto Mining used by Prowli Malware which Infects over 40,000 Machines

Category : Blog

Crypto Mining used by Prowli Malware which Infects over 40,000 Machines

Crypto currency is a type of digital currency that uses cryptography for security and anti-counterfeiting measures. Public and private keys are often used to transfer cryptocurrency between individuals.

Cyber-criminals have managed to assemble a gigantic botnet of over 40,000 infected web servers, modems, and other IoT devices, which they used for cryptocurrency mining, and for redirecting users to malicious sites.

The campaign called Operation Prowli used various techniques like exploits and password brute-forcing to spread malware and take over devices, such as web servers, modems, and Internet-of-Things (IoT) devices. GuardiCore found that the attackers behind Prowli were focused on making money rather than ideology or espionage.

 

Crypto

 

Crooks deploy cryptocurrency miner, backdoor, SSH scanner

Once servers or IoT devices have been compromised, the Prowli group determines if they can be used for heavy crypto currency mining operations.

Those that can are infected with a Monero miner and the r2r2 worm, a malware strain that performs SSH brute-force attacks from the hacked devices, and helps the Prowli botnet expand with new victims.

Furthermore, CMS platforms that are used to run websites receive special treatment, because they are also infected with a backdoor (the WSO Web Shell).

Crook used this web shell to modify the compromised websites to host malicious code that redirects some of the site’s visitors to a traffic distribution system (TDS), which then rents out the hijacked web traffic to other crooks and redirects users to all sorts of malicious sites, such as tech support scams, fake update sites, and more.

 

Crook

 

A money-making machine

The big picture, according to researchers, is that the entire Prowli operation was intentionally designed and optimized to maximize profits for crooks.

During its lifetime Prowli malware infected over 40,000 servers and devices located on the networks of over 9,000 companies, which it then used to their full potential to earn money before their malware was discovered. Prowli operated without discrimination and made victims all over the world, and regardless of the underlying platform.

 

Prowli malware

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


  • 0
macOS

All New Privacy and Security Features Coming in macOS 10.14 Mojave

Category : Blog

macOS 10.14 Mojave coming with new Privacy and Security Features

macOS is a series of graphical operating systems developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple’s Mac family of computers. Within the market of desktop, laptop and home computers, and by web usage, it is the second most widely used desktop OS, after Microsoft Windows.

The new operating system will include a multitude of app redesigns, a new dark mode, and desktop versions of multiple iOS apps. One focus of the new OS is security and privacy. Mac users will now be a bit safer online thanks to these three changes coming to Mojave.

Apple CEO Tim Cook said the new features included in Mojave are “inspired by pro users, but designed for everyone,” helping you protect from various security threats.

 

macOS

 

Safari’s Enhanced “Intelligent Tracking Prevention”

It’s no longer shocking that your online privacy is being invaded, and everything you search online is being tracked—thanks to third-party trackers present on the Internet in the form of social media like and sharing buttons that marketers and data brokers use to monitor web users as they browse.

But not anymore. With macOS Mojave, Safari has updated its “Intelligent Tracking Prevention”—a feature that limits the tracking ability of website using various ad-tracking and device fingerprinting techniques.

The all-new enhanced Intelligent Tracking Prevention will now automatically block all third-party trackers, including social media “Like” or “Share” buttons, as well as comment widgets from tracking users without their permission.

 

safari

 

End-to-End Encrypted Group FaceTime (Up to 32 People)

This is a huge security improvement, as at WWDC 2018, Apple has introduced group FaceTime feature that lets groups of 32 or fewer people do video calls at the same time, which have end-to-end encryption just like the already existing one-to-one audio and video calls and group audio calls.

End-to-encryption for group calls with the Facetime app means that there’s no way for Apple or anyone to decrypt the data when it’s in transit between devices.

 

Encrypted

 

macOS Mojave Will Alert When Your Camera & Mic Are Accessed

As we reported several times in past few years, cybercriminals have now been spreading new malware for macOS that targets built-in webcam and microphone to spy on users without detection.

To address this threat, macOS Mojave adds a new feature that monitors access to your macOS webcam/microphone and alerts you with new permission dialogues whenever an app tries to access the camera or microphone.

This new protection has primarily been designed to prevent malicious software from silently turning on these device features in order to spy on its users.

 

malware

 

Excessive Data Access Request User Permissions

macOS Mojave also adds similar permission requirements for apps to access personal data like mail database, message history, file system and backups.

By default, the macOS Mojave will also protect your location information, contacts, photos, Safari data, mail database, message history, iTunes device backups, calendar, reminders, time machine backups, cookies, and more.

 

Data

 

Secure Password Management

It is a long warned users to deploy a good password practice by keeping their passwords strong and unique for every website or service. Now, Apple has made it easier in macOS 10.14 Mojave and iOS 12.

While Safari in macOS has provided password suggestions for years when users are asked to create a login at a site, Apple has improved this feature in a way that Safari now automatically generates strong passwords, enters them into the web browser, and stores them in the iCloud keychain when users create new online accounts.

Previously, third-party password manager apps have done that much of tasks, and now Apple is integrating such functionalities directly into the next major versions of both macOS and iOS.

 

Secure

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


  • 0
Drupal

Drupal Sites Over 115,000 Still Vulnerable to Drupalgeddon 2

Category : Blog

Drupal Sites Over 115,000 Still Vulnerable to Drupalgeddon 2

Drupal is a free and open source content-management framework written in PHP and distributed under the GNU General Public License. Drupal provides a back-end framework for at least 2.3% of all web sites worldwide – ranging from personal blogs to corporate, political, and government sites. Systems also use Drupal for knowledge management and for business collaboration.

Two months after the Drupal project released a patch for a highly critical security flaw, there are over 115,000 Drupal sites that have failed to install the fix and are now at the mercy of cyber-criminals.

This estimation comes from Troy Mursch, a US-based security researcher, who spent the last few days scanning the Internet for all sites running a version of the Drupal 7.x CMS.

Mursch was able to find over 500,000 of these sites, and he says that he was able to identify 115,070 websites running an outdated Drupal 7.x CMS version, vulnerable to CVE-2018-7600, also known as Drupalgeddon 2.

 

Drupal

 

Drupalgeddon 2

CVE-2018-7600 is a security flaw that came to light in late March 2018 and was considered one of the most severe security flaws to affect the Drupal CMS since the original Drupalgeddon flaw discovered back in 2014.

The vulnerability allows attackers to take over a site just by accessing a malformed URL, no authentication required. Patches were made available for Drupal 6.x, 7.x, and 8.x versions.

Mursch’s scan didn’t look for 6.x and 8.x sites, but the 500,000 sites he managed to identify and scan are believed to be half of all the Drupal sites deployed online today.

 

Drupalgeddon 2

 

Drupal cryptojacking campaigns have expanded

Hackers started exploiting the Drupalgeddon 2 vulnerability only two weeks after patches came out because most hackers didn’t know how to attack the flaw. Exploitation attempts began soon after the publication of public proof-of-concept code.

Since then, the flaw has been used to infect servers with backdoors, coinminers, cryptojackers, and IoT botnet malware. Mursch himself previously discovered a large cryptojacking campaign using the Drupalgeddon 2 flaw to infect sites’ frontend code with an in-browser miner.

The researcher published a Google Docs spreadsheet at the start of May to track the original campaign, but now, the spreadsheet includes data on several different campaigns and thousands more compromised Drupal sites. With 115,000 of Drupal 7.x sites still without the Drupalgeddon 2 patch, these campaigns have loads of cannon fodder at their disposal.

 

Cryptojacking

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Show Buttons
Hide Buttons