SNMP flaw affects online devices

SNMP flaw affects online devices

A serious security flaw in the application of the SNMP (Simple Network Management Protocol) allows an attacker to gain control over at least 78 cable modem models. SNMP flaw affects online devices  which gives a green signal to the attackers.

SNMP (Simple Network Management Protocol) is used for automated network device identification, monitoring and remote configuration. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.

It was reported by the security researchers Ezequiel Fernandez and Bertin Bervis that the problem entitle StringBleed vulnerability and tracked as CVE 2017-5135,

SNMP fault affects online devices

The Simple Network Management protocol supports three methods for client authentication and to authenticate requests on remote SNMP devices.  Two of them are affected by the authentication bypass issue.

Versions 1 and 2 of the SNMP protocol do not have strong and powerful authentication to begin with. They provide either read-only or write access to a device’s configuration through passwords called community strings.

The StringBleed vulnerability is an Incorrect Access Control issue, remote attackers could utilize and target the issue to execute code on the vulnerable affected devices and gain full read/write remote permissions using any string/integer value.

The researchers said that “We know there are 3 ways to authenticate the client and requests in the remote SNMP device, SNMP version 1 & 2 use a human-readable string datatype value called “community string” (usually public or private) in SNMP version 3 you have the option to use a user, password and authentication methods. ” 

The researchers used a simple python script to build a “snmpget” request that used the sysDescr OID, then they started scanning the Internet for devices that would respond to the request. The experts were searching for sysDescr OID information provided by the devices in response to requests using test strings like ‘admin’, ‘root’, and ‘user.’

Researchers added a new conversation that “We wrote a simple python script from scratch using sockets in order to build the “snmpget” request, in the request we used the sysDescr OID , if the string value we are testing (admin,root etc etc) is the same stored in the SNMP agent for authentication , we are going to retrieve the sysDescr OID information successfully, is like a kind of “brute force”. After some days of scanning we noticed something weird, some devices/fingerprints were always responding no matter which value we used, so what’s going here???”

The results of the Internet Scan were alarming, an attacker could use random or any value string or integer to authenticate the SNMP agent on the flawed devices.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Karmen low-cost ransomware found

Karmen low-cost ransomware found

Karmen low-cost ransomware found. Yes, security experts have spotted a new “ransomware as a service” (RaaS) called Karmen from threat intelligence firm Recorded Future. This service permits anyone to set up an account and customize their own ransomware campaign.

Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key. Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.

Read more about MacOS under Ransomware attack and Unique Ransomware Vulnerability Attack

The Karmen RaaS is very cheap, it costs just $175, buyers can decide the ransom prices and the duration of the period in which the victims can pay the ransom.

Karmen low-cost ransomware found

It is a multi-threaded and multi-language ransomware that supports .NET 4.0 and uses the AES-256 encryption standard. The malware is .NET dependent and requires PHP 5.6 and MySQL.

It works like any typical ransomware infections, Karmen encrypts files on the infected PC using the strong AES-256 encryption protocol, making them inaccessible to the victim until he/she pays a large sum of money to obtain the decryption key from the attacker.

Karmen automatically deletes its decryptor if analysis software is detected on the victim’s computer to make security researchers away from investigating the threat.

According to Recorded Future, “Karmen Ransomware is sold as a standalone malware variant, only requiring a one-time upfront payment, allowing a buyer to retain 100 percent of payments from infected victims”.

The ransomware is sold in both light and full versions, with the light version omitting sandbox identification functionality; therefore offering a much smaller file size. The RaaS variant is based on the abandoned open-source ransomware building toolkit dubbed Hidden Tear and is being sold on Dark Web forums from Russian-speaking hacker named DevBitox for $175.

Further investigation discovered that “DevBitox” a Russian-speaking cyber criminal, was the seller behind the Karmen malware in March 2017.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Suspected Russian hackers targeting French Presidential elections

Suspected Russian hackers targeting French Presidential elections

It was Suspected Russian hackers targeting French Presidential elections in France by launching a new cyber attack against the campaign offices of the front-runner candidate Emmanuel Macron, claimed by Trend Micro, A Tokyo-based cyber security firm.

On Tuesday the report was released by the firm. The researchers doubted that those who were responsible for the hack of the US Presidential election are now trying to attack the French Presidential elections. Same digital fingerprints were found as the suspected Russian hacking of the Democratic National Committee and others.

The research group did not reveal any of the “potential fallout of the infiltration on the campaign of Macron.”

Pawn Storm, a Cyber spying group targeted Macron’s campaign in March and April.

Suspected Russian hackers targeting French Presidential elections

Rik Ferguson, vice president of Trend Micro’s security research program, told the Washington Post that, “There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example. We found similarities in the IP addresses and malware used in the attacks”.

Extra elements added by Ferguson, “We cannot say for sure whether this was directed by the Russian government, but the group behind the attacks certainly appears to pursue Russian interests”.

According to the Washington Post’s report, the cyber security agency of the France, ANSSI, has confirmed the cyber attacks against Macron.

However, the government control itself from blaming Russia for any kind of attack, it might be possible that “other high-level” hackers could be behind the attack and they are just copying their style so that everyone would blame them (Russain Hackers) for the attacks.

According to the researchers, “the hackers created several email addresses on a fake server with the URL onedrive-en-marche.fr, operating from computers with IP addresses in multiple European nations, including Britain.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Facebook Twitter Snapchat paying hackers to recover technical bugs

Facebook Twitter Snapchat paying hackers to recover technical bugs

In our day to day lives we socialize and interact with many different types of people, including family, friends, colleagues, or even complete “strangers”. Yes, most of the people we meet on social sites are strangers. Many have fake accounts, sending requests to people and people in term of “Friendship” without knowing that person accept their requests and start connecting with these strangers. The result can be very dangerous as strangers can mislead the laws of social media by hacking your profiles. Now, Facebook Twitter Snapchat paying hackers to recovers technical bugs.

The news may surprise you, but Facebook, Twitter, and Snapchat have a found a unique way to find such faults. Truly they are paying big amounts to white hat hackers around the world to keep them updated about the glitches in their system. They are spending almost around £156,000 every day, to keep their system hassle free.

Facebook Twitter Snapchat paying hackers to recovers technical bugsOne of the hackers known as Topiary online, Jake Davis, who was previously a black hat hacker, was arrested in 2011, but now works for the giant technical companies. He explains his work to Newsbeat, he is now paid by Twitter to hack their website,” Twitter have paid me for disclosing bugs to them. It’s very simple.”

According to Jake Davis, the hackers would be happy to do this work even if they are not paid, so the money is just a extra bonus for them. For them, the main reward is “kudos from other hackers. They’re good at hacking, and they want to be seen to be good at the thing.”

“Facebook are particularly good, they have got a £500 minimum for disclosing bugs to them,” says Jake.

He says that till now Twitter has paid $800,000 (£625,000) to nearly 642 hackers.

This is a good way to stop hackers by paying to be hacked and this can help Facebook Twitter Snapchat paying hackers to recover technical bugs So hackers are having a very good time. That is the reality of today’s online security.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Hackers Collecting Pre-Hack data

Hackers Collecting Pre-Hack data

Marketers and Advisers use a simple trick to track web users and email recipients. It is email marketing. This also been abused by cyber criminals and online spies to collect information on possible targets or to improve the efficiency of phishing attacks, both mass and targeted in scope. Hackers  collecting Pre-Hack data using Pixel tracking.

Donald Meyer of Check Point Software Technologies Ltd said “We’ve seen a lot more use of this tactic recently as a probing or information-gathering tool, by phishers and other cyber criminals”.

Pixel tracking is a decades-old email marketing technique that depends on embedding a one-by-one pixel image, usually transparent or of the same color of the email’s background which prevents users from noticing them in most cases. Tracking pixels or web beacons are downloaded when a user opens an email or visits a website unless the user blocks the loading of images inside his emails which lets the advertiser know a user has opened one of its emails.

With a code as simple as  “<img src=”http://example.com/cgi-bin/program?e=email-address”>”, the marketing tools ping a website whenever someone downloads an image.

Most email programs and web browsers work, tracking pixels, once downloaded, can collect and report information about the user’s email address, operating system, device, software, IP address, hostname, cookie usage settings, usage of webmail and date and time of opening the email. Email marketers can use this data to measure the effectiveness of their campaigns

Sadly, everything which makes tracking pixels great for marketers and advertisers, automaticity and the amount of data captured — makes them great for hackers’ reconnaissance. Using the same trick if a hacker gets hold of all this information, they can misuse it to carry out malicious campaigns.

 Hackers  collecting Pre-Hack data using Pixel tracking.On Monday, Meyer said in a blog post that,” In phishing attacks, tracking pixels can be used to learn which recipients are most likely to open scam emails. Since some scammers retool mass phishing attacks against random users to target high-value enterprise users, scammers are turning to pixel tracking to increase the odds a spear phishing attack will succeed…. Our security researchers have already discovered tracking pixels being used in the wild as a surveillance tool to gather information for use in phishing scams”.

Hackers trying to break into a network have to explore its architecture first to find points of entry and ways to move around the system undetected. An attacker will often send phishing emails to map out the network, locate potential weak points and figure out who in the organization is most likely to open suspicious-looking mail and click on links or attachments.

Those employees using webmail clients, it is possible that the company uses a managed cloud services to handle internal operations.  An attacker that can identify that cloud platform could find it very easy to hone future attacks around vulnerabilities in that platform.

Thankfully, it’s not difficult to protect against this clever threat.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Protect Your Device From Hackers

Protect Your Device From Hackers

First thing to keep in mind that hacking a system for unauthorised access that does not belong to you is an illegal practice, whatever intention it may be. This is not the first time when any hacker has been watchful, we have seen many more cases in which hackers have used malware to compromise thousands of devices, but instead of hacking them, they forced owners to make them secure. A new malware family known as Hajime is worming its way through DVRs, CCTV systems, and other poorly-protected Internet of Things (IoT) devices. Dubbed Hajime, has already infected at least 10,000 home routers, Internet-connected cameras, and other smart devices. So Protect Your Device From Hackers.

It doesn’t rely on a command and control server (C&C) but instead leverages a peer-to-peer network to send command modules to all its infected devices, which makes the malware more resistant to takedowns. These techniques have helped Hajime grow over time.

Researcher Waylon Grange elaborates in his blog that:

Over the past few months, Hajime has been spreading quickly. Symantec has tracked infections worldwide, with large concentrations in Brazil and Iran. It is hard to estimate the size of the peer-to-peer network, but modest estimates put it in the tens of thousands.”

At this time, the purpose of Hajime remains is not known to anyone.

Protect Your Device From HackersHajime botnet works like Mirai — “it spreads via unsecured IoT devices that have open Telnet ports and uses default passwords — and also uses the same list of username and password combinations that Mirai botnet is programmed to use, with the addition of two more”.

However, what’s interesting about Hajime botnet is that, unlike Mirai, it secures the target devices by blocking access to four ports (23, 7547, 5555, and 5358) known to be vectors used to attack many IoT devices, making Mirai or other threats out of their bay.

Unlike Mirai, Hajime uses a decentralized peer-to-peer network (instead of command and control server) to issue commands and updates to infected devices, which makes it more difficult for ISPs and Internet backbone providers to take down the botnet.

Hajime botnet also takes steps to hide its running processes and files on the file system, making the detection of infected systems more difficult.

The malware currently doesn’t pass off distributed denial of service (DDoS) capabilities to its bots. Instead it displays a message that says :

“Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!”

The Symantec researchers explained that: “One day a device may belong to the Mirai botnet, after the next reboot it could belong to Hajime, then the next any of the many other IoT malware/worms that are out there scanning for devices with hard coded passwords. This cycle will continue with each reboot until the device is updated with a newer, more secure firmware”.

Whether it is good or bad, a malware infection on an IoT device is unwanted. Users should do everything to secure a product they purchase. This begins with researching each device carefully before they purchase it. Be careful before buying!!!!!!!

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Hackers announces NSA’s powerful Windows hacking tool

Hackers announces NSA’s powerful Windows hacking tool

Hackers announces NSA’s powerful Windows hacking tool .The Shadow Brokers, a hacking group, who previously stole and leaked a portion of the NSA hacking tools has just released a collection of spy tools that is allegedly used by the National Security Agency online.

On Friday, the group published the exploits that were designed to target vulnerabilities in Windows computers and servers, along with the files and other important documents that contain the details the way agency used to carry out clandestine surveillance.

According to the reports, the Windows hacking tools were used by the NSA to target several banks, including the SWIFT banking system.

On Friday, Microsoft said that they have patched the exploits in previous updates. Windows users are notified and advised to update their software and upgrade to Windows 7 or a newer version.

Hackers announces NSA’s powerful Windows hacking tool

Matthew Hickey, founder of security firm Hacker House said “This is quite possibly the most damaging thing I’ve seen in the last several years, this puts a powerful nation-state-level attack tool in the hands of anyone who wants to download it to start targeting servers.”

It appears that the exploits targeted a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.

Hickey said, “The individual consumer is a little less at risk, as these kinds of tools are targeted at enterprise and business environments“.

A Microsoft’s spokesperson stated to CNN Tech that, “We’ve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products. Customers with up-to-date software are already protected.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

How to generate Word list using Crunch ?

How to generate Word list using Crunch ?

How to generate Word list using Crunch ? In our previous blog, we discussed about how to hack or recover any unknown passwords. In this blog, we will tell you how to generate word list using Crunch. In password cracking, we often need to use a word list. The word lists are intended primarily for use with password crackers such as hashcat , John the Ripper and with password recovery utilities.

This is a tutorial for newbies and anyone who hasn’t yet used Crunch before.

Crunch is a utility that is used to create word lists using letters, numbers, and symbols for every possible combination or according to specific rules.

Here in this tutorial you will get to know about generate word list using crunch.

Want to know how to hack any password? Click here to know about this.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Crack Any Password And Identify Unknown Password

Crack Any Password And Identify Unknown Password

Crack Any Password And Identify Unknown Password. Password Cracking refers to guess or crack passwords to gain access to a computer system. It is a common approach to identify an unknown or forgotten password. Password crackers will usually use a variety of tools, scripts or software to crack a system password.

Methods of Password Crackers

Two Primary Methods are implemented to identify correct passwords: brute-force and dictionary searches.

  • If a password is recovered by brute-force, it runs through combinations of characters within a predetermined length until it finds the combination accepted by the computer system.
  • When applying a dictionary search, a password cracker searches each word in the dictionary for the correct password.

John the Ripper is a free and open source password hacking software tool build in Kali Linux. Here is the tutorial . Click to view the tutorial.

 

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 

Popular Smartphone Infected with Malware

Popular Smartphone Infected with Malware

Want to buy a new android Smartphone? Or Already bought new android Smartphone? Do not expect it to be a clean sheet. Popular Smartphone Infected with Malware.  Pre-installed android malware found in 36 Smartphone’s.

Popular manufacturing companies like Samsung, LG, Xiaomi , Asus, Nexus, Oppo and Lenovo distributed by two unidentified companies have been found pre-loaded with malware programs.

These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker.

According to a blog “The malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed”.

Popular Smartphone Infected with Malware

In February 2016Loki Trojan injects devices inside core Android operating system to gain powerful root privileges. The Trojan includes spyware-like features, like grabbing the list of current applications, browser history, contact list, call history, and location data.

SLocker is a mobile ransomware that locks victim’s devices for ransom and communicates through Tor in order to hide the identity of its operators.

List of Popular Smartphone Infected with Malware

  • Galaxy Note 2
  • LG G4
  • Galaxy S7
  • Galaxy S4
  • Galaxy Note 4
  • Galaxy Note 5
  • Xiaomi Mi 4i
  • Galaxy A5
  • ZTE x500
  • Galaxy Note 3
  • Galaxy Note Edge
  • Galaxy Tab S2
  • Galaxy Tab 2
  • Oppo N3
  • Vivo X6 plus
  • Nexus 5
  • Nexus 5X
  • Asus Zenfone 2
  • LenovoS90
  • OppoR7 plus
  • Xiaomi Redmi
  • Lenovo A850

 

Remove the malware from Smartphone

Though it’s hard to remove, still to remove the malware from the infected devices, either you can root your device and uninstall the malware apps easily, or you would need to completely reinstall the phone firmware/ROM via a process called “Flashing.”

Flashing is a complex process, in which users power off their device and approach a technician/mobile service provider.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

×

Hello!

Click one of our representatives below to chat on WhatsApp or send us an email to [email protected]

× Hi How can we help you