Author Archives: admin

Jacascript

Remote Code Execution Vulnerability Disclosed in Windows JavaScript Component

Category : Blog

JavaScript Component of Windows found Remote Code Execution Vulnerability

JavaScript (/ˈdʒɑːvəˌskrɪpt/), often abbreviated as JS, is a high-level, interpreted programming language. It is a language which is also characterized as dynamic, weakly typed, prototype-based and multi-paradigm.

JavaScript enables interactive web pages and thus is an essential part of web applications. The vast majority of websites use it, and all major web browsers have a dedicated JavaScript engine to execute it.

A vulnerability exists in the Windows operating system’s JavaScript component that can allow an attacker to execute malicious code on a user’s computer.

Responsible for discovering this bug is Dmitri Kaslov of Telspace Systems, who passed it along to Trend Micro’s Zero-Day Initiative (ZDI), a project that intermediates the vulnerability disclosure process between independent researchers and larger companies.

ZDI experts reported the issue to Microsoft back in January, but Microsoft has yet to release a patch for this vulnerability. Yesterday, ZDI published a summary containing light technical details about the bug.

 

JavaScript

 

JavaScript bug leads to RCE

According to this summary, the vulnerability allows remote attackers to execute malicious code on users’ PCs.

Because the vulnerability affects the JavaScript component (Microsoft custom implementation of JavaScript), the only condition is that the attacker must trick the user into accessing a malicious web page, or download and open a malicious JS file on the system (typically executed via the Windows Script Host —wscript.exe).

“The specific flaw exists within the handling of Error objects in JScript,” ZDI experts explained. “By performing actions in [Javascript], an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.”

“Due to the sensitivity of the bug, we don’t want to provide too many technical details until a full fix from Microsoft is available,” Brian Gorenc, director of Trend Micro’s Zero Day Initiative, told Bleeping Computer in an email today.

 

vulnerability

 

 

Flaw does not lead to full system compromise

Gorenc told us the vulnerability is not as dangerous as it sounds, as it does not allow a full system compromise.

“The flaw only allows code execution within a sandboxed environment,” Gorenc said. “An attacker would need additional exploits to escape the sandbox and execute their code on the target system.”

The vulnerability has received a 6.8 rating out of 10 on the CVSSv2 severity scale, which is a pretty high score, when compared to most vulnerabilities.

 

Flaw

 

Microsoft is working on a patch

According to Gorenc, a patch is coming. “To the best of our knowledge, Microsoft does still intend to release a fix for this bug. However, they did not complete the fix within the timelines set out in our disclosure policy.”

ZDI usually gives companies 120 days to patch reported flaws before they go public with their advisories. According to a timeline of Microsoft’s replies, the OS maker had a hard time reproducing the proof-of-concept code needed to trigger the vulnerability, losing around 75% of the 120 disclosure timeline, leaving its engineers little time to put together and test a patch in time for May’s Patch Tuesday.

While Microsoft did not provide an exact timeline of when it plans to roll out a patch, a spokesperson confirmed they are working on a fix.

 

ZDI

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Router

Reboot Your Router to remove VPNFilter

Category : Blog

Router reboot to remove VPNFilter

Router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. A data packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.

After it was reported that the VPNFilter botnet consisting of over 500,000 routers and NAS devices was taken over by the US government, the FBI issued an advisory stating that users should reboot their routers in order to disrupt the malware.

Unfortunately, as shown by the five phone calls I received today, many people heard the reboot part, but did not read the rest of the recommendations of turning off remote administration, changing passwords, and upgrading to the latest firmware. One step that was not mentioned is the fact that the only way to truly remove VPNFilter is to reset the router to factory defaults.

 

Router

 

What is VPNFilter?

VPNFilter is malware that targets routers and NAS devices in order to steal files, information, and examine network traffic as it flows through the device. When the malware is installed, it will consist of three different stages, with each stage performing specific functions.

Stage 1 is installed first and allows the malware to stay persistent even when the router is rebooted.

Stage 2 allows the attackers execute commands and steal data. This stage also contains a self-destruct ability that essentially makes the router, and thus your network connection, non-functional.

Stage 3 consists of various plugins that can be installed into the malware that allow it to perform different functionality such as sniff the network, monitor SCADA communication, and to communicate over TOR.

For this reason, the FBI has suggested that everyone reboot their router in order to disable Stage 2 and Stage 3 and to also allow the FBI to get a list of infected victims and the types of routers that are affected.

 

VPNFilter

 

Routers that are known to be affected by VPNFilter

According to reports from Cisco, Symantec, and the Security Service of Ukraine, the affected routers are:

  • Linksys E1200
  • Linksys E2500
  • LinkSys WRVS4400N
  • Mikrotik RouterOS Versions for Cloud Core Routers: 1016, 1036, 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software;
  • TP-Link R600VPN

While the above are the currently known routers that can be infected with VPNFilter, there is no guarantee that they are the only ones. Therefore, everyone should follow the below recommendations to harden and secure their routers regardless of the make and manufacturer.

Linksys

 

Will rebooting the router really remove the VPNFilter infection?

The short answer is yes and no. Rebooting the router will unload the Stage 2 and Stage 3 components of VPNFilter, but Stage 1 will start again after the router reboots. So while the most malicious components will be disabled, VPNFilter will still be present on your device.

The only real way to fully remove this infection is to reset your router back to factory defaults, which will also reboot the router. Unfortunately, this process will require you to setup your router again, add an admin password, and setup any wireless networks that are configured.

 

Rebooting

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


Cobalt

Cobalt Hacking Group Still Active Despite Leader’s Arrest

Category : Blog

Cobalt Hacking Group Still Active Despite Leader’s Arrest

Cobalt hacker group that’s specialized in stealing money from banks and financial institutions has remained active, even launching a new campaign, its leader’s arrest in Spain two months ago.

Cobalt is still active: its members continue attacks on financial organizations and other companies worldwide,” said Dmitry Volkov, the Chief Technical Officer of Group-IB, the company who detected this new Cobalt operation.

This new campaign was set in motion last week, May 23, when the company’s security experts discovered one of Cobalt’s phishing emails, aimed at banks in Russia and other former Soviet states.

 

Cobalt

 

Campaign disguised as fake Kaspersky security alerts

According to a report that Group-IB plans to release tomorrow but shared with Bleeping Computer, this spear-phishing email was designed to look like a security alert sent out by fellow Russian cyber-security firm Kaspersky Lab.

Victims were urged to access a link to read and answer to a complaint that Kaspersky received about an alleged criminal act supposedly committed by the victim.

The spear-phishing email was an obvious ruse to lure users on a malicious site where they’d be infected with the CobInt trojan, Group-IB says.

CobInt is a malware strain that was historically used only by the Cobalt group, a clear indicator that the rest of the Cobalt members weren’t deterred or phased by their leader’s arrests, and appear to have no plan of stopping from hacking banks any time soon.

 

security

 

Group returns to targeting Russian banks

Furthermore, the group looks to have returned to attacking Russian banks, after focusing their recent efforts on other Eastern European targets.

Group-IB says that previous attempts to rob Russian banks had been recorded in December 2017, more than five months ago.

The Cobalt Hacking group is known for silently infiltrating bank networks through individual employee accounts, and infecting other computers on the local network until they find a PC that controls financial transactions.

The group, in spite of its leader’s arrest, still remains a force to be reckoned with, and one of the most successful hacker groups known to date. Security experts and law enforcement officials estimate the group made more than €1 billion ($1.16 billion), with a hack average of €10 million ($11.6 million) per heist.

 

Group

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Category : Blog

Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Oracle is one of the largest vendors in the enterprise IT market and the shorthand name of its flagship product, a relational database management system (RDBMS) that’s formally called Oracle Database.

Oracle plans to drop support for data serialization/deserialization from the main body of the Java language, according to Mark Reinhold, chief architect of the Java platform group at Oracle.

Serialization is the process of taking a data object and converting it into a stream of bytes (binary format), so it can be transported across a network or saved inside a database, only to be deserialized later and used in its original form.

Because of its convenience, a large number of high-level programming languages support the feature but nowhere has it been more of a headache than in Java, where it’s been at the heart of a constant stream of security flaws.

 

Oracle

 

Reinhold: Serialization was a “horrible mistake”

Reinhold says the Java team is currently working on dropping serialization support for good from the language’s main body, but still provide developers with a plug-in system to support serialization operations if needed via a new framework.

There’s no set date or Java version when Oracle plans to drop serilization, Reinhold said.

But until Oracle does this, companies and project leads that don’t want a developer or a rogue module calling serialization/deserialization functions can prevent this via a “serialization filter” that was added in Java back in 2016, and which will block these operations altogether.

 

Reinhold

 

The serialization/deserialization security problem

Attacks via serialization/deserialization operations have been known for years, in a form or other, but they became everyone’s problem in early 2015 when two researchers — Chris Frohoff and Gabriel Lawrence — found a deserialization flaw in the Apache Commons Collection, a very popular Java application. Researchers from Foxglove Security expanded on the initial work in late 2015, showing how an attacker could use a deserialization flaw in Java applications where developers have incorrectly used the Apache Commons Collection library to handle deserialization operations.

The flaw rocked the Java ecosystem in 2016, as it also affected 70 other Java libraries, and was even used to compromise PayPal’s servers. Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products.

While Java serialization/deserialization security issues were known for a long time, the 2015 Java Apocalypse served as a wake-up call for many companies, and the Java community as a whole, who started paying more attention to how they serialize and later deserialize data.

 

java

 

Serialization bugs have been a big problem for Java

Reinhold told InfoWorld that serialization issues could be very easily responsible for a third or even a half of all known Java flaws.

His assessment is most likely correct. For example, Oracle’s January 2018 security updates fixed 237 vulnerabilities, of which 28.5% addressed unsafe deserialization operations.

The issue is also very widespread across companies. A ShiftLeft report revealed numerous serialization/deserialization flaws across a large number of SaaS vendor SDKs. While Oracle is addressing the issue in Java, serialization also affects other programming environments like .NET, Ruby, and others, where the issue remains dormant.

 

Serialization

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Encryption

Researchers Bypass AMD’s SEV Virtual Machine Encryption

Category : Blog

Encryption of AMD’s SEV Virtual Machine Bypass by Researchers

Encryption is the process of using an algorithm to transform information to make it unreadable for unauthorized users. This cryptographic method protects sensitive data such as credit card numbers by encoding and transforming information into unreadable cipher text. This encoded data may only be decrypted or made readable with a key. Symmetric-key and asymmetric-key are the two primary types of encryption.

Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD’s Secure Encrypted Virtualization (SEV), a safety mechanism designed to encrypt the data of virtual machines running on servers with AMD CPUs.

The research team says their attack, which they named SEVered, is capable of recovering plaintext memory data from guest VMs running on the same server as the VM that’s under attack.

 

Encryption

 

SEVered attack can recover data from encrypted VMs

“By repeatedly sending requests for the same resource to the service while re-mapping the identified memory pages, we extract all the VM’s memory in plaintext,” researchers said in their paper, entitled “SEVered: Subverting AMD’s Virtual Machine Encryption.”

The attack is successful because the VM stores some of its data inside the main RAM memory, and “the page-wise encryption of main memory lacks integrity protection.” This allows an attacker to map out the entire memory and then requests parts used by other nearby VMs, of which the attacked guest VM shouldn’t be able to access, let alone in plaintext.

During tests of their attack, researchers said they were able to retrieve a test server’s entire 2GB memory, including data from a guest VM.

Researchers achieved the best results by bombarding Apache and nginx with repeated requests, retrieving memory data at a speed of 79.4 KB/sec, while an attack on OpenSSH was slower, retrieving data at only 41.6 KB/sec.

A severe limitation that reduces the attack feasibility is the fact that an attacker needs to modify a server’s hypervisor to carry out a SEVered attack, something that may be out of the reach of some intruders renting a guest VM if the server is kept up to date with security patches.

 

SEVered

 

SEVered attack works even on VMs under a high load

The research team also added that their SEVered attack isn’t hindered by maxed out servers, being able to retrieve memory data even when the targeted VM is under a high load.

The team’s work was showcased last month at the 11th European Workshop on Systems Security, held in Porto, Portugal.

For their test rig, researchers used an AMD Epyc 7251 processor, an AMD CPU meant for data centers, released in June 2017.

 

attack

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Firmware

Malware Found in the Firmware of 141 Low-Cost Android Devices

Category : Blog

Firmware of 141 Low-Cost Android Devices holds Malware

Firmware is a software program permanently etched into a hardware device such as a keyboards, hard drive, BIOS, or video cards. It is programmed to give permanent instructions to communicate with other devices and perform functions like basic input/output tasks.

Two years after being ousted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.

News of this group first surfaced after a report in December 2016, when Russian antivirus vendor Dr.Web disclosed that a mysterious threat actor had found a way to penetrate the supply-chain of several mobile carriers, infecting phones with malware.

At the time, experts said they found malware in the firmware of at least 26 low-cost Android smartphone and tablets models. Once ousted, Dr.Web hoped crooks would pack up and move on to another operation.

 

Firmware

 

Crooks expand operations and infect more devices

But in a report released yesterday, cyber-security firm Avast says the group has never ceased operations and has continued to poison the firmware of more and more devices, growing their operation many times over.

Avast published a list of over 140 Android smartphones and tablets on which it says it found the group’s malware —which they named Cosiloon.

Comparing the Dr.Web and Avast reports, the malware doesn’t seem to have received any updates and still operates in the same manner.

It runs from the “/system” folder with full root rights, and its main role is to connect to a remote server, download an XML file, and then install one or more apps mentioned in this document.

Because the malware ships as a firmware component, it can easily grab any app crooks tell it to and install it without any user interaction.

In almost all cases, the apps the malware installs are used solely to display ads on top of other apps or the Android interface itself.

Crooks are obviously interested in generating revenue via ads alone, and no other shady behavior has been seen. The only times the malware won’t download additional apps is when the device’s language is set to Chinese, when the device’s public IP address is also from a Chinese IP range, and when the number of locally installed apps is below three (indicating a test/scan environment).

While it appears the group may be operating out of China because it avoids infecting Chinese users —hence avoid law enforcement attention—, Avast has not yet been able to fully determine this fact.

 

Crooks

 

Infection point remains unknown even after two years

The cyber-security firm says it has had a hard time tracking when the malware is inserted in the firmware of these devices. There are too many mobile carriers and smartphone vendors affected to pin the blame on one of them.

Infected devices have been found in over 90 countries, and the only common component between them is that they all use a Mediatek chipset.

But MediaTek can’t be blamed either, as not all devices from an affected smartphone model are infected with the malware. If one of the MediaTek firmware components would have harbored the malware, then all devices for a specific model would have been affected, not just a handful.

This means the group is opportunistic and infects devices at random, as it finds a window during which it can poison their firmware.

For now, Avast says it managed to take down the group’s command-and-control server for a small period of time, but because the domain registrar hasn’t intervened to invalidate the group’s domain name, the group simply switched to another hosting provider.

 

Mediatek

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Cryptocurrency

Cryptocurrency Verge Network Falls Victim to Same Attack Even After Hard-Fork

Category : Blog

Cryptocurrency Verge Network Falls Victim to Same Attack Even After Hard-Fork

Cryptocurrency is a digital or virtual currency that uses cryptography for security. It is difficult to counterfeit because of this security feature. A defining feature of it, and arguably its most endearing allure, is its organic nature; it is not issued by any central authority, rendering it theoretically immune to government interference or manipulation.

Cryptocurrency Verge has suffered what executives are claiming is a DDoS attack. The platform is experiencing a serious delay in its blockchain, which has led to security concerns amongst users and worries about the currency’s stability.

The attack took place on Tuesday, May 22, and lasted only for a few hours. During this interval, the hacker used an exploit to alter normal timestamps of mining operations and allow himself to mine XVG coins to the detriment of other users who had their legitimate mining operations delayed or wasted.

 

Cryptocurrency

 

Hacker bypassed previous patches

Following the April attack, the Verge development team hard-forked the entire cryptocurrency’s source code to patch the flaw exploited by the attacker and reverse his gains.

But according to several users knowledgeable of the Verge source code, the attacker found a way around the hard-fork’s patch and launched a similar attack.

“Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions,” said a user on the BitcoinTalk forums, the same one who analyzed the April attack.

The Verge dev team didn’t appear to recognize the attack, in the beginning, calling it a DDoS on mining pools.

Nonetheless, once it became clear what was going on, developers started working on a patch once more. It is unclear if the Verge team plans to hard-fork the cryptocurrency’s source code to reverse the effects of the illegal mining like it did in April.

 

Verge

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


PHP Script

Spam Botnet Tracked Down to Malicious PHP Script Found on 5,000 Hacked Sites

Category : Blog

PHP Script (Malicious) Found on 5,000 Hacked Sites

PHP scripts can be created using any basic text editor or HTML editing software tool. Each PHP file must be saved with a .php file extension in order to be recognized as a functioning PHP script. When the Apache server has the appropriate settings, PHP code can be recognized also in .html files. This can also be achieved by adding an additional handler in the .htaccess file of a Linux based web server.

A malicious PHP script found on over 5,000 compromised websites has been fingered as the source of a large-scale spam campaign that has been silently redirecting users to web pages hosting diet and intelligence boosting pills.

The purpose of this script is to keep hacked sites under the control of a group of cyber-criminals, and manage dynamic redirections to various spam campaigns.

 

PHP Script

 

Script is part of “Brain Food” botnet

The script is part of the infrastructure of a voracious spam botnet named “Brain Food.” The spam campaigns pushed by this botnet have been spotted as far as March 2017, but its operations were dissected last week by Proofpoint researcher Andrew Conway.

Brain Food is a PHP script that we have found on over 5,000 compromised websites over the past four months. Over 2,400 of those have shown activity in the past 7 days. Nearly 40% of the compromised sites are hosted on five platforms.

Brain Food botnet admins operate by sending email spam to victims containing short links to these PHP scripts on various hacked sites.

If a user clicks on the short links, they arrive on the PHP script, which redirects the user to another hacked site hosting web pages for diet and intelligence-boosting pills, usually containing fake branding.

The PHP scripts are capable of receiving new “redirection targets” from the Brain Food operators based on the most recent spam campaign they are pushing. The scripts also collect click-through statistics for each campaign.

 

Brain Food

 

Over 2,400 sites active in the past seven days alone

Conway says he’s been tracking over 5,000 sites containing copies of these PHP scripts, with the vast majority found on GoDaddy’s network. Over 2,400 were active last week, according to Conway.

The botnet doesn’t seem to be living off specific vulnerabilities on certain CMS platforms. Conway says Brain Food is comprised of hacked sites running on a multitude of platforms, such as WordPress, Joomla, and others.

The script’s code is also polymorphic and obfuscated with multiple layers of base64 encoding. Furthermore, it also includes protection against automatic Google indexing, responding to Google’s search crawler with a 404 code “page not found” error.

While the botnet is harmless for end users, pushing only spammy content, it is dangerous for infected sites, mainly because of its backdoor-like capabilities that allow the botnet operators to execute any code they want at any time.

 

Conway

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Windows 10

Microsoft Releases KB4103714 Cumulative Update for Windows 10 Fall Creatives Updates

Category : Blog

Windows 10 : Microsoft Releases KB4103714 Cumulative Update

Windows 10 is a personal computer operating system developed and released by Microsoft, as part of the Windows NT family of operating systems. It was released on July 29, 2015. It is the first version of Windows that receives ongoing feature updates. Devices in enterprise environments can receive these updates at a slower pace, or use long-term support milestones that only receive critical updates, such as security patches, over their ten-year lifespan of extended support.

Windows 10 is a service, which means it gets better through periodic software updates.

Microsoft has released a new cumulative update KB4103714 for the Windows 10 Fall Creator Update to address a number of issues known to the system.

If you are still on the Windows 10 Fall Creators Update (1709) Microsoft is pushing out a new Cumulative Update to you with a number of improvements.

 

Windows 10

 

IMPROVEMENTS AND FIXES

  • Addresses additional issues with updated time zone information.
  • Addresses an issue that causes Internet Explorer dialogs on a second monitor to also appear on the primary monitor when using extended display.
  • Addresses an issue with Microsoft Edge browser windows in remote sessions.
  • Addresses a reliability issue in .NET applications when using a Japanese IME in a textbox.
  • Addresses a reliability issue that may cause Microsoft Edge or other applications to stop responding when you create a new audio endpoint while audio or video playback is starting.
  • Addresses an issue with Bluetooth devices failing to receive data after a restart.
  • Addresses an issue that can prevent the touch keyboard from showing up reliably in some instances.
  • Addresses an issue where UWP apps that store local crash dumps in their local app data folders can’t be cleared using Disk Cleanup or StorageSense. In these cases, LocalDumps isn’t enabled.
  • Addresses an issue that prevents adding performance counters to the Performance Monitor on systems with many processors.
  • Addresses an issue that causes BitLocker to go into recovery mode when updates are applied.
  • Addresses an issue where expired VPN certificates aren’t deleted, slowing application performance.
  • Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
  • Addresses an issue that causes client applications that use Windows Authentication Manager to stop working when making a request to the server.
  • Addresses an issue with the invalidation of the Windows Authentication Manager token cache.
  • Addresses an issue that cause a timeout error when a VPN tries to disconnect from a device that is in the Connected Standby state.
  • Provides an explicit error when plugins fail to connect to prevent timeouts.
  • Addresses an issue where running the DiskShadow utility after adding a persistent memory controller causes RetrieveAllVirtualMachinesComponentsMetadata() to stop responding.
  • Addresses an issue that causes a VM to throw an error after creating the VM with static memory. This occurs when you enable HYPER-V and disable NUMA in the BIOS on a physical machine that has more than 64 logical processors. The error is “The data is invalid. (0x8007000D)”, and the VM fails to start.
  • Addresses an issue that occurs when multiple processes are limited by rate, using job objects. This can cause various symptoms including, but not limited to, system-process CPU spikes, interrupt-time CPU spikes, high privileged time on some CPUs, and increased system or processor queue lengths.
  • Addresses an issue that causes docker builds to fail with the error message “hcsshim::ImportLayer failed in Win32: The system cannot find the path specified.”
  • Addresses an issue in which Windows 10 clients that authenticate to 802.1x WLAN access points fail to apply Group Policy permissions, run scripts, or retrieve roaming profiles at user logon. This occurs because Kerberos authentication fails for \\domain\sysvol, \\domain\netlogon, and other DFS paths.
  • Addresses an issue in a RemoteApp session that causes clicking in the foreground window to become unresponsive when using grouped windows.
  • Addresses an issue in a RemoteApp session that may result in a black screen when maximizing an application on a secondary monitor.
  • Addresses an issue with application association in the DISM tool.
  • Adds support to Microsoft Edge and Internet Explorer 11 for the SameSite cookie web standard. For more details about SameSite cookies, see our recently published blog post.

 

Improvements

 

No known issues

There are no known issues in Windows 10 cumulative update KB4103714, though as we learned the hard way, it remains to be seen if performance is indeed flawless or not. Cumulative updates have previously caused quite a lot of struggles on Windows 10 devices, and we shall see if this is the case with KB4103714 or not.

The update is available via Windows Update on systems running Windows 10 Fall Creators Update, or it can be downloaded from Microsoft’s Update Catalog using this link. The next round of cumulative updates for Windows 10 is due to land on June 12 when the company begins the Patch Tuesday rollout.

 

issues

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


System Management Mode

System Management Mode Speculative Execution Attacks

Category : Blog

System Management Mode Speculative Execution Attacks

System Management Mode (SMM, sometimes called ring -2) is an operating mode of x86 central processor units (CPUs) in which all normal execution, including the operating system, is suspended. An alternate software system which usually resides in the computer’s firmware, or a hardware-assisted debugger, is then executed with high privileges.

Discovered a new application of speculative execution attacks, bypassing hardware-based memory protections. Vulnerabilities affecting speculative execution of modern processor architectures were first discovered in 2017 by Jann Horn of Google Project Zero and other security researchers. This class of vulnerabilities allows local unprivileged attackers to expose the contents of protected memory by exploiting the microarchitectural capabilities of modern out-of-order CPUs such as caching, instruction pipeline or speculative execution. We expanded on this method to gain access to the highly privileged System Management Mode (SMM) memory.

 

System Management Mode

 

Impact

Because System Management Mode generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg. hypervisor, operating system, or application). Thus far, the Spectre and Meltdown vulnerabilities were demonstrated to affect software, such as operating systems, hypervisors or even applications within protected SGX enclaves. However, the effect on firmware has not previously been shown. While there are many different kinds of firmware present in every system, we wanted to investigate host processor firmware first.

 

Memory

 

The processor executes the main system firmware, often referred to as BIOS or UEFI, when the system boots. Much of this firmware only runs at boot time; however, there is also a portion that runs in parallel with the OS in a special x86 mode known as System Management Mode (SMM). This runtime part of firmware (often referred to as SMI Handler) has long been of interest to security researchers and a target for advanced attackers, since this code has high privileges and operates outside the view of other software including the OS and any security applications.

 

processor

 

These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as System Management Mode memory. This can expose System Management Mode code and data that was intended to be confidential, revealing other System Management Mode vulnerabilities as well as secrets stored in SMM. Additionally, since we demonstrate that the speculative memory access occurs from the context of System Management Mode, this could be used to reveal other secrets in memory as well.

 

enhanced

 

Bypassing System Management Mode Range Registers

Based on the attack scenario above, we ran the following experiment:

  1. We found a conditional branch validating the index into an array in one of the SMI handlers. This index should be the one controlled by the OS-level attacker.
  2. For the sake of a proof-of-concept, it is possible to inject the “vulnerable” function, as in the following example victim_function. The goal of this experiment was to demonstrate the impact of original Spectre attacks on memory protections like range registers.
  3. We triggered the vulnerable code in the SMI handler (by calling SW SMI or other SMM interfaces) with out-of-bounds array access, which caused speculative execution and the loading of data from an arbitrary SMRAM location to the data cache.
  4. We recovered the SMRAM data by measuring access time to different non-SMRAM locations in the data cache using one of the cache timing side-channel techniques.

As a result of running the above experiment, we’ve successfully recovered data that was stored in SMRAM and protected by SMRR. This proof-of-concept exploit is a modified Spectre variant 1 PoC exploit running with kernel-mode privileges.

 

SMRAM

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Amazon Web Services Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Show Buttons
Hide Buttons