Snow
Forest
Mountains
Snow
Snow

Author Archives: Debolina biswas

Urgent Malware Warning Issued by known Mac App developers

Mac App developers Issued Urgent Malware Warning

Category : Blog

Mac App developers Issued Urgent Malware Warning

Mac App developers Issued Urgent Malware Warning. Mac security has been going through some difficult times after the warning from Checkpoint to users regarding a first of a kind Trojan spreading in Europe. The latest malicious problem has been found in one of the most important video transcoding apps for Mac.

The developers of the software Handbrake issued a warning, mentioning that one of the mirror sites to download the software has been compromised. The warning is only for those users who may have downloaded the software between 2nd to 6th May with a maximum chance of being infected.

Mac App developers Issued Urgent Malware WarningOn the mirror server, the installer file download.handbrake.fr (HandBrake-1.0.7.dmg) was replaced by a malicious file, which gives the hacker root access privileges to the system. The malware is a form of OSX.PROTON. In February, Apple had issued an update to XProtect to account for the original Proton. The latest version should automatically download for more users.

Following the process of detection and removal of the malicious malware:

Detection:-

Your device is infected if you see a process called “Activity_agent” in the OSX Activity Monitor application. For instance, if you’ve installed a HandBrake.dmg with the following checksums, you will also be infected:

SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274

SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793

The Trojan in question is a new variant of OSX.PROTON

Removal:-

Open up the “Terminal” application and run the following commands:

launchctl      unload          ~/Library/LaunchAgents/fr.handbrake.activity_agent.plistrm     -rf ~/Library/RenderFiles/activity_agent.appif ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

Then Remove any “HandBrake.app” installs you may have.

Users of Handbrake should be more careful, although primary mirror site and the automatic updater on versions 1.0 or later haven’t been affected. For a safety measure, it is suggested that users should change all passwords stored in any OSX or browser keychains.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Employee paid $300,000 for hacking employer

Category : Blog

Employee paid $300,000 for hacking employer

Employee paid $300,000 for hacking employer. Security Specialists, a former private security officer has been told to pay nearly $319,000 in damages for hacking his employer’s payroll records, so that he can fill the number of hours he had worked hard.

The main culprit , Yovan Garcia later hacked the data from the firm’s server and spoiled its website also.

Michael Fitzgerald, the District Judge of California said that the culprit had taken advantages to challengers business by using the stolen the data from the firm’s server.

The company first noticed the flaw with Garcia’s pay records which was in July 2014, after two years he joined the company. In one , they showed he had worked 12 hours per day over a two-week period and was owed 40 hours of overtime pay, when in fact he only worked eight hours per day.

Employee paid $300,000 for hacking employerAccording to the Judge of the Central District Court, without authorisation he had obtained login credentials and accessed the records.

Judge Fitzgerald said: “As a result, defendant Garcia was paid thousands of dollars more in overtime wages than he was really owed.”

He ordered him to pay $318,661.70 to cover the costs as lost income and lost data to Security Specialists.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Intel fixed nine year’s old flaw

Intel fixed nine year’s old flaw

Category : Blog

Intel fixed nine years old flaw

Intel fixed nine years old flaw. Yes, after nine years a flaw was detected and patched by Intel. Intel, one of the world’s largest semiconductor chip makers, has come under fire it’s emerged that the company had sold workstation and server chips with a vulnerability that could give a remote attacker absolute control over the machine.

The bug has affected Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology firmware versions 6.x to 11.6. If exploited, it could give an attacker near-unfettered access to the targeted machine.

Intel fixed nine years old flawAMT is a tool that allows an authorized user to remotely manage a machine, giving serial access, with the right drivers. It can offer a remotely experienced desktop. In most cases, AMT requires the user authentication with a password but this vulnerability essentially find a way around that process, giving the keys to the kingdom to anyone with a copy of Metasploit.

If the computer is configured incorrectly network, where network port 16992 is accessible to the outside world, it means that anyone can take advantage of these features at any time sitting anywhere in the world. Even, someone could easily attack it from within the network.

The most troubling part of this matter is the bug – which luckily, is not found in consumer Intel chips – remained undetected for almost nine years. Intel has been selling vulnerable silicon for almost a decade. There must be, quite literally, hundreds of millions of computers at risk.

However for almost nine years, this bug remained undetected and for almost a decade the company has been selling vulnerable chips in the market. So, no one has any idea that how many computers are at risk, there must be hundreds of millions of devices.

Charlie Demerjian, wrote on blog SemiAccurate said, “the short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole”. He added, “even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

Category : Blog

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

It has been revealed through a recent study of an internet communication mechanism common in mobile devices that so-called ‘open ports’ are much more vulnerable to security breaches than expected. App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones.

Open ports are integral pieces of internet infrastructure allows computer programs to accept packets of information from remote servers. These communication mechanisms are routinely used in traditional computers, where they are secure because computers’ Internet Protocol addresses don’t change. An IP address identifies a connected device.

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

Hundreds of Android apps on Google Play that help users connect to PCs via Wi-Fi leave some ports open and poorly secured, exposing the device to hackers who can steal private information such as contacts, security credentials and photos, they can remotely control a device, perform a denial of service attack, or inject malicious code that could jumpstart widespread, virus-like attacks”, the researchers say.

All this research was done by a group of researchers from the University of Michigan, who scanned almost 100,000 popular apps on Google Play. Out of which 1,632 apps created open ports mostly to connect to PCs. Out of these 1,632 apps, 410 apps had very weak to no security protection, and 57 apps specifically left ports completely open for hackers to tinker with. They claimed that the most vulnerable among the lot, is an app called Wifi File Transfer, that has as many as 10 million Android downloads and lets user share data across devices and connect to their phones from their computers and has no password or fingerprint authentication to protect the user’s data.

The researchers have advised Android users to update AirDroid to the latest patched version and not to use default pass codes. Vulnerable open port apps should only be launched when needed and after using them, users should be sure to exit them fully through the task manager.

Android users need to remain extra careful when using apps whose functionality is data sharing across devices, proxy/VPN, or enabling the user to control a phone remotely without physically accessing it. Consider using only those created by developers with good reputations,” said Yunhan Jia, a doctoral student in computer science and engineering who is involved in the research.

The developers instantly fixed the bug as soon as the Michigan researchers notified them. However, Wifi File Transfer app makers have failed to acknowledge till date.

The full research paper details half a dozen more apps including PhonePal and Virtual USB that create a backdoor for hackers to exploit.

The researchers say that “the user and Google for that matter is quite helpless in this matter, and developers’ will have to do a lot of work on their end to make their services more safe. For now, its best for users to uninstall all mentioned apps.”

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Google Facebook $100 million email scam found

Google Facebook $100 million email scam found

Category : Blog

Google Facebook $100 million email scam found

The tech companies Google and Facebook have confirmed that they fell victim to a $100 million email scam. It was reported that a Lithuanian man had been charged over an email phishing attack against “two US-based internet companies.” Google Facebook $100 million email scam found

Evaldas Rimasauskas, a 48 years man, was accused of being behind the scam. From 2013 to 2015, he defraud the companies into transfering payments to an account managed by him.

Google Facebook email scam foundWhen he was arrested Google and Facebook were not named as the victims, but 27 April, according to Fortune, an investigation company has confirmed the victims’ are none other than Google and Facebook.

The US Department of Justice said, “fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multi-million dollar transactions with (the Asian) company.

The cybercriminal has since been charged with one count of money wire fraud, three counts of money laundering and one count of aggravated identity theft by the US Department of Justice. He is also accused of forging invoices, contracts, and letters.

Back in March, acting attorney Joon Kim said “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control.”

A spokesperson for Google said, “We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we’re pleased this matter is resolved.

A spokeswoman for Facebook said: “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”

While Facebook and Google have not confirmed and mentioned the amount of money they have lost due to this miserable attack.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 


SNMP fault affects online devices

SNMP flaw affects online devices

Category : Blog

SNMP flaw affects online devices

A serious security flaw in the application of the SNMP (Simple Network Management Protocol) allows an attacker to gain control over at least 78 cable modem models. SNMP flaw affects online devices  which gives a green signal to the attackers.

SNMP (Simple Network Management Protocol) is used for automated network device identification, monitoring and remote configuration. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.

It was reported by the security researchers Ezequiel Fernandez and Bertin Bervis that the problem entitle StringBleed vulnerability and tracked as CVE 2017-5135,

SNMP fault affects online devices

The Simple Network Management protocol supports three methods for client authentication and to authenticate requests on remote SNMP devices.  Two of them are affected by the authentication bypass issue.

Versions 1 and 2 of the SNMP protocol do not have strong and powerful authentication to begin with. They provide either read-only or write access to a device’s configuration through passwords called community strings.

The StringBleed vulnerability is an Incorrect Access Control issue, remote attackers could utilize and target the issue to execute code on the vulnerable affected devices and gain full read/write remote permissions using any string/integer value.

The researchers said that “We know there are 3 ways to authenticate the client and requests in the remote SNMP device, SNMP version 1 & 2 use a human-readable string datatype value called “community string” (usually public or private) in SNMP version 3 you have the option to use a user, password and authentication methods. ” 

The researchers used a simple python script to build a “snmpget” request that used the sysDescr OID, then they started scanning the Internet for devices that would respond to the request. The experts were searching for sysDescr OID information provided by the devices in response to requests using test strings like ‘admin’, ‘root’, and ‘user.’

Researchers added a new conversation that “We wrote a simple python script from scratch using sockets in order to build the “snmpget” request, in the request we used the sysDescr OID , if the string value we are testing (admin,root etc etc) is the same stored in the SNMP agent for authentication , we are going to retrieve the sysDescr OID information successfully, is like a kind of “brute force”. After some days of scanning we noticed something weird, some devices/fingerprints were always responding no matter which value we used, so what’s going here???”

The results of the Internet Scan were alarming, an attacker could use random or any value string or integer to authenticate the SNMP agent on the flawed devices.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Karmen low-cost ransomware found

Karmen low-cost ransomware found

Category : Blog

Karmen low-cost ransomware found

Karmen low-cost ransomware found. Yes, security experts have spotted a new “ransomware as a service” (RaaS) called Karmen from threat intelligence firm Recorded Future. This service permits anyone to set up an account and customize their own ransomware campaign.

Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key. Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.

Read more about MacOS under Ransomware attack and Unique Ransomware Vulnerability Attack

The Karmen RaaS is very cheap, it costs just $175, buyers can decide the ransom prices and the duration of the period in which the victims can pay the ransom.

Karmen low-cost ransomware found

It is a multi-threaded and multi-language ransomware that supports .NET 4.0 and uses the AES-256 encryption standard. The malware is .NET dependent and requires PHP 5.6 and MySQL.

It works like any typical ransomware infections, Karmen encrypts files on the infected PC using the strong AES-256 encryption protocol, making them inaccessible to the victim until he/she pays a large sum of money to obtain the decryption key from the attacker.

Karmen automatically deletes its decryptor if analysis software is detected on the victim’s computer to make security researchers away from investigating the threat.

According to Recorded Future, “Karmen Ransomware is sold as a standalone malware variant, only requiring a one-time upfront payment, allowing a buyer to retain 100 percent of payments from infected victims”.

The ransomware is sold in both light and full versions, with the light version omitting sandbox identification functionality; therefore offering a much smaller file size. The RaaS variant is based on the abandoned open-source ransomware building toolkit dubbed Hidden Tear and is being sold on Dark Web forums from Russian-speaking hacker named DevBitox for $175.

Further investigation discovered that “DevBitox” a Russian-speaking cyber criminal, was the seller behind the Karmen malware in March 2017.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


Suspected Russian hackers targeting French Presidential elections

Suspected Russian hackers targeting French Presidential elections

Category : Blog

Suspected Russian hackers targeting French Presidential elections

It was Suspected Russian hackers targeting French Presidential elections in France by launching a new cyber attack against the campaign offices of the front-runner candidate Emmanuel Macron, claimed by Trend Micro, A Tokyo-based cyber security firm.

On Tuesday the report was released by the firm. The researchers doubted that those who were responsible for the hack of the US Presidential election are now trying to attack the French Presidential elections. Same digital fingerprints were found as the suspected Russian hacking of the Democratic National Committee and others.

The research group did not reveal any of the “potential fallout of the infiltration on the campaign of Macron.”

Pawn Storm, a Cyber spying group targeted Macron’s campaign in March and April.

Suspected Russian hackers targeting French Presidential elections

Rik Ferguson, vice president of Trend Micro’s security research program, told the Washington Post that, “There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example. We found similarities in the IP addresses and malware used in the attacks”.

Extra elements added by Ferguson, “We cannot say for sure whether this was directed by the Russian government, but the group behind the attacks certainly appears to pursue Russian interests”.

According to the Washington Post’s report, the cyber security agency of the France, ANSSI, has confirmed the cyber attacks against Macron.

However, the government control itself from blaming Russia for any kind of attack, it might be possible that “other high-level” hackers could be behind the attack and they are just copying their style so that everyone would blame them (Russain Hackers) for the attacks.

According to the researchers, “the hackers created several email addresses on a fake server with the URL onedrive-en-marche.fr, operating from computers with IP addresses in multiple European nations, including Britain.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Facebook Twitter Snapchat paying hackers to recover technical bugs

Facebook Twitter Snapchat paying hackers to recover technical bugs

Category : Blog

Facebook Twitter Snapchat paying hackers to recover technical bugs

In our day to day lives we socialize and interact with many different types of people, including family, friends, colleagues, or even complete “strangers”. Yes, most of the people we meet on social sites are strangers. Many have fake accounts, sending requests to people and people in term of “Friendship” without knowing that person accept their requests and start connecting with these strangers. The result can be very dangerous as strangers can mislead the laws of social media by hacking your profiles. Now, Facebook Twitter Snapchat paying hackers to recovers technical bugs.

The news may surprise you, but Facebook, Twitter, and Snapchat have a found a unique way to find such faults. Truly they are paying big amounts to white hat hackers around the world to keep them updated about the glitches in their system. They are spending almost around £156,000 every day, to keep their system hassle free.

Facebook Twitter Snapchat paying hackers to recovers technical bugsOne of the hackers known as Topiary online, Jake Davis, who was previously a black hat hacker, was arrested in 2011, but now works for the giant technical companies. He explains his work to Newsbeat, he is now paid by Twitter to hack their website,” Twitter have paid me for disclosing bugs to them. It’s very simple.”

According to Jake Davis, the hackers would be happy to do this work even if they are not paid, so the money is just a extra bonus for them. For them, the main reward is “kudos from other hackers. They’re good at hacking, and they want to be seen to be good at the thing.”

“Facebook are particularly good, they have got a £500 minimum for disclosing bugs to them,” says Jake.

He says that till now Twitter has paid $800,000 (£625,000) to nearly 642 hackers.

This is a good way to stop hackers by paying to be hacked and this can help Facebook Twitter Snapchat paying hackers to recover technical bugs So hackers are having a very good time. That is the reality of today’s online security.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Hackers collecting Pre-Hack data using Pixel tracking.

Hackers Collecting Pre-Hack data

Category : Blog

Hackers Collecting Pre-Hack data

Marketers and Advisers use a simple trick to track web users and email recipients. It is email marketing. This also been abused by cyber criminals and online spies to collect information on possible targets or to improve the efficiency of phishing attacks, both mass and targeted in scope. Hackers  collecting Pre-Hack data using Pixel tracking.

Donald Meyer of Check Point Software Technologies Ltd said “We’ve seen a lot more use of this tactic recently as a probing or information-gathering tool, by phishers and other cyber criminals”.

Pixel tracking is a decades-old email marketing technique that depends on embedding a one-by-one pixel image, usually transparent or of the same color of the email’s background which prevents users from noticing them in most cases. Tracking pixels or web beacons are downloaded when a user opens an email or visits a website unless the user blocks the loading of images inside his emails which lets the advertiser know a user has opened one of its emails.

With a code as simple as  “<img src=”http://example.com/cgi-bin/program?e=email-address”>”, the marketing tools ping a website whenever someone downloads an image.

Most email programs and web browsers work, tracking pixels, once downloaded, can collect and report information about the user’s email address, operating system, device, software, IP address, hostname, cookie usage settings, usage of webmail and date and time of opening the email. Email marketers can use this data to measure the effectiveness of their campaigns

Sadly, everything which makes tracking pixels great for marketers and advertisers, automaticity and the amount of data captured — makes them great for hackers’ reconnaissance. Using the same trick if a hacker gets hold of all this information, they can misuse it to carry out malicious campaigns.

 Hackers  collecting Pre-Hack data using Pixel tracking.On Monday, Meyer said in a blog post that,” In phishing attacks, tracking pixels can be used to learn which recipients are most likely to open scam emails. Since some scammers retool mass phishing attacks against random users to target high-value enterprise users, scammers are turning to pixel tracking to increase the odds a spear phishing attack will succeed…. Our security researchers have already discovered tracking pixels being used in the wild as a surveillance tool to gather information for use in phishing scams”.

Hackers trying to break into a network have to explore its architecture first to find points of entry and ways to move around the system undetected. An attacker will often send phishing emails to map out the network, locate potential weak points and figure out who in the organization is most likely to open suspicious-looking mail and click on links or attachments.

Those employees using webmail clients, it is possible that the company uses a managed cloud services to handle internal operations.  An attacker that can identify that cloud platform could find it very easy to hone future attacks around vulnerabilities in that platform.

Thankfully, it’s not difficult to protect against this clever threat.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training