Snow
Forest
Mountains
Snow
Snow

Author Archives: Debolina biswas

Urgent Malware Warning Issued by known Mac App developers

Mac App developers Issued Urgent Malware Warning

Category : Blog

Mac App developers Issued Urgent Malware Warning

Mac App developers Issued Urgent Malware Warning. Mac security has been going through some difficult times after the warning from Checkpoint to users regarding a first of a kind Trojan spreading in Europe. The latest malicious problem has been found in one of the most important video transcoding apps for Mac.

The developers of the software Handbrake issued a warning, mentioning that one of the mirror sites to download the software has been compromised. The warning is only for those users who may have downloaded the software between 2nd to 6th May with a maximum chance of being infected.

Mac App developers Issued Urgent Malware WarningOn the mirror server, the installer file download.handbrake.fr (HandBrake-1.0.7.dmg) was replaced by a malicious file, which gives the hacker root access privileges to the system. The malware is a form of OSX.PROTON. In February, Apple had issued an update to XProtect to account for the original Proton. The latest version should automatically download for more users.

Following the process of detection and removal of the malicious malware:

Detection:-

Your device is infected if you see a process called “Activity_agent” in the OSX Activity Monitor application. For instance, if you’ve installed a HandBrake.dmg with the following checksums, you will also be infected:

SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274

SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793

The Trojan in question is a new variant of OSX.PROTON

Removal:-

Open up the “Terminal” application and run the following commands:

launchctl      unload          ~/Library/LaunchAgents/fr.handbrake.activity_agent.plistrm     -rf ~/Library/RenderFiles/activity_agent.appif ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

Then Remove any “HandBrake.app” installs you may have.

Users of Handbrake should be more careful, although primary mirror site and the automatic updater on versions 1.0 or later haven’t been affected. For a safety measure, it is suggested that users should change all passwords stored in any OSX or browser keychains.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Employee paid $300,000 for hacking employer

Category : Blog

Employee paid $300,000 for hacking employer

Employee paid $300,000 for hacking employer. Security Specialists, a former private security officer has been told to pay nearly $319,000 in damages for hacking his employer’s payroll records, so that he can fill the number of hours he had worked hard.

The main culprit , Yovan Garcia later hacked the data from the firm’s server and spoiled its website also.

Michael Fitzgerald, the District Judge of California said that the culprit had taken advantages to challengers business by using the stolen the data from the firm’s server.

The company first noticed the flaw with Garcia’s pay records which was in July 2014, after two years he joined the company. In one , they showed he had worked 12 hours per day over a two-week period and was owed 40 hours of overtime pay, when in fact he only worked eight hours per day.

Employee paid $300,000 for hacking employerAccording to the Judge of the Central District Court, without authorisation he had obtained login credentials and accessed the records.

Judge Fitzgerald said: “As a result, defendant Garcia was paid thousands of dollars more in overtime wages than he was really owed.”

He ordered him to pay $318,661.70 to cover the costs as lost income and lost data to Security Specialists.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Retailer Debenhams's Flowers website hacked

Retailer Debenhams’s Flowers website hacked

Category : Blog , Uncategorized

Retailer Debenhams’s Flowers website hacked

Retailer Debenhams’s Flowers website hacked. The news came that Retailer Debenhams’s Flowers website was hacked and up to 26,000 customers, personal data has been compromised.

Department store chain Debenhams has issued a statement on the data breach, revealing payment details, names and addresses were potentially taken , which targeted Ecomnova, a third party e-commerce company that owns and operates the flower and gifting website. Debenhams said it has contacted customers whose data was accessed. While, customers of  Debenhams.com, which is a separate website, have not been affected.

On  24 February , the company noticed the cyber attack for the first time and then again on  11 April from then Debenhams Flowers website is offline.

Retailer Debenhams's Flowers website hackedDebenhams stated, “Our communication to affected customers includes detailing steps that we have taken and steps that those customers should take”.

In an interview with BBC, a spokeswoman has said that they have sent emails to up to 26,000 customers and informed them about the cyber attack followed up with a letter in the post.

Customers who suspect they’ve been the victim of fraud must immediately contact their bank or credit card provider, as well as Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040 or online.

Debenhams chief executive Sergio Bucher said in a statement “As soon as we were informed that there had been a cyber-attack, we suspended the Debenhams Flowers website and commenced a full investigation”.

“We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk” , they said.

The Information Commissioner’s Office (ICO) has already been informed about the incident.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Intel fixed nine year’s old flaw

Intel fixed nine year’s old flaw

Category : Blog

Intel fixed nine years old flaw

Intel fixed nine years old flaw. Yes, after nine years a flaw was detected and patched by Intel. Intel, one of the world’s largest semiconductor chip makers, has come under fire it’s emerged that the company had sold workstation and server chips with a vulnerability that could give a remote attacker absolute control over the machine.

The bug has affected Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology firmware versions 6.x to 11.6. If exploited, it could give an attacker near-unfettered access to the targeted machine.

Intel fixed nine years old flawAMT is a tool that allows an authorized user to remotely manage a machine, giving serial access, with the right drivers. It can offer a remotely experienced desktop. In most cases, AMT requires the user authentication with a password but this vulnerability essentially find a way around that process, giving the keys to the kingdom to anyone with a copy of Metasploit.

If the computer is configured incorrectly network, where network port 16992 is accessible to the outside world, it means that anyone can take advantage of these features at any time sitting anywhere in the world. Even, someone could easily attack it from within the network.

The most troubling part of this matter is the bug – which luckily, is not found in consumer Intel chips – remained undetected for almost nine years. Intel has been selling vulnerable silicon for almost a decade. There must be, quite literally, hundreds of millions of computers at risk.

However for almost nine years, this bug remained undetected and for almost a decade the company has been selling vulnerable chips in the market. So, no one has any idea that how many computers are at risk, there must be hundreds of millions of devices.

Charlie Demerjian, wrote on blog SemiAccurate said, “the short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole”. He added, “even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

Category : Blog

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

It has been revealed through a recent study of an internet communication mechanism common in mobile devices that so-called ‘open ports’ are much more vulnerable to security breaches than expected. App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones.

Open ports are integral pieces of internet infrastructure allows computer programs to accept packets of information from remote servers. These communication mechanisms are routinely used in traditional computers, where they are secure because computers’ Internet Protocol addresses don’t change. An IP address identifies a connected device.

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

Hundreds of Android apps on Google Play that help users connect to PCs via Wi-Fi leave some ports open and poorly secured, exposing the device to hackers who can steal private information such as contacts, security credentials and photos, they can remotely control a device, perform a denial of service attack, or inject malicious code that could jumpstart widespread, virus-like attacks”, the researchers say.

All this research was done by a group of researchers from the University of Michigan, who scanned almost 100,000 popular apps on Google Play. Out of which 1,632 apps created open ports mostly to connect to PCs. Out of these 1,632 apps, 410 apps had very weak to no security protection, and 57 apps specifically left ports completely open for hackers to tinker with. They claimed that the most vulnerable among the lot, is an app called Wifi File Transfer, that has as many as 10 million Android downloads and lets user share data across devices and connect to their phones from their computers and has no password or fingerprint authentication to protect the user’s data.

The researchers have advised Android users to update AirDroid to the latest patched version and not to use default pass codes. Vulnerable open port apps should only be launched when needed and after using them, users should be sure to exit them fully through the task manager.

Android users need to remain extra careful when using apps whose functionality is data sharing across devices, proxy/VPN, or enabling the user to control a phone remotely without physically accessing it. Consider using only those created by developers with good reputations,” said Yunhan Jia, a doctoral student in computer science and engineering who is involved in the research.

The developers instantly fixed the bug as soon as the Michigan researchers notified them. However, Wifi File Transfer app makers have failed to acknowledge till date.

The full research paper details half a dozen more apps including PhonePal and Virtual USB that create a backdoor for hackers to exploit.

The researchers say that “the user and Google for that matter is quite helpless in this matter, and developers’ will have to do a lot of work on their end to make their services more safe. For now, its best for users to uninstall all mentioned apps.”

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Google Facebook $100 million email scam found

Google Facebook $100 million email scam found

Category : Blog

Google Facebook $100 million email scam found

The tech companies Google and Facebook have confirmed that they fell victim to a $100 million email scam. It was reported that a Lithuanian man had been charged over an email phishing attack against “two US-based internet companies.” Google Facebook $100 million email scam found

Evaldas Rimasauskas, a 48 years man, was accused of being behind the scam. From 2013 to 2015, he defraud the companies into transfering payments to an account managed by him.

Google Facebook email scam foundWhen he was arrested Google and Facebook were not named as the victims, but 27 April, according to Fortune, an investigation company has confirmed the victims’ are none other than Google and Facebook.

The US Department of Justice said, “fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multi-million dollar transactions with (the Asian) company.

The cybercriminal has since been charged with one count of money wire fraud, three counts of money laundering and one count of aggravated identity theft by the US Department of Justice. He is also accused of forging invoices, contracts, and letters.

Back in March, acting attorney Joon Kim said “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control.”

A spokesperson for Google said, “We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we’re pleased this matter is resolved.

A spokeswoman for Facebook said: “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”

While Facebook and Google have not confirmed and mentioned the amount of money they have lost due to this miserable attack.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 


SNMP fault affects online devices

SNMP flaw affects online devices

Category : Blog

SNMP flaw affects online devices

A serious security flaw in the application of the SNMP (Simple Network Management Protocol) allows an attacker to gain control over at least 78 cable modem models. SNMP flaw affects online devices  which gives a green signal to the attackers.

SNMP (Simple Network Management Protocol) is used for automated network device identification, monitoring and remote configuration. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.

It was reported by the security researchers Ezequiel Fernandez and Bertin Bervis that the problem entitle StringBleed vulnerability and tracked as CVE 2017-5135,

SNMP fault affects online devices

The Simple Network Management protocol supports three methods for client authentication and to authenticate requests on remote SNMP devices.  Two of them are affected by the authentication bypass issue.

Versions 1 and 2 of the SNMP protocol do not have strong and powerful authentication to begin with. They provide either read-only or write access to a device’s configuration through passwords called community strings.

The StringBleed vulnerability is an Incorrect Access Control issue, remote attackers could utilize and target the issue to execute code on the vulnerable affected devices and gain full read/write remote permissions using any string/integer value.

The researchers said that “We know there are 3 ways to authenticate the client and requests in the remote SNMP device, SNMP version 1 & 2 use a human-readable string datatype value called “community string” (usually public or private) in SNMP version 3 you have the option to use a user, password and authentication methods. ” 

The researchers used a simple python script to build a “snmpget” request that used the sysDescr OID, then they started scanning the Internet for devices that would respond to the request. The experts were searching for sysDescr OID information provided by the devices in response to requests using test strings like ‘admin’, ‘root’, and ‘user.’

Researchers added a new conversation that “We wrote a simple python script from scratch using sockets in order to build the “snmpget” request, in the request we used the sysDescr OID , if the string value we are testing (admin,root etc etc) is the same stored in the SNMP agent for authentication , we are going to retrieve the sysDescr OID information successfully, is like a kind of “brute force”. After some days of scanning we noticed something weird, some devices/fingerprints were always responding no matter which value we used, so what’s going here???”

The results of the Internet Scan were alarming, an attacker could use random or any value string or integer to authenticate the SNMP agent on the flawed devices.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Karmen low-cost ransomware found

Karmen low-cost ransomware found

Category : Blog

Karmen low-cost ransomware found

Karmen low-cost ransomware found. Yes, security experts have spotted a new “ransomware as a service” (RaaS) called Karmen from threat intelligence firm Recorded Future. This service permits anyone to set up an account and customize their own ransomware campaign.

Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key. Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.

Read more about MacOS under Ransomware attack and Unique Ransomware Vulnerability Attack

The Karmen RaaS is very cheap, it costs just $175, buyers can decide the ransom prices and the duration of the period in which the victims can pay the ransom.

Karmen low-cost ransomware found

It is a multi-threaded and multi-language ransomware that supports .NET 4.0 and uses the AES-256 encryption standard. The malware is .NET dependent and requires PHP 5.6 and MySQL.

It works like any typical ransomware infections, Karmen encrypts files on the infected PC using the strong AES-256 encryption protocol, making them inaccessible to the victim until he/she pays a large sum of money to obtain the decryption key from the attacker.

Karmen automatically deletes its decryptor if analysis software is detected on the victim’s computer to make security researchers away from investigating the threat.

According to Recorded Future, “Karmen Ransomware is sold as a standalone malware variant, only requiring a one-time upfront payment, allowing a buyer to retain 100 percent of payments from infected victims”.

The ransomware is sold in both light and full versions, with the light version omitting sandbox identification functionality; therefore offering a much smaller file size. The RaaS variant is based on the abandoned open-source ransomware building toolkit dubbed Hidden Tear and is being sold on Dark Web forums from Russian-speaking hacker named DevBitox for $175.

Further investigation discovered that “DevBitox” a Russian-speaking cyber criminal, was the seller behind the Karmen malware in March 2017.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


Suspected Russian hackers targeting French Presidential elections

Suspected Russian hackers targeting French Presidential elections

Category : Blog

Suspected Russian hackers targeting French Presidential elections

It was Suspected Russian hackers targeting French Presidential elections in France by launching a new cyber attack against the campaign offices of the front-runner candidate Emmanuel Macron, claimed by Trend Micro, A Tokyo-based cyber security firm.

On Tuesday the report was released by the firm. The researchers doubted that those who were responsible for the hack of the US Presidential election are now trying to attack the French Presidential elections. Same digital fingerprints were found as the suspected Russian hacking of the Democratic National Committee and others.

The research group did not reveal any of the “potential fallout of the infiltration on the campaign of Macron.”

Pawn Storm, a Cyber spying group targeted Macron’s campaign in March and April.

Suspected Russian hackers targeting French Presidential elections

Rik Ferguson, vice president of Trend Micro’s security research program, told the Washington Post that, “There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example. We found similarities in the IP addresses and malware used in the attacks”.

Extra elements added by Ferguson, “We cannot say for sure whether this was directed by the Russian government, but the group behind the attacks certainly appears to pursue Russian interests”.

According to the Washington Post’s report, the cyber security agency of the France, ANSSI, has confirmed the cyber attacks against Macron.

However, the government control itself from blaming Russia for any kind of attack, it might be possible that “other high-level” hackers could be behind the attack and they are just copying their style so that everyone would blame them (Russain Hackers) for the attacks.

According to the researchers, “the hackers created several email addresses on a fake server with the URL onedrive-en-marche.fr, operating from computers with IP addresses in multiple European nations, including Britain.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Facebook Twitter Snapchat paying hackers to recover technical bugs

Facebook Twitter Snapchat paying hackers to recover technical bugs

Category : Blog

Facebook Twitter Snapchat paying hackers to recover technical bugs

In our day to day lives we socialize and interact with many different types of people, including family, friends, colleagues, or even complete “strangers”. Yes, most of the people we meet on social sites are strangers. Many have fake accounts, sending requests to people and people in term of “Friendship” without knowing that person accept their requests and start connecting with these strangers. The result can be very dangerous as strangers can mislead the laws of social media by hacking your profiles. Now, Facebook Twitter Snapchat paying hackers to recovers technical bugs.

The news may surprise you, but Facebook, Twitter, and Snapchat have a found a unique way to find such faults. Truly they are paying big amounts to white hat hackers around the world to keep them updated about the glitches in their system. They are spending almost around £156,000 every day, to keep their system hassle free.

Facebook Twitter Snapchat paying hackers to recovers technical bugsOne of the hackers known as Topiary online, Jake Davis, who was previously a black hat hacker, was arrested in 2011, but now works for the giant technical companies. He explains his work to Newsbeat, he is now paid by Twitter to hack their website,” Twitter have paid me for disclosing bugs to them. It’s very simple.”

According to Jake Davis, the hackers would be happy to do this work even if they are not paid, so the money is just a extra bonus for them. For them, the main reward is “kudos from other hackers. They’re good at hacking, and they want to be seen to be good at the thing.”

“Facebook are particularly good, they have got a £500 minimum for disclosing bugs to them,” says Jake.

He says that till now Twitter has paid $800,000 (£625,000) to nearly 642 hackers.

This is a good way to stop hackers by paying to be hacked and this can help Facebook Twitter Snapchat paying hackers to recover technical bugs So hackers are having a very good time. That is the reality of today’s online security.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training