Snow
Forest
Mountains
Snow
Snow

Author Archives: Debolina biswas

Hackers collecting Pre-Hack data using Pixel tracking.

Hackers Collecting Pre-Hack data

Category : Blog

Hackers Collecting Pre-Hack data

Marketers and Advisers use a simple trick to track web users and email recipients. It is email marketing. This also been abused by cyber criminals and online spies to collect information on possible targets or to improve the efficiency of phishing attacks, both mass and targeted in scope. Hackers  collecting Pre-Hack data using Pixel tracking.

Donald Meyer of Check Point Software Technologies Ltd said “We’ve seen a lot more use of this tactic recently as a probing or information-gathering tool, by phishers and other cyber criminals”.

Pixel tracking is a decades-old email marketing technique that depends on embedding a one-by-one pixel image, usually transparent or of the same color of the email’s background which prevents users from noticing them in most cases. Tracking pixels or web beacons are downloaded when a user opens an email or visits a website unless the user blocks the loading of images inside his emails which lets the advertiser know a user has opened one of its emails.

With a code as simple as  “<img src=”http://example.com/cgi-bin/program?e=email-address”>”, the marketing tools ping a website whenever someone downloads an image.

Most email programs and web browsers work, tracking pixels, once downloaded, can collect and report information about the user’s email address, operating system, device, software, IP address, hostname, cookie usage settings, usage of webmail and date and time of opening the email. Email marketers can use this data to measure the effectiveness of their campaigns

Sadly, everything which makes tracking pixels great for marketers and advertisers, automaticity and the amount of data captured — makes them great for hackers’ reconnaissance. Using the same trick if a hacker gets hold of all this information, they can misuse it to carry out malicious campaigns.

 Hackers  collecting Pre-Hack data using Pixel tracking.On Monday, Meyer said in a blog post that,” In phishing attacks, tracking pixels can be used to learn which recipients are most likely to open scam emails. Since some scammers retool mass phishing attacks against random users to target high-value enterprise users, scammers are turning to pixel tracking to increase the odds a spear phishing attack will succeed…. Our security researchers have already discovered tracking pixels being used in the wild as a surveillance tool to gather information for use in phishing scams”.

Hackers trying to break into a network have to explore its architecture first to find points of entry and ways to move around the system undetected. An attacker will often send phishing emails to map out the network, locate potential weak points and figure out who in the organization is most likely to open suspicious-looking mail and click on links or attachments.

Those employees using webmail clients, it is possible that the company uses a managed cloud services to handle internal operations.  An attacker that can identify that cloud platform could find it very easy to hone future attacks around vulnerabilities in that platform.

Thankfully, it’s not difficult to protect against this clever threat.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Protect Your Device From Hackers

Protect Your Device From Hackers

Category : Blog

Protect Your Device From Hackers

First thing to keep in mind that hacking a system for unauthorised access that does not belong to you is an illegal practice, whatever intention it may be. This is not the first time when any hacker has been watchful, we have seen many more cases in which hackers have used malware to compromise thousands of devices, but instead of hacking them, they forced owners to make them secure. A new malware family known as Hajime is worming its way through DVRs, CCTV systems, and other poorly-protected Internet of Things (IoT) devices. Dubbed Hajime, has already infected at least 10,000 home routers, Internet-connected cameras, and other smart devices. So Protect Your Device From Hackers.

It doesn’t rely on a command and control server (C&C) but instead leverages a peer-to-peer network to send command modules to all its infected devices, which makes the malware more resistant to takedowns. These techniques have helped Hajime grow over time.

Researcher Waylon Grange elaborates in his blog that:

Over the past few months, Hajime has been spreading quickly. Symantec has tracked infections worldwide, with large concentrations in Brazil and Iran. It is hard to estimate the size of the peer-to-peer network, but modest estimates put it in the tens of thousands.”

At this time, the purpose of Hajime remains is not known to anyone.

Protect Your Device From HackersHajime botnet works like Mirai — “it spreads via unsecured IoT devices that have open Telnet ports and uses default passwords — and also uses the same list of username and password combinations that Mirai botnet is programmed to use, with the addition of two more”.

However, what’s interesting about Hajime botnet is that, unlike Mirai, it secures the target devices by blocking access to four ports (23, 7547, 5555, and 5358) known to be vectors used to attack many IoT devices, making Mirai or other threats out of their bay.

Unlike Mirai, Hajime uses a decentralized peer-to-peer network (instead of command and control server) to issue commands and updates to infected devices, which makes it more difficult for ISPs and Internet backbone providers to take down the botnet.

Hajime botnet also takes steps to hide its running processes and files on the file system, making the detection of infected systems more difficult.

The malware currently doesn’t pass off distributed denial of service (DDoS) capabilities to its bots. Instead it displays a message that says :

“Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!”

The Symantec researchers explained that: “One day a device may belong to the Mirai botnet, after the next reboot it could belong to Hajime, then the next any of the many other IoT malware/worms that are out there scanning for devices with hard coded passwords. This cycle will continue with each reboot until the device is updated with a newer, more secure firmware”.

Whether it is good or bad, a malware infection on an IoT device is unwanted. Users should do everything to secure a product they purchase. This begins with researching each device carefully before they purchase it. Be careful before buying!!!!!!!

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


Phishing Attack Affects Browser

Phishing Attack Affects Browser

Category : Blog

Phishing Attack Affects Browser

A Chinese security researcher has revealed a scary phishing attack that is almost impossible to detect in web browsers like Chrome, Firefox, and Opera. The attack uses unicode characters in domains that look exactly like the common ASCII characters. For example, “xn--pple-43d.com” is equivalent to “аpple.com”. This Phishing Attack Affects Browser.

Punycode is a way of depicting Unicode using the limited character subset of ASCII which is used for internet host names. It makes it possible to register domain names with foreign characters. For example, the domain name “xn--s7y.co” is same as “短.co”. Using the example, a security researcher has shown the proof-of-concept of a scary attack.

The concept of the attack is very old, it has recently placed to the current versions of browsers like Google Chrome, Mozilla Firefox, and Opera. These browsers show unicode characters in domain names as normal characters, which makes it impossible to notice the domains.

Due to this fault in doamin, it is possible to register domains like “xn--pple-43d.com”, which is same to “аpple.com,” the Chinese security researcher  Xudong Zheng writes.

Phishing Attack Affects BrowserIn the picture , ‘аpple.com’ uses Cyrillic ‘а’ (U+0430), instead of the ASCII ‘a’ (U+0041). This is also called a homograph attack.

So, do you think that our web browsers totally incompetent against such attacks? Well, most browsers have some protection enabled such as online virus security but they don’t detect each and every version of such attacks. For example, if the attacker only replaces ASCII characters with characters from a single foreign language, the protection fails.

This attack vector, doesn’t affect Internet Explorer, Microsoft Edge, and Safari web browsers fortunately.

On January 20, this bug was reported to Firefox and Chrome. While the fix has landed in Chrome Canary browser. The issue remains unaddressed in Firefox.

Zheng recommends using a password manager to protect your browser. He also advises that users must pay close attention to a site’s URL when entering personal information very carefully.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Hackers announces NSA’s powerful Windows hacking tool

Hackers announces NSA’s powerful Windows hacking tool

Category : Blog

Hackers announces NSA’s powerful Windows hacking tool

Hackers announces NSA’s powerful Windows hacking tool .The Shadow Brokers, a hacking group, who previously stole and leaked a portion of the NSA hacking tools has just released a collection of spy tools that is allegedly used by the National Security Agency online.

On Friday, the group published the exploits that were designed to target vulnerabilities in Windows computers and servers, along with the files and other important documents that contain the details the way agency used to carry out clandestine surveillance.

According to the reports, the Windows hacking tools were used by the NSA to target several banks, including the SWIFT banking system.

On Friday, Microsoft said that they have patched the exploits in previous updates. Windows users are notified and advised to update their software and upgrade to Windows 7 or a newer version.

Hackers announces NSA’s powerful Windows hacking tool

Matthew Hickey, founder of security firm Hacker House said “This is quite possibly the most damaging thing I’ve seen in the last several years, this puts a powerful nation-state-level attack tool in the hands of anyone who wants to download it to start targeting servers.”

It appears that the exploits targeted a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.

Hickey said, “The individual consumer is a little less at risk, as these kinds of tools are targeted at enterprise and business environments“.

A Microsoft’s spokesperson stated to CNN Tech that, “We’ve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products. Customers with up-to-date software are already protected.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Five Prisoners hacked prison network

Five Prisoners hacked Prison Network

Category : Blog

Five Prisoners hacked Prison Network

Official Inspector General of the State of Ohio reported a 50-page investigative report of the incident which now came in public domain, that took place back in 2015. It came to know that Five Prisoners hacked Prison Network.

According to the reports, five prisoners from the Marion Correctional Institution (MCI) secretly got hold on two computers, then they hid the computers under the suspended ceiling in the service room, after that they hacked the prison network, and got the opportunity to go into the unauthorised zone and involved themselves in illegal activities on the Internet. All of this became possible just because the prisoners were made to work under the Green Initiative program, in which they were engaged in the recycled different electronics.

Administrators of MCI began to notice something strange in the summer of 2015: an account belonging to one of the contractors of the prison began to exceed the daily quota of traffic. Then similar performance began to show the accounts of other employees, including on weekends, when these employees were absent in the workplace. A few days later, it become worse, these employees began to make attempts to evade the proxies that monitored the traffic.

Administrators’ intuition gave rise to a full-fledged investigation, during which strange activity could be traced to a computer that appears in the report as -lab9-. This name did not fit into the internal naming system at all.

Five Prisoners hacked prison network

Officials of MCI first began to identify in the summer of 2015, when an account of one of the contractors of the prison began to overreach the daily quota of traffic. Then other accounts of the employees started showing the same behaviour.

After all this, administrators’ started a full-fledged investigation, and during which they found out a computer name that did not match the internal naming system at all.

Further investigation, the team found out the suspicious traffic was from port 16 of the switchboard located in the prison, and they discovered out the device in the suspended ceiling. It was a great shock for the employees of MCI to find out two prisoners working on the computers behind the plywood planes of the ceiling illegally.

All the five prisoners were engaged in the recycling of electronics under the Green Initiative program, and they took all the necessary parts for assembling the PC.

Investigators found two detected hard disks: hacking tools, legitimate software, traces of illegal activity.

However, the prisoners were not only interested in “internet-surfing”, they hacked accounts, intercepted prison traffic, and compromised the prison network.

All five hackers were identified, and presently they are serving their sentence in various correctional facilities.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Indian Election Commission throws open challenge

Indian Election Commission throws open challenge

Category : Blog

The  Indian Election Commission throws open challenge to hack its electronic voting machines (EVMs). This step is being taken by different political parties due to some rise of allegation, which claimed that machines used in UP elections only voted for BJP. The opposition parties have also demanded that paper trail of voting should be re-introduced in the future. So Indian Election Commission throws open challenge to them.

The Indian politics scene got tempered due to different kinds of allegations made by the opposition leaders after the Bhartiya Janata Party (BJP) won with an unexpectedly massive mandate in Uttar Pradesh assembly elections. Delhi CM Arvind Kejriwal and former CM of Uttar Pradesh have staged protests against the alleged tampering of electronic voting machines (EVMs) for benefitting BJP in the elections.

The leaders also demanded that the paper trail of voting should be re-introduced in the future elections. For these allegations, the Election Commission of India is planning an open challenge for security researchers, scientists, and political parties in the first week of May.

Indian Election Commission throws open challenge

An official source reportedly said “From the first week of May, experts, scientists, technocrats can come for a week or 10 days and try to hack the machines”.

The source claimed that the challenge will have various levels that one will need to complete within a week or 10 days.

This is not the first time Election Commission of India is making such challenge. The Commission announced a similar program in 2009 and claimed that the machines turned out to be unhackable.

Previously, leaders response to the claims, the Commission rejected the allegations.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Unique Ransomware Vulnerability Attack

Unique Ransomware Vulnerability Attack

Category : Blog

Unique Ransomware Vulnerability Attack

In the Past few days, you might have heard about various news of hackers using malicious ransomware forcing users to pay huge amounts of money but  today’s scenario is something different. Today, we bring you a unique kind of ransomware which forces its victims to make a high score of at least 200 million points in popular Japanese video game TH12. This is a Unique Ransomware Vulnerability Attack.

Its sound’s strange but this is the reality. So be aware.

According to Malware Hunter Team, a popup started appearing on the victim’s devices informing them about the ransomware infection. Usually, when the device’s security is compromised by hackers, the users are asked to pay a ransom fee, but not in this case!!!

The popup stated: “Just play TH12 and score over 0.2 billion in lunatic level.”

Unique Ransomware Vulnerability Attack

Developer of this ransomware just wanted to have some fun and when the news went viral, its developer publicly apologized to the victims.

The mastermind behind this ransomware goes by the name “Tvple Eraser” on Twitter, who said that: “I made it for a joke, and just laughing with people who like Touhou Project Series,” Tvple Eraser stated.” So I distributed source code except for compiled binary on the web.”

He further said “A number of people blamed me. It’s natural because I made accident definitely wrong. I’m not sure this apology is enough to you. If not, then I apologize again… It didn’t mean to be evil. I hope you understand it.

Eraser also released a “Forcer” tool to ensure that users can get rid of this vulnerability as soon as possible and embedded the apology in the tool.

The apology seems truly genuine but one question arises here whether this was a prank or a marketing strategy to promote the game.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Smartphone Update Vulnerability Found

Smartphone Update Vulnerability Found

Category : Blog

Smartphone Update Vulnerability Found

A Google Project Zero researcher, Gal Beniamini has found some vulnerabilities including a remote code execution in Broadcom’s Wi-Fi system-on-chip (SoC) which if exploited can allow attackers to compromise Smartphone devices like iPhone, Samsung, and Google Nexus. Smartphone update vulnerability found.

Broadcom’s Wi-Fi chips are used in a number of well-known devices and any vulnerability makes millions of smartphones vulnerable which includes Samsung’s flagship Android smartphones, Google’s very own Nexus 5, 6 and 6P and iPhone devices starting from iPhone 4.

Beniamini explained the functionality and importance of Broadcom Wi-Fi chipset and how this vulnerability can be used to carry a remote code execution attack. The Google researcher is also working on the privileges from the SoC into the operating system’s kernel which will help to know how an attacker in the Wi-Fi range can take full control of a targeted device without user interaction.

Smartphone Update Vulnerability Found

Thanks to Beniamini’s findings because of which Samsung has released maintenance updates fixing all the vulnerabilities on its own and Google products, Apple has issued an emergency update for iPhone users while a lot of android flaws were patched during March security updates.

Last week Apple has an issue about their critical update for iOS. After Apple users were targeted with a fake ransomware scam using javascript from another domain. The update changed the way Safari browsers handled javascript in the past.

We will get back soon with some news updates and please update your Smartphone to avoid this vulnerability.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


North Korean hackers breached overseas banks

North Korean hackers breached overseas banks

Category : Blog

North Korean hackers breached overseas banks

North Korean hackers breached overseas banks to create a network of accounts to move around embezzled funds. CNN reported on Tuesday that “Funds from the operation are most likely being used to finance Pyongyang’s nuclear weapons development”.

According to Kaspersky, a Russian cybersecurity firm, North Korea is linked to cyberattacks on financial institutions in 18 countries, including Bangladesh, Ecuador, Philippines and Vietnam. Hackers were discovered to North Korea and a hacker from a group operation known as “Lazarus” connected from North Korea. Previously, the hackers had their pre-planned trap and routed their attacks from computer services in France, South Korea and Taiwan, making it hard for analysts to trace the origin of the breaches.

Lazarus did not begin to focus on banks until late 2015, right before North Korea conducted its fourth nuclear test then began to test-launch dozens of ballistic missiles in 2016.

North Korean hackers breached overseas banks

According to U.S. firm Symantec “Attacks on institutions in Vietnam, Gabon and Nigeria were mostly unsuccessful”.

“But Pyongyang has been linked to the theft from Bangladesh’s account at the New York Federal Reserve in 2016, and a researcher at FireEye, a U.S. cybersecurity firm”, said North Korea tried to move the money to a bank it infected in Southeast Asia. More sanctions have been placed against North Korea for its pursuit of nuclear weapons.

According to CNN ,“North Korea may have used electronics and shipping companies, for example, to transfer millions of dollars. The state also established front companies as subsidiaries in China and Malaysia”

The New York Times reported, “North Korea may also have begun selling surplus material that is being used to produce nuclear weapons”.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


Anonymous hacks ISIS website; infecting users with malware

Anonymous Hackers Hacked ISIS site

Category : Blog

Amaq, the official news agency of ISIS or Daesh terrorist group informed its users about a huge compromise in the security of its website. They said Anonymous Hackers Hacked ISIS site which is now infecting thousands of users.

When visiting the site, the following message keeps appearing:-

“The site ahead contains malware, and that attacker might attempt to install dangerous programs on your computer that steal or delete your information.” “

The site’s administrators had identified the hack on Thursday, told the media via a telegram channel and warned strictly to the users, not to download the flash player appearing on the site. They warned as the request to download flash player will result in the compromise of user devices.

Anonymous hacks ISIS website; infecting users with malware

Vocativ reported that several ISIS forums have also reported about the incident, and to a few forum users, the virus was impersonating as a Flashplayer.apk. APK (Android package kit), an Android operating system file format. They further claimed that the malware is designed to spy on the ISIS terrorist group’s members and that the malware could track user’s locations, read conversations and collect all the multimedia files on the user’s device.

Since the virus disguised as a Flash Player APK file, thousands of users are in huge trouble. One of the user also suggested that to get rid of the malware, one needs to reset the device to factory settings.

So far, no one has claimed the responsibility of the hack, but it is believed that it could be an anti-ISIS group running operation ISIS, #OPISIS is behind this hack. The people behind #OPISIS- an anonymous- affiliated anti-ISIS online campaign have been known to disrupt the ISIS’ online presence over the past few years.

The fact that Anonymous hackers left a message stating “We are coming for you,” could confirm that they are behind the hack.

 

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training