Author Archives: Debolina biswas

  • 0
Karmen low-cost ransomware found

Karmen low-cost ransomware found

Category : Blog

Karmen low-cost ransomware found

Karmen low-cost ransomware found. Yes, security experts have spotted a new “ransomware as a service” (RaaS) called Karmen from threat intelligence firm Recorded Future. This service permits anyone to set up an account and customize their own ransomware campaign.

Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key. Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.

Read more about MacOS under Ransomware attack and Unique Ransomware Vulnerability Attack

The Karmen RaaS is very cheap, it costs just $175, buyers can decide the ransom prices and the duration of the period in which the victims can pay the ransom.

Karmen low-cost ransomware found

It is a multi-threaded and multi-language ransomware that supports .NET 4.0 and uses the AES-256 encryption standard. The malware is .NET dependent and requires PHP 5.6 and MySQL.

It works like any typical ransomware infections, Karmen encrypts files on the infected PC using the strong AES-256 encryption protocol, making them inaccessible to the victim until he/she pays a large sum of money to obtain the decryption key from the attacker.

Karmen automatically deletes its decryptor if analysis software is detected on the victim’s computer to make security researchers away from investigating the threat.

According to Recorded Future, “Karmen Ransomware is sold as a standalone malware variant, only requiring a one-time upfront payment, allowing a buyer to retain 100 percent of payments from infected victims”.

The ransomware is sold in both light and full versions, with the light version omitting sandbox identification functionality; therefore offering a much smaller file size. The RaaS variant is based on the abandoned open-source ransomware building toolkit dubbed Hidden Tear and is being sold on Dark Web forums from Russian-speaking hacker named DevBitox for $175.

Further investigation discovered that “DevBitox” a Russian-speaking cyber criminal, was the seller behind the Karmen malware in March 2017.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


  • 0
Suspected Russian hackers targeting French Presidential elections

Suspected Russian hackers targeting French Presidential elections

Category : Blog

Suspected Russian hackers targeting French Presidential elections

It was Suspected Russian hackers targeting French Presidential elections in France by launching a new cyber attack against the campaign offices of the front-runner candidate Emmanuel Macron, claimed by Trend Micro, A Tokyo-based cyber security firm.

On Tuesday the report was released by the firm. The researchers doubted that those who were responsible for the hack of the US Presidential election are now trying to attack the French Presidential elections. Same digital fingerprints were found as the suspected Russian hacking of the Democratic National Committee and others.

The research group did not reveal any of the “potential fallout of the infiltration on the campaign of Macron.”

Pawn Storm, a Cyber spying group targeted Macron’s campaign in March and April.

Suspected Russian hackers targeting French Presidential elections

Rik Ferguson, vice president of Trend Micro’s security research program, told the Washington Post that, “There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example. We found similarities in the IP addresses and malware used in the attacks”.

Extra elements added by Ferguson, “We cannot say for sure whether this was directed by the Russian government, but the group behind the attacks certainly appears to pursue Russian interests”.

According to the Washington Post’s report, the cyber security agency of the France, ANSSI, has confirmed the cyber attacks against Macron.

However, the government control itself from blaming Russia for any kind of attack, it might be possible that “other high-level” hackers could be behind the attack and they are just copying their style so that everyone would blame them (Russain Hackers) for the attacks.

According to the researchers, “the hackers created several email addresses on a fake server with the URL onedrive-en-marche.fr, operating from computers with IP addresses in multiple European nations, including Britain.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0

1.4 Million citizens Aadhaar card leaked

Category : Blog

1.4 Million citizens Aadhaar card leaked

Though India goes ahead in its digital India, Security practices left behind a huge remark when coming to Indian Document Security. An incident in Jharkhand again seems to have raised some serious questions of Aadhaar’s data-breach vulnerabilities. 1.4 Million citizens Aadhaar card leaked which need to be secured in time.

There was a programming error in the Aadhaar website maintained by the Jharkhand Directorate of Social Security, Aadhaar data of more than 1.4 million citizens has leaked details include names, Aadhaar numbers, addresses, and bank account details of the beneficiaries of the Jharkhand’s old-age pension scheme.

The Aadhaar Act restrict public display of an individual’s Aadhaar details. The Unique Identification Authority of India (UIDAI) office in Ranchi called up the office of the Department of Women and Child & Social Security to inform them of the glitch.

1.4 Million citizens Aadhaar card leaked

Director (Social Security) Ram Parvesh was quoted as saying by The Indian Express, “We got a call from the UID cell telling us that the Aadhaar numbers of pension beneficiaries were being displayed on the website. We are aware of the seriousness (of the matter) and we will try to find out how and from where this mistake happened”.

In Jharkhand, cyber security experts warned that many websites maintained by the state government were insecure and they need to be secured as soon as they can

“We had demonstrated these vulnerabilities to the state government in December,” said Vineet Kumar, a former member of Jharkhand police’s cyber cell, who has since set up the Cyber Peace Foundation, an NGO.

It is unknown when the details were made public, since nobody can access the website as the website has now blocked.

“Jharkhand-type leaks could happen anywhere, in many states, each department has its own IT vendors who build the software that stores this information. There is no common security standard across states and departments.” said an official who works closely with the Ministry of Rural Development.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Facebook Twitter Snapchat paying hackers to recover technical bugs

Facebook Twitter Snapchat paying hackers to recover technical bugs

Category : Blog

Facebook Twitter Snapchat paying hackers to recover technical bugs

In our day to day lives we socialize and interact with many different types of people, including family, friends, colleagues, or even complete “strangers”. Yes, most of the people we meet on social sites are strangers. Many have fake accounts, sending requests to people and people in term of “Friendship” without knowing that person accept their requests and start connecting with these strangers. The result can be very dangerous as strangers can mislead the laws of social media by hacking your profiles. Now, Facebook Twitter Snapchat paying hackers to recovers technical bugs.

The news may surprise you, but Facebook, Twitter, and Snapchat have a found a unique way to find such faults. Truly they are paying big amounts to white hat hackers around the world to keep them updated about the glitches in their system. They are spending almost around £156,000 every day, to keep their system hassle free.

Facebook Twitter Snapchat paying hackers to recovers technical bugsOne of the hackers known as Topiary online, Jake Davis, who was previously a black hat hacker, was arrested in 2011, but now works for the giant technical companies. He explains his work to Newsbeat, he is now paid by Twitter to hack their website,” Twitter have paid me for disclosing bugs to them. It’s very simple.”

According to Jake Davis, the hackers would be happy to do this work even if they are not paid, so the money is just a extra bonus for them. For them, the main reward is “kudos from other hackers. They’re good at hacking, and they want to be seen to be good at the thing.”

“Facebook are particularly good, they have got a £500 minimum for disclosing bugs to them,” says Jake.

He says that till now Twitter has paid $800,000 (£625,000) to nearly 642 hackers.

This is a good way to stop hackers by paying to be hacked and this can help Facebook Twitter Snapchat paying hackers to recover technical bugs So hackers are having a very good time. That is the reality of today’s online security.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Hackers collecting Pre-Hack data using Pixel tracking.

Hackers Collecting Pre-Hack data

Category : Blog

Hackers Collecting Pre-Hack data

Marketers and Advisers use a simple trick to track web users and email recipients. It is email marketing. This also been abused by cyber criminals and online spies to collect information on possible targets or to improve the efficiency of phishing attacks, both mass and targeted in scope. Hackers  collecting Pre-Hack data using Pixel tracking.

Donald Meyer of Check Point Software Technologies Ltd said “We’ve seen a lot more use of this tactic recently as a probing or information-gathering tool, by phishers and other cyber criminals”.

Pixel tracking is a decades-old email marketing technique that depends on embedding a one-by-one pixel image, usually transparent or of the same color of the email’s background which prevents users from noticing them in most cases. Tracking pixels or web beacons are downloaded when a user opens an email or visits a website unless the user blocks the loading of images inside his emails which lets the advertiser know a user has opened one of its emails.

With a code as simple as  “<img src=”http://example.com/cgi-bin/program?e=email-address”>”, the marketing tools ping a website whenever someone downloads an image.

Most email programs and web browsers work, tracking pixels, once downloaded, can collect and report information about the user’s email address, operating system, device, software, IP address, hostname, cookie usage settings, usage of webmail and date and time of opening the email. Email marketers can use this data to measure the effectiveness of their campaigns

Sadly, everything which makes tracking pixels great for marketers and advertisers, automaticity and the amount of data captured — makes them great for hackers’ reconnaissance. Using the same trick if a hacker gets hold of all this information, they can misuse it to carry out malicious campaigns.

 Hackers  collecting Pre-Hack data using Pixel tracking.On Monday, Meyer said in a blog post that,” In phishing attacks, tracking pixels can be used to learn which recipients are most likely to open scam emails. Since some scammers retool mass phishing attacks against random users to target high-value enterprise users, scammers are turning to pixel tracking to increase the odds a spear phishing attack will succeed…. Our security researchers have already discovered tracking pixels being used in the wild as a surveillance tool to gather information for use in phishing scams”.

Hackers trying to break into a network have to explore its architecture first to find points of entry and ways to move around the system undetected. An attacker will often send phishing emails to map out the network, locate potential weak points and figure out who in the organization is most likely to open suspicious-looking mail and click on links or attachments.

Those employees using webmail clients, it is possible that the company uses a managed cloud services to handle internal operations.  An attacker that can identify that cloud platform could find it very easy to hone future attacks around vulnerabilities in that platform.

Thankfully, it’s not difficult to protect against this clever threat.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Protect Your Device From Hackers

Protect Your Device From Hackers

Category : Blog

Protect Your Device From Hackers

First thing to keep in mind that hacking a system for unauthorised access that does not belong to you is an illegal practice, whatever intention it may be. This is not the first time when any hacker has been watchful, we have seen many more cases in which hackers have used malware to compromise thousands of devices, but instead of hacking them, they forced owners to make them secure. A new malware family known as Hajime is worming its way through DVRs, CCTV systems, and other poorly-protected Internet of Things (IoT) devices. Dubbed Hajime, has already infected at least 10,000 home routers, Internet-connected cameras, and other smart devices. So Protect Your Device From Hackers.

It doesn’t rely on a command and control server (C&C) but instead leverages a peer-to-peer network to send command modules to all its infected devices, which makes the malware more resistant to takedowns. These techniques have helped Hajime grow over time.

Researcher Waylon Grange elaborates in his blog that:

Over the past few months, Hajime has been spreading quickly. Symantec has tracked infections worldwide, with large concentrations in Brazil and Iran. It is hard to estimate the size of the peer-to-peer network, but modest estimates put it in the tens of thousands.”

At this time, the purpose of Hajime remains is not known to anyone.

Protect Your Device From HackersHajime botnet works like Mirai — “it spreads via unsecured IoT devices that have open Telnet ports and uses default passwords — and also uses the same list of username and password combinations that Mirai botnet is programmed to use, with the addition of two more”.

However, what’s interesting about Hajime botnet is that, unlike Mirai, it secures the target devices by blocking access to four ports (23, 7547, 5555, and 5358) known to be vectors used to attack many IoT devices, making Mirai or other threats out of their bay.

Unlike Mirai, Hajime uses a decentralized peer-to-peer network (instead of command and control server) to issue commands and updates to infected devices, which makes it more difficult for ISPs and Internet backbone providers to take down the botnet.

Hajime botnet also takes steps to hide its running processes and files on the file system, making the detection of infected systems more difficult.

The malware currently doesn’t pass off distributed denial of service (DDoS) capabilities to its bots. Instead it displays a message that says :

“Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!”

The Symantec researchers explained that: “One day a device may belong to the Mirai botnet, after the next reboot it could belong to Hajime, then the next any of the many other IoT malware/worms that are out there scanning for devices with hard coded passwords. This cycle will continue with each reboot until the device is updated with a newer, more secure firmware”.

Whether it is good or bad, a malware infection on an IoT device is unwanted. Users should do everything to secure a product they purchase. This begins with researching each device carefully before they purchase it. Be careful before buying!!!!!!!

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


  • 0
Phishing Attack Affects Browser

Phishing Attack Affects Browser

Category : Blog

Phishing Attack Affects Browser

A Chinese security researcher has revealed a scary phishing attack that is almost impossible to detect in web browsers like Chrome, Firefox, and Opera. The attack uses unicode characters in domains that look exactly like the common ASCII characters. For example, “xn--pple-43d.com” is equivalent to “аpple.com”. This Phishing Attack Affects Browser.

Punycode is a way of depicting Unicode using the limited character subset of ASCII which is used for internet host names. It makes it possible to register domain names with foreign characters. For example, the domain name “xn--s7y.co” is same as “短.co”. Using the example, a security researcher has shown the proof-of-concept of a scary attack.

The concept of the attack is very old, it has recently placed to the current versions of browsers like Google Chrome, Mozilla Firefox, and Opera. These browsers show unicode characters in domain names as normal characters, which makes it impossible to notice the domains.

Due to this fault in doamin, it is possible to register domains like “xn--pple-43d.com”, which is same to “аpple.com,” the Chinese security researcher  Xudong Zheng writes.

Phishing Attack Affects BrowserIn the picture , ‘аpple.com’ uses Cyrillic ‘а’ (U+0430), instead of the ASCII ‘a’ (U+0041). This is also called a homograph attack.

So, do you think that our web browsers totally incompetent against such attacks? Well, most browsers have some protection enabled such as online virus security but they don’t detect each and every version of such attacks. For example, if the attacker only replaces ASCII characters with characters from a single foreign language, the protection fails.

This attack vector, doesn’t affect Internet Explorer, Microsoft Edge, and Safari web browsers fortunately.

On January 20, this bug was reported to Firefox and Chrome. While the fix has landed in Chrome Canary browser. The issue remains unaddressed in Firefox.

Zheng recommends using a password manager to protect your browser. He also advises that users must pay close attention to a site’s URL when entering personal information very carefully.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Hackers announces NSA’s powerful Windows hacking tool

Hackers announces NSA’s powerful Windows hacking tool

Category : Blog

Hackers announces NSA’s powerful Windows hacking tool

Hackers announces NSA’s powerful Windows hacking tool .The Shadow Brokers, a hacking group, who previously stole and leaked a portion of the NSA hacking tools has just released a collection of spy tools that is allegedly used by the National Security Agency online.

On Friday, the group published the exploits that were designed to target vulnerabilities in Windows computers and servers, along with the files and other important documents that contain the details the way agency used to carry out clandestine surveillance.

According to the reports, the Windows hacking tools were used by the NSA to target several banks, including the SWIFT banking system.

On Friday, Microsoft said that they have patched the exploits in previous updates. Windows users are notified and advised to update their software and upgrade to Windows 7 or a newer version.

Hackers announces NSA’s powerful Windows hacking tool

Matthew Hickey, founder of security firm Hacker House said “This is quite possibly the most damaging thing I’ve seen in the last several years, this puts a powerful nation-state-level attack tool in the hands of anyone who wants to download it to start targeting servers.”

It appears that the exploits targeted a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.

Hickey said, “The individual consumer is a little less at risk, as these kinds of tools are targeted at enterprise and business environments“.

A Microsoft’s spokesperson stated to CNN Tech that, “We’ve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products. Customers with up-to-date software are already protected.”

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Five Prisoners hacked prison network

Five Prisoners hacked Prison Network

Category : Blog

Five Prisoners hacked Prison Network

Official Inspector General of the State of Ohio reported a 50-page investigative report of the incident which now came in public domain, that took place back in 2015. It came to know that Five Prisoners hacked Prison Network.

According to the reports, five prisoners from the Marion Correctional Institution (MCI) secretly got hold on two computers, then they hid the computers under the suspended ceiling in the service room, after that they hacked the prison network, and got the opportunity to go into the unauthorised zone and involved themselves in illegal activities on the Internet. All of this became possible just because the prisoners were made to work under the Green Initiative program, in which they were engaged in the recycled different electronics.

Administrators of MCI began to notice something strange in the summer of 2015: an account belonging to one of the contractors of the prison began to exceed the daily quota of traffic. Then similar performance began to show the accounts of other employees, including on weekends, when these employees were absent in the workplace. A few days later, it become worse, these employees began to make attempts to evade the proxies that monitored the traffic.

Administrators’ intuition gave rise to a full-fledged investigation, during which strange activity could be traced to a computer that appears in the report as -lab9-. This name did not fit into the internal naming system at all.

Five Prisoners hacked prison network

Officials of MCI first began to identify in the summer of 2015, when an account of one of the contractors of the prison began to overreach the daily quota of traffic. Then other accounts of the employees started showing the same behaviour.

After all this, administrators’ started a full-fledged investigation, and during which they found out a computer name that did not match the internal naming system at all.

Further investigation, the team found out the suspicious traffic was from port 16 of the switchboard located in the prison, and they discovered out the device in the suspended ceiling. It was a great shock for the employees of MCI to find out two prisoners working on the computers behind the plywood planes of the ceiling illegally.

All the five prisoners were engaged in the recycling of electronics under the Green Initiative program, and they took all the necessary parts for assembling the PC.

Investigators found two detected hard disks: hacking tools, legitimate software, traces of illegal activity.

However, the prisoners were not only interested in “internet-surfing”, they hacked accounts, intercepted prison traffic, and compromised the prison network.

All five hackers were identified, and presently they are serving their sentence in various correctional facilities.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Indian Election Commission throws open challenge

Indian Election Commission throws open challenge

Category : Blog

The  Indian Election Commission throws open challenge to hack its electronic voting machines (EVMs). This step is being taken by different political parties due to some rise of allegation, which claimed that machines used in UP elections only voted for BJP. The opposition parties have also demanded that paper trail of voting should be re-introduced in the future. So Indian Election Commission throws open challenge to them.

The Indian politics scene got tempered due to different kinds of allegations made by the opposition leaders after the Bhartiya Janata Party (BJP) won with an unexpectedly massive mandate in Uttar Pradesh assembly elections. Delhi CM Arvind Kejriwal and former CM of Uttar Pradesh have staged protests against the alleged tampering of electronic voting machines (EVMs) for benefitting BJP in the elections.

The leaders also demanded that the paper trail of voting should be re-introduced in the future elections. For these allegations, the Election Commission of India is planning an open challenge for security researchers, scientists, and political parties in the first week of May.

Indian Election Commission throws open challenge

An official source reportedly said “From the first week of May, experts, scientists, technocrats can come for a week or 10 days and try to hack the machines”.

The source claimed that the challenge will have various levels that one will need to complete within a week or 10 days.

This is not the first time Election Commission of India is making such challenge. The Commission announced a similar program in 2009 and claimed that the machines turned out to be unhackable.

Previously, leaders response to the claims, the Commission rejected the allegations.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Show Buttons
Hide Buttons