Category Archives: Blog

  • 0
UBER Authentication Vulnerability found

UBER Authentication Vulnerability found

Category : Blog

UBER Authentication Vulnerability found that allows anyone to change anyone’s Uber account password without any authentication. Vincenzo C., an Italian security expert who is popular on Twitter as @Procode701, has discovered a critical Authentication Vulnerability in UBER  by which anyone can reset the password for any account.

The company held the Bug Bounty program which was operated by Hackerone where the researcher found the ‘Improper Authentication’ vulnerability.

UBER Authentication Vulnerability found “With an email address for a valid Uber account, it was possible to take over that account because the reset token was exposed in the response of a password reset HTTP request. This meant an attacker could initiate password reset for an account and immediately receive the reset token for that account”, explained by the UBER.

“We consider the security of our user’s data top priority, so we were very interested in this report. Furthermore, @procode701 was a pleasure to work with and we look forward to more reports in the future.”

The vulnerability in the reset password could be exploited to generate an authentication token “inAuthSessionID”, and then anyone could use this to change the password for any account found out by the security expert.

Here is the UBER Improper Authentication flaw,

To change the password for any account you just need to obtain a session token “inAuthSessionID” and then using the standard link that is present in the change password form you can easily change the password.
https://auth.uber.com/login/stage/PASTE SESSION ID <— inAuthSessionID generated through the chaneg password email  /af9b9d0c-bb98-41de-876c-4cb911c79bd1 <– tokenID with no expiration date.
POST /login/handleanswer HTTP/1.1
Host: auth.uber.com
{ “init”: false,
“answer”: {
“type”: “PASSWORD_RESET_WITH_EMAIL”,
“userIdentifier”: {
“email”: “xxxx@uber.com”
}
}
}
Reply
HTTP/1.1 200 OK

{
“inAuthSessionID”: “cdc1a741-0a8b-4356-8995-8388ab4bbf28”,
“stage”: {
“question”: {
“signinToken”: “”,
“type”: “VERIFY_PASSWORD_RESET”,
“tripChallenges”: []
},
“alternatives”: []
}
}

The effect of the vulnerability is very critical. It allow a hackers to access any account and any user’s personal data ( ID Card, banking data, Driver License), including financial one.


  • 0
Hackers Attacked 100 countries using NSA Spying tool

Hackers Attacked 100 countries using NSA Spying tool

Category : Blog

Hackers Attacked 100 countries using NSA Spying tool

A group called the Shadow Brokers using hacking tools leaked a global cyber-attack online believed to have been developed by the US National Security Agency (NSA). This attack is believed to be the biggest cybersecurity attacks in recent history. Hackers Attacked 100 countries using NSA Spying tool.

The malicious software targeted a specific vulnerability in Microsoft software that NSA has identified for its own use in observation stated by the Cyber security experts.

A malicious malware attachments sent by Cyber-extortionists through emails which contain invoices, job offers, security warnings, and other legitimate files.

Hackers Attacked 100 countries using NSA Spying tool

The hackers forced and threatened Companies and organizations around the world to pay $300 or more in ransom. If they don’t listen their words then their computers will be disabled.

Security researchers at Avast said that British hospitals, the Russian government, German railways and big companies like FedEx were among those affected when they were crippled by the ‘ransomware’ that rapidly spread across the globe and infected 75,000 computers in 99 countries.

In Britain, Hospitals and clinics has faced the most disruption as they were forced to turn away patients after losing access to computers.

Security experts said that the malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was identified by the US National Security Agency for its own intelligence-gathering purposes.

Meanwhile hundreds of private users in Taiwan were also struck by the malware, while IT systems at schools and universities in China were infected.

The Barts Health group said that “We are experiencing a major IT disruption and there are delays at all of our hospitals”.

However, recently Microsoft released a security updates to Windows and guidelines for consumers and businesses to protect themselves from such attack.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Urgent Malware Warning Issued by known Mac App developers

Mac App developers Issued Urgent Malware Warning

Category : Blog

Mac App developers Issued Urgent Malware Warning

Mac App developers Issued Urgent Malware Warning. Mac security has been going through some difficult times after the warning from Checkpoint to users regarding a first of a kind Trojan spreading in Europe. The latest malicious problem has been found in one of the most important video transcoding apps for Mac.

The developers of the software Handbrake issued a warning, mentioning that one of the mirror sites to download the software has been compromised. The warning is only for those users who may have downloaded the software between 2nd to 6th May with a maximum chance of being infected.

Mac App developers Issued Urgent Malware WarningOn the mirror server, the installer file download.handbrake.fr (HandBrake-1.0.7.dmg) was replaced by a malicious file, which gives the hacker root access privileges to the system. The malware is a form of OSX.PROTON. In February, Apple had issued an update to XProtect to account for the original Proton. The latest version should automatically download for more users.

Following the process of detection and removal of the malicious malware:

Detection:-

Your device is infected if you see a process called “Activity_agent” in the OSX Activity Monitor application. For instance, if you’ve installed a HandBrake.dmg with the following checksums, you will also be infected:

SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274

SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793

The Trojan in question is a new variant of OSX.PROTON

Removal:-

Open up the “Terminal” application and run the following commands:

launchctl      unload          ~/Library/LaunchAgents/fr.handbrake.activity_agent.plistrm     -rf ~/Library/RenderFiles/activity_agent.appif ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

Then Remove any “HandBrake.app” installs you may have.

Users of Handbrake should be more careful, although primary mirror site and the automatic updater on versions 1.0 or later haven’t been affected. For a safety measure, it is suggested that users should change all passwords stored in any OSX or browser keychains.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0

Employee paid $300,000 for hacking employer

Category : Blog

Employee paid $300,000 for hacking employer

Employee paid $300,000 for hacking employer. Security Specialists, a former private security officer has been told to pay nearly $319,000 in damages for hacking his employer’s payroll records, so that he can fill the number of hours he had worked hard.

The main culprit , Yovan Garcia later hacked the data from the firm’s server and spoiled its website also.

Michael Fitzgerald, the District Judge of California said that the culprit had taken advantages to challengers business by using the stolen the data from the firm’s server.

The company first noticed the flaw with Garcia’s pay records which was in July 2014, after two years he joined the company. In one , they showed he had worked 12 hours per day over a two-week period and was owed 40 hours of overtime pay, when in fact he only worked eight hours per day.

Employee paid $300,000 for hacking employerAccording to the Judge of the Central District Court, without authorisation he had obtained login credentials and accessed the records.

Judge Fitzgerald said: “As a result, defendant Garcia was paid thousands of dollars more in overtime wages than he was really owed.”

He ordered him to pay $318,661.70 to cover the costs as lost income and lost data to Security Specialists.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Retailer Debenhams's Flowers website hacked

Retailer Debenhams’s Flowers website hacked

Category : Blog , Uncategorized

Retailer Debenhams’s Flowers website hacked

Retailer Debenhams’s Flowers website hacked. The news came that Retailer Debenhams’s Flowers website was hacked and up to 26,000 customers, personal data has been compromised.

Department store chain Debenhams has issued a statement on the data breach, revealing payment details, names and addresses were potentially taken , which targeted Ecomnova, a third party e-commerce company that owns and operates the flower and gifting website. Debenhams said it has contacted customers whose data was accessed. While, customers of  Debenhams.com, which is a separate website, have not been affected.

On  24 February , the company noticed the cyber attack for the first time and then again on  11 April from then Debenhams Flowers website is offline.

Retailer Debenhams's Flowers website hackedDebenhams stated, “Our communication to affected customers includes detailing steps that we have taken and steps that those customers should take”.

In an interview with BBC, a spokeswoman has said that they have sent emails to up to 26,000 customers and informed them about the cyber attack followed up with a letter in the post.

Customers who suspect they’ve been the victim of fraud must immediately contact their bank or credit card provider, as well as Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040 or online.

Debenhams chief executive Sergio Bucher said in a statement “As soon as we were informed that there had been a cyber-attack, we suspended the Debenhams Flowers website and commenced a full investigation”.

“We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk” , they said.

The Information Commissioner’s Office (ICO) has already been informed about the incident.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Intel fixed nine year’s old flaw

Intel fixed nine year’s old flaw

Category : Blog

Intel fixed nine year’s old flaw

Intel fixed nine year’s old flaw. Yes, after nine years a flaw was detected and patched by Intel. Intel, one of the world’s largest semiconductor chip makers, has come under fire it’s emerged that the company had sold workstation and server chips with a vulnerability that could give a remote attacker absolute control over the machine.

The bug has affected Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology firmware versions 6.x to 11.6. If exploited, it could give an attacker near-unfettered access to the targeted machine.

Intel fixed nine year’s old flawAMT is a tool that allows an authorized user to remotely manage a machine, giving serial access, with the right drivers. It can offer a remotely experienced desktop. In most cases, AMT requires the user authentication with a password but this vulnerability essentially find a way around that process, giving the keys to the kingdom to anyone with a copy of Metasploit.

If the computer is configured incorrectly network, where network port 16992 is accessible to the outside world, it means that anyone can take advantage of these features at any time sitting anywhere in the world. Even, someone could easily attack it from within the network.

The most troubling part of this matter is the bug – which luckily, is not found in consumer Intel chips – remained undetected for almost nine years. Intel has been selling vulnerable silicon for almost a decade. There must be, quite literally, hundreds of millions of computers at risk.

However for almost nine years, this bug remained undetected and for almost a decade the company has been selling vulnerable chips in the market. So, no one has any idea that how many computers are at risk, there must be hundreds of millions of devices.

Charlie Demerjian, wrote on blog SemiAccurate said, “the short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole”. He added, “even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


  • 0
UIDAI rejects data leak claim

UIDAI rejects data leak claim

Category : Blog

UIDAI rejects data leak claim

On Tuesday (May 02),UIDAI rejected a report about an online leak of Aadhaar numbers and bank accounts linked to them. UIDAI rejects data leak claim which was claimed by a research report.

A research report by a Bangalore-based organization, claimed that almost 13 crore Aadhar numbers have been leaked along with nearly 10 crore bank account numbers, reported the news portal.

The first two belong to the rural development ministry: the National Social Assistance Programme (NSAP)’s dashboard and the National Rural Employment Guarantee Act (NREGA)’s portal.

UIDAI rejects data leak claimThere is no data leak and this particular report does not pertain to UIDAI,” said A B P Pandey, CEO of UIDAI while briefing to one of leading national dailies.

Further, he explained that the Aadhar number could be available but the bio-metric details will not be available and the same is in safe custody. Aadhar number without biometric information is useless, he further explained.

While Aadhaar numbers are available, the biometric information is not. The biometric details are in safe custody. The leaked databases do not pose a real threat to the people whose information is publicly available because the Aadhaar number cannot be misused without biometrics,” said a government official.

Another official said that “Aadhaar number is not confidential just as bank account number which is mentioned in cheque books and shared with a lot of people. The last two months have seen a wave of data leaks, mostly due improper information security practices, from various central government and state government departments.

Today (May 5), Government said that Aadhaar data cannot be leaked as the UIDAI system is foolproof in a controversy over leakage of cricketer M S Dhoni’s personal details on social media.

Minister of State for Electronics and IT P P Chaudhary in the Lok Sabha said “ I would like to inform that there is no question of leakage of Aadhaar data from the Aadhaar system. There is no leakage and it cannot be”.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

Category : Blog

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

It has been revealed through a recent study of an internet communication mechanism common in mobile devices that so-called ‘open ports’ are much more vulnerable to security breaches than expected. App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones.

Open ports are integral pieces of internet infrastructure allows computer programs to accept packets of information from remote servers. These communication mechanisms are routinely used in traditional computers, where they are secure because computers’ Internet Protocol addresses don’t change. An IP address identifies a connected device.

App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones

Hundreds of Android apps on Google Play that help users connect to PCs via Wi-Fi leave some ports open and poorly secured, exposing the device to hackers who can steal private information such as contacts, security credentials and photos, they can remotely control a device, perform a denial of service attack, or inject malicious code that could jumpstart widespread, virus-like attacks”, the researchers say.

All this research was done by a group of researchers from the University of Michigan, who scanned almost 100,000 popular apps on Google Play. Out of which 1,632 apps created open ports mostly to connect to PCs. Out of these 1,632 apps, 410 apps had very weak to no security protection, and 57 apps specifically left ports completely open for hackers to tinker with. They claimed that the most vulnerable among the lot, is an app called Wifi File Transfer, that has as many as 10 million Android downloads and lets user share data across devices and connect to their phones from their computers and has no password or fingerprint authentication to protect the user’s data.

The researchers have advised Android users to update AirDroid to the latest patched version and not to use default pass codes. Vulnerable open port apps should only be launched when needed and after using them, users should be sure to exit them fully through the task manager.

Android users need to remain extra careful when using apps whose functionality is data sharing across devices, proxy/VPN, or enabling the user to control a phone remotely without physically accessing it. Consider using only those created by developers with good reputations,” said Yunhan Jia, a doctoral student in computer science and engineering who is involved in the research.

The developers instantly fixed the bug as soon as the Michigan researchers notified them. However, Wifi File Transfer app makers have failed to acknowledge till date.

The full research paper details half a dozen more apps including PhonePal and Virtual USB that create a backdoor for hackers to exploit.

The researchers say that “the user and Google for that matter is quite helpless in this matter, and developers’ will have to do a lot of work on their end to make their services more safe. For now, its best for users to uninstall all mentioned apps.”

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


  • 0
Google Facebook $100 million email scam found

Google Facebook $100 million email scam found

Category : Blog

Google Facebook $100 million email scam found

The tech companies Google and Facebook have confirmed that they fell victim to a $100 million email scam. It was reported that a Lithuanian man had been charged over an email phishing attack against “two US-based internet companies.” Google Facebook $100 million email scam found

Evaldas Rimasauskas, a 48 years man, was accused of being behind the scam. From 2013 to 2015, he defraud the companies into transfering payments to an account managed by him.

Google Facebook email scam foundWhen he was arrested Google and Facebook were not named as the victims, but 27 April, according to Fortune, an investigation company has confirmed the victims’ are none other than Google and Facebook.

The US Department of Justice said, “fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multi-million dollar transactions with (the Asian) company.

The cybercriminal has since been charged with one count of money wire fraud, three counts of money laundering and one count of aggravated identity theft by the US Department of Justice. He is also accused of forging invoices, contracts, and letters.

Back in March, acting attorney Joon Kim said “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control.”

A spokesperson for Google said, “We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we’re pleased this matter is resolved.

A spokeswoman for Facebook said: “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”

While Facebook and Google have not confirmed and mentioned the amount of money they have lost due to this miserable attack.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 


  • 0
SNMP fault affects online devices

SNMP flaw affects online devices

Category : Blog

SNMP flaw affects online devices

A serious security flaw in the application of the SNMP (Simple Network Management Protocol) allows an attacker to gain control over at least 78 cable modem models. SNMP flaw affects online devices  which gives a green signal to the attackers.

SNMP (Simple Network Management Protocol) is used for automated network device identification, monitoring and remote configuration. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.

It was reported by the security researchers Ezequiel Fernandez and Bertin Bervis that the problem entitle StringBleed vulnerability and tracked as CVE 2017-5135,

SNMP fault affects online devices

The Simple Network Management protocol supports three methods for client authentication and to authenticate requests on remote SNMP devices.  Two of them are affected by the authentication bypass issue.

Versions 1 and 2 of the SNMP protocol do not have strong and powerful authentication to begin with. They provide either read-only or write access to a device’s configuration through passwords called community strings.

The StringBleed vulnerability is an Incorrect Access Control issue, remote attackers could utilize and target the issue to execute code on the vulnerable affected devices and gain full read/write remote permissions using any string/integer value.

The researchers said that “We know there are 3 ways to authenticate the client and requests in the remote SNMP device, SNMP version 1 & 2 use a human-readable string datatype value called “community string” (usually public or private) in SNMP version 3 you have the option to use a user, password and authentication methods. ” 

The researchers used a simple python script to build a “snmpget” request that used the sysDescr OID, then they started scanning the Internet for devices that would respond to the request. The experts were searching for sysDescr OID information provided by the devices in response to requests using test strings like ‘admin’, ‘root’, and ‘user.’

Researchers added a new conversation that “We wrote a simple python script from scratch using sockets in order to build the “snmpget” request, in the request we used the sysDescr OID , if the string value we are testing (admin,root etc etc) is the same stored in the SNMP agent for authentication , we are going to retrieve the sysDescr OID information successfully, is like a kind of “brute force”. After some days of scanning we noticed something weird, some devices/fingerprints were always responding no matter which value we used, so what’s going here???”

The results of the Internet Scan were alarming, an attacker could use random or any value string or integer to authenticate the SNMP agent on the flawed devices.

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Show Buttons
Hide Buttons