Category Archives: Blog

  • 0
RSAT

RSAT Will Automatically Be Reinstalled After New Updates in Next Windows 10 Version

Category : Blog

RSAT

(RSAT) Remote Server Administration Tools enables IT administrators to remotely manage roles and features in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008, and  Server 2008 R2 from a computer that is running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.

RSAT allows administrators to run snap-ins and tools on a remote computer to manage features, roles and role services.

 

RSAT

 

RSAT Will Automatically Be Reinstalled After New Updates in Next Windows 10 Version

RSAT is a tool that allows administrators to manage Windows Server from a remote computer running Windows 10. For some time, Administrators have been complaining that when you install a new upgrade of Windows 10, the installed Remote Server Administration Tools would be removed. This is because each version of RSAT is tied to a particular version of Windows and thus you need to download and install the correct version for it to work properly.

In Windows Insider Preview build 17682, Microsoft has made the Remote Server Administration Tools (RSAT) an on-demand software feature. What this means is that once you install RSAT in Windows 10, it will be automatically reinstalled when you install a future operating system update.

Once it is installed as a feature, Windows 10 will automatically reinstall it after you upgrade to another version of the operating system.

 

Windows 10

 

Configuring Remote Server Administration Tools (RSAT) Through Optional Features:

In the future, to set up RSAT as an on-demand software feature, admins can go into the “Manage optional features” settings as shown below. To access this screen, just search for “optional features”.

To add the feature click on the “Add a feature” button. Microsoft will then build a catalog of available features, which may take some time, so please be patient.

Once you install an RSAT tool using this method, it will always be reinstalled when Windows 10 is updated in the future.

As this is currently a new feature in the latest Windows Insider build 17682, you will not see it in the current version of Windows. If you wish to test this feature, you can sign up as a Windows Insider and install the latest build.

 

Server Administration Tools

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 

 


  • 0
OMB

OMB Releases Damning Report on U.S. Govt’s Inability to Counter Cyber Threats

Category : Blog

OMB Releases Damning Report on U.S. Govt’s Inability to Counter Cyber Threats

OMB (Office of Management and Budget) oversees the implementation of the president’s objectives in the areas of policy, budget, management and regulation. To that end, the recent government-wide cybersecurity risk assessment, carried out by the OMB, in coordination with the Department of Homeland Security (DHS), highlights several serious issues that continue to imperil federal cybersecurity and ultimately put the nation at risk.

The risk report examined federal agencies’ ability to, “identify, detect, respond, and if necessary, recover from cyber intrusions, in accordance with Executive Order 13800.

The OMB and DHS found that 71 of 96 agencies have cybersecurity programs that are either at risk or high risk. The OMB and DHS assessed the performance of 96 agencies across 76 metrics and identified the four core actions they deemed necessary to address cybersecurity risks across the Federal enterprise.

 

OMB

 

Increase cybersecurity threat awareness among Federal agencies by implementing the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks

Thirty-eight percent of federal cyber incident reports lacked an identified attack vector, which means that in roughly 4 out of 10 cyber incidents, it was not known who the attacker was. And, in terms of bolstering communication of cyber risks, just 59 percent of agencies reported having processes in place to communicate cyberrisks across their enterprises.

 

Cyber Threat

 

 

Standardize IT and cybersecurity capabilities to control costs and improve asset management

The report acknowledged that, “an agency’s ability to mitigate security vulnerabilities is a direct function of its ability to identify those vulnerabilities across the enterprise. Agency risk assessments show that this issue becomes more complex in federated agencies, where there are not standardized procedures or technology across the organization is lacking.

Phishing was also addressed, as phishing attacks remain one of the most common attack vectors across both government and industry. The report notes that standardizing and consolidating email at the enterprise level is an important element of the strategy to secure users. But, some federal agencies report having several, separately managed email services inside their agencies. One agency listed 62 separately managed email services used by its staff, which would make it virtually impossible to track and inspect inbound and outbound communications across that agency.

 

cybersecurity

 

Consolidate agency Secure Operations Centers (SOCs) to improve incident detection and response capabilities

A measly 27 percent of agencies reported having the ability to detect and investigate attempts to access large volumes of data. The assessment points out that the current situation is untenable, as agencies lack both the visibility into their networks to determine the occurrence of cybersecurity incidents and the ability to minimize the impact of an incident if one is detected.

 

SOC

 

Drive accountability across agencies through improved governance processes, recurring risk assessments, and OMB’s engagements with agency leadership

With only 16 percent of agencies compliant with the government-wide goal of encrypting data at rest, one of the conclusions arrived at in the report is that there is a lack of accountability for managing risks.

In fact, many have voiced concern over the decision to eliminate these roles and have warned that it will lead to a lack of unified focus against cyber threats.

 

Cyber

 

Conclusion

The report concludes by stating that, “at a time when our reliance on technology is becoming greater and the Nation’s digital adversaries are growing more adept, we must ensure that the Federal Government can secure citizens’ information and deliver on their core missions.”

Next on the agenda, for the OMB, is taking the necessary actions to “implement the Cybersecurity Threat Framework, standardize IT capabilities and tools, consolidate or migrate SOC operations, and drive accountability for cybersecurity risk management across the enterprise.” And, the agency will continue to coordinate with its cross-agency partners, including DHS, NIST and GSA, to ensure that agencies are aware of expectations and available resources. The OMB will also work through the Federal CIO and CISO Councils to ensure that the federal government is moving forward towards improved cybersecurity outcomes.

 

report

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


  • 0
Ticketfly

Ticketfly Temporarily Shuts Down to Investigate Hack

Category : Blog

Ticketfly Temporarily Shuts Down to Investigate Hack

Ticketfly is a ticket distribution service started in 2008 in San Francisco, California. Andrew Dreskin is the CEO of the company, previously co-founded the company Ticketweb, which is now owned by Ticketmaster. It grossed $500 million in 2013, processing 11.2 million tickets for more than 80,000 events across Canada and the United States.

Hackers have targeted Ticketfly, forcing the Eventbrite-owned ticketing service to temporarily go offline. The move affects both it’s own website and the sites of venues hosting on its servers, including Brooklyn Bowl, Merriweather Post Pavilion, the 9:30 Club, and more. Those sites currently return a “502 bad gateway” error. Earlier today, the sites featured a message from the hacker, threatening a data leak.

 

 

User data briefly available online

It’s admins did eventually discover the hack, but before they took down the defacement message and put the site in maintenance mode, a user also noticed that many CSV files containing user data were also freely accessible via one of the site’s URLs.

Since then, that URL has been taken down, and the data is not accessible anymore. Furthermore, Ticketfly replaced the original maintenance message with one admitting to the hack (image above).

“Following a series of recent issues with Ticketfly properties, we’ve determined that it has been the target of a cyber incident,” the message now available on it’s homepage reads.

The site’s abrupt downtime caused issues with bars and event organizers selling tickets through the Ticketfly service. Users can’t buy tickets either, as all Ticketfly servers are now down.

 

Data

 

Hacker asking for a 1 Bitcoin ransom

The hacker behind the Ticketfly defacement and database theft is named IsHaKdZ. Zone-H, a website that archives site defacements includes entries attributed to this nickname going back as far as 2010, albeit it is unclear if it’s the same hacker or someone who is misusing an older pseudonym.

IsHaKdZ also left an email address on the defaced website, but the hacker did not respond to a request for comment on the hack before this article’s publication.

But the hacker did reply to a CNET reporter, revealing that he asked Ticketfly to pay a 1 Bitcoin ransom to not release the site’s data online. It did not confirm the ransom demand.

 

Hacker

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


  • 0
Jacascript

Remote Code Execution Vulnerability Disclosed in Windows JavaScript Component

Category : Blog

JavaScript Component of Windows found Remote Code Execution Vulnerability

JavaScript (/ˈdʒɑːvəˌskrɪpt/), often abbreviated as JS, is a high-level, interpreted programming language. It is a language which is also characterized as dynamic, weakly typed, prototype-based and multi-paradigm.

JavaScript enables interactive web pages and thus is an essential part of web applications. The vast majority of websites use it, and all major web browsers have a dedicated JavaScript engine to execute it.

A vulnerability exists in the Windows operating system’s JavaScript component that can allow an attacker to execute malicious code on a user’s computer.

Responsible for discovering this bug is Dmitri Kaslov of Telspace Systems, who passed it along to Trend Micro’s Zero-Day Initiative (ZDI), a project that intermediates the vulnerability disclosure process between independent researchers and larger companies.

ZDI experts reported the issue to Microsoft back in January, but Microsoft has yet to release a patch for this vulnerability. Yesterday, ZDI published a summary containing light technical details about the bug.

 

JavaScript

 

JavaScript bug leads to RCE

According to this summary, the vulnerability allows remote attackers to execute malicious code on users’ PCs.

Because the vulnerability affects the JavaScript component (Microsoft custom implementation of JavaScript), the only condition is that the attacker must trick the user into accessing a malicious web page, or download and open a malicious JS file on the system (typically executed via the Windows Script Host —wscript.exe).

“The specific flaw exists within the handling of Error objects in JScript,” ZDI experts explained. “By performing actions in [Javascript], an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.”

“Due to the sensitivity of the bug, we don’t want to provide too many technical details until a full fix from Microsoft is available,” Brian Gorenc, director of Trend Micro’s Zero Day Initiative, told Bleeping Computer in an email today.

 

vulnerability

 

 

Flaw does not lead to full system compromise

Gorenc told us the vulnerability is not as dangerous as it sounds, as it does not allow a full system compromise.

“The flaw only allows code execution within a sandboxed environment,” Gorenc said. “An attacker would need additional exploits to escape the sandbox and execute their code on the target system.”

The vulnerability has received a 6.8 rating out of 10 on the CVSSv2 severity scale, which is a pretty high score, when compared to most vulnerabilities.

 

Flaw

 

Microsoft is working on a patch

According to Gorenc, a patch is coming. “To the best of our knowledge, Microsoft does still intend to release a fix for this bug. However, they did not complete the fix within the timelines set out in our disclosure policy.”

ZDI usually gives companies 120 days to patch reported flaws before they go public with their advisories. According to a timeline of Microsoft’s replies, the OS maker had a hard time reproducing the proof-of-concept code needed to trigger the vulnerability, losing around 75% of the 120 disclosure timeline, leaving its engineers little time to put together and test a patch in time for May’s Patch Tuesday.

While Microsoft did not provide an exact timeline of when it plans to roll out a patch, a spokesperson confirmed they are working on a fix.

 

ZDI

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


  • 0
Router

Reboot Your Router to remove VPNFilter

Category : Blog

Router reboot to remove VPNFilter

Router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. A data packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.

After it was reported that the VPNFilter botnet consisting of over 500,000 routers and NAS devices was taken over by the US government, the FBI issued an advisory stating that users should reboot their routers in order to disrupt the malware.

Unfortunately, as shown by the five phone calls I received today, many people heard the reboot part, but did not read the rest of the recommendations of turning off remote administration, changing passwords, and upgrading to the latest firmware. One step that was not mentioned is the fact that the only way to truly remove VPNFilter is to reset the router to factory defaults.

 

Router

 

What is VPNFilter?

VPNFilter is malware that targets routers and NAS devices in order to steal files, information, and examine network traffic as it flows through the device. When the malware is installed, it will consist of three different stages, with each stage performing specific functions.

Stage 1 is installed first and allows the malware to stay persistent even when the router is rebooted.

Stage 2 allows the attackers execute commands and steal data. This stage also contains a self-destruct ability that essentially makes the router, and thus your network connection, non-functional.

Stage 3 consists of various plugins that can be installed into the malware that allow it to perform different functionality such as sniff the network, monitor SCADA communication, and to communicate over TOR.

For this reason, the FBI has suggested that everyone reboot their router in order to disable Stage 2 and Stage 3 and to also allow the FBI to get a list of infected victims and the types of routers that are affected.

 

VPNFilter

 

Routers that are known to be affected by VPNFilter

According to reports from Cisco, Symantec, and the Security Service of Ukraine, the affected routers are:

  • Linksys E1200
  • Linksys E2500
  • LinkSys WRVS4400N
  • Mikrotik RouterOS Versions for Cloud Core Routers: 1016, 1036, 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software;
  • TP-Link R600VPN

While the above are the currently known routers that can be infected with VPNFilter, there is no guarantee that they are the only ones. Therefore, everyone should follow the below recommendations to harden and secure their routers regardless of the make and manufacturer.

Linksys

 

Will rebooting the router really remove the VPNFilter infection?

The short answer is yes and no. Rebooting the router will unload the Stage 2 and Stage 3 components of VPNFilter, but Stage 1 will start again after the router reboots. So while the most malicious components will be disabled, VPNFilter will still be present on your device.

The only real way to fully remove this infection is to reset your router back to factory defaults, which will also reboot the router. Unfortunately, this process will require you to setup your router again, add an admin password, and setup any wireless networks that are configured.

 

Rebooting

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


  • 0
Cobalt

Cobalt Hacking Group Still Active Despite Leader’s Arrest

Category : Blog

Cobalt Hacking Group Still Active Despite Leader’s Arrest

Cobalt hacker group that’s specialized in stealing money from banks and financial institutions has remained active, even launching a new campaign, its leader’s arrest in Spain two months ago.

Cobalt is still active: its members continue attacks on financial organizations and other companies worldwide,” said Dmitry Volkov, the Chief Technical Officer of Group-IB, the company who detected this new Cobalt operation.

This new campaign was set in motion last week, May 23, when the company’s security experts discovered one of Cobalt’s phishing emails, aimed at banks in Russia and other former Soviet states.

 

Cobalt

 

Campaign disguised as fake Kaspersky security alerts

According to a report that Group-IB plans to release tomorrow but shared with Bleeping Computer, this spear-phishing email was designed to look like a security alert sent out by fellow Russian cyber-security firm Kaspersky Lab.

Victims were urged to access a link to read and answer to a complaint that Kaspersky received about an alleged criminal act supposedly committed by the victim.

The spear-phishing email was an obvious ruse to lure users on a malicious site where they’d be infected with the CobInt trojan, Group-IB says.

CobInt is a malware strain that was historically used only by the Cobalt group, a clear indicator that the rest of the Cobalt members weren’t deterred or phased by their leader’s arrests, and appear to have no plan of stopping from hacking banks any time soon.

 

security

 

Group returns to targeting Russian banks

Furthermore, the group looks to have returned to attacking Russian banks, after focusing their recent efforts on other Eastern European targets.

Group-IB says that previous attempts to rob Russian banks had been recorded in December 2017, more than five months ago.

The Cobalt Hacking group is known for silently infiltrating bank networks through individual employee accounts, and infecting other computers on the local network until they find a PC that controls financial transactions.

The group, in spite of its leader’s arrest, still remains a force to be reckoned with, and one of the most successful hacker groups known to date. Security experts and law enforcement officials estimate the group made more than €1 billion ($1.16 billion), with a hack average of €10 million ($11.6 million) per heist.

 

Group

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


  • 0

Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Category : Blog

Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Oracle is one of the largest vendors in the enterprise IT market and the shorthand name of its flagship product, a relational database management system (RDBMS) that’s formally called Oracle Database.

Oracle plans to drop support for data serialization/deserialization from the main body of the Java language, according to Mark Reinhold, chief architect of the Java platform group at Oracle.

Serialization is the process of taking a data object and converting it into a stream of bytes (binary format), so it can be transported across a network or saved inside a database, only to be deserialized later and used in its original form.

Because of its convenience, a large number of high-level programming languages support the feature but nowhere has it been more of a headache than in Java, where it’s been at the heart of a constant stream of security flaws.

 

Oracle

 

Reinhold: Serialization was a “horrible mistake”

Reinhold says the Java team is currently working on dropping serialization support for good from the language’s main body, but still provide developers with a plug-in system to support serialization operations if needed via a new framework.

There’s no set date or Java version when Oracle plans to drop serilization, Reinhold said.

But until Oracle does this, companies and project leads that don’t want a developer or a rogue module calling serialization/deserialization functions can prevent this via a “serialization filter” that was added in Java back in 2016, and which will block these operations altogether.

 

Reinhold

 

The serialization/deserialization security problem

Attacks via serialization/deserialization operations have been known for years, in a form or other, but they became everyone’s problem in early 2015 when two researchers — Chris Frohoff and Gabriel Lawrence — found a deserialization flaw in the Apache Commons Collection, a very popular Java application. Researchers from Foxglove Security expanded on the initial work in late 2015, showing how an attacker could use a deserialization flaw in Java applications where developers have incorrectly used the Apache Commons Collection library to handle deserialization operations.

The flaw rocked the Java ecosystem in 2016, as it also affected 70 other Java libraries, and was even used to compromise PayPal’s servers. Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products.

While Java serialization/deserialization security issues were known for a long time, the 2015 Java Apocalypse served as a wake-up call for many companies, and the Java community as a whole, who started paying more attention to how they serialize and later deserialize data.

 

java

 

Serialization bugs have been a big problem for Java

Reinhold told InfoWorld that serialization issues could be very easily responsible for a third or even a half of all known Java flaws.

His assessment is most likely correct. For example, Oracle’s January 2018 security updates fixed 237 vulnerabilities, of which 28.5% addressed unsafe deserialization operations.

The issue is also very widespread across companies. A ShiftLeft report revealed numerous serialization/deserialization flaws across a large number of SaaS vendor SDKs. While Oracle is addressing the issue in Java, serialization also affects other programming environments like .NET, Ruby, and others, where the issue remains dormant.

 

Serialization

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


  • 0
Encryption

Researchers Bypass AMD’s SEV Virtual Machine Encryption

Category : Blog

Encryption of AMD’s SEV Virtual Machine Bypass by Researchers

Encryption is the process of using an algorithm to transform information to make it unreadable for unauthorized users. This cryptographic method protects sensitive data such as credit card numbers by encoding and transforming information into unreadable cipher text. This encoded data may only be decrypted or made readable with a key. Symmetric-key and asymmetric-key are the two primary types of encryption.

Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD’s Secure Encrypted Virtualization (SEV), a safety mechanism designed to encrypt the data of virtual machines running on servers with AMD CPUs.

The research team says their attack, which they named SEVered, is capable of recovering plaintext memory data from guest VMs running on the same server as the VM that’s under attack.

 

Encryption

 

SEVered attack can recover data from encrypted VMs

“By repeatedly sending requests for the same resource to the service while re-mapping the identified memory pages, we extract all the VM’s memory in plaintext,” researchers said in their paper, entitled “SEVered: Subverting AMD’s Virtual Machine Encryption.”

The attack is successful because the VM stores some of its data inside the main RAM memory, and “the page-wise encryption of main memory lacks integrity protection.” This allows an attacker to map out the entire memory and then requests parts used by other nearby VMs, of which the attacked guest VM shouldn’t be able to access, let alone in plaintext.

During tests of their attack, researchers said they were able to retrieve a test server’s entire 2GB memory, including data from a guest VM.

Researchers achieved the best results by bombarding Apache and nginx with repeated requests, retrieving memory data at a speed of 79.4 KB/sec, while an attack on OpenSSH was slower, retrieving data at only 41.6 KB/sec.

A severe limitation that reduces the attack feasibility is the fact that an attacker needs to modify a server’s hypervisor to carry out a SEVered attack, something that may be out of the reach of some intruders renting a guest VM if the server is kept up to date with security patches.

 

SEVered

 

SEVered attack works even on VMs under a high load

The research team also added that their SEVered attack isn’t hindered by maxed out servers, being able to retrieve memory data even when the targeted VM is under a high load.

The team’s work was showcased last month at the 11th European Workshop on Systems Security, held in Porto, Portugal.

For their test rig, researchers used an AMD Epyc 7251 processor, an AMD CPU meant for data centers, released in June 2017.

 

attack

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


  • 0
Firmware

Malware Found in the Firmware of 141 Low-Cost Android Devices

Category : Blog

Firmware of 141 Low-Cost Android Devices holds Malware

Firmware is a software program permanently etched into a hardware device such as a keyboards, hard drive, BIOS, or video cards. It is programmed to give permanent instructions to communicate with other devices and perform functions like basic input/output tasks.

Two years after being ousted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.

News of this group first surfaced after a report in December 2016, when Russian antivirus vendor Dr.Web disclosed that a mysterious threat actor had found a way to penetrate the supply-chain of several mobile carriers, infecting phones with malware.

At the time, experts said they found malware in the firmware of at least 26 low-cost Android smartphone and tablets models. Once ousted, Dr.Web hoped crooks would pack up and move on to another operation.

 

Firmware

 

Crooks expand operations and infect more devices

But in a report released yesterday, cyber-security firm Avast says the group has never ceased operations and has continued to poison the firmware of more and more devices, growing their operation many times over.

Avast published a list of over 140 Android smartphones and tablets on which it says it found the group’s malware —which they named Cosiloon.

Comparing the Dr.Web and Avast reports, the malware doesn’t seem to have received any updates and still operates in the same manner.

It runs from the “/system” folder with full root rights, and its main role is to connect to a remote server, download an XML file, and then install one or more apps mentioned in this document.

Because the malware ships as a firmware component, it can easily grab any app crooks tell it to and install it without any user interaction.

In almost all cases, the apps the malware installs are used solely to display ads on top of other apps or the Android interface itself.

Crooks are obviously interested in generating revenue via ads alone, and no other shady behavior has been seen. The only times the malware won’t download additional apps is when the device’s language is set to Chinese, when the device’s public IP address is also from a Chinese IP range, and when the number of locally installed apps is below three (indicating a test/scan environment).

While it appears the group may be operating out of China because it avoids infecting Chinese users —hence avoid law enforcement attention—, Avast has not yet been able to fully determine this fact.

 

Crooks

 

Infection point remains unknown even after two years

The cyber-security firm says it has had a hard time tracking when the malware is inserted in the firmware of these devices. There are too many mobile carriers and smartphone vendors affected to pin the blame on one of them.

Infected devices have been found in over 90 countries, and the only common component between them is that they all use a Mediatek chipset.

But MediaTek can’t be blamed either, as not all devices from an affected smartphone model are infected with the malware. If one of the MediaTek firmware components would have harbored the malware, then all devices for a specific model would have been affected, not just a handful.

This means the group is opportunistic and infects devices at random, as it finds a window during which it can poison their firmware.

For now, Avast says it managed to take down the group’s command-and-control server for a small period of time, but because the domain registrar hasn’t intervened to invalidate the group’s domain name, the group simply switched to another hosting provider.

 

Mediatek

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


  • 0
Cryptocurrency

Cryptocurrency Verge Network Falls Victim to Same Attack Even After Hard-Fork

Category : Blog

Cryptocurrency Verge Network Falls Victim to Same Attack Even After Hard-Fork

Cryptocurrency is a digital or virtual currency that uses cryptography for security. It is difficult to counterfeit because of this security feature. A defining feature of it, and arguably its most endearing allure, is its organic nature; it is not issued by any central authority, rendering it theoretically immune to government interference or manipulation.

Cryptocurrency Verge has suffered what executives are claiming is a DDoS attack. The platform is experiencing a serious delay in its blockchain, which has led to security concerns amongst users and worries about the currency’s stability.

The attack took place on Tuesday, May 22, and lasted only for a few hours. During this interval, the hacker used an exploit to alter normal timestamps of mining operations and allow himself to mine XVG coins to the detriment of other users who had their legitimate mining operations delayed or wasted.

 

Cryptocurrency

 

Hacker bypassed previous patches

Following the April attack, the Verge development team hard-forked the entire cryptocurrency’s source code to patch the flaw exploited by the attacker and reverse his gains.

But according to several users knowledgeable of the Verge source code, the attacker found a way around the hard-fork’s patch and launched a similar attack.

“Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions,” said a user on the BitcoinTalk forums, the same one who analyzed the April attack.

The Verge dev team didn’t appear to recognize the attack, in the beginning, calling it a DDoS on mining pools.

Nonetheless, once it became clear what was going on, developers started working on a patch once more. It is unclear if the Verge team plans to hard-fork the cryptocurrency’s source code to reverse the effects of the illegal mining like it did in April.

 

Verge

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Show Buttons
Hide Buttons