Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Featured
Cyber Security Cyber Security awareness Featured

Airtel injecting Scripts into browsers? Will it Affect Your Privacy and Security?


After receiving huge criticism by its Airtel Zero plan, Bharti Airtel, an Indian multinational telecommunications services company, is now being accused of secretly injecting Javascripts, and iframes into the web browser in order to alter the browsing experience.

Thejesh GN, an info-activist and a programmer, published his findings on GitHub according to which Airtel is inserting Javascripts into user browsing sessions.

He said that the iframe tries to insert a toolbar into the browsing experience and that the parent URL of both the iframe and Javascript belongs to Bharti Airtel Bangalore.

He shared the injected script in Github.  The script is trying to inject an iframe pointing to this url "hxxp://223.224.131.144:80/l8/Layer8Servlet". 

However, Airtel has released a statement clarifying that it is building a tool to allow broadband users to get information about the amount of data they have used.

The company said that it developed new tool as non-mobile consumers demanded for easily tracking data usage while using surfing the web.

“Our customers have frequently asked us for ways of easily keeping a track of their data consumption specifically dongle and broadband users, who unlike mobile users, cannot receive real-time alerts on their usage,” Airtel said in a statement to NextBigWhat.

It is said that for an ISP, it is highly unethical to carry out such programs. However, no one has come up with any solution or anything.

In a reddit post, one of the users accused Vodafone of doing the same.

Just a month ago, a user posted the same issue in reddit.
Read more »
Information Security
Cyber Security awareness Information Security

Hackers now target banks’ websites, mobile apps


Hackers from Deep Web, which also known as Deep Net, Invisible Web, or Hidden Web, and the portion of World Wide Web’s content which is not indexed by standard search engines, are now targeting India-based banks’ websites, mobile applications and online services, say cyber security experts.

According to a report published on Deccan Chronicle on 2 June, the hackers are disrupting banking operation by pulling down their websites, mobile applications and online services.
In the last two days, hackers have targeted online banking sites of various banks including City Union Bank (CUB), Tamilnad Mercantile Bank (TMB) and Vijaya Bank.

The new report says that in hit-list of the hackers obtained from onion site on Thursday, they said that they would target a mobile app of a leading private bank. Similarly, it would be the net banking of a nationalized bank.

J. Prasanna, Founder of Cyber Security and Privacy Foundation, told Deccan Chronicle that it could be a planned attack or a technical snag. But the attack hit-list accessed from the Deep Web hackers group indicates that the attack is scheduled.

He pointed out that it looked like an attack but people had to do serious investigation to confirm it. Bank managements often take such issues more seriously than they actually were.

S. Sekar, senior general manager at the CUB, told Deccan Chronicle that the server of the bank was down on Tuesday because of heavy traffic.

He said they were searching for the reason behind the problem. They also contacted the IT service provider.
The TMB was targeted on Wednesday morning by the hackers.

Arun Vasan , IT manager of the bank, told Deccan Chronicle the attack happened at the network level.
Read more »
Malware Report
Malware Report

Linux Moose: A new malware which turns routers into social networks bots

Linux/Moose overview

A  new worm, which is capable of spreading past firewalls, is now targeting routers and modems to boost visibility of profiles on various social networking sites including Twitter, Facebook, YouTube, Instagram, Vine and SoundCloud, researchers said.

Olivier Bilodeau and Thomas Dupuy, security researchers at ESET, an IT security company based in Bratislava, Slovakia, said in a technicalpaper, which was issued on 26 May, that new threat, which is called Linux/Moose, targets consumer routers and modems including the hardware provided by Internet Service Providers (ISPs) to consumers.

The researchers said that the new malware is infecting Linux-based routers and other Linux-based devices to commit social networking fraud in order to ‘like’ posts and pages, ‘view’ videos and ‘follow’ other accounts.

“During our analysis we often asked ourselves, “Why so much effort in order to interact with social networks?” Then we realized that there is a market for follows, likes, views and whatnot. It is pretty clear that this is what is going on here,” the researchers wrote in the paper.

“First, there are attempts at stealing cookies from these sites. However, the cookies cannot be stolen if the traffic is HTTPS and now most of these sites are HTTPS-only, so it’s unclear how effective these attacks are in this respect. Second, attempting to commit fraud upon these sites needs a reputable and disposable IP address,” the researchers added.

“If someone tries to register 2000 twitter accounts from his own IP address this will likely draw attention. To a social network site operator, there is probably nothing more reputable than an IP address behind a well-known ISP. Just the type of network where you can expect to find badly configured consumer routers,” said the researchers.

They said that the task of the malware operators is to increase the number of followers, views and likes on social media websites, which the operators target.

According to the researchers, Moose does not exploit any vulnerability to compromise the device and instead accesses them by trying out weak or default login credentials, like other threats targeting routers. Then it starts scanning for other devices to infect, either on the network or on the Internet.

Moreover, it looks for other nefarious process and terminating the devices activity in order to protect those devices.

The technical paper has revealed that the routers are used to drive traffic to certain social network profiles. An infected device would send more than 500 requests in a day.

The researchers have observed one of the Instagram accounts, which maintained the zero-followers numbers but the number of followers increased from three to 40 in one day.

While the researchers were checking the followers, they found out an account with a large number of fans (3,430). Within a week, the number of followers increased to 11,672.

They also observed that devices from Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL and Zhone were affected by Moose.
Read more »
National Cyber Security
Cyber Army Cyber Security News National Cyber Security

North Korean hackers, now have power to kill

Prof Kim Heung-Kwang, a defector from North Korea who escaped from the country in 2004, has revealed that North Korean hackers have enough control over infrastructure that they could theoretically even kill people.

The Professor revealed this piece of information to BBC and said that North Korea approximately had around 6,000 trained military grade hackers. He has urged international organizations to step in and defuse the threat North Korea's hackers are becoming.

Before defecting from North Korea, Prof Kim taught at the Hamheung Computer Technology University for 20 years in the field of computer science.

Bureau 121, North Korea's hacking unit, has been widely accused of being responsible for recent hacks like the Sony Pictures one that occurred last year.

Many of the attacks of North Korea seem to be focused on their immediate neighbor, South Korea.
Read more »

Hacked emails expose billionaire George Soros as Ukraine puppet-master

Business magnate George Soros, who talked about the about the possibility of another world war in near future, if Washington backed down to China on IMF currency basket inclusion just two weeks ago, is now exposed as the real puppet-master behind the scene in Ukraine by hackers.

Speaking at a Bretton Woods conference at the World Bank on 19 May, Soros, who has never been shy about expressing his opinion about an investment or about geopolitics, said, “If there is conflict between China and a military ally of the United States, like Japan, then it is not an exaggeration to say that we are on the threshold of a third world war.”

However, the hackers from CyberBerkut have exposed the billionaire as the real puppet-master behind the scenes in Ukraine.

“We hacked the server of the Presidential Administration of Ukraine. We found out confidential documents Soros Foundation with the strategy work in Ukraine and fragments of personal correspondence President Poroshenko with George Soros,” the hackers wrote in an email.

“We have already warned of the inadmissibility of the US interference into the affairs of our country. We also repeatedly announced the unacceptability of anti-popular policy of Kiev, which turned Ukraine into the vassal of the USA,” they added.

According to the leaked documents from the email, Soros needed Ukraine only to battle with Russia. That was why he insisted on delivering up-today lethal weapons by the USA and training Ukrainian soldiers abroad.

Similarly, he supported Barack Obama’s stance on Ukraine, but believed that the US should do even more.

Similarly, honored and ex-high ranking military leaders, American General Wesley Clark and his Polish colleague Valdemar Skrzypczak will advise Poroshenko how to restore the fighting capacity of Ukraine.

In the hacked document, Soros advised to create the mirage of struggle against corruption and financial instability for Ukrainian people. Although he agreed Ukraine to be on the edge of catastrophe, its financial system was crippled, reserved were exhausted and Hryvnia, was backed by nothing.

The hackers claim that they obtained correspondence between Soros and Ukraine’s President Petro Poroshenko by hacking Ukraine’s presidential administration website.

They have put three files online, which include a draft of “A short and medium term comprehensive strategy for the new Ukraine” by Soros on 12 March 2015,  a paper on military assistance to Kiev without any date and the his letter to Poroshenko and Ukraine’s Prime Minister Arseny Yatsenyuk, dated December 23, 2014.

Soros said in the email that the Western backers wanted Kiev to restore the fighting capacity of Ukraine without violating the Minsk agreement.

Soros, who believes that it’s up to the EU to support Kiev with financial aid, said, “Europe must reach a new framework agreement that will allow the European Commission to allocate up to $1 billion annually to Ukraine.”

Soron warned Poroshenko that the new Ukraine is literally on the verge of collapse due to the national bank’s lack of hard currency reserves.


As per the leaked document, it is believed that the billionaire has been in constant touch with the authorities in Kiev and consulting them.
Read more »
hacker news
hacker news

Hackers steal $24k from Mahwah businessman’s bank account

After big corporations and the government agencies, hackers are now targeting individuals. The hackers stole $240,000 from a local businessman’s bank account in Mahwah by hijacking his phone number.  

According to a report published on CSB New York, at first, the hackers followed and observed the local businessman and gained enough his personal information to convince his bank to wire $240,000 overseas.

Chief of Police James Batelli said that the phone number of the businessman had been hijacked so when the bank called to verify the hackers answered. However, the bank did not get a clue that it was talking to the hackers overseas.

“That is call forwarded to Brussels and the person on that end answers all the proper security questions, which was social security numbers, mother’s maiden name, hospital they were born in; and the bank thinks they’re talking to the person authorized to allow that transfer to go through,” said Batelli.

Batelli said that in order to protect personal information, people should regularly change their security questions.
Read more »
Vulnerability
Breaking News Insecure direct object reference Vulnerability

Privacy bug found in Gaana.com allows hackers to access your details


A Privacy bug was found in the largest Indian online music streaming service Gaana website, which allowed access to private details of users including the date of birth.

A Security researcher Avinash, found an Insecure direct object reference vulnerability, and reported it to the Gaana.com. Gaana.com fixed the bugs after three weeks.

Avinash said a bug in an Internal API gave him access to 11 Million records.  A simple HTTP Get request with the corresponding User ID is enough to get their details.

The researcher said he was able to access full name, profile picture, email address, date of birth and last song they listened on Gaana. 

In his blog post, he wrote “ On 12th of May I had discovered a vulnerability on Gaana.com. I contacted their team and it was fixed recently.”

When EHN contacted the author about why the original article has been removed from the blog by the author. He replied that "he removed it after getting a request from Gaana.com."

You can find the cached version of the Blog post in Google Cache
Read more »
Hacking News
Hacking News

Japan Pension System hacked, millions of personal data leaked

 The personal data of more than one million Japanese citizens have been obtained by hackers, Japan Pension Service (JPS), an organization which manages Japan’s universal public pension system, said on Monday.

Toichiro Mizushima, president of Japan Pension System, told in a news conference that the Japan Pension Service staff computers were accessed by an external email virus, which led to the leak of almost 1.25 million cases of personal data.

During the conference, he apologized for the leak. He said that the combinations of names, identification numbers, birth dates and addresses of the Japanese citizens had been compromised.

“The organization is setting up a team to investigate the cause and prevent a recurrence,” Mizushima said.

According to a news report broadcasted on NHK public television, Abe said, "These are the people's vital pensions. I have instructed Health and Welfare Minister (Yasuhisa) Shiozaki to consider the pension recipients and do everything possible,"

Shiozaki also apologized in the conference for failing to prevent the personal data from the hackers. He had instructed the Japan Pension Service to set top priority on protecting the public's pensions.
Read more »
IT Security News
IT Security News

A Bug allows anyone to crash the iPhone with a Message

(pc- Google images)
A new bug in the latest version of iOS shows a string of Arabic characters and symbols in a special text message which is followed by the crashing of the phone.

(pc- Google images)
It affects the Messages App so much so that the lines of the message after being copied and texted to another iPhone, shuts it off as well.

Affecting iOS 7 and iOS 8 now, it is due to the banner notifications processing the Unicode text using CoreText API.

This susceptibility of the iPhone to stop working can happen in any mode; but in Jailbreaking iOS, it enters into the safe mode.

The only patch to this vulnerability is to send a photo or text to the original dispatcher with the help of the share sheet in another app.

The Reddit website has been flooded with comments after the recent attack of the malicious iMessage on their iPhones.
Read more »
IT Security News
Cyber Security News IT Security News

Megaupload domains serve malware and scam ads to website visitors


Three years ago, the US government had seized several Megaupload domains that are now directing visitors to malware scams and ads.The domains namely Megaupload[dot]com and Megavideo[dot]com are being exploited by cybercriminals to supply malware and carry out scams.

Seized back in January 2012, the trial and hearing have been delayed since the New Zealand police raided the mansion of Kim Dotcom in Auckland and closed the online file locker storage website. US officials still hope that New Zealand will hand over him and his colleagues.

The domains redirect people to a Zero-Click advertising feed which feeds malicious links to malware installers and other malicious ads.

Many of these redirects try to trap the visitors with the chance of winning iPhones for cheap. One of the malicious ads serves as the link to a false BBC article, offering the iPhone 6 for only £1.

It is said that the reason behind the exploitation of the domains is the failure of the FBI cybercrime unit in controlling the main nameserver, which was previously registered to the Cyber Initiative and Resource Fusion Unit (CIRFU).


CIRFU.biz, the domain name for Megaupload.com, points to a server in The Netherlands hosted by LeaseWeb; and the domain CIRFU.net lists Syndk Media Limited as the registrant.

It seems that Megaupload and Megavideo are serving malicious ads run by the third party as the domain used as a nameserver by the Department of Justice has either expired or taken over via other means, and is no longer a part of the Government.

“With U.S. Assistant Attorney Jay Prabhu the DOJ in Virginia employs a guy who doesn’t know the difference between civil & criminal law. And after this recent abuse of our seized Mega domains I wonder how this guy was appointed Chief of the Cybercrime Unit when he can’t even do the basics like safeguard the domains he has seized,” Megaupload founder Kim Dotcom commented.

“Jay Prabhu keeps embarrassing the U.S. government. I would send him back to law school and give him a crash course in ‘how the Internet works’,” Dotcom adds.

Apart from these domains, various poker sites seized previously, naming absolutepoker.com and ultimatebet.com also are linked to malicious content now.
Read more »
Malware Report
Android Malware Malware Report

Fake Minecraft game apps trick users into activating a premium-rate SMS subscription



Google Play store has over 30 scareware application available for download as a cheat for the Minecraft game, more than 600.000 Android users have installed it.

The malicious applications was discovered by ESET Mobile Security. According to the  security website, “all of the discovered apps were fake, in that they did not contain any of the promised functionality and only displayed banners that tried to trick users into believing that their Android system is infected with a “dangerous virus”. Users were then directed to remove viruses by activating a premium-rate SMS subscription that would cost them 4.80 EUR per week.”

The apps were uploaded by different developer account, but there was no difference in their functionality, the only difference is in the names and icons of the applications.

The app has  only three buttons  – Start, Options, Exit. After installing the app, the whole screen is covered by flashy advertisement , and the language of the advertisements are based on geographic location.

Clicking on any of the buttons or on the numerous banners will lead to an alert window  saying that your device is infected by virus and need attention, and giving you many options to remove it.

Researcher Lukas Stefanko, ESET, wrote “The scareware prepares an SMS in the system default SMS application. The text of the SMS appears as an activation of the antivirus product. The application does not have permissions to send the SMS itself and solely relies tricking the user to do it manually by social engineering. If the user falls for the scam, it will cost him 4.80 € per week.”

To avoid downloading any kind of malicious apps, refrain from downloading apps from unofficial sources and keep security software on your Android up to date.
Read more »
Subscribe to: Comments (Atom)