Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Security Updates
Network Security News Security patches Security Updates

Microsoft provides urgent security fix for Windows

Microsoft has recently provided a security fix for its Windows operating systems to plug a lapse in security that allowed hackers access to a victims computer.

Microsoft has said that the vulnerability present in their operating system would have allowed a hacker to gain complete access to an affected computer.

The vulnerability is present in Windows Vista, Windows 7, Windows 8 and 8.1 and Windows RT. These operating systems represent two out of three computers in the world that run a Microsoft operating system.

The company had previously provided an update like this in November 2014 also.

The flaw is said to exist in the final version of Windows 10 also that will be available to users from July 29.

The security fix will be done through Windows Update
Read more »
Web Application Vulnerability
Vulnerability Web Application Vulnerability

Valve fixes a bug which allowed hackers to access its users account

Valve’s Steam, an American video game development and digital distribution company headquartered in Bellevue, Washington, United States which has millions of accounts all over the world, has fixed a loophole which could allow an attacker easily take over an arbitrary account by using account's username.

According to a report published in Master Herald, a flaw in the Steam’s password recovery feature was the reason behind the exploitation. As per a demonstration in a video posted on YouTube, the feature sends a recovery code to the registered e-mail address linked with the account. The code needs to be entered on a form through the Steam website.

However, the attacker could skip that code entry step, leaving the recovery code area blank, and have full access to the password change dialog. Although, the company has fixed the loophole, the vulnerability had done a lot of damages many users’ account.

“Now, the users, who actively trade on the Steam Market, are worried as they think their accounts have been compromised.

However, it is said that the Valve hasn’t commented on the situation yet.

The company has urged its users to keep an eye on their e-mail accounts. If an e-mail related to password recovery is received, the user should definitely not ignore it, and proceed to verify that their account is still accessible.

It is important to note that the information contained in the e-mail itself is not necessary to carry out the attack.


“Receiving this e-mail is simply a sign that the user is being targeted with the attack. However, some have reported that even changing their password has been ineffective, as the hackers are able to simply keep resetting it over and over again, and there was no good way to stop them,” the report added.
Read more »
Security News
Breaking News Cyber Security Cyber Security awareness Security News

Creepy Voice that you heard from Your Baby Monitor is not of a Ghost


Beware of the cameras connected to the Internet or the security cameras and monitoring as these systems can be easily hacked by the hackers. It camera hacking has become a serious issue now as of the potential for unauthorized people to make video recordings.

Ontario Provincial Police (OPP) issued a warning on Wednesday reminding people that these systems can be susceptible to hackers because many have an option to be used remotely enabled by default after a family from southwestern Ontario witnessed on July 7 a baby monitor watching their young child when it suddenly began playing music and a voice said they were being watched.

According to Liz Melvin, the OPP Const, the child was about to sleep in the nursery when the camera was remotely activated.  


“The camera played some eerie music and a voice could be heard indicating the parent and child were being watched,” Melvin told National Post. “Obviously it’s going to be disturbing.”

She said the family’s Internet service provider confirmed the router had been hacked and the source of the hack could be from anywhere in the world.

Although, such kid monitor hacking cases have been reported every month, Melvin said no other incidences have been reported and she wasn’t aware of any past investigations into this type of camera hacking in the area.

She said there are no suspects in the case and the investigation is ongoing.

In a bid to protect, people should use passwords to protect access to the Internet connection and access to monitoring systems. Similarly, buy cameras from trusted sources and cover them cameras when not in use.
Read more »
Hackers Arrested
Cyber Crime Hackers Arrested

Three Estonian men sentenced for internet fraud by US court

Manhattan federal court has sentenced over three years imprisonment to three Estonian men for their involvement in an Internet scheme that infected more than 4 million computers in over 100 countries.

U.S. District Judge Lewis A. Kaplan said that, "It's hard to pick up a newspaper this summer without reading about another one." Justifying his decision he said it was important to impose tough sentence.

Timur Gerassimenko, 35, was sentenced to four years, Dmitri Jegorov, 37, got 3 2/3 years and Konstantin Poltev, 31, received 3 1/3 years for their roles in an internet  fraud.

According to the government, Gerassimenko was the main culprit behind this fraud, he hired programmers, Jegorov as the lead network administrator while Poltev as the public face of the enterprise.

When the men were arrested in Estonia, Gerassimenko was ordered to forfeit $2.5 million while Jegorov and Poltev were each told to forfeit $1 million. All three of them  apologized for their crimes before they were sentenced.

The fraud has affected computers belonging to government agencies such as NASA, along with educational institutions, nonprofit organizations, businesses and individuals.

The malware scheme that was  carried out with co-conspirators in Russia and Ukraine, cost NASA more than $65,000 in repairs.

All three men sentenced Thursday are serving sentences in Estonia for similar crime.
Read more »
Malware Report
Breaking News Malware Report

Researchers find out New Linux Backdoor

Security researchers from Doctor Web, a Russian Anti-malware company, have detected a new backdoor dubbed Linux.BackDoor.Dklkt.1 that targets Linux operating systems.

However, the signature of the backdoor has been added to Dr.Web virus databases. So, its Linux users are under reliable protection.

“It clear that creators of this malicious program planned to equip it with wide variety of powerful features, but bringing all their intentions to life proved rather problematic at the moment, not all of the program's components work as they should,” the researchers wrote in a blog.

The researchers have claimed that backdoor is supposedly of Chinese origin. They have said that the virus makers tried to create a multi-component malicious program encompassing a large number of functional properties.

“For example, they wanted to equip it with functions typical of file managers, DDoS Trojans, proxy servers, and so on,” they added. “However, not all of these plans were destined to see the light. Moreover, virus makers attempted to make a cross-platform program out of their creation; so that the executable file could be assembled both for Linux and Windows architectures. However, due to carelessness of cybercriminals, the disassembled code contains some strange constructions that have absolutely nothing to do with Linux.”

According to the researchers, the backdoor checks the folder from which it is run for the configuration file containing all operating settings. The file has three addresses of command and control servers. One of them is used by the backdoor, while the other two are stored for backup purposes. The configuration file is encrypted with Base64.

Once the backdoor gets activated, it tries to register itself in the system as a domain (system service). If the attempt fails, the backdoor terminates its work.

“Once the malicious program is successfully run, it sends the server information on the infected system; at that, the transmitted data is compressed with LZO and encrypted with the Blowfish algorithm. In addition to that, every packet contains a checksum, so that the recipient could verify data integrity,” the researchers explained.

Researchers have said that then Linux.BackDoor.Dklkt.1 waits for incoming commands that can include launching a DDoS attack, starting SOCKS proxy server, running a specified application, rebooting the computer or turning it off.
Read more »
Cyber Attacks
Cyber Attacks

To minimize cyber attacks, Senate bill proposes standards for cars

Good news for cars users and bad news for hackers as Senators Ed Markey and Richard Blumenthal has proposed new legislation that is designed to require cars sold in the United State to meet certain standards of protection against digital attacks and privacy.

It is said that the new privacy standards would govern data collected from vehicles under proposed legislation introduced in the U.S. Senate on Tuesday.

Soon after the WIRED revealed that two security researchers (Charlie Miller and Chris Val) have developed and plan to partially release a new attack against hundreds of thousands of Chrysler vehicles that could allow hackers to gain access to their internal networks, the U.S. government  has planned to come up with the legislation to increase the security in vehicles.

According to a new report posted on Wired, “Drivers shouldn’t have to choose between being connected and being protected,” Markey wrote in a statement. “Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

As per the proposed legislation, data stored in the car should be secured to prevent unauthorized access and vehicles will also have to detect, alert and respond to hacking attempts in real time.

Similarly, National Highway Traffic Safety Administration (NHTSA)will develop new privacy standards under which vehicle owners will be made aware of what data is being collected, transmitted and shared.

“Owners will be offered the chance to opt out of such data collection without losing access to key navigation or other features where feasible,” the news report read.

The increasing hacking attacks against vehicles said to be the reason behind the proposed law.

Earlier this year, BMW fixed a vulnerability in its connected drive system that allowed an attacker to remotely unlock a car. It had not enabled encryption on its servers, allowing an attacker to mimic the server and send a lock or unlock command to a car. The fix was as simple as enabling HTTPS, but 2.2 million cars had to be upgraded.


Read more »
National Cyber Security
Breaking News Cyber Security National Cyber Security

Google protests against US government's new legislation "Wassenaar Arrangement"

 
Google has protested against the proposed legislation changes in the “Wassenaar Arrangement”  that would let the US government control the export of security research and technologies.

Google’s legal team member Neil Martin, and Tim Willis, Hacker Philanthropist, Chrome Security Team, opposed the proposed legislation by saying “it will hurt general web users” in a blog post.

Blog emphasized on how the proposed changes will directly affect the security research, “The time and effort it takes to uncover bugs is significant, and the marketplace for these vulnerabilities is competitive. That’s why we provide cash rewards for quality security research that identifies problems in our own products or proactive improvements to open-source products. We’ve paid more than $4 million to researchers from all around the world - our current Hall of Fame includes researchers from Germany, the U.S., Japan, Brazil, and more than 30 other countries.”

According to the blog post proposed legislation changes would apply Wassenaar Arrangement controls to software and tools, which will hamper the companies, who hire hackers to find vulnerabilities in their network and products.

If the proposed changes are approved then the companies operating in the US have to have a license to export their security technologies, or information on newly discovered vulnerabilities to anywhere other than Canada.

Google submitted their comments on the proposed rules to the United States Commerce Department’s Bureau of Industry and Security (BIS).
Read more »
Hacking News
Hacking News

British man arrested for allegedly hacking US government networks

Lauri Love, a 30 year old resident of Suffolk has been arrested for allegedly hacking classified networks of the US government.

Mr. Love is accused of hacking Department of Energy, the Federal Reserve, Nasa, the Environmental Protection Agency, the US Army and the US Missile Defense Agency.

The US government has put in an extradition request for Love, who has currently been released on bail. He will undergo an extradition hearing in September.

This is the second time Love has been arrested, his first being in October 2013. The Us government had not sought an extradition request at that time.
Read more »
Vulnerability
Featured Vulnerability

Your life is in the hands of the hackers, they can remotely hijack your Jeep


Image Credits: Wired
When we think of a term ‘hacking’, computers, bank accounts and websites are the things which come in our mind. One can barely think of hacked vehicles. However, a recent case in which a car was hijacked by hackers has shown that the hackers have left nothing safe in our life.

According to a report published on Wired, zero-day exploit for Chrysler vehicles allow hackers to control everything from the engine to the air-conditioning over the Internet, overriding the driver at the dashboard.

It has been found out that the Uconnect software, which manages the vehicle’s entertainment and navigation systems, provides a Wi-Fi hotspot, and allows drivers to make phone calls. It is said that if anyone who knows the car's IP address can hijack the car.

In the report, Andy Greenberg, senior writer, explained that he signed up to be a guinea pig for security researchers Charlie Miller and Chris Valasek. He was strapped into a Jeep and directed to head onto the highway. From 10 miles away, Miller and Valasek proceeded to hack into his car's software, toggling the windshield wipers, blasting the radio, and, eventually, cutting the transmission.

“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun,” Greenberg said.

After that, the hackers successfully took over the jeep’s brakes as a result it went into a ditch.

“Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route,” he explained.

According to the news report, on Tuesday Senators Ed Markey (D-Massachusetts) and Richard Blumenthal (D-Connecticut) announced legislation that would ensure automobile companies to meet privacy measures to protect against cyber attacks.

In order to prevent the car hacking, Miller and Valasek reported about the flaw in the vehicles to the company concerned, months ago.

The Chrysler has come up with an updated version of the software however, the company has to manually download it and upgrade their cars through a USB drive.
Read more »
Hacking News
Hacking News

NIS official, alleged of operating a hacking software, killed himself

A 45-year-old official of National Intelligence Service (NIS), who was in the charge of implementing and operating a hacking software developed by Hacking team dubbed Remote Control System (RCS), killed himself on July 18, according to a report on ABC.

As per the news report, the man was found dead in his car on a mountain road in Yongin, about 40 kilometres south of Seoul.

According to his suicide note, which was released by the police, the agent, identified only by his surname Lim, deleted relevant records on the NIS computer network before committing suicide

According to police, the man committed suicide after writing a handwritten note in his car giving details of how the NIS had used a controversial hacking software.

Lim wrote in the suicide note that he had insisted the NIS had not spied on South Koreans and apologized for deleting files relating to the software.

"There was no monitoring of people at home. I deleted information that created misunderstandings about our counter-terrorism and covert operations on North Korea ... It was a mistake on my part. But there is nothing to be worried about over any of my actions," he said.

Although, the government and NIS officials have admitted purchasing the software from the Hacking Team, they claimed that it was only used to boost Seoul's cyber warfare capabilities against Pyongyang and not for any domestic monitoring.

“Lee Chul-woo, a ruling party legislator who heads a parliamentary intelligence committee, said Mr Lim had purchased and run the hacking software, which allows users to track smartphones and computers by installing spyware,” the news report read.
Read more »
Defaced Website
Defaced Website

Islamist hacking group targets Dublin gym websites

Photo Courtesy: RTE News

The RTÉ News has confirmed that the websites of three gyms, which are owned by South Dublin County Council and independently run and operated on behalf of the council by South Dublin Leisure Services Limited, have been temporarily shut down after a hacking attack by an “Islamist hacking group”.

After getting into the websites, the hackers have posted a video which contains graphic images of dead, injured people and a woman with an American accent reading a message criticizing the war on terror.

The hackers posted a message on the images which read, “Admin Don't Worry This Is just A Message And You Can Remove It. Your Website Has Been Defaced Cuz Just We Want To Show The Reality To da World. This Is The real Terrorism."

Along with the video, the hackers also posted a logo for the Liber8 Tunisia Facebook page.

“Prior to being deactivated, visitors to the web pages of the Clondalkin Leisure Centre were redirected to a page that claimed the breach was carried out by an organization describing itself as the Tunisian Fallaga Team,” the news report read.

The websites of leisure centres in Tallaght and Lucan are also inactive following the apparent attack.


According to the RTÉ News, Philip Murphy, Senior Executive Officer with the council said, "The matter has been brought to our attention this morning and we are taking appropriate action to rectify this situation. The offending material has been removed and a full investigation is under way."
Read more »
Subscribe to: Comments (Atom)