Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

5 security practices difficult for hackers to crack


Hackers agree that no password is safe from them no matter how strong it is but both white and black hats say that there are 5 security measures which can make it difficult for them to penetrate enterprise networks.

1. Limit admin access to systems

The foremost step is to secure the network with privileged accounts as they become the top target of any attacker to seek access.

At the Black Hat USA 2016 conference in Las Vegas earlier this month, Thycotic, a specialist in privileged account management (PAM) solutions, surveyed more than 250 attendees among which were both black and white hat hackers. During the survey, Thycotic explained that the attacker gains entry into the network often by exploiting an end user computer, after which it elevates the privileges by compromising a privileged account which allows attackers to operate on a network as if they are a trusted IT administrator.

To be on guard against it, organizations should adopt a least privilege strategy in which privileges are only granted when required and approved. For IT admin privileged accounts, access to the accounts should be controlled and Super User Privilege Management for Windows and UNIX systems should be implemented to prevent attackers from running malicious applications, remote access tools, and commands. It administrators should mostly use standard accounts till not necessary.

2. Protect privileged account passwords

As hackers hijack privileged accounts, it gives them the ability to access and download a company’s sensitive data. Attackers can broadly distribute malware, destroy the data, bypass existing security controls and erase audit trails to hide their activity. It is difficult to manage privileged accounts which are necessary to today's IT infrastructure.

To top it all, organizations still rely on manual systems like spreadsheets to manage privileged account passwords which is an inefficient way and so the such systems are easily hacked, posing a major security risk to the entire enterprise.

Privileged Account password protection provides a comprehensive solution to automatically discover and store privileged accounts, schedule password rotation, audit, analyze, and manage individual privileged session activity, and monitor password accounts to quickly detect and respond to malicious activity.

3. Extend IT security awareness training

With the increasing phishing attacks, companies need to seriously consider expanding their IT security awareness programs beyond simple online tests or acknowledgements of policies.

White hat hackers are greater believers in security awareness training than black hat hackers.IT security awareness training is important for even a start up.

4. Limit unknown applications

It’s important to know which applications are authorized to run on a network to ensure their passwords are protected.

“Application accounts need to be inventoried and undergo strict policy enforcement for password strength, account access, and password rotation. Centralized control and reporting is essential to protect critical information assets,” Thycotic wrote.

5. Protect user passwords with security best practices

Not only privileged accounts, end user accounts also remain an attack vector. 77% of survey reports don’t believe that any password is safe from hackers. However, if one is ready to secure end-user passwords, security policy for password should be strengthened which should be changed frequently. The passwords should be easy and secure so that employees don’t have to regularly call the help desk when they change their workstation and forget a password.
Read more »

Media Matters called an investigation on Fox News hacking reports

Media Matters, a Media watchdog group, has called for an investigation into an allegation on a right-wing news network, Fox News, that TV channel had  hired a private investigator to hack into the phone details of their reporter. 

New York writer Gabriel Sherman’s article quoted unnamed executives: “This was the culture. Getting phone records doesn’t make anybody blink.”

The writer Sherman has been working for the past month on the ongoing Fox News saga, wrote this in his latest article:

“Fox News also obtained the phone records of journalists, by legally questionable means. According to two sources with direct knowledge of the incident, Brandi, Fox’s general counsel, hired a private investigator in late 2010 to obtain the personal home- and cell-phone records of Joe Strupp, a reporter for the liberal watchdog group Media Matters. (Through a spokesperson, Brandi denied this.)”

Bradley Beychok, president of Media Matters said the organization is “considering all legal options”.

“From what we witnessed with Rupert Murdoch and News Corp’s prior phone hacking scandal, it’s critical for an immediate investigation of Roger Ailes and any other current or former Fox News employees who may have been involved in this illegal practice,” Beychok wrote. “Roger Ailes and Fox News broke the law by hacking into the phone records of Media Matters employees. Anyone involved in the illegal hacking should be prosecuted to the fullest extent of the law and we are considering all legal options.”

Rupert Murdoch's cable TV channel,  Fox News general counsel Dianne Brandi had ordered an investigation into the reports.
Read more »

Bitcoin alternative for music industry kicks off this week

An alternative for Bitcoin in the music industry, Kashcoin has announced the launch of their cryptocurrency which will focus on trading on multiple exchanges of the Music industry. The currency exchanges will kick off this week.

Kashcoin is created by Leor Dimant aka DJ Lethal who has been part of multi-platinum groups along with Justin Lally as a partner. It is represented by the symbol KASH for the music industry. It can be used by bands, in music concerts and festivals, to buy records, clothing and merchandise. Moreover, the users of Kashcoin will get special deals and VIP perks which are not available to regular people.

Kashcoin which is created for a niche aims to introduce music lovers, producers and artists to digital currency. The company is presently focusing on providing tools to merchants so that they can easily integrate Kashcoins into their existing payment solutions. Kashcoin wallets are being made available for all major operating systems and devices. The platform also announces the availability of premining for miners.

Kashcoin isn’t a replacement for Bitcoin as it intends to cater music industry segment satisfactorily before moving on to other fields.

Kashcoin Specifications:

Premining
Proofs: Network-Stake (PoS) – Anonymous Burn Destroy (PoBA)
Min Stake Time of 1 hour, Max Stake Time of 8 hours
PoW ended at Block 100.000, Mined 1,200,000 KASH
Minimum Transaction Fee: 0.01 KORE
RPC Port: 28555, P2Port: 28556
Confirmations: 10, Maturity: 30
Read more »

Florida man arrested for hacking Linux sever in 2011

The Department of Justice arrested a computer programmer from South Florida last week  for allegedly hacking into the Linux Kernel Organisation's kernel.org website and the servers of the Linux Foundation.

Donald Ryan Austin, 27, has been charged with four counts of “intentional transmission causing damage to a protected computer.” 

The DOJ press release stated: “Specifically, he is alleged to have gained unauthorized access to the four servers by using the credentials of an individual associated with the Linux Kernel Organization.” 

"Austin is charged with causing damage to four servers located in the Bay Area by installing malicious software. Specifically, he is alleged to have gained unauthorised access to the four servers by using the credentials of an individual associated with the Linux Kernel Organization," the DOJ press release reads.

"According to the indictment, Austin used that access to install rootkit and trojan software, as well as to make other changes to the servers."

Austin was arrested after he identified himself when stopped for a traffic offence, on 28 August in Miami Shores.  

According to the indictment, around August  2011, he stole and  used the credentials of a Linux system administrator, with the initials "J.H." to infect the servers with the Phalanx malware. 

He  broke into several  servers, including “Odin1,” “Zeus1,” and “Pub3."
Read more »

Apple releases new update after hack flaws

Apple has urged  their Laptop and desktop users to  update their OS X El Capitan and Yosemite operating systems immediately to protect  the devices from cybercriminals.

They have also issued an update for its Safari internet browser, "visiting a maliciously crafted website" that could allow hackers to install monitoring software.

The  released updated software  will affect OS X 10.11.6 El Capitan, 10.10.5 Yosemite and Safari 9.1.3.

Apple has released the warning  after a week of report of an   attempt to hack a man's iPhone using a link that could have provided access to his calls and messages

The malicious software is capable of tracking a text message, calendar entry, email sent through Gmail or WhatsApp message, and it constantly updates and sends the user's location from the phone's GPS and various passwords.

A security researcher of Lookout, Mike Murray, described it as "the most sophisticated spyware package we have seen in the market". 
Read more »

FairWare Ransomware targets Linux Servers


FairWare is a new piece of malware that is targeting Linux servers by deleting web folders while they offer to restore access to the encrypted files for a ransom of 2 Bitcoins (about $1,100).

They are not the first ransomware family  to targets Linux users, but they are the first ones to delete the web folder from computer systems.

According to the victims they say that malware first make their system down, and then it  remove folder from their Linux servers,  BleepingComputer reports. And further they complained that a ransom note called READ_ME.txt was dropped in the /root/ folder, providing them with a link to a further ransom note on Pastebin.

“Your server has been infected by a ransomware variant called FAIRWARE. You must send 2 BTC to: 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within 2 weeks from now to retrieve your files and prevent them from being leaked. We are the only ones in the world that can provide your files for you! When your server was hacked, the files were encrypted and sent to a server we control,” the Pastebin note reads.

The ransom note  mentions that  victims should email fairware(at)sigaint.org  regarding any question about the ransomware. However,  the attackers refused  that  they send e-mail to everyone, but they said they sent e-mail to only those who are willing to pay.



Read more »

Details of BTC-E and BitcoinTalk breach revealed


Data breach monitoring service, LeakedSource revealed on Friday (September 03) that that leading cryptocurrency exchange BTC-E.com and largest bitcoin discussion forum Bitcointalk.org suffered major hacks in 2014 and 2015 respectively.

LeakedSource, which is a great source for leaked passwords and accounts has reported that 499,593 user details of Bitcointalk.org were actually stolen in May 2015 which comprised of "usernames, emails, passwords, birthdays, secret questions, hashed secret answers and some other internal data." It confirmed that 91% were hashed with sha256crypt, which would take a year to crack around 60-70% of them. The remaining 9% were hashed with MD5 and a unique salt and LeakedSource has cracked around 68% of them.

In the BTC-E.com hack, 568,355 accounts had been compromised in October 2014.

“They [BTC-E.com] used some unknown password hashing method which currently makes their passwords completely uncrackable although that may change. This is good because if the passwords were easy to crack, hackers could log into the exchange and start stealing members Bitcoins”, LeakedSource said.

The BTC-E.com hack is more serious since wallets could be accessed and bitcoins stolen. LeakedSource says it hasn't yet seen any news about stolen BTC-E customers losing their coins.

The presence of two hash types suggest they changed their password storage mechanism at some point.

Meanwhile, the company also disclosed that 43 million account details were stolen from music site, Last.fm in 2012.

Last.fm was hacked on March 22nd 2012 for a total of 43,570,999 users which is becoming public like all others. The site said that the most commonly used password on Last.fm is the shockingly common, ‘123456’, followed by 'password' and 'last.fm'.

LeakedSource is processing enough additional databases to publish one per day or several years.
Read more »

Trojan imitates Google Play store user


Kaspersky Lab researchers have found a new Android Trojan, Guerilla that behaves like a human to get past protections on the Google Play Store.

After landing on the Google Play, a malicious application gains access to a wide audience gains the trust of that audience and experiences a degree of leniency from the security systems built into operating systems. On mobile where users cannot install applications from any other source other than the official store, this Trojan lands as an app after passing a rigorous check for anti-Fraud protection mechanisms.

Guerilla, which downloads and installs apps and leaves fake comments and ratings on the store, uses a rogue client application to fool Google's anti-fraud technologies. This fake app allows attackers to conduct shady advertisement campaigns using infected devices to download, install, rate and comment on the mobile applications published on Google Play.

The malware capable of only abusing Google Play mechanisms from rooted devices aims to boost legitimate apps by increasing their download rates and posting positive reviews on Google Play.

Lately, many Trojans have been seen using the Google Play app during promotion campaigns to download, install and launch apps on smartphones without the owners’ knowledge, as well as leave comments and rate apps. The apps installed do not cause direct damage but the victim may have to pay for excessive traffic. In addition, the Trojans may download and install paid apps as if they were free ones, adding to the users’ bills.

There are a number of ways of manipulating Google Play:

1. Amateur

The first method involves using Trojan to launch the client, open the page of the required app in it, then search for and use the special code to interact with the interface elements (buttons) to cause download, installation and launch of the application.

In this process, operating system’s accessibility services are used which is followed by an imitation of user input and then a code is injected into the process of Google Play client to modify its operation.

2. Expert

Some malware writers create their own client for the app store using HTTPS API but this process requires user credentials and authentication tokens which are not available to a regular app but the cybercriminals extract this information from the data stored on the device in clear text in SQLite format.

For example, client downloads and installs free and paid apps of Guerilla and rates and comments for the app in Play store, then the Trojan starts to collect information like credentials to the user’s Google Play account, Android id, Google service framework ID, Google advertising ID and hashed data about the device. The Trojan downloads the application by sending POST requests.

The Trojans that use the Google Play app to download, install and launch apps from the store are distributed by rooters due to which they launch attacks on the Google Play client app.

This type of malicious program poses a serious threat as rooters download malicious programs that compromise the android ecosystem and spend user’s money on paid apps and download other malware as well.
Read more »

Ransomware attacks Linux servers, demands bitcoins


Here’s a bad news for people who operate a web server that runs on Linux.

A new attack, FairWare Ransomware is targeting Linux users where the attackers hack a Linux server, delete the web folder, and then demand a ransom payment of two bitcoins (around $1,150) from the administrators to restore them. In this attack, attackers claim the files are first encrypted and uploaded to a server under their control.

The malicious program is not the first ransomware threat to target Linux-based web servers but is the first to delete files. Another program called Linux.Encoder first appeared in November and encrypted files but due to its poor method, researchers easily created recovery tools.

Victims first learned about this attack when they discovered their websites were down. When they logged into their Linux servers, they discovered that the website folder had been removed and a note called READ_ME.txt was left in the /root/ folder. This note contained a link to a further ransom note on pastebin.

The content of the READ_ME.txt file is:

“Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files!”

The ransom note on pastebin requests that the victim pays the ransom to the bitcoin address 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within two weeks to get their files back failing which they can leak them to the internet. They are also told that they can email fairware@sigaint.org with any questions.

It isn’t clear yet if the attackers actually possess copies of the deleted files nor is it clear if this is some sort of automated attack, one that simply scans the internet at large and infects where it can or if the attacks are focused.

Mostly these attacks do not have drastic consequences but it is unlikely for many server operators to take the chance. To escape this attack, it is advisable to have a good backup so that the server cannot be affected. For this, the users can just install the OS fresh, restore from backup, and monitor the situation. That's a lot better than shelling out $1,150 to thieves, who might not actually still have your data.

Webmasters should keep in mind that backups must be saved to an offsite location, not on the production server where they can be affected by a potential server compromise.

Till now this attack has been acting as a backup reminder for web operators, as the longer you go without updating, the greater the chance of your server becoming compromised.
Read more »

Teenager arrested for hacking president's website



Sri Lanka police has arrested a teenager on suspicion of hacking into the website of Sri Lanka President Maithripala Sirisena.


According to the officials, a 17-year old school boy allegedly hacked the President's website  www.president.gov.lk, demanding that his university entrance examination dates not be changed

The hacker had gained illegal access to the website and posted a message there demanding immediate presidential election if president fails to address his demands.

According to the reports of Reuters, policy said that his demand to switch University entrance exams to new year holiday month of April was abandoned by the authorities.


The police has  taken the unnamed hacker into custody under the Computer Crimes Act and on conviction faces a fine of 300,000 rupees ($2,000) and up to three years in jail.

"We traced the hack to his home in Kadugannawa," a police official said. "The website was crippled over the weekend after the attack."

The Police also arrested a 26-year-old man for allegedly helping the teenager hack into the system.


The hacker,  proclaimed to speak on behalf of The Sri Lanka Youth, posted a message: “If you cannot control the situation, hold a presidential election.”

The BBC reports that to “stop the prime minister’s irresponsible work and look more into the problems of university students.”

Now, the president's official site was up and running again.

"Police filed charges under the Computer Crimes Act and the court remanded the two until Friday," Manju Sri Chandrasean, the lawyer who appeared for the second suspect, told Reuters.
Read more »

Security Breach with Opera web browser

Recently mobile based web browser company Opera confirmed that the hackers broke into the company's sync servers, potentially exposing users credentials like passwords. 

The Norway based company warned customers about the possibility of security breach and glitch in their sync system however the company claimed that it quickly blocked the attack, however some of the information may have got leaked.

"Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users' passwords and account information, such as login names, may have been compromised", the company said adding that user's credentials are encrypted. "our investigations are ongoing, but we believe some data, including some of our sync users' passwords and account information, such as login names, may have been compromised," the company said in a blog post.

Opera has reset all the Opera Sync account passwords as a precaution. "We have also sent emails to all Opera sync users to inform them about the incident and ask them to change the password for their Opera sync accounts," adds the blog post. Not only resetting the Opera Sync password is advised by the company, but also resetting any passwords to third-party sites they may have synchronized with the service is also encouraged.

For those unaware, Opera Sync is a service that allows users to sync their Opera web browser settings and data across varied devices. Opera says the total active number of users of Opera sync in the last month was 1.7 million, which is less than 0.5% of the total Opera user base including 350 million users.

The Opera Sync breach warning by the company comes a little after a month since it was bought by a Chinese consortium for $600 million (approximately Rs 4,025 crores). The consortium led by Golden Brick Silk Road acquired the mobile and desktop versions of the internet browser, plus performance and privacy apps and a stake in a Chinese joint venture.

The company recently launched its unlimited VPN app with ad-blocker for Android users as well. The service arrived for iOS in May this year.
Read more »
Subscribe to: Comments (Atom)