Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Israel arrests two teens for $600,000 cybercrime operation


Israeli law enforcement has arrested Yarden Bidani and Itay Huri as part of an FBI investigation into their alleged control of vDOS, one of the most popular paid attack platforms. The two 18-year-old teens raked in at least $618,000 running a massive cybercrime operation in recent years. The platform itself is also offline, although that's due to one of vDOS' victims (BackConnect Security). vDOS is a web service that helps customers carry out so-called distributed denial-of-service attacks (DDoS) for the purpose of knocking websites offline. Such DDoS attacks work by flooding the targeted website from multiple computers until it crashes. It’s as if millions of callers tried to dial the same phone number simultaneously.

The duo were arrested on September 08, around the same time when U.S. cybercrime investigator Brian Krebs, a former Washington Post staffer and among the best-known writers on data security in the world published a story on KrebsOnSecurity naming them as the masterminds behind a service that can be hired to knock Web sites and Internet users offline with powerful blasts of junk data.

Bidani and Huri did not cover their tracks carefully. The pair hosted vDOS on a server connected to Huri, and its email and SMS notifications pointed to the two. They even wrote a technical paper on DDoS attacks, while Bidani's old Facebook page references the AppleJ4ck pseudonym he used to conduct vDOS business. And if that weren't enough, vDOS refused to target any Israeli site since it was the owner's "home country."

The two men’s identities were exposed because vDOS got massively hacked, spilling secrets about tens of thousands of paying customers and their targets. A copy of that database was obtained by KrebsOnSecurity.

Both suspects were questioned and released on bail on September 09 on the equivalent of about USD $10,000 bond each with some conditions. Officials have placed them under house arrest for 10 days, seized their passports and barred them from using any internet or telecom devices for 30 days. It's unclear if they face extradition to the US.

The bust isn't going to stop paid denial of service attacks. However, it may put a temporary dent in the volume of those attacks -- and it'll certainly spook vDOS competitors who've been careless about hiding their activities.
Read more »

Mr.Chow's Website Serves Ransomware To Customers

(pc-google images)
Popular Chinese restaurant Mr.Chow is in news for serving ransomware to customers via its website. The restaurant, which has chains in London and US, had its site hacked by cybercriminals to infect customers with ransomware.

The hackers directly injected the restaurant's website with the pseudo Darkleech script, which in turn triggered the Neutrino exploit kit, infecting vulnerable systems with ransomware.

"Ransomware authors have been adding new features to make it more robust or more 'user-friendly'. Below, we see a CAPTCHA users must enter in order to access their account page with further instructions, and even a 'Help Desk' section where you can ask the criminals some questions (or get some feelings off your chest)," Malwarebytes researchers said.

Unsuspecting customers will be served a rude bill of US$695 (1.2 bitcoins) at the end of their restaurant experience making take-away the likely alternative.

In 2015, British celebrity chef Jamie Oliver's website had also become a ransomware target.
Read more »

Cisco's Talos & GoDaddy Shut Down Malvertising Campaign


(pc-google images)
Cisco System’s threat research group has detected and deactivated a global malvertising campaign which exposed visitors on legitimate sites to the malicious code Neutrino Exploit Kit.




(pc-google images)
Talos Security Intelligence and Research Group and GoDaddy shut down the malicious server in Russia, which hosted the exploit kit.


Malware was propagated through ad networks such as OpenX and Revive and appeared on many websites. A criminal gang known as Shadowgate bought ads on platforms that enabled them to add JavaScript code to ads. These ads drove users to special servers called ‘gates’ and they would check the user's browser and OS, and if conditions were met, they would be redirected to another landing page where the Neutrino exploit kit would be used to infect a system with malware using flaws in unpatched software detected by the gates.


Cisco researcher Nick Biasini said that about 1,000 of one million visitors may have been exposed to Neutrino EK, which then tried to transfer the CrypMIC ransomware to their computers.


“GoDaddy quickly responded and was able to mitigate the threat successfully. As of the publishing of this blog the associated malvertising campaign appears to have been successfully shut down and the malicious activity thwarted. Unfortunately, as this is using domain shadowing it's likely the campaign will only remain dormant for a while, but until then users are protected from this specific threat,” said Biasani.


Biasini emphasized the seriousness of malvertising campaigns noting that as more content continues to move online the primary revenue source for web sites is online ads.
Read more »

Warner Bros Report Own Site Illegal, Asks Google To Remove From Search


(PC-Google images)
Film maker Warner Brothers has reported its own site as illegal and has asked Google to remove it from search results. The famous movie studio has cited copyright law violation as the reason, reports copyright new site Torrent Freak.




Warner also asked Google to remove links to film streaming sites run by Amazon and Sky, as well online film reference site IMDB.




The official Warner Bros web page for 2008's The Dark Knight was among the URLs that Google was asked to remove.




The requests were made on behalf of Warner Bros by Vobile, a company that uses video tracking technology to help companies enforce copyright on their content. Google's transparency report says Vobile has submitted more than 13 million links for removal.




"Warner is inadvertently trying to make it harder for the public to find links to legitimate content, which runs counter to its intentions," said Ernesto van der Sar, from Torrent Freak.





Google spotted the mistakes and decided not to remove links to Amazon, IMDB and Sky Cinema, though the Warner URLs still remain under review, reports Torrent Freak.
Read more »

iPhone 7's goodbye to its traditional headphone sockets

(pc-google images)
Ever since the new Apple’s iPhone 7 has been launched, the entire world is going gaga over its features and new additions in the model. The iPhone 7 doesn’t have the traditional headphone socket, its lightning connector would instead work for the function.


Although the firm believes that the step was a very challenging one, it may cause annoyance to the regular earphone users.


The lack of a traditional 3.5 mm headphone jack will require wireless headphones, an adapter to plug in to the phone's lightning port, or compatible earbuds. The new iPhone 7 and iPhone 7 Plus will come with ear buds and an adapter so that older headphones can still be used.


"When you have a vision for how the audio experience can be ... you want to make it as great as can be," Apple's senior vice president of marketing, Phil Schiller, said at the launch of the much-awaited gadget.


"It was holding us back from a number of things we wanted to put into the iPhone," Dan Riccio, Apple's senior vice president of hardware engineering said. "It was fighting for space with camera technologies and processors and battery life. And frankly, when there's a better, modern solution available, it's crazy to keep it around."


The headphone jack was made popular by Sony's Walkman cassette players, but was first introduced in one of the Japanese company's transistor radios in 1964.


Apple has repeatedly been willing to ditch connectors and other ageing tech from its products earlier than its competitors.
Read more »

Gregory Touhill: First cyber security chief in US


A retired U.S. Air Force brigadier general, Gregory Touhill has been named as the first federal Cybersecurity chief of the  United States government, The White House on Thursday.

The government announced this position after a series of high-profile breaches into the government network and has been announced eight months ago which intends to improve the cyber security and defenses against hackers.

From the previous year, the Obama government  has been increasingly stressing the need for stronger cybersecurity, and he created a new position of a federal Chief Information Security Officer (CISO) in February. A budget proposal of $19 billion  has been passed for cybersecurity, Reuters reported.

According to the statement, the role of new cybersecurity chief will be to protect government networks and critical infrastructure from cyber threats. Grant Schneider, the director of cybersecurity policy at the White House’s National Security Council, will be his  deputy.

Touhill is currently working with the Department of Homeland Security as  a deputy assistant secretary for cyber security and communications.

He will take up his office from later this month.  
Read more »

A USB device can steal credentials from a locked PC or MAC


A researcher, Rob Fuller has proved that it is quite easy for hackers to steal credentials from locked Windows and Mac OS X computers using a small USB device. 20 seconds of physical access to with a $50 device is all it takes to log into the locked computer. Attackers can use rogue USB-to-Ethernet adapters to capture login credentials as long as the machine is logged in.

Fuller, a principal security engineer at R5 Industries explained that the hack works by plugging a flash-sized minicomputer into an unattended computer that's logged in but currently locked. Within seconds, the USB device which disguises itself as a USB Ethernet adapter will obtain the username and password hash used to log into the computer. Configuring the USB device to look like a Dynamic Host Configuration Protocol (DHCP) server tricks the connected computer into communicating with it. These network communications, which include usernames and passwords, can be captured by installing Responder, an open source passive credential gathering tool, on the hacking gadget. The hash can later be cracked or used directly in some network attacks.

In the process, the machine which runs an older version of Windows, the returned NTLMv1 hash can be converted to NTLM format no matter how complex the underlying plaintext password is. An NTLMv2 hash used by newer versions of Windows would require more work. In Fuller's tests, hashes returned by even a fully up-to-date El Capitan Mac were able to be downgraded to a susceptible NTLMv1 hash.

Fuller, who is better known by his hacker handle, mubix said the technique works using both the Hak5 Turtle which is worth $50 and USB Armory which is worth $155, both of which are USB-mounted computers that run Linux. Mubix reports that some people have gotten a similar setup to work on a RaspberriPi Zero, making the cost of this hack $5 and about 10 minutes of configuration setup.

The process is way simpler because operating systems automatically start installing newly connected USB devices, including ethernet cards, even when they are in a locked state and they automatically configure wired or fast ethernet cards as the default gateways.

Furthermore, when a new network card gets installed, the OS configures it to automatically detect the network settings through the DHCP. This means that an attacker can have a rogue computer at the other end of the ethernet cable that acts as a DHCP server.

The time it takes to capture a machine’s credentials depends on the targeted system, but the researcher has managed to conduct the attack and obtain the username and password hash in just 13 seconds.

Fuller has successfully reproduced the attack on Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1 and Windows 10. The expert has also conducted attacks against OS X El Capitan and Mavericks, but he has yet to confirm that the method works on other configurations than his own. Linux has not been tested.

Fuller is working on a follow-up post suggesting ways to prevent the attack.

The lesson from all this is, as Fuller noted on Twitter: “Don’t leave your workstation logged in, especially overnight, unattended, even if you lock the screen.”
Read more »

SMS for 2-Factor Authentication can be compromised


Earlier this year in May 2016, the National Institute of Standards and Technology (NIST) published a guideline recommending the depreciation of SMS authentication as the second factor for strong authentication. NIST has recommended other forms of two-factor such as time-base one-time passwords generated by mobile apps — over text messaging.

In SMS-based two-factor authentication (2FA), a user must confirm the intended login or transaction by entering an OTP sent to their mobile phone — typically, a four- to eight-digit numerical code. This authentication method was once believed to protect against man-in-the-middle (MitM) attacks until security professionals realized that text messages can be intercepted by fraudsters easily.

If a mobile phone is compromised due to some malware, a fraudster can command the malware to monitor text messages, including OTPs, mobile SIM swaps, SIM clones, number porting attacks, fake caller ID and call forwarding scams which are operated by customer service representatives.

But 2FA has a major problem with also phones which have not been corrupted. Since encryption is not applied to short message transmission by default, messages could be intercepted and snooped during transmission, even if the receiving device wasn’t infected by malware. Moreover, SMS are stored in plaintext by short message service center (SMSC) before they are successfully delivered to the intended recipient. These messages can be seen by anyone in SMSC and there are spying programs too like FlexiSpy which enable intruders to automatically record all incoming and outgoing SMS messages and then upload the logs to a remote server for later viewing and analysis.

This method will fool a decent percentage of users who have enabled text messages as a form of two-factor authentication. Certainly, text messaging isn’t the strongest form of 2-factor authentication, but it is better than allowing a login with nothing more than a username and password, as this scam illustrates. For this reason, most companies haven’t urgently migrated to other authentication methods.

Other safer options like push-to-approve to biometrics, such as fingerprint scans, retina scans or even voice recognition will take time. Google recently went a step further by debuting a new “push” authentication system that generates a prompt on the user’s mobile device that users need to tap to approve login requests.

But presently, the need of the hour is that websites should make user-friendly password policies and put the burden on verifier. It’s important that the users are not asked every time to improve their security by changing the passwords frequently because they are not improving it.
Read more »

UK 'hacker' Lauri Love fears death in US prison



A British man, Lauri Love, who has has Asperger's syndrome, allegedly hacked the US government computers says he fears dying in jail if he is extradited to US.


He told the BBC's Victoria Derbyshire programme,  "If I went into a US prison, I don't think I'd leave again."


Next week a judge will announce whether Mr Love, from Stradishall, Suffolk, should be extradited.

If extradited to US then he could face trials in three different US states, is accused of hacking into the FBI, the US central bank and the country's missile defense agency.

In his interview he said that the  US prison is inefficient at handling people with psychological conditions.

"The way that mental health is dealt with in America is not in any way therapeutic," he said. "I have Asperger's and I have depression, so suicide is a real risk.

"And if I get a 99-year sentence, it's an absurd length of time, meaning I would die in prison anyway."

UK has dropped every charges against him.

In an email interview with the ehackingnews, Ilia Kolochenko, CEO of web security firm High-Tech Bridge said  that hackers should be rehabilitated not always punished especially in light of the shortage of cybersecurity experts - "Today many Black Hats are doomed to stay cyber-criminals as there is no painless 'way back' for them. Many young talents commit mistakes at the beginning of their careers without realizing that they are doing something wrong or harmful. However, afterwards they continue following the wrong path as they cannot find a job appropriate for their skills and past technical experience.

Taking into consideration the current shortage of qualified cybersecurity experts, it may be interesting to think about rehabilitation programs for ex-cybercriminals and use they brains to defend companies. Moreover, these people will have to prove their reliability and skills and thus work harder than normal employees."
Read more »

Adult site BRAZZERS data hacked




A popular porn site, Brazzers site has been hacked.Nearly 800,000 accounts personal information have been compromised.

Breach monitoring website Vigilante.pw has provided the data set to the Motherboard for verification purpose.

The data released contains 790,724 unique email addresses, and usernames and plaintext passwords.

Public relations manager from Brazzers, Matt Stevens,  told Motherboard in an email, “This matches an incident which occurred in 2012 with our 'Brazzersforum,' which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the 'vBulletin' software, and not Brazzers itself.”

“That being said, users’ accounts were shared between Brazzers and the 'Brazzersforum' which was created for user convenience. That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users,” Stevens added.

According to the Motherboard reports, both Brazzers users and administrator said that they had not used Brazzersforum.

Forum uses a separate URL from the  website, it allows users to dicuss about differentporn scenes, stars, and letthem post what other things they want to watch on Brazzers.

 Brazzersforum is displaying a message: “under maintenance," and is unavailable for the users.

“Note that the data provided contains many duplicates and non-functional accounts. We banned all non-active accounts in that list in case those usernames and passwords are re-used in the future,” Stevens from Brazzers said.


Ilia Kolochenko, CEO of web security firm High-Tech Bridge offers advice to users of such sites -  "We should keep in mind that everything we send online - emails, pictures or instant messages - may be compromised. Don't think that encryption or auto-deletion of a video will help - once something goes online - it can be intercepted or compromised. There are numerous attack vectors - from our own devices that can be hacked and backdoor-ed to backup providers of companies who store or transfer the data.

Therefore, if you want absolute tranquility - make sure that all your digital assets can be published on page one of Daily Mail tomorrow without making you feeling uncomfortable. Obviously, I don't speak about confidential professional information, but about such things that afterwards may embarrass you and your colleagues."






Read more »

100 million accounts leaked another mega breach


Another massive breach has taken place where almost 100 million accounts of the popular Russian web portal, Rambler.ru were leaked online.

The hack had exposed usernames, email addresses, ICQ addresses and passwords of 98,167,935 accounts. To make things worse, Rambler, a version of Yahoo, stored passwords in plain text rather than encrypting them, thus giving full access to the hacker without having to crack them first.

A breach repository site, LeakedSource revealed that the attack occurred way back on 17 February 2012 which appears to have gone unreported in all these years. The entire database might have been downloaded four years back.

The cyber attack is the latest in a recent string of data breaches. Rambler’s competitor, VK.com, was hacked in late 2012 or early 2013 and exposed the data for its entire user base. Recently, the details of 70 million Dropbox accounts, from a breach dating back to 2012, were also leaked online. The music service Last.FM was also attacked that year, affecting 48 million users. LinkedIn and Myspace were also hacked in 2012.

LeakedSource has been publicizing and verifying most of these leaks throughout 2016. Anonymous parties forwarded LeakedSource the data from these hacks, and the service contacted users to judge the authenticity of the information. After verifying the data, LeakedSource uploads its info into a searchable database so users can see if their info was compromised.

The breach was reported by the same user who handed LeakedSource some 43.6 million cleartext breached Last.fm accounts also dating back to 2012.

On analyzing the passwords, LeakSource found that though mega breaches are becoming common, users continue to use weak passwords. The most common password in the Rambler.ru breach is ‘asdasd’, which was used by 723,039 account holders.

The top 10 used passwords from this breach are:

Rank Password Frequency
1 asdasd 723,039
2 asdasd123 437,638
3 123456 430,138
4 000000 346,148
5 666666 249,812
6 654321 242,503
7 cfreyjdf 237,009
8 123321 236,871
9 555555 230,453
10 123123 222,983

LeakedSource partnered with Russian journalists due to language barriers to confirm if the account dump was valid.

LeakedSource is processing other massive breaches and will be announcing their results slowly.

As data breaches are increasing with every passing day, users should be vigilant enough to use strong unique passwords for every site that they register an account. Online security is a serious topic and existing password education isn’t enough to deal with the situation.
Read more »
Subscribe to: Comments (Atom)