Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Cyber-war between India and Pakistan

It seems that the tension between the two nuclear power, India and Pakistan is not going to end in the near future.

After the surgical strikes by Indian Army on 29 September, a Pakistani group of hackers has claimed that they have hacked nearly 7000 Indian websites in just a week.

They have claimed that this attack was an act of "revenge" against the Indian Army, and has released the names of the website on Tuesday.

According to the cyber security experts, the hackers are quite immature and didn't write the codes their own instead they used the existing codes to hack into websites.

On 3 October, hackers hacked the National Green Tribunal's website, and claimed it was an act of "revenge", as reported by PTI.,

"We are Unbeatable. You... kill innocent people in Kashmir and call your self-defenders of your country. You...violate the ceasefire on a border and call it 'Surgical Strikes'. Now kiss the burn of Cyber War," the hackers said.

Each and every website hacked had a message or slogan on them.

Legal head of Global Cyber Security Response Team, Mirza Faizan Asad says that "I've seen their post. They are not even proper hackers. They are what we call script kiddies, people who use existing computer scripts to hack into computers as they lack the expertise to write their own."

Aravind Prakash, associate professor at Binghamton University, US, said, "There is always a school of thought that will argue, 'why can't we buy software'? But one must understand that you cannot trust these companies that we buy from to provide a vulnerability-free software or system. Intrusion or hacking happens when there are vulnerabilities."
Read more »

Trojan imitates Google Play store user


Kaspersky Lab researchers have found a new Android Trojan, Guerilla that behaves like a human to get past protections on the Google Play Store.

After landing on the Google Play, a malicious application gains access to a wide audience gains the trust of that audience and experiences a degree of leniency from the security systems built into operating systems. On mobile where users cannot install applications from any other source other than the official store, this Trojan lands as an app after passing a rigorous check for anti-Fraud protection mechanisms.

Guerilla, which downloads and installs apps and leaves fake comments and ratings on the store, uses a rogue client application to fool Google's anti-fraud technologies. This fake app allows attackers to conduct shady advertisement campaigns using infected devices to download, install, rate and comment on the mobile applications published on Google Play.

The malware capable of only abusing Google Play mechanisms from rooted devices aims to boost legitimate apps by increasing their download rates and posting positive reviews on Google Play.

Lately, many Trojans have been seen using the Google Play app during promotion campaigns to download, install and launch apps on smartphones without the owners’ knowledge, as well as leave comments and rate apps. The apps installed do not cause direct damage but the victim may have to pay for excessive traffic. In addition, the Trojans may download and install paid apps as if they were free ones, adding to the users’ bills.

There are a number of ways of manipulating Google Play:

1. Amateur

The first method involves using Trojan to launch the client, open the page of the required app in it, then search for and use the special code to interact with the interface elements (buttons) to cause download, installation and launch of the application.

In this process, operating system’s accessibility services are used which is followed by an imitation of user input and then a code is injected into the process of Google Play client to modify its operation.

2. Expert

Some malware writers create their own client for the app store using HTTPS API but this process requires user credentials and authentication tokens which are not available to a regular app but the cybercriminals extract this information from the data stored on the device in clear text in SQLite format.

For example, client downloads and installs free and paid apps of Guerilla and rates and comments for the app in Play store, then the Trojan starts to collect information like credentials to the user’s Google Play account, Android id, Google service framework ID, Google advertising ID and hashed data about the device. The Trojan downloads the application by sending POST requests.

The Trojans that use the Google Play app to download, install and launch apps from the store are distributed by rooters due to which they launch attacks on the Google Play client app.

This type of malicious program poses a serious threat as rooters download malicious programs that compromise the android ecosystem and spend user’s money on paid apps and download other malware as well.
Read more »

Kate Moss latest victim of hackers

After the last week incidence of hacker trying to sell nearly 3000 private photos of Pipa Middleton, sister of  Duchess of Cambridge, Kate Middleton, to the press.

Now, Kate Moss has become the latest victim of hackers. Supermodels private photos have been circulated on the internet after hackers hacked her sister's Facebook account, Lottie.

According to The Sun, the leaked  photos include moments  from her birthday celebrations in which she and her friends were seen drunk and  lying on the floor after partying hard.

A source told the publication: "Kate isn't on social media but Lottie is quite open on all her platforms — although she has become far more guarded now. She realises she's a target for trolls who want information on her and her sister.

"None of the images were ever intended to be shared with the world so it's not very nice for them to have these personal moments pored over by some faceless hacker."

Lottie posted a message after  regaining control on her account; "When ur Facebook gets hacked and they change ur password lol okay." (sic)
Read more »

Russian hackers target Mac OSX with Trojan

A Russian hacking group has released new malicious software to infect computers running on Apple OSX, told cyber security researchers at Palo Alto Networks.

The cyber espionage group suspected to have intelligence links with Russian agency, GRU is believed to be the same that had allegedly struck the Democratic National Committee (DNC) and the World Anti-Doping Agency. The group was dubbed as Sofacy Group by California-based experts and over the years has received many titles by analysts like ‘Fancy Bears’, ‘APT28’ and ‘Pawn Storm’.

The Trojan out is known as ‘Komplex’ which does not exploit an Apple security flaw but instead takes hold via extremely targeted spear phishing tactics. It pretends to be a 17-page PDF document describing future projects of the Roscomos State Space Corporation, Russia's space agency between 2016 and 2025. The malware is designed to steal information from a compromised system and send it to a remote server.

After the victim opens the link to the PDF, the file downloads additional files to infect the machine, executing and deleting files and interacting with the system shell.

The researchers noted a number of coding overlaps including similarities with an OSX Trojan in Komplex.

It doesn't appear that Komplex was signed with a developer's digital certificate from Apple. Although anyone can obtain those certificates but including them makes an application more legitimate on the surface.

Earlier when the group had attacked DNC had leaked more than 19,000 internal e-mails which caused turmoil in the party after the correspondence showed party officials favored Hillary Clinton for the Democratic presidential nomination. The hacking group is also believed to have hacked WADA, releasing documents that called into question drug exemptions granted to top athletes for the Rio Olympics.

The US government is still investigating if Russian government is behind the hacks and other suspicious activities which is why it has not blamed it directly. However, in the first presidential debate, Clinton directly accused Russian President, Vladimir Putin of ordering the attacks.
Read more »

Delta power outage, a cyber attack?


In August when the third largest airline, Delta Airlines had to cancel 451 flights it had made an excuse that a power outage had caused the incident but in the age of multiple redundant systems, backup generators, off-site backups, cloud storage and underground military grade data centers, this excuse should have been questioned from the get-go. Though, Georgia Power immediately disputed Delta’s report and said that it was Delta’s equipment not the power grid.

Nearly two months later, DEBKA, the Middle East and counter-terror report based in Israel have found that what was termed as a power outage was a cyber attack. Security experts suggested that a malware was inserted into Delta computers months ago and on command, the spyware shut down the systems and blocked emergency protocols to protect the company. They could not even write boarding passes because they could not confirm seats.

No global company maintains all of their servers and routers in a single place and they are located deep beneath the ground which has several backup electricity systems.

At the time of the incident, One America News Network (OANN) reported that a circuit breaker that needed to be reset caused the outage. No one else near or around or on the grid with Delta suffered any electrical disturbances during that period.

The cyber attack on Delta was also confirmed by Georgia Power. Huge companies rely on their computers which have a backup for power outage but dealing with a hack is much difficult. Even the Delta information boards were not showing old information that was stored in the cache which goes into default mode in the event of a malfunction or a reset.

Cyber attack is a nightmare for every organization and secure network across the globe.

Whoever is responsible for the Delta attack will possibly try again and with this information out, the airline company should take steps to avert it.
Read more »

UK government targets Kodi boxes against piracy


 Kodi and other set-top box software which are streaming pirated videos has become a major issue for right-holders in the fight against piracy under UK government intellectual property crime.

 Kodi is free software, built by volunteers, that is designed to bring videos, music, games and photographs together in one easy-to-use application. Some shops sell set-top boxes and TV sticks known as Kodi boxes, preloaded with the software.

 Some fully-loaded boxes support software add-ons that can stream subscription movies, sport and TV channels over the internet for free which is illegal. The Federation against Copyright Theft (FACT) have revealed that around half of its investigations centre around streaming devices that use a third-party piracy-enabling software. Intellectual Property Office (IPO) terms the whole situation as an international racket which is spreading like an epidemic.

 A spokesperson of IPO told the BBC:

 “The government is working with its partners in industry and with police forces across the country to target criminals looking to profit from this activity. We are also working closely with our international partners to target the cross-border infrastructure that underpins illegal streaming."

 The vanilla configuration in Kodi, designed as a media centre is legal but it can be tweaked to facilitate the illegal streaming of premium content. While there are plenty of piracy-enabling add-ons available, they are not endorsed by the Kodi development team. The team generally takes a neutral stance on add-ons developed for the open-source software but have said they will fight anyone using the Kodi trademark. 

 Earlier this week, a Middlesborough retailer became the first in the UK to become embroiled in a legal challenge over the sale of Kodi boxes which facilitate the circumvention of copyright protection. The case is a landmark one which can change the use and distribution of Kodi in the UK.
Read more »

Pro-Assad Syrian Pleaded Guilty For Hacking In US

(pc-Google Images)
A supporter of Syrian President Bashar Al-Assad's government has pleaded guilty to to charges of conspiring to receive extortion proceeds and conspiring to illegally access computers in his limited role as a member of the Syrian Electronic Army (SEA) hacking group.

The U.S. Department of Justice in a statement said that 37-year-old Peter Romar was a member of the Syrian Electronic Army hacking group and had joined an operation to infiltrate computers of Assad's "perceived detractors" in the media, U.S. government and other governments.

Justice Department officials said the hackers used a tactic known as "spear-phishing," to target computers.

"If a victim could not make extortion payments to the conspiracy's Syrian bank accounts due to sanctions targeting Syria, Romar acted as an intermediary in Germany to evade those sanctions," the Justice Department said.

CNN, National Public Radio, the Associated Press, Reuters, Microsoft Corp, Harvard University and Human Rights Watch were among the hacker group’s targets.
Read more »

European Eastern Gang Claimed To Be Behind Yahoo Data Breach

(pc-Google Images)
The biggest data breach in recent times and the one that had all the eyeballs rolling was that of Yahoo. The massive 2014 data breach credentials was carried out by an Eastern European criminal gang, not a state-sponsored group as Yahoo claims, a cybersecurity firm has said.

The hackers, known as "Group E", sold the stolen Yahoo data to at least three clients, including one state-sponsored actor. While Yahoo said it believes a nation-state actor was behind the breach, but did not provide any technical evidence.

Arizona-based security firm, InfoArmor, said in a report-“Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations. The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."

The firm has not specified how it obtained access to the database or why Yahoo did not reveal the scope of the breach for almost two years.

According to InfoArmor chief intelligence officer Andrew Komarov, the hackers were also previously linked to other high-profile breaches at other websites including LinkedIn, Tumblr and MySpace.
Read more »

Does Apple Log Your iMessage Contacts And Shares With Police ?

(pc-Google Images)
Apple must have boasted about all its security methods including end-to-end encryption and privacy, but latest information reveals that the iMessage that you send isn’t as secure as you may have thought. A new report in The Intercept suggests that Apple may be logging and potentially sharing information like phone numbers of people that you iMessage with law enforcement agencies.

When a user contacts anyone through Apple messages app, the app pings the server to find out if the recipient has an iMessage account. The report adds that Apple takes a note of the IP address along with the date and time. This could help with providing information on the user’s location. The information is then stored for 30 days before it is deleted.

“This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that “we do not store data related to customers’ location,” identify a customer’s location,” the report reads.

Although the contents of iMessages sent over Apple's servers are encrypted end-to-end, thereby making them unreadable even to Apple, the metadata could be used to connect dots during a criminal investigation.

However, Apple in a statement quoted that- “In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.”

Apple is known for its strong position towards customer privacy. This report can very well put questions on the high standards maintained by the tech-giant over the years.
Read more »

'Companies Should Face Severe Punishment For Cyber Security Failures'

(pc-Google Images)
Customers’ data and its security is the major goal of any company. Breach in this not only tarnishes the reputation of the company but also faith of the customers gets a thrashing. A majority of directors, hence, believe that companies should face severe penalties if they fail to keep customers’ data safe.

Seven in 10 board members have demanded stricter punishment for those who fail to meet basic cyber-security requirements.

The issue came in the wake of the major yahoo security breach. The breach affected the names, passwords and information of 500 million users in 2014, but it was discovered only recently.

The research, which surveyed 200 directors from companies with more than 500 employees, found that 71 percent believe companies should be penalised for failing to meet basic cyber security requirements.

Rob Cotton, NCC’s chief executive, said big companies were often the most unworried about cybersecurity, with directors themselves refusing to take responsibility for safety.

“For years it hasn’t been taken seriously enough in boardrooms across the country and while these results don’t prove that it’s now being managed appropriately, they do show that directors are realising that greater scrutiny and oversight from regulators and government will stimulate the necessary action and help drive-up standards,” he said.

At present, security failings are punishable with a fine of up to £500,000 from the Information Commissioner’s Office (ICO). EU data protection rules due to come into force in 2018 will create penalties of up to 4pc of global revenues or up to €20m (£17m), but it will be up to national regulators to enforce the rules.
Read more »

After two years of hack, Yahoo admits

It seems that everything is not going well for Yahoo! After Recode broke the news of hack of  500 million Yahoo users’ private data last Thursday. Now, The New York Times had reported that top executives, including CEO Marissa Mayer, knew about the security lapse and chose to ignore the vulnerabilities.

According to the reports, the security team at Yahoo “Paranoids,” that in 2014, Google and many other technology companies were hit by the attack. While Google chose to disclose about the hack and  investigated the security lapse. They invested   “hundreds of millions of dollars in security infrastructure” to find the solution of the vulnerabilities.

Whereas, the top security officials at Yahoo,  turned down the Paranoids requests to disclose about the hack, and force users to change their passwords, and push for end-to-end encryption for all emails.

Instead of confronting the issue, and taking requisite steps to solve it, the executives decided to bury the news as they felt that this would lead users to seek out to other email clients.

 Nearly after  two years of the hack, Yahoo finally broke the news of the hack, “names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions” were compromised in the hack.

Read more »
Subscribe to: Posts (Atom)