Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

CryptoLuck Ransomware is the new attack


Proofpoint security researcher and exploit kit expert Kafeine have discovered a new ransomware known as CryptoLuck which is being discovered by the RIG-E exploit kit. This uncommon distribution may account for a larger amount of victims.

Kafeine claims to have spotted the distribution through malvertising on the Adult websites and there is a possibility that it is distributed through other compromised sites as well.

Ransomware is what appears to be the most dangerous virus due to the low chance of recovery. CryptoLuck infects the victim’s system through the legitimate and code signed program from Google called GoogleUpdate.exe executable and DLL hijacking. Once infected, all valuable user data will be locked with .(victim’s ID)_luck extension and a ransom note will appear reading, “@WARNING_FILES_ARE_ENCRYPTED.(victim’s_id).txt” and 72 hours will be given to pay a 2.1 bitcoin or approximately $1,500 USD as ransom. Victims will be also requested to contact developers at email: YAFUNN@YAHOO.COM. This ransomware may also be dubbed: YafunnLocker ransomware, Yafunn ransomware, Luck ransomware or LuckLocker ransomware.

When CryptoLuck scans files to encrypt, it will skip the ones with following strings and target all others.

WINDOWS Program Files
Program Files (x86)
ProgramData
AppData
Application Data
Temporary Internet Files
Temp
Games
nvidia
intel
$Recycle.Bin
Cookies

Since removing malware manually may require high computer skills and knowledge, it is bet advisable to use an anti-malware tool.

Ransomware attacks are rising to disturbing levels which are making cybercrime more dangerous. While good ransomware can be trusted to return the access after payment, the low-quality ransomware is always doubtful because they don’t work as expected. Files are unlocked after receiving the ransom with the help of RSA key which is stored at developers command and control server (C&C).

Many suggest that if one falls a prey to the attack, they should pay the ransom and hope that all the data gets back, however in this case one has to risk losing money and still be not sure if the files will be unlocked or not.

The best option is to have a backup on a hard drive and perform a system restore. To remove the ransomware, any anti-malware software can be run on the system which will remove the virus but the files will remain locked. One has to decrypt the files but before performing it one should scan the computer for possible data loss.
Read more »

Cybersecurity firms warned Tesco before theft


Last weekend cyber criminals broke into the computer systems of Tesco bank and stole £2.5million from the current accounts of 9,000 customers, making it the largest ever cyber-attack on a UK bank to have resulted in a major loss of money. One in 15 of the bank’s 136,000 current accounts were affected.

The online bank was reportedly warned about the breach by some of the cybersecurity firms much before it took place. Companies had discovered posts on various dark web forums whose members had described the lender as being a "cash milking cow" and that it was "easy to cash out" but the online bank had ignored the warning.

However, after being hit by the breach Tesco Bank responded quickly by suspending all online debit transactions – including contactless card payments – to prevent further criminal activity though cashpoint withdrawals and the use of chip and PIN card payments were still permitted.

It is not yet clear if there is any link between the breach and the claims. The bank declined to give details of the crime.

Normal services resumed by November 08 and refunds were initiated.

According to a report in the Sunday times, the money stolen was used to purchase thousands of low-priced goods using contactless mobile phone payments in Brazil and the US.

Tesco Bank has said that it will work with authorities and regulators to investigate the ‘systemic and sophisticated attack’. Meanwhile, an investigation is being led by the National Crime Agency.
Read more »

Indian Embassy website in New York hacked



Indian Embassy inNew York  has been hacked and leaked by Kapustkiy on Pastebin.com (http://pastebin.com/Akm9x4dD) on Saturday.

The hacker published the two database named   indiacg3_cginewyork and information_schema which has total 13 tables, and in newyork_registration table, there are 418 entries. However there was a table named ''Newyork_contact'' which had 7000 entries, but the hacker didn't publish it because it had a lot of private information of the victims.

The columns in newyork_registration tables are first name, last name, email-id, and mobile number.
On his blog, he wrote: " Its me Kapustkiy, A few weeks ago I breached several websites that were related to the Indian S***Embassy. "

"So I thought they will fix all the vulnerable in there domains and also look at there other domains that maybe could have a simple ''SQLi'' vulnerable."

The reason behind this hack was that the admin did not pay heed to his previous warnings.  "I'm tired to report all the errors that I find in a there website that I decided to breach them, NOW FIX YOUR SECURITY F***** ADMINS!"

Last week only  Kapustiky has informed about the hack of  seven Indian embassy website in some parts of Europe and Africa.
Read more »

BRITS lives on stake by ransom hackers


It has been warned that cyber criminals will target hospitals across the UK by demanding ransom which will leave thousands of BRITS patients without treatment as the operation theaters will also be shut down to get cash.

Cyber gangs are already attacking NHS trusts and private healthcare organizations to extract ransom but the matter is going to worsen in future. Hackers can take over hospital systems simply using an email download link or booby-trapping a website they know employees will visit. As the employees will click on the malicious link, the software will infect the system and destroy all the stored information.

The hospital systems are loaded with patient’s data and schedules which are necessary for everyday running of the hospital. With the information stolen, the hospital management will be forced to pay the ransom and if not the hackers could then threaten to switch off life-saving kit mid-operation which can be a critical situation, say experts.

More than 26 NHS trusts were targeted by ransom hackers in the past 12 months, according to web company NCC Group. Last week only, three hospitals were forced to shut down as a computer virus had struck down the systems.

The October 30 attack is yet to be confirmed if it was a ransom attack or not but the attack had affected thousands of patients across three hospitals in Goole, Grimsby and Scunthorpe. Several appointments and operations were canceled till November 01.

Between 2015 and 2016 ransomware attacks grew eightfold.

Hospitals in the US have already begun paying out ransoms to hackers after they targeted their systems. One of them in Los Angeles paid up to 12,000 earlier this year.

Medical facilities are usual preys to cyber attacks due to the sensitive nature of the data they store and the urgency of healthcare services thus attracting cybercriminals like bees to honey.
Read more »

Virgina and Wisconsin University's website hacked







The Virgina  and Wisconsin University's  website has been hacked and  published by a hacker  Kapustkiy  on  pastebin.com on 12 November.

The hacker hacked the two sub domains of the Virgina university and e-library website for course work material of the Wisconsin University , and the reason he gave behind this act is that the university didn't reply to his query. "For ignoring me they don't reply to my emails," he wrote in his blog post.

The hacked subdomains of the  Virgina university  include the ECE Engineering department website ( www.ece.virginia.edu)  and the another one is its MEMS laboratory ( www.mems.ece.vt.edu). The hacked database of the laboratory contains 73 tables, and in the users table, there are 11 entries which have a unique identification number of the students, their login number, password, email-id, access, and name. And in table named  mems_validation  there are  total 129 entries.

The Wisconsin University's e-library was hacked by the hackers. In the database published, there were total 67 tables. The table named users contained 37 entries which are the  most number of entries. User table  includes the first name, last name, phone number, city, and zip code of the victims. The other two tables Staff and Block email have 20 entries and 17 entries each.

This is not the first time that any university has faced the hack, from now and then the universities around the world are facing this kind of attack. 
Read more »
Website Hacked
Website Hacked

Paraguay Embassy website hacked in Taiwan



Paraguay embassy website has been hacked in Taiwan by Kapustkiy, and the hacked database is published on pastebin.com(pastebin.com/1f0EbeDs).

The leaked database is written in a chinese language which raises questions that there is the involvement of the Chinese hackers in this.

The targeted website is www.embapartwroc.com.tw, they revealed the name of the current user:  cboss@localhost, targeted the SQL version of  4.1.22, current DB, and the system user.

The leaked database has six tables such as  the name of the company, their contact details,  downloads, news, pages, and the product. The table contact has five columns with 1119  entries and company table has nine columns with 55 entries.

The company table includes the company name, email-id, password, and ename. While, the contact table has a name, mobile number, and email id.

It has been less than a week when websites of the Indian embassy in seven countries has been hacked and published in the same  manner on the website (Pastebin).


Read more »

'Your Smart Watch Can Divulge Your ATM Pin'

(pc-Google Images)
Are your smart devices that smart to not give away your secrets? Well, a recent study reveals that they are not and might give away your personal information, including your passwords or ATM pins.

Scientists from the Stevens Institute of Technology and Binghamton University say that if you combine data from embedded sensors in wearable technologies, such as smart watches and fitness trackers, with a PIN cracking algorithm; you have an 80% chance of identifying a PIN code from the first try and an over 90% chance of cracking it in 3 tries.

Led by Professor Yingying Chen from the Stevens Institute of Technology with the assistance of four graduate students: Chen Wang, Xiaonan Guo, Yan Wang and Bo Liu, conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months.

"This was surprising, even to those of us already working in this area," says Chen, a multiple-time National Science Foundation (NSF) awardee. "It may be easier than we think for criminals to obtain secret information from our wearables by using the right techniques."

"There are two kinds of potential attacks here: sniffing attacks and internal attacks. An adversary can place a wireless 'sniffer' close to a key-based security system and eavesdrop sensor data from wearable devices. Or, in an internal attack, an adversary accesses sensors in the devices via malware. The malware waits until the victim accesses a key-based security system to collect the sensor data”, added Chen.

Yan Wang from Thomas J. Watson School of Engineering and Applied Science at Binghamton University who is a co-author of the study said, “Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers.”

The team has been able to develop a backward-inference algorithm to predict four-digit PIN codes after obtaining from accelerometers, gyroscopes and magnetometers data from the devices.

The researchers are working on the countermeasures for this problem but suggest that developers "inject a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step counts".
Read more »

Google denies European commission's allegations

Google has denied  the  allegation that its Android operating system is preventing other alternative software and services from flourishing.


In 2015, the European Commission has said that they  would investigate the reports that claim they are misusing their power: "abused its dominant position" and "hindered the development" of rivals.


The European Commission is investigating whether Google:


  • gave incentives to manufacturers to exclusively pre-install Google apps and services on devices
  • barred manufacturers from using modified or "forked" Android code if they wanted access to Google services on some of their devices
  • bundled apps and services with other Google products


In April this year, the EC filed charges that could impose a fine up to  $7.4bn (£5.9bn),  or 10% of its global revenue. According to them, the Android operating system prevents the users from choosing other, non-Google default search engines and browsers.

Kent Walker, senior vice president and general counsel for Google, wrote in his blog post: “Android hasn’t hurt competition, it’s expanded it. Android is the most flexible mobile platform out there, balancing the needs of thousands of manufacturers and operators, millions of app developers and more than a billion consumers. Upsetting this balance would raise prices, hamper innovation, reduce choice and limit competition.”

In its blog, Google has objected  to several of the commission’s allegations.

Walker said: “The commission’s case is based on the idea that Android doesn’t compete with Apple’s iOS. We don’t see it that way. We don’t think Apple does either. Or phone makers. Or developers. Or users.

“To ignore competition with Apple is to miss the defining feature of today’s competitive smartphone landscape.”

The company has accepted that they offer incentives to  phone-makers  to exclusively pre-install Google apps, Play store, Chrome.

"We do offer manufacturers a suite of apps so that when you buy a new phone, you can access a familiar set of basic services," the company said in a blog.
Read more »

Trump’s victory crashes Canada’s immigration website



As Donald Trump was voted as the 45th American President on Wednesday (November 09), the immediate aftermath of the situation was born by Canadian immigration website which crashed due to heavy traffic posting a "500 - Internal server error" message.

It seems not only celebs but many other US citizens are planning to flee Trump’s presidency. The tycoon confounded polls predicting he would lose to Hillary Clinton.

The official website for 'Citizenship and Immigration Canada' was made inaccessible to visitors during the US election vote “as a result of a significant increase in the volume of traffic," said Lisa Filipps, spokeswoman for Immigration, Refugees and Citizenship Canada.

Moving to live in Canada involves applying to get permanent residency in the country. Canada’s website usually offers ways of applying either to live in or become a citizen of the country but the people accessing the site at that point of time could see only long loading page with no proper access.

“Shared Services Canada worked through the night and continues to work to resolve the issue to ensure that the website is available for users as soon as possible," said a spokeswoman.

The website was restored the next morning, however, it was running slow.

The problem was widely commented about on social media.

Canada's official Twitter account appeared to reference the election result in a tweet just as it became clear that Trump was about to win the race for the White House.

“In Canada, immigrants are encouraged to bring their cultural traditions with them and share them with their fellow citizens,” read the tweet.

There's no guarantee the two things were related, but given the loud insistence of many Americans, every election cycle, to move north in the event of an unfavorable outcome, it's not a huge leap to assume that some despondent voters were exploring options.

Celebrities including Bryan Cranston, Amy Schumer, Cher and Barbra Streisand have all declared their plans to flee under Trump presidency.

A similar rush for the exit was seen in the UK in the wake of the 2015 general election and this summer's Brexit vote.

Canada has been praised for taking in refugees from a range of countries in recent months. The government has run a campaign to welcome people fleeing the war in Syria, for instance.
Read more »

Merkel: Russian hackers could interfer in German election

German Chancellor Angela Merkel has said that Russia could try to influence Germany’s general election which is  due next year through cyber-attacks or disinformation campaigns after Washington blamed the Kremlin for meddling in the US presidential battle.

On Tuesday, during a press conference alongside the Norwegian prime minister,  Erna Solberg,  the German chancellor said, “We are already, even now, having to deal with information out of Russia or with internet attacks that are of Russian origin or with news which sows false information. "

She  further said  that dealing with this kind of activity is a 'daily task', and added: 'So it may be that this could also play a role during the election campaign.'

However, every time the Kremlin has  dismissed the  allegations  of interfering with the US elections.

Last month only the US government  formally  accused the Russian government of trying to hack and interfere in the US elections.

Earlier this year, Germany has accused Russia of a series of international cyber spying and sabotage attacks. The comment came in response to a query that whether Russia will try to influence next year's Germany's general election.

The general election in the country will be held in September next year.
Read more »

WikiLeaks hit by DDoS attack


The whistle blowing platform, WikiLeaks tweeted on Tuesday (November 08) that the group was hit with distributed denial of service (DDoS) cyberattack over the last 24 hours. The assault involved thousands of unique IP addresses.

WikiLeaks founder, Julian Assange denied influencing the outcome of election in Donald Trump's favor.

“We have been under unrelenting DDoS attacks over the last 24h,” tweeted, Wikileaks.

Visitors to the site received an error message when they tried to click into hacked emails from John Podesta, the Clinton campaign chairman which were leaked by the anti-secrecy organization. The group had released over 8,000 fresh emails from the Democratic National Committee (DNC) and Hillary Clinton's inner circle.

However, WikiLeaks was restored later, there has been no further explanation as to how big the DDoS attack was or where it originated from.

Wikileaks had been criticized for its efforts to influence the U.S. presidential election by releasing damaging information about Hillary Clinton. The organization has published thousands of emails stolen from DNC officials, but has not released any material hacked from Republican accounts.

In a statement posted online, Assange wrote that his organization would have revealed information about Donald Trump if it had any.

Wikileaks has also been accused of colluding with Russia to meddle with the election on behalf of Trump, an accusation that the group denies. The US government has said Russia was responsible for hacking some of the e-mails from the private account of Podesta.

Both WikiLeaks and Russian government have denied involvement with DNC hacks.

Whether WikiLeaks had tried to influence the voters against Clinton is not clear yet, but it seems the leak had a negative impact on Clinton’s votes and Trump was made the 45th President of The United States of America.
Read more »
Subscribe to: Comments (Atom)