Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Two Arrested for hacking Washington's CCTV Network


UK's National Crime Agency has arrested two suspects who allegedly hacked the  CCTV network of Washington and installed ransomware.

An NCA spokesperson confirmed the news via email  to Bleeping Computer, "We can confirm that NCA officers executed a search warrant at an address in Natal Road, London SW16 on the evening of Thursday 19 January. A man and a woman were arrested and later bailed until April 2017. Enquiries are on-going and we are unable to provide further information at this time."

According to the British media, both the suspects are above 50, one is a British Man, while another one is a Swedish woman.

Both of them were arrested at the  request of the US government. They are the main suspects of  a cyber-attack that hit the US capital a week before President Trump's inauguration.

Investigators found out that they broke into the network of the CCTV of Washington, DC, and installed a ransomware behind it which  affected 123 of 187 video recording systems, that is around 65% of all of the US capital's camera surveillance system.

The CCTV hijacks took place between January 12 and 15.

However, IT staff managed to uninstalled the ransomware and reinstalled software on all affected machines.  As a result, city officials didn't had to pay the ransom demand. The CCTV systems were back and fully functional in time for President Trump's inauguration ceremony.

The investigation was done jointly by the Secret Service and the FBI.  They found two different ransomware strains on the compromised systems.

Read more »

New Ad Malware in Play Store


Software Company, Symantec has revealed three malicious android apps that click on ads without their user's knowledge by fooling the security scanners. After the revelation, Google had removed those apps from the Play Store.

All The three apps are related to battery improvement, mimicking the likes of Battery Doctor and Clean Master, the two most popular android apps to improve a phone’s battery life.

Two of the apps-Fast Charge 2017 and Fast Charger X3 Free have been downloaded between 10,000 and 50,000 times in North America. The third, Clear Master Boost and Clean, has been downloaded between 5,000 and 10,000 times. All three used delayed attacks, self-naming tricks, and an attack list dictated by a command and control server to prevent users from learning their real purpose or stopping them from earning their creators some more money. Given their popularity, the difficulty with which they are stopped, and their ability to receive new targets from central servers, the apps could earn their operators a pretty penny.

"By triggering malicious behaviour on a delay, malware can trick victims into blaming subsequently installed apps for strange behaviour they’re observing," Symantec researcher, Shaun Aimoto said. "This mechanism also thwarts attempts by AV programs using dynamic analysis because the delay often leads to dynamic analysis exiting before it detects the threat.”

Symantec found that these apps used one name on the home screen while they hid under a different process name. For example, the ‘Fast Charger’ hid under the process name ‘android’ and once when the app hides by deleting itself from the launcher, all that’s left is a process called ‘android’. Fake app name will wait for hours after being installed, and once the timer ends, will request their command-and-control (C&C) server a list of ads or apps to show or install on the contaminated device.

Another trick used by these apps is self-renaming. For example, the apps titled Fast Charger would rename their process name as "android." Users inspecting the Settings/Apps section of their phone would have no idea which of the 2-3 services titled "android" is the real OS, and would most likely leave them alone, fearing not to crash their phone.

Ad-focused schemes can be quite lucrative. These apps are an easy way for someone to make a buck. And, unlike other Android malware, these apps didn't pose as a popular game or use a third-party marketplace to do it.

To avoid being the victim of such malware, Symantec suggests to keep your software up to date and to not download apps from unfamiliar sites but only from trusted sources. The users should pay close attention to the permissions requested by apps which are an uncommon habit in people. The software giant also suggests installing a suitable mobile security app, such as Norton, to protect your device and data and make frequent backups of important data.
Read more »

The changing face of ransomware attacks

(pc-Google Images)
An Austrian hotel was recently attacked by a ransomware which lead to the lost control of its door locks, keeping new guests stranded in the lobby.

A police department in Cockrell Hill, Texas abandoned years of video evidence and digital documentation after being struck by a ransomware encrypting all the data. In Washington, DC, the police couldn’t access its CCTV footage storage system days before Donald Trump’s inauguration. All of this news came out in the last week, stemming from a rapid escalation of how ransomware is deployed. And it’s only going to get worse.

Ransomware has existed in various forms for over a decade. In a classic ransomware scenario, malware storms your computer, encrypts your data, and won’t give you the decryption key unless you pay a fee, usually in Bitcoin.

At this point, ransomware attacks cash in a swooping $1 billion-per-year business. And, more importantly, the trend is creating collateral damage like never before.

In its own way, ransomware is not dissimilar from other types of cyberattacks, which have increasingly targeted corporations with large databases of consumer info—think of how many times you’ve been forced to change your passwords and credit card credentials lately—over one-off consumer grabs.

“That’s really a huge change, that ransomware is actually ransoming back the ability to do business,” says Jack Danahy, CTO of cybersecurity firm Barkly.

Cybersecurity firm Carbonite and The Ponemon Institute, an independent research group conducted a joint survey where it was found out that more than half of the ransomware attacks taking place in the corporate world start with an employee using an enterprise device for personal tasks. Forty percent of corporate victims in the same survey said that ransomware spread across devices in their networks. Sometimes, all it takes is one person’s errant click to take down an entire system, especially if ransomware has circulated and can activate on many devices at once.
Read more »

AFTER KASPERSKY, FSB OFFICIALS FACE TREASON CHARGES

(pc-Google Images)
Two of Moscow’s top cybersecurity officials are facing treason charges for cooperating with the CIA. The accusations further highlight intrigue to a mysterious scandal that has had the Moscow rumour mill working in overdrive for a past week now, and come not long after US intelligence accused Russia of interfering in the US election and hacking the Democratic party’s servers.

Sergei Mikhailov was deputy head of the FSB security agency’s Centre for Information Security. His arrest was reported in a series of leaks over the past week, along with that of his deputy and several civilians.

According to earlier reports in the Russian media, Mikhailov was arrested some time ago, in theatrical fashion, during a plenary session of the top FSB leadership: a bag was placed over his head and he was marched out of the room, accused of treason.

His deputy, Dokuchayev, is believed to be a well-known Russian hacker who went by the nickname Forb, and began working for the FSB some years ago to evade jail for his hacking activities. Together with the two FSB officers, Ruslan Stoyanov, the head of the computer incidents investigations unit at cybersecurity firm Kaspersky Lab, was also arrested several weeks ago.

Kaspersky confirmed last week that Stoyanov had been arrested and was being held in a Moscow prison, though it said the arrest was not linked to his work for the company. Interfax said four people had been arrested and a further eight were potential witnesses in the case.

On Tuesday, Life, an online news portal with close links to the security services, reported that FSB agents had searched Mikhailov’s home and dacha and found more than $12m (£10m) in cash stashed in various hiding places.
Read more »

RANSOMWARES AT LARGE, BREAK INTO GOVERNING BODIES

(pc-Google Images)
In another interesting series of what happens when you don’t manage your backups correctly, the Licking County government offices, including the police, have been shut down by ransomware. Although details are sparse, it’s clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up.

According to Newark Advocate's Kent Mallett;

The virus, accompanied by a financial demand, is labeled ransomware, which has hit several local governments in Ohio and was the subject of a warning from the state auditor last summer.

All county offices remain open, but online access and landline telephones are not available for those on the county system. The shutdown is expected to continue at least the rest of the week.

The county government offices, including 911 office, currently has to work without computers or office phones. “The public can still call 911 for emergency police, fire or medical response,” wrote Mallett.

These sorts of attacks are becoming more prominent and, as mentioned earlier, can be avoided with good backup practices. Sadly not every computer in every hospital, county office or police department is connected to a nicely journaled and spacious hard drive, so these things will happen more frequently and with ease. Luckily it improves cryptocurrency popularity as these small office finally give up and buy bitcoin to pay their ransom.
Read more »

Severe Content Injection Vulnerability on WordPress Website

People goes after anything that is free without thinking about any consequences. WordPress is one of the most popular and easy to handle content management system (CMS) in the world. So a small security flaw in its system does a huge damage and affects millions of users.

Security researchers at Sucuri found out that WordPress websites are vulnerable to a critical and easily exploitable zero-day Content Injection vulnerability.

The  Content Injection or Privilege Escalation vulnerability affected the REST API, which allowed hackers to modify or change the content of any post or page on the WordPress website. However, the researchers immediately reported the vulnerability to WordPress security team.

Those who have still not updated their WordPress to the latest version 4.7.2, an update was released on 26 Jan, are now at a greater risk.

A security researcher, Marc-Alexandre Montpas from Sucuri wrote in his blog post that“This privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0. One of these REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows visitors to edit any post on the site. The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1. If your website is on these versions of WordPress, then it is currently vulnerable to this bug.”

He further wrote that  “This is a serious vulnerability that can be misused in different ways to compromise a vulnerable site. We are hiding some technical details to make it harder for the bad guys, but depending on the plugins installed on a site, it can lead to an RCE (remote command execution). Also, even though the content is passed through wp_kses, there are ways to inject Javascript and HTML through it. Update now!”

If you or you know anyone who still uses the old version of WordPress, it is high time for them to update their website to the latest version. 
Read more »

Phishing attack on PayPal



Sometimes back Gmail users were targeted with a phishing scam while recently PayPal has been affected by a similar phishing attack. PayPal is one of the most used online payment systems in the world hence it is a perfect target for cyber criminals.The phishing scam was targeted to steal all the PayPal users login credentials, confirmed Eset, a cyber security firm.

In phishing attacks, email-hackers usually send fake emails to the users tricking them to click on links embedded email, and then steal all the needed information while fooling them through the illegal link. Similar to this , in this scam hackers sent fake emails tricking users into believing that their PayPal account has been limited and can be resolved through contacting the official PayPal and making them click on the illegallink embedded in the email. However, the bad grammer and syntax used in the email was indicator of the fact that email was sent through some suspicious way and not by the PayPal team.

After clicking on the login tab and filling all the login details with PayPal email and passwords users were taken on a website which looked like an official PayPal account but had nothing to do with PayPal , here warning page was displayed explaining how user's account was put on restriction and instructing them that in order to claim their account back they need to click on "continue " tab , this was just to fool users to take them to other website. Now after taking users to other official looking PayPal website, the website asks for users full address, city, state, zip/postal code, country, phone number, mother’s maiden name, date of birth and social security number (SSN). This kind of scams happen very frequently and this incident shows that Scammers were not only after PayPal credentials but were looking for more.

Since online payment systems never asks for users SSN number, unsuspecting users can identify a scam here.Cyber criminals are after user's family and financial details so to conduct large scale identity scam using their credentials or to carry some other scam on another network .


Although this scam uses a fake email to steal PayPal login,  in the past scammers used government emails for similar scams. Also, there are several other scams targeting PayPal users including “Confirm new security question scam, suspicious activity scam, payment made without permission scam , changes to legal agreement scam, sending phishing links in text messages. However to protect yourself from phishing attacks never download any unknown file and never click on link sent by unknown sender and check Hackread’s exclusive report explaining how one can identify and protect themselves from phishing scams.

If you have an account on PayPal, it is advisable to log in to your PayPal account by entering the web address into your browser’s address bar or via an official PayPal app. The PayPal website has a verified green signature .

Read more »

RANSOMWARE ATTACK IN D.C. COMPROMISED CCTV NETWORK

(pc-Google Images)
A ransomware infected storage devices used by the Washington DC CCTV systems, eight days before the inauguration of President Donald Trump and affected 70% of the network.

The attacks took place between 12 and 15 January, the ransomware infected 123 of 187 network video recorders, each controlling up to four CCTVs in a specific area. IT staff was forced to clean up the systems to restore the situation, fortunately, the ransomware did not affect other components of the Washington DC network.

“City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. Thecyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.” states the Washington Post.

The first traces of the attacks were discovered by the Police on Jan. 12 D.C. when the authorities noticed four camera sites were receiving glitches. Experts at the city technology office then investigated and found two distinct ransomwares in four of the sites, then they extended the analysis to the entire surveillance network and wiped all the infected equipment.

Interim Police Chief Peter Newsham confirmed that the issue was resolved within 48 hours and there was “no significant impact” overall.

There are some points still no clear:

• Did the local police receive a ransom request? For sure they did not pay it.

• It is no clear if valuable data was lost in the attack or if the police were able to decrypt information for free, for example by using tools like the No More Ransom.

• Who is behind the attack? Cyber criminals that acted to extort money or hacktivist that tried to shut down the CCTV cameras to avoid being recorded during the street protests.

City officials declined to comment.
Read more »

Indian court grants ‘Right To Be Forgotten’ in a rare case


In the Internet age when the information is at a step of a click, it’s difficult to be hidden but in a rare case to protect the dignity of a woman, the Karnataka High court made a landmark judgment and accepted the a woman’s plea for ‘Right to be Forgotten’ as she did not want her name to appear on search engines in association with digital records of the High Court of a previous case.

The High Court directed its Registry that no internet search in the public domain would reflect the name of the woman since it was her ‘right to be forgotten’.

The “right to be forgotten” or “the right to be erased” allows an individual to request for removal of his/her personal information/data online. This right originated from the French jurisprudence which was known as ‘right to oblivion’ or Droit à l’oubli. The rationale behind it was to allow offenders who had served their sentence to object to the publication of information regarding their crime and conviction in order to ease their process of social integration. It was along these lines that the European Union Data Protection Directive, 1995 acknowledged the right to be forgotten, wherein it was stipulated that the member states should give people a right to obtain from the ‘controller’ the rectification, erasure or blocking of data relating to them, the processing of which did not comply with the provisions of the Directive.

Our Constitution guarantees important fundamental rights, such as the right to equality, freedom among others. Apart from these, some Western countries have embraced several more, and 'Right to be Forgotten' is one such which is in trend these days.

The ‘right to be forgotten’ has been in practice in the European Union and Argentina since 2006.

Justice Anand Bypareddy, while passing an order in a writ petition, directed its Registry to make sure that an internet search made in the public domain would not reflect the woman’s name in a previous criminal order passed by the same High Court.

The woman’s father had approached the High court seeking directions to mask the woman’s name in an earlier order passed by the High Court. The petitioner had stated that his daughter feared grave repercussions if her name was associated with her earlier case and it would affect her marriage and reputation and thus requested the removal of his daughter’s name in the digital records maintained by the High Court and that it should not be visible in any of the internet search engines, including Google and others.

The court accepted the plea, however, made it clear that as far as a certified copy of the order is applied for, the name of the petitioner’s daughter would certainly be reflected in the copy of the order.

She had previously filed a case against a man who she said she was not married to, and so the marriage certificate should be annulled. However, the parties arrived a compromise, and she withdrew her complaint. So the High Court quashed the case against the man.

The ‘right to be forgotten’ has raised several questions around free speech and privacy and this decision could be the beginning of further debates on how the right can be exercised in India.
Read more »

Dark Web Paying Corporate staffs to Leak secrets

This is not the first time when 'Dark Web' is in news for their notorious deeds, this time they are in news for paying corporate workers to leak information most importantly stock prices (earnings reports etc).

 After this people are constantly asking about the ‘Dark Web’ which is famously known as ‘Dark Net’, a name which existed way before Tor did.

The research revealed that 'Dark Web' is paying staff to leak corporate secrets.

The Hackers from US-based risk management outfit RedOwl and Israeli threat intelligence firm IntSights worked together to access the private darknet property Kick Ass Marketplace and found out evidence of staff selling internal corporate secrets to hackers. While in some cases, staff even help hackers to infect their company networks with malware.

To access the insider information one just has to pay a subscription of up to one bitcoin a month.
The site is run by “h3x”,  who claimed to be a “self-taught cryptographer, economist, investor, and entrepreneurial businessman”.

h3x said that "Kick-Ass Marketplace boasts seven administrators, including three hackers and two trading analysts who observe financial markets and vet the integrity of stolen data before posting it to the site."

Three hackers studied another dark website, they dubbed The Stock Insiders, they recruited retail staff as mules to help cash out stolen credit cards for reliably-resellable goods like Apple iPhones.

The report released by them includes: "Posts where fraudsters seek help from strikers, people willing to walk into stores with stolen credit cards pretending to be legitimate account holders who approach cooperating sales clerks to buy goods."

The trio said insider recruitment is “active and growing” with chatter across public and private forums about the subject doubling from 2015 to 2016.

“The dark web has created a market for employees to easily monetise insider access,” the researchers say.

“The dark web serves as a vehicle insiders use to cash out on their services through insider trading and payment for stolen credit cards.

“Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organisation’s perimeter security [and] as a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk.”

Insider theft can be disastrous for some organisations. In Australia, theft of sensitive corporate information including designs and customer records can be considered a civil rather than criminal matter, leading to very lengthy and expensive lawsuits."
Read more »

WordPress secretly fixes serious security vulnerability


The core development team of WordPress revealed that a critical zero-day vulnerability was quietly patched by a recent update to the content management system.

The vulnerability was discovered by a website security company, Sucuri and was informed to WordPress on January 20, following which the content management site’s team got as many hosts and security providers aware and patched before this became public.

The flaw could allow unauthenticated users to modify any post or page on a Wordpress site which was a bad news for news organisations like Time, Fortune, and USA Today. Tech companies like IBM, Microsoft, Facebook and many others were equally at risk because this lends itself to a garden variety of vandalism. The vulnerability could be used to introduce harmful links into otherwise benign content. These links could take users to sites that install malicious software on their computers or even be utilised as one element of a larger phishing scam, using the WordPress site as cover.

WordPress said that its technologies power 27% of the internet.

According to Campbell, after learning about the flaw, WordPress developers reached out to security companies that maintain popular web application firewalls (WAFs) so they could deploy protection rules against possible exploits. They then contacted large WordPress hosting companies and advised them on how to implement protections for their customers before an official patch was released. Data from these organisations showed no indication that attackers had been able to exploit the issue.

WordPress version 4.7.2 was released on January 26 as a security update, but the accompanying release notes mentioned only fixes for three moderate risk vulnerabilities, one of which did not even affect the platform's core code. A week later, on Wednesday (February 01), the WordPress security team disclosed that a fourth vulnerability, much more serious than the others, was also patched in version 4.7.2.

The vulnerability was kept quiet at the time, because a fix had to be developed, and making the issue public could potentially have allowed malicious entities to take advantage.

All WordPress users are encouraged to make sure that they have updated their installation to version 4.7.2, as otherwise their site could be hijacked.

The vulnerability affects only WordPress 4.7 and 4.7.1, where the REST API is enabled by default. Older versions are not affected, even if they have the REST API plug-in. It’s possible that criminal entities could use the vulnerability to target WordPress installations that aren’t up to date. Version 4.7.2 has been available since January 26, but users that don’t have automatic updates activated. They will need to initiate the process manually.

WordPress is the most popular website-building platform, which makes it a very attractive target for hackers. It only takes a moment to check that you’re up to date — but if hackers manage to exploit this vulnerability on your site, you’re in for a much bigger headache.
Read more »
Subscribe to: Comments (Atom)