Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

NSA Hacked, Robbed, Mocked, and Breached by an anonymous hacker.

United States's intelligence agency, the National Security Agency,  is considered as one of the world's largest and secretive intelligence agency, has been reportedly hacked, robbed, mocked, and breached by an anonymous hacker.

A cybersecurity expert who worked with on the NSA's hacking group, Jake Williams had written on his company blog that the Shadow Brokers, a mysterious group has obtained many of the hacking tools the United States used to spy on other countries.

NSA has been accused of cyberstalking of US as well as foreign citizens. It complies huge data troves of data was breached by the group.

“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”

Mr. Williams now founded a cybersecurity firm Rendition Infosec.

"These leaks have been incredibly damaging to our intelligence and cyber capabilities," Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency told the Times. "The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected."

However, according to another NSA source, the attack was possible due to the NSA's fault.

“It’s a disaster on multiple levels,” Mr. Williams said. “It’s embarrassing that the people responsible for this have not been brought to justice.”

Read more »

Hackers can use antivirus software to spread malware

As the threat of malware grows more and more dangerous every day, antivirus programs evolve and help to keep our systems protected. But how do you safeguard your computer if the protector of your digital friend can’t be trusted?

A newly-discovered exploit could allow malware to escape quarantine and infect your system. A vulnerability found in several antivirus solutions gives an attacker a way to bypass usual mechanisms and gain full control of sensitive file system areas.

Florian Bogner, an Austrian IT security professional, dubbed the exploit as 'AVGater. Many AV software provides functionality to quarantine files, but the users can restore the quarantined files whenever they want. ' Bogner detailed his findings in a blog post late last week, explaining that it takes advantage of the function of modern antiviruses to take out a certain entry from quarantine, and place it somewhere else on the host system to re-introduce the malware. This is a fundamental capability in most security packages.

When antivirus software finds a new threat on your device, it usually quarantines it to prevent it operating. The malware isn't deleted entirely though, in case it was detected as a false positive or the file's required for investigative work. If you need to, you can restore the malware from quarantine and put it back on your machine.

Using AVGator a local attacker can manipulate the antivirus' scanning engine to bring the malicious file out. Typically, a non-administrator user would not be allowed to write a file to system folders like 'Program Files' or 'Windows', but by abusing NTFS directory junctions, access to these directories would be granted.

To be able to do all of this, however, the attacker must have access to the computer they want to infect; enterprise customers can be seen more as the ones who can be a target, as users could accidentally or even intentionally release a file from quarantine, potentially infecting others on their network.
Read more »

Hackers deface 800 US school websites with pro-Islamic State messages

The latest target of pro-ISIS hackers is none other than 800 school websites across the United States.

Early morning on November 6, the websites for schools and school districts were hijacked and redirected to a YouTube recruitment video in Arabic and the statement “I Love Islamic State” in English with an image of former Iraqi dictator Saddam Hussein on a black background, according to Jim Brogan, director of technology services for schools in Gloucester County, Virginia.

The attack, which lasted a few hours, affected schools in Arizona, Connecticut, Virginia and New Jersey. The hack also affected private companies and government websites.
This should all ring a bell, given that hackers going by the same name have been more or less making the same defacements for years. Namely, a photo of Hussein accompanied by an Arabic message seen on an IS flag that reportedly reads “There is no god but Allah” and “Mohammed is the Messenger of God.”

“Unless we have irrefutable evidence to suggest otherwise, we need to assume confidential data has been compromised,” Hamid Karimi, vice president of business development and the security expert at Beyond Security. “That should be a cause for concern. To remedy the situation, all schools and institutions that serve minors must submit to (a) stricter set of cybersecurity rules.”

According to the International Business Times, the web hosting company, SchoolDesk that services the school websites, which spanned nationwide from New Jersey to Arizona and Virginia to Connecticut confirmed the attack and said that a group going by the name “Team System DZ” claimed responsibility.

The company since has handed over its server — which runs out of Georgia — to the FBI for investigation and also has hired external security firms to trace the hackers.

The Atlanta-based company said after the hack that technicians detected that a small file had been injected into the root of one of its websites. It has advised administrators to change passwords.
Read more »

Revenge porn: Facebook asks users to upload their nude images


The Facebook has collaborated with a small Australian Government agency in an effort to tackle revenge porn, in order to hash sexual or intimate images of the victims.


Ones who have shared their intimate, nude or sexual images with their someone and fear that they might release those images without their consent can now send those images to Facebook's Messenger to be “hashed”. 'Hashing' means that the images would be converted into a unique digital fingerprint which will be used to identify and block the images for being re-upload.


The agency is headed by the e-Safety Commissioner Julie Inman Grant said that this would allow victims of "image-based abuse" to take action before photos were posted to Facebook, Instagram or Messenger.


“We see many scenarios where maybe photos or videos were taken consensually at one point, but there was not any sort of consent to send the images or videos more broadly,” she said.


Carrie Goldberg, a New York-based lawyer, said: “We are delighted that Facebook is helping solve this problem – one faced not only by victims of actual revenge porn but also individuals with worries of imminently becoming victims.


“With its billions of users, Facebook is one place where many offenders aggress because they can maximize the harm by broadcasting the nonconsensual porn to those closest to the victim. So this is impactful.”


How the company is assuring the victims that their images will not get hacked? What if someone gets to hold on these images? What steps Facebook has taken to ensure the privacy of the victims?


The company has said that they will save these images for a very short period of time, and they will delete them to ensure it is enforcing the policy correctly.
Read more »

Intel Skylake processors can be hacked via USB ports

Back in September 2017, Positive Technologies’ experts had expressed interest in the development of a technique that can attack the yet secretive Intel’s Management Engine (IME) technology from the USB port. Now, they have revealed additional information about their plans. According to experts, in December 2017 they intend to demonstrate that they indeed have identified the way to “run unsigned code in the Platform Controller Hub” on any given motherboard through the God-mode hack.

Intel recently switched to the embedded Minix operating system. Researchers have found a vulnerability in IME’s CPU component, a tiny microprocessor that exists within the platform controller, or chipset, of every PC motherboard built for Intel processors.

The IME was introduced to allow functions such as remote booting and administration, but it also handles the initialization of the CPU and its power management.
The Platform Controller Hub is the central point where IME is located; it has its operating system, Minix, its CPU and lets sysadmins to control/configure/wipe machines across a network remotely. The platform is quite useful provided if you need to manage a large network of computers especially in situations where the endpoint’s OS breaks down and does not boot properly.

The security flaw reportedly affects almost every CPU that is part of the Intel 6th Gen 'Skylake' Core CPU or newer. It can be bridged to the USB subsystem allowing remote access, which is a common attack vector.

So, when experts state that they can hijack the Management Engine, this means they can take over the control of a box completely regardless of which operating system or antivirus is installed. This is made possible through the powerful God-mode hack attack, which is relatively new and used discreetly to spy upon users or hijack corporate data.

It has long been suspected that the IME allows for undetectable backdoors that governments and other agencies can use to spy on users, but has been difficult to disable because of its deep low-level integration with the system. Some security experts have even touted it to be a black box of exploitable flaws and bugs.
Read more »

Phishing attacks tricks users by sending messages from loyal sources


The phishing attack hugely attacking organizations financial departments by tricking victims into downloading trojans and malicious code meant for stealing credentials and causing other serious network threats.

According to the researchers at Barracuda Networks, the attacker focuses on tricking the victim that the message is from someone that they trust or the idea that might lead them into panic mode causing them to click on a malicious link which downloads different malware into the system which may lead users to lose money and data.

The phishing attack which has caused havoc among millions involves attacker sending legitimate looking invoices which may look crucial, authentic and a threat to the reviewer coming from someone they might trust, thus making them vulnerable enough to click on the malicious link provided in the email or text messages.

In one of the examples of this attack, the attacker sends an email to the target asking about the payment status of an invoice.A legitimate looking invoice number is written in the email and the sender name is chosen such that receiver trust the source. The information regarding receiver's close connections can be curated very easily from public profiles like LinkedIn or Facebook.




The message may look authentic at first glance, but an invitation to click on the link should be treated with suspicion. Once the recipient clicks on the link it supposedly downloads the invoice containing the word document but goes on further by downloading trojans and other malicious codes which are meant to steal data from the system.

The attackers are using different templates to lure potential victims. The second type of template tries to convince the recipient to check the address change of someone they trust through the malicious link.



"Impersonation is a proven tactic that criminals are regularly using to attract victims into believing that they are acting on an important message when that couldn't be further from the truth," said Lior Gavish, VP at Barracuda Networks.


For the protection against this kind of phishing attacks, training of employees can be very helpful.



Read more »

Ordinypt ransomware disguises itself as an e-mail application

A new ransomware strain called Ordinypt (also known under the cryptic name "HSDFSDCrypt" or completely Win32.Trojan-Ransom.HSDFSDCrypt.A) is currently targeting victims in Germany, but instead of encrypting users’ documents, the ransomware rewrites files with random data. The malware is distributed via e-mail with an alleged application for a job posting.

When originally discovered by Michael Gillespie when one of its ransom notes was uploaded to ID-Ransomware, it was named HSDFSDCrypt for lack of a better name but has since been changed to Ordinypt by G Data. According to G Data, it is currently mainly affecting users from Germany.

This Monday, G Data analyst Karsten Hahn has taken a closer look at the ransomware and found a sample and discovered that it has been targeting German users (based on VirusTotal detections) via emails written in German, and delivering ransom notes in an error-free German language.
Similar to how the original Petya Ransomware was distributed, Ordinypt is also pretending to be resume being sent in reply to job adverts. These emails contain two files — a JPG image of the woman supposedly sending a resume, and a ZIP file containing the resume and a curriculum vitae. These attachments are named Viktoria Henschel - Bewerbungsfoto.jpg and Viktoria Henschel - Bewerbungsunterlagen.zip.

Striking is first of all that Ordinypt is written in a ransomware unusual programming language (Delphi). The data is encrypted as with any Ransomware, the file names seemingly randomly were chosen. In the files themselves, the encrypted data is encoded again (in base64); why this is so and what purpose the creators pursue with it, is still unclear at the present time.

Such an attack, targeted at HR departments with customized cover letters, made headlines at the turn of the year 2016/17. At that time, police and federal authorities warned of a ransomware called Goldeneye, which was distributed in attached Excel files.
Read more »
National Cyber Security
cyber espionage Hackers Arrested National Cyber Security

Russian Citizen suspected of cybercrime was arrested in Estonia



A 20-year-old Russian IT programmer is suspected of cyber espionage. He was traveling from Estonia to Russia and was detained at the border crossing in Narva.

According to the local media, the Estonian Security Police(KaPo) allowed the suspect to work for some time unhindered, as a result of which he was linked to the Security Service of Russian Federation.

Authorities said that he is a member of the FSB and was preparing a mass cyber attack on the computer systems of the Estonian State Institutions. According to them, the Russians was trying to make some device or computer program with which he can get access to local computer systems.

Elena Vladimirovna, mother of the suspect, told media that it is completely unexpected for her since her son was never seen in any unlawful actions.

"Of course, I hope that everything will end well and we will be able to prove his innocence." Elena was quoted as saying by Local Media Sputnik. "However, the services of a good lawyer cost a lot of money, which I do not have. Perhaps, the Russian embassy will be able to help us in some way, but I will not let my son to Estonia again never"

The Russian Embassy in Estonia is ready to help. The Embassy asked Estonian Foreign Ministry to give permission to meet the arrested person.

A criminal case has been instituted against the suspect under article 233 of the Penal Code of the Republic of Estonia "Non-violent acts of an alien directed against the Republic of Estonia" and article 216 "Preparing a computer crime". He faces up to 15 years in prison, if convicted.

- Christina

Read more »

Two held for cyberstalking in Hyderabad


A software professional and a businesswoman have been arrested from Hyderabad for allegedly cyberstalking a 36-year-old assistant professor by uploading her personal photographs with abusive comments on a social media website.

The 41-year-old software employee, and the businesswoman, aged 25, were a business partner, and were arrested on a charge of cyberstalking,  Rachakonda Commissioner of Police Mahesh M Bhagwat said. Both the inculpate were detained from a sub-urban area Moulali.

 The accused and the victim were staying in the same apartment complex. The dupe worked as an assistant professor at a private college here.

They committed the crime due to some family dispute of the software professional with the family dispute of the victim.  The accused created a fake Facebook profile of the victim and used it inappropriately.

During interrogation, both of them confessed that they created a fake Facebook account and posted a personal picture of the victim with abusive and vulgar comments, Bhagwat said.

The victim lodged a complaint with the police on October 21, with a case under relevant sections of the Information Technology Act and yesterday arrested the two accused, police added. PTI VVK GK DV
Read more »

Russians tried to hack Ukrainian Artillery Control Program

Ukrainian media reports that Russian hacker group Fancy Bear tried to hacked into the artillery control program of the Armed Forces of Ukraine(AFU), through attacking e-mail of the officer Yaroslav Sherstyuk who is the developer of this program.

According to the Associated Press report, the hackers attempted to break into at least 545 accounts. The target accounts include those of Ukraine's President Petro Poroshenko and his son Olexiy, current and former ministers, current and former lawmakers.

In the Medium post, Raphael Satter pointed out that the hackers attempted to hack the Ukrainian artillery control application in April 3, 2015.

"Sherestyuk denied following the CrowdStrike conclusions that his app had been compromised, and Ukraine's Defense Ministry denied its arsenal of howitzers had been damaged to the extent the firm's report claimed." reports Radio Free Europe / Radio Liberty.


- Christina
Read more »

Facebook, Twitter and Google flooded with Russia-Linked ads


United States Lawmakers had released a trove of ads on Facebook which were linked to a Russian rubles to disrupt the 20016 American Presidential election.

The day after the revelation by the lawmakers, US Senators have raised a question against investigation team of the company. They have asked the company to clarify why they took so long and how much it knows about its 5 million advertisers.


Facebook is not the only company who had run Russian related ads, the list includes  Facebook, Google, and Twitter. All these companies had received flaks on for not able to combat Russian interference on their sites.

 Facebook had admitted that they identified more than $100,000 were paid for the advertisements by the Russian Internet Research Agency.

The Russia-linked advertisements were “an insidious attempt to drive people apart,” Colin Stretch, the general counsel for Facebook who will appear at the hearings, said in his prepared remarks. He called the posts “deeply disturbing,” and their main focus was race, religion, gun rights, and gay and transgender issues.

Mr. Stretch said that they are “determined to prevent it from happening again.”

While Twitter found more than 1.4 million Russia-linked election tweets.

Facebook has a broader impact has its reach is much more than that of the Twitter network and is more powerful than Google.

Read more »
Subscribe to: Comments (Atom)