Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

New Malware Espionage Campaign Spy on Users in more than 20 Countries

Security researchers have successfully found out a new malware that dupes people into clicking on malicious links, and thereby hackers gain access to their private text messages, Facebook accounts, and e-mails on both computers and personal mobile phones.

The researchers from The Electronic Frontier Foundation (EFF) and mobile security company Lookout worked together and unearthed a new malware dubbed as "Dark Caracal," which is basically an espionage campaign infecting thousands of people in more than 20 countries.

This new malware has stolen nearly hundreds of gigabytes of data till now, which is primarily stolen through mobile devices compromised by fake secure messaging clients.

“People in the US, Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” EFF Director of Cybersecurity Eva Galperin said in a press statement.

According to the report, the hackers used sophisticated phishing techniques to steal text messages, call records, audio recordings, photos, and other data from their victims. They send a fake trustworthy or known sources with a malicious link and trick the users into sharing confidential information with them.

“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said Electronic Frontier Foundation technologist Cooper Quintin in a statement.

The security researchers have pointed out that Dark Caracal has been operating since 2012, but it is hard to track because there has been a number of espionage campaigns originating from the same domain names.

To avoid being a victim of any kind of espionage one should not click on any unrelated links, and secondly should download apps from trusted sources only, not from the third party. 
Read more »
WhatsApp
Kaspersky skygofree skype spyware and malware surveillance WhatsApp

Skygofree Malware: One of Most Advanced Spyware Ever Seen

Russian cybersecurity lab, Kaspersky, has found out a new advanced Android spyware having “never before seen” features that lets hackers carry out advanced surveillance on Android phones, such as location-based audio recording, WhatsApp message theft, and connecting an infected device to Wi-Fi networks controlled by cybercriminals.

The malware, dubbed as “Skygofree,” was reportedly found on malicious websites in Italy. According to Kaspersky, the malware is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares.

More information including, Skygofree's commands, indicators of compromise, domain addresses, and device models targeted, can be found in their blog post on Securelist.

The spyware functions by tricking the “Accessibility” feature present in Android to help users with disabilities access their apps. Using this, the spyware can read the messages displayed on the screen, even those sent by the user.

Skygofree is also capable of taking pictures and video, recording audio and noise according to the location specified by the hacker, record Skype conversations, seizing call records, geolocation data, and other sensitive data.

Kaspersky believes that, just like an earlier hack in 2015 by Hacking Team, an Italy-based spyware developer, Skygofree was also developed by Italians.

Skygofree has allegedly been active since 2014 and has been targeting select individuals, who are all from Italy. The spyware has been undergoing regular development since then and as many as 48 commands were found in the latest version.
Read more »

Fraudsters fooling investors with Fake Cryptocurrency

With the surge in the price of the Cryptocurrencies, there have been increasing in the fraudster cases and hacking of the Bitcoins around the world.

So, it is important for everyone to beware if someone approaches you to buy a Bitcoin and promises to double your profit. They are all fake!

Over the past few months, investigating agencies have been flooded with complaints of alleged Bitcoin exchanges that are nothing but multi-level marketing schemes.

In the recent past, Delhi Police have been flooded several complaints of alleged Bitcoin exchanges and have started investigating on several fake companies.

Police have recently arrested 32-year-old Narendra, who was operating a dubious 'Indian cryptocurrency' company, Kashh Coin. Theexposé came after a west Delhi resident filed a complaint against Narendra, who convinced him to invest Rs 15 lakh six months ago. While he promised him 1.8 times return every month, but he never received a single penny.

“They asked me to wait till their money exchanger comes. They also mentioned that some of their companies were awaiting clearance from the Govt of India and once these are cleared, I would start getting the money. They kept fooling me for six months,” said the complainant.

However, in the further investigation done by the Delhi Police, it emerged that he was not the only victim there are several innocent people who became a prey to him.

Narendra had also started another company under the domain of www.remitanzominin.com, similar to Kashh Coin.

The Kashh Coin arranged fancy events with high profile guests in attendance, and these events were not just restricted to Lucknow, Surat, Chandigarh, Raipur or Mumbai but even a few places in Nepal.

Read more »

Beware of text that can bomb PC, Phone

Cyber security experts, of late, have got wind of a dreaded text that can bomb an Apple computer or iPhone. The experts who are busy with an extensive research have called it the text bomb that can crash these devices.

If these experts are to be believed the text bomb is a piece of message linking a particular code of the bug and the computer or the iPhone crash moments after the message is received. Restarting is an option to get rid of the risk albeit it is not a viable.

A software expert was said to have a post on programming site with a link to the code. Later he withdrew it leaving the bug in question to Apple for necessary step. But Apple remains mum on such suggestions to firmly deal with the bug.

A school of experts has called it ChaiOS since it plays on “chaos” and “iOS.” The industrial security experts are equally concerned over the bug and the mess thereof. They call it equally nuisance where the fugitives behind this notorious network can pilfer sensitive data from a personal computer or iPhone with ulterior motives and they might get access to one’s personal details.

These experts hope the software giant would update the cyber security cover in near future to ward off the text bomb in the door step.

The bug is a grim reminder of the effective power bug three years back which posed no less threat to the iPhones.
Read more »

Hackers exploit Microsoft Office vulnerabilities to spread Zyklon malware

Criminals are delivering Zyklon HTTP malware using three vulnerabilities in Microsoft Office that were recently patched. Security researchers at FireEye reported that the malware campaign leveraging the relatively new Office exploits to execute a PowerShell script on the target system to eventually download the final payload, has been spotted in the wild since early 2016, providing threat actors sophisticated capabilities such as a full-featured backdoor capable of keylogging, the ability to execute additional plugins like cryptocurrency miners, conduct distributed denial-of-service (DDoS) attacks, self-update and self-removal.


These vulnerabilities include:

1. CVE-2017-8759: Patched by Microsoft last October, it works by tricking target into opening a specially crafted file. In the context of the attack described by FireEye, the infected DOC file contains an embedded OLE Object that, upon execution, triggers the download of an additional DOC file from a stored URL


2. CVE-2017-11882 (RCE vulnerability): 17-year-old memory corruption flaw patched in November that works when “upon opening the malicious DOC attachment, an additional download is triggered from a stored URL within an embedded OLE Object.”


3. Dynamic Data Exchange Protocol (DDE): “Dynamic Data Exchange (DDE) is the interprocess communication mechanism that is exploited to perform remote code execution,” researchers wrote. “With the help of a PowerShell script, the next payload is downloaded.”

The attacks are targeting telecommunications, insurance and financial service firms.


Attackers are attempting to harvest passwords and cryptocurrency wallet data along with recruiting targeted systems for possible future DDoS attacks.


The malware is designed to recover passwords from popular web browsers, PC gaming software, and email services among other software. The malware automatically detects and decrypts the license/serial keys of more than 200 popular pieces of software, including Office, SQL Server, Adobe, and Nero, according to a Jan. 17 Trend Micro blog post.


Researchers warned that “Zyklon also provides a very efficient mechanism to monitor the spread and impact.”
Read more »
User Accounts Hacked.
Artificial Intelligence Documents Leaked Gaming User Accounts Hacked.

Is AI allegedly hacking users’ account?

Recently the leak of a few documents online seems to reveal insight into the computer gaming industry's use of Artificial Intelligence (AI) to increase advertising revenue and gaming deals. The classified documents showed up on Imgur two days back, and have been doing the rounds on Twitter. The leaked documents, if genuine, uncover the startling lengths that the computer game industry will go to with a specific end goal to snoop on gamers using AI.


The archives state that reconnaissance data is accumulated to order detailed profiles about users. As indicated by the reports AI focused on the users' smartphones and utilized inactive listening innovation/technology to connect with the smartphone's microphone, phones are checked to see whether they (users) stay in a similar area for eight hours or more. On the off chance that this is observed to be genuine the subject is set apart as "at home". 

The unsubstantiated documents at that point go ahead to clarify the detailed observing or monitoring that happens inside a user’s home:
 “When in home, monitor area of common walking space. Pair with information about number of staircases gathered from footfall audio patterns. Guess square footage of house.”

A part of the document marked "Example Highlight" at that point goes ahead to clarify how it was chosen that "high bonus gaming sessions during relaxing times are paradoxically not the time to encourage premium engagement."

Around then, users are focused with free rewards, bonuses and "non-revenue-generating gameplay ads." As per the leak, at these circumstances "the AI severely discourages premium ads.”
As though this wasn't sufficient, the AI additionally listens in, for catchphrases as well as for "non word sounds." Examples include microwave sounds and notwithstanding biting and chewing noises, which are utilized to figure whether packaged meals have been consumed.

A section marked "Calendar K" clarifies how psychological manipulation is utilized to coerce users into making purchases. AI may sit tight for players to be tired after long gaming sessions. Can turn around the shade of free and paid game titles (generally blue and red), with a specific end goal to "trick a player into making a buy unintentionally."

Unbelievably though,it gets worse. As indicated by the leaked documents the gaming business industry likewise utilizes hacked data dumps to gather additional information about users. Also a segment marked "Schedule O" even clarifies how the AI gathers side channel data.
For the present however, it remains to be seen whether this information or data dump will end up being genuine or not.


As is dependably the case, we encourage smart phone users to be careful about the applications they install. Continuously check for obtrusive authorizations before consenting to install any application or game. On the off chance that a game requests authorization to utilize the microphone, please remember that this sort of reconnaissance might happen.

As per these leaked documents, AI software may likewise be utilizing previously hacked information and data to pick up passage to outsider or third-party administrations and services. If it happens, at that point the gaming companies might break into auxiliary services to put users under surveillance and develop a detailed profile about them.


For now, these serious allegations still can't seem to be demonstrated valid. Be that as it may, the users are reminded to dependably utilize solid one of a kind passwords for the greater part of their diverse online accounts – to make it substantially harder for organizations and companies to use such practices.
Read more »

BitTorrent flaw could let hackers take control of Pcs

Torrents are used worldwide by a plethora of users, both for legal as well as illegal activities. It is the most common peer-to-peer mode of file sharing. Even though the popularity of streaming websites is rising at a fast pace, BitTorrent remains a premier source of entertainment content source for a large chunk of people using the web. With the help of tons of popular torrent sites (there are some completely legal ones as well) and BitTorrent clients, people download content.

But that also means that there is no verification of data being transmitted. According to a recent study by Google’s Project Zero, one of the best torrent clients out there, Transmission has been reported to be vulnerable to foreign hacks.

As reported by ArsTechnica, there happens to be a critical weakness in Transmission BitTorrent app that allows websites to execute malicious code on some users’ computers. Tavis Ormandy, a researcher working with Google’s Project Zero vulnerability reporting team, stated that there is a Transmission function that allows users to control the BitTorrent app with their Web browser.
According to Project Zero, the client is vulnerable to a DNS rebinding attack that effectively tricks the PC into accepting requests via port 9091 from malicious websites that it would (and should) ordinarily ignore.

By exploiting this flaw, a hacker can execute all kinds of attacks, including execution of malicious code on the users’ computer.

Ormandy states that his exploit works on popular web browsers such as Chrome and Firefox, and is applicable to both Windows and Linux. Other browsers will almost certainly be vulnerable too.

Last week, the Project Zero researchers published the proof-of-concept attack code. It’s worth noting that Project Zero normally refrains itself from making the details of such flaws public for 90 days or until the fix is released. However, in this case, the flaw was made public only 40 days after the initial report. This happened because the report included a patch to fix the vulnerability but Transmission developers didn’t respond on their private security mailing list.
Read more »
Malware in Google Play
Android Malware App vulnerability Cyber Crime Malware in Google Play

Play Store Gaming Apps Infected with Malware

An android malware named “AdultSwine” has attacked children-friendly gaming apps in the play store. Over 60 apps have been pulled by Google after recognizing the malware.

The malware causes pornographic content to show on the devices while the infected app is running, aside from trying to get users to install fake security apps and charging for unregistered premium services. The malware reportedly has the ability to steal user credentials.

The malware was discovered by researchers at Checkpoint and the affected apps have since been pulled by Google, and the developers’ accounts banned.

The affected apps have been downloaded as much as 3 to 7 million times, according to Play Store data.

A comprehensive list of affected apps and related research can be found on Checkpoint’s research blog. Google will continue to send notifications to phones that have the affected apps installed.
Read more »

Blackberry launches "Jarvis" to secure driverless cars

Cybersecurity in the automotive industry is set to receive a huge boost as a new software hits the market to help the experts to get wind of the lapses on the cars. Blackberry, which has come up with Jarvis, aims to keep the hackers at bay with the software.

The experts at the North American International Automotive Show say the recently launched software is quite capable to minutely scan the complex automotive cars with a flawed security system. They are of the view that the ongoing schemes of things desperately need a software cybersecurity to discover the lapses if any.

A car requires a number of components number of components to ensure a foolproof security and these layers and components including the high powered sensors and cameras, in fact, are helping to keep the attackers away from the system.

The Blackberry promoted Jarvis can help the drivers get wind of security lapses as it would scan the automotive binary code which is available in a self-driving car software.

The Blackberry experts who have promoted the state-of-the-art software are confident that Jarvis has every capability to scan the security system within minutes. There is no need to keep waiting for even a couple of days.

The experiments are over after Blackberry struck a deal with Jaguar Land Rover for the same. A customized service is available on demand by the automobile companies and these companies are free to go with this software across the software supply system.


Read more »

First Android malware developed in Kotlin language discovered

Following the footsteps of Apple’s homegrown Swift programming language for developing iOS apps, Kotlin has been growing at a fast pace. This doesn’t mean that all Kotlin developers are learning it with an aim to code safer and faster Android apps.

A cyber-security firm has discovered what they believe to be the first Android malware family written in the Kotlin programming language.

Kotlin is a popular language used for writing Android apps. Twitter, Pinterest and Netflix are among some of the top apps that still use Kotlin.
"Kotlin is described as concise, drastically reducing the amount of boilerplate code; safe, because it avoids entire classes of errors such as null pointer exceptions; interoperable for leveraging existing libraries for JVM, Android, and the browser; and tool-friendly because of its capability to choose any Java IDE or build from the command line," Trend Micro researchers said in a blog. "However, it's still unknown if the abovementioned features of Kotlin can make a difference when creating malware."

First spotted by Trend Micro, the malware was found inside an Android application available on the official Google Play Store posing as legitimate phone utility cleaner app named Swift Cleaner.

Thankfully, the malware-laced app has just 1,000 to 5,000 installs. However, it has some dangerous tricks up its sleeve.

At the moment, it’s not known if Kotlin’s advanced and user-friendly features have made a difference while creating malware.

The data-stealing malware is also capable of other kinds of malicious activities such as performing click ad frauds, remote command execution and sending SMS. According to security researchers at Trend Micro, who discovered the Android malware, it can also sign up victims for premium SMS subscription services, without their knowledge or permission.

When the app is launched, the malware sends the device information to the remote server through an SMS. Once the SMS is received the remote server executes click ad fraud via URL forwarding. With the help of Wireless Application Protocol (WAP) task, the injection of malicious JavaScript code takes place for completing the process.

The malware does not have a fancy name just yet, but Trend Micro detects it as ANDROIDOS_BKOTKLIND.HRX. The malicious app was spotted on infected phones with the following package names.

com.pho.nec.sg.app.cleanapplication
com.pho.nec.pcs
com.pho.nec.sg
Read more »
Graphic cards.
Computing Gaming Graphic cards.

Nvidia prepares GTX 1050 And GTX 1050 Ti Max-Q variants to Tackle Intel’s Kaby Lake G series

NVIDIA has apparently let known the presence or more likely the existence of the GTX 1050 and 1050 Ti Max-Q design in their most recent Linux changelog. This simply implies that the company is as of now getting ready to reveal the line-up soon and will set it against the Kaby Lake G line up's RX Vega M GL. Since Max-Q is tied in with augmenting the thermal and power envelops and furthermore even the name of the game is power efficiency, it is expected that the level of rivalry as well as competition has genuinely risen.

This change was noticed in the Linux display driver that was released recently and records not just the MX 130 and MX 110 yet in addition the 1050 Ti with Max-Q designs. A reminder for those of us who overlooked, Max-W is NVIDIA's design theory or in other words a philosophy which involves constrained TDP settings. This innovation has already been utilized as a part of an ultraportable gaming notebook so as to reduce a large portion of the GPU power consumption.

It finds the most productive trade off of execution, performance and power for the GPU. The software to be sure adjusts the work done on the CPU and GPU, at the same time upgrading the game settings and utilizing advanced system design techniques for thermal management and power regulation. It likewise presents another idea, WhisperMode. This ultra-productive mode makes the users ‘plugged-in laptop runs much quieter while gaming.
Works by intelligently pacing the game's frame rate while simultaneously arranging the graphical settings for optimal power efficiency.

The clock speed of the Maximum Q is most likely going to be somewhere around 1417 MHz to 1450 MHz, which means a hypothetical graphics execution of 2.18 TFLOPs. This puts it within spitting distance of the newly initiated Kaby Lake G series of graphics which house the Vega M. Remembering be that as it may, that while the Vega GL has a higher hypothetical (theoretical) power, AMD and NVIDIA models are not directly equivalent and as has been the situation this age, NVIDIA more often fares better even with lower theoretical FP32 execution.
Aside from this the AMD Radeon RX Vega M GL graphics chip is set to be featured on a range of 8th Generation Core i7 and Core i5 processors. These feature 20 CUs which are equivalent to roughly 1280 stream processors, 80 texture units and 32 ROPs. The Vega 20 die is clocked at a base frequency of 931 MHz and boost frequency of 1011 MHz These chips convey an evaluated single precision output of 2.6 TFLOPs which is marginally up from a Radeon RX 560 reference design that has 2.4 TFLOPs of FP32 performance. The Radeon RX Vega 20 GPU is accompanied by 4 GB of HBM2 memory and this works at 1.4 Gbps close by a 1024-bit bus interface, directing out 179.2 GB/s of data transmission. For a solitary HBM package, this is loads of accessible data transmission devoted for the GPU alone.

In any case, the Max-Q design has previously been seen in the Zephyr notebooks which include the extended keyboards and frills which apparently aren't for everybody and it remains to be seen whether this GPU will require a similar style of aesthetic and cooling. On the off chance that that is the situation, at that point it could restrain the total available market of the product since a brought down keyboard and the odd cooling style isn’t favoured by everybody.
Read more »
Subscribe to: Comments (Atom)