Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Shady sites.
Chrome Hacks Scam operation Shady sites.

A New Trick discovered to block Visitors and Scare Non-Technical Users into Paying for Unneeded Software and Servicing Fees

The administrators of some technical support scam websites have discovered a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded programming or overhauling charges.

The trick depends on utilizing JavaScript code stacked on these vindictive pages to start thousands of file download tasks that rapidly take up the client/user's memory assets, solidifying or (freezing more likely) Chrome on the con scammer's webpage.

The trap is intended to drive the already panicked clients into calling one of the technical support telephone numbers that appear on the screen. A GIF of one of these noxious locales freezing a Chrome program running the most recent rendition (64.0.3282.140) is implanted underneath.


As per Jérôme Segura — Malware bytes leading expert in technical support scam operations and malvertising,—this new trick uses the JavaScript Blob strategy and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that stops Chrome.

The expert says the best way to get away from the technical support site is to close Chrome by means of Windows Task Manager.

At the point when the client restarts Chrome, if Chrome is designed to reload the previous session, Segura encourages clients to rapidly close the shady site while the page is loading and before the vindictive code has an opportunity to execute.

Segura says that he spotted technical support scammers mishandling this new trick after Google engineers fixed Chrome against a past system or a previous technique in other terms, that used the history.pushState API  to comparably freeze Chrome programs on shady sites.

This "download bomb" trap just works in Chrome, Segura said.

Clients arriving on a similar shady URLs yet utilizing different browsers are served diverse pages.


Likewise on the front of such shady sites pushing noxious content, clients ought to be aware about the other sites pushing counterfeit Adobe Flash Updates packages bound with CPU miners, yet in addition of comparable shady sites putting on a show to provide Mozilla Firefox updates.
Read more »

AutoSploit: The New Hacking Tool

Hackers have no dearth of tips to strike. Hacking tools also behave differently having both positive and negative impacts. They keep changing the hacking programmes giving the cyber experts sleepless night to counter the menace one by one.

The most recent hacking programme that forces the experts to concentrate is AutoSploit. Very recently, experts in the GitHub claims to have discovered the new menace where a hacker in a Twitter simplifies the process to end the striking balance of capacity with the resources. The main problem here is none but VectorSEC.

Now the hackers, mostly, resort to AutoSploit to strike with the help of VectorSEC which helps them combine the tools in question. One is shodan.io which, if allowed to be combined with Metasploit results in dangerous operation. The first one keeps searching connecting areas while the second one acts as penetrating testing device.

AutoSploit generates a mixed bag of fear, anxiety and reprieve. If a group of experts calls it a changing battle line in the cyber world another group gets wind of more murky days in store. But all cyber experts keep capitalizing on VectorSEC.

Some other experts maintain that VectorSEC is a bomb shell the field of hacking. According to what they react, the two tools would brew trouble. Very few people, these days, are familiar with the tools devised to carry out cyber attacks.

If one looks at AutoSploit from a positive point of view one would have to contend that an easy exploitation if reaches the masses would be an encouraging indeed to go for solutions.



Read more »

Government admits flaws of Aadhaar

The central Government has admitted that there had been number of fraudulent cases in which money has been withdrawn from Public Sector bank accounts using the customers' Aadhaar number.

On Tuesday, Minister of State for Finance Shiv Pratap Shukla told parliament that till now six such cases had been reported by four banks so far involving fraud of around Rs 1.5 crore.

"As per data reported by Public Sector Banks (PSBs), there have been incidents of money being fraudulently withdrawn from bank accounts using the customers' Aadhaar number in a few banks," Shukla.

He further said that they have started an investigation, and appropriate steps had been taken to prevent such cases. Those involved in this case won't spared.

Bank of India and Syndicate bank, each reported two cases of fraudulent mapping of Aadhaar numbers involving a sum of Rs 1.37 crore in BOI,  and in Syndicate Bank involving a sum of Rs 2.26 lakh.

"Bank has sensitised operational staff to take proper precautions by mapping Aadhaar numbers, strengthening control measures, and stepped up inspections to prevent such frauds in future. Bank has initiated disciplinary action against the erring staff," Shukla said.

However, the amounts fraudulently are withdrawn had been recovered by the Syndicate Bank. While, to further prevent this type of cases "the bank is verifying all Aadhaar-seeded accounts through Aadhaar authentication and has issued standard operating procedures for, and instructions for due diligence on, Aadhaar seeding".

The other two cases have been reported in Allahabad Bank and UCO Bank involving Rs 1.95 lakh and Rs 0.49 lakh respectively.

Read more »

How Petya worked

Rapid cyberattacks like Petya (aka NotPetya) and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attacks. In 2017, among the global enterprise customers that we worked with, these rapid cyberattacks took down most or all IT systems in just about one hour, resulting in $200M – 300M USD of damage at several customers.

Attackers assembled several existing techniques into a new form of attack that was both:

Fast – Took about an hour to spread throughout the enterprise

 Disruptive – Created very significant business disruption at global enterprises

The Petya attack chain is well understood, although a few small mysteries remain. Here are the four steps in the Petya kill chain:

Prepare – The Petya attack began with a compromise of the MEDoc application. As organizations updated the application, the Petya code was initiated.

Enter – When MEDoc customers installed the software update, the Petya code ran on an enterprise host and began to propagate in the enterprise.

Traverse – The malware used two means to traverse:

 Exploitation – Exploited vulnerability in SMBv1 (MS17-010).

Credential theft – Impersonated any currently logged on accounts (including service accounts). Note that Petya only compromised accounts that were logged on with an active session (e.g. credentials loaded into LSASS memory).

Execute – Petya would then reboot and start the encryption process. While the screen text claimed to be ransomware, this attack was clearly intended to wipe data as there was no technical provision in the malware to generate individual keys and register them with a central service (standard ransomware procedures to enable recovery).

Although it is unclear if Petya was intended to have as widespread an impact as it ended up having, it is likely that this attack was built by an advanced group.
Read more »

Scarabey Ransomware threatens users to delete 24 files every day till you pay ransom

A different kind of the malicious Scarab ransomware has been spotted by the security researchers. The new version of the ransomware is being spread by a weak secured Remote Desktop Protocol (RDP) connections, while the previous one was distributed by a massive spam campaign hosted by the Necurs botnet.

Researchers at Malwarebytes discovered the new version in December 2017. According to the researchers, the new incarnation is being called as Scarabey, and it seems that they are targeting Russian users. The malware demands a Bitcoin payment from victims after infecting their system and encrypting all files.

There is no major code difference between both Scarab and Scarabey, they are almost "byte-for-byte identical" but they do have some notable differences.

"The malicious code is written in Delphi without the C++ packaging that Scarab has and the content and language of the ransom notes are different for each," researchers said in a blog post. "As far as the victim is concerned, the main difference between Scarabey and other Scarab ransomware is the language of the ransom note and the scare tactic used in encryption message."

With Scarab the ransom note is written in English with several grammatical and syntax errors, it appears that it was translated word to word from Russian to English using Google translate.
Meanwhile, the ransom note for the new Scarabey is written in Russian to cover more victims.

"What's interesting is that when you throw the Scarabey note into Google translate, as I have done below, it contains the same grammatical errors as the Scarab note," the researchers noted. "This is more proof that the authors of Scarab are likely Russian speakers who had written the note in their native language and run it through a translator to be added into the Scarab code.

"It would then seem quite likely that, since they decided to target Russians. they released the Scarabey note in their native language to cover more victims."

 The Scarab's ransom note notified victims that the price of the ransom will directly increase with the time, however, in case of Scarabey, they threaten victims to permanently delete 24 files every 24 hours until they pay the ransom.

"24 files are deleted every 24 hours. (we have copies of them)," the ransom note reads. "If you do not run the decryption program within 72 hours, all the files on the computer are completely deleted, without the possibility of recovery."

However, the Malwarebytes researchers say this is just a tactic of the spammers.

"The conclusion here is that the deletion of files or the idea that the malware authors have access to delete files is purely a scare tactic used to urge users into sending money quickly," the researchers said.
Read more »

Luminosity Link RAT taken out by cops

A hacking tool allowing cybercriminals to remotely and surreptitiously gain complete control over a victim’s computer is no longer available as a result of an UK-led operation targeting hackers linked to the Remote Access Trojan (RAT) Luminosity Link.

The tool was used across 78 countries and sold to over 8,600 buyers via a website dedicated to hacking and the use of criminal malware. Luminosity Link cost as little as EUR 40.00 and required little technical knowledge to be deployed.

This case was investigated by the South West Regional Organised Crime Unit and coordinated by the UK National Crime Agency with the support of Europol, this operation saw the involvement of over a dozen law enforcement agencies in Europe, Australia and North America.

The RAT, dubbed LuminosityLink, surfaced in mid-2015 and was marketed as a legitimate tool for Windows administrators and business owners to "manage a large number of computers concurrently".

Once installed upon a victim’s computer, a user of the Luminosity Link RAT was free to access and view documents, photographs and other files, record all the keystrokes entered and even activate the webcam on the victim’s computer – all of which could be done without the victim’s knowledge.

These joint actions were carried out back in September 2017, the details of which can now only be released due to operational reasons.

Europol’s European Cybercrime Centre (EC3) supported the countries in their efforts to identify EU citizens by providing analytical support and by facilitating information exchange in the framework of the Joint Cybercrime Action Taskforce, hosted at Europol’s headquarters in The Hague.

Victims are believed to be in the thousands, with investigators having already identified evidence of stolen personal details, passwords, private photographs, video footage and data. Forensic analysis of a large number of computers and internet accounts seized continues.
Read more »
malware
Android Hacks Botnet cryptocurrency. malware

A New Botnet Targeting to Infect Android Devices with Malware that Mines the Monero Cryptocurrency

Another botnet showed up over the weekend on Saturday, February 3 focused entirely on Android gadgets precisely being port 5555, which on gadgets running the Android OS is the port utilized by the operating system's native Android Debug Bridge (ADB), a troubleshooting interface which awards access to a portion of the operating system's most sensitive features.

The reason why being so that by checking for open troubleshoot ports it can infect victims with malware that mines the Monero cryptocurrency.

As per security researchers from Qihoo 360's Network Security Research Lab (Netlab) division, the ones who discovered the botnet, named ADB.miner , just gadgets, for example, cell phones, smart TVs, and television top boxes, running the Android OS have been tainted as of not long ago.

"The number of scan [sources] has doubled every 12 [hours]," said Yiming Gong, Director of the Network Security Research Lab at Qihoo 360. "We will see how big this botnet gets."


The botnet gives off an impression of being aggressive and continues growing every day, with 
infected devices filtering the Web for other victims. As of now, the Botnet seems to have infected around 7,400 devices as detected by Netlab.


Recently scanning for this port 5555, shot to the #4 spot in Netlab's most scanned ports as opposed to the previous account, as it wasn't even in the top 10.


Most IP addresses to checking for different devices (which means they are now infected) are situated in China (~40%) and South Korea (~30%). Yiming informed further that the botnet has generally infected  "television related" devices, instead of smartphones.
  
Netlab says ADB.miner utilized some of Mirai's port scanning code also marks the first time an Android malware strain has obtained code from Mirai, a strain of Linux-based malware that was previously focused on just systems administration i.e. Networking and IoT devices.

All the same, the researchers still haven't given any insights with respect to the ADB vulnerability  the attackers are using to take control over devices however cleared up that they don't think the bug is particular to a specific seller (vendor). This in all probability implies that the bug influences the centre of the Android ADB segment itself.

Read more »

Email account of Landmark CEO hacked

The executive director of a retail fashion brand, Lifestyle International filed a complaint with the cyber crime police and alleged that the email account of the chief executive officer (CEO) of the holding company has been hacked.

According to the police, Vasanth Kumar of Lifestyle International received an email from Renuka Jagtiani, chairwoman and CEO of Landmark Group — a multinational conglomerate based in Dubai — asking him to transfer Rs. 1.32 lakh to a bank account.

He was reportedly told that a group of foreign delegates would be visiting Kolkata and the money was to be used to reserve hotel rooms for them. “As the mail had come from the CEO’s account, he followed the instructions and confirmed the same in his email reply,” said a police officer.

However, after he spoke to other executives about the delegates and checked on the reservations, he learned that no programme was scheduled in Kolkata and thus realized that the CEO’s account was hacked.
“We suspect that confidential information related to the company could have been compromised,” the police officer said.
Read more »
Cracked Softwares
Aadhaar Data Breach Biometrics Cracked Softwares

2 Gujarat Ration Shop Owners Held for Aadhaar Fraud

The Gujarat Police on Friday arrested two owners of government-funded ration shops, or “fair price shops”, in Surat for allegedly committing fraud using stolen biometric data to pilfer subsidised foodgrain.

They reportedly bought a software for ₹15,000 which contained a list of stolen Aadhaar numbers, ration card numbers, and thumb impressions.

The accused, Babubhai Boriwal (53) and Sampatlal Shah (61), were arrested on Friday and taken into police custody for five days.

"The state government had in April 2016 launched the Annapurna Yojana under the National Food Security Act-2013,” said Crime Branch Inspector BN Dave. “Fair price shops, renamed as Pandit Deendayal Grahak Bhandar, were computerised so that subsidised food items reached the actual beneficiaries."

He said that under the scheme, shop owners were, through an application called E-FPS, given access to biometric data bank of the beneficiaries to “create an electronic record of beneficiaries availing subsidised grains from their shops.”

According to Inspector Dave, to gain access to the data, the accused used a duplicate version of the software, the source of which is yet unknown.

Boriwal and Shah have reportedly been booked under various sections of the Indian Penal Code (IPC) including section 406, 409 (criminal breach of trust), 467, 468, 471 (forgery), as well as sections of the Information Technology Act and the Essential Commodities Act.

The police are investigating into the source of the duplicate software as well as the biometric data.
Read more »

Security hole in Microsoft Windows PC

More and  more startling facts seem to have
surfaced leaving more space for the experts to step up research to counter the threat.

Till the other day the security hole was not known to the hackers have by now stepped up exploiting it in the flash player that can sneak into the personal computers of Microsoft Windows.

This has forced Adobe to devise a new mechanism to firmly deal with the
flaw.

The American multinational computer software company claimed to have
detected  a vulnerability in Flash Player and a hacker could rein in the system if the exploitation is hassle-free.

Adobe further has announced a plan to deal with this vulnerable issue in a day or two Flash Player 27, Adobe maintains, an administrator is quite capable of changing Flash Player functioning on Internet Explorer apart from prompting the user in the Flash content.

There is in place a slew of suggestions for implementing the protected view for office to open the unsafe files.

The readers, mostly, keep disabling the unsafe and unsecured component to avoid these bundling with both Google Chrome and Internet Explorer.

A Month Without Adobe Flash is another useful approach to guide the users since it is available without installing Flash. If one is averse to the Flash Cord options are available to serve the purpose.

The straight and simple is disabling Flash in Chrome. One can simply paste “chrome://settings/content” to select “Flash in the Chrome browser
bar.

Protected more in Flash with Mozilla Firefox on Windows computers forces
Read more »
VPNS.
Bitcoin cryptocurrency cryptonote Privacy Issues VPNS.

Leaked US Army Cyber Protection Brigade Memorandum appears to show Privacy Solutions compromised




The picture being referred to is a leaked picture of a memorandum on image board 4chan, complete with Department of Defence letterhead, seeming, by all accounts, to be from the United States Army’s Cyber Protection Brigade.

The posted picture displays an official document brought up on a terminal screen, on one side of which is a Common Access Card or CAC, complete with picture, conventional of a Department of Defence employee. It seems, by all accounts, to be a legitimate one, however it reeks of incredulity and skepticism. Be that as it may, it's as yet not clear with respect to why somebody would want this data leaked.

However another sensible theory can be that, there might be some sort of involvement of the cryptocommunity. Nevertheless an extraordinary method to constrain utilization of privacy solutions is to convey into the environment rumours about their being anything but, a sort of scheming way of spreading trepidation, uncertainty and doubt.

 “The success we have had with Tor, I2P, and VPN, cannot be replicated with those currencies that do not rely on nodes. There is a growing trend in the employment of Stealth addresses and ring signatures that will require additional R&D.” reads the document.

the memo's first line uncovers a unit required with the National Security Administration (NSA) and Cyber Protection Team (CPT) encouraging all the more financing for "new contracts and extra subsidizing to meet GWOT and drug interdiction targets aimed in July's Command update brief," Global War On Terror (GWOT) being a go-to pretext for about two decades of obtrusive military and law enforcement action.

“In order to put the CPT back on track, we need to identify and employ additional personnel who are familiar with the Crypto Note code available for use in anonymous currencies,” the memo stressed.
Crypto Note which is likewise the application layer for privacy tokens, for example, Bytecoin (BCN), Monero (XMR), utilizes a memory bound function which is hard to pipeline, that the pertinent agencies entrusted with monitoring and tracking internet solutions, and now coins, needs outside help with Crypto Note may say a lot about where the different government divisions are in terms of their security keenness.

The picture was distributed among Steemit, Veekly, and even Warosu exactly five months back, yet outlets, for example, Deep Dot Web may claim to have broken news. The document but is as yet worth dissecting, assuming its legitimacy.


As far as concerns its, Deep Dot Web claims to have contacted "a Monero developer, who spoke on state of obscurity," and the dev "said that the vast majority of the Monero engineers who have seen the leak trust it to be true. A few sources who were some time ago in the Armed force have additionally said they trust the report to be genuine." Offering ascend to the way that the contents of the document do give off an impression of being totally conceivable.
Read more »
Subscribe to: Comments (Atom)