Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

New mechanism to counter cyber criminals

SEVered is no longer an effective mechanism for the cyber criminals to strike these days.

The Cybersecurity experts at work with a world class firm claimed to have cracked the cyberattack and extracted an effected mechanism to counter the threat for millions of users.

 The solution emerged during an in depth study by the experts at the Munich-based Fraunhofer Institute of Technology for Applied and Integrated safety in Germany where they have come out with a method that can help them recover the data from the secure encrypted in AMD.

 According to a recent publication, the new method is quite capable of encrypting the data of a device if it keeps functioning with a server.

The hackers, if allowed to strike, can keep the password off from the memory device. But the new mechanism has enabled the researchers to recover the plaintext password from a device if it runs a different set up.

They say the ideal device here is the guest VM which functions on host OS. Those who conducted the research observed that with repeated requests for having a resource for a purpose mapping afresh a memory page, it is possible to find out the VM’s memory plaintext.

 According to the researchers, who have brought out a publication entitled SEVered: Subverting AMD’s Virtual Machine Encryption, the hackers took the advantage of the AMD CPU design where primary memory data are stored.

Further, the study suggests little integrity protection in the encryption of the main memory which gives the experts new breakthrough in this solution. SEVered helps the cybercriminals map the memory of the working device.

Then it keeps requesting other data parts in the guest VM leaving the device users completely clueless.

The top cyber security experts in Germany claimed to have spotted 2GB memory of test server along with data packed in a nearby VM device which immensely helped them crack the solution.

 The scientists keep saying that the SEVered menace can be countered if one ensures that the patching remains updated and that the memory of an infected computing device could be received back even under workloads.

The successful proof surfaced at a workshop in the European country of Portugal which deliberated upon the cyber security system.
Read more »
Database Leaked
Bank Hacking Data Breach Database Leaked

Two financial institutions investigating hacks, customer data may have been leaked


Bank of Montreal (BMO) and CIBC-owned Simplii Financial on Monday revealed that data of thousands of customers may have been breached in recent hacks on Canada’s two of the largest financial institutions.

The banks warned that “fraudsters” may have accessed some customer accounts.

Simplii Financial, which is CIBC’s direct banking brand, revealed that data from 40,000 client accounts may have been electronically accessed by fraudsters. BMO similarly said that it received a tip on Sunday that claimed the confidential information of “a limited number of customers” had been accessed.

Simplii said that it has “implemented additional online security measures”, which include online fraud monitoring and online banking security measures.

“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Michael Martin, senior vice president of Simplii Financial, in a statement. “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”

BMO said the hack appeared to have originated outside Canada. The tipsters, in BMO’s case, were reportedly the hackers themselves.

"We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off," BMO said. "We have notified and are working with relevant authorities as we continue to assess the situation. We are proactively contacting those customers that may have been impacted and we will support and stand by them."

"If a client is a victim of fraud because of this issue, we will return 100 per cent of the money lost from the affected bank account," a press release by Simplii said, adding that there is no indication that clients who bank through CIBC have been affected.

The bank also told customers to send any suspicious correspondence to fraud@simplii.com.

Read more »
Google
Android Malwares Avast Google

Android Devices with Pre-Installed Malware


The Avast threat Labs have recently discovered pre-installed adware  on a few hundred diverse Android gadget models and versions, also incorporating gadgets from makers like ZTE and Archos.
The adware, analyzed has previously been portrayed by Dr. Web and has been given the name "Cosiloon."

The adware has been on the move for no less than three years, and is hard to remove as it is introduced on the firmware level and utilizes solid obfuscation. Thousands of users are said to have been affected , and in the previous month alone it has been observed that the most recent adaptation of the adware on around 18,000 devices having a place with Avast users situated in excess of 100 nations which includes Russia, Italy, Germany, the UK, and as well as a few users in the U.S.

The adware makes an overlay to display an advertisement over a webpage within the users' browser, it can be observed in the screenshots given below:




Google is taking a shot at fixing the malware's application variations on Android smartphones utilizing internally created strategies and techniques. Despite the fact that there is Google Play Protect, the malware comes pre-installed which makes it harder to address. Google is as of now, contacting various firmware engineers and developers to bring awareness to these concerns and energize in making effective steps likewise.

Anyway it is misty in the matter of how the adware got onto the gadgets, and the malware creators continued updating the control server with new payloads. Then again, Producers likewise kept on delivering new gadgets with the pre-installed dropper.

The payload was updated again on April eighth, 2018 and the name in application launcher changed to "Google Download," and some class names in the code changed likely trying to keep away from discovery.Since the malware is a part of the chipset platform bundle which is reused on different brands also and the chipset being referred to happens to be from MediaTek running different Android variants going from 4.2 to 6.0.

Avast says that some anti-virus applications report the payloads, however the dropper will install them back again immediately, and the dropper itself can't be expelled in that way the gadget will always host a strategy permitting an obscure party to install any application they need on it.



Read more »

Greenwich University fined £120,000 for hole in computing site





The UK's Information Commissioner has fined £120,000 ($160,000) to the University of Greenwich for a security breach that affected personal data of 19,500 students.

The compromised data included names, addresses, dates of birth, phone numbers, signatures and - in some cases - physical and mental health problems.

The data was uploaded onto an unsecured microsite for facilitating a training conference in 2004.

The Information Commissioner said that Greenwich University was the first university to be fined under the Data Protection Act of 1998.

"Whilst the microsite was developed in one of the University's departments without its knowledge, as a data controller it is responsible for the security of data throughout the institution," said Steve Eckersley, head of enforcement at the ICO.

"Students and members of staff had a right to expect that their personal information would be held securely and this serious breach would have caused significant distress.

"The nature of the data and the number of people affected have informed our decision to impose this level of fine."

The university said that they would not appeal against the decision.

"We acknowledge the ICO's findings and apologise again to all those who may have been affected," said University Secretary Peter Garrod.

"No organisation can say it will be immune to unauthorised access in the future, but we can say with confidence to our students, staff, alumni and other stakeholders, that our systems are far more robust than they were two years ago as a result of the changes we have made.

"We take these matters extremely seriously and keep our procedures under constant review to ensure they reflect best practice."
Read more »

Mac devices affected by new cryptojacking malware




Amid an accelerating popularity of cryptocurrency, millions of online users have been running the risk of being left high and dry since the cybercriminals have started unleashing a huge threat with crypto jacking.

With the notorious malware, the hackers can use the gadgets of an online user without any hindrance to mint profit from the same computing device. The entire orgy of cybercrime can take place inside the computing device without the minimum knowledge of the online users helping the hackers make money silently.

This was what the experts discovered forcing the cybersecurity men to devise an effective mechanism counter the growing threat since the online users still keep fetching profit from crypto mining.

The crime comes to the knowledge of the victim as soon as the power consumption figure touches an unusual high, the gadget of the device refuses to resume works under the weight of extra operation load.

In some cases, the phone used in it won't operate normally and till the other days, these cases were not often reported. The revelation that has stunned the cybersecurity experts surfaced in Malwarebytes which rejected the widely accepted beliefs that Mac users could thwart the deepening cyber threat.

Instead, mshelper, a malware infects the Mac devices which at a time is caught in an irreparable damage and within a few minutes, the entire set of Mac device turns too hot to function. The experts at Malwarebytes who spotted and named crypto jacking called it a sophisticated malware consisting of three main parts. One launches the malware after downloading in a file.

The second one, the experts say, activates it while the third component is responsible for open sourcing Monero miner. The first one installs and strikes the entire process since the second and third components keep supporting the vital one to execute the process where the hackers can cash in on the compromised Mac devices.

The joint functioning of the three basic components helps the hackers strike profit from the devices at use by the online users without their knowledge and consent. Cybersecurity experts have yet to jump into a common conclusion on the installation of the malware in question in a Mac computing machine even after the revelation of the role of a doubtful Abode flash player.

Until and unless an effective b mechanism is put in place the threat will never die down for the online users with a huge threat in store.
Read more »
Metasploit
Backdoors Flash Exploits Metasploit

Turla Mosquito Hacker Group shift to Open Source Malware


Turla, a hacking group that has been active for over ten years and one of the largest known state-sponsored cyberespionage groups, is showing a shift in its behaviour from using its own creations to leveraging the open source exploitation framework Metasploit before dropping the custom Mosquito backdoor.

While this is not the first time Turla is using generic tools, researchers at ESET say that this is the first time the group has used Metasploit, which is an open-source penetration testing project, as a first stage backdoor.

“In the past, we have seen the group using open-source password dumpers such as Mimikatz,” ESET Research said in a blog post. “However, to our knowledge, this is the first time Turla has used Metasploit as a first stage backdoor, instead of relying on one of its own tools such as Skipper.”

The typical targets of the attacks remain to be embassies and consulates in Eastern Europe and the group is still using a fake Flash installer to install both the Turla backdoor and the legitimate Adobe Flash Player.

According to the researchers, the compromise occurs when the user downloads a Flash installer from get.adobe.com through HTTP, allowing Turla operators to replace the legitimate Flash executable with a trojanized version by intercepting traffic on a node between the end machine and the Adobe servers.


“We believe the fifth possibility to be excluded, as, to the best of our knowledge, Adobe/Akamai was not compromised,” the post went on to say, assuring that the Adobe website does not seem to have been compromised.

Researchers found, at the beginning of March 2018, that there were some changes in the Mosquito campaign. Where previously, the attack was carried out by dropping a loader and the main backdoor using a fake Flash installer, there is now a change in the way the final backdoor is dropped.


“Turla’s campaign still relies on a fake Flash installer but, instead of directly dropping the two malicious DLLs, it executes a Metasploit shellcode and drops, or downloads from Google Drive, a legitimate Flash installer,” the post read.

The shellcode then downloads a Meterpreter, which gives the attacker the control of the compromised machine, and finally places the final Mosquito backdoor.


Once the attack is executed, the fake Flash installer downloads a legitimate Flash installer from a Google Drive URL and runs it to deceive the user into thinking that the installation went smoothly.

Researchers also say that because of the use of Metasploit, it can be assumed that there is an operator controlling the exploitation manually. More information on Turla can be found in ESET’s whitepaper as well as their recent report on Turla’s change in attacks.

Read more »

Amazon's Alexa recorded a family’s conversation and sent it to random people


A Portland-based couple received a most horrifying phone call from one of their acquaintances.

“Unplug your Alexa devices right now. You’re being hacked.”

This phone call was a wake-up call for all the users who are switching to smart devices to make their homes more comfortable.

The couple has installed Amazon's voice-activated device, Alexa, throughout their home to control heat, lights, and security. Instead, the device was caught recording the private conversation between the couple and then sending that recording to a person on the contact list.

"My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who is the victim.

A local news station Kiro 7 in Portland, was the first to report about the incident.

Initially, the couple was totally in denial mode, and cannot believe that their privacy was compromised and someone 176 miles away could actually listen to it.

"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us."

"I felt invaded," she said. "A total privacy invasion. Immediately I said, 'I'm never plugging that device in again because I can't trust it.'"

However, Amazon said that this is the rarest of the rare case where Alexa was allegedly spying on the private conversation of the user.

“Amazon takes privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future."

Amazon spokeswoman Shelby Lichliter said in the statement:

“Echo woke up due to a word in background conversation sounding like 'Alexa.' Then, the subsequent conversation was heard as a “send a message” request. At which point, Alexa said out loud 'To whom?' At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, '[contact name], right?' Alexa then interpreted background conversation as 'right.' As unlikely as this string of events is, we are evaluating options to make this case even less likely.”

After this incidence, many users will ask whether there is a case where Alexa could be recording conversations and sending it to others or saving it on any servers.

Let's hope that this is the first and last case like this. 
Read more »

An app that uncovers privacy

 
At least 10,000 children with Apple and Android phones are said to have been remaining unprotected as they keep using Amazon cloud servers that helps their parents monitoring them. 
A cyber security expert claimed to have discovered that a server put in place by Teensafe, an app developer is all that displays the personal and sensitive details of the tiny smartphone users. Further, the app allows the parents to know the web browsing history of their children. 
According to the stunning disclosures, unprotected text and password along with other personal details including the details of their parents are on display on operation mode of the device which could reach the hackers on the wait forcing the authorities to shut down one of its server in question.  
These are in addition to the name of the devices and its unique identifying details. Apart from it, the corporate house has been keeping the users and clients on maximum alert. 
An official spokesperson of the Los Angles based app maker said the disclosure has forced them to close down one of the servers before keeping the people on alert to help them avoid the impact. 
According to reports, these disturbing revelations came from Robbie Wiggins in whose study disclosed umpteen numbers of doubtfully configured devices with huge access to Amazon Internet Company. 
The expert jumps into the conclusion that with open access and uncovered password, all sensational data belonging to nearly 10,000 children are easily available in the absence of safety measures and firewall from Teensafe. 
According to the cyber security experts, some devices deployed by many corporate houses have been caught in some identical errors. But Teensafe has talked of an app to safely monitor the smartphone in use. 
Whenever it is in operation, the app would allow the parents to scan the text messages.
Read more »
Russian Hackers
Infected Devices malware Russian Hackers

Cisco Warns Of a Suspected Russian Plan to Attack Ukraine



Cisco CEO Chuck Robbins.

The U.S. government said on Wednesday that it would look to wrestle a huge number of infected routers and storage gadgets from the control of the so-called hackers against whom the security researchers had cautioned that they were intending to utilize the "botnet" to attack Ukraine.

A federal judge in Pennsylvania gave the FBI, consent to seize an internet domain that experts charge a Russian hacking group known as Sofacy was utilizing to control the infected gadgets.

The order enables them to guide the gadgets to effectively communicate with a FBI-controlled server, which will be further utilized to query location to pass on to experts around the world who can remove the malware from the infected hardware.

 “This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Assistant Attorney General for National Security John Demers said in a statement.

. The U.S. government declared the takedown exertion after Cisco System Inc (CSCO.O) at an opportune time on Wednesday discharged a report regarding the hacking campaign that it said focused solely on gadgets from Linksys, MikroTik, Netgear Inc (NTGR.O), TP-Connection and QNAP.

The majority of infections from the VPN Filter malware were in Ukraine, which led Cisco to believe that Russia was planning an attack on that nation. Cisco even imparted the technical details to the United States and Ukraine governments and in addition to the rivals who offer security software, equipment and services.




Cisco Systems Inc43.57
CSCO.ONASDAQ
+0.00(+0.00%)

CSCO.O
  • CSCO.O
  • NTGR.O



Ukraine's SBU state security service reacted to the report by saying that it demonstrated that Russia was preparing a large-scale cyber-attack before the Champions Leagues soccer last, due to be held in Kiev on Saturday. Cyber security firms, governments and corporate security teams closely monitor occasions and events in Ukraine, where a portion of the world's most expensive and ruinous cyber-attacks have been propelled.

In addition to this, Russia has denied assertions by countries including Ukraine and Western cyber security firms that it is behind a massive worldwide hacking program that has included endeavors to target and harm Ukraine's economy and meddling in the 2016 U.S. presidential election.

Read more »

Facebook Wants Your Naked Photos To Combat 'Revenge Porn'



Facebook will soon ask its users to upload naked photos of themselves to the social media website in order to stop revenge porn.

On Tuesday, the social network announced that they are testing their new initiative to fight “revenge porn,” it will stop its users from “proactively” uploading scandalous pictures of their former sexual partner online without his or her consent.

The new feature will scan through the images and then ensure that these kinds of images are not uploaded to the site. This technique is an attempt to stop so-called revenge porn.

To stop that, the site will ask its users to upload any images they think might be able to used to harm them. The images will then be assigned a digital fingerprint so that any attempts to upload them can be stopped.

According to Facebook,  for uploading pictures there will be a “secure, one-time upload link,” which will be reviewed by a “handful of specially trained members of our Community Operations Safety Team."

Facebook's Global Head of Safety, Antigone Davis said in a post " people who worry that someone might want to harm them by sharing an intimate image can proactively upload it so we can block anyone else from sharing it on Facebook, Instagram, or Messenger:

  • Anyone who fears an intimate image of them may be publicly can contact one of our partners to submit a form.
  • After submitting the form, the victim receives an email containing a secure, one-time upload link.
  • The victim can use the link to upload images they fear will be shared.
  • One of a handful of specifically trained members of our Community Operations Safety Team will review the report and create a unique fingerprint, or hash, that allows us to identify future uploads of the images without keeping copies of them on our servers.
  • Once we create these hashes, we notify the victim via email and delete the images from our servers – no later than seven days.
  • We store the hashes so any time someone tries to upload an image with the same fingerprint, we can block it from appearing on Facebook, Instagram or Messenger."


 Facebook has started testing phase for users in the U.S., United Kingdom, Canada, and Australia. 
Read more »

Pirate Bay to be blocked by ISP Telenor


  • Telenor, the Norwegian Internet Service Provider (ISP), who for long has refrained from blocking access to the Swedish file-sharing website, The Pirate Bay, despite demands from the music and film industry associations, has now decided to voluntarily block the pirate website, reports TorrentFreak.


The development isn't the result of a direct court order against the company, rather its final consolidation with Bredbandsbolaget, an ISP owned by Telenor that was previously ordered to block the infamous torrent site. Bredbandsbolaget was acquired by Telenor in 2005.

Those visiting The Pirate Bay right now can see error 522 message powered by Cloudflare stating that:

“This page is currently offline. However, because the site uses Cloudflare’s Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version.” It could be so because the server was overloaded or down, its firewall was blocking requests or misconfiguration with DNS and IP addresses.

Back in 2014, Universal Music, Sony Music, Warner Music, Nordisk Film and the Swedish Film Industry filed a lawsuit against Bredbandsbolaget, one of Sweden’s largest ISPs.

The copyright holders had asked the Stockholm District Court to direct the ISP to block access to The Pirate Bay as well as streaming site Swefilmer, as they believed that the provider knowingly assisted the pirated users in accessing the pirate platforms. However, the ISP opposed the entertainment companies’ demand to block content and services and fought back by sensing a determined response to the Court.

According to IsItDownRightNow, The Pirate Bay went offline at 22:45 PT, Pacific Time and the scale of this outage can be seen affecting users around the world. However, its dark web version on Tor is still up and running.
Read more »
Subscribe to: Comments (Atom)