Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Android phones are exposing the debug ports



More and more stunning facts and figures threaten to turn the cyber world into a den of criminals posing serious threat to millions of users across the globe these days.

In yet another revelations, the top cyber security experts claim that the Android phones are exposing the debug ports forcing the security agency to go in search of a mechanism to counter the threat.

 According to what an extensive study suggests, the devices were founding to have been exposing their debug port to the remote contacts or connections. The reason, precisely, here is an Android warm that keeps infecting many devices since it was detected four months back.

 The researchers at Qihoo 366 Netlab who came out with the disturbing revelations claimed to have found clear evidence of the Android warm that infects the devices with ADB.Miner, which happens to be a cryptocurrency.

 Further, an infected Android OS user, has no option but manually enable the device as he or she wants to connect it with the help of an USB cable. A debugged ADB requires the support of WiFi connection for proper functioning where USB support refuses to work.

 The researchers engaged in it more or less have come to the conclusion that the WiFi featured ADB remains enabled in the product before these are allowed to reach the users as well as customers. The users, mostly, are not aware of the remote connecting mechanism of their devices with the support of ADB interface.

They, further, are not in the know that ADB has some access to a few sensitive tools. The cyber security experts claimed to have detected the worm in February this. But of late, their studies have suggested that as many as 15,600 Android devices are exposed to ADB port.

 He was none other than Kevin Beaumont who has struck the attention of the security agencies saying that they found these from tankers in the US to DVRs in Hong Kong to mobile telephones in South Korea.
Read more »

Computer hacker Adrian Lamo’s death remains a mystery

The coroner's office in Sedgwick County, Kansas, on Wednesday released its autopsy report on famed hacker Adrian Lamo, who died in March at the age of 37. His autopsy report lists cause and manner of death as "undetermined." That means that after a thorough examination of his body, results of toxicology testing and information about Lamo's life and last hours, there is nothing that points to a specific reason he died. However, examiners found a sticker on his thigh identifying him with "Project Vigilant."

Lamo, best known for reporting Army whistleblower Chelsea Manning’s theft of secret documents to the government, had numerous drugs in his system when he died, but forensic pathologists who performed his autopsy were unable to determine what caused his death in Wichita. Lamo had turned in Manning to FBI back in 2010.

The document of his autopsy was obtained and first published Thursday by Matthew Keys, an independent journalist based in California, who shared it with Ars. On Thursday, the Wichita Eagle also described and quoted from the autopsy report.

"Despite a complete autopsy and supplemental testing, no definitive cause of death was identified," Scott Kipper, the county's deputy coroner-medical examiner said in his report. He continued: "As the cause of death cannot be definitely determined, the manner of death is best classified as undetermined."

The 10-page report notes that Lamo, 37, was "last known to be alive around" March 7, 2018 but was found "unresponsive" in his Wichita apartment "in a state of early postmortem decomposition."

The opinion section of the report notes that Lamo had a history of anxiety, depression, Asperger's syndrome, and drug and alcohol abuse. He also suffered from a seizure disorder that could not be ruled out as a possible cause or contributing factor to his death, it says.

In 2004, Lamo pleaded guilty to hacking The New York Times, among other entities. He was sentenced to two years probation and six months house arrest.
Read more »
Sigma
malware Ransomeware Russia Sigma

Ransomware Attack from Russian IP’s jeopardizes the Victims and Locks Their PC’s



A Newfound Ransomware by the name of Sigma is known to be spreading from Russia-based IP's with the assortment of social engineering procedures in order to jeopardize the victims and lock the contagion computer.

User's that were targeted on through the malignant SPAM Messages that contained a proclamation originated from the "United States District Court" with a pernicious attachment.


Presently the attackers utilizing the Email scam so as to make sure that the targeted victims perform the diverse malicious activities all the while manipulating the user by some emergency strings of dread and giving rise to the victim’s inquisitiveness.The Sigma Ransomware Attack directed from around 32 Russian based IP's and the attacker enlisted in the particular domain which is specifically utilized to perform different attacks.

The creators of the Malware utilized more obfuscation works by asking for the password to open the file and avoid the discovery.At first, the malignant documents required a password to open since it tricks the user to download the attachment that ought to be protected since the mail is originated from the court.

In the event that it finds that the Macros are turned off on the victim's machine then it further convinces the users to turn it on which contains malevolent VBScript.

Then, the VBScript will download the first Sigma Ransomware payload from the attack summon, control server and save it in the %TEMP% folder.Downloaded malware emulates as a legit svchost.exe process which assists in downloading an additional malware.

The Malware utilized a variety of obscurity strategy to conceal it and sidestep the discovery and it revokes itself on the off chance that it finds any virtual machine or sandboxes present.

 "Looking with malware so complex on the sides, social engineering traps and technical design is a challenge hard even for even security-mindful users," says Fatih Orhan, the Head of Comodo Threat Research Labs.

As indicated by the Comodo Research, uncommon to a portion of its ransomware relatives, Sigma does not act promptly but rather sneaks and makes secretive observations first. It makes a rundown of important documents, checks them and sends this incentive to its C&C server alongside other data 
about the victim's machine.

Likewise if the sigma Ransomware finds no files then it erases itself and it stops the infection in the event that it finds the country location of Russian Alliance or Ukraine. Later it associates with its order and control servers and builds up the Tor Connection and Sigma Ransomware begins to encode documents on the machine.

After the complete encryption, it will show the ransom notes of that contains the definite and detailed data of the attack and the request of the attack to the victims   to get in touch with them by means of sigmacs@protonmail.com and furthermore mentioning the infection ID.

Additionally, the attack demands the payoff sum through bitcoin and the cost will be settled in view of how instantly the victims contact to the attack.


Read more »
Google
AI Artificial Intelligence Google

Google bans AI used for weapons and war


Google CEO Sundar Pichai on Thursday announced that Google is banning the development of Artificial Intelligence (AI) software that could be used in weapons or harm others.

The company has set strict standards for ethical and safe development of AI.

“We recognize that such powerful technology raises equally powerful questions about its use,” Pichai said in a blog post. “As a leader in AI, we feel a deep responsibility to get this right. So today, we’re announcing seven principles to guide our work going forward. These are not theoretical concepts; they are concrete standards that will actively govern our research and product development and will impact our business decisions."

The objectives Google has framed out for this include that the AI should be socially beneficial, should not create or promote bias, should be built and tested safely, should have accountability, and that it should uphold privacy principles, etc.

The company, however, will not pursue AI development in areas where it threatens harm on other people, weapons, technology that violate human rights and privacy, etc.

“Where there is a material risk of harm, we will proceed only where we believe that the benefits substantially outweigh the risks, and will incorporate appropriate safety constraints,” the post read.

However, while the company will not create weapons, it had said that it will continue to work with the military and government.

"These include cybersecurity, training, military recruitment, veterans’ healthcare, and search and rescue. These collaborations are important and we’ll actively look for more ways to augment the critical work of these organizations and keep service members and civilians safe," Pichai said.

This decision comes after a series of resignation of several employees after public criticism of Google’s contract with the Defense Department for an AI that could help analyze drone video, called Project Maven.

Read more »

Is your Smartwatch spying on you?





Security researchers at a leading cybersecurity firm have demonstrated that smartwatches could be turned into a spying tool by using a device's accelerometer and gyroscope to track the owner's movements.


Russia-based Kaspersky Labs said 'Trojan watches' could be hijacked by hackers to steal ATM PINs, phone unlock codes and passwords entered into a computer.

Kaspersky Lab reported that the same technology is used by every fitness tracker apps to tell the movements of the owner whether they are sitting, walking, running, or even changing subway lines.

While investigating researchers found out that neural networks can be trained to recognize the typing patterns of an individual.

'With neural networks, signals from the three axes of the accelerometer and gyroscope can be used to decipher the PIN code of a random person with a minimum accuracy of 80 percent,' the report stated.

'So an unassuming fitness app or a new watch face from the Google Play store can be used against you, right now in fact,' warned the report.

'Simply sending your geotag once and requesting the email address linked to your Google Play account is enough to determine, based on your movements, who you are, where you've been, your smartphone usage, and when you entered a PIN at an ATM.'


Now, if you are worried about your own smartwatch here are some tips to check if your's is hacked or not, check your battery life, and keep an eye on their app permissions, and install spyware detection software. 

"Indications your smartwatch might have been compromised by hackers or spies via an app:

1. If the app sends a request for data about the user's account (the GET_ACCOUNTS permission in Android) it could be a cybercriminal trying to match your 'digital footprint'

2. If the app additionally requests permission to send geolocation data it might be trying to send that data to a thief (Do not to give additional permissions to fitness trackers that you download onto your smartwatch, and specify a company email address at the time of registration)

3. If the device suddenly has a short battery life you might be being tracked

4. If your internet data usage spikes, it could also be the accelerometer working overtime," Kaspersky Lab 


Read more »

Facebook privacy goof-up 'affects 14 million users'



Facebook has warned their 14 million users around the world about a software bug which might have switched their default sharing to the public for all new posts between May 18 to May 27 without their knowledge.

The company's privacy department said the mistake happened as they were working on redesigning the display of the user's profile that is in public domain.

“We’d like to apologize for this mistake,” said Erin Egan, Facebook’s head of privacy.

 However, they haven't notified the users who may have been affected by the bug.

"We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts,” Ms Egan said.

"We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time.

"To be clear, this bug did not impact anything people had posted before - and they could still choose their audience just as they always have. We’d like to apologize for this mistake."

Those affected by this bug will start receiving a graphical notification soon, and a message to review their shared posts during the 10 days that the bug was active.
Read more »
Vulnerability
Adobe Flash Player Microsoft Office Vulnerability

Adobe Patched Zero-Day Vulnerability




Adobe has recently issued a security update for Flash Player in order to fix a zero-day vulnerability that was exploited by attackers in the wild.

The Flash Player vulnerability (CVE-2018-5002), a stack-based buffer over-flow bug that could empower discretionary code execution, was taken care of on the seventh of June.

The weakness was found and independently made public to a few security firms significantly including the ICEBRG, Tencent, and two security divisions from Chinese digital security mammoth Qihoo 360. Tracked as CVE-2018-5002, it effectively impacts Adobe Flash Player 29.0.0.171 and its earlier versions although it was reported to be settled with the timely release of Flash Player 30.0.0.113.

 “It allows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,” said the researchers from ICEBRG's Security Research Team, who were the first to report the discovered vulnerability.

The exploit utilizes a cautiously developed Microsoft Office report to download and execute an Adobe Flash exploit to the victims' PC, as per ICEBRG analysts. The documents were sent basically through email, as per Adobe.

Both ICEBRG and Qihoo 360 discovered evidence that proposed that the exploit was focusing on Qatari victims, in light of the geopolitical interests.

“The weaponized document … is an Arabic language themed document that purports to inform the target of employee salary adjustments,” ICEBRG researchers said. “Most of the job titles included in the document is diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.”

As indicated by Will Dormann of CERT/CC, other than fixing the actual imperfection, Adobe likewise included an extra dialog window that inquires the users as to whether they want to stack remote SWF records inside Office documents or not. The incite relief additionally comes to settle an issue with Office applications, where Flash content is in some cases downloaded consequently, without provoking the user ahead of time.




Read more »

Operation Prowli Malware Infected Over 40,000 Devices





Researchers have discovered a new malicious traffic manipulation and cryptocurrency mining campaign, dubbed as Operation Prowli,  infecting number of industries from finance to education and government.

The Operation Prowli campaign has infected more than 40,000 machines by spreading malware and malicious code to servers and websites of nearly 9,000 companies around the world.

The campaign uses different techniques to widespread the malware, some of the methods are brute-forcing, exploits, and weak configurations. It targets CMS hosting servers, backup servers, HP Data Protector, DSL modems and IoT devices.

The GuardiCore Labs team found the first attack on 4 April, a group of secure-shell (SSH) attacks were discovered communicating with a command-and-control (C&C) server.

"The attacks all behaved in the same fashion, communicating with the same C&C server to download a number of attack tools named r2r2 along with a cryptocurrency miner," GuardiCore wrote.


After investigating the attacks, the researchers found out that the campaign is active around the world across several networks and the campaign associated with different industries.


 "Over a period of 3 weeks, we captured dozens of such attacks per day coming from over 180 IPs from a variety of countries and organizations. These attacks led us to investigate the attackers’ infrastructure and discover a wide-ranging operation attacking multiple services."

Here are the list of servers and devices have known to be infected by the Prowli group:

⦣  WordPress sites (via several exploits and admin panel brute-force attacks)
⦣  Joomla! sites running the K2 extension (via CVE-2018-7482)
⦣  Several models of DSL modems (via a well-known vulnerability)
⦣  Servers running HP Data Protector (via CVE-2014-2623)
⦣  Drupal, PhpMyAdmin installations, NFS boxes, and servers with exposed SMB ports (all via brute-force credentials guessing)
Read more »

Malicious malware unleashing fresh threat


VPNFilter, neither a computing device manufacturer nor a state-of-the-art mechanism, left lakhs of computers infected in dozens of countries last fortnight. 
It’s the name of a malicious malware that would paralyzed millions of computers within a short spell of time leaving the cyber security experts on tenterhook. 
If the hackers, who are believed to have been hailing from Russia, are not rein in at an earlier date, more troubles are in store since the malware in question might be more nefarious, say the experts who are engaged in research to counter the huge threat. 
An updated study suggests that the malware is prone to a new module, where the entire clash erupts during the incoming web traffic. 
According to an additional cyber analysis, here the hackers keep using the module where the malware is allowed to operate in the web traffic fitted at a highly infected router. 
The attackers deploy ssler, a device to extract crucial data which keep circulating from the device to the web in a system well known to them. 
The mechanism, further, ensures speedy traffic to a new prominent social networking sites namely Facebook, Twitter, Youtube, Google et al in view of some extra security advantage. 
The most striking revelation is the malware is a threat to millions of computing devices across the globe, where HTTP might be downgraded under the weight of it within a short a few hours. 
The cardinal factor here is said to be the ssler, which would help the hackers strike within minutes. 
Those engaged with the extensive studies on this issue say the notorious mechanism, if allowed to go on, might help the hackers manipulate a bank account and its balance to siphon off money there of. 
The researchers are scrambling for more details of the malicious mechanism to weed out the possibility of more attack and to ensure that the personal data and password are allowed to remain safe.
Read more »

No more need to remember passwords

While the smartphone has made many of our work easier, there is also a concern about security. Where, when a hacker breaks into our smartphone and stole our most important information, this fear remains often. To overcome this, the scientists continue to develop a better security system. Many smartphones include facial recognition, fingerprint scans and other biometric systems. However, the trouble with these easy-to-use tools is that once compromised they cannot be reset.

But now, American scientists have developed a security system that will use the smartphone's password as the brain of the user after it's been in the market. Smartphones will be unlocked only by recognizing the brainwaves in response to a series of pictures - an advance that could better protect devices from hackers. According to the scientists at Buffalo University, electroencephalography (EEG) is currently a very easy system, through which the waves of the brain can be recorded.

"You can't grow a new fingerprint or iris if that information is divulged," said Wenyao Xu, an assistant professor at the University at Buffalo (UB) in the US. "That's why we're developing a new type of password - one that measures your brainwaves in response to a series of pictures. Like a password, it's easy to reset; and like a biometric, it's easy to use," said Xu.

The "brain password," which presently would require users to wear a headset, but in the future, it has to be tried to make it even better. It could have implications in banking, law enforcement, airport security and other areas.

"To the best of our knowledge, this is the first in-depth research study on a truly cancelable brain biometric system. We refer to this as 'hard cancellation,' meaning the original brain password can be reset without divulging the user's identity," said Zhanpeng Jin, an associate professor at UB.
Read more »

Rs 500 Crore Cryptocurrency Scam Busted, Over 25,000 Cheated






The crime branch of Thane, a city in India, has busted an online multi-hundred crore cryptocurrency racket that operated for two years with the promise of good returns.

The prime accused Amit Lakhanpal floated a company The Flintstone Group, an alleged real estate company,  about a year ago and launched his own cryptocurrency called the 'Money Trade Coin (MTC).'

According to its promoters, Money Trade Coin (MTC) “provides a safer, more secure and superior alternative of storing wealth in the form of digital currency, to investors as well as commoners.”

Lakhanpal attracted investors by promising them higher returns, flats, and citizenship in African and Caribbean countries where they said that their cryptocurrency would be legal in a few years.

Around 25,000 people fell prey to the scam and invested around Rs 500 crore. But, when they didn't get any penny in return, they decided to contact the police.

“Pal and his associates promised investors a 20-times return on investment in a mere six months. But once the deadline passed, the company made several excused to not release the money,” the officer said.

 “A few days ago, some investors even went to Dubai to meet Lakhanpal, but they were allegedly threatened, and were told that they should not ask for their money. We also found that Lakhanpal had never constructed any building, even though he claimed to run a real estate company.”

After receiving the complaint, the crime branch raided two locations at Thane and Vikroli. The police seized 53 laptops, rubber stamps, fake identity cards belonging to the finance ministry, and fabricated credit and deposit certificates.

The crime branch has registered a case against the accused under several Indian Penal Code (IPC) sections for cheating, forgery, criminal conspiracy, criminal breach of trust and relevant provisions of the Maharashtra Protection of Interest of Depositors Act, the Chit Funds Act, and the Information Technology Act.


Read more »
Subscribe to: Comments (Atom)