Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Apps under scanner after data exposed


Millions of sensitive user data in mobile applications are believed to have leaked forcing the mobile security firms to scan the apps that keep functioning in the Firebase system.

In its recent report, Appthority, a mobile security firm identified iOS and Android mobile applications as 113 GB data lost privacy when over 2,271 Firebase databases misconfigured in the entire episode.

Stunned by the disturbing revelations, the premier mobile security firm was quick to scan nearly 3 million apps within a short spell of five months.

The apps being scanned, mostly, stored the sensitive data in the Firebase system which virtually proved unsafe and unsecured. The experts deployed in the task identified 28,502 apps where users’ data were stored before being leaked.

Of these, 1,275 apps are iOS while the remaining 27,227 others are Android. The mobile security firm experts jumped into the revelations of sensitive data leakage during the investigation as they examined the Firebase connected apps in JSON URLs allowing the unauthorized parties to look at the apps and the data stored in these.

Only then they confirmed that more than 100 million user data records stood exposed. The Appthority report suggests leakage of as many as 113 GBs information during this period.

These are, precisely, 5 million records of GPS location, over 50,000 records of financial transactions which include payment, banking, and Bitcoin transactions.

These are apart from nearly 4.5 million records available on Facebook, LinkedIn, 3 million passwords and usernames, over 4 million records of protected health information—all sensitive.

The researchers engaged in the task, further, claimed to have learned that more popular Apps are hovering around the risky scene these days as the Android versions of the apps in question were downloaded in millions of attempts from the Google play store

. Just before leaving the recent findings to the public domain, Appthority brought these stunning facts and figures to the notice of Google providing the top search engine on the planet the details of the apps in question.

 A similar episode took place in 2017 where a report revised the leakage of 43TBs user data with 1,000 Apps that functioned under some back-end servers which include CouchDB, Elasticsearch, MySQL and MongoDB
Read more »
Targeted cyber attacks
Ransomware SamSam Targeted cyber attacks

New SamSam Ransomware Variant Requires Password from Hacker Before Execution


Researchers at Malwarebytes have found that a new variant to the SamSam ransomware has been hitting users wherein the attacker has to put in a password before the malware could be executed.

“In its time being active, SamSam has gone through a slight evolution, adding more features and alterations into the mix,” read the blog post by Malwarebytes Labs. “These changes do not necessarily make the ransomware more dangerous, but they are added to make it just a bit more tricky to detect or track as it is constantly changing.”

According to researchers, this variant does not go into effect without the password, even if the malware is already present in the system. This makes for a more “targeted” attack as the attackers can decide which computers to execute the ransomware on.

Aside from targeted attacks, it also means that only those who know the password can access the ransomware code or execute the attack, making it a tricky malware to understand.

“As analysts, without knowing the password, we cannot analyze the ransomware code. But what’s more important to note is that we can’t even execute the ransomware on a victim or test machine. This means that only the author (or someone who has intercepted the author’s password) can run this attack,” the blog post said on the issue.

“This is a major difference from the vast majority of ransomware, or even malware, out there,” the post went on to say. “SamSam is not the type of ransomware that spreads like wildfire. In fact, this ransomware quite literally cannot spread automatically and naturally.”

SamSam has been a part of several massive cyber attacks since early 2018 and has led to severe damages worldwide. This new variant has only made it more elusive, as the code is inaccessible even to security researchers, which might be another reason for the password requirement.

The ransomware has in the past targeted hospitals, state agencies, city councils, and other enterprises, and caused huge losses when it hit the IT network of Atlanta earlier this year.

Read more »
Windows
Darkweb malware Windows

Mylobot Turns your PC into a Zombie system



Tom Nipravsky, a security researcher at Deep Instinct, discovered another 'never seen before' malware that could transform a Windows PC into a botnet. Named as 'Mylobot', this malware has developed from the 'Dark Web'. It was finished up in the wake of following its server that was additionally utilized by other malware from the dark web.

The powerful botnet is said to consolidate various noxious systems, generally including:

·       Anti-VM techniques
·       Anti-sandbox techniques
·       Anti-debugging techniques
·       Wrapping internal parts with an encrypted resource file
·       Code injection
·       Process hollowing (a technique where an attacker creates a new process in a suspended state and replaces its image with the one that is to be hidden)
·       Reflective EXE (executing EXE files directly from memory, without having them on disk)
·       A 14-day delay before accessing its C&C servers.

"On a daily basis we come across dozens of highly sophisticated samples, but this one is a unique collection of highly advanced techniques," says Arik Solomon, vice president of R&D at Deep Instinct. "Each of the techniques is known and used by a few malicious samples, but the combination is unique."

As indicated by the researcher, Mylobot likewise bears contrary to the botnet property. The reason, as indicated by the researcher, for this conduct being is, possibly to prevail upon the "opposition" on the dark web.

 “Part of this malware process is terminating and deleting instances of other malware. It checks for known folders that malware “lives” in (“Application Data” folder), and if a certain file is running – it immediately terminates it and deletes its file. It even aims for specific folders of other botnets such as DorkBot.”

The researchers say it's vital to take note that Mylobot was found in the wild, at a Level 1 communication and telecommunication equipment manufacturer and not in a proof-of-idea show.

Also, in conclusion the one thing they are extremely sure about is the modernity of the malware's creators as, according to ZDNet, the real author(s) of this malware are yet obscure, be that as it may, the malware utilizes a similar server which is connected to the scandalous Locky ransomware, Ramdo, and DorkBot.

Read more »
skimmers
card cloning Credit Card hack skimmers

Fraudsters swiping cloned cards abroad


An official at the Ministry of Home Affairs has filed a complaint with the Delhi police saying that transactions worth ₹67,000 were made from her debit card in the US and that her card was cloned.

The transactions were made in dollars at a US apparel store, according to the police complaint filed by the MHA official.

The official said that she became aware of the fraud on the morning of June 7 when she saw several messages on her phone regarding transactions made at different US stores between 1:35 am and 2:09 am. She also said that she had received some OTP messages and alerts linked to the same debit card before.

According to a report by the Times of India, the complainant said that she had her phone and card with her the whole time the transactions took place and she only got to know about them in the morning.

While she couldn’t block the card herself, it was automatically blocked by the bank a few minutes later after they reportedly recognized the suspicious activity. She also received messages asking to authorize further transactions, even after her card had been blocked.

This is not the first time an MHA official has filed such a complaint with the Delhi police, with three to four officials having reported the same a few months ago.

The police suspect that the crooks may be using malware to collect credit card details, then creating a virtual card to withdraw money or make online transactions. Usually in the case of cloned credit cards, fraudsters use skimmer machines to copy card details while it is being swiped, which can be bought for as low as ₹7,000.

Read more »

Hackers hijacking your WhatsApp messages, images




We barely worried about our Whatsapp's cybersecurity as the popular chat app is end-to-end encrypted, but hackers can easily get access to the personal data in various ways. 

 Here are ways how hackers could hack your WhatsApp accounts and how you can safeguard it. 

 Although the same number cannot be used twice on two different mobile devices at the same time, Whatsapp has a web for desktops and it just requires your WhatsApp Web QR code. Once a hacker got a hold on your QR code, then your personal messages, videos, images could be easily leaked out and spied upon. 

 Other than this, there is Whatsapp hack tool available which have a good compatible with Android and jailbroken iPhones. But, there is an app mSpy, which works perfectly with a normal, non-jailbroken iPhone as well.  

 The notable features of mSpy app includes call monitoring, restricting incoming calls, track  the sent and received SMS, reading emails remotely, tracking the location using GPS,  Keeping an eye on the internet usage, accessing the Address Book and Calendar, reading messages on all kinds of IM apps (WhatsApp, Skype, iMessage, Viber, Social Network, LINE etc.), Controlling apps, Viewing multi-media files, locking or wiping out the device remotely.

 FlexiSPY is another advanced app which is widely used by hackers to hack into your WhatsApp, Facebook, and many other chat apps. It allows the spy to record your calls, see your device messages, passwords, locations, multimedia files, and the internet usages. 

  The most affordable WhatsApp hacker tool is Highster Mobile. it works with  Android devices as well as Apple iPad. The notable feature of this app is that hacker could even track the deleted messages, images, and video. It works efficiently on apps such as Skype, Instagram, Facebook, and WhatsApp.

 The best way to protect yourself from being the victim is to Lock your WhatsApp. There are various apps which provide lock facility for both Android as well as iPhones. 

 Deleting your messages could be a good option to protect your privacy, but deleting messages doesn't mean deleting it from your device, rather than deleting it permanently from the server. For this you can use a tool, dr.fone - Erase (iOS) to selectively and permanently erase the data you want.

 This one is a must do for everyone, you should right now block installation from unknown sources on your devices whether it is phone, tablet, or any other device. Go to Settings > Device Security.

 People using unsecured WiFi connection make them highly vulnerable to hackers.  So, it is suggested that you should refrain yourself from using public WiFi connections for accessing WhatsApp or any other applications. 
Read more »

Microsoft edge and Firefox bug exposes content from other sources


It's all about a bug that keeps shaking the entire cyber world much to the worries of millions of users whose emails could reach the criminals.

Named as wavethrough, the huge bug helps the hackers recover emails belonging to other users by putting in place simply an audio file.

 Google developer, Jake Archibald, who claimed to have spotted the bug said it allows the criminals to extract one’s emails and Facebook feeds without any hindrance.

 He said the malicious happenings do take place as the website in question keeps loading multi media contents from a distant website by deploying service workers.

 The cyber criminals, precisely, find it reasonably easy to upload anything inside the website in question, since inconsistent browser keeps treating the files that loaded via service workers inside audio tags, he said.

 Otherwise, nobody can do these since a strong browser security mechanism inside it keeps at bay an attempt to upload anything from another computing device.

 The cyber criminals keep using this Wavethrough (CVE-2018-8235) to enable their website in question to issue something that reaches the social networking sites without any hurdles and hic cups.

Even BBC entertains these resources without any amount of hesitation since the entire mechanism remain intact. According to the experts, luckily the Wavethrough (CVE-2018-8235) is not universal and all the browsers are fixed once the writing is over.

 This is what disturbing for the attackers. Archibald claimed to have discovered that the bug infects Edge and Firefox where Chrome is left untouched.

 He said it infects only the nightly versions of Firefox where as the engineering experts and developers attached to Mozilla have already fixed the issue in the nightly versions.

 The issue reached the Microsoft and very recently it has fixed the malicious issue and the experts have suggested the Edge users to deploy the proper patches to keep these unintended happenings at bay.

The cyber security experts are understood to have been preparing a slew of measures to counter the future problem arising thereof.
These include steps to uplift or improve web standards. This will, they say, will help the devices or browsers deal with the uploading of resources from other websites.
Read more »
Windows
Adware malware Windows

Zacinlo Malware; Yet another Threat for All Windows 10 Users


Researchers at Bitdefender have recently discovered a powerful malware that takes control over the PC and spams with advertisements. They have named it 'Zacinlo' after the last and final payload, looking at this as a transitory name for an intricate code. In any case, the Zacinlo malware has been around for almost six years extremely contaminating various Windows users.

The researchers at the Cyber Threat Intelligence Lab, following a year of research have published a rather detailed paper about this malware. Despite the fact that the malware has been around since 2012, it became the most active in late the 2017, state the researchers while clarifying about their work.

Zacinlo is said to be so powerful to the point that it has the capability of deactivating the most anti- malware directly accessible. Well known targets of Zacinlo incorporate Bitdefender, Kingsoft, Symantec, Microsoft, Avast, and various different programs.

Once installed, it altogether takes control over the user's framework for noxious exercises. These incorporate controlling the OS, forestalling against malware activities, at last accomplishing its fundamental objective – to display ads and generate income. This is accomplished by infusing contents in webpages.

 “The infection chain starts with a downloader that installs an alleged VPN application. Once executed, it downloads several other components, as well as a dropper or a downloader that will install the adware and rootkit components.”

Zacinlo effectively keeps running on most commonly utilized programs, including Chrome, Firefox, Internet Explorer, Edge, Safari, and Opera. As this adware starts working, it wipes out some other adware exhibit in the victim's PC to accomplish its main objectives. It at that point shows advertisements in order to produce income by getting the snaps.

The advancement of this malware makes its detection extremely hard. However, there is one route through which you can detect the presence of Zacinlo in the victim's PC. As stated by Bogdan Botezatu, the senior e-Threat Analyst at Bitdefender.

“Since the rootkit driver can tamper with both the operating system and the anti-malware solution, it is better to run a scan in this rescue mode rather than running it normally.”

Regardless of this all the windows users are thus instructed to stay wary while downloading any outsider applications or applications from untrusted sources to shield themselves from any malware attacks.

Read more »

Sign of security flaws in top camera models


Cyber security experts claimed to have detected a slew of glaring security lapses across 400 sophisticated camera models deployed in security affairs.

 The vulnerabilities, even if not of dangerous magnitude, surfaced as the experts in VDOO minutely scrutinized the security aspects of a number of top camera models.

The analysis of the camera models by the premier cyber security firm mainly concentrated on the IP cameras—known to be the best ever tool to ensure security.

 In the recent technical findings, the VDOO experts have already named as many as seven vulnerabilities in these camera models which include CVE-2018-10662 - Unrestricted dbus access for users of the .srv functionality, CVE-2018-10663 - Information Leakage vulnerability in the /bin/ssid process, CVE-2018-10664 - Crashing the httpd process.

These are apart from, CVE-2018-10658 - Crashing the /bin/ssid process, CVE-2018-10659 - Crashing of the /bin/ssid process, CVE-2018-10660 - Shell command injection vulnerability.

 The experts who conducted the analysis have given a detail account of these security flaws to the vendors as the principal measure to keep them on alert forcing Axis Communications to release its firmware updates.

 The Swedish camera manufacturing giant, further, released a list of the cameras models where the vulnerabilities surfaced during the scrutiny of the security affairs. In addition to these, the company notified the firmware version number of these unsafe camera models which includes the fixes, and an updated firmware link.

 The flaws, the cyber security experts maintain, are a huge advantage for the hackers if they are in the know of an IP address. But it is no longer easy these days since The botnets keep scanning the IPv4 address space in search of vulnerable devices nearby if any.

 According to what the VDOO experts say, the hackers might take the rein of a vulnerable device if they successfully chain CVE-2018-10660, CVE-2018-10661, and CVE-2018-10662 which is an uphill task.

They further claim that the hackers, if allowed to take the rein of these camera models, can only add it to a botnet and can only change the software.

These hackers only can use the camera as an infiltration point for network. In addition to these, they can get access to its video stream which could be freezed. They would have the advantage to move the lens to a point where ever want.
Till the time of this analysis, the experts were not in the know of any such attempt by the cyber criminals exploiting these security lapses. But in the same breath, they have suggested an early installation of the patched firmware to escape the impending danger.
Read more »

French law enforcement closes down dark web forum Black Hand


Black Hand, a major dark web forum for illegal dealing in drugs, weapons, databases, and fake documents was shut down by French authorities in a massive operation on June 12.

The operation involved over 40 agents of the National Directorate of Intelligence and Customs Investigations (DNRED), dog handlers and technical experts to conduct coordinated raids in several French cities, according to a statement by the French Minister of Public Action and Accounts, Gérald Darmanin.

The website had been in operation for more than two years and was allegedly run by a 28-year-old woman with no previous criminal record, who was arrested in the raids last Tuesday as Black Hand’s main administrator, along with three other people.

The website was accessible only through a special software and was used by over 3,000 people, according to Darmanin.

He described the operation as “the first of its kind in France” and said that it resulted in the discovery of numerous false identity documents, about 4,000 euros in cash and 25,000 euros in different virtual currencies, and seizure of computer equipment.

The investigators were also able to access the contents of the server and its data.

“I congratulate the DNRED agents for this extraordinary operation. The dismantling of this platform forms a first at the national level and illustrates the mobilization of the customs, and in particular the DNRED, in the fight against the new forms of cybercrime,” Darmanin said in the statement.

The suspects were being held in custody in Lille, where they were brought in front of the magistrates of a court after 48 hours.

Read more »

MysteryBot Malware Package of Banking Trojan, Ransomware, and Keylogger



Security researchers at ThreatFabric have found a new type of Android malware called MysteryBot, this malware is a combination of banking trojan, keylogger, and a ransomware, making it most destructive malware in the recent times.

Initially, when this malware was found, it was thought to be an updated version of LokiBot, a banking Trojan which wreaked havoc last year as it turned into ransomware whenever someone tried to remove it from their device. But MysteryBot malware has some more threats as comparing LokiBot.

According to researchers both the malware are quite similar and are currently running on the same command and control server. The striking difference between both the malware is that the MysteryBot malware has the capabilities to take control over users' phone. 

A ThreatFabric spokesperson said: "Based on our analysis of the code of both Trojans, we believe that there is indeed a link between the creator(s) of LokiBot and MysteryBot. This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code”.

MysteryBot malware's commands can steal your contacts, emails, messages, remotely start apps saved on a device, manipulate banking apps and also register keystrokes. Their main targets are users who are on Android 7.0 and Android 8.0.

"The encryption process puts each file in an individual ZIP archive that is password protected, the password is the same for all ZIP archives and is generated during runtime. When the encryption process is completed, the user is greeted with a dialog accusing the victim of having watched pornographic material," said ThreatFabric researchers in a blog post. “Most Android banking Trojans seem to be distributed via smishing/phishing & side-loading,” they added.

However, MysteryBot is still under development and is not quite widespread on the internet. But, users are recommended not to install any Android apps from other sources apart from Google Play Store.

Read more »

Dixons Carphone profits to fall amid data breach


Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. It is investigating the hacking attempt, which began in July last year.

Dixons Carphone employs more than 42,000 people in eight countries.

The data hack adds more pressure to a company struggling to regroup. The electricals chain is forecast to report a 23% decline in headline full-year pre-tax profits to £382 million, according to a consensus of City analysts. HSBC’s Andrew Porteous said the figures have been dragged down by the poor performance of the company’s mobile phone division, as well as investment. Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach. There was "an attempt to compromise" 5.8 million credit and debit cards but only 105,000 cards without chip-and-pin protection had been leaked, it said.

The hackers had tried to gain access to one of the processing systems of Currys PC World and Dixons Travel stores, the firm said.

Where does this rank among other data breaches affecting UK consumers?

Facebook banned Cambridge Analytica, a data analytics firm which worked on US President Donald Trump’s election campaign and has been linked to Brexit, from using its platform in March, days before a whistleblower claimed the company had harvested and stored data about more than 50 million Facebook users without their permission.

The majority of those users were in the US but the UK’s Information Commissioner issued a warrant to search the company’s London offices after it failed to respond to a previous request about the possible illegal use of data.

Uber admitted in November that 2.7 million people in the UK were affected by a 2016 security breach that compromised customers’ information, including names, email addresses and mobile phone numbers.
Read more »
Subscribe to: Comments (Atom)