Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Bitfi withdraws ‘unhackable’ claim

Bitfi, a cryptocurrency wallet backed by anti-virus software entrepreneur and POTUS candidate John McAfee, has issued a statement saying it will no longer describe its service as “unhackable”.

The announcement followed the release of evidence by a group of security researchers showing the wallet being compromised.

While this was not even the first time the $120 hardware wallet was hacked, it was enough for Bitfi to strike the “unhackable” claim from its website.

At the end of July, McAfee had announced a bounty programme: following certain rules, a hacker had to get access to Bitfi’s wallet and in return receive a bounty, which was raised by McAfee from $100 000 to $250 000. Eventually, a few hackers, including a fifteen-year-old, rooted the device which is apparently a cheap Android phone. That bounty, which many in the security community deemed a sham, specified that a hack counted only if someone got the coins off the “cut-down Android phone” wallet. Bitfi and John Mcafee, in particular, have continuously denied that the hack occurred with McAfee openly challenging the word’s definition and refused to pay researchers who did hack the device, claiming the attacks didn’t meet the bounty conditions. It wasn’t horribly surprising that Bitfi won the PwnieAward for “Lamest Vendor Response.”

Bitfi stated that the Bitcoin inside must be removed from the wallet - which was controversial among the cybersecurity community as often weaknesses are identified but not acted upon. Security researchers had argued that the terms of the bug bounty programme were too specific.

The newest hack of Bitfi, a cold boot attack, was pulled off by 15-year-old Saleem Rashid, who previously turn Bitfi into a Doom gaming console. Rashid is part of a team of security researchers going by “THCMKACGASSCO.”

Despite Bitfi having been hammered and exploited many times, Bitfi finally backed off its “unhackable” claim shortly after Rashid posted video proof of the hack on Twitter.

Now the company is even labelling their actions as “counterproductive” and has allegedly hired an experienced Security Manager to fix multiple “vulnerabilities.”
Read more »

E-Commerce Websites On MagentoCore Malware’s Hit List

E-Commerce Websites On MagentoCore Malware’s Hit List


A Dutch researcher and security blogger uncovered the infection that was being faced by the e-commerce websites that were using Magento software. Thousand were being stolen by this very malware.

MagentoCore as the malware is named is a major predator of the e-commerce sites that use Magento. Over 50 different websites are being attacked every day and the skimmer had been installed in more than 7300 online stores in recent times, according to sources.
 

The list of the attacked includes multi-million dollar organizations ensuring that the cyber-predators are wresting a smashing profit out of these companies. But the customers unquestionably are the veritable victims as their identity and cards get endangered, ultimately.

Course of Action
The malware begins with the ‘Brute-Force’ attack in which the malware attempts to predict the password of the Magento Admin panel and then after the access is acquired a malicious code is injected to the HTML and that helps to record the keystrokes of all the customers. The data that is sent to the hacker’s server is filled with the usernames, passwords credit card details and personal information.

Recovery Mechanism
A recovery system that deleted the code the moment it was made to run was discovered too. Over 220000 websites were analysed by a researcher. Out of which 4.2% were exposing the information and personal details of the users.

De Groot, a researcher advised all the organizations that suspected themselves of being affected by the precarious malware to follow a particular set of actions out of which the first and the foremost was to realize how exactly the malware got into action and protection against any further chances. Moreover, an analysis of the access logs and staff IPs in major working hours must be done so as to ensure that no staff software is infected with the malware and that the attacker has not hijacked the authorised session.

As per De Groot, all the defunct or potentially dead online stores should donate their domain names so that attacks that could happen in the future and those in the past could be tracked down.

Read more »

Cyber criminals are hacking emails, sending fake messages

Hackers are on the prowl, looking for your email data. From just seven cases of hacking email IDs in the city last year, the number has shot up to 13 so far this year. It turns out it doesn't take much for hackers to see what's being displayed on your computer screen.

Cybercrime police said fraudsters hack the victim’s email account and send fake emails to their contacts, stating that the victim is in dire need of money.

“After the account is hacked, emails are sent to all contacts of the victim stating the account holder’s family member is in the hospital and he or she urgently needs money. Thinking it’s true, the contacts transfer money to the given account details in the mail,” said Hyderabad additional deputy commissioner of police (cyber crime) Raghu Vir.

According to a police source, the Dark Web has become a marketplace of Gmail data. “Several fraudsters get hold of the information about accounts through Dark Web and use it to blackmail people and siphon off money,” the source added.

In a recent case, a 33-year-old businessman approached the Rachakonda Cyber crime police saying that he received a mail saying his account was hacked and his activities were being followed by the fraudsters. "The hacker claimed he knows what kind of pornography websites the victim was watching and threatened to send details to his family and friends," Rachakonda assistant commissioner of police, cybercrime, S Harinath said. "We asked him to get bank details of the hacker so that we can track him. Hyderabad police too had registered a similar case a month ago. However, the man refused to register a case due to stigma," the official added.

A team of researchers have discovered that ultrasonic sounds picked up by a webcam microphone can be analyzed using machine learning to determine what's being shown on a remote computer screen.
Read more »
Ransomware
Barack Obama Cybersecurity Phishing and Spam Ransomware

Former Head of a Country as a Brand of Malware?




It is unusual for sure as it so occurred interestingly in the historical backdrop of Ransomware swarming the home systems of the users that the face of a former Leader of a nation was taken up as the brand of a malware.

Truly, first tweeted by the MalwareHunterTeam, this ransomware has the peculiar title of,

"Barack Obama's Everlasting Blue Blackmail Virus"

This Windows-based malware is distributed through spam and phishing efforts with the aim to initially examine an infected system for processes related with antivirus solutions.Whenever executed, this ransomware is capable of terminating different procedures related with antivirus programming, for example, Kaspersky, McAfee, and Rising Antivirus.

The Obama ransomware then scans for documents ending with .EXE, before encoding them. It’s done as such that the registry keys related with the executable records are likewise influenced which thusly helps for instigating the virus each time an .EXE document is introduced and launched.

The message in the ransomware interface is shown alongside a picture of the previous US President Obama which states that users should contact the attacker at the mail 2200287831@qq.com for payment related directions.

Hello, your computer is encrypted by me! Yeah, that means your EXE file isn't open! Because I encrypted it.
So you can decrypt it, but you have to tip it. This is a big thing. You can email this email: 2200287831@qq.com gets more information.

The Ransomware more often than not encodes content, like documents and media to force victims to pay a blackmail 'expense' to recover their records and files and is distinguished by 45 out of 68 antivirus solutions, as indicated by VirusTotal, a virus scanning service.

Cybersecurity firms however prescribe for the affected users to not surrender in and pay if their system is infected with ransomware and for that they have even begun releasing free decoding keys consistently.



Read more »

Android spyware BusyGasper exfiltrating data from WhatsApp, Viber, Facebook



A new spyware called BusyGasper, loaded with an unusual set of highly effective features of the spyware, are expert at collecting and exfiltrating data from Android phones

The malware has more than 100 uniquely implemented features like device sensor listeners,  motion detectors, and the ability to detect a user's command on touch screens.


“BusyGasper is not all that sophisticated but demonstrates some unusual features for this type of threat. From a technical point of view, the sample is a unique spy implant with stand-out features… that have been implemented with a degree of originality,” wrote Kaspersky Lab researcher Alexey Firsh.

 In the blog, the researcher wrote that the malware existed since at least May 2016, but managed to remain underground for a considerable time. However, until now there are less than 10 victims, all based in Russia.

“While looking for the infection vector, we found no evidence of spear-phishing or any of the other common vectors,” Firsh wrote. “But some clues, such as the existence of a hidden menu for operator control, point to a manual installation method – the attackers used physical access to a victim’s device to install the malware.”

The spyware is capable of spying on-device sensors (including motion detectors), exfiltrating data from messaging apps (e.g., WhatsApp, Viber, and Facebook), keylogging, and bypassing the Doze battery saver.

According to the reports, the attacker has coded the spyware as such where the screen of the device assigns a definite and unique value to the layout area of the keyboard. “The listener can operate with only coordinates, so it calculates pressed characters by matching given values with hardcoded ones.”

Read more »

Firefox will soon block ad-tracking software by default

Mozilla’s open-source web browser is taking a bold stance against the ad industry. The Mozilla Foundation has announced that Firefox will begin blocking web trackers by default from the next update. The web trackers are mainly used for targeted advertising and user data collection. Mozilla wants to protect its users from the trackers and hopes that by blocking these trackers the performance and privacy of the browser is increased.

In conjunction, Firefox will also let users control what information they share with sites.

The move, which will involve a series of updates over the course of the next few months, is among one of the most proactive approaches to protect consumer privacy that it’s ever employed.

“Anyone who isn’t an expert on the internet would be hard-pressed to explain how tracking on the internet actually works,” reads the announcement posted to Mozilla’s blog. “Some of the negative effects of unchecked tracking are easy to notice, namely eerily-specific targeted advertising and a loss of performance on the web. However, many of the harms of unchecked data collection are completely opaque to users and experts alike, only to be revealed piecemeal by major data breaches.”

The Mozilla Foundation has shared the details about their three tracker-blocking features that will be built into the next version of the Firefox. You can read their full announcement here.

Blocking trackers that slow down page loads. This feature, aimed at improving page load performance, will be tested in September. If it performs well, Firefox 63 (slated for October 2018) will start blocking slow-loading trackers by default.

The trackers that use cross-site tracking will be blocked and also the browser blocks the storage access to third-party tracking. This feature, which strips cookies and blocks storage access from third-party tracking content, will be tested with some Firefox beta users in September. Mozilla plans to bring this protection to all users in Firefox 65 (slated for January 2019).

The trackers that fingerprint the user’s browser will be blocked immediately. Mozilla didn’t share when future versions of Firefox will stop these practices, but it did say they will also be blocked by default.
Read more »

Vodafone: Users with “1234” passwords to pay for the stolen money



In the nefarious world of cybercrime, telecom companies continue being aimed as Vodafone reports the accounts of almost 2000 customers being hacked. Attackers used users data occupied from “an unknown source” and then attempted to breach their security by accessing accounts of 1,827 customers.
In the light of this bold attempt at rupturing the privacy, two hackers have been sentenced to three years in prison by a Czech court. Reportedly, the criminals used the stolen details to purchase 600,000 Czech Koruna worth of gambling services.
As Czech news site idnes.cz (reporting from Czech news site idnes.cz) placed the whole issue into perspective, it was deduced that the criminals used the password ‘1234’and accessed Vodafone customer’s accounts, once the access was acquired, new SIM cards from different branches were ordered and installed in their mobile phones without any further verification as they already had all the details. This consequently led the attackers to charge 30K USD (appx.) for gambling services.
Vodafone: Victims to be held responsible.
Vodafone attempted to sidestep the debate of responsibility that is bound to arise as the mobile phone provider expressed its will in antagonism to the users- they are supposed to pay for these charges as they were the ones using an assailable and weak password. And seemingly, the will has picked up momentum as debt collectors are already knocking at the doors of the users to recover the stolen money.
The narrative on the attacked users side has it that they weren’t at all aware about the passwords being set to ‘1234’ or that there even existed an online marketplace that could be used to buy services. Countering this narrative, Vodafone asserted the possibility of the password being set at default during the purchase of the phone and the user should still have it changed to an unassailable one.
As shown in the picture below, the passwords for the My Vodafone portal comprise of only 4-6 digits. The string in the password blank translates to ‘4 to 6 digit no.’ (Image source: Bleeping Computer)

According to the head of Threat detection Labs (ESET),  Jiri Kropac, the passwords requirements still lack strength. He tested it for bleeping computer, it’s because the passwords comprising of 4-6 digits will quickly succumb to the brute force attack in the scenarios where the attacker is resolute enough.
Battling the reputational damage, Vodafone has reported the incident to The National Crime Agency, the Information Commissioner's Office and Ofcom. The mobile phone provider further added, reinstating its priorities - "Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts. No other customers need to be concerned, as the security of our customers' data continues to be one of our highest priorities."


Read more »

Cyber vulnerabilities found in two commonly used medical devices




Cyber-security researchers at CyberMDX have discovered two major security flaw in commonly used medical devices: Becton Dickinson (BD)’s Alaris TIVA syringe pump and Qualcomm Life Capsule’s Datacaptor Terminal Server (DTS).

The researchers worked closely with both the vendors and the vulnerabilities were publically disclosed via the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). They called the flaws as Misfortune Cookie, assigned them a  severity rating of 9.8.

A potential vulnerability is found in the BD Alaris TIVA syringe pump's software version 2.3.6 and later ones, which were sold outside the United States.

The team found out that if a hacker could gain access to a hospital’s network and the Alaris TIVA syringe pump is connected to the server, then the hacker can malicious activity without being caught.

Research head at CyberMDX, Elad Luz said: “Uncovering these vulnerabilities illustrates how responsible disclosure between cybersecurity researchers and medical device vendors can work when both sides are committed to improving patient safety.

“We are a catalyst for change in the healthcare industry by focusing our research capabilities solely on medical devices.

“Our research team is committed to ensuring patient safety by tirelessly working closely with hospitals and manufacturers to improve the security and resiliency of connected medical devices at hospitals worldwide.”

The research team has informed a security team at Qualcomm Life, who was initially unaware of this vulnerability. However, they have developed a patch to resolve the security issue. “Capsule suggests that customers with any of these three versions of DTS disable the installed web server to mitigate the vulnerability,” the company said.

“The web server is only employed for configuration during the initial deployment and is not required for the continued remote support of the device.”
Read more »

In Rostov, Hacker stole more than a million rubles from an ATM



Rostov police are looking for an unknown hacker who deftly stole from the ATM 1 million 264 thousand rubles without breaking the ATM.

Presumably on August 14, the hacker opened the ATM's pin-keyboard then connected to it and withdrew a large sum of money.

It is interesting to note that the loss of money was noticed only two weeks later, as the hacker did not damage the device.

Only on August 29, the head of the security service of the Bank appealed to the police and reported the theft of a large sum of money.

The hacker hasn't been caught yet.
Read more »

Android’s Internal System Broadcast Sentive Data



Android users’ sensitive data, including device details, compromised again. Android apps that access the details without the user’s knowledge are a part of the scheme.


WiFi details that comprise of the network name, the network BSSID, the local IP address, device’s MAC address and the DNS server information, to name a few are all included in the data that was exposed and which can be a great way to track users online and to locate the user in real time.


THE CAUSE
An internal feature of the Android OS that goes by the name of “Intents” is the main reason behind all the leakage of data. A message is dispersed all over the internal system that gets read by all the application and OS functions on an Android device.

According to sources, the broadcasting of the information about the WiFi connection and the WiFi networks, is done through two distinct intents. WiFiManager’s NETWORK STATE CHANGED ACTION and WiFiP2PManager’s WiFi P2P THIS DEVICE CHANGED ACTION.
 The Android applications that are installed, set up posts for the two ‘intents’ and the WiFi information is seized regardless of the permission.

The android permission system is totally hampered by the leakage of this overly sensitive personal data as the user’s permission, for the completion of any action, has no role to play.

SkyHook and WiGLE are two of the BSSID identifiers that could be used to wrest the WiFi details using the infamous ‘indents’. In fact, a malicious attempt could be made to fetch the user’s live location. The application doesn’t ask for the WiFi access permission and yet the data is harvested with subsequent ease.

Apparently, all the older Android versions are affected by this and Google has made a statement where it said that the WiFi broadcast leak would be fixed in the next Android version, which is, “Android Pie (9.0)”

Read more »

Google's Titan security key available for $50





Google launched a new security hardware called the 'Titan security key,' which allows users to add an extra layer of protection while accessing important online accounts.

 Google's Titan Security Key is a hardware which acts as the master password for everything you need to access. Just don't lose it.

The security dongle is now available for $50 in the Google store, it includes a Bluetooth key, a USB key, and the connectors. But the company was criticised for producing the security device in partnership with a Chinese manufacturer  Feitian.

The tech giant explained in their blog post that the Titans keys are built with FIDO standards. According to the Google, the firmware is able to abort any kind of the crypto operations.

"The firmware performing the cryptographic operations has been engineered by Google with security in mind. This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory. The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material," Google blog post.

"These permanently-sealed secure element hardware chips are then delivered to the manufacturing line which makes the physical security key device. Thus, the trust in Titan Security Key is anchored in the sealed chip as opposed to any other later step which takes place during device manufacturing."

To use the Titan security key you would have to log in to your Google account and then configure it to be used in the account's 2-Step Verification page. Once the 2-step verification page is set up, scroll down and select "Add a security key".  And then you are done with the setup process.




Read more »
Subscribe to: Comments (Atom)