Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Hacked MEGA Chrome Extension Affected 1.6 million users





A popular Google Chrome extension for file-sharing service MEGA has been compromised by a group of hackers who managed to steal users private keys, usernames, and passwords.

On September 4, a researcher named SerHack was the first one to send out an alert via Twitter mentioning the hacked extension. He noticed that the tool potentially harvested user credentials from various platforms, including Microsoft, Github, Google, Amazon, MyEtherWallet, MyMonero, IDEX.market, and Live,

The hacker uploaded the malicious version of the browser extension,  i.e., version 3.39.4 in an effort to gain access to different websites. The passwords were then sent to a Ukraine-based server.

MEGA has released a statement and confirmed the hack, “On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome Webstore. Upon installation or auto update, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA’s real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated.”

However, MEGA has blamed Google for this incidence as they have removed publisher signatures on Chrome extensions and making it easier for hackers to attack.

“We would like to apologize for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow and cryptographic signatures where possible. Unfortunately, Google decided to disallow publisher signatures on Chrome extensions and is now relying solely on signing them automatically after upload to the Chrome webstore, which removes an important barrier to external compromise."

"MEGAsync and our Firefox extension are signed and hosted by us and could therefore not have fallen victim to this attack vector. While our mobile apps are hosted by Apple/Google/Microsoft, they are cryptographically signed by us and therefore immune as well.”

The best way to stay safe from this kind of attack is to not download any extension you won’t need.
Read more »

Karnataka’s land records software hacked for the third time


In a serious security breach of Karnataka’s famed land record database, 19 acres of government wasteland in the outskirts of Bengaluru, near Devanahalli was shifted to a private individual illegally last week.

In Gobbaragunte village of Devanahalli taluk, around 40 km from Bengaluru, land value is very high due to the presence of the Kempegowda International Airport. The incident has caused ripples in the revenue department. Land sharks are believed to be behind the manipulation of records.

The breach happened in the Bhoomi software. This is the third time that the Bhoomi software has been breached. Bhoomi, introduced to digitise land records, came into being in 2002. The first breach was reported in Mangaluru a decade ago when Bhoomi software was still in its nascent stage. A failed attempt was made by certain individuals to change the mutation of a government property to a private person. Two years ago, the department discovered another case where an attempt was made to change the RTC (Record of Rights, Tenancy and Crop Information) of a nine-acre government plot in Malur taluk of Kolar district to a private individual. The department had then filed a police complaint but the investigation did not progress. “The modus operandi of Malur and Devanahalli cases are similar. In both cases, the culprit has changed the RTC of government land to a private person by manipulating the database. This has been done bypassing the mutation process,” said a source at the Bhoomi Monitoring Cell.

It is learnt that an insider could be involved in the cases to help the land mafia grab unused government land. Due to the fact that modifications made can be tracked immediately, the department has been able to identify the changes made in the database. “We soon checked the history of land records and found out that the change was done manually,” the source said. In the Devanahalli case, the owner of government land was mentioned as Huchappa bin Nanjappa, someone non-existent.
Read more »
Phishing Attack
Credential Reuse Cross Site Scripting Cyberattack malware Phishing Attack

Most Common Types of Cyberattacks as Seen Today





As cyber-attacks are on a continuous rise they have resulted in being one of the major threats to the world. Since 2008 there has never been much concern given about the imminent threat of cyber-attacks but the steady and rapid evolution of time and technology has changed it. It is a major wake up call to the various existing companies and organisation to secure themselves as well as their customers to not fall victim to such attacks.

Therefore in order to comprehend different ways through which an attacker might resort to for hacking into an organisation, here’s an overview of some of the most common types of attacks seen today:
  • MALWARE

Alluding to the different types of harmful software, for example, viruses and ransomware. Once the malware enters the computer system it is more than capable of causing quite havoc. From taking control of the PC to observing your activities, to quietly sending a wide range of classified information from your PC or system to the attacker's home base.

Attackers will utilize a miscellany of techniques to get the malware into your PC; however at some stage it regularly requires the user to make a move to install the malware. This can incorporate clicking a link to download a document, or opening an attachment that may look safe but in reality it has a malware installer hidden inside.
  •   PHISHING

At the point when an attacker needs the user to install the malware or unveil any sensitive data, they frequently resort to phishing attacks, an attacker may send you an email that will appear to be rather legitimate, it will contain an attachment to open or a link to click. When you do so it'll thereby install malware in your computer. There is likewise a probability that the link will connect you to a website that appears quite legitimate and requests you to sign in, in order to access a critical document—with the exception of the website actually being a trap used to capture your credentials when you attempt to sign in.
  •  CROSS-SITE SCRIPTING

When the attacker specifically focuses on a specific site's users it settles on Cross-Site Scripting attack. The attack includes infusing malignant code into a site; however for this situation the site itself isn't being attacked. Rather, the pernicious code the assailant has infused just keeps running in the user's program when they visit the infected site, and it pursues the user directly and not the site.

Cross-webpage scripting attacks can altogether harm a website's notoriety by setting the users' data in danger without any sign that anything pernicious even happened. Any sensitive data a user sends to the website, for example, their qualifications, credit card information, or other private information—can be captured by means of cross-site scripting without the site owners acknowledging there was even an issue in the first place.

  • CREDENTIAL REUSE

When it comes to credentials, variety is always essential. Users today however have so many logins and passwords to remember from that it's very tempting to reuse some of them to make life somewhat less demanding. Now despite the fact that it is suggested that you have interesting passwords for every one of your applications and sites, numerous individuals still reuse their passwords which unfortunately is a fact that attackers heavily rely upon. Once these attackers have a compilation of these usernames and passwords from an already breached site, they then utilize these same credentials on different sites where there's a shot they'll have the chance to sign in.

This nonetheless, is only a small selection of some very common attack types and methods as likewise with the advancement in time and innovation, new techniques will be developed by attackers. The users however are advised to be aware of such attacks and fundamentally try at enhancing their available security.

Read more »

Nestled in hacked sites–New Fallout Exploit Kit injecting GandCrab Ransomware or Redirecting to PUPs

Cybercriminals made another strategic attempt to distribute GrandCrab ransomware, fake anti-virus software, malware downloading Trojans and other PUPs which abbreviates for ‘Potentially Unwanted Programs.’ The exploit kit that is being used to deliver the ransomware is called ‘Fallout.’
It was the end of August’18 that saw the discovery of the kit which is installed on hacked sites and is programmed to exploit vulnerabilities on a visitor’s system. These vulnerabilities are reported to be for two programs – Windows VBScript engine (CVE-2018-8174) and Adobe Flash player (CVE-2018-4878).
Upon its discovery. which was made by nao sec (Security Researcher), the kit was found downloading and installing a malware infection, ‘SmokeLoader’ which further downloads other malware. As per the security researcher, the kit when found was downloading and installing CoalaBot and an unidentified malware.
In a blog post exclusively written to shed a light on the ‘Fallout Exploit Kit', nao sec stated – “The exe file executed by shellcode is "Nullsoft Installer self-extracting archive.” He added, "This will run SmokeLoader and two exe files will be downloaded."
As reported by FireEye, which prides itself on embracing world-class frontline threat expertise – Fallout, the exploit kit has been noticed installing GrandCrab Ransomware on Windows and MacOS users will be redirected to pages that promote fake antivirus software or fake Adobe Flash Players.
FireEye further educates us on the procedural execution primarily, the kit will try and exploit VBScript and then it will proceed towards the Flash Player vulnerability which will be contingent on the status of scripting whether it’s disabled or not. Marching forward, the kit will cause Windows to download and install a Trojan into the system once it has been successfully exploited.

Upon its activation, the Trojan will scan for the following processes, and if found, it causes the Trojan to step in an infinite loop which consequently halts any further malicious activities. 
If not, then it downloads and executes a DLL which leads to the installation of GrandCrab ransomware. While infecting the system, GrandCrab appends the.KRAB extension to encrypted files and drops a ransom note titled KRAB-DECRYPT.txt.
Calming the bewildered spirit of inquiry of the Fallout exploit kit victims or to-be-victims, Ehackingnews advises all the users against stacking outdated programs onto their systems, for example, Flash Player. It is essential to ensure an installation of the latest Windows security updates in order to keep yourself guarded.


Read more »

British Airways security breach: Credit card details of 380,000 customers stolen





Hackers were able to obtain the credit card details of some  380,000 British Airways customers who booked their tickets directly from the website or an app over a two-week period.

The security breach was first discovered on Wednesday. According to Chairman and Chief Executive of BA,  Alex Cruz, the bookings made between Aug. 21 and Sept. 5 had been infiltrated in a "very sophisticated, malicious criminal."

"We discovered that something had happened but we didn't know what it was [on Wednesday evening]. So overnight, teams were trying to figure out the extent of the attack," said Cruz.

The hackers stole enough data to use credit card information for illicit purposes.  The stolen data included customers' names, email addresses, and credit card information.

"We know that the information that has been stolen is name, address, email address, credit card information; that would be credit card number, expiration date and the three-letter code in the back of the credit card," said  Cruz.

However, the Airlines insist that the stolen data does not include travel or passport details.

British Airways has contacted all their affected customers and advised them to contact their bank or credit card provider and follow their recommended advice.

Mr. Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data."

The company is ready to compensate for the financial loss incurred by any customer who is affected by the security breach.

"The moment we found out that actual customer data had been compromised that's when we began an all-out immediate communication to our customers, that was the priority," he said.

BA says,  “the airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed.”

Read more »

Adware Doctor “Eradicated” From the Mac App Store!


Recently, a pretty well-liked anti-malware application which goes by the name of “Adware Doctor” was kicked out of the apple store as it was found to be sending data to China, without the permission of the user.     

The application probably was a protection program that could safeguard the Mac from malicious files. With an impressive rating of 4.8 stars and a remarkable set of more than 7000 reviews the app was of top paid utility in the store.
Insidiously enough the well-known application was illegitimately uploading personal user data to a remote site with the façade of removing infections on the Mac.

Privacy 1st, security researcher, came across Adware Doctor’s tendency of gathering App store search history and user data from browsers like Safari, Chrome and Firefox.
A zip file of the name “history.zip” which is protected by a password is then created which holds the concerned information and later the file is uploaded to the mysterious server. The researcher quite vividly explained the entire execution of the program through a video.


The usage of the information in these scandalous zip files is clear to no one yet but the exfiltration of data from someone in China is disconcerting enough.
The programme was collaboratively analysed by Patrick Wardle and the aforementioned Privacy 1st researcher when he informed him about the data exfiltration activity. Later on, a detailed analysis was provided by Patrick via a blog post.  

The remote host goes by the name of adscan.yelabapp.com where the zip file is ultimately sent to. The domain is hosted on Amazon AWS servers when in actuality the DNS records definitely reflect that the affair is being controlled from China.

Thomas Reed the Malwarebytes developer has been keen on Adware Doctor ever since 2015. Adware Doctor is actually a replacement for Adware Medic which was a replica of a highly successful application which was developed by Reed himself.

These kinds of exfiltration activities had been previously seen in other programmes like “Dr. Antivirus”, “Open Any Files: RAR Support” and Dr. Cleaner” as well. As a matter of fact, Reed had contacted Apple regarding the “Open Any Files” software but in vain.



Despite Apple’s repeated attempts at keeping malicious software off its app store, it has disappointed a lot of researchers in recent times because of its lethargic approach towards removing applications that are reportedly unsafe.
Read more »

Vodafone blames customers for the weak password and the hack

Two hackers who used Vodafone customer accounts to make fraudulent mobile payments are already in prison in the Czech Republic.

According to the Czech press, hackers gained access to other people's accounts who were using simple passwords. Due to this fact, hackers easily activated SIM-cards and used them to send paid SMS to gambling services.

The total damage amounted to about $30 thousand dollars. One of the attackers got two years in prison, the other three.

Meanwhile, Vodafone believes that customers who have used weak passwords such as 1234 or QWERTY should compensate for the damage.

The victims claimed that they did not know anything about passwords and the online store selling Vodafone services. According to them, the Vodafone employees set a password after their purchase in the shop.

"On the one hand, Vodafone's position in something can be understood: if the users themselves do not want to take care of their security even at the most basic level, then they need to deal with the consequences," says Oleg Galushkin, Director of information security at SEC Consult Services. - On the other hand, it's fault of Vodafone. The weak protection of the portal My Vodafone can be the cause of the incident."
Read more »
Sensitive data Leaked
Mobile Spyware Sensitive data Leaked

Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records



Security researcher Nitish Shah uncovered a data leak by a Mobile Spyware Maker mSpy that claims to help in excess of a million paying clients keep an eye on the cell phones of their children and partners.

mSpy has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and area information furtively gathered from phones running the stealthy spyware. He likewise saw that there was no requirement for any verification in order to reach for the records.
As per Shah, the exposed data additionally incorporated the most recent a half year records of mSpy license purchases with the mSpy client logs, alongside the Apple iCloud information of gadgets and devices with the spyware installed on them.


A list of data points that can be slurped from a mobile device that is secretly running mSpy’s software.

Shah later added that when he attempted to alert mSpy of his discoveries; the organization's support personnel disregarded him.

 “I was chatting with their live support, until they blocked me when I asked them to get me in contact with their CTO or head of security,” Shah said.

Later KrebsOnSecurity alerted mSpy about the exposed database on Aug. 30. To which they responded an email from mSpy’s chief security officer, who gave only his first name, “Andrew.”

“We have been working hard to secure our system from any possible leaks, attacks, and private information disclosure. All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. Thanks to you we have prevented this possible breach and from what we could discover the data you are talking about could be some amount of customers’ emails and possibly some other data. However, we could only find that there were only a few points of access and activity with the data.” Andrew wrote.

In any case though, this isn't the first time when mSpy is being considered responsible of a release that brought about the leak of the sensitive records of millions of its clients. As it had likewise occurred in May 2015, that KrebsOnSecurity broke the news that mSpy had been hacked and its client/customer information was posted on the Dark Web.

Read more »

Your face to soon become your boarding pass at Bengaluru airport

At the Bengaluru airport, soon will not have to carry your boarding pass and your face will be your boarding pass. Bengaluru airport will debut facial recognition in air travel in India. The first implementation milestone of the paperless biometric self-boarding technology at the airport will be completed in the first quarter of 2019.

The move is aimed at transforming the passenger experience and creating a future-ready airport.

Aviation in India is on a big upswing in terms of passenger demand. Now, the focus is on to make the entire process of providing access to the plane as easy as possible. Bengaluru International Airport (BIAL) has partnered with Portuguese technology company Vision-Box to implement this smart project, the airport authority said in a tweet.

The deal was signed on Wednesday in Lisbon, Portugal in the presence of Portuguese Prime Minister Antonio Costa.

"Your face is your boarding pass," said BIAL's MD & CEO Hari Marar, describing the revolutionary technology that is set to transform air travel. “Vision-Box’s state-of-the art biometric technology, combined with its passenger flow platform will enable a seamless journey for our passengers, without obstacles, waiting for lines or hassles, from registration to boarding,” Marar added.

Vision-Box CEO Miguel Leitmann said that this will be the first end-to-end face recognition-based walkthrough experience in Asia. "We’re very proud to team up with Kempegowda International Airport, Bengaluru. We’re together raising the flag of a historical milestone, marking not only the significant improvement of the experience of those who travel through Bangalore but also the accomplishment of a seamless digital airport journey. This is the first end-to-end face recognition-based walkthrough experience in Asia and the largest in the world,” said Leitmann.

Vision-Box provided Automated Border Control and electronic identity solutions that use ICAO-compliant standards. Biometric technology will identify the passengers by their face as they move across the airport, avoiding stops and the repeated presentation of boarding passes, passports or other physical identity documents, the statement said.

Airlines like Air Asia, SpiceJet and Jet Airways may be among the early users of the technology.
Read more »

In Ulyanovsk, the Deputy Director was detained for hacking the Education Management Server



FSB officers detained the Deputy Director of the school in Ulyanovsk on suspicion of illegal access to information resources of the City Education Department.

According to the reports, the Deputy Director of the school in December last year hacked the Department's server, deleted all the data of students and teachers, accounting records, emails and modified the software.

During the interrogation, the detainee admitted that he was offended and angry at the unfair attitude of the management to him, and he decided to take revenge.

A criminal case has been opened against the man. He faces up to 5 years in prison.

The hacker's lawyer said that the court can cancel the criminal prosecution and assign the defendant a fine of $ 7,320, as the man pleaded guilty.
Read more »

Vodafone: Users with “1234” passwords to pay for the stolen money


In the nefarious world of cybercrime, telecom companies continue being aimed as Vodafone reports the accounts of almost 2000 customers being hacked. Attackers used users data occupied from “an unknown source” and then attempted to breach their security by accessing accounts of 1,827 customers.
In the light of this bold attempt at rupturing the privacy, two hackers have been sentenced to three years in prison by a Czech court. Reportedly, the criminals used the stolen details to purchase 600,000 Czech Koruna worth of gambling services.
As Czech news site idnes.cz (reporting from Czech news site idnes.cz) placed the whole issue into perspective, it was deduced that the criminals used the password ‘1234’and accessed Vodafone customer’s accounts, once the access was acquired, new SIM cards from different branches were ordered and installed in their mobile phones without any further verification as they already had all the details. This consequently led the attackers to charge 30K USD (appx.) for gambling services.
Vodafone: Victims to be held responsible.
Vodafone attempted to sidestep the debate of responsibility that is bound to arise as the mobile phone provider expressed its will in antagonism to the users- they are supposed to pay for these charges as they were the ones using an assailable and weak password. And seemingly, the will has picked up momentum as debt collectors are already knocking at the doors of the users to recover the stolen money.
The narrative on the attacked users side has it that they weren’t at all aware about the passwords being set to ‘1234’ or that there even existed an online marketplace that could be used to buy services. Countering this narrative, Vodafone asserted the possibility of the password being set at default during the purchase of the phone and the user should still have it changed to an unassailable one.
As shown in the picture below, the passwords for the My Vodafone portal comprise of only 4-6 digits. The string in the password blank translates to ‘4 to 6 digit no.’ (Image source: Bleeping Computer)

According to the head of Threat detection Labs (ESET),  Jiri Kropac, the passwords requirements still lack strength. He tested it for bleeping computer, it’s because the passwords comprising of 4-6 digits will quickly succumb to the brute force attack in the scenarios where the attacker is resolute enough.
Battling the reputational damage, Vodafone has reported the incident to The National Crime Agency, the Information Commissioner's Office and Ofcom. The mobile phone provider further added, reinstating its priorities - "Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts. No other customers need to be concerned, as the security of our customers' data continues to be one of our highest priorities."



Read more »
Subscribe to: Comments (Atom)