Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Indian Air Force online exam hacked





A team of tech-savvy fraudsters hacked into an online exam for selection of non-commissioned  Indian Air force (IAF) officers in Rohtak.

While on Saturday, Rohtak police have arrested two people for allegedly hacking.

According to Jagbir Singh, the SHO of Rohtak city police station, the exam was held from September 13 to 16, and there are five computers that were hacked.

The exam was conducted by an agency which was outsourced by Centre for Development of Advanced Computing,  Singh said. The fiber cable of the exam center was laid from the first floor of an adjacent private hospital, he said.

The fraudsters were able to establish a remote access to computers used in the exam by setting up a parallel network. The team was helping candidates by giving them answers to the questions even they were just sitting idle in front of their computers.

The five hackers were found sitting with their laptops and sending exam questions to experts, the SHO said.

“Two men, who have been identified as masterminds of the entire racket and ran the exam center, are on the run,” said Singh. “They are J S Dahiya, a retired principal of the Jhajjar ITI, and his partner Sanjay Ahlwat, who runs a competitive exams’ coaching center."

However, the exact number of beneficiaries are not known, but the accused men charged between Rs 3.5 lakh and Rs 6 lakh from each candidate. 
Read more »

Cryptomining malware infects Windows and Linux Kodi users



(Image source: Techradar.com)
Word is that the users of Kodi media player who had add-ons from the Bubbles, Gaia, and XvBMC repositories installed on their systems might have been affected with a coin miner. 

As discovered by ESET (cyber-security firm), users of Kodi, and the free and open-source media player software application which has continuously evolved over time and spawned a community of its own has been one of the many targets of a malware campaign.

Reports on ZDNet elucidate the findings of company’s malware analysts who detected that a minimum of three popular repositories of Kodi add-ons have been infected and assisted the fostering of a malware strain which covertly mined cryptocurrency on users’ computers.

For those who find the sound of ‘Kodi’ still foreign, it is an “empty” media player which functions fundamentally on add-ons. After installing Kodi, users add the URL of the add-on repositories of their preference and then from there they select which add-on to install on their players.

Though the player is predominantly used for streaming pirated content, the add-ons permit streaming everything from YouTube to Netflix.
As deduced by ESET researchers, the three aforementioned add-on repositories stations malicious code which sets into motion the download of a second Kodi add-on and as the newly downloaded Kodi add-on contains a code to fingerprint the user’s OS to later install a cryptocurrency miner, the malicious procedure comes to a noxious conclusion.
However Kodi is available for various platforms, researchers said that the programmers of this malign cryptocurrency mining program have only configured a miner for Linux and Windows users. According to the fragmented data obtained by ESET, crooks mined for Monero and affected over 4,700 users – accumulating over 62 Monero coins worth $7,000.
Countries with a high percentage of Kodi users are, as a matter of fact, the most affected ones as well, to name a few- UK, Israel, US, Netherlands, and Greece,
On the solution front, there’s no concrete way of detecting the infection but users are advised to have antivirus software installed and updated. Besides that, a high CPU usage is a probable hint of the attack as it is a common indicator of cryptocurrency mining operations.

Read more »

Two Russian Spies detained in Netherlands and deported to the Russian Federation


In Netherlands at the beginning of the year, two Russian Spies were detained and deported to Russia on the way to Switzerland.

According to the media, two Russian Spies went to Switzerland to gain access to Spiez laboratory which helps to investigate chemical attacks in Syria and poisoning in Salisbury, which occurred in early 2018.

Moreover, the Russian hackers carried special equipment for penetration into computer networks. But they wouldn't be the first to try to hack into the lab's system. This laboratory has been attacked several times by hackers.

According to the Dutch newspaper "Handelsblad", this incident happened early this year, but the exact date of the detention of Russian spies is unknown.

The special services of the Netherlands, Switzerland and Great Britain detained Russian hackers. However, it remains unclear why the Russians were released and not brought to trial in the Netherlands.

Read more »

Over 3000 Tech Support Scam Ads Eschewed by Microsoft


More than 3000 scam ads that were tech supported were recently purged by Microsoft. The multi-national brand has played abode to many such scams with most of them being linked to their TechNet support domain that goes by the name of “gallery.technet.microsoft.com”.


The issue was put to the notice of the public by Cody Johnston, a fake ad hunter. The advertisements that were taken down bracketed a variety of support issues comprising of Google Wallet, Instagram, and virtual currency sites. Johnston could find a total of 3090 results ranging from August 2018.

The issue was reported to Microsoft and newer ads were put in the place of the scammed ones which were pretty easy to locate with the help of Google Search.

Microsoft couldn’t anticipate the severity of these advertisements and given this the scammed ads multiplied soon. High ranking domains could be bought fairly easily by placing ads like these and cheating customers could become all the more simple. Companies must have manual routine checks as the issue deserves taut security.

The substring of any of the top domains that go by the names of Spotify, Tinder, Turbo Tax, Linksys, Salesforce, and AOL could play the part of a booster for all the tech scam ads.  

There is an enormous number of scammed ads that are still prevalent, the reason being that the error was never managed to entirety. 
Read more »

Cyber Police caught young hacker who created and sold the virus


Officials of cyber-police exposed the 19-year-old resident of Krivoy Rog (the Ukraine) in the creation and distribution of malicious software.

According to police, the virus created by the hacker helped him and his customers to steal passwords and logins of Internet banking and accounts in social networks.

Moreover, attackers can watch the victim through a webcam of the infected computer as the virus opened access to the camera too.

The cyber-police has confirmed that young hacker developed their own malicious software with the purpose of selling to others. The hacker accepted payment on e-wallet of the Russian payment system then he transferred money to the personal account of one of the Ukrainian Banks.

Fake identity of a police officer and an orphan child, as well as a gun without any permits were found in the hacker's home.
Read more »

Banking Trojan attacks increase

Check Point’s latest Global Threat Index reveals an increase in banking trojan attacks in August as organisations feel the impact of large scale Ramnit campaign, that has been converting victim’s machines into malicious proxy servers.

Ramnit's fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years.

After staying dormant for few years, the Ramnit banking trojan resurfaced in July and jumped to sixth place. A wider analysis of how the banking trojan is evolving shows innovative development on the part of its authors, with an eye to broader malware trends.

“This is the second summer running where we have seen criminals increasingly using banking trojans to target victims and make a quick profit,” Maya Horowitz, Threat Intelligence Group Manager at Check Point commented. “Trends like this should not be ignored as hackers are acutely aware of which attack vectors are most likely to be successful at any given time, suggesting internet users’ browsing habits during the summer months make them more susceptible to banking trojans. This underlines that malicious hackers are tenacious and sophisticated in their attempts to extort money.”

Horowitz added: “In order to prevent exploitation by banking trojans – and other types of attacks – it is critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families cyber-attacks and brand new threats.”

During the period Coinhive remained the most prevalent malware, with impact on 17% of organization worldwide. Dorkbot and Andromeda were ranked in second and third place respectively, each with a global impact of 6%.

Coinhive – Crypto Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval the profits with the user. The implanted JavaScript uses a great deal of the computational resources of end users’ machines to mine coins, and may crash the system.
Read more »
Vulnerability
Microsoft Safari Browser.Apple Spoofing Attack Vulnerability

Address Bar Spoofing Attacks by Safari Browser





Security researcher Rafay Baloch as of late discovered vulnerability in the Safari browser that purportedly enabled the attackers to take control of the content shown on the address bar. The method enables the 'bad actor' to perform phishing attacks that are extremely troublesome for the user to recognize. The program bug is said to be a race condition which is enabling the JavaScript to change the address bar before even the website pages are loaded completely.

In order to exploit the vulnerability, with tracking id CVE-2018-8383 the attackers were required to trap the victims onto a specially designed site which could be accomplished quite easily and Apple, despite the fact that Baloch had instantly informed both Apple and Microsoft about the bug, deferred this fix even after its three-month grace period prior to public exposure lapsed seven days back.
While Microsoft reacted with the fix on Edge on August 14th as a major aspect of their one of the security updates. The deferral by Apple is what may have left the Safari browser defenseless thusly enabling the attackers to impersonate any site as the victim sees the legit domain name in the address bar with complete confirmation and authentication marks.

At the point when the bug was tested with Proof-Of-Concept (P.O.C) Code, the page could stack content from Gmail while it was hosted on sh3ifu.com and worked perfectly fine in spite of the fact that there are a few components that continued loading even as the page loaded completely, demonstrating that it is an inadequate  and incomplete procedure.

The main trouble on Safari though, Baloch clarified, is that user can't type in the fields while the page is as yet loading, nevertheless he and his group overcame this issue by including a fake keyboard on the screen, something that banking Trojans did for years for improving the situation and are still discovering new and inventive approaches to dispose of the issue at the earliest opportunity.

Read more »

Amazon To Share User Payment Data With Indian Government






Amazon, one of the world's largest E-commerce company has stated that they may start sharing payment data of its users with the Indian government authorities and enforceable agencies.

 According to its privacy policy listed on the company’s website: "We may be required to share the aforesaid information with government authorities, regulators and/or agencies for the purposes of verification of identity or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offenses. You agree and consent for APIPL (the company that houses the payments business) to disclose your information, if so required under the applicable law”.

However, customers need not worry as it is not going to harm any user until they are using Amazon Pay for legitimate transactions.  This policy means that if any of the agencies come to know about any illegal fund transfer on the Amazon Pay, then the government agencies can ask Amazon to share the information with them.

Amazon has a same digital wallet in their parent country, United States as well, but the disclosure norms are totally different.  In the US, they have to inform the public about how many data sharing requests have been received from the government agencies and in how many cases the information has been shared. The details of the questions have to be also disclosed.

But, there is no such kind of setup in India as of yet.

"This is in keeping with the regulatory requirements under the license granted by the RBI to Amazon Pay. Compliance with local laws and regulation is the top priority for us in all the countries we operate in," Amazon spokesperson told.


Read more »

New Address Bar Spoofing Trick preys upon Apple’s Safari


An unpatched vulnerability that sits in the Safari web browser lets cybercriminals have the command over the content that gets displayed in the browser’s address bar, this pattern of attack permits expertly designed phishing attacks which are unlikely to be noticed by the users with an average IT IQ.
The bug discovered by a security researcher – later scrutinized to be of race condition type and the cause of its occurrence is said to be the action of JavaScript being allowed by the browser to update the address bar before a web page is done loading completely.

Fix- Owners are taking their time

Reportedly, the vulnerability was only susceptible to reproduction in Safari and Edge web browsers as done by Rafay Baloch (Security researcher), who immediately brought the  risk to the notice of the makers of aforementioned browsers, but it was only Microsoft which responded with a patch on 14th August which came as a part of its periodic security updates release.
On 2nd June, Apple received a report regarding the bug, and a time span of 90 days to fix it before public disclosure which expired more than a week ago and there exists no patch for Safari yet.

Intellect and vision deluded

As of now, the vulnerability is tracked as CVE-2018-8383 and hasn’t received a severity score yet. In order to exploit it, tricking the victim in accessing a specially designed web page is a mandate and seemingly accomplishable.  
"Upon requesting data from a non-existent port the address was preserved and hence a due to race condition over a resource requested from non-existent port combined with the delay induced by setInterval function managed to trigger address bar spoofing,"   Rafay further explains in a blog post.
 The attacker delays the update on the address bar which allows him to impersonate any webpage, meanwhile the address bar continues displaying the legitimate domain name to the victim, complete and equipped with the authentication marks at all the right places.
BleepingComputer tested the bug on iOS with a proof-of-concept (PoC) page set up by the researcher. The page is designed to load content from gmail[.]com that is hosted on sh3ifu[.]com, and it all works seamlessly.
Even an expert’s eye can be befooled despite the presence of certain elements that are likely to deceive suspicious activity. For example, the webpage loading wheel and the bar both are visible, signifying the unfinished process.
However, a lot of websites witness this as the background components have a lower priority score while the page is being loaded. Users tap into ‘log in’ field without reading anything into that.
The users of Safari cannot access the typing field while the status of the page is still ‘loading’ and this is where the whole problem is based. Similar to what banking Trojans did for years, Baloch said that he along with his team made past this hurdle by injecting a fake keyboard on the screen.
According to the reports, a fix would be released by Apple in their next set of security updates.

Read more »

Tesla Hails Researchers To Hack Cars Without Fear

Tesla Hails Researchers To Hack Its Cars Without Fear

The security-conscious Tesla Motors have declared to the researchers that they are welcome to hack into their cars for research’s sake, without the dread of voiding any warranty, a non-running vehicle and any sort of legal obligation.


Before doing researchers such a huge favour, Tesla mentioned that there are certain requirements that are mentioned in the company’s vulnerability reporting programme, that need to be met.  To begin with, the enterprise must be sincere and valid, the registration of the vehicle, as well as the researcher,  is a must and of course, there must be an approval for carrying out the said tests.

Only after ensuring about the requisites will the company provide over-the-air (OTA) assistance to the researchers to get their cars up-to-date. Tesla standard tools including some other suitable ways make it possible for the car’s firmware to ‘reflash’ when used at service centres. 

According to the company’s warning, the requests for assistance must be narrowed down to a limit, expenditure for towing the vehicle is not to be expected and that the company's goodwill is not to be maltreated.

The researchers and their cars will be impervious to charges under the Computer Fraud and Abuse Act (CFAA).
If no other codes or binaries are approached by the pre-approved researchers, copyright infringement claims would not be put under the Digital Millennium Copyright Act (DMCA).

Megamos Crypto Transponder, which is used in anti-theft devices in key-less cars, had a major weakness to it, and researchers were impeded from revealing it by the help of a court order, back in 2013.  Volkswagen, Bentley, Audi and Porsche all of these celebrated brands had this system installed in their cars. Volkswagen sued the researchers and was able to hold back their work until 2015 when they finally exhibited it at the USENIX security conference.

With its head held high, Tesla fathoms the need for any such research work that makes its products better and refined in any way possible. In fact, the company has stated that if someone succeeds to report a confirmed vulnerability, the name of that researcher would be listed in the Tesla’s hall of fame.
Read more »

Mac app 'Adware Doctor' stores' users’ data and send it to China




Apple has removed a  top-rated paid anti-malware app Adware Doctor from its Mac App Store after it was found collection users browsing histories and other sensitive details, and sending it to China.

According to a well-known Apple security researcher Patrick Wardle, the app collected users web login history, app logs, and other security data from the devices it was installed on. The app collected data from Chrome, Firefox, or Safari, and converts it into a zip file, and then send it to a server in China.

“We tore apart Adware Doctor - one of the top grossing apps in the official Mac App Store. This research (original credit: @privacyis1st) uncovered blatant violations of users' privacy and complete disregard of Apple's App Store Guidelines,” Wardle wrote in a blog. “There is rather a massive privacy issue here. Let’s face it, your browsing history provides a glimpse into almost every aspect of your life.”

Although, unlike other apps, Adware Doctor ask for permission to access users' files.

“Once the user has clicked ‘allow,’ since Adware Doctor requested permission to the user’s home directory, it will have carte blanche access to all the user’s files,” Wardle said.

However, Apple took over a month to remove the app from the store. Even though Wardley informed Apple about Adware Doctor’s breach of MacOS security protocols, it remained ranked fourth paid app on the App Store.

“The fact that application has been surreptitiously exfiltrating users' browsing history, possibly for years, is, to put it mildly, rather f#@&'d up! Beyond its mistreatment and blatant disrespect of user data, the fact that Adware Doctor "dances around" the Mac App Sandbox seems to clearly be another violation as well,” Wardle added.
Read more »
Subscribe to: Comments (Atom)