Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Indian hackers attack Pakistan websites to pay tribute to people killed in 9/11

In order to mark the fourth anniversary of the Mumbai terror attack famous as 9/11, which took place on 26 November, 2008, two Indian hacking groups on Thursday targeted more than 130 governmental and non-governmental websites of Pakistan.

After the cyber-attack, it seems the enmity between Pakistan and India has gone up to the next level. The cyber-attack was not the new case for both of the countries.

A hacker group called Mallu Cyber Soldiers had attacked many Pakistani websites, including official government portals such as pakistan.gov.pk, president.gov.pk and cabinet.gov.pk, as a response to the attack on the Kerala government website on 27 September.

During that attack, those Pakistani hackers had displayed a message, praising Pakistan, along with a picture of a burning Indian National Flag.

A message like "Struck By Faisal 1337. Official Website Government of Kerala Hacked! Pakistan Zindabad. We Are Team Pak Cyber Attacker. Security is just an illusion", was posted in the website.

Now, the hacking groups were identified as Indian Black Hats (IBH) and Kerala Cyber Warriors (KCW). Both of them said to have attacked the websites in order to pay tribute to the dead people during the Mumbai attack.

"It is cyber pay back for 26/11 Mumbai attack against Pakistan," a hacker of Kerala Cyber Warriors team told IBTimes India. It just took a day for us to hack all these 125 sites with the background song "Oru Yathramozhiyode from Mohanlal's Kurukshetra movie. We have access to many Pakistan servers, so the defacing was easy."

On the same day, another hacking group IBH attacked almost 10 Pakistani websites and other domains.

"Indian Black Hats is a team with members from all over India and it is in cyber space from 2011 with the name Indian Cyber Devils. Now this year the name was changed to the recent one. We have not harmed these websites, but just uploaded a file as a pay back for 26/11 attacks," one hacker of IBH told IBTimes India.
Read more »

IT management firm LANDESK hacked

(pc- google images)
IT management firm LANDESK, which provides IT and security management services, has alerted its employees of a possible data breach.

The company recently warned its employees in a letter dated 18 November 2015, that hackers have obtained personal information, including names and social security numbers, of some LANDESK employees and former Wavelink employees.

On 25 November 2015, LANDESK stated that “We recently became aware of some unusual activity on our systems and immediately initiated safeguards as a precaution and began an investigation. As part of our ongoing investigation in partnership with a leading computer forensics firm, we recently learned that a small amount of personally identifiable information for a limited number of our employees may have been accessible during the breach. While no data compromises of personally identifiable information are confirmed at this point, we have reached out with information and security resources to individuals who may have been affected. The security of our networks is our top priority and we are acting accordingly. The few employees who may have been affected were notified promptly, and at this point the impact appears to be quite small.”

It was learnt from an unnamed LANDESK employee that the breach was first observed in June 2014 and was discovered when several employees complained about slow Internet speeds. The employee informed that the company has found remnants of text files with lists of source codes, and build servers  that the attackers compiled. He added that the attackers are slowly archiving data from the build and source code servers, uploading it to LANDESK’s web servers, and downloading it.

Claiming the breach as a speculation, LANDESK confirmed that security is and will continue to be a high priority for the company. 
Read more »
IT Security News
IT Security News

MagSpoof which costs $10 can steal your credit card number


Someone has made a device that costs $10 which could steal credit card information when anyone has lost his credit card and applied for a new card. And before he gets it, the device helps hacers to steal or at least guess the credit card number.

The device dubbed MagSpoof was made by Samy Kamkar. The device can predict and store hundreds of American Express credit card numbers, allowing anyone to use them for wireless payment transactions, even at non-wireless terminals.

According to the hackers, MagSpoof can spoof any magnetic stripe or credit card entirely wirelessly, it also disable chip and PIN (EMV) protection and accurately predict the card number and expiration date on American Express credit cards.

“MagSpoof can be used as a traditional credit card and simply store all of your credit cards (and with modification, can technically disable chip requirements) in various impressive and exciting form factors, or can be used for security research in any area that would traditionally require a magstripe, such as readers for credit cards, drivers licenses, hotel room keys, automated parking lot tickets, etc,” Kamkar said in a blog post.

MagSpoof emulates a magnetic stripe by quickly changing the polarization of an electromagnet, producing a magnetic field similar to that of a normal magnetic stripe as if it's being swiped. The magstripe reader requires no form of wireless receiver, NFC, or RFID. MagSpoof works wirelessly, even with standard magstripe readers. The stronger the electromagnet, the further away you can use it.

The device actually guesses the next credit card numbers and new expiration dates based on a cancelled credit card's number and when the replacement card was requested respectively. This process does not require the three or four-digit CVV numbers that are printed on the back side of the credit cards.


The hacker has notified American Express and said the company is fixing the flaw. 
Read more »
Featured
Featured

Security Flaw in VPNs can expose your IP address

Researchers from a virtual private network (VPN) provider, Perfect Privacy discovered a gaping hole which can expose the real IP-address of VPN users easily.

The flaw, dubbed "Port Fail," affects VPN providers including those of BitTorrent users which offer port forwarding and have no protection against IP leaks.

The issue, which affects all VPN protocols and operating systems, was uncovered after altering several affected competitors to the threat before making it public.

For the past several years, there has been a wider interest in usage of VPN to bypass censorship in countries with stringent internet access and to prefer anonymity with browsing, especially post-Snowden revelation.
VPNs are used across the world by the privacy conscious people and to circumvent geolocation-based content restrictions by disguising the true location of a person.

The aim of using a VPN is to hide an ISP IP-address, but the discovery showed that this can be easily bypassed on some providers by using a port forwarding trick. If the attacker uses the same VPN as the user, the IP-address can be exposed.

Perfect privacy tested the vulnerability with nine VPN providers which offer port forwarding. Among them, five were vulnerable, including Private Internet Access (PIA), Ovpn.to and VPN, which were notified before public disclosure and have fixed the issue.

PIA awarded Perfect Privacy $5,000 for the disclosure.
Read more »
Hacking News
Hacking News

Mr.Grey back again: Theft of 1.2 billion log-in credentials



Mr. Grey, not again! A Reuter report has confirmed that the famous hacker Mr. Grey’s involvement in stealing 1.2 billion internet credentials.

Mr. Grey, who had got the access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N), now linked by the FBI through a Russian email address to the theft of a record 1.2 billion Internet credentials.

According to the documents, which were made public by a federal court in Milwaukee Wisconsin, the hacker was associated with a cybsecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites.

The investigation started last year when Milwaukee-based cybersecurity firm obtained information that a Russian hacker group it dubbed CyberVor had stolen the 1.2 billion credentials and more than 500 million email addresses.

After that the FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam.

It also discovered an email address registered in 2010 contained in the spam utilities for a "mistergrey".

Further, it found out posts of 2011 by the hacker stating that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.


Alex Holden, Hold Security's chief information security officer, told Reuters this message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers via malware and viruses.
Read more »
Security Breach
Breaking News Security Breach

Hilton payment system attacked

One of the largest US based hotel chain Hilton revealed that hackers had infected some of their point-of-sale computer systems with malware crafted to steal credit card information.

They didn’t disclosed what data was taken, but cautioned everyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and July 27 of this year to check for any irregular activity from their debit or credit cards.

In an online post Hilton said that the Malware that infected system had a potential to retrieve cardholders' names, account numbers, security codes and expiration dates.

They further wrote that they are investigating the breach with the help of third-party forensics experts, law enforcement and payment card companies.

Starwood hotels, which operate the Sheraton and Westin chains, announced four days before Hilton that hackers had attacked their payment system resulting in leaking of customer credit card data in some of their establishments.

"The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date," the group said in a statement.

Starwood and Hilton are not the only one whose payment system has been hacked but last month Trump hotels has face the similar incidence of cyber attack.

"We believe that there may have been unauthorised malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels," Trump Hotel Collection said at a website devoted to details of the incident.

According to Trump hotels, the access could have taken place in between May 19 of last year and June 2 of this year.

Brian Krebs, cyber threat blogger at KrebsonSecurity.com explained the cyber attack on payment systems as "just the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments."



Read more »
Security News
Security News

Dell says "sorry" for installing vulnerable digital certificate


Dell has apologized as it confirmed via a blog post that a certificate (eDellRoot), installed on its PCs that introduced a security vulnerability.

It is said that the certificate allows attackers to cryptographically impersonate HTTPS-protected websites. However, the company has issued a software tool that removes the transport layer security credential from affected machines.

The certificate will not reinstall itself, once it is properly removed using the recommended Dell process.

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it,” the company said in the blog post.

According to the blog post, Dell’s customers, Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, informed the company about the presence of such certificate on its PC.

Dell has claimed that the certificate was not a malware but was there to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service their customers.


“We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward,” the company added. 
Read more »

Cyber Criminals from Russia steal $790 million in three years

It seems like Russian cybercriminals, who steal money from banks using Trojan, have been increasing every year.

Kaspersky Investigation Unit (KIU) has shown that more than 160 Russian hackers from small to large criminal gangs accused of stealing cash using Trojan.  

"This estimate is based both on the analysis of public information about the arrests of people suspected of committing financial cybercrime in the period between 2012 and 2015 and on Kaspersky Lab’s own data," Ruslan Stoyanov, chief of the KIU, said.

"Of course, this figure only includes confirmed losses, the details of which were obtained by law enforcement authorities during the investigation. In reality, cybercriminals could have stolen a much larger amount," Stoyanov added.

The security firm has said to have investigated more than 300 online financial attacks since 2013.
Recently, Stoyanov, has said that a hacking group stole US $790 million in three years from the World Bank’s account.

According to Stoyanov, a Russian cyber-crooks group, which includes 20 professional hackers, has stolen $509 million from the individuals and businesses from the U.S., and across the European Union since 2012.

The security experts’ research have suggested that these 20 people play leading roles in criminal activities that involve the online theft of money and information.

Similarly, the hackers have skill sets that mirror legit tech shops, including web designers, programmers, and BOFHs, along with cryptors who obfuscate malware in ways that help it to evade security software.

"Cybercriminal system administrators configure management servers, buy abuse-resistant hosting for servers, ensure the availability of tools for anonymous connection to the servers (VPN) and resolve other technical challenges, including the interaction with remote system administrators hired to perform small tasks," he said.

According to him, employees can be paid as freelancers or permanent staff, and are recruited through forums or in brazen public advertisements that often target underprivileged techs in areas like war-torn Ukraine.

It is said that the small group would buy crime kit like exploit kits and traffic services, while large criminal outfits with a dozen or more heads would do it themselves and target businesses, not just individuals.
Read more »

Lenovo releases updates to fix some privilege escalation vulnerabilities

PC maker, Lenovo had released a new version of its System Update software to fix some privilege escalation vulnerabilities discovered by an IO Active researcher, Sofiane Talmat.

Lenovo System Update is software which is designed to help users obtain driver, BIOS and application updates for Lenovo and Think systems. Previously it was also known as Think Vantage System Update.
The system update validates all system update files when they are downloaded from Lenovo servers. 

However, in cases of a malware being present, the downloaded updates can be altered before installation. The latest version released eliminates this possibility.

The System uses SUService.exe to run updates. The service only accepts command when a valid security token is passed along with the command. This process is part of the authentication and validation process.

Though utmost precaution was taken during system updates a big vulnerability was discovered on how the security token was generated allowing an attacker to run commands. The latest Lenovo System Update released fixed the token authentication flaws.

Talmat also discovered a local underprivileged attacker could execute commands like a privilege user of Windows system.

In the system update, an application, GUI is executed with temporary administrator account which includes link to various Lenovo website’s pages. As the link is clicked, the web pages open in a browser launched by temporary admin account which allows an attacker to leverage this browser session.

The vulnerabilities were reported to Lenovo on November 2 and they were patched on November 19 with the release of System Update 5.07.0019.


Apart from this, the PC Company has released many new versions of its system update software to address issues, including that of researchers from Trustwave, IOActive and Tencent’s Xuanwu Lab.
Read more »

Security flaws in LastPass allows attackers to access user passwords

Using a single password for multiple accounts is unsafe as it leads to the increased chances of hacking.  Even password managers have turned to be unsafe. This was found by a pair of Spanish researchers, Alberto Garcia Illera and Martin Vigo, who claimed that LastWord, a popular password manager, was also hacked.

Last year, both the researchers had managed to crack LastPass' master password for installations where the "remember password" option was activated.  The two have now presented a new series of attacks at  Black Hat Europe security conference in Amsterdam.

The two researchers studied three different scenarios. The first one is the client-side attacks. It was possible because of a LastPass design flaw in its session cookie. The cookie stored a password decryption key to encrypt the password vault key. Through various decryption steps, the access was granted to all user passwords.

In cases where 2FA  (two-factor authentication) was enabled, the password was not kept safer. This is because LastPass earlier used a method relying on locally stored tokens, in which 2FA could be easily bypassed. Moreover the same token was used for all browsers, and it was injected inside a page’s DOM structure, allowing attackers to steal it via XSS attacks.

The second one is the server-side attacks, where the researchers looked at LastPass' mechanism of injecting usernames and passwords into Web pages. Here, the LastPass used custom JavaScript and the attackers affixed malicious code to the custom_js LastPass parameter. This led to the stealing of data from login pages.
 There are also attackers that are not on the client nor on LastPass servers side.

The two researchers, however, said that the company was notified of the issues and it was quick to release fixes.
Read more »
Cyber Security News
Cyber Security News

World Bank site hacked to launch PayPal phishing page

A report published in SecurityWeek confirmed that the official website of a World Bank’s Climate Smart Planning Platform (CSPP) project had been hacked by two hackers which, was later used to host a well-designed PayPal phishing page.

According to the news report, the CSPP project, which focuses on helping developing countries create and implement climate-smart policies, was ideal for phishing attacks as it used an Extended Validation (EV) SSL certificate issued by Comodo for the World Bank Group.

Since the website carried EV and SSL certificate issued for the World Bank Group, it gave the phishing website enough credibility for the visitors to easily fall for it.

It is said that the certificate gives the “highest available level of trust” as it is offered after an extensive verification process.

After that it displays the name of the owner.

Now, the PayPal phishing site tricked the visitor into logging in with their PayPal credentials. Soon after, the data was submitted and stolen, the user was prompted that the site was unable to load the user’s account and required confirmation of their personal information.

The site then required the user to share their email address, name, postal address, date of birth, and phone number.

Then, it asked the user to verify their PayPal payment information, including credit card number, expiry date, its CVV number, and 3D Secure password if the card required verification. After collecting this personal and payment information, the phishing site then directed the user to the legitimate PayPal website.

The phishing page was hosted on climatesmartplanning.org, the fact that the green address bar in the browser displayed “World Bank Group” might have convinced users that the page was legitimate.

According to various news reports, the same CSPP website was also targeted by a different type of hacker. Although, the phishing page was removed by the CSPP webmasters, the site’s homepage was defaced by an Iraqi hacker who appears to deface random websites in an effort to boost his reputation among his peers.

Today, the site’s EV certificate has been revoked.


Read more »
Subscribe to: Comments (Atom)