Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Personal Data Leakage of Russian Railways Passengers


Pavel Medvedev, a specialist in search engines of Rush Agency, came to the conclusion that users of sites of such large companies as Russian Railway, VTB Bank, Sberbank, as well as the Moscow city hall, can at any moment become victims of fraud.

"I believe that many good specialists and developers have shifted to the West and the quality of staff in IT has decreased because of the crisis in Russia," said Pavel.

People who serve the Internet resources of companies make stupid mistakes. For example, they do not write down which pages the search engines can enter and which cannot. Search engines don't care where they collect information. The reasons behind data leakage are Unprofessionalism and incompetence of IT professionals and the attempts of companies to save money.

How can it be dangerous? For example, a person buys a train ticket with a departure date in six months. He receives an SMS with a link to his personal account to view and edit information. At the same time, "Yandex.Browser", Android or metric counter tells the search engine that a previously unknown page has appeared. The search engine sees that the page is working and indexes it.

Hackers who does searches related to train ticket booking gets the data and access the user's personal account, rewrites the document in his own name and after six months leaves on the train instead of the real ticket holder.

It is important to note that the personal data leakage happened not for the first time in Russian Railway. In 2016, a group of hackers found in the open access database of 3,500 passengers, including customers of the railway monopoly.
Read more »

An unknown Malware led to loss of Rs 94 crores in Two days from a Pune-based Cosmos Bank






Hackers transferred over Rs 94 crores from a 112-year-old Pune-based Cosmos Co-operative Bank through a malware attack that was directed on the server of the bank and on its thousand's of debit cards.

The attack was carried out for over multiple days in which about Rs 78 crore was withdrawn from more than 12,000 ATM transactions in 28 countries. While another 2,800 transactions of amount Rs 2.5 crore were made from different cities in India.

As per the reports, Rs 13.9 crore was transferred to foreign banks through SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction.


“A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach,” the official said.


According to the bank, their core banking system (CBS) was intact and the malware attacked the switch, which is responsible for payment gateways of Visa and Rupay debit cards, as all the credit cards which were used in the hack was of Rupay or Visa.


"The core banking system (CBS) of the bank receives debit card payment requests via 'switching system'. During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system," said the statement.

On August 11, the bank came to know about the suspicious transactions were taking place through their debit cards, and they immediately aborted all its credit card payment system in India as well as in foreign countries.

“None of the customers’ accounts were touched and it is the bank which has incurred the loss of this money,” the official said.

The Bank has said there is no need to panic as there have no fraudulent transactions from any of the customer's account.

The statement underscored: "As it is a malware attack on the Switch which is operative for the payment gateway of VISA/RuPay debit cards and not on the CBS of the bank, the customers' accounts and its balances are not at all affected."

A professional forensic investigation team has been called up to look into the matter, and they will submit their report in the next few days regarding the modus operandi of the attack and the exact amount involved therein.

Read more »
Vulnerability
Amazon Echo Hacking Privacy Breach Vulnerability

Flaw In the Amazon Echo; Allows Hackers to Listen In To Users’ Conversations





Security researchers from the Chinese tech giant Tencent as of late discovered a rather serious vulnerability in Amazon Echo. The vulnerability is termed serious on the grounds that it enables programmers to furtively tune in to users' conversations without their knowledge.

The researchers in a presentation which was given at the DEF CON security conference, named ' Breaking Smart Speakers: We are Listening to you,' and precisely explained as to how they could assemble a doctored Echo speaker and utilize that to gain access to other Echo devices.

'After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping. When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker.'

Researchers utilized Amazon's Home Audio Daemon, which the device uses to communicate with other Echo devices on a similar Wireless connection, to ultimately control the users' speakers. Through which they could quietly record conversations or even play random sounds.

The attack though, is the first one that the researchers have distinguished a noteworthy security defect in a well-known smart speaker such as the Amazon Echo. The researchers have since informed Amazon of this security imperfection and the firm said it issued a software patch to the users' in July. They likewise note that it requires access to a physical Echo device.


In any case, Amazon and the researchers both warn that the technique distinguished is extremely modern and in all probability is easy for any average hacker to carry out. 'Customers do not need to take any action as their devices have been automatically updated with security fixes,' says an Amazon spokesperson.

Yet, some have brought up that the attack could also be carried out in regions where there are multiple Echo devices being utilized on the same network, the simplest example of it are the Hotels or Restaurants.

Nonetheless prior this year, researchers from University of California, Berkeley too recognized a defect where hackers could not only control prominent voice assistants such as, Alexa, Siri and Google Assistant but could also slip indiscernible voice commands into audio recordings which could further direct a voice assistant to do a wide range of things, that range from taking pictures to launching websites and making phone calls.

Read more »

‘Man-In-The-Disk’: The New Cyber Monster!

‘Man-In-The-Disk’: The New Cyber Monster!

The most common android applications have been noticed to be susceptible to a recent cyber-attack of the name “Man-in-the-disk”. 

This extraordinarily named attack is said to allow a third party application to take control over or crash other apps and (or) run a malicious code in the phone.




According to ‘Check Point Research’, there is, apparently, a design flaw in the Android’s Sandbox, which is leading to the external storage of the Android phones to be a paved pathway towards the MitD attack. These attacks, possibly, could have hazardous results. Hidden installations of unwanted, malicious and unrequested applications, denial of service to other genuine apps and crashing down of the applications, to name a few, are some of the outcomes. This might lead to the injection of infected code that might make the application run in the way the attacker wants.
When irresponsible and heedless users let any unknown application use their storage, these kinds of attacks are all the more likely to happen.

Man-in-the-disk’s course of action.

Basically, any of the apps available on the store could have the ability to interfere with the storage data of another app, which is one of the very causes of this attack. Moreover, without caring much about the security hazards users very carelessly allow the apps the access to their storage.

Several tests were conducted, during one of which, the Check Point researchers succeeded in creating a malicious app that could give the impression of being a flashlight app. That app was then used by the researchers to gain access to the external storage space. Two types of attacks were accomplished by the end of the various tests, one of them could crash other applications and the other could update applications into their malicious forms.

In the first type of attack, there is an invasion in another app’s external storage files by insertion of malicious data which results in the crashing of the application. This attack could exploit the rival apps and could easily take advantage of the faulty design and malicious codes could be injected within.

The crashed app will ask for more permissions than the original one and if so, the attacker would have a chance to bum up his ability to approach more sensitive features. These permissions are such that are not at all received by the original app.
There exist applications that put update files into the external storage, before the update is done. Those files could be easily replaced with the malicious versions of themselves or a third party application, altogether. This is what the case is, in the second type, when the apps get updates; there is an attacker app that supervises the space of the external storage.

How To Avoid The Attack.

1.     When dealing with data from the external storage, perform input validation.
2.     External storage should not be filled with class files or ‘executables’.
3.     Preceding the dynamic loading the external storage files must be signed and cryptographically verified.


Some pretty popular apps were detected with the two types of ‘Man-in-the-disk’ attack, according to Check Point. To cite some examples, Google Translate, Yandex Search, Yandex Translate, Google Voice Typing and the super trendy Xiaomi are the applications that are exposed to the malicious update type attack.
The primary reason, these Android apps are being attacked is that the application developers have carelessly overlooked the Android Security Guidelines that include the basic methods for working with external storage.
Xiaomi decided not to take this ‘Man-in-the-disk’ situation into hand whereas, quite fortunately, Google, realizing the issue, has already released a patch for the affected applications.



















Read more »

Police body cameras can be easily hacked

Body cameras used by the law enforcement nowadays have already remained controversial but no one has, so far, attempted to assess the credibility of the device itself. But, a demonstration at Defcon 2018, in Las Vegas over the weekend showed police body cameras are increasingly becoming popular with U.S. police forces can be hacked and footage stolen or replaced. Associated metadata can be manipulated (such as the location, time, and date where the video was shot) as well as expose police officers to tracking and surveillance.

According to the findings of a security consultant at Australia based cybersecurity firm Nuix, by attacking police body cameras, a hacker can easily manipulate footages. Researcher Josh Mitchell assessed five different body camera models from different manufacturers: Vievu LLC (which was acquired by Axon in May 2018), Patrol Eyes, Fire Cam, Digital Ally Inc. and CeeSc and found these cameras to be vulnerable to remote digital attacks. These are the main companies that sell their devices to law enforcement authorities in the US. Surprisingly though, Mitchell left out the market leader Axon.

In theory, body cameras can act as an “objective” third party during police encounters with civilians, thereby protecting civilians from excessive use of force and protecting police departments from unfounded claims of abuse.

There is scant evidence to suggest that body cameras limit the use of force or complaints about the use of force, however, and now even their ability to faithfully record a police interaction is being cast into doubt.

With the exception of the Digital Ally device, the vulnerabilities allow a hacker to download footage off a camera, edit things out or make modifications and then upload it again with no record of the change. Hackers can use the addresses to identify the cameras remotely, as soon as the device is switched on. This would allow hackers to keep a check on police activities as they can easily watch footages from various cameras that are switched on at the same time and place.
Read more »

Hacker bribes Czech Police in effort to get the seized hard drive containing details of 3200 Bitcoins


Hacker Peter Krzhystka, who is accused of cyber-fraud, offered a bribe to police officer at 384 million kroons (17 million USD) for the return of the hard drive that was seized during the search. However, police officer Lukasz Lazetskiy from the city Brno refused a bribe.

The police consider Peter one of the most dangerous hackers in the country. Earlier, he was already sentenced to four years in prison for hacking Bank accounts and stealing financial information.

During a search of the hacker's apartment, the investigators seized his hard drive and other computer equipment to understand his criminal activities. The hacker showed special interest to the disc. But the police did not know what was on it, as no one was able to decipher the access codes to the digitized data.

According to the Prague News media, one of the hacker's friends offered to the police officer a bribe at 17 million $ and asked him to return the hard drive and to delete it from the list of confiscated property. As it turned out later, the hacker hid information related to more than 3,200 Bitcoins on the hard drive, the total cost of which is about 800 million kroons (about 35 million USD).

Police officer Lukasz Lazetskiy refused a bribe and reported the incident to his superiors. A criminal case was initiated on the fact of the attempted bribery.
Read more »

Hacking a brand new Mac during setup process






Planning to get a brand new Mac that is free from all kind of bugs and has a robust security system, but there is no such device.

According to security researchers, a brand new Mac could be easily compromised remotely just after it connects to Wi-fi.

The researchers will demonstrate the Mac security flaw on Thursday at the Black Hat security conference in Las Vegas. The attack is done by taking advantage of Apple’s Device Enrollment Program (.pdf) and its Mobile Device Management platform.

The flaw in the enterprise tools allows hackers to install malware inside the operating system remotely.

Jesse Endahl, chief security officer of Mac management firm Fleetsmith, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time.”

 “By the time they’re logging in, by the time they see the desktop, the computer is already compromised,”  Endahl says.

Last month, the security researchers had notified Apple about the flaw, and in response to that the company has released a patch for macOS High Sierra 10.13.6, however, the devices that have already been manufactured and ship with an older version of the operating system will still be vulnerable.



Read more »

Korean trojan spreading tentacles


A newly discovered ‘Key Marble’ strikes the cyber world causing huge concern for millions of internet users these days. The north korean Trojan, according to what the cyber security experts claim, helps the hackers get access to the details of a device at ease.

 Apart from these, ‘Key Marble’ keeps capturing the screenshots and can download files on every passing moments forcing the experts at the cyber security firms to evolve out an affective mechanism to counter the escalating threat of cybercrimes.

 After an initial study, the experts have stressed an updated anti virus software, strongest passwords to keep these hacking forces at bay.

Further, the internet users can configure personal firewalls on the workstation which could help them ignore unwanted requests.

 The existence of the malware in question surfaced as clear as broad day light when the top cyber security experts from McAfee had a great deal of deliberations at the Black Hat 2018 early this week.

Each of the speakers dwelt at length how the North Korean malware can infect the system. After code analysis the cyber experts successfully identified the links of the vital points acting on the case studies of how North Korea has been aiding and abetting the hackers.

 Both the companies---McAfee and Intezer code go to engine to ensure that the automated analysis process is done. The analysis of both the companies have some common striking similarities.

 The country’s top cyber research experts are learnt to have been possessing the details of the cyber attacks in North Korea. The cyber world experts claimed to have been in the possession of a link between a bank which keeps running at the leadership of a billionaire.

The bank in question got listed more than once in the very code of the malware which happens to be the possessor of fund that has gone missing.
According to the available records, the biggest one attacks, beyond doubt, targetted the Bangladesh Bank. Others in the hit list include the central bank of Bangladesh
Read more »

Infamous Belarusian Hacker "Ar3s" behind Massive Andromeda Botnet Released

Sergei Yaretz, 35-year-old, one of the most wanted hackers from Belarus who was arrested in last December has been released.  It is reported that this is the first time in Belarus there was a process of cyber crime.

In December 2017, Sergei also known as 'Ar3s'( 'Арес' in Russian/Ares - The Greek god of war, also fictional super villain in DC Comics)  was arrested in a joint operation involving Belarus, U.S FBI and European Law Enforcement Agencies in order to dismantle the notorious botnet "Andromeda".

It is reported that the hacker is recognized as a leading expert in malware development and reverse engineering.  He was working in a local television "Televid" as a technical director.

He sold the Andromeda malware for $500 and the software update for $10.  In addition, Sergei was accused of administering forums for hackers.   He also reportedly charged about $250 for any assistance in taking data from any web browser.

He is also the administrator of the Andromeda bot network.  The Andromeda botnet is made up of a large number of computers that have been infected with malware that allows hackers to control them.  He also leased these networks to other criminal groups or individual hackers to mount malware or phishing or similar cyber attacks.
The Andromeda botnet was used by many cyber criminal groups to distribute a large number of malware.  According to Microsoft, there was 2 million infected computers were under the control of this botnet prior to the take down.
Sergei said that his program did no harm to the computer.  It all depends on the buyer.   He said he didn't steal money from anyone, was only selling the program.  He also said that the original developer of this malware from Russia asked him to help in distributing this malware because the original author did not have time.

It is reported that Microsoft sent a document to the local authorities stating that damage caused by the Ares is about 10 million dollars.  However, it was not presented in the court.  Only the 11,000 Belarusian rubles is considered as the damage of his action which he earned by selling the malware.

He pleaded guilty and repented. He even helped the investigation in the disclosure of the mechanisms of "Andromeda".

The prosecutor asked court to punish Sergei for 2 years of imprisonment.   The court sentenced him to pay a fine.  But, it is said that he does not need to pay the fine as he already spent 6 months in a custody during the trial.  According to the local media, he again got a job in TV.
Read more »
Personal Security Breach
DNS Hijacking Personal Security Breach

Attackers Targeting Dlink DSL Modem Routers ; Exploiting Them To Change The DNS Settings




A recent research has found attackers to be resorting to targeting DLink DSL modem routers in Brazil, with a specific end goal to exploit their DNS settings, which at that point enables them to redirect users endeavoring to associate with their online banks to fake banking websites that steal the client's record data.

As per the research by Radware, the exploit being utilized by the hackers enables them to effectively scan for and script the changing of a lot of vulnerable switches so the user's DNS settings point to a DNS server that is under the hacker's control.

Example of Fake Cloned Bank Site (Source: Radware)
Certificate Warning on Fake Site

At the point when the user attempts to connect to a website on the internet, they first question a DNS server to determine a hostname like www.google.com to an IP address like 172.217.11.36.
Their PC at that point associates with this IP address and starts the coveted connection. In this way by changing the name servers utilized on the router, users are diverted to fake and malignant sites without their insight and made to believe that these sites are indeed legitimate and dependable.
The pernicious URL takes the following form:

/dnscfg.cgi?dnsPrimary=&dnsSecondary=&dnsDynamic=0&dnsRefresh=1

at the point when the exploit permits unauthenticated remote configuration of DNS server settings on the modem router.

Radware’s research stated that – “The uniqueness about this approach is that the hijacking is performed without any interaction from the user, phishing campaigns with crafted URLs and malvertising campaigns attempting to change the DNS configuration from within the user’s browser have been reported as early as 2014 and throughout 2015 and 2016. In 2016, an exploit tool known as RouterHunterBr 2.0 was published on the internet and used the same malicious URLs, but there are no reports that Radware is aware of currently of abuse originating from this tool."

The researcher's state that the attack is deceptive as the user is totally unaware of the change, the hijacking works without creating or changing URLs in the user's browser.

A user can utilize any browser and his/her consistent regular routes, the user can type in the URL physically or even utilize it from cell phones, for example, a smart phone or tablet, and he/she will in any case be sent to the vindictive site rather than to their requested for site since the capturing viably works at the gateway level.

Radware along these lines , recommends users to utilize the http://www.whatsmydnsserver.com/ website to check their router's configured DNS servers, with the goal that they can alone decide whether there are servers that look suspicious as they won't be relegated by their internet service provider.

Read more »

Amazon Web Service Error exposes GoDaddy's 31000 servers



An unsecured  Amazon AWS bucket configuration has exposed exclusive information about the world's leading host provider company GoDaddy.

In June,  cybersecurity firm UpGuard’s risk analyst Chris Vickery found out files containing
detailed server information was stored inside an unsecured S3 bucket, a cloud storage service provided by  Amazon Web Services.

 Looking into the database "abbottgodaddy,"  he revealed that it contains multiple versions of data which might go over 31,000 GoDaddy systems.

According to UpGuard, the leaked information had architectural details as well as "high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios."

Exposed details include configuration files for hostnames, operating systems, workloads, AWS regions, memory, and CPU specifications.

"Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields," the cybersecurity firm said.

Meanwhile, Amazon has issued a clarification, stating that no GoDaddy customer information was stored in the exposed S3 bucket:

"The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer. No GoDaddy customer information was in the bucket that was exposed. While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket.”

Read more »
Subscribe to: Comments (Atom)