Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Vulnerability and Exploits
Mirai Passwords Telnet TP-Link Vulnerability and Exploits

TP-Link Routers Vulnerable Again; Voids Passwords! Patching Highly Suggested!



A “zero-day vulnerability” was recently discovered in the “TP-Link Archer C5v4 routers” with the firmware version 3.16.0 0.9.1 v600c and of the build 180124 Rel.28919n.

This vulnerability could affect devices both at corporate levels as well as domestic level. The attacker could take control of the routers configuration by way of “telnet on the local area network” and it could connect to the File Transfer Protocol (FTP) via the LAN or WAN (wide area network).

The attackers could gain complete access of all the admin licenses and privileges. Enabling guest wi-fi, and acting an entry point happen to be a few other demerits of the vulnerable router.

Previously as per reports there was a “password overflow issue”. When a string shorter than the estimated length is typed then the estimated length is sent as the password, altering the actual password whereas if too long then the password gets void.

The vulnerability allegedly depends on the type of request that is sent through for requesting access to the device. Either it is safe or is vulnerable. The safe requests for HTML content there are two aspects that need to be taken into account.

One of them being the “TokenID” and the other being “the JSESSIONID”. Per reports the common Gateway Interface though, is only based on the referrer’s HTTP headers if it matches the IP address or the domain related to it then the main service of the routers thinks it to be valid and if the referrer is removed it responds as “Forbidden”.

The automated attacks that were dissipated via the botnet malware, “Mirai” were caused by weak passwords that allowed access to the FTP server and even provided console access.


Reportedly, the function “strncmp” is used to validate the referrer header with the string “tplinkwifi.net”. It apparently also validates for the IP address. This is definitely hence a disconcerting vulnerability which could be easily exploited.

The shorter strings when sent corrupt the password stopping the users from logging in but luckily it would stop the attacker too. FTP, Telnet and other services are mostly affected by this.

A longer string length made it entirely void and the value became empty. This made Telnet and FTP accessible simply by using “admin” as a password which is the default.

The same configuration of FTP is also allowed on the WAN. The router also reportedly happens to be vulnerable to the CGI attack which is pretty injurious to privacy.

So far there isn’t a way to set a new password, but even if there were the next vulnerable LAN/WAN/CGI request would void that password as well. Per reports, another aftermath of this vulnerability is that the RSA encryption key would crash.

This vulnerability is extremely disconcerting when the “Internet of Things” IoT security is considered at large. Millions of businesses and homes could be affected by any exploit or vulnerability these routers disperse.

What could be done right off the bat is, creating stronger passwords, applying two-factor authentication, changing all the default passwords and at last applying mitigating controls to all the devices in use.

Patching is HIGHLY ADVISED. TP-Link has provided patches for the TP-Link Archer C5 v5 and other versions.
Read more »
Vulnerability and Exploits
Amazon Google Google Smart Speakers Vulnerability and Exploits

"Smart Spies"- Amazon Alexa and Google Home's Voice Assistant Were Vulnerable to a Security Flaw


Alexa and Google Home smart speakers have been vulnerable to a security threat that made eavesdropping, voice phishing and using people's voice cues to deduce passwords possible for hackers. The hack also allowed hackers to befool users in handing out their private data without any knowledge of the same being happening.

In October, security researchers who discovered "Smart Spies" hack and new ways in which Alexa and Google Home smart speakers can be exploited, are now warning about the need to formulate new and effective methods to guard against the eavesdropping hack, reports Threatpost. Notably, no major steps were been taken to ensure protection against these hacks.

SRLabs, a Berlin-based hacking research company, told about the discovery of the vulnerability being made by them earlier this year, they went on reporting it to the concerned organizations, Amazon and Google. Furthermore, in an attempt to demonstrate the exploitation of the flaw, the firm shared a series of videos on Sunday.

As per the reports by CNN Business, Amazon and Google told that the vulnerabilities have been taken care of and likewise the issues have been fixed.

The company "quickly blocked the skill in question and put mitigations in place to prevent and detect this type of skill behavior and reject or take them down when identified," a spokesperson from Amazon told CNN Business.

Addressing the issue, SRLabs states in a blog post, "Alexa and Google Home are powerful, and often useful, listening devices in private environments. The privacy implications of an internet-connected microphone listening in to what you say are further reaching than previously understood."

Experts recommended users to be more mindful of the potentially malignant voice apps that can infect smart speakers, "Using a new voice app should be approached with a similar level of caution as installing a new app on your smartphone."

"To prevent ‘Smart Spies’ attacks, Amazon and Google need to implement better protection, starting with a more thorough review process of third-party Skills and Actions made available in their voice app stores. The voice app review needs to check explicitly for copies of built-in intents. Unpronounceable characters like “�. “ and silent SSML messages should be removed to prevent arbitrary long pauses in the speakers’ output. Suspicious output texts including “password“ deserve particular attention or should be disallowed completely." The blog reads. 
Read more »
Russia
cryptocurrency mining Cyrptocurrency malware Malware Report Russia

Hackers using government websites of Russian Federation for mining


Cybercriminals used to generate cryptocurrencies not only computers of ordinary Internet users but also the resources of large companies, as well as the websites of government agencies of the Russian Federation. This was announced at a press conference on Monday by Nikolai Murashov, the Deputy Director of the National Coordination Center for Computer Incidents (NCCCI).

"Cases of cryptocurrency mining with the help of infected information resources of state organizations have been identified. In this case, attackers infect web pages, and mining is carried out at the moment they are viewed pages in the browser,” said Murashov.

He noted that the cost of most virtual coins is very high, so there are a lot of people who want to earn money easily. "Up to 80% of the free power of a computer can be used to generate virtual coins, and the legal user may not even know about it," said the Deputy head of the NCCCI. He noted that the seizure of servers of large companies for mining purposes threatens to significantly reduce their productivity and significant damage to the business.

Murashov at a press conference also said that in 2019, about 12 thousand "foreign information resources were blocked, which were used by attackers to damage our country."  In addition, according to him, in the Russian Federation at the request of foreign partners in the current year, the activities of more than 6 thousand malicious resources were stopped.

According to Murashov, users should pay attention to the security of their computers to counter such attacks. The fact of infection with malicious software should serve as a signal that the computer is poorly protected and can become a victim of any attackers.

Murashov noted that two Russian citizens were prosecuted for mining cryptocurrencies through infected computers of organizations.

"In Russia recently there were two cases of criminal prosecution of persons who used seized computers for mining cryptocurrencies," said he.

One of them is a resident of Kurgan, who used almost an entire bot network in various regions of the country. In the second case, a criminal case was initiated on the fact of using the site of company Rostovvodokanal for mining.

Read more »
Vulnerabilities and Exploits
Android Bug Vulnerabilities and Exploits

All Android Users Beware! All The Android Versions Vulnerable To This New Bug 'StrandHogg'


Android is vulnerable anew owing it to a new bug that goes by the name of “StrandHogg”. It is a serious issue as the bug could penetrate the entire security mechanism with a single wrong click of the user.

This bug has a special provision where it allows malicious applications and malware to pose as legitimate applications. The applications look so real that the user is unaware at all times.

The fake applications then find a way to the users’ sensitive data that too in real-time. Per reports, all the versions of Android are susceptible to this bug even the latest Android 10.

Surprisingly, the worst part about the bug is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device.

Listening in on conversations and recording them, accessing login credentials, read/sending unwanted texts and even complete control of the photo album, call logs and contacts are allegedly a few of the many things the bug can do.

“StrandHogg” can let the hackers have a complete hold over the affected device’s camera which is pretty disconcerting given the hackers could turn on visuals whenever they find fit which could be a massive breach of privacy.

All of the senior police personnel have been alerted regarding the hazard. Several measures have also been scheduled to be taken along the lines of public awareness about the bug.

Things to steer clear off include pop up notifications asking permission for sending notifications, messages or other related things and applications asking to log in again despite being already logged in.

If such requests are allowed, the bug would let the hackers have almost complete access to the device from the camera to live conversations be it a cell phone or a tablet.

Other warning signs include suddenly non-functional links and permissions being asked by applications that have never needed them before.

The Home Ministry’s Cyber Crime Coordination Centre reportedly cited that over 500 Android applications are under the peril of an attack by this bug. They also released to all the states, a list of the plan of action of the bug.
Read more »
Russian Cyber Security
Cyber Security cyber threat National Cyber Security Russian Cyber Security

In Berlin, Russian and German scientists discussed the danger of smart gadgets


By December 15, on behalf of President Vladimir Putin, the Russian government should prepare a Federal project "Artificial intelligence", which will prescribe tasks and measures to support the development of digital technologies in the country until 2030. Meanwhile, an inter-University conference was held in Berlin with the participation of Moscow specialists, aimed at attracting promising personnel to the Russian Federation for the development of the digital economy.

According to Pavel Izvolsky, the director of the Russian House of Science and Culture in Berlin, such events help to improve relations between Russian and foreign universities and research centers in the field of innovative digital technologies.

Nevertheless, talented students from other countries, even such economically and technologically successful ones as Germany, have a lot to learn in Russia. According to Izvolsky, such simple things for Russians, as paying for Parking from a mobile device or obtaining various certificates through the portal of public services, are not yet available for the Germans.

"In this sense, it's just a Stone Age," stated Izvolsky. The topics discussed were various, from the use of blockchain technologies in the banking sector and the introduction of intelligent transport systems in megacities to ensuring cybersecurity in the everyday sense when it comes to the use of gadgets by children.

The report of the leading content analyst of Kaspersky Lab Andrei Sidenko caused a great response. He talked about how the younger generation spends time on the Web, what threats are most often exposed and how parents react to it. For example, surveys have shown that for the first time children get access to smartphones from the age of three, and by the age of 11-14, 37 percent of young

Russians have personal gadgets. In the same studies, 85 percent of domestic teenagers answer that
they can not do without a mobile phone, and almost all the free time 15-18-year-old schoolchildren spend almost all their free time on the Internet. But every third parent does not know what exactly his child is watching on the Web. Children are in a rather vulnerable position: they share personal data, open "adult content", are subjected to cyberbullying or are involved in communication with dubious persons, and so on.

The discussion on digitalization in Berlin was the next in a series of international inter-University conferences that Rossotrudnichestvo (the Federal Agency for the Commonwealth of Independent States, Compatriots Living Abroad and International Humanitarian Cooperation) has already held in India, Indonesia and Iran. As a result of the past conferences, memorandums of cooperation between Russian and foreign universities were signed.
Read more »
malware
ATM Juice Jacking malware

State Bank of India Issues Warning of Juice Jacking


In recent months there has been a rise in cyber-frauds with people losing money on online payment or digital transactions. As digital transactions increase so do hackers get more and more creative in their ways of siphoning money. Cons where people accidentally reveal OTP and pins have become quite common but now a new malware has shown up. As such, the country's prominent bank State Bank Of India issued a warning against Juice Jacking also known as USB charging scam.


A new technique that infects mobile phones with malware when they are connected to public charging ports and steal their personal information. What is Juice Jacking? Juice Jacking is stealing your personal information via a USB port. Hackers have developed a simple benign-looking USB port like a gadget that is attached to charging sockets at public places. Once the user connects his phone to this charging device the USB port infects the phone with malware. Then this malware gets active and sends personal information like contact details, emails, messages, photos, private videos, and sensitive financial credentials to the hacker. The miscreant then uses this information to siphon user's money.

The media reports, "Hackers adjust ports on these charging stations with sophisticated USB-like widgets that don’t look unusual for most. Once a user connects to one of these malicious ports, the device bypasses the phone’s security to steal the contents of the phone, including bank details, emails, messages, photos, and private videos, by injecting malicious software." Weeks earlier California Los Angeles County District Attorney department also issued a similar warning of Juice Jacking to locals and travelers.

Now, SBI also warns people to not charge their phones and other devices from public charging portals at station and airports.

 How to protect your phone? 
Don't ever plug your phone to USB charging ports.
Always use two pins AC electrical outlets.
Better bring your charger or power bank as prevention is better than cure.
Avoid charging your phone at a public place like a metro station.

Read more »
Dark Web
ATM Hacking Cyber Crime Dark Web

ATM Attacks-Know how ATMs can be hacked under 20 minutes!!!



Want to know something interesting and alarming? A research report published last year revealed that most ATM's can be hacked in less than 20 minutes. And extensive research showed that 85% of ATMs allowed attackers access to the network and 58% had vulnerabilities in their programmes that could be used to control the machine from far of location.



This research concludes the extreme fragility of ATM machines and can be a huge threat as they not only hold huge amounts of cash but also user data and if the data entered by user like pin, phone number or card could be traced then it poses a grave security issue.

CloudSek, after this report scrounged the dark web to find the various ATM hacking strategies and counjoured up a list to make people more aware and stay safe from cyber crimes.

Method 1: ATM Malware Card

This is the most popular method out there. It includes an entire malware kit containing ATM Malware Card, PIN Descriptor, Trigger Card and an Instruction Guide.
Once the Malware Card is installed, all the user information is captured in the machine and then hackers using Trigger Card can dispense all the cash from the ATM.
The kit comes with step by step procedure clearly explained and Windows XP supportable.

Method 2: USB ATM Malware

This is also windows XP supported. It allows hackers to dispense cash from ATM via Malware-hosted USB .

Method 3 : ATM Hacking Appliances

According to CloudSek, "There are a number of ATM Skimmer Shops on the dark web that offer various ATM Hacking Appliances such as EMV Skimmer, GSM Receiver, ATM Skimmer, POS, Gas Pump, Deep Insert, etc. Many shops offer a package of these different devices together."
"These shops are available on the dark web and keep getting updated with newer devices including Terminals, Upgraded Antenna, custom-made ATM Skimmers, RFID Reader/Writer, and so on."

Method 4 : Prepaid Cards

Some sites on the dark web offer cards like Bank Fulls and physical cards that can be used for online transactions and as debit cards in ATM respectively.

Method 5: Tutorials and Case Studies

 There are a range of tutorials and case studies on the dark web as to how to hack ATMs . To site one, there is a forum that gives detailed account on how to access these machines using Botnets.

Method 6: Ploutus-D 
This was used in a recent ATM hack, where it gained control of the machine, the cash dispenser, card reader, and pin pad. The source code of Ploutus-D is now being sold on the dark web.

In Conclusion

 It's not easy to comprehend that a machine so extensively used in daily life could be so easy to hack and could be siphoning your money to hackers but ATM attacks are becoming quite common, a hard pill to swallow but it's the reality. 
Read more »
Online data breach
Cyber Fraud Hacking Online data breach

Online Payments for Water Services Intercepted By Hackers


The City of Waco warns residents that their online payments for water services may have been impeded by hackers who stole credit card details.

As per a spokesperson for the City of Waco, the Click2Gov portal for water bill payments was breached by vindictive hackers who had the option to plant pernicious code that redirected sensitive data between August 30th and October 14th.

Security researchers have been following these attacks against Click2Gov's payment portals for two or three years now, with numerous reports of breaches including the urban areas extending across the United States and Canada, bringing about a thousands of payment card details being traded on the dark web.

The core of the issue is said to have been the third-party online payment software that Waco and a few other urban communities and regions use to let residents pay their bills, pay parking fines, just as make other financial transactions. CentralSquare Technologies, the creators of Click2Gov, counters that lone a "limited number" of Click2Gov customers have announced unauthorized access by hackers and that a vulnerability they recognized in the portal has now been closed.

As indicated by media reports, on account of the latest breach including water utility payments, the City of Waco was informed regarding the issue with the Click2Gov software on November 8, 2019.

City representative Larry Holze says, “Of the 44,000 water customers, typically we receive 12,500 payments online each month. During the period identified, a little over 8,000 customers were mailed letters. Payments made with a credit card inside the water office (not online) are not involved in this incident.”

Consumers affected by the breach can hope to get a letter from the city the previous week informing them about the occurrence and advising them whenever required on the means that ought to be taken to secure against such fraud.

“We’ve sent out letters to all those people who they’ve been able to give us that have been compromised, in some fashion, asking them to be careful and watch their statements and make sure something doesn’t show up,” said spokesman Holze.

The city has additionally set up a hotline for residents with inquiries regarding the breach, accessible from Monday to Friday on 833-947-1419.7
Read more »
Technology News
nginx Technology Technology News

Rambler claimed the rights to the Nginx web server


Rambler Group claimed a violation of its exclusive copyright on the Nginx web server, which was developed by a former employee of the company Igor Sysoev.

Nginx is one of the most successful IT companies created by Russian programmers. Its main product is software, which is necessary for the operation of sites on the Internet. Now about 33% of all sites in the world are running on the Nginx server. For example, it is used by corporations such as Netflix, Dropbox, Yandex and, by the way, Rambler itself.

Igor Sysoev created the Nginx web server in 2002, while still working at Rambler. Initially, the software was distributed free of charge under an open source license. In 2011, Sysoev quit his job and, together with his partner Maxim Konovalov, founded the company Nginx Inc.
In the spring of 2019, the American company F5 Networks bought Nginx for $670 million.

On December 12, the conflict began between Rambler Group and Nginx. Rambler Group has claimed its development rights: the Internet holding company believes that Nginx is an official work of its former employee and using the program without the consent of Rambler Group violates exclusive rights.

Law enforcement agencies got involved in the case: a criminal case was opened, searches were conducted at the Nginx office in Moscow, at Sysoyev and another Nginx co-founder houses.
Igor Sysoev in 2012 in an interview with the Hacker magazine stressed that he worked on Nginx in his spare time. He added that according to Russian law, the company owns what has been done as part of labor duties or under a separate contract.

Yandex called the conflict between Rambler and Nginx a bad signal for the community of programmers.

"We are absolutely convinced that all technology companies should support and develop open source", said Grigory Bakunov, Yandex’s technology distribution director.
Mail.ru Group also advocated the development of an open source culture and support for people who invest time and effort in this area.
Read more »
Ryuk Ransomware
cyber attack Ransomware ransomware attacks Ryuk Ransomware

New Orleans: Mayor Declares State of Emergency after a Cyberattack


The city of New Orleans after being hit by a cyberattack, declared a state of emergency wherein the employees and officials were asked to shut down the computers, power down devices by unplugging and take down all servers as a cautionary measure. As a part of the incident, The Nola.gov website was also down.

Officials suspect the involvement of ransomware as the attacks demanding ransom has become increasingly common in the recent past and ransomware was detected as per Mayor LaToya Cantrell, however, there is no confirmatory lead on the matter as the city has not received any ransom demand from the attackers.

Earlier this year, in November, The State of Louisiana was hit by a ransomware attack which prompted officials to shut down government websites and deactivate other digital services and consequently, a state of emergency was being declared by the governor. As per the sources, it is the gravest cyber attack the state had witnessed till date, it took about two weeks for the authorities to restore all the systems and make them functional again. The attack was followed by aggressive measures being taken by the security officers who classified the attack being a "sophisticated and coordinated" one. As per the latest findings, it remains unclear whether the two attacks are linked to each other or not.

While drawing other correlations, New Orleans Mayor LaToya Cantrell referenced the attack back to one where several school systems in Louisiana were attacked by malware. The compromised school systems were from Sabine, Morehouse, and Ouachita, according to the reports by CNN.

“Out of an abundance of caution, all employees were immediately alerted to power down computers, unplug devices & disconnect from WiFi. All servers have been powered down as well,” stated a tweet from New Orleans’ Office of Homeland Security & Emergency Preparedness.

During a press conference in regard of the matter, Mayor LaToya Cantrell said, “We have a unified command, we’re here with not only our local partners but our state and federal partners as well, which includes our national guard, Louisiana state police, FBI, the state fusion center and secret service."
Read more »
Telegram
Accounts Hacked cyber attack Cyber Attacks One Time Password Russia Telegram

Russian Telegram Accounts Hacked by Intercepting One Time Password (OTP)


According to a firm Group-IB, in the last few weeks a dozen Russian entrepreneurs saw their Telegram accounts hacked. And what's disturbing is the way these accounts were accessed. The attackers intercepted the codes used to authenticate user and give access.

A Telegram App logo in QR code

 How the attackers gained access?

In normal procedure, whenever someone logs into Telegram using a different device, a one-time password (OTP), is texted to them and the user can log into their account using this secret code. Now, these hackers managed to access this one-time secret code and snooped on Telegram chats of various users.

Dmitry Rodin, one of the victims of this attack, runs a coding school in Russia. He told the media, he was given a warning by telegram, that someone is trying to access his account. He ignored the notification but another notification came saying some has successfully logged in from Samara, Russia, he immediately terminated all active sessions except for his.

Like Group-IB, he also believes that there was a problem with the telecom operators or his phone was hacked and not the messaging app Telegram. “Perhaps someone logged into my account by intercepting the SMS, which suggests that there might be a problem on the side of the telecom operator,” he said. “This means that other accounts using SMS as an authentication factor are also threatened.” 13 such cases have been reported so far.

"However, this number is likely to increase since we are speaking about a new threat, which has just started spreading,” a company spokesperson said.

 Is SS7 being abused?

The most worrying part is that One-time password (OTP) were hacked, if this hypothesis is indeed true then we are looking at a very big security threat as this technology is used in many log-ins and financial transactions. Another hypothesis is that victim's devices were hacked and the attackers were spying on their messages but Group-IB found no traces of such activity on the victims' phones. And thus Group-IB is tilting towards a mobile network SS7, that's being abused.

Forbes reported, "Think of SS7 as the part of telecom infrastructure that deals with shifting users between networks as they travel abroad. It also manages the changes in charges when traversing different nations’ networks. But in recent years, hackers have learned that if they can get leverage on that network they can silently intercept text messages. Previously, such attacks have been used in bank account breaches and by surveillance companies."

Now, this same network could be used for hacking Telegram accounts.

 Selling access to accounts on the dark web 

Group-IB also suspects that access to these accounts is being sold on the dark web-based Hydra forum for 3,900$ as well as selling access to WhatsApp messages and user info. Now, they think that these could be linked.

“What made us think that the attacks might have something in common with these advertisements is the fact that the incidents coincided with the time the posts were published,” the company spokesperson added.“But we cannot rule out that there are far more connections between these  two events, which is yet to be established in the course of an investigation.”
Read more »
Subscribe to: Comments (Atom)