2 arrested in Uttarakhand for whatsapp char on killing Defence minister

Two persons were arrested on Monday from Uttarakhand over an exchange of messages on WhatsApp discussing a plan to allegedly kill Indian Defence Minister Nirmala Sitharaman during her visit to the state.

The minister paid a visit to Dharchula town of Pithoragarh district in Uttarakhand on Monday to inaugurate a mega medical camp organised by the Army on the occasion of Prime Minister Narendra Modi's birthday. His birthday is being celebrated as 'Seva Diwas'.

The police were alerted to the message at 9.30pm on Sunday. It is being probed whether the duo had any criminal background or possessed any arms and ammunition.

The two have been booked under Section 506 (criminal intimidation) of the IPC and Section 66 of the Information Technology (IT) Act, Pithoragarh SP Ramchandra Rajguru said. "We were alerted to the chat (about killing the defence minister) on a WhatsApp group at 9.30 pm on Sunday. We identified two persons between whom the chat was taking place and arrested them Monday morning ahead of the defence minister's arrival here," he said.

The controversial message sent by one of the arrested duo reads as, "Main shoot karunga Sitharaman ko, kal uska akhiri din hoga. ('I will shoot Sitharaman, tomorrow will be her last day')", police said.

The credentials of the admin of the WhatsApp group are also being looked into, the SP said. While the matter is still under investigation, Rajguru said that it appeared, prima facie, that the duo was drunk while they were chatting.

CBI writes to Facebook, Cambridge Analytica on illegal data harvesting

The Central Bureau of Investigation in India has written to Britain-based consultancy firm Cambridge Analytica, Global Science Research (GSR), and Facebook asking them to hand over the information regarding alleged data theft of Indian Facebook users.

“We have written to three firms separately to seek details regarding the allegations. Further investigation will take place after we receive a reply,” a CBI official said.

A month ago, the agency has sent letters to three companies after a reference from the Ministry of Electronics and Information Technology, in which they have sought the details of illegal data collection exercise adapted by them.

It is alleged that Global Science Research obtained the data and then supplied it to  Cambridge Analytica. According to the CBI officials, the GSR used “illegal means” to retrieve the personal data from Indian Facebook users.

Facebook has said that more than 20 crore users in India were affected by the data breach.

“Facebook responded that they will streamline their processes regarding personal data. They stated that the case of Cambridge Analytica was a case of breach of trust…” IT minister Ravi Shankar Prasad had said.

Cyberworld on Rewind Mode: New Phishing Attack Stealing Passwords Using Old Tricks

The phishing world has been on rewind mode as old tactics are making periodical comebacks; using an old trick, a new phishing campaign is attempting to steal sensitive information from users like their login credentials and payment details and a lucrative claim of refunding a tax which can only be claimed online is being made to lure the gullible.
The threat executes with a message that appears to be the tax office of UK government, HMRC, and users targeted are informed of being due on a tax refund of £542.94 "directly" onto their credit card.
Referring to the scam as uncovered by Malwarebytes, victims were made to debate with their conscience as a new piece of information drapes the screen telling that the link to the “customer portal” expires on the same day the message is received – as the haste and consequently the pressure multiplies, victims, supposedly and expectedly panics which enslave their rationality and they are successfully tricked into believing that what’s slipping from their grip is a handsome sum.
The dire straits of formatting, structuring and disguising the scam and associated components explain how little effort has been deposited by the criminals while constructing a counterfeit HMRC website and substantially veiling the attack.
A counterfeit Outlook login page greets the users who clicked through to the ‘portal’, where they are required to fill login details to proceed, i.e., the username and the password, which is basically the timing and spot where the attack is based.  
Once the email and password has been provided, victims are redirected to a counterfeit ‘refund’ website where sits empty boxes vying for the sensitive data – ‘Full name’, ‘Address’, ‘Phone Number’, ‘Date of Birth’, ‘Mother’s Maiden Name’ and ‘Full Credit Card Details’ and the security code.
The haunting quality of the attack is based in its multifacetedness- which goes far beyond than acquiring bank details and ranges from a potential access to other accounts to vast amounts of personal data and records of the victims that lay vulnerable to identity theft and fraud.
In order to mitigate the losses and to equip consciences of the users to sidestep the same tempting debate that may arise in the future, HMRC states that it will never offer a repayment or ask for personal information via email.
A lead malware intelligence analyst at Malwarebytes, Chris Boyd, told ZDNet, “These attacks can afford to be crude, as the main pressure point is the temptation of an easy cash windfall tied to a tight deadline. Not knowing that HMRC don't issue refund notifications in this manner would also contribute to people submitting details,”
Although, the aforementioned attack appears elementary on designing and strength fronts but the amounts of time invested by the criminals in distributing the emails gestures towards the scam being anything but futile.
Phishing as an effective exploitative measure has become pervasive and gained an international prevalence, referencing a recent report by the US Department of Justice, it was deduced that majority of cyber attacks in recent years had a simple phishing email at the start.

A new CSS snippet can crash and restart your iPhone, iPad

A security researcher has discovered a new way to crash and restart any iPhone or iPad devices instantly by using a simple few lines of code.

The code could be easily spread over email or through social media posts, once the Apple device user opens the snippet of code, the device will reboot without warning, as a result, the user would lose all the unsaved data.

A Berlin-based security researcher Sabri Haddouche wrote the 15 lines of code and shared it in a post on Twitter.

“Anything that renders HTML on iOS is affected,” he said. If someone sends you a code link on Facebook or Twitter, or email you, or through any medium, he warned.

The snippet exploits the flaw in Apple's operating system which tries to use all the available resources on your iOS device.  It results finally a panic on the kernel of the hardware and ultimately restarts the device.

Haddouche packaged the codes in Cascading Style Sheets (CSS) to form a snippet and it controls the way simple HTML code is displayed on a screen.

'The attack uses a weakness in the -webkit-backdrop-filter CSS property, which uses 3D acceleration to process elements behind them,' Mr Haddouche told ZDNet.

'By using nested DIVs with that property, we can quickly consume all graphic resources and freeze or kernel panic the OS.'

Obsfuscation: Another Cyber-crime Contrivance to Bypass Antivirus Software

A malware sample that was unearthed recently, goes about changing the overall signature when the final payload is delivered via the obfuscation technique which succeeds to dodge anti-virus facilities. This technique is a great way for the cyber-criminals to escape the anti-virus scan.

Most anti-virus products are dependent on the detection that uses signatures. The overall structure keeps on transforming, the functions don’t get altered, and an evasion layer is created that aids the malware to side-step the anti-virus detection.

The most common means of the obfuscation technique that is employed in avoiding the anti-virus are, Packers, which compresses or ‘packs’ a malware program, Crypters that encrypt a malware program and other mutators which change the overall number of bytes in the program.

PowerShell Obfuscation which is a technique distributed in the form of a ZIP file that contains a PDF document and a VBS script was stumbled upon by a researcher. It was later found out that the aforementioned VB script had the Base64 encoding principals that were being used to obfuscate the first layer. A file is then downloaded by means of the PowerShell script namely, “hxxps://ravigel[dot]com/1cr[dot]dat”.

A method of string encryption that goes by the name of SecureString which is intrinsic in C# and is used to encrypt sensitive strings was found out in the file that is of the name 1cr.dat.

An array of instructions is designed to beat the automated sandbox techniques and another PE file “top.tab” is downloaded after that by making use of the existing script and the final payload is injected into the target’s machine.

Security must be kept taut and the best methods should be employed to diminish the repercussions of such an attack. A complete DDoS protection, high availability, 99.999% SLA and advanced security solutions must be the top priorities for the organizations that can’t manage interruption.  

If a server which was already infected was uploaded with a malware, the interaction between the attacker and the backdoor could be stopped which in turn would alert the admin eventually helping to remove the malware.  

Web application firewalls, backdoor shell protections, and other solution must be worked out to put a halt for any future vulnerability and to isolate any further attack.