"Using TrueCrypt is not secure" , End of TrueCrypt Development

Today, security enthusiasts woke up with a shocking news that TrueCrypt has ended its development and warns users that the tool used for encrypting drive is not safe to use.

Users who try to access the official TrueCrypt website are being redirected to the official sourceforge page of Truecrypt(truecrypt.sourceforge.net/).  The page displays the following message:

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"

The message continued "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information)."

The page suggests users to migrate any data encrypted by TrueCrypt to encrypted disks supported on their platform.  It also has provided steps for migrating to an encrypted BitLocker drive.

Many, including me, are not able to believe our own eyes.  It is uncertain whether it is official announcement from the development team or some one has hacked the Truecrypt website.

Matthew Green, who teaches cryptography at Johns Hopkins, researcher involved with the TrueCrypt audit, tweeted that he thinks the news is legitimate.

A new binary (Truecrypt v7.2) has been uploaded to sourceforge page in the last 24 hours.  Upon opening this binary, the following error message is being displayed:


The binary is not allowing users to "create new volume".  It only allows you to mount the volumes.  Users are advised not to download this latest version, as it may contain malicious code.

Scam Alert: Your Facebook Accounts will be Permanently Disabled

We have seen large numbers of facebook posts that promise something, but it turns out to be a scam.  Fb users are still believing such kind of posts and blindly following the instructions.  So, Cyber criminals are keep coming up with new themes to trick users.

Over the past few days, i have been receiving a facebook notifications informing that one of my friends mentioned me in a comment.  I had a look at the post, it is none other than a facebook scam.

The scam posts says "to all facebook users Your Facebook Accounts will Permanent Disable. you must register your account to avoid permanent disabled . How to register? Go to our pinned post. and follow instructions carefully!" 

It asks you to copy and paste some code in the console of your browser.  By blindly following the instructions of scammers,  users are allowing scammers to do various actions('like', 'sharing', 'tagging friends' and more) on their behalf.

Earlier this year,  we learned that scammers were tricking users by promising them that following the instructions will help them to hack their friends' accounts.

Creepy Voice from Baby Monitor Yells at baby

It's middle of the night and 10-month-old Adam Schreck's daugher was asleep in her room.  Adam had a baby monitor that was also equipped with a camera.  Suddenly, there was a creepy voice coming from the baby monitor.

The voice said "Wake up baby.. Wake up baby" and then a long 'aaaaahhhhh'. Once Adam entered the baby's room, the camera turned towards Adam and shouted at him.

No, I'm not telling you scary stories and not even talking about the scary baby monitor scene from 'Insidious' movie.  It's real incident occurred in Cincinnati, ohio.

Someone hacked into the Adam's baby monitor and began shouting at his daughter.  The camera that was hacked is manufactured by Foscam, according to Fox19 report.

Earlier this year, security journalist Brian Krebs explained about a security bug in the Foscam's firmware.  The bug allows anyone to access the web-interface for this camera by entering a blank username and password.

This is not the first case of hackers taking control of a baby monitor, as a similar incident occurred in Houston last year.

To secure yourself, make sure you have update to date firmware and change the default user name and password of your baby monitor.

Beware of fake versions of Malwarebytes Anti-Malware 2.0 claiming to be free


It is always suggested not to download cracked versions of software, if you are really concerned about your Desktop security.  But, Downloading a cracked version of Antivirus or from unknown sources is height of stupidity.

MalwareBytes recently released new version 2.0 of the MalwareBytes Anti-Malware(MBAM). Cyber criminals have now started to trick users into installing the fake versions of this security application.

Researchers at Malwarebytes have come across a number of websites offering free version their software, but are actually potentially unwanted programs.

These bogus applications are capable of making itself run every time, whenever the system is restarted.  They are also capable of accessing your browser cookies, list of restricted sites and browser history.

These apps also blocks users from accessing certain websites by adding them to Internet Explorer's restricted zone, which includes wikia, gamespot, Runescape online.

The security firm also have spotted premium version of MBAM with key generators on torrent websites.  But, in this particular case, users are asked to fill survey in order to download the app.  Filling these kind of surveys will help the cybercriminals to earn money. 

Yahoo revamps security to protect users' data from NSA


Yahoo says they have introduced few improvements in encrypting the users' data in an attempt to prevent cyber attacks and Government surveillance.

Alex Stamos, who recently joined Yahoo as Chief Information Security Officer, said that traffic moving from one Yahoo's data center to another is fully encrypted as of March 31.

The move came after whistleblower Edward Snowden leaked documents that alleged that traffic from Google and Yahoo data centers were being intercepted by NSA.

Yahoo has enabled encryption of mail between its servers and other mail providers.  Search requests made from Yahoo homepage are also now automatically being encrypted. 

Yahoo is promising to release a new, encrypted, version of Yahoo messenger within next few months.

"In addition to moving all of our properties to encryption by default, we will be implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months. This isn’t a project where we’ll ever check a box and be 'finished.' " Stamos wrote in the blog post.

"Our fight to protect our users and their data is an on-going and critical effort. We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy."he added.

Cyber Defence Course Level 1 in Anna University, Chennai

Most of us from beginners to advanced users use mobile phone/laptops/desktops. We don’t know to secure our machines/phones from hackers, viruses, spies who want to get our information. Here is a short course on securing your computer. mobile phones and laptops from most advanced cyber espionage guys.

Who should learn this:

a. Corporate users – Marketing, sales, CEO, CFO’s who are targeted by corporate espionage

b. Women & Children who want to secure their phones, emails, social media.

c. Lawyers , Doctors who may be targeted to get information on their clientele.

d. Common Man – Anyone who uses computers from young to old for securing their own machines/laptops to protect their loved ones.

e. College Students

Content:

Computer:

  • Security in general.
  • Online security and safe browsing practices.
  • Using live CD for banking.
  • Social Media privacy settings (FB, Twitter, Gmail , 2 factor auth)
  • What can malware do ?
  • Firewall.
  • Check for malware without AV (find undetectable virus).
  • Removing malware manually.
  • Checking USB for malware also disabling autorun.inf type virus.
  • Anti Keylogger.
  • Sandbox.
  • Recover Files.
  • Secure Wipe Files.
  • Encrypt files.
  • Encrypted Email
  • Encrypted Chat

Phone:

Secure Chat, Phone, Messaging on windows, android & others.


Certificate:

Cyber Security & Privacy Foundation will give certificate.

Register here

Venue:
Anna University, Chennai

Bug in Twitter could allow anyone to read tweets from protected accounts

Twitter has fixed a bug in their website that could allow non-approved followers to read the tweets made by protected twitter accounts.

Normally, Tweets from protected accounts can't be seen by public user;  One should get approval from the account holder to view the protected tweets.

This bug could allow anyone to view hidden tweets by getting SMS or push notification from the accounts.  

The microblogging firm said a member of white hat security community helped them to discover and diagnose the bug.  According to its blog post, the bug is there since November 2013.

"As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future."

The bug affects around 93,788 protected accounts.  Twitter has sent mail to all affected users to inform about the bug and apologize.

Nullcon international security conference 2014

Recently we all witnessed this season of NULLCON unfold, NULLCON, which is India’s biggest Security Conference that happens in Goa every year, this year it was held on 14th of Feb, and its tagline being ”Spread Love, Not Malware”.

This year’s Nullcon International Conference was filled with speakers from across the Globe with various interesting papers that were presented. This year’s Nullcon did see some of the upcoming talents of Indian Cyber Space.

The event started off with a bang with the Night Talks on 13th night which was followed by a Grand Party. The evening part of the talks even had “Black Shield Award” segment which brought out the eminent personalities being awarded the Black Shield Award. The Achievers List of Black Shield is as follows:


The day talks started on 14th morning and went on till 15th evening. This year’s Nullcon’s talks featured various well known Security Researchers such as Rahul Sasi, Alexander Polyakov, LavaKumar Kuppan, Vivek Ramachandran, Saumil Shah and many more. And as Nullcon always tries to bring out the budding talents from India, this time we did have upcoming talents from Indian Infosec Community such as Yahin Mehboobe, Ankita Gupta, Abhay Rana and many more.

One of the major paparazzi grabber this time was the Ultra Geeky nullcon2014 hardware badge that was developed by Indian researchers “Amay Gat” and “Umesh Jawalikar”.

One of the new things that was seen this time at Nullcon was the NULLCON AMMO which showcased some of the coolest, geekiest opensource tools developed by young Indian Researchers and Developers.

The tools found at Nullcon Ammo were:
  • OWTF (The Offensive Web Testing Framework) – By: Abharam Aranguren & Bhardwaj Machhiraju.
  • NoSQL Exploitation Framework – By: Francis Alexander.
  • XML Chor – By: Harshal Jamdade.
  • Drup Snipe - By: Sukesh Reddy and Ranjeet Senger.
  • OWASP Xenotix XSS Exploitation Framework – By: Ajin Abharam
And there were plenty of other tools too that got featured this time at Nullcon Ammo event.

Overall this season of Nullcon was filled with more geekness , fun, party and awesome feast of Information and Knowledge for Infosec Enthusiasts. It was really more exciting than the previous season of Nullcon. The experience this time the hackers had was the best. For a Hacker , you can’t ask anything better than Nullcon. 

Android SMS malware hosted on Google Play infects 1.2 Million users


Experts often suggest to download android apps only from Google Play to avoid malware infection.  But, it doesn't mean that we can trust all of the apps hosted on Google.  

Security researchers from Panda security has found more than five malicious apps being hosted on Google play.

The apps in question appear to be targeting users in Spain.  Name of the apps are in Spanish: “Peinados Fáciles” (Easy Hairdos), “Dietas para Reducir el Abdomen” (Abs Diets), “Rutinas Ejercicios para el Gym” (Workout Routines) and “Cupcakes Recetas” (Cupcake Recipes).

The apps obtain phone number of the infected device from WhatsApp and uses it to sign the victim up to a premium rated SMS subscription services.

Researchers say that each of these apps have been downloaded by between 50k and 100k users. It means that between 300k and 1.2 Million users might have affected this malware.

“The truth is that fraudsters are making insane amounts of money from these premium services. A conservative estimate of, let’s say, €20 paid by each user would result in a huge sum of 6 to 24 million euros stolen from victims”, said Luis Corrons, Technical Director of PandaLabs.

Gmail now automatically displays images, helps attacker to know when you open the mail


Google yesterday announced that it will automatically display the embedded images in emails by default, which was previously disabled by Google. 

By enabling this feature, Google made a mistake, now sender is able to track whether the user have opened the mail or not.

An attacker with a unique image link (eg:www.breakthesecurity.com/123456.jpg) can easily determine when the recipient opened the mail.

"Turning those images on means we’ll be more accurate when tracking unique opens."MailChimp, a bulk Mail service, said in their blog post.

"GMail's new image caching doesn't occur until the user views the message, still provides read tracking." HD Moore, security researcher commented about this new feature in his tweet.

You can disable this feature by choosing the option "Ask before showing" in the "image" section under the General tab in settings. However, it is still in question how many of users going to disable it, most of them don't bother.

Stolen laptop of Poker Player mysteriously returned with Remote Administration Tool


Jens Kyllönen, a professional Poker player from Finland, has shocked when his laptop apparently stolen from his hotel room while he was playing in a tournament, mysteriously returned to the same place where he left it.

Jens complaint about this incident to the hotel however the staffs are not helpful. They told him that camera's are not working properly so not able to find out how it was happened.

Interestingly, the laptop again stolen while he was getting help from staffs and placed in hotel lobby. The one who accessed his laptop managed to remove the password security.

Then, he got an idea to visit the F-Secure Labs to do forensics investigation on his laptop to find out what happened.

According to F-Secure Labs, the laptop was in fact infected with a java-based Remote Administration Tool(RAT). Based on the timestamps, the malware was introduced to the laptop when the laptop had gone missing.

He is not the only person who fell victim to this attack, there is another professional player, Henri Jaakkola who stayed in the same room at the event, had the same exact same trojan installed in his laptop.

Those who have laptop with sensitive information are advised to put it in a safe when you are not around it, and encrypt disks.

ANZ inadvertently sent Bank Statement of customers to 2 year old kid


Privacy Breach:

The Australia and New Zealand (ANZ) Bank has inadvertently sent the bank statements of customers holding hundreds of dollars to a two year old kid.

The kid Joel Morrison who has his own saving account of about $200 received those statements in the mail after his mom Stacey Morrison requested details of her own spending.

The ANZ requested Stacey to return the statements. However, she first informed the account holders in question and they are all disappointed with the incident.

ANZ Spokesperson told TVNZ that they have launched an investigation to find out how it happened.  He said their "inquiries point to it being a handling error at a printer".

The bank replied to those client who asked what could have happened if the details fallen into wrong hands that it didn't contains any sensitive data that put their accounts at risk.

FBI uses Spear Phishing technique to plant malware in Suspect's system


It's not surprising that FBI uses malware to track the activities and location of suspects. A New article published by Washington Post covers the story about FBI using malware for surveillance to track suspect's movements.

FBI team works much like other hackers, targets suspects with the Spear Phishing technique that will attempt to exploit vulnerability in the target's machine and installs malware. The malware then collects information from the infected machine and send it back to FBI's server. The malware is also capable of covertly activating webcams.

In a bank fraud case, Judge Stephen Smith rejected FBI request to install spyware in the suspect's system in April.

Smith pointed out that using such kind of technologies ran the risk of accidentally capturing information of others who are not involved in any kind of illegal activity.

In another case, another judge approved the FBI's request in December 2012. The malware also successfully gathered enough information from the suspect's system and helped in arresting him.

In another case, July 2012, an unknown person who is calling himself "Mo" from unknown location made a series of threats to detonate bombs at various locations. He wanted to release a man who had been arrested for killing 12 people in a movie theater in the Denver suburb of Aurora, Colo.

After investigation, they found out Mo was using Google Voice to make calls to Sheriff , he also used proxy for hiding his real IP.

After further investigation, FBI found out Mo used IP address located in Tehran when he signed up for the email account in 2009. 

In December 2012, judge approved FBI's request that allowed the FBI to send email containing surveillance software to the suspect's email id. However, the malware failed to perform as intended.  But, Mo's computer sent a request for info to FBI's server from two different IP address.  Both suggested that he was still in Tehran.

WordPress Plugins containing Backdoor distributed via phishing emails

What would you do when you receive an email offering Pro version of Wordpress plugin for free, if you are a WordPress user? Don't get tempted by such kind of emails, they also give malicious code for free!

Sucuri reported about a phishing emails asking their clients to download Pro-version of "All in one SEO Pack" WordPress plugin.  The email claims that the plugin is $79.00 worth and giving it for free.

"You have been chosen by WordPress to take part in our Customer Rewarding Program.  You are the 23rd from 100 uniques winners." The phishing email reads.

Credit : Sucuri

The download link provided in the email is not linked to WordPress plugin store, it is linked to a zip file hosted in a compromised website.

Security researchers at Sucuri analyzed the plugin and found out that it is modified with a Backdoor which gives attackers full access to the server.

The malicious code in the plugin replaces the index.php file with the malicious code retrieved from the attacker's server.  So, when user visit the site, they either redirected to SPAM sites or to Exploit kits where it will infect the visitor's system.

Scientists developed Malware capable of sending data using Mic and Speakers


How a malware can steal the data from an infected system that doesn't have internet connection? You might think it is impossible.  Computer scientists say it is possible.

German Researchers at Fraunhofer Institute for Communication, Information Processing, and Ergonomics, say that a malware can transmit data using inaudible sounds.

It can steal confidential data or keystrokes using nothing more than a normal speakers and Microphones without any internet connection. 


Security researchers often suggest not to connect the system that has sensitive data to Internet so that cyber criminals can't reach them.  But now, It can steal from audio sounds without network connection.  So what now?! Then, Let us remove the audio devices. 

The researchers says it can be prevented by switching off audio I/O devices.  Sometimes, we might need audio devices.  In that case, the inaudible communication can be prevented "by application of a software-defined lowpass filter".

The researchers has described their idea in their paper entitled "On Covert Acoustical Mesh Networks in Air".  You can find the research paper here.

(h/t: Ars Technica)

Antivirus that will alert about Criminal and Illegal content for $500

Isn't the title interesting?! There is no such Antivirus that will alert about criminal and illegal content.  It is being advertised in recently discovered ransomware.

Ransomware usually lock the victim's system or browser and displays a warning message pretending be from FBI or any other authority.  It will inform victims that their system is locked because of their illegal activities and asks them to pay money to unlock  it.

A new ransomware spotted by Malwarebytes team interestingly informs the victims that "Your criminal records have been deleted". 


The malware also suggest the victims to buy an Antivirus for $500 from them in order to unlock the system and avoid other legal consequences.

Those who fall for this scam end up in paying around $1200 dollars.  As i said earlier,  there is no such kind of antivirus exist.  After paying ransom, you will just receive a message "your browser will be unlocked within 12 hours" nothing else.

Used memory sticks being sold online contains sensitive Government data


Selling an used memory sticks often pose an information security risk-  We might be thinking that we completely erased the data from it, but it is possible to recover the files that are not properly deleted with the help of some tools.

A recent study found that "old memory sticks" being sold online contain sensitive Australian Government data.

The research paper which is to be presented at a cyber security conference in Perth reveals how researchers discovered the confidential Government data while they are researching the used memory sticks, The Australian news reports.

The study found that sellers are sending memory cards without properly erasing the data. The recovered data not only contains a personal info but also appears to be information belong to Australian government.

"It is evident that actions must be taken by second hand auction sites, and the media to raise awareness and educate end-users on how to dispose of data in an appropriate manner," the study says.

Larry Clinton addresses at an event held by CSPF and Anna University


Mr. Larry Clinton, President & CEO Internet Security Alliance gave an informative speech at the recent event held by the Cyber Security Privacy Foundation(CSPF) and Anna University.

The event was inaugurated by Mr. Ramamurthy, Chairman, Cyber Security and Privacy Foundation and followed by Dr. Chellappan, Dean Anna University.


Speaking on "The Evolving Cyber Threats, and How to Address Them", Larry Clinton said that Chief Financial Officier(CFO) in 95% of companies are not directly involved in information security.

He suggested CFOs to "appoint an enterprise wide cyber risk team and Develop an enterprise wide cyber risk management plan" in order to improve information security of an organization.


Clinton also appreciates CSPF's Tech Core which is headed by J Prasanna for pre-empting cyber threats.


"First of all, let me thank the Cyber Security and Privacy Foundation for all your efforts in putting together the interactive session with Mr. Larry Clinton at Anna University on November 21." In an email sent to CSPF, US Consulate said. "My colleagues and I were very pleased with the level of participation and engagement"


"Mr. Clinton was particularly happy to have had such a well-informed audience and their enthusiastic participation in the discussions."

Cybercriminals embed Banking Trojan inside RTF file

If you are waiting for a bank receipt via email and living in Brazil, then be careful. Kaspersky security researchers have spotted a spam mail in which Brazilian Cyber criminals have come with a new and interesting trick to infect recipients.

The attack starts with a spam mail carrying "Comprovante_Internet_Banking.rtf"("Receipt from Internet Banking.rtf) file as attachment.

Usually, the attachment will be an executable file masquerades as a pdf file or an exploit file. Interestingly, in this case, it is just RTF file and is not exploit file. But it doesn't mean that the file is innocuous file.

When a user open the RTF file, the document shows an image thumbnail with a message "Click to see in a larger size". You may think what is going to happen when clicking an image thumbnail in a rtf file, but you will be presented with a message saying a CPL file is about to be executed.


Yes, it is a malware. Kaspersky detects it as "Trojan.Win32.ChePro", a Brazilian banking trojan written in Delphi.

How did the cybercriminals insert a malware inside a document?! The .RTF file and few other text editors allows us to insert file objects inside documents even an executable file. The attackers managed to embed the malware file using this feature.

Ground Zero Summit 2013 - Asia’s largest Information Security Summit Kicks off in New Delhi

New Delhi, November 07, 2013: In an attempt to generate information security awareness and combat sophisticated threats that the country is facing in cyber security domain, the “Information Security Consortium” - an independent apex body and an outcome of an alliance between industry and Government of India kicked off Ground Zero Summit 2013 at Hotel Ashok, New Delhi today.


The inauguration speech by given by Dr. Rajagopala Chidambaram, Principal Scientific Advisor to Govt. of India, the special address was made by Mr. Pratyush Kumar, Chairman – National Council on Cyber Security, ASSOCHAM. Special Keynote was given by Dr. S.K. Nanda, Additional Chief Secretary, Home, Government of Gujarat and Dr. Gulshan Rai, National Cyber Security Coordinator - Director General, CERT-In, Government of India and Mr. Muktesh Chander, IPS, Joint CP, Delhi Police. Shantanu Ghosh, VP and MD – India Product Operations, Symantec Corporation addressed an executive keynote on Cyber readiness challenges. Special note was given by Chief Guest H.E. Shekhar Dutt, Governor of Chhattisgarh.

Day 2 will witness Keynote by Dr. Nirmalijeet Singh Kalsi, IAS, Joint Secretary (Police) – II, Ministry of Home Affairs, Government of India; Capt. P Raghu Raman, CEO, NATGRID and John McAfee, Original founder, McAfee.

The two day conference will take a holistic view of the Information Security landscape in Asia and will examine various issues related to it. It also focuses on the Information Security challenges emerging on the horizon and looks at finding ways in which enterprises, service providers and government can overcome challenges. The vision of the Summit is to guide the development of next generation cyber security policies and technology, to bring about changes in the current process, involve all affected industries and form the largest PPP in this domain.


Ground Zero Summit is a result of collaboration between different security conferences in the country that have joined hands to create a massive platform for cyber security research, technology showcase and policy creation and amendments. Ground Zero Summit in its debut year has emerged as the largest collaborative platform in Asia for this. It has proved to be Asia’s largest Information Security gathering for industry experts converging private and government players, to bring across issues in information/cyber security space, which is being presented, debated and deliberated over four days - two days of technical conference, followed by two days of hands-on technical workshops on information security. G0S will be a triple track conference with papers, demos and presentations focusing on the key areas concerning Information Security.

Some of the key focus areas at the event were:

  •  Cyber readiness challenges
  • Cloud Security: Enabling continuous, scalable security for today’s hyper connected world
  •  Exploring accuracy and correctness of modern network defence products
  •  Towards a next generation secure Internet
  • Evolution of network security around Software Defined Networking (SDN) – The intelligent network
  •  Internet – Transforming terrorism
  •  Surveillance, privacy and cyber espionage, in the aftermath of PRISM

The summit is a result of an industry - government alliance in this domain, and a collaborative effort between the four major cyber security conferences in the region viz. ClubHack, c0c0n, Malcon, nullcon and InfoSec research firm INNEFU. The summit will be executed by UBM India Pvt Ltd, a leading player in the live media space and the largest trade exhibition organizer in India responsible for over 20 large scale exhibitions.