Students Hack Student Information System; Change Attendance, Grades, and Lunch Balance Data

Two students at Bloomfield Hills High School are the main suspects of a hack into the school’s Student Information System called MISTAR. The students are believed to have made changes to the grades, attendance records, and lunch balances of about twenty students and themselves.

The hack was discovered when an employee logged into his account and noticed an error, after which the school investigated the issue and learned about the attack.

The students are suspected to have exploited a now-resolved vulnerability in the school systems to gain access.

“With the assistance of a forensic investigator, we determined that a report that may have contained the usernames and passwords for the Parent Portal may have been run,” the school said in an FAQ on its website after the attack. “As a precaution, a letter will be mailed to all parents detailing how to change their Parent Portal credentials. Should we determine that additional information contained within MISTAR was accessed without authorization, we will provide impacted individuals with notification.”

The school has announced that it will be resetting all Parent Portal passwords on Monday, May 21, 2018, which will then require all parents/guardians to reset their individual password upon returning to the system.

While the investigation is ongoing and the school is still reviewing its digital security, it has said that, “Modifications will be made as necessary to our internal practices and the district plans to conduct internal staff and student training in addition to what has been provided in the past or is normal, ongoing training.”

“We are committed to using this unfortunate incident to teach our students about digital citizenship and help support them in making better digital decisions,” the school further announced.

In a YouTube video, Bloomfield Hills High School superintendent Robert Glass said that the punishment for the culprits of the attack is likely to be severe.

“Cyber hacking is a federal crime and we're working with the proper authorities to determine the appropriate discipline and legal ramifications," he said. "Due to student privacy laws, we're not able to disclose more information but we can assure you that we're working within the full extent of the Student Code of Conduct and the full extent of the law."

The school has also established a support hotline, aside from their FAQ page, where parents can reach out to learn more or have their questions about the hack answered.

Pavel Durov says they are Not closing Telegram service in Russian and Iran

Just a few days ago, Russian and other media reported that Telegram CEO Pavel Durov is ready to close his business in Russia or Iran. However, Durov denied in his VKontakte(VK) account that it is an incorrect information.

In the VK post, he said that Telegram will to continue to provide a secure messaging service in problem markets like Russia and Iran, despite the pressure of regulators and the threat of blocking. But, the media came up with different headlines saying "Durov announced his readiness to close Telegram", "Durov threatened to close Telegram in Russia". However, Durov said that some Russian media like Meduza, Vedomosti, has provided correct information.

"Russian media often quote inaccurate translations of what I publish on Twitter and my channel." Durov said in VK.

Recently, Iran opened a criminal case against Telegram CEO stating that the Telegram is being used by pedophile for distributing child pornography.

"I am surprised to hear that. We are actively blocking terrorist and pornographic content in Iran. I think the real reasons are different." Durov responded to the accusation in his twitter account.

Recall that just a few weeks ago, the Russian Federation threatened to block Telegram and reported that this encrypted messenger was actively used by Islamic radicals during the preparation of the bombings in Saint-Petersburg subway. The head of the Ministry of Communications and Mass Media said: "Telegram will be blocked, if it will work not in accordance with the current Russian legislation".

Durov hopes that the legal situation in the Russian Federation and Iran will change in future.

- Christina


Telegram founder agrees to register in Russia but won't share user data

The Telegram's founder Pavel Durov has agreed to register the company in Russia, after getting pressure from the local authorities.

Few days ago, the Russian communications regulator Roskomnadzor has demanded Telegram to provide information about the messaging app and company details.  The authorities also said this encrypted messaging app is being used by terrorists to plan attacks.

The authorities asked to give access to decrypt messages in order to catch terrorists. Authorities threatened to ban the Telegram, if the company fails to do so.

At first, Durov didn't agree with the demands.  Now, he is agreed to register the company with the Russian government.

"If the Telegram is banned in Russia, it will not happen because we refused to provide details about our company" Durov said in the social network VK.

Roman Jelud, a Professor from dataVoronezh State University, shared his opinion to Regnum that news about "Telegram ban" itself is a PR stunt.  This will only help the Telegram to gain more number of users.  Few days back itself, Roman said that Durov is using this for his PR and eventually Durov is going to agree to provide the required five points of information.

Though Durov says that they are only registering the company in Russia and will not share the users' secret data with the government, it will be hard to know whether it is true or not.

Russia is not only the government that is interested in the Telegram messenger. Last week, Durov stated that US Federal officers want to add a backdoor to the app.

- Christina

ATM malware attacks are on the rise

In the past few months prevalence of hacking ATM has increased.

Some time ago 3 ATM’s have been attacked in India. It was found that the hackers used the Malware "GREENDISPENSER".

In this article we will look at methods of hacking ATM. Artur Garipov, Senior Research Specialist at Positive Technologies, helped us to understand how such hacks work and explained to us different methodologies .

For example, very famous virus is Tyupkin (PadPin), which steals card information.Sometimes attackers put fake ATMs, skimmers (devices that make "snapshot" dump of your credit cards) and so on. But that is a topic for another article.

In our opinion (EHN) ATM malware continues to evolve.  For example, new Malware GreenDispenser is new breed in ATM's hacking. It provides an attacker the ability to walk up to infected ATM and drain its cash vault.

When installed, GreenDispenser may display an "out of service" message on the ATM. But attackers can drain the ATM’s cash vault and erase GreenDispenser. Hackers don't leave information how the ATM was robbed.

GreenDispenser is similar in functionality to PadPin but has some unique functionality, such as date limited operation and form of two-factor authentication.

We believe that we are seeing the dawn of new criminal industry targeting ATMs!

Artur commented that there are 2 types of ATM's hacking: 1) remote access 2) physical access.

If physical access hackers can just steal ATM on truck, or they can hook ATM on car and so on. In this case, they stolen the whole thing in order to cut ATM in a safety place, to open ATM physically.

We must understand that ATM consists of 2 parts which is hidden by cover. The upperpart is called service area. There are the simple computer and devices for working: card acceptance, fiscal registrar, and so on. This is the brain that controls the ATM.

The lower part is the safe with money. It contains tapes with different denomination of the bill.  When you remove the currency and you hear the buzzing - this is dispenser prepare to give you the necessary bills of different value from the tapes.

There are more technology-based ways to hacking.  Everything is simple. You need only open service area. You can do it by lock pick or use a special service keys. And sometimes you need just push hard on the hatch metal cover of ATM.

Further, the dispenser must switched off from the computer and connected to its prepared computer which gives command to give all banknotes. And that's all that is needed. The attacker can leave the crime scene with all the cash.

Also there are cases when the attacker had access to the internal network of the Bank. And through it attacker infected the equipment of ATMs or remotely taken control over them. With the help of this software he was able to give the same command to the dispenser to give all cash.

Interview with the researcher Arthur Garipov on ATM Hacking:

What are the methods used by attackers to infect the ATM with

I can not give an exact answer to the question. It is necessary to look in detail code of a GreenDispenser.

Methods for infecting of the ATM may be different. It can be simply installation with a regular software and temporary disconnection of the ATM from the network, for the purpose of infection.

For a more detailed answer it is necessary to understand how the ATM interract with processing center.
And what is the system of control and administration of these devices.
Most often, these solutions are vendor-dependent and differ not only between banks, but also between ATMs.

a. Consider the interaction of ATM and processing center.
Most often, the interaction goes through the Internet provider, inside the tunnel (VPN).
It is very problematic to break down the tunnel, to make a fake processing center - is not easy too.
But very often there is an opportunity to turn off VPN, to be in the same network with an ATM, and then Conduct an attack on some ATM service that will lead to RCE (remote code execution).
On the other hand, attackers can attack the processing center itself, and make changes to the system of updates.
In some cases, the ATM system is updated remotely. Through the update server. Sometimes this is a local installation.

b. But most often the installation of malware occurs locally.

An attacker just opens the service area of the ATM. At its core inside it is a regular computer, with an attached ATM peripheral. Next, he can locally install the Trojan.

For such purposes, special guys are hired. Such announcements, with such tasks, can be found in darknet, or in specific forums.

The new version of Ploutus malware "Ploutus-D" targets ATMs using KAL’s Kalignite platform, what are the other latest and popular
platforms targeted by malware?
 I did not have to work with this system (Kalignite). Perhaps there is some specific here. Malware, in general, attacks the security of the operating system. And the platform and API system through which it works can be easily changed from one to another.

APIs for the ATM middleware is not well documented, How the attackers
were able to write malware that interacts with the middleware?
 I will not agree. Documentation on the Internet is at the moment is more than enough. Everything is easy to find in the main search engines. The key to knowing the keywords:
And for practice it's enough ATM.

NDA’s do not protect.

How do you find presence of this malware in ATM machines?
Unfortunately, most often this is the result of the investigation of the incident.
But there are, of course, other approaches.

What are the other security measures needs to be taken in order to
prevent this malware attack?
This is a separate very large topic for discussion. But it is worthwhile to understand that, more often than not, hacking
ATM is "locally". It is for this purpose that a button is installed on the ATMs. Unfortunately, the attackers also know about it.

Do you think hackers and cyber criminals will weaponize ATM malware
like GreenDispenser with a worm like engine(as used by w32 blaster or
w32 funlove)? What happens to the world if w32 blaster carries Green
Dispenser in it?
Such systems should exist. The question is, it will be more difficult to detect.
And the purpose of such systems is a targeted attack. Specific bank, specific billing.

No app can stop CIA from reading your messages, says Pavel Durov

In an article titled "What does the "Year Zero" and "Vault 7" stuff from Wikileaks mean?", Pavel Durov, the Founder of social network Vkontakte and messenger Telegram, explained how CIA can read your messages even if you are using a secure messaging application.

Durov said that the hackers do not need to directly hack the targeted applications. Instead, they can exploit the vulnerabilities in the mobile operating systems to access your sensitive information and messages.

"To put 'Year Zero' into familiar terms, imagine a castle on a mountainside. That castle is a secure messaging app. The device and its OS are the mountain. Your castle can be strong, but if the mountain below is an active volcano, there's little your engineers can do." he explained. "So in the case of 'Year Zero', it doesn't matter which messenger you use."

He explained that the hackers can gain access to your keyboard that allows them to know which key you press.

"No app can hide what shows up on your screen from the system. And none of this is an issue of the app." said Durov

The founder of the Telegram urged the main developers of operating systems and devices, such as Apple, Google or Samsung, immediately start fixing their vulnerabilities.

He said that normal users do not need to worry about this. But, if the CIA is on your back, it doesn't matter which messaging apps you use as long as your device is running iOS or Android.

Akamai observes new types of reflection DDoS attack

Akamai Security Intelligence Response Team (ASIRT) has observed three new types of Distributed Reflective Denial of Service also known as reflection DDoS attacks that were being used in the wild from March to September 2015.

The ASIRT has published an advisory which warns for network admins that leave external ports open, especially if those ports are handled by UDP-based protocols, known as regular mediums for carrying out reflection DDoS attacks.

In the advisory, it has said that RPC, NetBIOS and Sentinel services abused in a series of new reflection DDoS attacks. There are a collection of network protocols vulnerable to these types of attacks, but the most dangerous ones are those that can accidentally add an amplification factor to the whole process.

The attackers can send one corrupted packet to a reflection point, but the victim receives ten. In this case, the reflection DDoS attack comes with an amplification factor of 10.

The Akamai has described in the advisory that during the past seven months, attackers have turned to new mediums for carrying out reflection DDoS attacks.

During these past months ten reflection DDoS attacks have been observed using RPC, NetBIOS and Sentinel technologies, one of which managed to go over 100 Gbps (Gigabits per second).

In NetBIOS, a protocol used in computer software to allow applications to talk to each other via LAN networks, based reflection DDoS attacks, it was observed that the peak bandwidth never went above 15.7 Gbps, the amplification factor was between 2.56 and 3.85, and its main victims were targets in the gaming and Web hosting sector.

Similarly, RPC attack, which uses RPC portmaps, a service that maps RPC service numbers to network port numbers, peaked around 105.96 Gbps, had an amplification factor of 9.65, and the first that was observed dates back to August against a financial firm.

And, the Sentinel attacks, which were also abused for reflective DDoS attacks, are generally used in closed environments to manage user licenses for multi-user network setups. It was observed that reflection DDoS attacks using Sentinel servers coming out of the University of Stockholm, at a peak of 11.7 Gbps, with an amplification factor of 42.94.

UI of China's new Linux Based OS shows they are fan of Windows XP

China has developed a Desktop Operating System (OS) named “NeoKylin” (and ‘Kylin’ in Chinese), as a substitute to Windows XP.

NeoKylin is developed by Shanghai-based China Standard Software Company and is already running on at least 40% of commercial units sold in the country by U.S based computer company, Dell.

NeoKylin has become a perfect replacement for Windows XP as it has many features similar to the latter.
The complete user interface and essentials like Window’s control Panel, XP’s classic start button and folder’s icon are same. The names of the folders used are also same like Recycle Bin, My Computer and Control Panel among others. The Microsoft office has been replaced by NeoShine Office which offers the same functions.

The classic rolling-hills-and-clouds desktop background has also been replaced with a mythical chimera-like beast that the OS is named after namely Qilin.

Apart from this, the Linux OS has additional features too like the Linux terminal also exists where commands can be run, and information about the OS can be captured from it.

The OS comes with some pre installed applications like web browser, Firefox, a music player, an open-source image editor, GNU Image Manipulation Program (GIMP) and a calculator. Besides this, the version on Dell systems is packed with more applications and games.

At one time, Windows held around 91% of the total market share of China as compared to Mac OS X and Linux was stuck with just 1% and it was a big jolt for the country when Microsoft had announced to end the official support for Windows XP.

As China was neither interested in paying for extended support for Windows XP nor for switching to Windows 8, so it decided to develop their own Operating System. NeoKylin has long been a part of the Chinese government’s hopes for the emergence of a successful domestic OS.

There were speculations that the country did not pay as it doubted America would spy on it. China has always been cautious about the Information Technology (IT) infrastructure of their country.

The enterprise market is becoming more difficult for U.S software makers after whistle-blower Edward Snowden disclosed the US National Security Agency's mass surveillance programs in 2013.

China has always believed in accepting things on their terms and conditions and its plan to eliminate all foreign Technologies and Services by 2020 like Google and Facebook may become a reality for the citizens of the country.

In coming years, it would be an entirely independent IT economy by building homegrown Mobile and computer devices, Operating Systems, Applications, Browsers, etc. but or now it’s new OS needs to be accepted largely by the masses as it is still widely used even after updates and supports are closed, Windows XP is still in use in the majority of the systems in the country.

If NeoKylin were being graded on originality, it would fail. But for the purpose of recreating a domestic OS that the majority of the country wants to stick with, it passes.

Two Ukrainian defendants to pay $ 30 million to the Securities and Exchange Commission

Ukrainian based firm, Jaspen Capital Partners Limited and Chief Executive Officer (CEO), Andriy Supranonok had agreed to pay $30 million to settle U.S. Securities and Exchange Commission (SEC) civil insider trading charges on Monday (September 14).

SEC had charged the two to have traded on information from illegally obtained news releases.
The company had become the first of 34 defendants to settle SEC charges over allegations of theft of more than 150,000 press releases from Newswire before the news became public.

Traders would sometimes create what prosecutors called “shopping lists” of companies that were expected to make announcements and pass them on to hackers.

The illegal profit generated by traders over a period of five years is estimated to be around $ 100 million while Jaspen and Supranonok made approximately $25 million buying and selling contracts-for-differences (CFDs), which are derivatives allowing for leveraged stock price bets, to trade from 2010-2015 trading on press releases stolen from newswire service.

The case was filed in U.S. District Court for the District of New Jersey, which entered an asset freeze and other emergency relief against Jaspen and Supranonok, among others. Nine of the defendants also face criminal charges, though Jaspen and Supranonok were not criminally charged.

Without admitting or denying the SEC’s allegations, the two defendants agreed to transfer $30 million of ill-gotten gains from the accounts which were frozen a month ago.

"Today's settlement demonstrates that even those beyond our borders who trade on stolen nonpublic information and use complex instruments in an attempt to avoid detection will ultimately be caught,” said SEC enforcement chief, Andrew Ceresney.

The settlement between Jaspen and Mr. Supranonok must be approved by a court.

The SEC said its civil case will continue against the other 32 defendants.


Tech firm Ubiquiti subject of Cyberheist

A technology firm called Ubiquiti has recently announced that it became a victim of a $46 million cyberheist.

Hackers used a common scam in which crooks faked communications between top level executives of Ubiquiti to initiate unauthorized wire transfers.

The heist was disclosed by Ubiquiti in its quarterly financial report filed at the US SEC.

The company discovered the unauthorized wire transfers on June 5, 2015.

Ubiquiti wrote in a statement, “This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties."

The company has till date recevered $ 8.1 million till date.

Ubiquiti is based in San Jose and provides network technology to service providers.

Symantec issues update for Criticial Vulnerabilities in Endpoint Protection

Researchers at Code White, a penetration testing company, have found several vulnerabilities in Symantec's Endpoint Protection.

According to the researchers, the flaws are so critical that a hacker can gain access to the whole network of a corporation by attacking the vulnerability.

The researchers found a total of six vulnerabilities in the anti virus program that can help a hacker in taking down a whole corporate network.

Symantec has issues a patch update called SEP 12.1 RU6 MP1 to fix the problems highlighted by the researchers at Code White.

Users have been advised by the anti virus company to update to the new version as soon as possible.

Hackers now target banks’ websites, mobile apps

Hackers from Deep Web, which also known as Deep Net, Invisible Web, or Hidden Web, and the portion of World Wide Web’s content which is not indexed by standard search engines, are now targeting India-based banks’ websites, mobile applications and online services, say cyber security experts.

According to a report published on Deccan Chronicle on 2 June, the hackers are disrupting banking operation by pulling down their websites, mobile applications and online services.
In the last two days, hackers have targeted online banking sites of various banks including City Union Bank (CUB), Tamilnad Mercantile Bank (TMB) and Vijaya Bank.

The new report says that in hit-list of the hackers obtained from onion site on Thursday, they said that they would target a mobile app of a leading private bank. Similarly, it would be the net banking of a nationalized bank.

J. Prasanna, Founder of Cyber Security and Privacy Foundation, told Deccan Chronicle that it could be a planned attack or a technical snag. But the attack hit-list accessed from the Deep Web hackers group indicates that the attack is scheduled.

He pointed out that it looked like an attack but people had to do serious investigation to confirm it. Bank managements often take such issues more seriously than they actually were.

S. Sekar, senior general manager at the CUB, told Deccan Chronicle that the server of the bank was down on Tuesday because of heavy traffic.

He said they were searching for the reason behind the problem. They also contacted the IT service provider.
The TMB was targeted on Wednesday morning by the hackers.

Arun Vasan , IT manager of the bank, told Deccan Chronicle the attack happened at the network level.

Will Cyber Security Companies shift their Headquarters out of US?

Until now nuclear, radiological, chemical and biological weapons considered to be a Weapon of Mass Destruction(WMD).

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution.

The tools used for extraction of data or information, from a computer or network-capable device, or the modification of system or user data, will come under this law and is being classified as Intrusion software. Also, the tools designed to avoid detection by 'monitoring tools'( Antivirus, IDS/IPS,End point security products) will be considered as a weapon.

Any penetration testing products designed to identify security Vulnerabilities of computers and network-capable devices fall under this category.

"The proposal is not beneficial. Most vulnerability scanners and penetration testing products come under it. The proposal means tools from US companies which have been used to do assessments and audits in corporate will need to go through the clearance. It could also lead to corporate getting tracked" says J.Prasanna, founder of Cyber Security and Privacy Foundation(CSPF).

Most of these Cyber Security firms either should convince their world wide clients to go through the process or shift their head quarter out of USA.

Prasanna pointed out that US government tried to stop the export of cryptography in the past. But, Russian, European and Israeli companies got advantage by the cryptography restriction.

He said that the new proposal is a bad news for the cyber security researchers. If it becomes a law, it will force them to find a new way to beat the Cyber Criminals.

"Hackers are already may steps ahead of us. Some tools like canvas and Metasploit Pro are important tool for penetration testing" said Prasanna.

Thomas Dullien, Google Researcher, said "addition of exploits to the Wassenaar arrangement is an egregious mistake for anyone that cares about a more secure and less surveilled Internet" in his personal blog.

Rapid7, a Boston-based cybersecurity firm, well known for its Metasploit Pentesting framework, said that they are investigating implications of Wassenaar for Metasploit and security research, and working on comments for the consultation.

According to the proposal, the governments of Australia, Canada, New Zealand or the UK will get favorable treatment for license applications, as they have partnered with the US on Cyber Security Policy and issues.

The BIS is seeking comments before 20th July 2015 on the proposed rule. You can submit the comments here.

Upgrade your SOHO routers firmware to the latest version

A recent study has uncovered that a huge number of Small Office / Home Office (SOHO) routers, who neglect basic security practices, were recently targeted by attackers.

The study conducted by Incapsula security team was published on its blog by researchers Ofer Gayer, Ronen Atias, Igal Zeifman.  

It has urged router owners to disable all remote access to their router management interfaces. In order to verify that their own router is not open to remote access, they can use YouGetSignal to scan for the following ports: SSH (22), Telnet (23) and HTTP/HTTPS (80/443).

Along with that, it has recommended all router owners to change the default login credentials, if they haven’t done so already.

And those whose routers are already compromised, they can upgrade their routers’ firmware to the latest version provided by the manufacturer.

It is said that the flaw was the result of negligent, with ISPs, vendors, and users sharing a long tradition of disregarding basic security practices. As a result hundreds of thousands routers likely to be controlled by hacker which are used to attack the Internet ecosystem and interconnected networks.

The study revealed that major companies involved in the issue.

The study’s main target is to share attack details in an attempt to raise awareness about the dangers posed by under-secured, connected devices.

Although the study has been published, many botnet devices are still attacking the users and other websites.

According to the study, the researchers first identified these attacks on December 30, 2014 and have been mitigating them ever since. In the last 30 days, they saw that the number of attacking IPs had been increasing.

The rapid growth compelled the Incapsula security team to further investigate the case. The team revealed that this wave of attacks is a part of a much larger DDoS assault targeting hundreds of other domains outside of the Incapsula network, and includes other attack vectors and  network layer barrages.

After the research, Incapsula contacted the vendor of the routers and the ISPs whose routers and networks, it found to be most open to abuse.

After inspecting a sample of 13,000 malware files, they found out that on average, each compromised router held four variants of MrBlack malware, as well as additional malware files, including Dofloo and Mayday, which are also used for DDoS attacks.

Taipei City govt plans to install more monitoring equipment

The Taipei city government is planning to install more monitoring equipment and protect the messaging application line after a huge amount of information was leaked in a hacking breach of city computers, according to Taipei Times report.

a bid to avoid further breaches, the officials have decided to install additional monitoring equipment to identify unusual activities on city systems.

Taipei Mayor Ko Wen-je said that secretariat computers were breached last week, which had revealed a “troublesome” information.

Taipei Department of Information Technology (TDoIT) Commissioner Lee Wei-bin said that in the information breach, numbers of city department heads along with their confidential information had been compromised.

He said that the hacks could allow the hackers to predict the names of secretaries to “friend” commissioners and their staffs. In order to identify all of the members, the management would take a special caution. However, any new member would join the group.

He added that the existing antivirus software on the city secretariat’s computer, which got infected, could not detect the unauthorised access. The management would review the existing divisions between computer systems among the city’s departments, secretariat and the mayoral office.

Although, Taipei city councilors criticised the maximum usage of Line groups for messaging, which creates risk, by the city government, Lee said there was an implicit tradeoff between perfect security and administrative efficiency.

He said that they could not switch to any other messaging software, which is domestically designed and hosted, because it would be more costly and time consuming.

Moreover, Mayor Wen-je, who is used to Line software, has already introduced it extensively within every department.

He added that the department however, was imposing clearer standards for Line usage. The Line groups must have designated members who could take responsibility for policing membership lists.

He said that the city government’s decision would be recorded in official documents which would be to councilors. However, Line conversations would be confidential as telephone calls or private discussions within the city government.

Researchers discover fingerprint flaw on Samsung Galaxy S5

Photo Courtesy: Mobilesyrup website
Despite the various efforts made to secure biometric information on Samsung Galaxy S5 by the Android phone makers, hackers can still take copies of fingerprint which is used to unlock the phone set, said researchers.

Tao Wei and Yulong Zhang, researchers at FireEye, a security firm, said that even though there is a separate secure enclave for the information on the phone, it is possible to grab the biometric data before it reaches that safe area which allows hackers to copy people’s fingerprints for further attacks.

Wei and Zhang, who conducted research on Galaxy S5 including other unnamed Android devices, will be presenting their findings at the RSA conference on April 24.

The researchers said that in order to clone the fingerprints, the hackers don’t have to break the protected zone where the data is stored. They just have to collect data from the device’s fingerprint sensor.

According to them, any hacker can easily clone fingerprints from the phone sets. They have to get user-level access and run a program as root. They wouldn’t need to go deeper on Samsung Galaxy S5 because the malware needs only system-level access.

And once the hackers break the operating system of the phone, they can easily read the fingerprint sensor. Then, the hackers get the data from which they can generate an image of fingerprint. After that, those hackers can do whatever they want.

After finding the flaw on the phone, the researchers had contacted Samsung. However, they did not get any updates or measures to fix the vulnerability from the company.

They said that it is better to update Android version in order to get protected from this vulnerability because it is not resident on Android 5.0 or later versions.

"Samsung takes consumer privacy and data security very seriously. We are currently investigating FireEye’s claims,” said a spokesperson for Samsung via email to Forbes.

Although, there are various security concerns about biometric, it is going to be the primary form of authentication on mobile phones.

It is said that Microsoft is testing out a range of biometric options for its upcoming Windows 10 operating system. 

However, Wei and Zhang said they only tested Android devices as of now.

They said that not all of the Android phones below 5.0 with fingerprint authentication were affected but this vulnerability is likely to spread among other phone companies as well.  Like HTC One Max, Motorola Atrix, Samsung Galaxy Note 4 and Edge, Galaxy S6, and Huawei Ascend Mate 7.

“We only tested a limited number of devices. While we expect the issue is more widespread, we are not sure,” the FireEye spokesperson said in an email to Forbes

International operation mounted to counter Beebone Botnet

A multinational task-force comprising of European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), the FBI and led by Dutch National High Tech Crime Unit was recently set up to target the Beebone (AAEH) botnet, a downloader virus that cripples a computers defenses by downloading various malwares on a PC.

Private players Intel Security, Kaspersky and Shadowserver were also present to consult on destroying the polymorphic downloader that according to sources, has affected 12000 computers till date.

The operation 'sinkholed' the botnet by recognizing the domain names and addresses of the affected parties and then rerouting traffic.

Emergency teams around the world have been put into motion to get into touch with the victims of the botnet. The number of affected parties is less in this case, but the botnet has been deemed to be very sophisticated.

The operation was successfully carried out after which Europol’s Deputy Director of Operations, Wil van Gemert, said "This successful operation shows the importance of international law enforcement working together with private industry to fight the global threat of cybercrime."

"We will continue our efforts to take down botnets and disrupt the core infrastructures used by cybercriminals to carry out a variety of crimes. Together with the EU Member States and partners around the globe, our aim is to protect people worldwide against these criminal activities."

"Using TrueCrypt is not secure" , End of TrueCrypt Development

Today, security enthusiasts woke up with a shocking news that TrueCrypt has ended its development and warns users that the tool used for encrypting drive is not safe to use.

Users who try to access the official TrueCrypt website are being redirected to the official sourceforge page of Truecrypt(  The page displays the following message:

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"

The message continued "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information)."

The page suggests users to migrate any data encrypted by TrueCrypt to encrypted disks supported on their platform.  It also has provided steps for migrating to an encrypted BitLocker drive.

Many, including me, are not able to believe our own eyes.  It is uncertain whether it is official announcement from the development team or some one has hacked the Truecrypt website.

Matthew Green, who teaches cryptography at Johns Hopkins, researcher involved with the TrueCrypt audit, tweeted that he thinks the news is legitimate.

A new binary (Truecrypt v7.2) has been uploaded to sourceforge page in the last 24 hours.  Upon opening this binary, the following error message is being displayed:

The binary is not allowing users to "create new volume".  It only allows you to mount the volumes.  Users are advised not to download this latest version, as it may contain malicious code.

Scam Alert: Your Facebook Accounts will be Permanently Disabled

We have seen large numbers of facebook posts that promise something, but it turns out to be a scam.  Fb users are still believing such kind of posts and blindly following the instructions.  So, Cyber criminals are keep coming up with new themes to trick users.

Over the past few days, i have been receiving a facebook notifications informing that one of my friends mentioned me in a comment.  I had a look at the post, it is none other than a facebook scam.

The scam posts says "to all facebook users Your Facebook Accounts will Permanent Disable. you must register your account to avoid permanent disabled . How to register? Go to our pinned post. and follow instructions carefully!" 

It asks you to copy and paste some code in the console of your browser.  By blindly following the instructions of scammers,  users are allowing scammers to do various actions('like', 'sharing', 'tagging friends' and more) on their behalf.

Earlier this year,  we learned that scammers were tricking users by promising them that following the instructions will help them to hack their friends' accounts.

Creepy Voice from Baby Monitor Yells at baby

It's middle of the night and 10-month-old Adam Schreck's daugher was asleep in her room.  Adam had a baby monitor that was also equipped with a camera.  Suddenly, there was a creepy voice coming from the baby monitor.

The voice said "Wake up baby.. Wake up baby" and then a long 'aaaaahhhhh'. Once Adam entered the baby's room, the camera turned towards Adam and shouted at him.

No, I'm not telling you scary stories and not even talking about the scary baby monitor scene from 'Insidious' movie.  It's real incident occurred in Cincinnati, ohio.

Someone hacked into the Adam's baby monitor and began shouting at his daughter.  The camera that was hacked is manufactured by Foscam, according to Fox19 report.

Earlier this year, security journalist Brian Krebs explained about a security bug in the Foscam's firmware.  The bug allows anyone to access the web-interface for this camera by entering a blank username and password.

This is not the first case of hackers taking control of a baby monitor, as a similar incident occurred in Houston last year.

To secure yourself, make sure you have update to date firmware and change the default user name and password of your baby monitor.

Beware of fake versions of Malwarebytes Anti-Malware 2.0 claiming to be free

It is always suggested not to download cracked versions of software, if you are really concerned about your Desktop security.  But, Downloading a cracked version of Antivirus or from unknown sources is height of stupidity.

MalwareBytes recently released new version 2.0 of the MalwareBytes Anti-Malware(MBAM). Cyber criminals have now started to trick users into installing the fake versions of this security application.

Researchers at Malwarebytes have come across a number of websites offering free version their software, but are actually potentially unwanted programs.

These bogus applications are capable of making itself run every time, whenever the system is restarted.  They are also capable of accessing your browser cookies, list of restricted sites and browser history.

These apps also blocks users from accessing certain websites by adding them to Internet Explorer's restricted zone, which includes wikia, gamespot, Runescape online.

The security firm also have spotted premium version of MBAM with key generators on torrent websites.  But, in this particular case, users are asked to fill survey in order to download the app.  Filling these kind of surveys will help the cybercriminals to earn money.