nullcon Information Security Conference 8Bit, Goa 2017

nullcon‍ was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto - "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology. The idea started as a gathering for researchers and organizations to brainstorm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security. In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform, which caters to the needs of IT Security industry at large in a comprehensive way.

The event consists of 25 speeches and 11 training sessions, which cover all major topics of IT security industry. The conference is created for security companies/enthusiasts so they can showcase the most up to date research and technology on the topic. The shared knowledge is usually used afterwords within the organizations. Moreover, we host ExhibitionFree WorkshopsCTF Hacking competitionsJob FairBlackShield Awards and other events at the conference.

The Keynote will be addressed by Joshua Pennell, Founder & President, IOActive, following which we would have talks by various international security researchers on topics such as, ATM Hackings, Drone Hijacking, Telecom Protocol Security, Blockchain issues, Cloud Security, Bug Hunting, Social Engineering, Botnets and lots more.

With nullcon 8-bit edition we have made a lot of changes bringing the conference to the next level:
  • We anticipate to have 1000 people,
  • Additional DevOps Security Track,
  • New Trainings on Cloud Security, IoT, Infrastructure, Hardware Security,
  • New CXO Panel session,
  • Larger exhibition vendor area etc.

Nullcon Goa 2017 Dates:
  • Training - 28th Feb to 2nd March 2017
  • Conference - 3rd to 4th March 2017

New Venue:
Holiday Inn Resort, Mobor Beach, Cavelossim, Salcette, Goa - India.
Registartion is still open! Get your pass here:

We are happy to announce that we are giving 10% discount for a conference pass if you are E Hacking News Reader! Don’t miss your chance to visit the leading Asia's Information Security Conference!

Visit our website for more information:
We are looking forward to seeing you at the conference!

Twitter's bug could expose contact numbers of users

Micro-blogging website, Twitter had squashed its password recovery bug on Wednesday (February 17) which had affected its password recovery systems last week.

The bug which had affected the systems for about 24 hours had the intensity to extract a user’s personal information including the e-mail address and contact number.  

The company has notified affected users, though it’s believed to have impacted fewer than 10,000 of Twitter’s more than 320 million monthly active users.

If a user has no received a mail, then it implies that there account is safe.

The company would also call on law enforcement officials to investigate any users who they find exploited the security bug to access someone else’s account information.

The issue reminds of the practice what the company refers to as “good security hygiene,” including double authentication.

While the issue did not impact user security, it illustrates the trouble users face with protecting their own data. 

While users could have strong passwords, use two-factor authentication, and employ other security techniques but if a company’s network is hacked, there’s little customers can do but watch their information fall into the hands of malicious parties.

Banks face new APT style robbery attacks

A year after Kaspersky Lab researchers warned that cyber-criminals would start to adopt sophisticated tactics and techniques from APT groups for use in bank robberies, the company has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN who attack financial organizations use covert APT-style reconnaissance and customized malware along with legitimate software and new, innovative schemes to cash out.

The Metel cyber-criminal group gains control over machines inside a bank that have access to money transactions. The gang can automate the rollback of ATM transactions which shows that the balance in debit card remains same regardless of number of ATM restrictions.

The group of these criminals steals money by driving around cities in Russia at night and emptying ATM machines belonging to a number of banks, repeatedly using the same debit cards issued by the compromised bank.

The researchers also uncovered that the Metel operators achieve their initial infection through specially crafted spear-phishing emails with malicious attachments, and through the Niteris exploit pack, targeting vulnerabilities in the victim’s browser. After they cross the network, the cybercriminals use legitimate and pentesting tools to move laterally, hijacking the local domain controller and eventually locating and gaining control over computers used by the bank’s employees responsible for payment card processing.

Investigation is on to know further details. So far no attacks outside Russia have been identified.

The three gangs identified are shifting toward the use of malware accompanied by legitimate software in their fraudulent operations.

Meanwhile, GCMAN successfully attacks an organization without the use of any malware, running legitimate and pentesting tools only. Kaspersky Lab experts have investigated, we saw GCMAN using Putty, VNC, and Meterpreter utilities to move laterally through the network till the attackers reached a machine which could be used to transfer money to e-currency services without alerting other banking systems.

In one attack observed by Kaspersky Lab, the cybercriminals stayed in the network for one-and-a-half years before activating the theft. Money was being transferred in sums of about $200, the upper limit for anonymous payments in Russia.

Founded in 1947, Kaspersky Lab products has released crucial Indicators of Compromise (IOC) and other data to help organizations search for traces of these attack groups in their corporate networks.

Security flaw in Trend Micro unveiled by Google security Researcher

Google security researcher, Tavis Ormandy has found bugs in Password Manager of global security software company, Trend Micro.

Password Manager is a component installed by default with Trend Micro’s Premium Security and Maximum Security home products.

Ormandy informed Trend Micro about his findings on January 05.

The bug which is primarily written in JavaScript with node.js could allow remote code execution by any website and steal all passwords of a user. He also noted that it was also possible to bypass Internet Explorer’s Mark of the web (MOTW) security feature and execute commands without letting the victim receive any notification.

Ormandy took 30 seconds to identify an API that could be leveraged for remote code execution (RCE).  Overall, Ormandy found over 70 APIs exposed to the Internet.

Exploiting a vulnerability can give an attacker deep access to a computer.

Several serious vulnerabilities have been found in the last seven months in antivirus products from vendors including Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes.

Security bug in most popular antivirus softwares

Three most popular antivirus softwares  were  detected with the serious security flaws that could allow hackers to infiltrate the Windows computer via antivirus itself.

enSilo a security researchers have discovered  that AVG, McAfee, and Kaspersky have a common security bug.

This year in March, the security researchers at  enSilo found a security flaw in antivirus engine AVG Internet Security 2015. The security bug creates a memory space with full RWX (read-write-execute) privileges in the predictable address space that a hacker could easily force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).

enSilo informed the AVG employees about the security flaw, and they fixed the issue within two days.

With the seriousness of the bug enSilo decided to tests the other commonly used antivirus software’s. They found the same bug in Intel Security's McAfee Virusscan Enterprise version 8.8 and Kaspersky Total Security 2015 - 15.x.

enSilo notified each company about the security bug.

"Intel Security takes the integrity of our products very seriously. Upon learning of this particular issue, we quickly evaluated the researchers' claims and took action to develop and distribute a solution addressing it," an Intel Security representative told Softpedia.

Keeping the possible widespread nature of the problem in mind, enSilo has created a free checking utility called AVulnerabilityChecker, and advised every user to check that they have all the latest updates.

"We'll continue updating this list as we receive more information," said Tomer Bitton, VP of research at enSilo, in a blog post.

"Given that this is a repetitive coding issue amongst Anti-Virus – an intrusive product, we believe that this vulnerability is also likely to appear in other intrusive products, non-security related, such as application-performing products."

Dell says "sorry" for installing vulnerable digital certificate

Dell has apologized as it confirmed via a blog post that a certificate (eDellRoot), installed on its PCs that introduced a security vulnerability.

It is said that the certificate allows attackers to cryptographically impersonate HTTPS-protected websites. However, the company has issued a software tool that removes the transport layer security credential from affected machines.

The certificate will not reinstall itself, once it is properly removed using the recommended Dell process.

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it,” the company said in the blog post.

According to the blog post, Dell’s customers, Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, informed the company about the presence of such certificate on its PC.

Dell has claimed that the certificate was not a malware but was there to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service their customers.

“We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward,” the company added. 

A Security bug in MetroPCS could allow hackers to access customer data

A critical security bug in MetroPCS could allow anyone who knew your phone number access your personal details from the website including your home address, phone’s model and serial number .

It was revealed in a report by Motherboard that a pair of researchers discovered a bug that left the customer’s personal data exposed to cybercriminals.

With the personal details in hand, cybercriminals could easily move on to identity theft and accessing bank accounts.

 Eric Taylor and Blake Welsh found the flaw on MetroPCS's payment page in mid-October. Motherboard independently verified the flaw and reached out to T-Mobile, which owns MetroPCS, on October 22.

Well-known researchers have claimed it as a pretty nasty bug and a serious privacy exposure.  MetroPCS was unaware of the problem before being contacted by Motherboard prior to their published report. A spokesperson for T-Mobile told Motherboard that the flaw was fixed and the data is not exposed anymore.

But the thing that raised eyebrows was that the hacker won’t even need someone's phone number. An attacker could just run an automated script and obtain the personal data of many MetroPCS customers.

Hackers won $1 million iPhone Jailbreak prize

Zerodium, which had announced to pay $1 million USD to those that could provide a good iOS 9 jailbreak, finally made it public via twitter that some hackers have won $1 million by finding a remote jailbreak of an iPhone.

“Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!,” Zerodium tweeted on November 2.

Last month, the company launched "The Million Dollar iOS 9 Bug Bounty" program which aimed to buy an "exclusive, browser-based, and untethered jailbreak" for Apple's latest mobile operating system,

However, the company has not revealed the winner names or any further details.

A news published in Forbes Magazine, reported that the winners must have spent a significant amount of time trying to meet the tough requirements of the $1 million bounty: a remote attack that successfully took control of an iPhone via either Apple’s Safari browser, Google GOOGL +0.13% competitor Chrome or a text message. The $1 million bounty also required exploits work on the iPhone 6 or 6S, not any earlier models.

As per the news report, it had contacted the Zerodium’s founder, Chaouki Bekrar, however, he had not commented on it.

“The winning team has submitted the exploits just a few hours before the expiration of the Zerodium bounty as they have been working very hard to finish and polish the code until the last day. The exploit chain includes a number of vulnerabilities affecting both Google Chrome browser and iOS, and bypassing almost all mitigations in place. The exploit is still being extensively tested by Zerodium to understand each of the underlying vulnerabilities,” the founder added.

ATMs of Sparkasse Bank not only gives you Money but also Sensitive Information

A security researcher, Benjamin Kunz-Mejri discovered that ATM machines of German savings bank, ‘Sparkasse’ can leak sensitive information during software updates.

Mejri who is a CEO and founder of Germany based security firm Vulnerability Lab, used the ATM of Sparkasse when the machine suddenly ejected his card, and changed its status to “temporarily not available.” The machine later showed details of an update process on the screen which was when Mejri realised that the terminal had become temporarily unavailable because it was performing a software update.

For this attack, Mejri coined the term “timing attack”.

Software updates are normally conducted in the background, but Mejri discovered, the progress and details of the update process can be made visible by interacting with the device as he did.

The researcher found that a lot of sensitive data like bank’s main system branch usernames, serial numbers, firewall settings, network information, device IDs, ATM settings, and two system passwords was vulnerable to the hackers.

During the whole process, the card reader remained available and usable for other operations.

The ATM’s keyboard was also not disabled and the attacker could execute system commands via the available command prompt.

The ATM’s analysed were manufactured by Wincor Nixdorf, a German company that manufactures, sells, installs and services retail and banking hardware and software. The affected ATMs and self-service terminals were running Windows 7 and Windows XP operating systems.

According to the experts, a large scale attack can be coordinated by a criminal ring due to this vulnerability.
An attacker who has a physical access to bank nework can use the information disclosed during the update process to run a man-in-the-middle (MitM) attack on the targeted bank’s local network.

The attacker could push a bogus update to reconfigure the ATMs.

The attacker could conduct fraudulent transactions by forcing the ATM crash and corrupt the logging or debugging mechanism.

If fraudsters can determine the time and date of update schedules, they can conduct a larger, coordinated attack targeting multiple ATMs and self-service terminals as it takes 17 minutes to record all the information displayed on the screen.

There is a possibility that apart from Sparkasse, other banks who use Wincor Nixdorf ATMs and self-service terminals might also be affected.

The bank has already pushed out updates that fix the issue to a limited number of ATMs in German city of Kassel as a pilot project. The update will be installed in other regions after the test of new configuration becomes successful.

It is the first time that a German bank has admitted the security vulnerability in an ATM and rewarded the researcher with undisclosed amount of money.

Last week only, Berlin Police announced that they have been looking for a man who illegally withdrew cash from two ATMs using a USB stick that he connected to the devices after unscrewing their front panel.

Duuzer attacks South Korea that helps to steals data

Symantec, a security firm, has found out that the South Korea has been targeted by an active back door Trojan, dubbed as Backdoor.Duuzer that provides an attacker remote access to the compromised computer, downloads additional files, and steals data.

Researchers from Symantec posted in its blog stating that Duuzer was especially focused on the South Korean manufacturing industry.

It is designed to work on both 32-bit and 64-bit computers. If Duuzer finds the infected computer is a virtual machine that was made using Virtual Box or VMWare, then it stops executing. It allows Duuzer to attempt to evade detection from security researchers who are running virtual machines that are designed to be compromised with malware for analysis.

Once Duuzer infects a computer, it opens a back door, giving the attackers access to almost everything. The attackers can get access to gather system and drive information, create, enumerate, and end processes, access, modify, and delete files, upload and download files, change the time attributes of files and execute commands.

“Based on our analysis of Duuzer, the attackers behind the threat appear to be experienced and have knowledge about security researchers’ analysis techniques. Their motivation seems to be obtaining valuable information from their targets’ computers,” the researchers wrote in the blog. There is also evidence to suggest that the actors behind Duuzer are spreading two other threats, detected as W32.Brambul and Backdoor.Joanap, to target more organizations in South Korea.”

The researcher said that the detected malwares Brambul and Joanap used to download extra payloads and carry out reconnaissance on infected computers. Although, the exact distribution method is still unknown, it is likely that the malware is spreading through spear-phishing emails or watering-hole attacks.

According to the researchers, Duuzer, Brambul, and Joanap are just a small selection of many threats affecting South Korea. The nation has been impacted in high-profile, targeted campaigns over the last few years.

In order to protect, Symantec recommends that users and businesses to change default user names and passwords and not to use common or easy-to-guess passwords, regularly update the operating system and software, don’t open suspicious emails.

YISPECTER: Jailbreak, No Longer a Pre-Requisite for malware attacks

YISPECTER; a new iOS malware that is capable of attacking both jail-broken and non-jailbroken apple devices has been detected, which abuses private APIs and implements malicious functionalities.

(PC- google images)
This malware has been identified in Mainland China and Taiwan, and is hijacking the traffic from the countries’ ISPs. This has led to a huge outbreak of reports to Apple Inc. in the past few weeks and the existence of YISPECTER is being discussed on several online forums for the last months in which, out of the 57 top world cyber security systems, only one has been able to detect this specific malware

The malware comprises of four components which are co-dependent upon each other. With the approval of enterprise certificates, these components abuse private APIs and download files for each other from a command and control (C2) server. Three of them use complex tricks to hide their icons from the SpringBoard, that prevents detection and removal.

 YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 server from the infected iOS devices.

This malware has the capability to determine:
  • Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed
  • Even if you manually delete the malware, it will automatically re-appear
  • Using third-party tools you can find some strange additional “system apps” on infected phones
  • On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show up.

YiSpecter began to spread in November 2014, as per the forums. The main iOS apps of this malware have user interface and functionality that enable the watching of free porn videos online, and were advertised as “private version” or “version 5.0” of a famous media player “QVOD”. QVOD was developed by Kuaibo and became popular in China by users of porn trafficking.

As far as now, there are two main apps distributed in thus far:
  • HYQvod (bundle id: weiying.Wvod)
  • DaPian (bundle id: weiying.DaPian)
Both of them were spread by one or more of the multiple ways described earlier. They include the functionality of watching videos online by consuming credits and users can get credits by installing promoted iOS apps . But most important, it will download and install another malicious app popularly named NoIcon.

The aforementioned apps install NoIcon in a peculiar way. The app opens an HTTP server and listens on port 8080 using [HYAppDelegate createLocalHTTP Server]. This downloads NoIcon’s IPA and PLIST files and then QVOD  uses these local files to construct a local HTTP server that infects iOS and spreads the apps distribution.

From the evidences that have been collected, it is being suggested that a company named YingMob Interaction is the sole developer of YISPECTER. YingMob Interaction’s enterprise certificate. In the NoIconUpdate’s code, we even found a which names the company in the app’s release notes. YiSpecter’s C2 server has hosted some websites belonging to YingMob. For example, if we directly visit the subdomain for YiSpecter’s downloading, qvod.bb800[.]com, we can find it’s an “WAP iOS Traffic Platform Backend Management System” with copyright information of YingMob Interaction.
The world where only jailbroken iOS devices were threatened by malware is a thing of the past. WireLurker proved that non-jailbroken iOS devices can also be infected through abuse of the enterprise distribution mechanism. YiSpecter further shows us that this technique is being used to infect many iOS devices in the wild.

New Malware forces you to change your Wifi's default password

Ifwatch, a custom-built vigilant malware software changed the Wi-Fi passwords of  nearly 10000 routers to make it more secure.

According to researchers at the cyber security firm Symantec, the software is actually used to defend the machine from the hackers and provides solution for the other malware infections.

“We have not seen any malicious activity whatsoever,” said Symantec threat intelligence officer Val Saengphaibul. “However, in the legal sense, this is illegal activity. It’s accessing computers on a network without the owner’s permission.”

Ifwatch software infect the routers with a mysterious piece of “malware” through Telnet ports, which are often protected by default security credentials that could be easily for accessed for malicious attack, and then prompts the users to change their Telnet passwords.

The software is spreading quickly around the world but found mostly in China and Brazil. It was first discovered by an independent researcher in 2014.

“We have no idea who is behind this — or what their full intention is,” Saengphaibul said.

Vodafone 'hacking' of reporter's phone must be investigated, says Greens senator

A report published in The Guardian revealed that an Australian Greens senator Scott Ludlam has urged the Australian Federal Police and Australian Communications and Media Authority to investigate Vodafone over a serious privacy breach in which a journalist’s phone records were accessed.

According to the news report, Natalie O’Brien, Fairfax journalist, had her phone records leaked by a Vodafone employee in 2011, after she reported on a major data breach the company had suffered.
“The Office of the Australian Information Commissioner and Acma have both released statements acknowledging they have been made aware of the breach, but neither organisation has committed to an investigation,” the news report added.

As per the Telecommunications Act, no one either telecommunications provider or an employee, has authority to use or disclose information relating to the contents of phone records.

“It’s flat out a really interesting test of whether the laws that protect privacy in Australia are actually going to be upheld by the regulators,” Ludlam told Guardian Australia. There’s two issues. One will be whether the Acma’s directions were upheld. It’s not clear to me whether they were. Secondly, whether the federal police are intending to investigate the company for illegal access of phone records.

He said that while Vodafone was facing scrutiny for this particular breach, the case was an important illustration to put all companies on notice about their privacy obligations.

According to the news report, in December 2011, Acma gave formal directions to Vodafone that require it to take certain steps to improve its data practices. In the event the organisation were to investigate and find their directions had been breached, they could face heavy financial penalties.

In a statement released on Monday, acting information commissioner and privacy commissioner Timothy Pilgrim said the OAIC had been aware of “an allegation about inappropriate access to an individuals’ telephone records in May 2015.”

“The OAIC has been in contact with Vodafone to make inquiries about the allegation. The OAIC has also been liaising with the Australian Communications and Media Authority about these allegations, in accordance with the memorandum of understanding between the two agencies,” the statement read.
Acma released a statement and said it was aware of the allegations.

“The Acma has not previously investigated these allegations,” the spokesperson said.

Wassenaar Cybersecurity Rules – How India Must Respond

In December 2013, the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (“Wassenaar Arrangement”) extended its reach to the cyber world. The extension seemed to signal a broad attack on export of many categories of cyber security software including commercially available penetration testing and network monitoring products, zero days and other computer exploits. Interestingly, these changes have emerged after media reports of U.S. government purchases of zero day computer exploits or vulnerabilities, i.e., security vulnerabilities previously unknown, by the US National Security Agency (NSA) for use by its hacking team.

Cyber security experts around the world and large companies like Google have raised a banner of revolt against the Wassennar changes and the U.S. Department of Commerce’s Bureau of Industry and Security (BIS)’s proposals for the implementation of the Wassenaar changes. They have expressed serious concerns about the impact of these changes on discovery of new vulnerabilities that could pose a threat to the internet globally.
If anything, the general impression is that Wassenaar Changes and its implementation by the signatory countries would actually make the internet more dangerous to users around the world. Google has been quoted as saying that the rules “are dangerously broad and vague and would have a significant, negative impact on the open security research community. They would also hamper our ability to defend ourselves, our users and make the Web safer. It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure."
The fierce criticism and loud, public protest has had a temporary impact. The US Department of Commerce has now committed to drafting new rules to replace/amend the earlier draft.
It would be pertinent to note here that in response to the Wassenaar changes, VUPEN, a well known zero-day exploit firm (and also a supplier of exploits to the NSA), announced its decision to restrict exploit sales only to approved government agencies in approved countries
So what does all this mean for India? While the Wassenaar Arrangement might have worked in the physical world, will it work in the borderless cyber world? Will a country like Russia, a leading global supplier of cyber security software and tools implement rules to accommodate the Wassenaar changes, especially at a time when it is facing economic headwinds and under sanctions from the US and the EU? It does not seem to be in Russia’s interest at all, given its enormous strengths in the cyber security area and huge market for such products.
But India cannot afford to speculate on which way the wind will blow. The ongoing transformation of India into a Digital Economy implies the need for strong cyber security defences. Imagine a situation where a commercial or defence software is found to have vulnerabilities, whether accidental or deliberate, and the country lacks the tools to test for and mitigate such vulnerabilities? What if such vulnerabilities are discovered in software used in sectors such as Critical Infrastructure, Public Utilities, Financial Services, Health Information Systems? What if vulnerabilities are found in SCADA (industrial automation control systems) used by major industries and the energy sector?
Clearly, India needs to build its own cyber security defences and do it fast. Some expertise is available in the country, and needs to be complemented with global talent. 
The Government, leading software companies, defence companies and major users need to invest liberally in funding and supporting talented cyber security professionals. The Government should support some aggression in sourcing relevant tools, technology and talent from wherever required in the world. Israel’s export of cyber security software now exceeds that of physical weapons systems, and there’s a lesson for India here in the form of a Military/Industrial/Cyber Security Professionals complex to meet India’s needs.
As is known, India has faced serious problems in the past with respect to imports of critical technologies in the areas of defence, space and the nuclear sector. In the context of cyber security, we now have advance warning about problems that are around the corner. It makes no sense to run into a wall all over again and as such, a proactive and immediate national response is called for.
Prasanna J, Founder of Cyber Security and Privacy Foundation.

Mozilla patches severe vulnerabilities in its Bugzilla bug tracking system

Mozilla confirmed on September 4 that an attacker, stole its security-sensitive vulnerability information from its Bugzilla bug tracking system and then he got accessed to information about unpatched zero-day bugs.

However, Mozilla has now patched all the flaws that allowed the attacker to get the accessed. Similarly, the company concerned said that it would take its own security more seriously than before.

It is also said that the attacker used it to attack Firefox users, the maker of the open-source Firefox browser warned Friday.

“The attacker acquired the password of a privileged Bugzilla user, who had access to security­sensitive information. Information uncovered in our investigation suggests that the user re­used their Bugzilla password with another website, and the password was revealed through a data breach at that site,” Mozilla said in an FAQ on the breach.

The one bug that was exploited in the wild was used to collect private data from Firefox users who visited a Russian news site.

The attacker accessed approximately 185 bugs that were non-public. Among them, 53 were said to be severe vulnerabilities. Mozilla claims that 43 of the severe flaws had already been patched in the Firefox browser by the time the attacker accessed the bug information. That leaves 10 bugs that the attacker had access to before they were patched, and that's where the potential risk to Firefox users lies.

“The earliest confirmed instance of unauthorized access dates to September 2014. There are some indications that the attacker may have had access since September 2013,” the company said.

The company said that during its investigation it found out that the user re­used their Bugzilla password with another website, and the password was revealed through a data breach at that site.
Firefox security lead Richard Barnes detailed what Mozilla is now doing to improve Bugzilla's security.

"We are updating Bugzilla's security practices to reduce the risk of future attacks of this type," Barnes wrote. "As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication."

Bug in the GitHub Extension for Visual Studio Makes Developer Lose $6,500

Carlo van Wyk, a South African web developer, said that he lost $6,500 (£4,250) in just a few hours because of a flaw in a tool for using Microsoft's Visual Studio IDE with code-sharing site GitHub inadvertently exposed his sensitive data.

He used the GitHub Extension for Visual Studio 2015 to commit one of his local Git code repositories to a private repository on GitHub. However, an unknown to him at the time the bug in the extension, developed and maintained by GitHub itself, caused his code to be committed to a public GitHub repository, rather than a private one as he intended.

Once he reported the bug, both of the concerned companies fixed it.

According to a report published in The Register, within around ten minutes after publishing his code, he received a notification from Amazon Web Services telling him his account had been compromised. He had included an AWS access key in the code that he had committed to GitHub.

Although, he immediately changed his AWS root password, revoked all of his access keys, and created new ones, within hours the crooks had managed to sign him up for AWS's Elastic Compute 
Cluster and fire off more than 20 instances in each EC2 region.

After that his AWS account had racked up a bill of $6,484.99.

AWS was not available for the comment, as per The Register. However, GitHub has apologized for the error in its code, regarded it as "inexcusable."

WordPress 4.3 automatically generates secure password

The WordPress has announced the release of new version 4.3, dubbed “Billie” in honor of jazz singer Billie Holiday, is available for download, with some changes in the password security system.

The new system of managing a password reset sends a password reset link that has 24-hour expiry window, and users will also receive e-mail notification if e-mail or password is changed.

In a blog post, WordPress developer Brian Krogsgard said that, “This is a relatively minor change to WordPress that will significantly enhance default user behavior for a big security win.”

For the new users to WordPress,  they have add a feature which will automatically generate a secure password for the user. It means that the users will have a strong password by default.  A password strength meter will help users to gauge on the strength of their password.

“Although WordPress isn't stopping you from choosing terrible passwords, the default in 4.3 is that you get secure passwords, and making them less secure takes a bit of work,” noted Mark Jaquith, a lead WordPress core developer.

Creepy Voice that you heard from Your Baby Monitor is not of a Ghost

Beware of the cameras connected to the Internet or the security cameras and monitoring as these systems can be easily hacked by the hackers. It camera hacking has become a serious issue now as of the potential for unauthorized people to make video recordings.

Ontario Provincial Police (OPP) issued a warning on Wednesday reminding people that these systems can be susceptible to hackers because many have an option to be used remotely enabled by default after a family from southwestern Ontario witnessed on July 7 a baby monitor watching their young child when it suddenly began playing music and a voice said they were being watched.

According to Liz Melvin, the OPP Const, the child was about to sleep in the nursery when the camera was remotely activated.  

“The camera played some eerie music and a voice could be heard indicating the parent and child were being watched,” Melvin told National Post. “Obviously it’s going to be disturbing.”

She said the family’s Internet service provider confirmed the router had been hacked and the source of the hack could be from anywhere in the world.

Although, such kid monitor hacking cases have been reported every month, Melvin said no other incidences have been reported and she wasn’t aware of any past investigations into this type of camera hacking in the area.

She said there are no suspects in the case and the investigation is ongoing.

In a bid to protect, people should use passwords to protect access to the Internet connection and access to monitoring systems. Similarly, buy cameras from trusted sources and cover them cameras when not in use.

Avast announced the acquisition of Mobile Virtualization Company ‘Remotium”

Avast Software, maker of the most trusted mobile and PC security products in the world, on July 8 announced the acquisition of Remotium, a leader in virtual enterprise mobility which technology enables enterprises to extend access securely, simply, and cost-effectively to business-critical applications in a bring-your-own-device (BYOD) environment.

According to a press statement posted by the company, the acquisition of the Silicon-Valley-based start-up will allow Avast to expand its offering of mobile security applications to the enterprise space.

The entire Remotium team has joined the global organization of more than 600 Avast employees.

Like Avast, Remotium, which won "Most Innovative Company" at RSA Conference 2013, solves the challenges of delivering corporate applications to employees’ mobile devices by creating a smooth user experience, while assuring data security and compliance.

The company said that its product, Virtual Mobile Platform (VMP), which enables access to enterprise applications from any mobile or desktop device, allows users to work from anywhere in the office, remotely from their home office or while on business trips.

It is said that the users can connect to their VMP from any device they are using smartphones, tablets, and desktops in order to get access to their corporate tools, apps and data.

Vince Steckler, CEO at Avast, said that the Remotium‘s mobile solutions address the needs of modern enterprises.

"As more and more companies support BYOD policies, the question of how to implement these policies efficiently and securely is top of mind for everyone. With Remotium’s technology, 
companies have visibility and security needed to ensure data integrity and corporate compliance. At the same time, users enjoy increased privacy, as well as apps that look and feel consistent across mobile and desktop platforms. We are pleased to add the Remotium staff to our team together we will further accelerate Remotium’s growth and expand its capabilities across enterprise mobility platforms," he added.

Stephanie Fohn, CEO at Remotium, said, "The Remotium team and I are very excited about joining Avast Software. Avast has a long history in creating innovative, best-in-class security for personal and commercial use. We look forward to extending our technology leadership position and continuing to deliver groundbreaking enterprise mobility solutions to meet the needs of the enterprise.” 

Malwarebytes offers pirates a free one year license

Software companies have been serving the general public for years. But in this process, starts the raging war between the companies and the so-called "crackers" who try to counterfeit genuine products in order to promote piracy.

This creates a loophole in the distribution part of the products. This battle has seen some technical advancement in preventing counterfeiting of the services.

While Microsoft has implemented a product activation procedure for the Windows Operating system and its Office suite, some of the premiere gaming company have a registration process into their servers in order to activate the game, declining which the game becomes unavailable for playing. Yet, there is a continuous struggle amongst the "cracking " society to crack the softwares for free access and piracy.

While this struggle has accelerated with time, a company has finally decided to allow the vicious pirates to gain legit access to their product. Malwarebytes, a premium security firm has initiated Amnesty, a program to enable the users who have procured the serial key from piracy dealers or have downloaded it from the internet, to reissue their security key for free. This reissued key will provide the user with premium access to Malwarebytes Anti-Malware for a period of 12-months.

The company states that the internet has good pioneers as well as bad pirates. While the pioneers work hard day and night in order to provide users with state of the art services, pirates try to dupe people into buying pirated versions of Malwarebytes Anti-Malware.

"Amnesty program has initiated providing free replacement keys to the premium customers who have been facing inconvenience because of pirated keys or software abuse for Malwarebytes Anti-Malware".

To ease it up, you can start by downloading the latest version of Anti-Malware Premium(direct link to download). Once you are done with the installation, the activation setup is initiated, where you have to enter your illegal activation key and proceed. This redirects you to the dialog box which gives you the option to select "I’m not sure where I got my key, or I downloaded it from the Internet". The company then issues you with a new key along with a 12-months free premium membership.

This has been started by Malwarebytes, who are providing one of the best security suites and anti virus tools in the market.