Your home wi-fi isn't safe: Hackers know router trick to access bank accounts, card details

Next time when you connect smartphone or a laptop to relatively secure home Wi-Fi, you might actually be surprised how easy it is to hack into your home Wi-Fi network, courtesy that router installed by your Internet Service Provider (ISP). A small vulnerability in the home Wi-Fi network can give a criminal access to almost all the devices that access that Wi-Fi. This could spell trouble for bank accounts, credit card details, child safety and a whole lot of other concerns.

Trouble could come in the form of a neighbourhood kid who piggybacks on your Internet service. While he plays video games online and talks to his friends over VOIP (Internet-based) telephone service, your Internet service may become sluggish.

But an unsecured home wireless system can also be used to commit crime.

According to the US Department of Justice, law enforcement officers will come knocking on your door if someone uses your Internet connection to upload or download child pornography.

And the bad guys don't have to live next door. Powerful Wi-Fi antennas can pull in a home network's signal from as far away as over 4 kms.

According to Finnish cyber security firm F-Secure, for very little money, a hacker can rent a Cloud-enabled computer and guess your network's password in minutes by brute force or using the powerful computer to try many combinations of your password.

The US Computer Emergency Readiness Team (US-CERT) recently issued an alert about Russia-sponsored hackers carrying out attacks against a large number of home routers in the U.S.

According to Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies, cyber criminals are known to exploit vulnerabilities in home Wi-Fi routers by delivering a payload.

"Once infected with the malware, the router can perform various malicious activities like redirecting the user to fake websites when visiting banking or other e-commerce sites," Katkar told IANS recently.

Hackers abusing Microsoft Azure to deploy malware

Now Microsoft Azure becomes a sweet spot for hackers to host powerful malware and also as a command and control server for sending and receiving commands to compromised systems.

Microsoft Azure is a cloud computing platform created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Initially, this malicious operation was uncovered and reported by @JayTHL & @malwrhunterteam via Twitter in which they provide the evidence that there is a malicious software being hosted in Microsoft Azure.

Researcher’s already reported this malicious operation to Microsoft. however, the original malware (plus additional samples uploaded since) still resided on the Azure site as of May 29, 2019 – 17 days later, Appriver Reported.

This is an evidence of Azure that failed to detect the malware residing on the Microsoft server, but Windows defender is detecting the malicious files if users attempt to download from the malware-hosting server.

Windows defender detects this malware as Trojan:Win32/Occamy.C and the first new sample ( searchfile.exe ) was initially uploaded to VirusTotal on April 26, 2019, and another sample (printer/prenter.exe) was first submitted on April 30, but also remains undetected on Azure servers.

According to appriver, however, it does not appear the service is currently scanning Azure sites or, one could surmise that these files would’ve been detected by now.

Based on the analysis report using the printer.exe file, attackers uncompiled this malware with the c# .net portable executable file.

Attackers cleverly using an uncompiled file as an attempt to evade the gateway and endpoint security detection by thoroughly examining the downloaded binaries.”

Once running, this malicious agent generates XML SOAP requests every 2 minutes to check-in and receive commands from the malicious actors Azure command and control site at: systemservicex[.]azurewebsites[.]net/data[.]asmx”

This is not a first-time malware operator abusing Azure, but already we reported that attackers abuse Microsoft Azure Blog Hosting and it also attempted to steal the login credentials.

Bug in Microsoft RDP allows hackers perform WannaCry level attack


A critical remote execution vulnerability in Microsoft remote desktop services enables let attackers compromise the vulnerable system with WannaCry level malware.

Microsoft recently fixed this RCE vulnerability in Remote Desktop Services – formerly known as Terminal Services, and it’s affected some of the old version of Windows.

A WannaCry attack was one of the notorious cyber attacks in this decade, and it shut down million of computer around the world by exploiting the vulnerability in the RDP protocol.

In this case, Remote Desktop Protocol (RDP) itself is not vulnerable, but attackers need to perform pre-authentication, and it doesn’t require user interaction.

This vulnerability didn’t have any exploit at this time, but in the future, an attacker will create a malware that exploits this vulnerability in a similar way of WannaCry attack.

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008 and also out of support versions Windows 2003 and Windows XP.

3 Million Endpoints are Vulnerable to This RCE Bug

Initially, an unauthenticated attacker will send the specially crafted malicious request to the vulnerable systems after they establish a connection through RDP.

According to Microsoft, This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An Independent researcher Kevin Beaumont said, based on the Shodan search engine, around 3 million RDP endpoints are directly exposed to the internet.

“There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered.” Microsoft said.

According to Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC) “Customers running Windows 8 and Windows 10 are not affected by this vulnerability”.

London hackers may be behind ransomware attack on Lucknow hotel

In a first-of-its-kind ransomware attack in Lucknow, cybercriminals breached and blocked the computer system of The Piccadily, a five-star hotel in the capital of Uttar Pradesh, and demanded a ransom to allow data access. Ransomware is a malware unleashed into the system by a hacker that blocks access to owners till ransom is paid.

The hotel management lodged an FIR with the cyber cell of police and also roped in private cyber detectives to probe the crime and suggest a remedy.

The hotel’s finance controller in Alambagh, Jitendra Kumar Singh, lodged an FIR on March 9, stating the staff at the hotel was unable to access the computer system on February 27 around 11:45 pm when they were updating monthly business data. This was followed by screen pop-ups which read — Oops, your important files are encrypted. The staff initially ignored the pop-ups and rebooted the system following which it crashed. Later, the hotel management engaged a software engineer to track down the malfunction after which it came to light the system has been hit by ransomware.

Nodal officer of the cyber cell deputy superintendent of police (DySP) Abhay Mishra said the case happens to be first of its kind of ransomware attack in the city. The demand for ransom in such cases are also made through ‘Bitcoin’, he said. “They are investigating into the matter, but are yet to make any breakthrough,” Singh told TOI. The staff initially ignored the pop-ups and rebooted the system following which it crashed.

The cyber cell of Lucknow police believes the ransomware attack could have been made from London. Sleuths of the cyber cell made these claims after authorities of the Piccadily said they had been getting frequent phone calls from London-based number after the attack.

Singh said, “We received for calls from the same number a day after the attack. The callers inquired about the ransomware attack and asked about the progress in the case. Later, they also agreed to offer assistance.”

Hackers use stolen Apple prototypes to break into iPhone


Apple's production lines are so massive that it's easy to imagine iPhones being smuggled out of there.

We all know the story of the prototype iPhone 4 that was left at a bar, spoiling what could have been one of the biggest surprises in Apple history. But have you heard the one about the stolen prototype iPhones that are still winding up in unintended hands — in this case, hackers bent on finding ways to break into Apple’s operating system?

As per a report, some of the most prominent iOS hackers have made use of prototype iPhones to break into iOS.

Just like every smartphone maker, Apple also develops a prototype or 'dev-fused' iPhone for testing different technologies, modems, chips.

If you are an iPhone user, chances are that you know about Cydia, the jailbroken app store for iPhone and iPads. While Jailbreaking is a type of hack that is mostly used to sideload paid apps for free, there are other types of hacks as well. Hacks that are either much more problematic or useful, depending on which side of the hack one is in. Apple phones come with a Secure Enclave Processor (SEP) that encrypts sensitive data on the phone and is set-up as a separate entity. Motherboard investigated how some of the best hackers were able to get study the chip and the answer is said to be a “dev-fused” iPhone, which is an iPhone that was lifted before finishing the production process.

As per the report, these dev-fused iPhones are pre-jailbroken devices in which many security features are disabled. This is so that researchers can test them easily but these devices were never intended to get out of Apple’s reach.

The Motherboard report says there’s now a gray market for “dev-fused” iPhones and each product sells for thousands of dollars. Why? Because they help hackers, security researchers crack iPhones and find critical vulnerabilities in them.

Gaining root access to these pre-production iPhones is said to be much easier than doing the same on a commercially available iPhone.

Can AI become a new tool for hackers?

Over the last three years, the use of AI in cybersecurity has been an increasingly hot topic. Every new company that enters the market touts its AI as the best and most effective. Existing vendors, especially those in the enterprise space, are deploying AI  to reinforce their existing security solutions. Use of artificial intelligence (AI) in cybersecurity is enabling IT professionals to predict and react to emerging cyber threats quicker and more effectively than ever before. So how can they expect to respond when AI falls into the wrong hands?

Imagine a constantly evolving and evasive cyberthreat that could target individuals and organisations remorselessly. This is the reality of cybersecurity in an era of artificial intelligence (AI).

There has been no reduction in the number of breaches and incidents despite the focus on AI. Rajashri Gupta, Head of AI, Avast sat down with Enterprise Times to talk about AI and cyber security and explained that part of the challenge was not just having enough data to train an AI but the need for diverse data.

This is where many new entrants into the market are challenged. They can train an AI on small sets of data but is it enough? How do they teach the AI to detect the difference between a real attack and false positive? Gupta talked about this and how Avast is dealing with the problem.

During the podcast, Gupta also touched on the challenge of ethics for AI and how we deal with privacy. He also talked about IoT and what AI can deliver to help spot attacks against those devices. This is especially important for Avast who are to launch a new range of devices for the home security market this year.

AI has shaken up with automated threat prevention, detection and response revolutionising one of the fastest growing sectors in the digital economy.

Hackers are using AI to speed up polymorphic malware, causing it to constantly change its code so it can’t be identified.

Anonymous hackers taken down Canadian government websites

Anonymous hacking group hacked the several Canadian government websites and servers on Wednesday, in retaliation for a new anti-terrorism law passed by Canada’s politicians.

The sites which were affected by this cyber attack includes general website for government services, canada.ca, Canada’s spy agency, the Canadian Security Intelligence Service (CSIS).

According to the cabinet minister, Tony Clement, who is responsible for the Treasury Board, the attack has affected the email and the internet access. He confirmed this on his Twitter account.

 A video  has been posted on YouTube by Anonymous citing that the anti-terrorism law violated human rights and targeted people who disagree with the government.

The new Bill C-51, or the Anti-terrorism Act, 2015, would give new powers to CSIS and federal agencies to increase surveillance and share information about individuals.

Talking to the reporters of the guardian, the public safety minister, Steven Blaney, denounced the cyber attacks, “there were many other democratic ways for Canadians to express their views, and  the government was implementing efforts to improve its cyber security.”

Two Anonymous hackers arrested by Australian Police

After a lengthy investigation, two people believed to be members of Anonymous hacker group have been arrested for allegedly hacking into government and corporate websites.

Police says a 40-year-old man from Western Australia has been charged with hacking into Melbourne IT Ltd's computer network in Brisbane and Indonesian government web servers, Australian Broadcasting Corporation reports.

The 18-year-old man from Penrith was charged with hacking into NetSpeed ISP located in Canberra and ACT Long Service Leave Authority.

These two were reportedly involved in several cyber attacks which includes modifying the content of websites and disrupting access to many websites by launching Distributed Denial of service(DDoS) attacks.  These attacks date back to 2012.

A number of computer hard drives and other computer equipments from the suspects' house have been seized by Police.  

#OpWorldCup: Brazil Government websites hacked by DK Brazil Hackteam


An anonymous affiliated hacker group called as "DK Brazil Hackteam & An0nнat" targeting Brazil government and defaced several Brazil Government websites in recent days.

The hack is part of an ongoing operation called "#OpWorldCup" which.  The operation is appeared to be a protest against the upcoming 2014 FIFA World Cup that is scheduled to take place in Brazil.

The group has defaced two Brazil government websites www.saobento.ma.gov.br and Brazil's Barro Municipality (barro.ce.gov.br/).

The group has defaced plenty of Brazil Government sites at the end of last month.  They hacked the following the websites so far: www.novaluzitania.sp.gov.br/, indaial.sc.gov.br/, igarapedomeio.ma.gov.br/, procon.sp.gov.br.

Anonymous hacker charged for hacking Singapore PM website


 A 27 year old Singaporean has been charged for hacking into the Singapore Prime minister's website and deface it.

Mohammad Azhar bin Tahir, charged for modifying the contents of PM's website (www.pmo.gov.sg) on Nov 7, causing it to display a message with an Anonymous mask picture.

The hacker also faces nine other unrelated-charges which includes hacking into and changing the Wireless network password belong to a person Nadia Binte Ali Khan.

In fact, the Prime Minister's website is not actually hacked; the hacker just exploited the 'Reflected' XSS vulnerability and managed to display the defacement message.  It is non-persistent that means visitors of the site won't be able to see the defacement, only those who visit crafted-link.

Defacement exploiting Reflected XSS vulnerability

Azhar's 21-year-old brother, Mohammad Asyiq Tahir, also faces 6 charges under Computer Misuse and Cybersecurity Act. One was for hacking Ridhwan's ex-girlfriend's facebook account.

Last month, James Raj Arokiasamy who is said to be the Anonymous hacker with handle "The Messiah", charged for hacking into Ang Mo Kio Town Council website.

14 alleged RedHack and Anonymous hackers referred to court


A total of 14 alleged members of Turkish hacktivist RedHack and Anonymous hacktivists have been detained.

The Word Bulletin reports that suspects were referred to the Ankara Courthouse on Monday.  The operation is against the RedHack group which is being labeled as a criminal organization by Turkish Government.

The Ankara Police Department's Cyber Crime Units arrested alleged hackers from various locations including Ankara, Kahramanmaraş, Bursa, Mersin.

The suspects are accused of being part of hacking attacks against Government and individuals and disclosing confidential information.

However, the RedHack group says none of the arrested people are part of their group.

"All those arrested are not known to us. Every single one in our team is safe. Fascist gov't of Turkey continues it's scaremongering to + "The tweets posted by the hacker group reads.

"they are trying new tactics to cut the support to RedHack. But what they don't realise is that #RedHack have become the RedPeople Now"

*UPDATE: The suspects released by court 
14 Turkish people including one actor "Barış Atay" who are accused of being member of Redhack hacker group have been released by the Ankara Court, according to the Turkish local news report.

#OpTurkey - Fox Turkey & VodaSoft hacked by Anonymous

Anonymous hacktivists continue their cyberattack against Turkey.  Today, they have breached Fox turkey and Vodasoft Call Center Solutions websites.

The security breach is part of the ongoing operation "#OpTurkey" which was kicked off in response to the government's violent attempt to suppress Turkish protests.

Unfortunately, the Government fails to know the violence against protesters will get the attention of Internet activists.

Hackers leaked more than thousands data from the Fox Turkey website(fox.com.tr) which contain ip address, email ids and name : http://nopaste.me/paste/208744166651b10f0ba7d44

The Vodasoft's leak comprise of username, email address, name and password details :http://nopaste.me/paste/126630249651b1068f3ee4c

Recently hacktivists breached the Prime minister website, Ministry of Interior and more Turkey websites as part of the operation.

ANON_0x03 invade Argentina military website


The hacker group "ANON_0x03" affiliated with Anonymous hacktivists has invaded the website belong to Infantry branch of Argentina Army (infanteria.mil.ar).

The website has been defaced and notified in the zone-h mirror page by a hacker with the handle "voldem0rt".

Unlike other hackers, they didn't left any messages in the defacement.  They leaked the compromised database in the defacement instead.

The data leaked by Anon 0x03 includes email addresses, usernames, hashed passwords and other information.

We are still able to see the defacement page at the time of writing.  But the security breach was done 24 hours ago.

Mirror:
http://www.zone-h.org/mirror/id/19658987

They also leaked login credentials belong to few Peru government websites along with the link to login panel.

The Daily Star website hacked by Anonymous hacktivist


Anonymous Hacktivists hacked into The Daily Star website and upload articles with title "Anonymous Continues Struggle For Justice".

According to Daily Start News report, around one hour after admin removed the post, the hacker once again uploaded the same article with different title "Anonymous Steps It Up".

"Anonymous continued its bid for true democracy and freedom today, when they started on a new path to bring to an end the corruption and oppressive regimes of todays governments. In a call for a truely open society Anonymous has started to raise its public profile the world over," The hacker said in the defacement message.

"Anonymous is calling for media transparency on all sides, particularly to do with world-issues such as Iran/Israel and the USA/UK arms deals in the middle east. As with all arguments, there are two sides, and single sided reporting must stop. War criminals should be tried for their crimes and in the case of state sponsored terrorism, the public should be fully aware of the acts governments commit in order to fight their injustice."

United States Sentencing Commission(ussc.gov) hacked and defaced by Anonymous


Anonymous hacktivists breached the website belong to United States Sentencing Commission (ussc.gov) and defaced the site under the operation called "#opLastResort"

" Two weeks ago today, a line was crossed. Two weeks ago , Aaron Swartz was killed. Killed because he faced an impossible choice. Killed because he was forced into playing a game he could not win -- a twisted and distorted perversion of justice -- a game where the only winning move was not to play." The defacement message reads.

"With Aaron's death we can wait no longer. The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine. The time has come for them to feel the helplessness and fear that comes with being forced into a game where the odds are stacked against them."

The full defacement message can be found here:
http://pastebin.com/Fbx3k2pX


Few days back, Anonymous defaced a Massachusetts Institute of Technology(MIT) website to denounce the charges against him and urge computer crime law reform and more support for open access initiatives.

Aiplex India website taken down by Anonymous India

 Indian Anonymous hacktivists launched Distributed denial of service attack against Aiplex Software Pvt. Ltd.

Aiplex is a company based in Vijayanagar, Bangalore, India contracted by the MPAA to deliver copyright notices to websites that they deem violate copyright laws, and distributed denial-of-service attacks (DDoS) to said sites if they fail to remove the offending content.

"We just showed Aiplex India is no one to to deliver copyright notices to websites. " Anonymous said in the twitter.

Feds charge Anonymous spokesperson Barrett Brown for sharing link to stolen credit card data


Is it crime to share a link to data leaks? The Today indictment of Anonymous spokesperson shows sharing link to data leaks is crime.

Barrett Brown , the former spokesperson for the Anonymous hacktivist, has been charged of one count of trafficking stolen authentication features, one count of access device fraud, and ten counts of aggravated identity theft.

The charges are related to the Stratfor hack carried out by hacktivists at the end of 2011.

Brown isn’t charged with committing the stratfor hack but for posting links to file contains the 5,000 credit card details that were stolen in the incident.

" By transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders." The Feds says.

From the story, We can come to a conclusion that all Journalist who covers the hacking incident and links to data leaks are making crime.

At that time of stratfor hacking incident, links to the stolen credit card details were widely shared on twitter - are all the users who shared the links going to be rounded up and arrested, too?

Anonymous #AutumnStatement to the tax avoiding rich and corrupt politicians



The Anonymous hacktivists have hacked into a number of websites and defaced them with "Autumn statement" to the tax avoiding rich and corrupt politicians.

The list of hacked websites includes SABA Consulting(sabaconsulting.eu) ,Maxwells Spanish Holiday Villas (maxwellsvillas.com), EF Medispa (efmedispa.com), Arena Wealth(arenawealth.com)



"While the UK continues to demonise and punish the poor, the sick and the unemployed for the corruption of the financial and political systems, we would like to remind all of the British tax-avoiding Monaco dwellers, the super-rich and politicians that:

We are watching you.

You will be held accountable for your greed.

Expect Us." The defacement page reads.

At the time of writing , most of the sties still displays the defacement message. After few minutes, users are being redirected to The defaced page redirects to HM Revenue and Customs website(hmrc.gov.uk).



Once again, Kapil Sibal's official website hacked by Anonymous India

Indian Anonymous hacktivists

Once again, Indian Anonymous hacker group has breached the official website of India's Communication and Information Technology Minister Kapil Sibal(www.kapilsibalmp.com).

On August 2012, they break into the website and published a number of screenshots on the social media website Facebook to demonstrate that they gained access to the site’s backend.

Now, they have defaced the website and left the following message:

Kapil Sibal is the world’s biggest retard. Born with a below 60 IQ he thought he could mess with the Internet and let the elite of his party suppress freedom of speech. Although a retard, he somehow formed the rules in such a way, that everyone can censor everyone there by hiding behind everyone to be able to censor when really hurt him and his party. Confusing isnt?

The hack was announced via the Anonymous India twitter account @opindia_revenge. The hackers said they hacked the website because "He (Sibal) had used the words 'Victims of freedom of Expression'. He is hiding the fact that #66A is breaking the internet media."

Besides the hack of Minister website, they have also hacked into the official website of Government of Mizoram, India and defaced the site with a protest message.



Anonymous declares Cyberwar on Syrian government sites - Syrian Embassy in China under attack

anonymous hackers

The hacktivist group Anonymous has announced a cyber war against Syrian Government websites hosted outside the country.

"Today, at precisely 10:30 AM ET all Internet traffic into and out of Syria ceased. Within a half hour of this sudden shut down, the PBX land-lines were degraded by 90% and Mobile connectivity was degraded by 75%. The nation of Syria has gone dark. And Anonymous knows all to well what happens in the dark places." Hacker said in the press release.

"When your government shuts down the Internet, shut down your government." ~ Anonymous Egypt.

" Beginning at 9:00 PM ET USA Anonymous will begin removing from the Internet all web assets belonging to the Assad regime that are NOT hosted in Syria. We will begin with the websites and servers belonging to ALL Syrian Embassies abroad" Hacker said.

The hacker collective has launched distributed denial of service (DDOS) attack against the  website of the Syrian Embassy of in China(syria.org.cn).

They also hacked and defaced the Syrian Embassy website in Belgium (syrianembassy.be)

*Update* As part of the operation, Anonymous Australia has defaced the Industrial Bank of Syria (industrialbank.gov.sy) and left a message: "Sorry admin but your page was taked by us - Because from Latin America, we are sad seeing destroyed between brother countries. - Please governments."

The press release can be found here:
http://www.anonpaste.me/anonpaste2/index.php?bb2a5f5ea4d78406#Kmh9zezlxKa3262RPC6TtgFwc5Vn2Ur+NEtOud0Q0bo=