Search This Blog

Showing posts with label Cyber Hacking. Show all posts

iPhone hacking sites were also after Android, Windows users


Those hackers Google’s researchers sussed out earlier this week apparently went after more than just iPhone users. Microsoft’s operating system along with Google’s own were also targeted, according to Forbes, in what some reports are calling a possibly state-backed effort to spy on the Uighur ethnic group in China.

Google’s Threat Analysis Group was the first to discover the scheme earlier this year (news of the campaign was first disclosed Thursday). It involved a small group of websites aiming to infect visitors’ devices to gain access to their private information, including live location data and encrypted information on apps like on WhatsApp, iMessage, and Telegram. These websites were up for two years, during which thousands of visitors purportedly accessed them each week.

In February, Google notified Apple of 14 vulnerabilities the site’s malware exploited, which the company fixed within days with iOS 12.1.4. Apple disclosed in that update that the flaws, referred to as “memory corruption” issues, were fixed with “improved input validation.” The company hasn’t publicly addressed Google’s account of the hack since the news broke earlier this week.

While the Google team only reported iPhone users being targeted by this attack, sources familiar with the matter told Forbes that devices using Google and Microsoft operating systems were also targeted by these same sites. Thus widening the potential scale of an already unprecedented attack.

Whether Google found or shared evidence of this is unclear, as is whether the attackers used the same method of attack as they did with iPhone users, which involved attempting to sneak malicious code onto users’ phones upon their visit to the infected websites. When asked about these reported developments, a Google spokesperson said the company had no new information to disclose. We also reached out to Microsoft and will update this article with their statements.

Secure your Home Server from being used as a Hacking Server by Crooks


SSH also referred to as Secure Shell, is a cryptographic network protocol which secures remote login from one computer to another. It is employed by almost all the Linux sysadmins and although Windows users are more acquainted with Remote Desktop Protocol (RDP), many of Window sysadmins also use SSH instead of RDP, the reason being its Raw power.

RDP provides full graphical remote control of a Windows computer to its users along with access to the regular Windows desktop through keyboard and mouse, whereas SSH, which is comparatively more genric, allows user to run almost every program remotely which further lets him administer the system automatically from a distance through pre-written scripts or by entering commands live, it also allows user to do both simultaneously.

Resultantly, cybercriminals who somehow can get access to a user's SSH password can also access his system, if not the entire network.

Network tunneling is another feature provided by SSH, wherein, users build an encrypted network connection between multiple computers, they start from one computer to another and extends that connection to a third system to carry out the online work.

SSH server also acts as a special-purpose VPN or encrypting proxy when it allows users to redirect network traffic when they are on the go.

Therefore, criminals who have access to any user's SSH password can use his server as the basis for his future attacks and the victims would be blaming the owner of the server.

Now, unfortunately, people have an SSH server at their home even if they don't realize it as home routers have a pre-configured SSH server which is placed for administrative reasons.

While hacking, cybercriminals do not differentiate between the SSH servers manages by users themselves and those managed by their ISP's, they go on exploiting regardless, as these servers can potentially allow them to breach data and make a profit via reselling it.

Users are advised to take the time to understand and get familiar with their router's configuration settings, in the cases where it is not managed by ISP. Furthermore, turn off all the features you don't require and also the ones you are not certain about. Lastly, ensure that you are using the latest version.




SystemBC: Another Malware On The Dark Web!




A fresh malware that’s being duly advertised on the dark web is SystemBC, which installs SOCKS5 proxies on the infected systems and sends through another malware.

The malware is being advertised since April and it made its first appearance in May, as the sources cite.

Per sources, it’s being distributed as a part of Fallout and RIG exploit kits which are web-oriented systems that make use of browser-based vulnerabilities to install malware.

To mislead the users into installing the malware the above-mentioned exploits also send through malicious web-pages.

Formerly an unauthenticated malware, SystemBC is majorly a demand-based proxy component for malware operators.

It can be deployed on compromised systems to shroud the malicious traffic and other malicious activities within a system.

According to researchers the malware’s main gig is to generate a SOCKS5 proxy server so that another malware could be pushed through to “bypass the local firewalls” and “internet content filters”.

Researchers vehemently advise users to patch their systems and not use older systems that use plugins that are  vulnerable to attacks as this malware is pretty difficult to detect.

Forensic services firm pays ransom after cyber-attack

The UK's biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.

Eurofins Scientific was infected with a ransomware computer virus a month ago, which led British police to suspend work with the global testing company.

At the time, the firm described the attack as "highly sophisticated".

BBC News has not been told how much money was involved in the ransom payment or when it was paid.

The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

The agency, which is investigating the attack, said: "As there is an ongoing criminal investigation, it would be inappropriate to comment."

Eurofins previously said the attack was "well-resourced" but three weeks later said its operations were "returning to normal".

Cyber-attack hits police forensic work

It said it would also not comment on whether a ransom had been paid or not.

It added it was "collaborating with law enforcement" in the UK and elsewhere.

The ransomware attack hit the company, which accounts for over half of forensic science provision in the UK, on the first weekend in June.

Ransomware is a computer virus that prevents users from accessing their system or personal files. Messages sent by the perpetrators demand a payment in order to unlock the frozen accounts.

Eurofins deals with over 70,000 criminal cases in the UK each year.

It carries out DNA testing, toxicology analysis, firearms testing and computer forensics for police forces across the UK.

Forensic science work has been carried out by private firms and police laboratories in England and Wales since the closure of the government's Forensic Science Service in 2012.

'Court hearings postponed'

An emergency police response to the cyber-attack was led by the National Police Chiefs' Council (NPCC) to manage the flow of forensic submissions so DNA and blood samples which needed urgent testing were sent to other suppliers.

Fake Businesses On Google Maps; WSJ Outs The List!




Per Wall Street Journal’s latest report, Google Maps is brimming with scam campaigns imitating to be genuine businesses enterprises.


As of now there has been a listing approximately of 11 Million fake businesses on Google Maps and reportedly new numbers and addresses get added every month.

Motives behind Fake Listings
·       Creating fake profiles for competitors
·       Listing wrong phone numbers and addresses for rivals
·       Impersonating legitimate businesses to lure customers in
There have been several cases in one of which a woman was swindled off by a fake company contractor by doing a terrible job and charging twice.


The identified fake listings were in turn taken down by Google in addition to adding better safeguards for the “high-risk” categories in its business listings.

Allegedly, contractors and repair services are the most common fake business up there as customers hardly take any time to dig deep into their profiles.

Last year Google had to take down over 3 million fake business accounts and disable over 150,000 profiles which were used to make them.

Over 85% of the eradicated were flagged by Google’s internal systems and over 250,000 fake accounts were reported by the consumers.

Google very well understands how important it is for the users and how deep the need runs to make it as safe as possible because people will always try to create obstructions and hence it’s committed to it.

Creating a listing on Google Maps is sort of easy. Businesses could verify their listings’ address and phone number via SMS, a phone call or even their listed location.

Google My Business is currently home to around 150 million business enterprises probably owing to the ease of joining.

Big Bug Bounty Hunts by Cyber Giants Fetch Ethical Hackers Millions!





As a part of being more aware and secure in terms of cyber-crime and to stay clear off any possible hazards that may or may not come their way, organizations have started paying up millions to those people who find bugs in their systems.


Recently, a concerned cyber-space user received a message that allegedly said, “Hey, we’ve got some money for you. Do you want it?”

This message had come from Yahoo in response to a bug that the person had sent to the organization. As of now this bug-sending business has paid up a profit of $1.5m.

Yahoo like many companies pays up to people who find bugs and loopholes for them that could be potentially exploited by hackers or cyber-cons.

These ethical hackers sign-up with organizations like Bug Crowd, Synack, Hacker One etc. who conduct bug bounty programs on behalf of other organizations.

 To participate in this, a person need not even have a profound knowledge of coding and other technical skills cited the aforementioned user.

However, he had always been a part of the security industry where he learned deeply about the protocols regarding the swapping of data.

Nevertheless, there is a substantially enormous difference between the way professionals work on cyber issues and the way beginners do.




It’s been long since people actually felt inclined towards working in the cyber security industry even if they weren’t getting paid much.

Earlier and even now to some remote extent there exists an underlying need for more professionally oriented skillful hands in the cyber-security industry.

Many countries have government funded educational schemes for school kids to help them have a sense of the cyber-security.

With 25,000 school children as their intake UK’s scheme, Cyber Discovery had a fabulous first year. It’s an initiative to let kids know that the daily work of pros is fun.

Participants get points when they complete each section and the top performers get to attend residential courses that help them get better.

The big bug bounty hunts could be a great way to attract the attention of young minds and help them get a taste of what defeating bad guys feels like.

Anyone who wished to enter in the big bug bounties should contemplate the fact that it requires a lot more than sheer luck to work as an actual cyber-security guy.

“Also, companies should have their own set of defenses set against the cyber cons rather than letting the bounty hunters know what the inner situation is.”, said a source.

Nonetheless, it should always be more about being a concerned citizen, trying to solve problems, and make a better and safe cyber-world.

Your Profile Up For Sale Somewhere On The Dreadful Dark Web For Rs. 140/day?





After hacking feats, cyber cons have stooped to selling hacked profiles on the dreadful dark web for a minimal cost of Rs. 140/day.


What’s even more unsettling is the fact that organizations, market researchers and people looking for business related data could also be behind this profile marketing.

The corner of the “dreadful dark web” where these profiles are available is not accessible via regular browsers.

By way of tools like “Tor” which is an open source software that aids anonymous communication and access to a whole new world of stolen passwords, data and profiles.

According to researchers, other than cyber attackers the people tracking the consumer behavior are after free access to video streaming sites that have already been paid for by the victim.

It’s super disconcerting the way rival companies are buying profiles to get "Intel" on their competitors consumer base, sensitive data and even tracking key executives.

These hacking goons are working in groups where one sells encrypted data and the other quite conveniently decrypts all for dear money.

Then there’s a third group which stores a list of the decrypted passwords into a central server which provides data sets from these breaches.

WARNING! If you happen to use a single password or even passwords that are a teensy bit different for more than one log in sites and multiple websites you are in serious trouble.

Reportedly, the hackers have collected over 8000 databases from small websites singly. It’s only up to the imagination what kind would have been from major sites.

On the dark sites, the data is being sold in packages ranging from a minimal Rs.140 ($2) to a staggering Rs.4900 ($70).

Payment methods of Crypto-currencies like Bitcoin, Litecoin, Dash, Ripple, Zcash and Ethereum are all available to the users’ comfort.

If several passwords are bought from the website a profile could be fabricated within minutes, because quite foolishly users have the same passwords for multiple sites.

This makes the user’s behaviour extremely predictable and it becomes easy for the buyers to track the victim’s activities all over the internet.

The people who spend more time on the internet are more susceptible to such hazards because they are easier to track.

A normal user’s passwords are available for as little as a rupee but then the hot shot public figures like politicians’ or actors’ passwords’ cost ranges from Rs.500- Rs.2500/password.

QUICK TIP!
·       Try not to use common, mainstream passwords that are only easily hack-able and guess-able.

·       Especially after a company experiences a breach or a hacking feat they should make their security stronger.

·       The systems should be made more accountable than ever.

No company has faced any adversities as of yet due to this profile marketing freak-show.





Legitimate Apps That Could Be Exploited To Bypass The Windows Defender: Microsoft’s List



Microsoft recently, published a conspicuous list of application that are legitimate and yet could be exploited by hackers to bypass the Windows defender.


These hackers try to slide into the organizations’ networks and infect them via bypassing the security imparted by the defender.

The hackers usually make use of off-the-land attack tactics where they use the victim’s operating system features or authentic network administration tools to compromise the networks.

The major motive of this project was to comprehend the binaries that were being misused by the attacker.

·       LOLBins- Living Off The Land Binaries
·       LOLScripts- Living Off The Land Scripts
·       LOLLibs- Living Off The Land Libraries
·       GTFOBins- Unix Platform Binaries

The only point of fusing the legitimate app is to stay undetected in order to bypass the security measures of the network.

The LOTL tools are just a way to be as stealthy as possible as be as malignant as possible without even being easily caught.

The following applications are in the list that Microsoft published and recommend to do away with if not in use:
·       addinprocess.exe
·       addinprocess32.exe
·       addinutil.exe
·       bash.exe
·       bginfo.exe[1]
·       cdb.exe
·       csi.exe
·       dbghost.exe
·       dbgsvc.exe
·       dnx.exe
·       fsi.exe
·       fsiAnyCpu.exe
·       kd.exe
·       ntkd.exe
·       lxssmanager.dll
·       msbuild.exe[2]
·       mshta.exe
·       ntsd.exe
·       rcsi.exe
·       system.management.automation.dll
·       windbg.exe
·       wmic.exe

Along with the published list Microsoft has also highly recommended the users to download latest security updates.

In addition it has also provided the “deny file rules” for all apps.

Lateral movement and defense evasion happen to be the mostly used ways to exploit the authentic applications.

Is making hacking unprofitable the key to cyber-security?

Billions are being lost to cyber-crime each year, and the problem seems to be getting worse. So could we ever create unhackable computers beyond the reach of criminals and spies? Israeli researchers are coming up with some interesting solutions.

The key to stopping the hackers, explains Neatsun Ziv, vice president of cyber-security products at Tel Aviv-based Check Point Security Technologies, is to make hacking unprofitable.

"We're currently tracking 150 hacking groups a week, and they're making $100,000 a week each," he tells the BBC.

"If we raise the bar, they lose money. They don't want to lose money."

This means making it difficult enough for hackers to break in that they choose easier targets.

And this has been the main principle governing the cyber-security industry ever since it was invented - surrounding businesses with enough armour plating to make it too time-consuming for hackers to drill through. The rhinoceros approach, you might call it.

But some think the industry needs to be less rhinoceros and more chameleon, camouflaging itself against attack.

"We need to bring prevention back into the game," says Yuval Danieli, vice president of customer services at Israeli cyber-security firm Morphisec.

"Most of the world is busy with detection and remediation - threat hunting - instead of preventing the cyber-attack before it occurs."

Morphisec - born out of research done at Ben-Gurion University - has developed what it calls "moving target security". It's a way of scrambling the names, locations and references of each file and software application in a computer's memory to make it harder for malware to get its teeth stuck in to your system.

The mutation occurs each time the computer is turned on so the system is never configured the same way twice. The firm's tech is used to protect the London Stock Exchange and Japanese industrial robotics firm Yaskawa, as well as bank and hotel chains.

USA: Leading Servers Of Greenville Were Shutdown Owing It To A Ransomware Attack!



In the state of South Carolina, a city by the name of Greenville was attacked by a ransomware which blacked-out majority its servers.


The source of the ransomware and the infection is being conjectured upon by the help of the city staff and IT professionals.

As a basic ransomware works the organizations affected were asked for money. The IT team is working on getting the operation back online

The only servers that were separate and went unaffected were of the Greenville Utilities Commission and that of the emergency for and police department.

The infection first surfaced on the server of the Greenville Police Department. The IT division was immediately contacted and as result the servers were shutdown.

The shutdown hasn’t affected many of the operations and functions, just that the way things go about needed some adjusting.

Thanks to people not being too dependent on computers not much has been affected in the city except for people willing to do payments would need to do so in cash.

After CIRA’s free parking accident and the shutdown of Norsk Hydro, it’s evident that ransomware is an emerging hazard to cyber-security.