Hackers Stole $31 Million From Russia’s Central Bank

Russia’s central bank suffered a major cyberattack that made it possible for hackers to steal no less than 2 billion rubles, which is approximately $31 million, according to reports.

The Bank of Russia has already confirmed the attack and said that it’s investigating, but no other details as to who might be behind the hack were provided.

Central bank official Artyom Sychyov said in a public briefing that hackers previously wanted to steal approximately 5 million rubles, but the bank’s security team managed to partly block the attack and reduce damages to 2 million rubles.

“We were lucky to return some of the money,” a central bank spokesperson was quoted as saying by CNN, adding that some of the funds were quickly redirected after hackers launched the attack.

It appears that cybercriminals targeted not only the central bank, but also private banks and customers, attempting to transfer funds, but it’s not yet clear if these attacks were successful or not.

Since very little is known about the hack against Russia’s central bank, experts believe that the attack can be linked to similar attempts launched in the last couple of years and targeting other banks across the world.

Only this year, a group of hackers managed to steal no less than $101 million from the central bank in Bangladesh after they managed to break into SWIFT, which is the worldwide interbank communication network that controls transactions. Just like it happened in Russia’s case, hackers attempted to steal more money – $951 million, but they were blocked before the transactions completed.

Russia’s Federal Security Service (also known as FSB), has already warned of attacks that might be aimed at local banks, revealing that it discovered computer servers in the Netherlands that were set up to compromise the country’s financial system and help steal money.

Russian authorities, however, haven’t provided details regarding the hacking group behind the attack or the date when it occurred.

India – 22 Year Old Indian Hacks PM Narendra Modi’s App

According to a report by Your Story, a 22 year-old hacker Javed Khatri claimed that he was able to hack PM Narendra Modi app which is separate from the official app and is available on Android, iOS and Windows.

Javed Khatri in an email to Your Story, said, “I am able to access private data of any user on the app. The data includes phone number, email, name, location, interests, last seen etc.”

“I successfully managed to extract the personal phone numbers and email ids of ministers like Smriti Irani. Not only that, I can make any user on the platform follow any other user on the platform,” he added.

“This is just the summary of this huge security loophole which I want to report. The privacy of more than seven million users is at stake if this gets ignored.” he said

The 22 year old has no intention to misuse the data and just wanted to demonstrate how poor the security of the app is as it was easy for him to hack the app, he told the site.

He has also shared a couple of screenshots to prove the legitimacy of his hack. The screenshots show personal data of Dr Jitendra Singh, Minister of State for the Ministry of Development of North Eastern Region, the data was accessed via Narendra Modi app.

Hackers Breached Twitter Accounts Of Netflix, Marvel

The hacker group OurMine has targeted Netflix Twitter account.

The group compromised the streaming service’s Twitter feed on Wednesday, sending a string of tweets saying it was testing security.

Initially, it appeared Netflix had resolved the issue, but tweets from OurMine appeared to continue streaming onto their Twitter account. As of publishing, the tweets have been removed.

The group also targeted several Twitter accounts tied to Marvel Entertainment, including official accounts for The Avengers, Thor and Guardians of the Galaxy.

“Hey, it’s OurMine,” reads the message. “Don’t worry we are just testing your security, contact us to help you with your security.”

This isn’t the first account targeted by OurMine, which often posts notes about testing security and promoting its services. Among its other targets: Facebook CEO Mark Zuckerberg, Uber CEO Travis Kalanick, and Spotify CEO Daniel Ek.

Pakistani Hackers Hacked Bangladesh Google Domain

Earlier today, Pakistani hackers from Pak Cyber Attackers have targeted Google Bangladesh domain and shown the deface page on www.google.co.bd domain .

A hacker called Faisal Leet have hacked into the domain registry of Bangladesh Telecommunications Company Ltd (BTCL), from where Google country domain was also registered. Hackers have modified the DNS records of Google Bangladesh and redirects all users to deface page. This technique is also know as DNS poisoning.

HackRead reports that the hacking group behind this takeover is generally known for breaching high profile Indian government and law enforcement websites. This is the first time the group has targeted a Bangladesh domain.

The Internet users in Bangladesh were shocked when they witnessed their search engine giant’s domain displaying “Pakistan Zindabad” (Long live Pakistan) slogan. Confused with the situation, users took it to Twitter to get the clear picture of what’s going on.

"OMG! https://t.co/E8gmKTnYuQ (#Google #Bangladesh) has been hacked. :O #Googlehacked pic.twitter.com/wcjvYcabhX"

— Hasibul Kabir (@hkhasib) December 20, 2016

On this issue Google had quickly redirects its users to its main international .com domain i.e. www.google.com.

This is not the first time that hackers have targeted Google domain. Earlier also Pakistani hacker called LEET have hacked numbers of Google countries domain. Not only Google, he had also targeted other high profiled sites including Microsoft, Yahoo, Bing, AOL, and many Indian NIC servers.

Thailand Government Websites Down After Controversy Over Cyber Law

Government websites were down yesterday in Thailand after hackers launched a campaign of attacks following controversial changes to the Computer Crime Law. The sites hit included Government House, Office of the PM, and the Royal Gazette website. It was not confirmed if the failure of these sites, which were offline yesterday, was the result of attacks or a defensive measure by the government.

Earlier, Major-General Ritthi Intarawut, director of the Army’s cyber centre, warned state agencies to prepare for cyber attacks by hackers angry over changes to the Computer Crime Act, advising them to step up security or even shut down systems temporarily.

Related UK teen has pleaded guilty to selling DDoS tools on the Dark Web Government agencies, previously targeted by hackers upset by changes to the law, were also advised to keep a close watch on system gateways, and place tight restrictions on firewalls in preparation for possible attacks.

The warning came after a group of Internet users known as “Opponents of the Single Gateway” threatened to attack government websites and wipe out all data today if the government did not respond to its demand for the amendment to be scrapped.

The law sparked major controversy, with nearly 400,000 Internet users signing an online petition at Change.org calling for the National Legislative Assembly (NLA) to withhold approval of the changes over fears they would hit online freedom and privacy.

After the NLA passed amend ments last Friday, netizens staged protests online and offline. — The Nation/Asian News Network

Source: thestar.com

India – Experts Advise “Change your passwords more often”

The hacking group called Legion now poses the biggest threat in the cyber space. It has recently hack into several servers, including that of the Apollo Hospitals, and releasing thousands of confidential mails. In fact, it has also hacked the twitter accounts of Congress vice-president Rahul Gandhi, liquor baron Vijay Mallya and ex-IPL commissioner Lalit Modi. Against this backdrop, and given the thrust of the State and Central governments on cashless transactions, the obvious question on everyone’s mind is –

Is it safe?

Unfortunately, the answer from experts is No.

India is not yet ready to be a cashless economy as it has to first master the relevant technology to counter the threats and challenges posed by cyber criminals, opined experts at the National Conference on Mapping India’s National Security Challenges, organised by the Center for Human and Security Studies here on Tuesday.

According to Cyber expert, Ram Mohan, from the CID, explained that banking servers in India are not safe enough. “Even free WiFi zones are strictly not advisable. All the protocols of WiFi zones are compromised and available on internet and hence, easy to hack,” he pointed out.

Ram Mohan also noted that skimming is unavoidable as it is happening at the merchant level in markets. What is the way out then? Keep changing passwords and pin numbers to avoid cyber threats, he suggested. Preferably, the passwords should be a mix of letters and numbers. Director of eSF Labs A Anil, who also attended a session on cyber security, explained how hackers operate and why they hack in the first place. According to him, the ongoing transformation into cashless society using e-PoS machines is a risky proposition.

Cain and Abel – An amazing Tool for Hackers

Cain and Abel is an amazing tool that is specifically designed for network administrators and penetration testers to recover various kinds of passwords. It allows easy recovery of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Crypt analysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

This program also contains a lot of features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this program can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. It also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders, and some not so common utilities related to network and system security.

Here is the link to download Cain and Abel.

Cain & Abel Features:

> Protected Storage Password Manager
> LSA Secrets Dumper
> Service Manager
> Route Table Manager
> SID Scanner
> Sniffer
> Full RDP sessions sniffer for APR
> Full HTTPS sessions sniffer for APR
> Full POP3S sessions sniffer for APR
> Full LDAPS sessions sniffer for APR
> MAC Address Scanner with OUI fingerprint
> Wireless Scanner
> 802.11 Capture Files Decoder
> Access (9x/2000/XP) Database Passwords Decoder
> Base64 Password Decoder
> Cisco Type-7 Password Decoder
> Cisco VPN Client Password Decoder
> RSA SecurID Token Calculator
> TCP/UDP Table Viewer
> Cisco Config Downloader/Uploader (SNMP/TFTP)
> Wireless Zero Configuration Password Dumper
> MSCACHE Hashes Dumper
> Microsoft SQL Server 2000 Password Extractor
> VNC Password Decoder
> Credential Manager Password Decoder
> Dialup Password Decoder
> APR (ARP Poison Routing)
> Network Enumerator
> Remote Registry
> Routing Protocol Monitors
> Full SSH-1 sessions sniffer for APR
> Full FTPS sessions sniffer for APR
> Full IMAPS sessions sniffer for APR
> Certificates Collector
> Promiscuous-mode Scanner
> PWL Cached Password Decoder
> Password Crackers
> Cryptanalysis attacks
> WEP Cracker
> Rainbowcrack-online client
> Enterprise Manager Password Decoder
> Hash Calculator
> TCP/UDP/ICMP Traceroute
> Box Revealer
> Remote Desktop Password Decoder
> MySQL Password Extractor
> Oracle Password Extractor
> Syskey Decoder

More Than 8,800 WordPress Plugins Have Flaws

Web application security firm RIPS Technologies researchers have recently analysed 44,70 WordPress Plugins out of the 48,000 Plugins present in the official WordPress plugins directory. They found that 8,800 of these Plugins have at least one vulnerability in them.

HOW THEY ANALYSED

First, the researchers downloaded all the plugins and then used a static code analyser to find the ones that have at least one PHP file. An analysis of the size of these plugins showed that roughly 14,000 of them have only 2-5 files and only 10,500 of them have more than 500 lines of code.

Researchers determined that of the plugins with more than 500 lines of code, which have been classified as “larger plugins,” 4,559, or 43 percent of the total, contain at least one medium severity issue (e.g. cross-site scripting).

RIPS’s analysis showed that nearly 36,000 of the plugins did not have any vulnerabilities and 1,426 had only low severity flaws. Medium severity bugs have been identified in more than 4,600 plugins, while high and critical security holes have been found in 2,799 and 41 plugins, respectively.

Between January and December 2016, a honeypot operated by RIPS captured more than 200 attacks targeting WordPress plugins, including 69 against Revolution Slider, 46 against Beauty & Clean Theme, 41 against MiwoFTP and 33 against Simple Backup. These attacks involved easy-to-exploit vulnerabilities that were known and well documented.

RIPS pointed out that they may not have found all the vulnerabilities affecting the plugins they analysed, and it’s uncertain if the flaws they identified are exploitable.

FBI Agrees With CIA That Russia Hacked USA Election To Win Trump

Recently CIA released a report saying that it concluded Russia helped cyber attacks in an effort to disrupt the US’s presidential election and to win Donald Trump.

Citing an internal CIA memo, the Washington Post reports that FBI director James Comey has endorsed the CIA’s assessment, along with Director of National Intelligence James Clapper, meaning the US’s three main intelligence agencies are now in agreement. The memo, from CIA Director John Brennan, read as follows:

"Earlier this week, I met separately with (Director) FBI James Comey and DNI Jim Clapper, and there is strong consensus among us on the scope, nature, and intent of Russian interference in our presidential election."

"The three of us also agree that our organizations, along with others, need to focus on completing the thorough review of this issue that has been directed by President Obama and which is being led by the DNI."

The CIA’s investigation found that Russian government hackers had a clear goal of helping Trump win the election. These cyber attacks weren’t attempts to tamper with election results, but rather the hackers stole data from both the Republican National Committee and Democratic National Committee, but only the latter’s was made public.

The full details of the CIA’s report are of course classified, but when it first made news, some Republican lawmakers tried to argue that the FBI wouldn’t necessarily agree with the assessment. Trump, meanwhile, continues to spout that his election had nothing to do with Russian involvement.

Source: Washington

Researcher Found Zero-Day in Linux That Impacts Ubuntu and Fedora

Researcher Reveals 0-Day Linux Exploit Leveraging SNES

Security researcher Chris Evans this week made public a full 0-day drive-by download exploit impacting Ubuntu and Fedora and possibly other current Linux distributions as well.

The full 0-day drive-by exploit was tested to work on Fedora 25 + Google Chrome and Ubuntu 16.04 LTS and relies on breaking out of Super Nintendo Entertainment System (SNES) emulation via subtle cascading side effects from an emulation error.

The issue, Evans says, lies within the Sony SPC700 emulated processor and abuses cascading subtle side effects of an emulation misstep. This is possible because the Linux GStreamer media playback framework offers support for the playback of SNES music files by emulating the SNES CPU and audio processor.

The library that makes all this possible is Game_Music_Emu, which works in C and C++ and is very easy to use.

The core emulation logic of the faulty Sony SPC700 processor contains at least two vulnerabilities: a missing X register value clamp for the MOV (X)+,An instruction; and a missing SP register value clamp for the RET1 instruction. By cascading the first vulnerability, the Evans managed to achieve reliable exploitation, with all of the technical details published on his blog.

For the exploit to work and the drive-by to be successful, the user has to visit a malicious webpage, where audio files encoded in the SPC music format but saved with the .flac and .mp3 extensions are located.

The files can be used to load and run the attacker’s code with the same privileges as those of the current user. Depending on the privileges the user has, the exploit could result in the theft of personal data, including photos, videos, or documents, as well as data stored in the browser.

To offer a glimpse of the exploit, the security researcher also published two videos, showing the vulnerability being leveraged in both Fedora 25 and Ubuntu 16.04 LTS. Evans also made available the files needed to test the exploit and decided to offer a glimpse at different exploitation contexts in the second clip, although the same exploit file is used for all of them.

“The strong reliability of this exploit makes it work inside Fedora’s tracker-extract process, which has highly variable heap state,” the researcher says.

1 Billion Yahoo users are being sold for 300000$ on the internet

Recently Yahoo was hit by the Hackers and lead to the leakage of 1 Billion accounts which is said to be the largest database breach that was ever made in the history of Hacking of any company ever.

There is a new development in the Breach that the hacker sold the info in the dark web for 300,000$ according to the Andrew Komarov, CIO at Security firm InfoArmor.

It came to light that 3 different buyers, including two most known spammers, believed to be in this deal.

It is known that a company based in eastern Europe does not know whether the database is sold or being used for their own cause.

We can see that the database is still up for sale, but the price has fallen down significantly because Yahoo became public to the News.

The database consists of Full Names, Passwords, DOB and Phone Numbers of the user’s interested buyers may buy the database for 20000$ dollars as of now in the Dark Web.

Komarov also said his company obtained a copy of the Yahoo database earlier this year and got in touch with the law enforcement authorities in the United States and other countries in the European Union, Canada, and Australia.

He also stated the following

“Personal information and contacts, e-mail messages, objects of interest, calendars and travel plans are key elements for intelligence-gathering in the right hands,” Komarov was quoted as saying.

“The difference of Yahoo hack between any other hack is in that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge.”

Yahoo users are strongly recommended to reset their passwords and invalidate and remove the security questions from all the websites if they have been used anywhere.

If you are using the same password and email anywhere please change them immediately.

Stolen Details of 1 Billion Yahoo Accounts is on Sale for $300,000

​Yahoo acknowledged yesterday that hackers breached its systems and stole approximately 1 billion accounts, and now it turns out that the full database is available for purchase online.

The NYT writes that the 1 billion accounts that were stolen from Yahoo were sold on the Dark Web in August for $300,000 and what’s worse is that there were three different buyers who agreed to pay the price to gain control of the database.

Andrew Komarov, chief intelligence office at security firm InfoArmor, said two of the buyers were “prominent spammers,” while the third is believed to be involved in espionage attacks and might be planning to use the 1 billion accounts for similar tactics.

The price of the database, however, is believed to have dropped substantially after the story went public and Yahoo triggered a password reset, so interested buyers might have to pay only $20,000 for the full database.

It’s believed that the hacker group that breached Yahoo is based in Eastern Europe, but the company said it still doesn’t know if this is accurate or not. The firm, however, confirmed that the stolen information included names, passwords, phone numbers, security questions and answers, which obviously creates additional risks in case the same credentials were used on other websites.

And this doesn’t stop here. According to the same report, the accounts included approximately 150,000 US government and military employees, which means that their data is now available on the Dark Web. It goes without saying that officials from other countries are very likely to be among those whose accounts got hacked.

Top 3 Forensic Tools For Linux Users

Computer forensics and evidence management are the most important topic and very important aspect when we talk about computer crimes. Ethical hacking and intrusion management used to protect the system, but if the incident happened, then you need to investigate it. Here computer forensic comes. We have also created a free computer forensics training course for everyone to get the basic understanding of the process, methodology and tools used while conducting a digital investigation.
Anyway, in this story, you will find the basic introduction of the top 3 forensic tools.

The Sleuthkit & Autopsy

www.sleuthkit.org

The Sleuthkit is a free open source suite of forensic utilities that has a GUI called Autopsy. This tool suite has strong support for Linux file systems and can be used to examine the full details of inodes and other data structures. The Sleuthkit has a plugin framework that supports automated processing. The Autopsy GUI for The Sleuthkit is shown here with a Linux file system:

Digital Forensics Framework

www.digital-forensic.org/

DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).

 >  Preserve digital chain of custody: Software write blocker, cryptographic hash calculation
 >  Access to local and remote devices: Disk drives, removable devices, remote file systems
 >  Virtual machine disk reconstruction: VMware (VMDK) compatible
 >  Read standard digital forensics file formats: Raw, Encase EWF, AFF 3 file formats
 >  Windows and Linux OS forensics: Registry, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file           systems
 >  Quickly triage and search for (meta-)data: Regular expressions, dictionaries, content search, tags,        time-line
 >  Recover is hidden and deleted artefacts: Deleted files/folders, unallocated spaces, carving
 >  Volatile memory forensics: Processes, local files, binary extraction, network connections

SMART for Linux

www.asrdata.com

SMART is a software utility that has been designed and optimized to support data forensic practitioners and Information Security personnel in pursuit of their respective duties and goals.

SMART is more than a stand-alone data forensic program. The features of SMART allow it to be used in many scenarios, including:

 > “Knock-and-talk” inquiries and investigations
 >  on-site or remote preview of a target system
 >  post-mortem analysis of a dead system
 >  testing and verification of other forensic programs
 >  conversion of proprietary “evidence file” formats
 >  baselining of a system

Hackers To Launch Cyber Attacks Against Ukrainian Banks

“Security company ESET reveals that it discovered a new group called TeleBots whose modus operandi is very similar to the one of BlackEnergy. TeleBots are primarily targeting Ukrainian banks, the firm says, and use spear-phishing emails that include malicious Excel documents to infect computers,” according to Softpedia reports.

Systems are infected with malwares which is very similar to the Trojan used by BlackEnergy in its previous attacks against Ukraine.

Attackers also deploy KillDisk, which is a destructive malware that renders the operating system unbootable and which is once again similar to the one used against power grid companies in Ukraine.
Once it infects a system, KillDisk deletes all system files and registers itself as a service, changing the boot screen with a picture from Mr. Robot TV show.

Currently it’s not sure how many of these attacks were successful, but Russian hackers are again believed to be behind the group, just like it happened before when the Ukrainian power grid was taken offline.

A leader's job is to look into the future and see the organization not as it is, but as it can become.

BlackEnergy Hackers Are Now Attacking Banks

BlackEnergy hackers, who managed to successfully compromise the Ukrainian energy system and cut off the light at several local utilities, are likely behind a new series of cyberattacks targeting banks.

Security company ESET reveals that it discovered a new group called TeleBots whose modus operandi is very similar to the one of BlackEnergy. TeleBots are primarily targeting Ukrainian banks, the firm says, and use spear-phishing emails that include malicious Excel documents to infect computers.

The Excel documents come with macros that automatically download malware on the target machines when executed, and allows the attackers to further infect systems, infiltrate into the whole network, steal documents and passwords, and extract pretty much any information they want from the computers.

“The main purpose of the macro is to drop a malicious binary using the explorer.exe filename and then to execute it. The dropped binary belongs to a trojan downloader family, its main purpose being to download and execute another piece of malware. This trojan downloader is written in the Rust programming language,” ESET explains.

Systems are infected with a backdoor flagged as Python/TeleBot.AA and which is very similar to the Trojan used by BlackEnergy in its previous attacks against Ukraine.

Eventually, attackers also deploy KillDisk, which is a destructive malware that renders the operating system unbootable and which is once again similar to the one used against power grid companies in Ukraine.

Once it infects a system, KillDisk deletes system files and registers itself as a service, changing the boot screen with a picture from Mr. Robot TV show.

“Interestingly, the KillDisk malware does not store this picture anywhere: rather it has code that draws this picture in real-time using the Windows GDI. It looks like attackers put a lot of effort just to make the code that draws this picture,” ESET points out.

A New Tordow Malware on Android can Root your devices

The devices which are running android Operating System are affected by a modified version of the Tordow Malware, The original malware was released at the start of the Q1.

The base version of the Malware tries to access the Root user privileges to steal your passwords.
It is trojan horse where it attempts to get full control and then perform tasks such as controlling phone calls, SMS and it will even try to install apps and rename the core files of the android.

How does the malware enter the Phone

The malware spreads through the apps which are downloaded from the Third Party Sources, to So we suggest staying away from those stores and download apps from the sources that your trust, which reduces the probability your begin affected by the malware.

Comodo says attackers download these apps, reverse-engineer them to inject the malware, and then reupload the apps in the stores. Titles such as Pokemon Go, Telegram, and Subway Surfers have already been infected, so you better stick to the official Play Store to remain secure.

Since they are delivered as APK files, these applications can also spread via social media or other sites, so it’s important to always download from sources that you can trust.

How does it enter your phone.

Once the App got installed in the victim’s phone it tries to gain root privileges and establishes a connection to the command center to await the further instructions.

So that attackers can execute any command they want on your phone, The malware has mostly targeted the bank apps in your mobile and financial information.

Removing Tordow from an infected device is particularly difficult since it gets root access, so flashing a new firmware might be the best way to do it, as deleting the source app that led to the infection does virtually nothing. .

‘Originull’ Bug Allows Hackers To Read All Your Facebook Messenger Chats

Security firm Cynet has discovered a critical issue that affects the privacy of 1-billion Facebook Messenger users. Dubbed Originull, this flaw is also expected to affect millions of other websites using origin null restriction checks. Facebook has fixed this issue after it was reported by the firm.

Facebook, with the help of its Messenger and WhatsApp instant messaging application, has managed to replace the conventional text messages. Now, more than 1 billion active monthly users trust Facebook Messenger with their conversations. In the recent times, the social network has worked hard to add new features and develop it as a platform.

Earlier this week, Cynet reported a critical vulnerability that was spotted on Facebook. This hack, dubbed “Originull,” potentially affects millions of website that use origin null restriction checks and exposes the website visitors to malicious elements.

The vulnerability being talked about is a cross-origin bypass attack that lets an attacker use some external website and read a Facebook user’s private messages. This flaw affects Facebook’s mobile app as well as the website.

Usually, your browser protects you from such hacks by only allowing Facebook pages to fetch the information. However, due to this bug, Facebook opens a bridge that allows the subsites of the social network to access the information.

A security researcher of Cynet, Ysrael Gurt, discovered a flaw in the way Facebook manages the identity of these subsites. To exploit the flaw, a hacker needs to fool a Messenger user into visiting a malicious website.

BEWARE !! Affordable Android Devices Comes With Preloaded Malware

Russian security company Dr. Web, which also makes a PC antivirus solutionbearing the same name, warns that it discovered a total of 26 smartphone models running Android and infected with malware that’s injected in the stock firmware they are shipped with.

 Most of the models on the list, which you find in full at the end of the article, are smartphones sold on the Russian market and based on the MTK platform, which is a chipset developed by Taiwan-based MediaTek. The list includes phones sold by Prestigio, Irbis, MegaFon, and SUPRA.

 The security firm says all these models are shipped with a Trojan called Android.DownLoader.473.origin, which is a downloader that automatically starts when the device is powered on.

 Once an Internet connection is detected, the Trojan connects to a C&C server and waits for instructions, while at the same time downloading and installing an application called H5GameCenter. In its turn, this application comes with an aggressive form of adware, which the security company flags as Adware.AdBox.1.origin.

 “Once installed, it displays a small box image on top of running applications. The image cannot be removed from the screen. It is a shortcut clicking on which opens a catalog integrated into Adware.AdBox.1.origin. In addition, the Trojan shows advertisements,” the security firm said.

 If users attempt to remove the H5GameCenter app from their smartphones, the Trojan automatically downloads and installs it again at a later time, without notifying users.

 Dr. Web says it also discovered a Trojan on Lenovo A319 and Lenovo A6000, which is part of an application called Rambla and which deploys a software catalog on affected devices.

 The Trojan is flagged as Android.Sprovider.7 and makes it possible for attackers to download APK files and install them on target smartphones, make phone calls to specific numbers, show ads, upload infected files, and open malicious links in browsers.

 “It is known that cybercriminals generate their income by increasing application download statistics and by distributing advertising software. Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsourcers who took part in creation of Android system images decided to make money on users,” the security firm said.

 Android vendors whose devices come with Trojans have already been contacted by the firm and users who purchased one of the smartphones confirmed to come with malware are recommended to contact the manufacturer for support.

You gotta have a dream! If you don't have a dream how are you gonna make a dream come true? - Oscar Hammerstein, II

Dozens of Teens Arrested Over DDoS Attacks

This Monday, Europol announced that they have arrested 34 members as part of the operation that targets the users of DDoS cyber attacks tools.

 This operation was conducted with the help received from cooperation from enforcement agencies on 5th and 9th of December. Agencies all around the world, including Australia, France, Belgium, Lithuania, Hungary, the Netherlands, Portugal, Norway, Spain, Romania, the United Kingdom, Sweden and the United States. In addition to the 34 arrests, 101 suspects were interviewed and cautioned, Europol says.

 The agency suspects that these individuals are paying for stressers and booters services to deploy and launch DDoD attacks maliciously. The attacks flooded web servers with massive amounts of data, thus rendering them inaccessible to users.

According to Europol, the tools used in these attacks are part of the criminal ‘DDoS for hire’ facilities that hackers can pay to use and which can be aimed at whichever target these hackers choose. However, none of the tools used by the suspects was named in Europol’s announcement.

 In September this year, an investigation conducted by the U.S. Federal Bureau of Investigation (FBI) led to the arrest of two individuals believed to be operating a DDoS for hire service. Last year, the U.K. National Crime Agency (NCA) arrested six males aged between 15 and 18, suspected of using the DDoS tool called LizardStresser, which was used to disrupt gaming platforms earlier this year.

The LizardStresser botnet is fueled by Internet of Things devices, and security researchers recently discovered other powerful DDoS tools that use the power of these connected devices, with the Mirai botnet being the most popular of them at the moment.

 The available DDoS-for-hire services, the same as the Ransomware-as-a-Service (RaaS) business model, attract many young and adult cybercriminals who lack advanced computer skills but are looking for fast and easy money.

Remote Code Execution Flaws Found in Linux – Provides Root Access to Attackers

Remote code execution flaws found in McAfee VirusScan Enterprise for Linux could allow an attacker to obtain root privileges, and a security researcher says that it’s all possible by simply tricking the app to use malicious update servers.

Andrew Fasano from MIT Lincoln Laboratory said in a post that he first discovered the vulnerabilities in McAfee’s solution nearly six months ago, but the security company patched them only earlier this month.

“At a first glance, Intel’s McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it’s not particularly popular, and it looks like it hasn’t been updated in a long time,” he explained.
In his post, Fasano explains that once the app connects to the compromised update servers,

McAfee VirusScan Enterprise for Linux allows the deployment of a script that can be launched on the target machine with root privileges.

The first two flaws, which are known as CVE-2016-8016 and CVE-2016-8017 (Remote Unauthenticated File Existence Test and Remote Unauthenticated File Read with Constraints) make it possible for hackers to compromise the authentication token used by McAfee’s VirusScan Enterprise and run malicious update servers on Linux machines.

The script that would eventually help obtain root privileges is deployed with the help of CVE-2016-8021 (Web Interface Allows Arbitrary File Write to Known Location). When combined with CVE-2016-8020 (Authenticated Remote Code Execution & Privilege Escalation), an attacker can obtain a privilege escalation flaw, the researcher notes.

“Using CSRF or XSS, it would be possible to use these vulnerabilities to remotely privesc to root,”

 All these vulnerabilities have already been confirmed in version 1.9.2 to 2.0.2, so all Linux systems are recommended to update to the latest release that McAfee shipped this month.

This Malware Variant Has A Built-in Domain Generation Algorithm

Newly observed variants of the Mirai botnet pack domain generation algorithm (DGA) features that haven’t been associated with previous Mirai samples, security researchers warn.
Mirai emerged several months ago as just another Internet of Things (IoT) botnet, but managed to make a name for itself fast, after it was used in large distributed denial of service (DDoS) attacks against the websites of security blogger Brian Krebs and hosting provider OVH in late September. However, it was only after the malware’s source code was made public in early October that interest in Mirai spiked.

By the end of October, researchers found that Mirai infected devices in 164 countries around the world, preying on their weak security credentials. Also in October, Mirai was said to have been used in a massive DDoS attack against DNS provider Dyn, which resulted in many popular websites becoming inaccessible for some of their users.

As expected, the public availability of Mirai’s source code resulted in numerous new malware variants being created, including a Mirai-based worm that used the TR-064 protocol for sending commands to infected devices. According to researchers with Network Security Research Lab at 360, at least 53 unique Mirai samples exist, given that they have been captured by their honeypots from 6 hosting servers.

What’s more, the researchers reveal that newly spotted Mirai samples that spread through TCP ports 7547 and 5555. Moreover, the researchers discovered that the malware author who uses the email address dlinchkravitz[at]gmail[dot]com has already registered some of the generated domains.

According to the security researchers, the analysed malware samples use 3 top-level domains (TLDs), namely .online, .tech, and .support, with each layer 2 (L2) domain having a fixed length of 12-bytes, with each character randomly chosen from ‘a’ to ’z’. The security researchers also note that the generated domain is only determined by month, day and hardcoded seed string.

source: http://securityweek.comsecurityweek

More Firmware Backdoor Found In Cheap Android Phones

Here's some bad news for Android users again.

Certain low-cost Android smartphones and tablets are shipped with malicious firmware, which covertly gathers data about the infected devices, displays advertisements on top of running applications and downloads unwanted APK files on the victim's devices.
                                       Security researchers from Russian antivirus vendor Dr.Web have discovered two types of downloader Trojans that have been incorporated in the firmware of a large number of popular Android devices operating on the MediaTek platform, which are mostly marketed in Russia.

 The Trojans, detected as Android.DownLoader.473.origin and Android.Sprovider.7, are capable of collecting data about the infected devices, contacting their command-and-control servers, automatically updating themselves, covertly downloading and installing other apps based on the instructions it receives from their server, and running each time the device is restarted or turned on.

 The list of Android device models that are affected by the malicious firmware includes:

 Lenovo A319, Lenovo A6000, MegaFon Login 4 LTE, Bravis NB85, Bravis NB105, Irbis TZ85, Irbis TX97, Irbis TZ43, Irbis tz56, Pixus Touch 7.85 3G, SUPRA M72KG, SUPRA M729G, SUPRA V2N10, Itell K3300, Digma Plane 9.7 3G, General Satellite GS700, Nomi C07000, Optima 10.1 3G TT1040MG, Marshal ME-711, 7 MID, Explay Imperium 8, Perfeo 9032_3G, Prestigio MultiPad Wize 3021 3G, Prestigio MultiPad PMT5001 3G, Ritmix RMD-1121, Oysters T72HM 3G, Irbis tz70, and Jeka JK103.

 "It is known that cybercriminals generate their income by increasing application download statistics and by distributing advertising software," the researchers pointed out. "Therefore, [both Trojans] were incorporated into Android firmware because dishonest outsourcers who took part in creation of Android system images decided to make money on users."

 Android.Sprovider.7 Trojan was discovered in the firmware of Lenovo A319 and Lenovo A6000 smartphones. The Trojan is capable of doing a lot of things including:

1> Download, install and run APK files.
2> Open the specified link in a browser.
3> Make phone calls to certain numbers by using a standard system application.
4> Run a standard system phone application in which a specified number is already dialed.
5> Show advertisement on top of all apps.
6> Also, display advertisements in the status bar.
7> Create a shortcut on the home screen.
8> Update a major malicious module. On the other hand,

Android.DownLoader.473.origin found in the remaining devices, which downloads and installs other malware programs and unwanted apps, including an advertising program called H5GameCenter.

For More Click Here...

Democratic House Candidates Were Also Targets of Russian Hacking

WASHINGTON — South Florida has long been a laboratory for some of the nation’s roughest politics, with techniques like phantom candidates created by political rivals to siphon off votes from their opponents, or so-called boleteras hired to illegally fill out stacks of absentee ballots on behalf of elderly or disabled voters.

But there was never anything quite like the 2016 election campaign, when a handful of Democratic House candidates became targets of a Russian influence operation that made thousands of pages of documents stolen by hackers from the Democratic Congressional Campaign Committee in Washington available to Florida reporters and bloggers.

For more Click Here....

IIT-Kanpur signs MoU with New York University Tandon School of Engineering-Centre for Cyber Security on cyber security

KANPUR: IIT-Kanpur, Centre for Cyber Security for Critical Infrastructure (IIT-K-CSC) and New York University Tandon School of Engineering-Centre for Cyber Security (NYU-CCS) have signed a Memorandum of Understanding (MoU) to build their cyber security capabilities and to increase cooperation in research and innovation.

The MoU has been signed for a period of seven years and may be extended after review. The MoU states that both the centres will strive to become the most important centres for research, education, public awareness and national service, and for securing and defending their national critical infrastructures from cyber attacks and electronic warfare.

 The information cell of IIT-Kanpur sais that as per the agreement, the two centres will facilitate bilateral academic scientific relationships and develop cooperative research and teaching projects in selected fields such as mechanisms for improved cyber-attack prevention, detection and mitigation, security of cyber-physical systems in sectors such as telecom and transportation and international cyber security and power.

For More Click Here..

DDoS, IoT Top Cybersecurity Priorities for 45th President

Addressing distributed denial-of-service (DDoS) attacks designed to knock Web services offline and security concerns introduced by the so-called “Internet of Things” (IoT) should be top cybersecurity priorities for the 45th President of the United States, according to a newly released blue-ribbon report commissioned by President Obama.

“The private sector and the Administration should collaborate on a roadmap for improving the security of digital networks, in particular by achieving robustness against denial-of-service, spoofing, and other attacks on users and the nation’s network infrastructure,” reads the first and foremost cybersecurity recommendation for President-elect Donald Trump. “The urgency of the situation demands that the next Administration move forward promptly on our recommendations, working closely with Congress and the private sector.”

For Norw Click here..

What is Linux Kernel? Explained in Layman’s Terms

There are so many Linux distributions out in the wild, but there is only one de facto thing that they have in common: the Linux kernel. But while it’s often talked about, a lot of people don’t really know exactly what it does.

Let’s take a look at what the Linux kernel really does and why it’s needed, with as few geeky terms as possible.

What’s a Kernel?

Each operating system uses a kernel. Without a kernel, you can’t have an operating system that actually works. Windows, Mac OS X, and Linux all have kernels, and they’re all different. It’s the kernel that also does the grunt work of the operating system. Besides the kernel, there are a lot of applications that are bundled with the kernel to make the entire package something useful — more on that a bit later.

The kernel’s job is to talk to the hardware and software, and to manage the system’s resources as best as possible. It talks to the hardware via the drivers that are included in the kernel (or additionally installed later on in the form of a kernel module). This way, when an application wants to do something (say change the volume setting of the speakers), it can just submit that request to the kernel, and the kernel can use the driver it has for the speakers to actually change the volume.

The kernel is highly involved in resource management. It has to make sure that there is enough memory available for an application to run, as well as to place an application in the right location in memory. It tries to optimize the usage of the processor so that it can complete tasks as quickly as possible. It also aims to avoid deadlocks, which are problems that completely halt the system when one application needs a resource that another application is using. It’s a fairly complicated circus act to coordinate all of those things, but it needs to be done and that’s what the kernel is for.

What Else Makes Up An Operating System?

Like I mentioned earlier, operating systems include their own kernel along with a bunch of other applications. With just a kernel, it’s nearly impossible to do anything with the operating system. You also need some other applications to be bundled with it, such as a shell. The shell is responsible for displaying the prompt that you see in terminals or command lines. Shells are a much easier way to launch applications, navigate through folders, and much more. All of those tasks that you can do in a shell are supported via other applications that must be bundled as well. For example, the tar application is needed if you’re working with tarballs in a shell.

Operating systems, particularlyLinux distributions, then continue to bundle more applications, such as a desktop environment, a web browser, an office suite, and other applications that you often interact with directly. So as you can see, the kernel is just a very small portion of an operating system, but it’s arguably the most crucial one.

Here Is Why Some People Get Rejected Everywhere But Get A Job At Google

Amin Ariana, an ex-Google employee describes why does Google accept some applications rejected everywhere else. Narrating his own story, he manages to make a beautiful attempt at explaining why people who fail to get lower-level jobs succeed at higher levels.

Wisdom of the Clouds - How Cloudsourcing will become all pervasive.

Talk about what's happening across the space of cloud computing, digital, mobile, Devops, IOT, big data and social. How startups to enterprises can take advantage in this generational shift? How are companies like Oracle innovating in this space!

Key points of discussion:

Is there only one road to the cloud?

How does one take a cloud decision?

Is cloud really cheap?

Is my data really secure on the cloud?

Am I getting locked in to a particular cloud?

Should I move 100% to the cloud?

Is there a better way- I want control and I still want cloud?

Who should attend: developers, techie community, CIOs, CTOs, CFOs, CMOs and CHROs

For more Click Here....

For Free Seat Booking Click Here

Hackers steal more than $31m from Russia's central bank

Hackers stole 2 billion rubles (over $31m) from correspondent bank accounts at the Russian central bank in a cyberattack, the bank confirmed on Friday (2 November). According to central bank official Artem Sychev, the cybercriminals attempted to swipe around 5 billion rubles, the Wall Street Journal reports. However, the central bank managed to stop them and recover some of the money.

"We can't say exactly when, but we can say today it was stolen," Ekaterina Glebova, an official at the bank's press office told The Wall Street Journal.

According to a report released by the central bank earlier on Friday, the hackers broke into a system that the central bank operates by faking a client's credentials,

The banking institute said that it was able to retrieve $26m, part of which was reportedly frozen in other bank accounts that the hackers opened in order to move the money. In some cases, the bank said it was able to freeze transfers from the targeted correspondent accounts.

For more click here

Rule 41 — FBI Gets Expanded Power to Hack any Computer in the World

Hacking multiple computers across the world just got easier for the United States intelligence and law enforcement agencies from today onwards..

The changes introduced to the Rule 41 of the Federal Rules of Criminal Procedure by the United States Department of Justice came into effect on Thursday, after an effort to block the changes failed on Wednesday.

The change grants the FBI much greater powers to hack into multiple computers within the country, and perhaps anywhere in the world, with just a single warrant authorized by any US judge (even magistrate judges). Usually, magistrate judges only issue warrants for cases within their jurisdiction.

That's the same the FBI did in its 2015 investigation into child pornography site Playpen, in which the agency hacked into some 8,700 computers across 120 different countries.

The Supreme Court approved the changes to Rule 41 in April, allowing any U.S. judge to issue search warrants that give the FBI and law enforcement agencies authority to remotely hack computers in any jurisdiction, or even outside the United States.

Democratic Senator Ron Wyden attempted three times to block changes to Rule 41 that potentially risks people using Tor, a VPN, or some other anonymizing software to hide their whereabouts, but the efforts were blocked by Republican Senator John Cornyn of Texas.

The rule change should take effect on 1st December, today, barring surprises.

For more click here..

Your debit/credit card can be hacked in less than 6 seconds

It may take as little as six seconds for hackers to guess your credit or debit card number, expiry date and security code, say scientists who were able to circumvent all security features meant to protect online payments from fraud.


Exposing the flaws in the VISA payment system, researchers from Newcastle University in the UK, found neither the network nor the banks were able to detect attackers making multiple, invalid attempts to get payment card data.


By automatically and systematically generating different variations of the cards security data and firing it at multiple websites, within seconds hackers are able to get a 'hit' and verify all the necessary security data.


Investigators believe this guessing attack method is likely to have been used in the recent Tesco cyberattack which the Newcastle team describe as "frighteningly easy if you have a laptop and an internet connection."


"This sort of attack exploits two weaknesses that on their own are not too severe but when used together, present a serious risk to the whole payment system," said Mohammed Ali, a PhD student at Newcastle University.

For More Click Here

Hackers Say Knocking Thousands of Brits Offline Was an Accident

A new zombie army of hacked Internet of Things devices forced thousands of Brits offline, as hackers tried to expand the reach of their botnet.

The UK internet providers TalkTalk and Post Office confirmed that some of their customers experienced outages due to a cyberattack. One of the hackers who controls said they were responsible for the issues.

“Sorry for UK Post Office,” a hacker who goes by the name BestBuy told Motherboard in an online chat, explaining that they didn’t target them “intentionally.”

“But they should give their customers better hardware :\,” the hacker said.

BestBuy explained that “too many requests freeze the shitty routers,” and that they were just trying to enlist more devices into their botnet. The hacker said that they now call the modified malware Annie instead of Mirai, and that they have collected as many as 4.8 million bots. (Motherboard could not verify this figure, but it’s way higher than any other number reported before, so worth taking with a grain of salt.)

TalkTalk confirmed that “a small number” of customer’s routers were affected by Mirai. A Post Office spokesperson said a “third party” disrupted some customers on Nov. 27, impacting “certain types of routers.”

”They should give their customers better hardware :\ [...] Too many requests freeze the shitty routers.”

AWS launches Shield to protect web applications from DDoS attacks

At its re:Invent developer conference, Amazon today announced AWS Shield, a DDoS protection service for web apps that run on Amazon’s cloud computing service.

AWS Shield is generally available today and is already turned on (for free) for all web applications that currently run on AWS — no action by the developer required. The service is based on the work Amazon has done with its Elastic Load Balancer, Cloud Front CDN and Route 53 DNS service. It offers developers automatic protection against the kind of DDoS attacks that are sadly becoming more frequent these days.

The free service, AWS says, will protect applications against 96 percent of the most common attacks.

Amazon will also offer a paid advanced version of AWS Shield. This version will protect applications against more sophisticated attacks. Amazon will also provide Advanced users with cost protection so they won’t have to incur massive costs when they come under attacks. Customers of the advanced service will also get 24×7 access to a response team for custom mitigations. A one-year subscription to AWS Shield Advanced will have a base fee of $3,000/year plus data transfer fees for the use of the Elastic Load Balancer, CloudFront and Route 53.

Amazon CTO Werner Vogels noted that the company’s customers have been especially worried about DDoS attacks over the last year.

Vogels noted that the attacks Amazon is seeing include volumetric attacks that try to bring your network down and those that try to exhaust the resources of a server. The majority of the attacks are volumetric attacks (64 percent), followed by state exhaustion and application layer attacks.

AWS Shield will be on by default to protect developers from these attacks.

With this, Amazon is now in competition with the likes of Cloudflare and the DDoS protection services from major networking vendors.

Android malware ‘Gooligan’ breaches over a million Google accounts

Mobile device users are once again at high risk, as a new Android malware has emerged that breached over one million Google accounts since August. Called “Gooligan”, the malicious development is found to be infecting as many as 13,000 devices each day.

The Android malware roots infected devices and then steals email addresses and authentication tokens to access sensitive user data from Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite, researchers from Check Point Software Technologies claimed in a recent study.

Initial research reveals that “Gooligan” potentially affects devices on Android 4 (Jelly Bean as well as KitKat) and the Android 5.0 (Lollipop) platforms that jointly account for over 74 percent of the total in-market devices. Notably, about 57 percent of the affected devices from the Asian region, while 9 percent are located in Europe.

“This theft of over a million Google account details is very alarming and represents the next stage of cyber- attacks,” said Michael Shaulov, Check Point’s head of mobile products, in a statement.

Leveraging the vulnerability on old Android platforms, attackers gain backdoor access on the infected devices and then generate revenue by fraudulently installing apps from Google Play store.

It is worth noting that “Gooligan” is not available on the apps listed on Google Play. However, it spreads infection on devices through apps installed from third-party app stores. Once users install a “Gooligan”-infected app, it sends data about the device to the primary server of attackers and thereafter automatically downloads a rootkit that results in the breach.

“We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them,” said Shaulov.

A member of “Ghost Push” malware family

Since 2014, the Android security team has been malware family “Ghost Push” that includes “Gooligan” as a variant. Google’s director of Android security Adrian Ludwig in a Google+ post confirms a development to protect users.

“As a part of our ongoing efforts to protect users from the Ghost Push family of malware, we have taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” Ludwig said.

Though Ludwig acknowledges the malware, he mentions that his team has not replicated any evidence of user data access. “The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant,” he stated.

Updates for protection

Ludwig recommends users to install software updates frequently to reduce risk, as the malware affects older platform versions. Furthermore, Android users who suspect the breach of their Google accounts can go through “flashing” process and reinstall the operating system on their devices. They also need to change passwords of their accounts after completely “flashing” the devices.