A bunch of hackers have hacked VEVO, they've changed the titles of all the popular music videos and deleted Despacito. Gangnam Style is the only song that isn't on a VEVO channel because Psy was smart enough to upload it to his own.

Hackers broke into the video for "Despacito" on Monday (Apr. 9) and defaced the clip's cover image with a picture of a masked people pointing guns, resulting in the most-viewed music video of all time being taken down temporarily. According to BBC News, the hackers, who go by Prosox and Kuroi'sh, had also broken into clips by more than a dozen other artists, including Drake, Taylor Swift, Selena Gomez and Shakira


The hackers, calling themselves Prosox and Kuroi'sh, had replaced some of the videos' titles with their own messages, including a call to "free Palestine" alongside their own nicknames.

MOSCOW (Reuters) - Russia’s state communications watchdog said on Friday it had filed a lawsuit to limit access to the Telegram messaging app after the company refused to give Russian state security services access to its users’ secret messages.

Ranked as the world’s ninth most popular mobile messaging app, Telegram is widely used in countries across the former Soviet Union and Middle East. Active users of the app reached 200 million in March.

As part of its services, Telegram allows users to communicate via encrypted messages which cannot be read by third parties, including government authorities.

But Russia’s FSB Federal Security service has said it needs access to some messages for its work, including guarding against terrorist attacks. Telegram has refused to comply with its demands, citing respect for user privacy.

Russia’s Roskomnadzor communications watchdog said it had filed a lawsuit at a Moscow court on Friday “with a request to restrict access on the territory of Russia to the information resources of ... Telegram Messenger Limited Liability Partnership.”

It said the suit was connected to statements by the FSB that Telegram was not complying with its legal obligations as an “organizer of information distribution.”

A spokesman for Telegram did not immediately respond to a request for comment.

Telegram founder and CEO Pavel Durov said on Twitter in March: “Threats to block Telegram unless it gives up private data of its users will not bear fruit. Telegram will stand for freedom and privacy.”

The Russian court decision will be closely watched by investors as Telegram is also undertaking the world’s biggest initial coin offering - a private sale of tokens which could be traded as an alternative currency, similar to Bitcoin or Ethereum.

The company has so far raised $1.7 billion in pre-sales via the offering, according to media reports.

Chinese symbols are appearing on the Defence Ministry website,  offline now

MOSCOW (Reuters) - Russia’s communications watchdog said on Friday it had asked Facebook to explain why access had been restricted to the Facebook accounts of some Russian media organizations, RIA news agency said.

Roskomnadzor said it considered the restrictions to be a continuation of Facebook’s “unfriendly policy toward Russian users,” RIA said.

The report did not specify which accounts had been affected, but Roskomnadzor said the move by Facebook would make it harder for Russian and foreign social network users to follow the Russian news agenda.

Facebook said on Tuesday it had deleted hundreds of Russian accounts and pages associated with a “troll factory” indicted by U.S. prosecutors for fake activist and political posts in the 2016 U.S. election campaign.

Facebook said many of the deleted articles and pages came from Russia-based Federal News Agency, known as FAN, which they linked to the St Petersburg-based Internet Research Agency.

Facebook CEO Mark Zuckerberg told Reuters on Tuesday that the agency had “repeatedly acted to deceive people and manipulate people around the world, and we don’t want them on Facebook anywhere.”



Also Read:

• Facebook: Yeah, Maybe Now Isn't the Best Time to Launch Our New Speaker Designed to Spy on You

• Facebook Has Been Collecting Your Call History and SMS Data From Android Phones For Years

• It's Time to Delete Facebook

• Facebook suffers drop of stocks amid alleged data leak crisis

• Download a Copy of Your Facebook data That Facebook Knows All About You

The big question is why? With solid offerings from Google and Comodo, for instance, does the world need another DNS service? The answer is yes, because Cloudflare intends to focus on both speed, and more importantly, privacy.

"What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you've connected to, and your mobile network provider have a list of every site you've visited while using them," says Cloudflare.

The company further says, "Network operators have been licking their chops for some time over the idea of taking their users' browsing data and finding a way to monetize it. In the United States, that got easier a year ago when the Senate voted to eliminate rules that restricted ISPs from selling their users' browsing data. With all the concern over the data that companies like Facebook and Google are collecting on you, it worries us to now add ISPs like Comcast, Time Warner, and AT&T to the list. And, make no mistake, this isn't a US-only problem -- ISPs around the world see the same privacy-invading opportunity."


Sadly, DNS servers can be a weak link when attempting to surf the web securely. Cloudflare is aiming to not only create a more secure experience, but a faster one too. As you can see above, its new 1.1.1.1 service is quicker than both Google, OpenDNS, and the rest. Quite frankly, there is no reason not to give this new DNS service a try. Privacy? Speed?

If you do decide to give it a go, there are a couple of ways to do it. You should, of course, configure the DNS servers on each of your devices if possible, but you should also do so on your router. This way, anything that connects to your home network will utilize 1.1.1.1 when resolving DNS, including devices that don't provide access to DNS settings -- such as some IoT devices.

Setting it up

See https://1.1.1.1/ because it's that simple!

About those addresses

We are grateful to APNIC, our partner for the IPv4 addresses 1.0.0.1 and 1.1.1.1 (which everyone agrees is insanely easy to remember). Without their years of research and testing, these addresses would be impossible to bring into production. Yet, we still have a way to go with that. Stay tuned to hear about our adventures with those IPs in future blogs.

For IPv6, we have chosen 2606:4700:4700::1111 and 2606:4700:4700::1001 for our service. It’s not as easy to get cool IPv6 addresses; however, we’ve picked an address that only uses digits.

But why use easy to remember addresses? What’s special about public resolvers? While we use names for nearly everything we do; however, there needs to be that first step in the process and that’s where these number come in. We need a number entered into whatever computer or connected device you’re using in order to find a resolver service.

Anyone on the internet can use our public resolver and you can see how to do that by visiting https://1.1.1.1/ and clicking on GET STARTED.

Why announce it on April first?

Sure, It’s also April Fools' Day and for a good portion of people it’s a day for jokes, foolishness, or harmless pranks. This is no joke, this is no prank, this is no foolish act. This is DNS Resolver, 1.1.1.1 ! Follow it at #1dot1dot1dot1

"The magnitude of the losses is significant: the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist,"  Europol said.

"This global operation is a significant success for international police cooperation against a top-level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity," said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3).

"This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top-level cyber criminality." 

Xiaomi has been selling quite a few laptop models in China with high-end specifications and minimalistic design. Just the Mi smartphones, the Mi laptops also came with an aggressive price tag. Today, the company launched its first ever gaming laptop alongside the Mi MIX 2S smartphone. The company continues to launch the laptops without any logos.  Considering its a gaming laptop, Xiaomi added the 16M RGB backlighting for the keyboard & chassis.

It sports a 15.6-inch display with Full HD (1920 x 1080 pixels) resolution. With 9.9mm thin bezels, the Mi Gaming Laptop offers 81% screen-to-body ratio. It comes powered by the 7th gen Intel i7 processor and includes Nvidia GeForce GTX 1060 graphics card. The laptop comes with up to 16GB of RAM, 1TB HDD storage, and 256GB SSD. For the audio part, Xiaomi is including dual 3W speakers with Dolby Audio and Sony Hi-Res Audio support.

The Mi Gaming Laptop also measures just 20.9mm thick. On the connectivity front, the laptop comes with dual-antenna Wi-Fi, Bluetooth 4.1, 1 HDMI, 4 USB 3.0, 1 USB Type-C, 1 Gigabit Ethernet port, 2 3.5mm audio jack, and 3-in-1 card reader. While the basic M Gaming Laptop with Intel i5 chipset and GeForce GTX 1050 graphics card is priced at 5999 Yuan, the high-end variant with Intel i5 chipset and GeForce GTX T1060 graphics card costs 8999 Yuan.

Hey, Guys, Today I have come with some cool stuff on Google you haven't known before or tried. Some features really make you insane for a moment. So let's begin.

1. Do a barrel roll:-
Type word by word "do a barrel roll" without quotes in a google search. As you hit search its something cool happens. What have you seen cool eh?
If you tired of writing let I help you just click here Do a barrel roll

2. Askew:-
Next trick type "askew" in a google search. As you hit a search button you will find some tilt screen of google. Looks interesting right? Try it right now by clicking here Askew


3. Google gravity:-
Tired of full-day work on mobile or PC let's play the game with the google, go to google search and search for google gravity and hit the first link. You will find some amazing stuff never seen before. How's it looking cool?.
You can go directly from here Google gravity

4. Google space:-
Another better one to google gravity and more interesting is google space. Fly the google as you like just play google like you playing with a ball. Go and search on google with "Google space" hit the first link. And you will see the amazing stuff.
You can go directly from here Google space

5. Google underwater:-
Now you have already played with google search bar now it's time to fly the google search underwater. Look's interesting right? Go on a google search for google underwater and hit the first link. Really amazing stuff you really like it right?
If you haven't checked go directly from here Google underwater

6. Play a breakout game in google images:-
Have you even checkout you can play with google images if not checked yet try right now. You can play breakout game in google images. Really cool if you yet not known. Just go to google images search for "atari breakout" with quotes and try to go to desktop mode if you using mobile. Wow! You can now play the game on google images! Really cool right?
Check it right now if you tired of search Google images breakout game

7. Blink game:-
Oh! Tired of watching the screen lets blink for while. Here is another cool thing go on a google search for "blink HTML" without quotes. Try to switch desktop mode if you using a mobile device.
You go directly from here Blink Blink

8. Zerg rush:-
Now it's a search option which let you access lots of things in the google search bar with a great variety of the stuff. Just search "zerg rush" in google without quotes and hit the first search. Oh! now you can play guitar, play Pacman, play snake game and much more. Looks cool right?.
Checkout directly by clicking here Zerg rush

So, guys, that's some cool tricks and entertaining stuff you really like while doing work and get tired of, it will relive you for short time and it's really fun to play with google search bar.

INTERNET PARANOIACS DRAWN to Bitcoin have long indulged fantasies of American spies subverting the booming, controversial digital currency. Increasingly popular among get-rich-quick speculators, Bitcoin started out as a high-minded project to make financial transactions public and mathematically verifiable — while also offering discretion. Governments, with a vested interest in controlling how money moves, would, some of Bitcoin’s fierce advocates believed, naturally try and thwart the coming techno-libertarian financial order.

It turns out the conspiracy theorists were onto something. Classified documents provided by whistleblower Edward Snowden show that the National Security Agency indeed worked urgently to target Bitcoin users around the world — and wielded at least one mysterious source of information to “help track down senders and receivers of Bitcoins,” according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.

Although the agency was interested in surveilling some competing cryptocurrencies, “Bitcoin is #1 priority,” a March 15, 2013 internal NSA report stated.

The documents indicate that “tracking down” Bitcoin users went well beyond closely examining Bitcoin’s public transaction ledger, known as the Blockchain, where users are typically referred to through anonymous identifiers; the tracking may also have involved gathering intimate details of these users’ computers. The NSA collected some Bitcoin users’ password information, internet activity, and a type of unique device identification number known as a MAC address, a March 29, 2013 NSA memo suggested. In the same document, analysts also discussed tracking internet users’ internet addresses, network ports, and timestamps to identify “BITCOIN Targets.”

The agency appears to have wanted even more data: The March 29 memo raised the question of whether the data source validated its users, and suggested that the agency retained Bitcoin information in a file named “Provider user full.csv.” It also suggested powerful search capabilities against Bitcoin targets, hinting that the NSA may have been using its XKeyScore searching system, where the Bitcoin information and wide range of other NSA data was cataloged, to enhance its information on Bitcoin users. An NSA reference document indicated that the data source provided “user data such as billing information and Internet Protocol addresses.” With this sort of information in hand, putting a name to a given Bitcoin user would be easy.

The NSA’s budding Bitcoin spy operation looks to have been enabled by its unparalleled ability to siphon traffic from the physical cable connections that form the internet and ferry its traffic around the planet. As of 2013, the NSA’s Bitcoin tracking was achieved through program code-named OAKSTAR, a collection of covert corporate partnerships enabling the agency to monitor communications, including by harvesting internet data as it traveled along fiber optic cables that undergird the internet.

Specifically, the NSA targeted Bitcoin through MONKEYROCKET, a sub-program of OAKSTAR, which tapped network equipment to gather data from the Middle East, Europe, South America, and Asia, according to classified descriptions. As of spring 2013, MONKEYROCKET was “the sole source of SIGDEV for the BITCOIN Targets,” the March 29, 2013 NSA report stated, using the term for signals intelligence development, “SIGDEV,” to indicate the agency had no other way to surveil Bitcoin users. The data obtained through MONKEYROCKET is described in the documents as “full take” surveillance, meaning the entirety of data passing through a network was examined and at least some entire data sessions were stored for later analysis.

At the same time, MONKEYROCKET is also described in the documents as a “non-Western Internet anonymization service” with a “significant user base” in Iran and China, with the program brought online in summer 2012. It is unclear what exactly this product was, but it would appear that it was promoted on the internet under false pretenses: The NSA notes that part of its “long-term strategy” for MONKEYROCKET was to “attract targets engaged in terrorism, [including] Al Qaida” toward using this “browsing product,” which “the NSA can then exploit.” The scope of the targeting would then expand beyond terrorists. Whatever this piece of software was, it functioned a privacy bait and switch, tricking Bitcoin users into using a tool they thought would provide anonymity online but was actually funneling data directly to the NSA.

The hypothesis that the NSA would “launch an entire operation overseas under false pretenses” just to track targets is “pernicious,” said Matthew Green, assistant professor at the Johns Hopkins University Information Security Institute. Such a practice could spread distrust of privacy software in general, particularly in areas like Iran where such tools are desperately needed by dissidents. This “feeds a narrative that the U.S. is untrustworthy,” said Green. “That worries me.”

The NSA declined to comment for this article. The Bitcoin Foundation, a nonprofit advocacy organization, could not immediately comment.

Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data.
VPN, or Virtual Private Network, is a great way to protect your daily online activities that work by encrypting your data and boosting security, as well as useful to obscure your actual IP address.
While some choose VPN services for online anonymity and data security, one major reason many people use VPN is to hide their real IP addresses to bypass online censorship and access websites that are blocked by their ISPs.


But what if when the VPN you thought is protecting your privacy is actually leaking your sensitive data and real location?
A team of three ethical hackers hired by privacy advocate firm VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate—with millions of customers worldwide were found vulnerable to flaws that could compromise user's privacy.
The team includes application security researcher Paulos Yibelo, an ethical hacker known by his alias 'File Descriptor' and works for Cure53, and whereas, the identity of third one has not been revealed on demand.
PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case.
After a series of privacy tests on the three VPN services, the team found that all three VPN services are leaking their users' real IP addresses, which can be used to identify individual users and their actual location.
Concerning consequences for end users, VPN Mentor explains that the vulnerabilities could "allow governments, hostile organizations [sic], or individuals to identify the actual IP address of a user, even with the use of the VPNs."
The issues in ZenMate and PureVPN have not been disclosed since they haven't yet patched, while VPN Mentor says the issues discovered in ZenMate VPN were less severe than HotSpot Shield and PureVPN.



The team found three separate vulnerabilities in AnchorFree's HotSpot Shield, which have been fixed by the company. Here's the list:

• Hijack all traffic (CVE-2018-7879) — This vulnerability resided in Hotspot Shield’s Chrome extension and could have allowed remote hackers to hijack and redirect victim's web traffic to a malicious site.
• DNS leak (CVE-2018-7878) — DNS leak flaw in Hotspot Shield exposed users' original IP address to the DNS server, allowing ISPs to monitor and record their online activities.
• Real IP Address leak (CVE-2018-7880) — This flaw poses a privacy threat to users since hackers can track user's real location and the ISP. the issue occurred because the extension had a loose whitelist for "direct connection." Researchers found that any domain with localhost, e.g., localhost.foo.bar.com, and 'type=a1fproxyspeedtest' in the URL bypass the proxy and leaks real IP address.

The researchers also reported similar vulnerabilities in the Chrome plugins of Zenmate and PureVPN, but for now, the details of the bugs are being kept under wraps since both the manufacturers have not yet fixed them.
Researchers believe that most other VPN services also suffer from similar issues.

Twitter hunting jihadists accounts: They have been closed over 125,000 online profiles with “terrorist content”

Microblogging platform, Twitter, has begun using antispam technology to detect accounts that promote terrorism, suspending in recent months, 125,000 online profiles with Islamist character,  informs  The New York Times. The Twitter company has launched this campaign to urge of Administration of Washington, who asked online social networks to intensify actions to combat terrorist messages.

Online social networks have become a recruiting tool and radicalization used by groups such as  Islamic State terrorist organization. Twitter, based in San Francisco American city, announced additional staff specialized in the detection of terrorist content to reduce “significant” reaction time. Twitter experts use technology similar to anti-spam to detect and suspend accounts that promote terrorism.

Barack Obama administration welcomed the microblogging platform announcement.
“We committed to take all possible measures to block terrorist activities, including in cyberspace; welcome the measures taken by the private partners in this field”, has sent the White House.

According to Check Point Mobile Security Team, who uncovered this campaign, RottenSys is an advanced piece of malware that doesn't provide any secure Wi-Fi related service but takes almost all sensitive Android permissions to enable its malicious activities.

"According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were infected by RottenSys," researchers said.

Instead, RottenSys has been designed to communicate with its command-and-control servers to get the list of required components, which contain the actual malicious code.
RottenSys then downloads and installs each of them accordingly, using the "DOWNLOAD_WITHOUT_NOTIFICATION" permission that does not require any user interaction.

Hackers Earned $115,000 in Just Last 10 Days

"RottenSys is an extremely aggressive ad network. In the past 10 days alone, it popped aggressive ads 13,250,756 times (called impressions in the ad industry), and 548,822 of which were translated into ad clicks," researchers said.

How to Detect and Remove Android Malware?

To check if your device is being infected with this malware, go to Android system settings→ App Manager, and then look for the following possible malware package names:
com.android.yellowcalendarz (每日黄历)
com.changmi.launcher (畅米桌面)
com.android.services.securewifi (系统WIFI服务)
com.system.service.zdsgt
If any of above is in the list of your installed apps, simply uninstall it.

Memcached reflections that recently fueled two most largest amplification DDoS attacks in the history have also helped other cybercriminals launch nearly 15,000 cyber attacks against 7,131 unique targets in last ten days, a new report revealed.
Chinese Qihoo 360's Netlab, whose global DDoS monitoring service 'DDosMon' initially spotted the Memcached-based DDoS attacks, has published a blog post detailing some new statistics about the victims and sources of these attacks.
The list of famous online services and websites which were hit by massive DDoS attacks since 24th February includes Google, Amazon, QQ.com, 360.com, PlayStation, OVH Hosting, VirusTotal, Comodo, GitHub (1.35 Tbps attack), Royal Bank, Minecraft and RockStar games, Avast, Kaspersky, PornHub, Epoch Times newspaper, and Pinterest.


Overall, the victims are mainly based in the United States, China, Hong Kong, South Korea, Brazil, France, Germany, the United Kingdom, Canada, and the Netherlands.





According to Netlab researchers, the frequency of attacks since 24th February has increased dramatically, as listed below:

• Before 24th February, the day when Memcached-based DDoS attacks were first spotted, the daily average was less than 50 attacks.
• Between 24th and 28th February, when Memcached as a new amplification attack vector was not publicly disclosed and known to a small group of people, the attacks raised to an average of 372 attacks per day.
• Soon after the first public report came on 27th February, between 1st and 8th March, the total number of attacks jumped to 13,027, with an average of 1,628 DDoS attack events per day.

The maximum number of active vulnerable Memcached servers at a time that participated in the DRDoS attacks was 20,612.
I don't want to exaggerate this but expect hundreds of thousands of Memcached-based DDoS attacks in coming days, as hackers and researchers have now released multiple easy-to-execute exploits that could allow anyone to launch Memcached amplification attacks.
However, researchers have also discovered a 'kill-switch' technique that could help victims mitigate Memcached DDoS attacks efficiently.
Despite multiple warnings, over 12,000 vulnerable Memcached servers with UDP support enabled are still exposed on the Internet, which could fuel more cyber attacks.
Therefore, server administrators are strongly advised to install the latest Memcached 1.5.6 version which disables UDP protocol by default to prevent amplification/reflection DDoS attacks.

On Wednesday, February 28, 2018, GitHub's code hosting website hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps.
Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.
Earlier this week we published a report detailing how attackers could abuse Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attack than its original strength

Dubbed Memcrashed, the amplification DDoS attack works by sending a forged request to the targeted Memcrashed server on port 11211 using a spoofed IP address that matches the victim's IP.
A few bytes of the request sent to the vulnerable server trigger tens of thousands of times bigger response against the targeted IP address.

"This attack was the largest attack seen to date by Akamai, more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed," said Akamai, a cloud computing company that helped Github to survive the attack.
In a post on its engineering blog, Github said, "The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the Memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second."

Expect More Record-Breaking DDoS Attacks

To prevent Memcached servers from being abused as reflectors, administrators should consider firewalling, blocking or rate-limiting UDP on source port 11211 or completely disable UDP support if not in use.

iBOOT Source Code News

This software can allow hackers to find security loops on iPhones. The release does not affect or harms any iPhone security immediately but it can be used as a source code or to analyze the source code that Apple uses. “Delete” can be used by hackers to replicate or manipulate the source code of Apple and can be used by hackers to affect any iPhones in future. On Wednesday an unknown user of GitHub posted this source code on the website. The website is popularly known for sharing source code by hackers or software developers. It is still unclear how the iBoot source code leaked but it is potentially the biggest leak in the history of Apple.

iBoot: Statements regarding the incident

A popular writer Levin, who has written a lot of books on iOS and Mac OS says that “it’s a huge issues that the iBoot code got leaked. iBoot is the one of the components that Apple has been holding onto still encrypting its 64 bit image and now its wide open in source code form.”
According to reverse engineer, the code is real and can be useful to the hackers. Reports are saying that iBoot code is from iOS 9 but it doesn’t change the fact that it can’t be used or is harmless. It can be used to find loopholes in Apple security patch. Some reports are saying that Apple still uses the same components in the latest version of iOS.

Anyone can discover issues related to iboot which can be used to create new jailbreaks or new ways to decrypt any iPhone. This “iBoot” system’s details’ are given in this blueprint. Hackers can also use the leaked information to create new malwares or surveillance tool for any victim’s device.

iBoot: Apple’s secrecy

A Single-Character Message (in Telugu — the 3rd Most Spoken Indian Language) Can Crash Any Apple #iPhone, iPad and Mac.