Showing posts with label HACK NEWS. Show all posts
Showing posts with label HACK NEWS. Show all posts

Tuesday, 10 April 2018

Despacito, has been hacked,which has had over five billion views.

10:42 0


A bunch of hackers have hacked VEVO, they've changed the titles of all the popular music videos and deleted Despacito. Gangnam Style is the only song that isn't on a VEVO channel because Psy was smart enough to upload it to his own.

Hackers broke into the video for "Despacito" on Monday (Apr. 9) and defaced the clip's cover image with a picture of a masked people pointing guns, resulting in the most-viewed music video of all time being taken down temporarily. According to BBC News, the hackers, who go by Prosox and Kuroi'sh, had also broken into clips by more than a dozen other artists, including Drake, Taylor Swift, Selena Gomez and Shakira


The hackers, calling themselves Prosox and Kuroi'sh, had replaced some of the videos' titles with their own messages, including a call to "free Palestine" alongside their own nicknames.

hackers posted a cryptic message to Vevo, writing "@Vevo You have all my respect but do not leave the control to your site to any developer did not take into account this hacking it was a fun if we would like to harm your customers we would delete all the video but I did not delete despacito must believe me."


 Prof Alan Woodward,Cyber-security expert, said it was unlikely that the hacker had been able to gain access so easily.

"To upload and alter video content with code you should require an authorisation token," he said.

"So, either this hacker has found a way around that need for authorisation, or they are being economical with the facts, or they obtained the permissions in some other way."

Saturday, 7 April 2018

Russia files lawsuit to block Telegram app

04:13 0


MOSCOW (Reuters) - Russia’s state communications watchdog said on Friday it had filed a lawsuit to limit access to the Telegram messaging app after the company refused to give Russian state security services access to its users’ secret messages.

Ranked as the world’s ninth most popular mobile messaging app, Telegram is widely used in countries across the former Soviet Union and Middle East. Active users of the app reached 200 million in March.

As part of its services, Telegram allows users to communicate via encrypted messages which cannot be read by third parties, including government authorities.

But Russia’s FSB Federal Security service has said it needs access to some messages for its work, including guarding against terrorist attacks. Telegram has refused to comply with its demands, citing respect for user privacy.

Russia’s Roskomnadzor communications watchdog said it had filed a lawsuit at a Moscow court on Friday “with a request to restrict access on the territory of Russia to the information resources of ... Telegram Messenger Limited Liability Partnership.”

It said the suit was connected to statements by the FSB that Telegram was not complying with its legal obligations as an “organizer of information distribution.”

A spokesman for Telegram did not immediately respond to a request for comment.

Telegram founder and CEO Pavel Durov said on Twitter in March: “Threats to block Telegram unless it gives up private data of its users will not bear fruit. Telegram will stand for freedom and privacy.”

The Russian court decision will be closely watched by investors as Telegram is also undertaking the world’s biggest initial coin offering - a private sale of tokens which could be traded as an alternative currency, similar to Bitcoin or Ethereum.

The company has so far raised $1.7 billion in pre-sales via the offering, according to media reports.

Home Ministry Websites Down, Official Says "Hardware Problem"

03:03 0

Chinese symbols are appearing on the Defence Ministry website,  offline now


NEW DELHI (Reuters) - The Indian Defence Ministry’s website and other government sites were hit by a technical issue on Friday but had not been hacked, the government said.

“The site showed what appeared to be a Chinese character and it was understandable that the site was perceived to be hacked,” a government statement said. “However, it has since been identified that the sites have not been hacked.”

Earlier on Friday, Defence Minister Nirmala Sitharaman had tweeted that the ministry’s website had been hacked and that the government was working to restore it.

“Needless to say, every possible step required to prevent any such eventuality in the future will be taken,” she wrote.

Screenshots shared on Twitter showed the website earlier displaying a Chinese character meaning a loose garment as worn by monks and an error message. Reuters could not independently verify the authenticity of the images.

India has in recent years increased focus on digital initiatives and security, but hacking attempts remain common. In 2016, 199 federal department and state government websites were hacked, government data showed.

Russia asks Facebook to explain curbs on some media accounts: RIA

02:08 0


MOSCOW (Reuters) - Russia’s communications watchdog said on Friday it had asked Facebook to explain why access had been restricted to the Facebook accounts of some Russian media organizations, RIA news agency said.

Roskomnadzor said it considered the restrictions to be a continuation of Facebook’s “unfriendly policy toward Russian users,” RIA said.

The report did not specify which accounts had been affected, but Roskomnadzor said the move by Facebook would make it harder for Russian and foreign social network users to follow the Russian news agenda.

Facebook said on Tuesday it had deleted hundreds of Russian accounts and pages associated with a “troll factory” indicted by U.S. prosecutors for fake activist and political posts in the 2016 U.S. election campaign.

Facebook said many of the deleted articles and pages came from Russia-based Federal News Agency, known as FAN, which they linked to the St Petersburg-based Internet Research Agency.

Facebook CEO Mark Zuckerberg told Reuters on Tuesday that the agency had “repeatedly acted to deceive people and manipulate people around the world, and we don’t want them on Facebook anywhere.”



Also Read:

Sunday, 1 April 2018

Cloudflare launches 1.1.1.1 privacy-first consumer DNS service that will speed up your internet

12:02 0

After all, on Easter, many people are busy with their families -- it will be very easy for technology news to get overlooked. Not to mention, companies often announce fake products on April Fool's -- anything announced will be questioned as being either real or not.That isn't stopping Cloudflare from announcing an ambitious (and real) new project, however. Today, the company announces a new consumer DNS service with a focus on privacy. Called "1.1.1.1" it quite literally uses that easy-to-remember IP address as the primary DNS server. Why announce on April Fool's Day? Because the IP is four ones and today's date is 4/1 -- clever. The secondary server is 1.0.0.1 -- also easy to remember.



The big question is why? With solid offerings from Google and Comodo, for instance, does the world need another DNS service? The answer is yes, because Cloudflare intends to focus on both speed, and more importantly, privacy.

"What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you've connected to, and your mobile network provider have a list of every site you've visited while using them," says Cloudflare.

The company further says, "Network operators have been licking their chops for some time over the idea of taking their users' browsing data and finding a way to monetize it. In the United States, that got easier a year ago when the Senate voted to eliminate rules that restricted ISPs from selling their users' browsing data. With all the concern over the data that companies like Facebook and Google are collecting on you, it worries us to now add ISPs like Comcast, Time Warner, and AT&T to the list. And, make no mistake, this isn't a US-only problem -- ISPs around the world see the same privacy-invading opportunity."


Sadly, DNS servers can be a weak link when attempting to surf the web securely. Cloudflare is aiming to not only create a more secure experience, but a faster one too. As you can see above, its new 1.1.1.1 service is quicker than both Google, OpenDNS, and the rest. Quite frankly, there is no reason not to give this new DNS service a try. Privacy? Speed?

If you do decide to give it a go, there are a couple of ways to do it. You should, of course, configure the DNS servers on each of your devices if possible, but you should also do so on your router. This way, anything that connects to your home network will utilize 1.1.1.1 when resolving DNS, including devices that don't provide access to DNS settings -- such as some IoT devices.

Setting it up

See https://1.1.1.1/ because it's that simple!

About those addresses

We are grateful to APNIC, our partner for the IPv4 addresses 1.0.0.1 and 1.1.1.1 (which everyone agrees is insanely easy to remember). Without their years of research and testing, these addresses would be impossible to bring into production. Yet, we still have a way to go with that. Stay tuned to hear about our adventures with those IPs in future blogs.

For IPv6, we have chosen 2606:4700:4700::1111 and 2606:4700:4700::1001 for our service. It’s not as easy to get cool IPv6 addresses; however, we’ve picked an address that only uses digits.

But why use easy to remember addresses? What’s special about public resolvers? While we use names for nearly everything we do; however, there needs to be that first step in the process and that’s where these number come in. We need a number entered into whatever computer or connected device you’re using in order to find a resolver service.

Anyone on the internet can use our public resolver and you can see how to do that by visiting https://1.1.1.1/ and clicking on GET STARTED.


Why announce it on April first?

For most of the world, Sunday is 1/4/2018 (in America the day/month is reversed as-in 4/1/2018). Do you see the 4 and the 1? We did and that’s why we are announcing 1.1.1.1 today. Four ones! If it helps you remember 1.1.1.1, then that’s a good thing!

Sure, It’s also April Fools' Day and for a good portion of people it’s a day for jokes, foolishness, or harmless pranks. This is no joke, this is no prank, this is no foolish act. This is DNS Resolver, 1.1.1.1 ! Follow it at #1dot1dot1dot1


Thursday, 29 March 2018

Leader of Hacking Group Who Stole $1 Billion From Banks Arrested In Spain

08:47 0


Spanish Police has arrested the alleged leader of an organised Russian cybercrime gang behind the Carbanak and Cobalt malware attacks, which stole over a billion euros from banks worldwide since 2013.
In a coordinated operation with law enforcement agencies across the globe, including the FBI and Europol, Police detained the suspected leader of Carbanak hacking group in Alicante, Spain.
Carbanak hacking group started its activities almost five years ago by launching a series of malware attack campaigns such as Anunak and Carbanak to compromise banks and ATM networks, from which they swiped millions of credit card details from US-based retailers.

According to the Europol, the group later developed a sophisticated heist-ready banking malware known as Cobalt, based on the Cobalt Strike penetration testing software, which was in use until 2016.

"The magnitude of the losses is significant: the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist,"  Europol said.


In order to compromise bank networks, the group sent malicious spear-phishing emails to hundreds of employees at different banks, which if opened, infected computers with Carbanak malware, allowing hackers to transfer money from the banks to fake accounts or ATMs monitored by criminals.
According to the authorities, the criminal profits were also laundered via cryptocurrencies, through prepaid cards linked to the cryptocurrency wallets, which were used to buy goods such as luxury cars and houses.
In early 2017, the gang of financially-motivated cybercriminals was found abusing various Google services to issue command and control (C&C) communications for monitoring and controlling the machines of itsIn separate news, Ukraine Police announced today the arrest of another member of Cobalt group in Kiev, for developing malware and selling personal data from citizens worldwide.
The suspect was working with Cobalt group since 2016 and also involved in cyber-espionage activities. He allegedly sold a variety of malicious software in underground markets that allows anyone to access and control victims' computers remotely.

"This global operation is a significant success for international police cooperation against a top-level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity," said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3).


"This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top-level cyber criminality." 

Tuesday, 27 March 2018

Xiaomi Launches 15.6″ Gaming Laptop with GeForce GTX 1060 Graphics Card

09:19 0



Xiaomi has been selling quite a few laptop models in China with high-end specifications and minimalistic design. Just the Mi smartphones, the Mi laptops also came with an aggressive price tag. Today, the company launched its first ever gaming laptop alongside the Mi MIX 2S smartphone. The company continues to launch the laptops without any logos.  Considering its a gaming laptop, Xiaomi added the 16M RGB backlighting for the keyboard & chassis.

It sports a 15.6-inch display with Full HD (1920 x 1080 pixels) resolution. With 9.9mm thin bezels, the Mi Gaming Laptop offers 81% screen-to-body ratio. It comes powered by the 7th gen Intel i7 processor and includes Nvidia GeForce GTX 1060 graphics card. The laptop comes with up to 16GB of RAM, 1TB HDD storage, and 256GB SSD. For the audio part, Xiaomi is including dual 3W speakers with Dolby Audio and Sony Hi-Res Audio support.

The Mi Gaming Laptop also measures just 20.9mm thick. On the connectivity front, the laptop comes with dual-antenna Wi-Fi, Bluetooth 4.1, 1 HDMI, 4 USB 3.0, 1 USB Type-C, 1 Gigabit Ethernet port, 2 3.5mm audio jack, and 3-in-1 card reader. While the basic M Gaming Laptop with Intel i5 chipset and GeForce GTX 1050 graphics card is priced at 5999 Yuan, the high-end variant with Intel i5 chipset and GeForce GTX T1060 graphics card costs 8999 Yuan.

Thursday, 22 March 2018

Google Hidden Tricks You Never Knew Before.Amazing!

11:00 0

Hey, Guys, Today I have come with some cool stuff on Google you haven't known before or tried. Some features really make you insane for a moment. So let's begin.

1. Do a barrel roll:-
Type word by word "do a barrel roll" without quotes in a google search. As you hit search its something cool happens. What have you seen cool eh?
If you tired of writing let I help you just click here Do a barrel roll

2. Askew:-
Next trick type "askew" in a google search. As you hit a search button you will find some tilt screen of google. Looks interesting right? Try it right now by clicking here Askew


3. Google gravity:-
Tired of full-day work on mobile or PC let's play the game with the google, go to google search and search for google gravity and hit the first link. You will find some amazing stuff never seen before. How's it looking cool?.
You can go directly from here Google gravity

4. Google space:-
Another better one to google gravity and more interesting is google space. Fly the google as you like just play google like you playing with a ball. Go and search on google with "Google space" hit the first link. And you will see the amazing stuff.
You can go directly from here Google space

5. Google underwater:-
Now you have already played with google search bar now it's time to fly the google search underwater. Look's interesting right? Go on a google search for google underwater and hit the first link. Really amazing stuff you really like it right?
If you haven't checked go directly from here Google underwater

6. Play a breakout game in google images:-
Have you even checkout you can play with google images if not checked yet try right now. You can play breakout game in google images. Really cool if you yet not known. Just go to google images search for "atari breakout" with quotes and try to go to desktop mode if you using mobile. Wow! You can now play the game on google images! Really cool right?
Check it right now if you tired of search Google images breakout game

7. Blink game:-
Oh! Tired of watching the screen lets blink for while. Here is another cool thing go on a google search for "blink HTML" without quotes. Try to switch desktop mode if you using a mobile device.
You go directly from here Blink Blink

8. Zerg rush:-
Now it's a search option which let you access lots of things in the google search bar with a great variety of the stuff. Just search "zerg rush" in google without quotes and hit the first search. Oh! now you can play guitar, play Pacman, play snake game and much more. Looks cool right?.
Checkout directly by clicking here Zerg rush

So, guys, that's some cool tricks and entertaining stuff you really like while doing work and get tired of, it will relive you for short time and it's really fun to play with google search bar.



Tuesday, 20 March 2018

THE NSA WORKED TO “TRACK DOWN” BITCOIN USERS, SNOWDEN DOCUMENTS REVEAL

11:51 0

INTERNET PARANOIACS DRAWN to Bitcoin have long indulged fantasies of American spies subverting the booming, controversial digital currency. Increasingly popular among get-rich-quick speculators, Bitcoin started out as a high-minded project to make financial transactions public and mathematically verifiable — while also offering discretion. Governments, with a vested interest in controlling how money moves, would, some of Bitcoin’s fierce advocates believed, naturally try and thwart the coming techno-libertarian financial order.

It turns out the conspiracy theorists were onto something. Classified documents provided by whistleblower Edward Snowden show that the National Security Agency indeed worked urgently to target Bitcoin users around the world — and wielded at least one mysterious source of information to “help track down senders and receivers of Bitcoins,” according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.

Although the agency was interested in surveilling some competing cryptocurrencies, “Bitcoin is #1 priority,” a March 15, 2013 internal NSA report stated.

The documents indicate that “tracking down” Bitcoin users went well beyond closely examining Bitcoin’s public transaction ledger, known as the Blockchain, where users are typically referred to through anonymous identifiers; the tracking may also have involved gathering intimate details of these users’ computers. The NSA collected some Bitcoin users’ password information, internet activity, and a type of unique device identification number known as a MAC address, a March 29, 2013 NSA memo suggested. In the same document, analysts also discussed tracking internet users’ internet addresses, network ports, and timestamps to identify “BITCOIN Targets.”

The agency appears to have wanted even more data: The March 29 memo raised the question of whether the data source validated its users, and suggested that the agency retained Bitcoin information in a file named “Provider user full.csv.” It also suggested powerful search capabilities against Bitcoin targets, hinting that the NSA may have been using its XKeyScore searching system, where the Bitcoin information and wide range of other NSA data was cataloged, to enhance its information on Bitcoin users. An NSA reference document indicated that the data source provided “user data such as billing information and Internet Protocol addresses.” With this sort of information in hand, putting a name to a given Bitcoin user would be easy.

The NSA’s budding Bitcoin spy operation looks to have been enabled by its unparalleled ability to siphon traffic from the physical cable connections that form the internet and ferry its traffic around the planet. As of 2013, the NSA’s Bitcoin tracking was achieved through program code-named OAKSTAR, a collection of covert corporate partnerships enabling the agency to monitor communications, including by harvesting internet data as it traveled along fiber optic cables that undergird the internet.

Specifically, the NSA targeted Bitcoin through MONKEYROCKET, a sub-program of OAKSTAR, which tapped network equipment to gather data from the Middle East, Europe, South America, and Asia, according to classified descriptions. As of spring 2013, MONKEYROCKET was “the sole source of SIGDEV for the BITCOIN Targets,” the March 29, 2013 NSA report stated, using the term for signals intelligence development, “SIGDEV,” to indicate the agency had no other way to surveil Bitcoin users. The data obtained through MONKEYROCKET is described in the documents as “full take” surveillance, meaning the entirety of data passing through a network was examined and at least some entire data sessions were stored for later analysis.

At the same time, MONKEYROCKET is also described in the documents as a “non-Western Internet anonymization service” with a “significant user base” in Iran and China, with the program brought online in summer 2012. It is unclear what exactly this product was, but it would appear that it was promoted on the internet under false pretenses: The NSA notes that part of its “long-term strategy” for MONKEYROCKET was to “attract targets engaged in terrorism, [including] Al Qaida” toward using this “browsing product,” which “the NSA can then exploit.” The scope of the targeting would then expand beyond terrorists. Whatever this piece of software was, it functioned a privacy bait and switch, tricking Bitcoin users into using a tool they thought would provide anonymity online but was actually funneling data directly to the NSA.

The hypothesis that the NSA would “launch an entire operation overseas under false pretenses” just to track targets is “pernicious,” said Matthew Green, assistant professor at the Johns Hopkins University Information Security Institute. Such a practice could spread distrust of privacy software in general, particularly in areas like Iran where such tools are desperately needed by dissidents. This “feeds a narrative that the U.S. is untrustworthy,” said Green. “That worries me.”

The NSA declined to comment for this article. The Bitcoin Foundation, a nonprofit advocacy organization, could not immediately comment.

Sunday, 18 March 2018

Warning – 3 Popular VPN Services Are Leaking Your IP Address

01:41 0

Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data.
VPN, or Virtual Private Network, is a great way to protect your daily online activities that work by encrypting your data and boosting security, as well as useful to obscure your actual IP address.
While some choose VPN services for online anonymity and data security, one major reason many people use VPN is to hide their real IP addresses to bypass online censorship and access websites that are blocked by their ISPs.


But what if when the VPN you thought is protecting your privacy is actually leaking your sensitive data and real location?
A team of three ethical hackers hired by privacy advocate firm VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate—with millions of customers worldwide were found vulnerable to flaws that could compromise user's privacy.
The team includes application security researcher Paulos Yibelo, an ethical hacker known by his alias 'File Descriptor' and works for Cure53, and whereas, the identity of third one has not been revealed on demand.
PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case.
After a series of privacy tests on the three VPN services, the team found that all three VPN services are leaking their users' real IP addresses, which can be used to identify individual users and their actual location.
Concerning consequences for end users, VPN Mentor explains that the vulnerabilities could "allow governments, hostile organizations [sic], or individuals to identify the actual IP address of a user, even with the use of the VPNs."
The issues in ZenMate and PureVPN have not been disclosed since they haven't yet patched, while VPN Mentor says the issues discovered in ZenMate VPN were less severe than HotSpot Shield and PureVPN.



The team found three separate vulnerabilities in AnchorFree's HotSpot Shield, which have been fixed by the company. Here's the list:
  • Hijack all traffic (CVE-2018-7879) — This vulnerability resided in Hotspot Shield’s Chrome extension and could have allowed remote hackers to hijack and redirect victim's web traffic to a malicious site.
  • DNS leak (CVE-2018-7878) — DNS leak flaw in Hotspot Shield exposed users' original IP address to the DNS server, allowing ISPs to monitor and record their online activities.
  • Real IP Address leak (CVE-2018-7880) — This flaw poses a privacy threat to users since hackers can track user's real location and the ISP. the issue occurred because the extension had a loose whitelist for "direct connection." Researchers found that any domain with localhost, e.g., localhost.foo.bar.com, and 'type=a1fproxyspeedtest' in the URL bypass the proxy and leaks real IP address.

Here it must be noted that all the three vulnerabilities were in the HotSpot Shield's free Chrome plug-in, not in the desktop or smartphone apps.
The researchers also reported similar vulnerabilities in the Chrome plugins of Zenmate and PureVPN, but for now, the details of the bugs are being kept under wraps since both the manufacturers have not yet fixed them.
Researchers believe that most other VPN services also suffer from similar issues.

Twitter hunting jihadists accounts

01:34 0

Twitter hunting jihadists accounts: They have been closed over 125,000 online profiles with “terrorist content”

Microblogging platform, Twitter, has begun using antispam technology to detect accounts that promote terrorism, suspending in recent months, 125,000 online profiles with Islamist character,  informs  The New York Times. The Twitter company has launched this campaign to urge of Administration of Washington, who asked online social networks to intensify actions to combat terrorist messages.

Online social networks have become a recruiting tool and radicalization used by groups such as  Islamic State terrorist organization. Twitter, based in San Francisco American city, announced additional staff specialized in the detection of terrorist content to reduce “significant” reaction time. Twitter experts use technology similar to anti-spam to detect and suspend accounts that promote terrorism.

Barack Obama administration welcomed the microblogging platform announcement.
“We committed to take all possible measures to block terrorist activities, including in cyberspace; welcome the measures taken by the private partners in this field”, has sent the White House.

Massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide.

01:28 0


Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide.

Dubbed RottenSys, the malware that disguised as a 'System Wi-Fi service' app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain.
All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign.


According to Check Point Mobile Security Team, who uncovered this campaign, RottenSys is an advanced piece of malware that doesn't provide any secure Wi-Fi related service but takes almost all sensitive Android permissions to enable its malicious activities.

"According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were infected by RottenSys," researchers said.

To evade detection, the fake System Wi-Fi service app comes initially with no malicious component and doesn’t immediately start any malicious activity.
Instead, RottenSys has been designed to communicate with its command-and-control servers to get the list of required components, which contain the actual malicious code.
RottenSys then downloads and installs each of them accordingly, using the "DOWNLOAD_WITHOUT_NOTIFICATION" permission that does not require any user interaction.

Hackers Earned $115,000 in Just Last 10 Days


t this moment, the massive malware campaign pushes an adware component to all infected devices that aggressively displays advertisements on the device’s home screen, as pop-up windows or full-screen ads to generate fraudulent ad-revenues.

"RottenSys is an extremely aggressive ad network. In the past 10 days alone, it popped aggressive ads 13,250,756 times (called impressions in the ad industry), and 548,822 of which were translated into ad clicks," researchers said.

According to the CheckPoint researchers, the malware has made its authors more than $115,000 in the last 10 days alone, but the attackers are up to "something far more damaging than simply displaying uninvited advertisements."
Since RottenSys has been designed to download and install any new components from its C&C server, attackers can easily weaponize or take full control over millions of infected devices.
The investigation also disclosed some evidence that the RottenSys attackers have already started turning millions of those infected devices into a massive botnet network.
Some infected devices have been found installing a new RottenSys component that gives attackers more extensive abilities, including silently installing additional apps and UI automation.




How to Detect and Remove Android Malware?

To check if your device is being infected with this malware, go to Android system settings→ App Manager, and then look for the following possible malware package names:
com.android.yellowcalendarz (每日黄历)
com.changmi.launcher (畅米桌面)
com.android.services.securewifi (系统WIFI服务)
com.system.service.zdsgt
If any of above is in the list of your installed apps, simply uninstall it.

Saturday, 10 March 2018

Bitcoin-Mining Computers Worth $2 Million Stolen In Iceland

02:21 0
  

Around 600 powerful devices specifically designed for mining bitcoin and other cryptocurrencies have been stolen from Icelandic data centers in what has been dubbed the "Big Bitcoin Heist."
To make a profit, so far criminals have hacked cryptocurrency exchanges, spread mining malware, and ransomware—and even kidnapped cryptocurrency investors for ransom and tried to rob a bitcoin exchange, but now the greed has reached another level.
The powerful computers are estimated to be worth around $2 million, Associated Press reports, and are used to generate cryptocurrency that at the time of this writing are worth $11,500 each.

The theft, which took place between late December and early January, is one of the biggest series of robberies Iceland has ever experienced, according to law enforcement.

This is grand theft on a scale unseen before," said Police Commissioner Olafur Helgi Kjartansson of the southwestern Reykjanes peninsula.

There were four different burglaries (three in December and one in January) in total that took place at various locations, two of which went down on the southwestern Reykjanes peninsula.
The thefts, which also included burglary of 600 graphics cards, 100 processors, 100 power supplies, 100 motherboards and 100 sets of computer memory, were captured on CCTV cameras by Advania, the server company reportedly hit by two of the three thefts.

Although the stolen computers have not yet been found, police arrested 11 suspects as part of the investigation of the incident, one of whom worked as a security guard.

On Friday, the Reykjanes District Court expressed restraint, releasing nine people on bail and leaving only two people under arrest.
Iceland is home to the data centers of a number of the cryptocurrency mining companies because the mining process is extremely energy-intensive, and renewable energy is cheap there. Almost 100 percent of the power generated in the country comes from renewable sources.

The police are currently tracking high energy consumption areas across Iceland in hopes the thieves will turn the stolen servers on, which could potentially lead them back to the stolen servers' location.
The authorities are also contacting internet service providers (ISPs), electricians and storage units, asking them to report any sudden spike in power usage or other signs the stolen servers had been reconnected.

The police have currently held off from telling the public about the incident for a while, in order not to compromise their investigation.

More then 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days

01:49 0
Memcached reflections that recently fueled two most largest amplification DDoS attacks in the history have also helped other cybercriminals launch nearly 15,000 cyber attacks against 7,131 unique targets in last ten days, a new report revealed.
Chinese Qihoo 360's Netlab, whose global DDoS monitoring service 'DDosMon' initially spotted the Memcached-based DDoS attacks, has published a blog post detailing some new statistics about the victims and sources of these attacks.
The list of famous online services and websites which were hit by massive DDoS attacks since 24th February includes Google, Amazon, QQ.com, 360.com, PlayStation, OVH Hosting, VirusTotal, Comodo, GitHub (1.35 Tbps attack), Royal Bank, Minecraft and RockStar games, Avast, Kaspersky, PornHub, Epoch Times newspaper, and Pinterest.


Overall, the victims are mainly based in the United States, China, Hong Kong, South Korea, Brazil, France, Germany, the United Kingdom, Canada, and the Netherlands.





According to Netlab researchers, the frequency of attacks since 24th February has increased dramatically, as listed below:
  • Before 24th February, the day when Memcached-based DDoS attacks were first spotted, the daily average was less than 50 attacks.
  • Between 24th and 28th February, when Memcached as a new amplification attack vector was not publicly disclosed and known to a small group of people, the attacks raised to an average of 372 attacks per day.
  • Soon after the first public report came on 27th February, between 1st and 8th March, the total number of attacks jumped to 13,027, with an average of 1,628 DDoS attack events per day.


Netlab's 360 0kee team initially discovered the Memcached vulnerability in June 2017 and disclosed (presentation) it in November 2017 at a conference, but its researchers have hardly seen any Memcache DDoS attacks since then.




The maximum number of active vulnerable Memcached servers at a time that participated in the DRDoS attacks was 20,612.
I don't want to exaggerate this but expect hundreds of thousands of Memcached-based DDoS attacks in coming days, as hackers and researchers have now released multiple easy-to-execute exploits that could allow anyone to launch Memcached amplification attacks.
However, researchers have also discovered a 'kill-switch' technique that could help victims mitigate Memcached DDoS attacks efficiently.
Despite multiple warnings, over 12,000 vulnerable Memcached servers with UDP support enabled are still exposed on the Internet, which could fuel more cyber attacks.
Therefore, server administrators are strongly advised to install the latest Memcached 1.5.6 version which disables UDP protocol by default to prevent amplification/reflection DDoS attacks.

Saturday, 3 March 2018

DDoS Attacks Now Launched with Monero Ransom Notes

23:59 0


On Wednesday, February 28, 2018, GitHub's code hosting website hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps.
Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.
Earlier this week we published a report detailing how attackers could abuse Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attack than its original strength

Dubbed Memcrashed, the amplification DDoS attack works by sending a forged request to the targeted Memcrashed server on port 11211 using a spoofed IP address that matches the victim's IP.
A few bytes of the request sent to the vulnerable server trigger tens of thousands of times bigger response against the targeted IP address.

"This attack was the largest attack seen to date by Akamai, more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed," said Akamai, a cloud computing company that helped Github to survive the attack.
In a post on its engineering blog, Github said, "The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the Memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second."


Expect More Record-Breaking DDoS Attacks

Though amplification attacks are not new, this attack vector evolves thousands of misconfigured Memcached servers, many of which are still exposed on the Internet and could be exploited to launch potentially more massive attacks soon against other targets.
To prevent Memcached servers from being abused as reflectors, administrators should consider firewalling, blocking or rate-limiting UDP on source port 11211 or completely disable UDP support if not in use.









Monday, 26 February 2018

The Greatest Leak of all Time – Source Code Hacked!

07:27 0

iBOOT Source Code News



This software can allow hackers to find security loops on iPhones. The release does not affect or harms any iPhone security immediately but it can be used as a source code or to analyze the source code that Apple uses. “Delete” can be used by hackers to replicate or manipulate the source code of Apple and can be used by hackers to affect any iPhones in future. On Wednesday an unknown user of GitHub posted this source code on the website. The website is popularly known for sharing source code by hackers or software developers. It is still unclear how the iBoot source code leaked but it is potentially the biggest leak in the history of Apple.

iBoot: Statements regarding the incident

A popular writer Levin, who has written a lot of books on iOS and Mac OS says that “it’s a huge issues that the iBoot code got leaked. iBoot is the one of the components that Apple has been holding onto still encrypting its 64 bit image and now its wide open in source code form.”
According to reverse engineer, the code is real and can be useful to the hackers. Reports are saying that iBoot code is from iOS 9 but it doesn’t change the fact that it can’t be used or is harmless. It can be used to find loopholes in Apple security patch. Some reports are saying that Apple still uses the same components in the latest version of iOS.

Anyone can discover issues related to iboot which can be used to create new jailbreaks or new ways to decrypt any iPhone. This “iBoot” system’s details’ are given in this blueprint. Hackers can also use the leaked information to create new malwares or surveillance tool for any victim’s device.

iBoot: Apple’s secrecy

Apple is known to keep its source codes hidden so that no one can steal the important information about the software which can create vulnerabilities and can further be used to break the security of iPhones. Apple runs a bug bounty program in which white hat hackers and Eagle Eye security researchers help to find security loop holes in Apple devices source code. In exchange of these information or security loop holes, Apple offers a huge sum of money. Rewards are mostly dependent upon the severity of the security loophole. Some websites also state that the delete source code is around 2 million dollar, as it is one of the most important components in Apple’s security system.

Thursday, 15 February 2018

A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac

23:30 0

A Single-Character Message (in Telugu — the 3rd Most Spoken Indian Language) Can Crash Any Apple #iPhone, iPad and Mac.


Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail.
First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of their operating software.
Like previous 'text bomb' bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Telugu—a native Indian language spoken by about 70 million people in the country.



Once the recipient receives a simple message containing the symbol or typed that symbol into the text editor, the character immediately instigates crashes on iPhones, iPads, Macs, Apple Watches and Apple TVs running Apple's iOS Springboard.
Apps that receive the text bomb tries to load the character, but fails and refuses to function properly until the character is removed—which usually can be done by deleting the entire conversation.


The easiest way to delete the offending message is by asking someone else to send a message to the app that is crashing due to the text bomb. This would allow you to jump directly into the notification and delete the entire thread containing the character.
The character can disable third-party apps like iMessage, Slack, Facebook Messenger, WhatsApp, Gmail, and Outlook for iOS, as well as Safari and Messages for the macOS versions.
Telegram and Skype users appear to be unaffected by the text bomb bug.



Apple was made aware of the text bomb bug at least three days ago, and the company plans to address the issue in an iOS update soon before the release of iOS 11.3 this spring.
The public beta version of iOS 11.3 is unaffected.
Since so many apps are affected by the new text bomb, bad people can use the bug to target Apple users via email or messaging or to create mass chaos by spamming the character across an open social platform.