Posts

Showing posts with the label The Hacker News

Passwords For 500,000 Car Tracking Devices Leaked Online

Image
Another day, another news about a data breach, though this is something disconcerting.

Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service.

Just two days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach is yet another example of storing sensitive data on a misconfigured cloud server.

The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period.

Stands for Stolen Vehicle Records, the SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location, so their customers can monitor and recover…

Linux Trojan Using Hacked IoT Devices to Send Spam Emails

Image
Botnets, like Mirai, that are capable of infecting Linux-based internet-of-things (IoT) devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service (DDoS) attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings.

New research conducted by Russian security firm Doctor Web has revealed that a Linux Trojan, dubbed Linux.ProxyM that cybercriminals use to ensure their online anonymity has recently been updated to add mas spam sending capabilities to earn money.

The Linux.ProxyM Linux Trojan, initially discovered by the security firm in February this year, runs a SOCKS proxy server on an infected IoT device and is capable of detecting honeypots in order to hide from malware researchers.

Linux.ProxyM can operate on almost all Linux device, including routers, set-top boxes, and other equipment having the following architectures: x86, MIPS, PowerPC, MIPSEL, ARM, Motorola 68000, Superh and SPARC.

Here's How …

ISPs May Be Helping Hackers to Infect you with FinFisher Spyware

Image
Are you sure the version of WhatsApp, or Skype, or VLC Player installed on your device is legitimate?

Security researchers have discovered that legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player and WinRAR have reportedly been compromised at the ISP level to distribute the infamous FinFisher spyware also known as FinSpy.

FinSpy is a highly secret surveillance tool that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies across the world.

The spyware has extensive spying capabilities on an infected computer, including secretly conducting live surveillance by turning ON its webcams and microphones, recording everything the victim types with a keylogger, intercepting Skype calls, and exfiltration of files.

In order to get into a target's machine, FinFisher usually uses various attack vectors, including spear phishing, manual installation with p…

SEC Discloses Hackers Broke Into Edgar Corporate Filing System Last Year

Image
This month has been full of breaches.

Now, the Securities and Exchange Commission (SEC), the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information.

On Wednesday, the SEC announced that its officials learnt last month that a previously detected 2016 cyber attack, which exploited a "software vulnerability" in the online EDGAR public-company filing system, may have "provided the basis for illicit gain through trading."

EDGAR, short for Electronic Data Gathering, Analysis, and Retrieval, is an online filing system where companies submit their financial filings, which processes around 1.7 million electronic filings a year.

The database lists millions of filings on corporate disclosures—ranging from quarterly earnings to sensitive and confidential information on mergers and acquisitions, which could be used for insider-trading or manipulating U.S. equity…

CCleaner Malware Infects Big Tech Companies With Second Backdoor

Image
The group of unknown hackers who hijacked CCleaner's download server to distribute a malicious version of the popular system optimization software targeted at least 20 major international technology companies with a second-stage payload.

Earlier this week, when the CCleaner hack was reported, researchers assured users that there's no second stage malware used in the massive attack and affected users can simply update their version in order to get rid of the malicious software.

However, during the analysis of the hackers' command-and-control (C2) server to which the malicious CCleaner versions connected, security researchers from Cisco's Talos Group found evidence of a second payload (GeeSetup_x86.dll, a lightweight backdoor module) that was delivered to a specific list of computers based on local domain names.

Affected Technology Firms 
According to a predefined list mentioned in the configuration of the C2 server, the attack was designed to find computers inside the n…

APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware

Image
Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea.

According to the latest research published Wednesday by US security firm FireEye, an Iranian hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and military sectors since at least 2013 as part of a massive cyber-espionage operation to gather intelligence and steal trade secrets.

The security firm also says it has evidence that APT33 works on behalf of Iran's government.

FireEye researchers have spotted cyber attacks aimed by APT33 since at least May 2016 and found that the group has successfully targeted aviation sector—both military and commercial—as well as organisations in the energy sector with a link to petrochemical.

The APT33 victims include a U.S. firm in the aerospace sector, a Saudi Arabian business conglomerate with aviation hold…

Hacker Can Steal Data from Air-Gapped Computers Using IR CCTV Cameras

Image
Air-gapped computers that are isolated from the Internet and physically separated from local networks are believed to be the most secure computers which are difficult to infiltrate.

However, these networks have been a regular target in recent years for researchers, who have been trying to demonstrate every possible attack scenarios that could compromise the security of such isolated networks.

Security researchers from Ben-Gurion University in Israel have previously demonstrated several ways to extract sensitive information from air-gapped computers.

Now, the same University researchers have discovered another way to steal confidential information from air-gapped computers – this time with the help of infrared-equipped CCTV cameras that are used for night vision.

Researchers have developed a new attack scenario, dubbed aIR-Jumper, which includes an infected air-gapped computer (from which data needs to be stolen) and an infected CCTV network (that has at least one CCTV installed insid…

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

Image
Viacom—the popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.

A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing roughly a gigabyte's worth of credentials and configuration files for the backend of dozens of Viacom properties.

These exposed credentials discovered by UpGuard researcher Chris Vickery would have been enough for hackers to take down Viacom's internal IT infrastructure and internet presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures and Nickelodeon.

Among the data exposed in the leak was Viacom's master key to its Amazon Web Services account, and the credentials required to build and maintain Viacom servers across its many subsidiaries and do…

Here’s How Hackers Can Hijack Your Online Bitcoin Wallets

Image
Researchers have been warning for years about critical issues with the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks.

Despite fixes being available for years, the global cellular networks have consistently been ignoring this serious issue, saying that the exploitation of the SS7 weaknesses requires significant technical and financial investment, so is a very low risk for people.

However, earlier this year we saw a real-world attacks, hackers utilised this designing flaw in SS7 to drain victims' bank accounts by intercepting two-factor authentication code (one-time passcode, or OTP) sent by banks to their customers and redirecting it to themselves.

If that incident wasn't enough for the global telecoms networks to consider fixing the flaws, white hat hackers from Positive Technologies now demonstrated how cybercriminals could e…

Red Alert 2.0: New Android Banking Trojan for Sale on Hacking Forums

Image
The Recent discoveries of dangerous variants of the Android banking Trojan families, including Faketoken, Svpeng, and BankBot, present a significant threat to online users who may have their login credentials and valuable personal data stolen.

Security researchers from SfyLabs have now discovered a new Android banking Trojan that is being rented on many dark websites for $500 per month, SfyLabs' researcher Han Sahin told The Hacker News.

Dubbed Red Alert 2.0, the Android banking malware has been fully written from scratch, unlike other banking trojans, such as BankBot and ExoBot, which were evolved from the leaked source code of older trojans.

The Red Alert banking malware has been distributed via many online hacking forums since last few months, and its creators have continuously been updating the malware to add new functionalities in an effort to make it a dangerous threat to potential victims.

Malware Blocks Incoming Calls from Banks
Like most other Android banking trojans, Red…

The Pirate Bay Caught Running Browser-Based Cryptocurrency Miner

Image
The world's popular torrent download website, The Pirate Bay, has again been in a new controversy—this time over secretly planting an in-browser cryptocurrency miner on its website that utilizes its visitors' CPU processing power in order to mine digital currencies.

The Pirate Bay is the most popular and most visited file-sharing website predominantly used to share copyrighted material free of charge. The site has usually been in the news for copyright infringement by movie studios, music producers and software creators.

The Pirate Bay has recently been caught generating revenue by secretly utilizing CPU power of its millions of visitors to mine a Bitcoin alternative called Monero without their knowledge.

The modern Internet depends on advertising revenue to survive, which apparently sometimes spoils users' experience. But The Pirate Bay is trying to choose a different approach.

Visitors to the Pirate Bay recently discovered a JavaScript-based cryptocurrency miner from Co…

Warning: CCleaner Hacked to Distribute Malware; Over 2.3 Million Users Infected

Image
If you have downloaded or updated CCleaner application on your computer between 15 August and September 12 of this year from its official website, then pay attention—your computer has been compromised.

CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance.

Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.

This incident is yet another example of supply chain attack. Earlier this year, update servers of a Ukrainian company called MeDoc were also compromised in the same way to distribute the Petya ransomware, which wreaked havoc worldwide.

Avast and Piriform have both confirmed that the Windows 32-bi…

Become A Certified Hacker – 5 Online Learning Courses for Beginners

Image
Hacking is not a trivial process, but it does not take too long to learn. If you want to learn Ethical Hacking and Penetration testing, you are at right place.

We frequently receive emails from our readers on learning how to hack, how to become an ethical hacker, how to break into computers, how to penetrate networks like a professional, how to secure computer systems and networks, and so on.

Wait! Wait! Don't associate hacking negative, as one of the best ways to test the security of anything is to breach it, just like hackers.

A way to become an ethical hacker is to get a good computer hacking course, and if you're interested in getting started down the path of cybersecurity, the Computer Hacker Professional Certification Package is a great resource.

This week's featured deal from THN Deals Store brings you 96% discount on an excellent, best-selling online training course: Computer Hacker Professional Certification Package.

Since there is a huge demand for ethical hacke…

Unpatched Windows Kernel Bug Could Help Malware Hinder Detection

Image
A 17-year-old programming error has been discovered in Microsoft's Windows kernel that could prevent some security software from detecting malware at runtime when loaded into system memory.

The security issue, described by enSilo security researcher Omri Misgav, resides in the kernel routine "PsSetLoadImageNotifyRoutine," which apparently impacts all versions of Windows operating systems since Windows 2000.

Windows has a built-in API, called PsSetLoadImageNotifyRoutine, that helps programs monitor if any new module has been loaded into memory. Once registered, the program receives notification each time a module is loaded into memory. This notification includes the path to the module on disk.

However, Misgav found that due to "caching behaviour, along with the way the file-system driver maintains the file name and a severe coding error," the function doesn't always return the correct path of the loaded modules.

What's bad? It seems like Microsoft has n…

Vevo Music Video Service Hacked — 3.12TB of Internal Data Leaked

Image
OurMine is in headlines once again—this time for breaching the popular video streaming service Vevo.

After hunting down social media accounts of HBO and defacing WikiLeaks website, the infamous self-proclaimed group of white hat hackers OurMine have hacked Vevo and leaked about 3.12 TB worth of internal files.

Vevo is a joint venture between Sony Music Entertainment, Universal Music Group, Abu Dhabi Media, Warner Music Group, and Google's parent company Alphabet Inc.

OurMine managed to get hold of Vevo's "sensitive" data including its internal office documents, videos and promotional materials after the hacking collective successfully hacked into the Vevo servers.

The group then posted the stolen documents (approximately 3.12 terabytes) from Vevo on its website on late Thursday, though OurMine removed the stolen information from its website on Vevo's request.

Although it's not clear what prompted OurMine to hack Vevo, the group noted on its website that it i…

Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

Image
Even after so many efforts by Google, malicious apps somehow managed to fool its Play Store's anti-malware protections and infect people with malicious software.

The same happened once again when at least 50 apps managed to make its way onto Google Play Store and were successfully downloaded as many as 4.2 million times—one of the biggest malware outbreaks.

Security firm Check Point on Thursday published a blog post revealing at least 50 Android apps that were free to download on official Play Store and were downloaded between 1 million and 4.2 million times before Google removed them.

These Android apps come with hidden malware payload that secretly registers victims for paid online services, sends fraudulent premium text messages from victims' smartphones and leaves them to pay the bill—all without the knowledge or permission of users.

Dubbed ExpensiveWall by Check Point researchers because it was found in the Lovely Wallpaper app, the malware comes hidden in free wallpaper…

75,000 Turks Arrested So Far for Downloading Encrypted Messaging App

Image
WARNING: If you are Turkish and using or have installed ByLock—a little-known encrypted messaging app—you could be detained by Turkish authorities.

You might be thinking why???

Because using this app in Turkish is illegal since last year.

The background story begins here...

Remember the deadliest Turkey's failed coup attempt?

In July 2016, a section of the Turkish military launched a coordinated operation—by deploying soldiers, tanks on the streets of major Turkish cities—to topple the government and unseat President Recep Tayyip Erdogan.

The Turkish government blamed Muhammed Fethullah Gülen, a Turkish preacher who lives in the United States, for leading the July 15-16 attempted coup, though Gülen denied any involvement.

In the aftermath of the coup attempt, Milli İstihbarat Teşkilatı (MİT), the Turkish intelligence agency investigated and found that the ByLock messaging app was used as a communication tool by tens of thousands of Gülen movement followers to coordinate the coup.

Windows 10 to Give More Control Over App-level Permissions

Image
Microsoft has been gradually changing its privacy settings in Windows 10 with the Fall Creators Update to give its users more controls over their data.

In April, Microsoft addressed some initial privacy concerns in the Windows 10 Creators Update with simplified data collection levels—Security, Basic, Enhanced, and Full—and eventually revealed its data collection practices.

Now, the software giant is making another privacy-related change with the upcoming Windows 10 Fall Creators Update, which is due for release in October 2017, giving you much more control over what apps can do with your device.

Just like apps on your smartphone's app store, apps on Windows Store also require permission to access your computer's critical functionalities like camera, microphone, calendar, contacts, and music, pictures and video libraries.

While Android and iOS allow you to limit an app's permissions to access these sensitive things, these permissions have currently been provided to all app…

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

Image
The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed.

Credit rating agency Equifax is yet another example of the companies that became victims of massive cyber attacks due to not patching a critical vulnerability on time, for which patches were already issued by the respected companies.

Rated critical with a maximum 10.0 score, the Apache Struts2 vulnerability (CVE-2017-5638) exploited in the Equifax breach was disclosed and fixed by Apache on March 6 with the release of Apache Struts version 2.3.32 or 2.5.10.1.

This flaw is separate from CVE-2017-9805, another Apache Struts2 vulnerability that was patched earlier this month, which was a programming bug that manifests due to the way Struts REST plugin handles XML payloads while deserializing them, and was fixed in Struts version 2.5.13.

Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments

Image
It seems like Tor Browser zero-day exploits are in high demand right now—so much so that someone is ready to pay ONE MILLION dollars.

Zerodium—a company that specialises in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system.

Zero-day exploit acquisition platform has also published some rules and payout details on its website, announcing that the payout for Tor exploits with no JavaScript has been kept double than those with JavaScript enabled.

The company has also clearly mentioned that the exploit must leverage remote code execution vulnerability, the initial attack vector should be a web page and it should work against the latest version of Tor Browser.

Moreover, the zero-day Tor exploit must work without requiring any user interaction, except for victims to visit a web page.

Other attack vectors such as delivery via malicious document are…