Tag Archive | "web security"

Tags: , , , ,

Anonymous Hacker Group Vows to Wipe ISIS off of the Internet

Posted on 18 November 2015 by GranTorinoGuy

The recent terrorist attacks in Paris France has been very unfortunate and sad accounting for the deaths of over 100 people. Just after the identification of the perpetrators being the well-known ISIS terrorist group, hackers from the infamous Anonymous group set out to attack ISIS on the internet front and now have vowed to wipe ISIS off of the internet.

The Anonymous hacker group has long been known for their efforts to attack companies or organizations that do something against their personal morals or beliefs. As it turns out, aggressive terrorism carried out by ISIS in the recent Paris, France killings has Anonymous angered and pushed them to take action to take well-over 5,500 of ISIS-owned Twitter accounts down, release a “How to Hack ISIS” guide, and perform other actions to essentially attack and dismantle ISIS over the Internet.

In a YouTube video posted recently (below), Anonymous makes a threat directly at ISIS saying “Expect massive cyber-attacks. War is declared, Get prepared.”

In the normal fashion of Anonymous, the video above makes their threat known to the public using their customary signatures.

Through the use of an #OpParis effort and website, Anonymous its targeting ISIS with everything they have all over the Internet. Through these efforts, Anonymous may somehow become an ally among law enforcement agencies around the world who also look to take ISIS down and put an end to their terror.

Do you think Anonymous will have any luck in helping with the take-down of ISIS or disrupt them in any way other than what has already been done with ISIS-member Twitter accounts?

Popularity: 28%

Comments (0)

Tags: , ,

Emoji Passcode App Bids to Replace Traditional Pin Numbers and Passwords

Posted on 19 June 2015 by GranTorinoGuy

Let’s face it, remembering pin numbers and passwords are a real pain. In today’s social network-driven world where our lives thrive virtually on the internet, we must remember multiple passwords regardless of certain types of software attempting to manage a vast utopia of passcodes. As an answer to the daunting task of remembering passwords, a British financial services tech firm is announcing Emoji Passcode, a mobile app that allows users to access online accounts by typing in emoji-based pins and passwords.

Emojis have long been that friendly-looking icon on many platforms, mostly used on social networks, text messages or other contextual forms of communication through our internet waves. Uses of emoji icons have conveyed many different things from a simple smiley face to a devil with horns, the possibilities with such graphical icons are nearly endless. To boot, the combinations that can be formed using emojis as pin combinations surpasses how many permutations you can get out of a short pin number.

The clever use of emojis as passwords is nearly ingenious. Some people will retain the combination of emojis better than they would with simple letter and number combinations. It would prove those with a visual learning curve to quickly adopt such a concept.

Emoji Passcode would be a new way for companies who have online logins to give their consumers new options and potentially a better way of safeguarding their account and personal information. Additionally, Emoji Passcode could replace traditional pin numbers used on certain platforms and who knows, it could be a new way of accessing an ATM machine on a local scale.

The principals behind Emoji Passcode seem to be worthy of implementation in some of the highest levels of security over the internet. The promotional video below reiterates the potential effectiveness and security of what the developers and marketers of Emoji Passcode have in store. The question is, would you give it a try and ultimately trust it?

Popularity: 7%

Comments (0)

Tags: , , , , ,

US Requiring HTTPS for all Public Government Websites

Posted on 09 June 2015 by GranTorinoGuy

Lately U.S. government websites have been the brunt of attacks where hackers found ways to deface some of them and collect sensitive data in other cases. To put a stop to this chaos, it is being mandated by the U.S. government that all public government websites utilizing the HTTPS security protocol.

HTTPS deployment is an assurance of a website having authenticated communications with the data sent back and forth over the internet. With HTTPS, which is known as HTTP over SSL or HTTP Secure, websites are encrypted and decrypted with the information that they transmit. Basically, use of HTTPS will make the data transmitted to and from government websites encrypted where attackers could not compromise the information or use it to wage an attack against the sites.

Computer users who often surf the web visiting financial sites or make purchases on legitimate shopping sites are accustomed to seeing a HTTPS site load where the URL field of most web browsers is highlighted green or shows a lock icon. In such cases of using HTTPS, the site prevents eavesdropping and will ultimately ensure the U.S. government of information transmitted over the vast internet being secure.

With the actions of the government making all publicly accessible sites use HTTPS, it will be difficult for third parties to intercept communications. In the end, this will fortify the U.S. government and make the sites secure for all users, not use those outside of the U.S. government.

The U.S. CIO, Tony Scott, said, “With this new requirement, the Federal web community seeks to drive faster internet-wide adoption of HTTPS and promote better privacy standards for the entire browsing public.”

With Edward Snowden’s many revelations about the U.S. government and their alleged snooping on the public, the irony gets thick as attackers and hacker activist groups wage war on many U.S. government sites that have proven to be vulnerable.

In March, the proposal of mandatory use of HTTPS was issued after the government started accepting comments on its plans from the security community and public. As it turns out, the consideration is a real thing and is in process of being deployed.

Popularity: 15%

Comments (0)

Tags: , , , ,

Ramnit Botnet Extends Infection Reach To Over 28 Countries and 500,000 Computers

Posted on 11 March 2015 by GranTorinoGuy

The Ramnit malware threat, which has recently evolved into a dangerous botnet, is extending its presence across the world infecting hundreds of thousands of computers. The systems infected with Ramnit may be used to exploit online banking accounts, much like how other well-known botnets have done in the past.

Among many of the banking theft botnets, Ramnit is a bit late to the game getting its start in 2010, then recognized as a computer worm threat. Now, after an update through as many as two command and control servers, Ramnit has the ability to shut down security applications including all security components of Windows.

The expansion of Ramnit tends to lead experts down a path where such an infection may reach over a million computers before it is stopped in its tracks. Because of the unsurpassed sophistication of Ramnit, it has an upper hand to evade tracking and detection.

Dynamic IPs used by Ramnit on infected systems makes it difficult to track them down. Additionally, in the past six months Microsoft researchers have seen more than 500,000 systems become infected making the growth rate of Ramnit rather alarming.

The vast spread of Ramnit has reached more than 28 countries, and that number is bound to go up. Among those 28 countries, the most compromised systems reside in Indonesia with about 90,925 in total accounting for 26.27% according to Symantec’s data in recording this infection thus far. India is second in line with 80,144 infections at a 23.16% rate with Vietnam at 37,708 and a 10.03% rate with Algeria at 5.73% and Thailand at 4.84% completing the top 5 locations.

Other regions of the world account for 23 countries where Ramnit has reached, including the UK Egypt, Philippines, Saudi Arabia, Pakistan, Iran, Azerbaijan, Morocco, Nepal, Nigeria, Malaysia, Romania, Yemen, Russian Federation, Turkey, Mexico, China, Brazil, Myanmar, Palestinian Territory, and Mongolia.

From the extensive list of countries showing no rhyme or reason for the locations, Ramnit’s operators have no desire to focus in on a specific target location. However, it may be prudent to mention that attackers behind sophisticated botnets like Ramnit may exploit systems that prove to be more vulnerable than others, which could lead them down a path to virtually any location in the world.

Popularity: 15%

Comments (0)

Tags: , , , , ,

DDoS Attacks on Rivals of Facebook & WhatsApp

Posted on 30 September 2014 by SlimboCA

In the last weekend of September two of the technology companies, believed to be more secure alternatives of the giants Facebook and WhatsApp, fell victims of severe DDoS attacks. Recently Telegram and Ello were pronounced to be the latest rivals of the social media company Facebook and the recently acquired WhatsApp app for instant messaging.

The Nature of Ello

Ello is a social network with anti-Facebook nature, which is an ad-free platform that accepts new members only if they have an invitation. The new network does not sell data to third parties. The data that is collected by the new social network is aggregated and anonymous, which makes it useless to Google and the companies’ advertising purposes.

The Nature of Telegram

Telegram is an application for instant messaging, which is based in Russia and is famous for its privacy. The users consider it a great alternative to the WhatsApp platform. Telegram is based on a custom MTProto encryption protocol and applies end-to-end encryption for the secret chats. Telegram became even more popular after Facebook acquired WhatsApp since the company has been strongly criticized for lack of data privacy.
Telegram application is available for Google Android and Apple’s iOS.

DDoS Attack

Both Ello and Telegram were hit by independent distributed denial of service on the last weekend of September. The DDoS attack against Telegram lasted for two days. During the attack, the service was normal in most of the countries, though in some places people lost connections and were not able to send outgoing messages. The user data had not been compromised despite the attack.

There were speculations by some of the social media users that the DDoS attacks and the disruption of service might be associated with the situation in China, since these attacks coincided with the reports that the government of China has hacked WhatsApp as it believed that activists are exchanging messages through that application.

On the same day, Ello also reported that it underwent a DDoS attack that lasted for 45 minutes. The situation was fixed when Ello blocked the IP addresses that were associated with the attack.

The Security Experts

The security expert Martin McKeay from Akamai Technologies stated in front of the SCMagazineUK.com that both Telegram and Ello are targets for two main reasons: they have limited security support and they are growing in popularity. These two reasons make Telegram and Ello the perfect targets for the DDoS attacks.

The security professionals further pointed the fact that the popularity of the communication channel Ello increased overnight, and that brought negative attention as well. The experts further say that the volumetric attacks are now becoming the norm, and they advise all organizations that do business on the Internet to be prepared for such attacks.

The cyber criminals find it easy to carry out DDoS attacks up to 100Gbps, 200Gbps, 300Gbps. That is why the companies have to be active in defending their data from the malicious attacks using mitigation and real-time detection.

Popularity: 32%

Comments (0)

Tags: ,

Viator Data Breach Аffects 1.4 Million Customers

Posted on 25 September 2014 by SlimboCA

The credit card details of 880 000 customers plus the email addresses and passwords of 560 000 customers may have been compromised.

Viator, a travel website that was recently purchased by TripAdvisor for $200million, reported a data breach that may have compromised customer payment card and contact information, alongside with encrypted passwords.

On September 2nd, the payment card service provider of Viator has notified the company about unauthorized changes on a few of their customer’s credit cards. The firm has immediately informed law enforcement about the issue and hired forensic experts to investigate the incident.

The encrypted credit or debit card numbers, names, billing addresses and email addresses of ca 880,000 customers may have been compromised. The “nicknames” of some of those Viator customers may have also been exposed.

The “nicknames” of additional 560,000 customers, alongside their email addresses and passwords, may also have been compromised.

All of the customers have been advised to examine their credit card statements closely and inform the authorities for fraudulent activity. They have also been offered a free membership in Experian’s Protect MyID Alert service for a one-year-period.

All users are recommended to change their passwords at Viator. They are urged to do the same on any other webpages where they have the same login credentials.

The company informs that the following steps have been taken in response to the breach:

  • Viator applies additional security measures for their customers’ protection.
  • Investigating the issue with the assistance of leading forensics and security experts and law enforcement.
  • Improving their intrusion detection systems and security tools.

Eliminating the need to store credit and debit card details in their system.

Reportedly, shortly after the news about the breach, the stocks of TripAdvisor have dropped by 4 percent.

Popularity: 6%

Comments (0)

Tags: , ,

Black Energy’s New Targets – Ukraine, Poland, Brussels

Posted on 24 September 2014 by SlimboCA

Current malware campaigns in Ukraine, Brussels and Poland are most likely to target information, not cash.

BlackEnergy Strikes Again in a New Manner

The security firm ESET discovered a newer version of the BlackEnergy malware that has been targeting over a hundred industry and security organizations in the Ukraine and Poland currently. BlackEnergy has been known to the public since the cyber-attack on Georgia in 2008. So far BalckEnergy was used for DDoS attacks, distribution of spam messages and bank frauds.

According to a report of the ESET research team, the botnet-based malware has a new strategy, targeting private companies and state organizations in various industries. There have been numerous attacks throughout 2014, and they are still active this month.

Reportedly, the “lite” BlackEnergy version has over a hundert victims so far. These are mainly companies and organizations in the Ukraine and Poland.

In the meantime, another security company, F-Secure, discovered a recent BlackEnergy campaign active in Brussels. The security specialists believe this may be a sign of a breach in the European Commission or the European Parliament.

F-Secure also revealed another Russian malware campaign, CosmicDuke, which uses a fake document concerning the news about the current vote of independence in Scotland in order to lure the victim into opening it and thus introduce the threat into the system. The attacked targets companies in the oil sector, mainly situated in the UK.

BlackEnergy Lite – What’s Different?

The security experts at ESET call the newer version of BlackEnergy “lite” for a few reasons:

  • The latest BlackEnergy is cheaper.
  • The malware does not use a kernel mode driver anymore.
  • BlackEnergy does not have a rootkit functionality, that was used as a cover for the malware in the previous versions.

Although the newer version might appear a bit stripped-down, it is still able to damage the systems of numerous organizations, taking advantage of various software vulnerabilities, or by using phishing emails and fake documents to attack the victims.

The lack of kernel mode driver is a quite common tendency among malware creators lately. It may be because of technical difficulties that developers face or just because it is a big investment to create a malware like this.

The cyber crooks behind BlackEnergy Lite use it for:

  • Remote code execution.
  • Collecting data.
  • Network discovery.

The distribution mechanism of the attacks is quite interesting as well. A document named “Russian ambassadors to conquer the world” was used in one of the attacks in April. The decoy file exploited a vulnerability in Microsoft World (CVE-2014-1761). In other cases, the dropper is an EXE file hiding behind the Word icon.

Reportedly, in the attacks from the last two months the crooks used PowerPoint documents and unclear Java vulnerabilities.

The Experts’ Opinion

Security experts observe a growth in Russian malware campaigns. They believe that hackers, who were previously interested in credit card theft, are now targeting trade secrets.

Compared to CosmicDuke, the attacks of BlackEnergy may appear a bit more patriotically driven, than cash oriented. Some specialists believe that the campaigns may not even be started by Russian nation-state cyber criminals.

BlackEnergy Lite’s lack of concealment features is not something to hold it back, the experts say. Apparently, Lite has been reduced to the needed functionality.

Compared to its previous version, the malware is now easier to detect, but mainly in the lab environment. The technology used by most organizations is quite static, as they still maintain a firewall. This makes their battle against BlackEnergy even harder.

More information concerning the newer version of BlackEnergy is expected to be released by the experts of the both security companies.

Popularity: 23%

Comments (0)

Tags: , ,

BlackEnergy – Simple to Control and Hard to Detect

Posted on 16 July 2014 by SlimboCA

BlackEnergy is a web-based DDoS (distributed denial of service) bot, which was created in the mid-90′s by Russian hackers. BlackEnergy provides the attackers with an easily controlled web-based bot that can target more than one IP address per hostname and due to the runtime encrypter, the author has used, BlackEnergy botnet can prevent antivirus detection.

BalckEnergy provides a tool for hackers to create floods to different systems and servers, causing them to overload and deny service. Black Energy can accomplish those attacks from multiple systems at a time, attacking various IP addresses, which makes the attacks quite severe.

From the time, the BlackEnergy was initially launched until 2008 no significant changes in its way of work have been detected. 2008 new major update, known as Black Energy 2, has emerged. BlackEnergy is also knows as Backdoor.Win32.Blakken. Till then, the modulations mostly included different rootkits, so that various weak points in the operating systems can be exploited. Diverse droppers and Trojans were used to disperse BlackEnergy.

The most recent version of BlackEnergy has been transferred by a zip-file, claiming to contain a list of unsafe passwords. The zip-file itself opens normally, and the user can find an actual list within. Once the list is opened BlackEnergy starts to spread in the system as a background process, while an actual document with passwords acts as a decoy to the unsuspecting user.

BlackEnergy 2 – Step-by-step to Hostile Overtaking

The bot has a few main functions. Each of them is performed by a separate component of the program:

  • to hide the virus from the antimalware-program
  • to infect the system processes
  • to suggest flexible ways for the execution of the malicious activities, that the C&C (Control and Command) center sends

Similar to other threats, BlackEnergy 2 has a protective layer that does not allow the antivirus-products to detect it. As soon as an executable file is activated on the computer, the malicious application allocates virtual memory, copies the decryptor code on it and transfers control to the encryptor.

Once the decryptor code has been executed, it is placed in the memory. After its execution, a decryptor driver is created in the C:\Windows\System32\Drivers folder and a descriptor service is activated. The driver itself works as a cover for most of the interesting processes that follow after.

Inside of the decryptor driver is a block of encrypted data. That data is an infector which will insert a DLL into the svchost.exe.

The DLL inside the svchost.exe is the most important part for launching a DDoS attack from the infected computer. The DLL has a data string that creates an XML file that defines the bot’s original configuration. Among the data is the address of the botnet’s C&C. Sometimes there are more than one addresses added so there is a backup if the initial one cannot be contacted.

The bot then sends a preformed http request to the C&C, which contains details about the infected computer. That would include an identifier of the computer, serial number of the hard drive on which the Windows is installed, country, language strings, etc. If the Command and Contact Center authorizes the request, it replies with a bot configuration file which is an encrypted with RC4 XML document. The encryption itself is created with the computer identifier sent previously by the bot so that only that specific computer can operate with it.

Popularity: 32%

Comments (0)

Tags: ,

New EBay Flaw Could Allow Hackers to Hijack Accounts

Posted on 28 May 2014 by GranTorinoGuy

Many of you who utilize eBay often have probably already taken notice to notifications sent by eBay to change your password due to account information being compromised. Now, after users have adhered to that first issue, another issue arises as an eBay security flaw may allow hackers to hijack accounts.

As you know, a hacker armed with hijacked eBay accounts could do some serious damage on the widely popular auctioning site. A security researcher found a major vulnerability in eBay’s website that has not been fixed.

Ever since the initial data breach of eBay, several security researchers have been examining the network. This second vulnerability is actually a cross-site scripting (XSS) flaw, which allows code from another source to be executed within a website. The flaw could grab cookies from logged-in eBay users and then emailed to a hacker.

The data stored in compromised cookie could relinquish login information to an eBay account allowing a hacker to utilize the account for malicious purposes.

Researchers and those who discovered this latest vulnerability say that it comes down to eBay’s security measures and their ability to notify their users of such a flaw. eBay quickly took measures to defend against the first vulnerability but it seems the second one may be addressed soon as well.

eBay has thanked Jordan Lee Jones, a 19-year-old college student who notified eBay of this second vulnerability and XSS flaw.

Popularity: 4%

Comments (0)

Tags: , , , ,

Symantec Jumps Gun Claiming Antivirus is Dead

Posted on 14 May 2014 by GranTorinoGuy

It is no question that the number of PC sales has taken a dip while consumers seek out other devices such as smartphones, tablets and even convertible tablets that convert into laptops. In knowing this, it is really no surprise that Symantec has claimed that Antivirus is dead in the realm of desktop computing.

Symantec’s vice president Brian Dye said to the WallStreet journal that antivirus “is dead.” As Symantec’s revenue still accounts for about 40% from the Antivirus world, this claim raised a lot of eyebrows, and rightfully so. Dye told the WSJ that the company doesn’t consider AV to be “a moneymaker in any way.”

As a support to Symantec’s claim, Bogdan Dumitru, Chief Technology Officer at Bitdefender said, “Relying solely on antivirus is a dead end-and it has been for at least 8 years now.” Those are mighty strong words considering, as a refute, PCMag’s securitywatch blog says, “But that’s like saying that aspirin is dead because it’s not the cure for cancer, AIDS, and all of humanity’s other illnesses.”

It is possible that the WSJ article was more of a “what’s old is new again” behind the scenes view. On the other hand, WSJ could completely be leading every on about the fear of AV being dead as claimed by Symantec, who was thought to be one of the leaders of the AV solutions world.

Security analyst and SecurityWatch contributor Fahmida Rashid called Dye’s comments “an anthill made into a molehill.” In fact, she said that the statement is well in line with what Symantec has already been doing. “Symantec hasn’t said ‘install Norton and you are set for life’ in years, so it’s not backtracking to say that we need other types of security. We need behavioral analysis, we need real-time execution in the sandbox, we need layered analysis, and so on.”

The fear that comes out of Symantec’s claim could be a misleading situation where computer users think that they simply do not need Antivirus or Antimalware software, which is just a bad thought altogether. Computer users will thrive off of Symantec’s claim and think that they are invincible in a world and time where identity theft and malware is running rampart. Symantec could be shooting themselves in the foot and at the same time consumers are being misled. That is just a fact of the matter, AV is not dead and thankfully many companies that product trusted AV solutions realize this and do not drink the Symantec cool aide.

Popularity: 20%

Comments (0)