Home Blog Page 9

Chinese Hackers Spy Through WhatsApp and few aps, Indian Army Warns

India Data Spy The Chinese Use All Kinds Of Platform To Penetrate Your Digital World.Whats app groups are a new way of hacking into your system Chinese number +86 barge into your groups and start extracting all the data.Start Checking your Groups and do regular audits

all contacts in the groups should be saved by name.scrutinise unknown numbers constantly .if you change your mobile inform group admin to save your mobile no.

Destroy The SIM card if you change the number and delete the whatsapp on that number! Be alert be safe

Once again, Another Spy announces Indian intelligence agencies, along with the Indian Army, a list of Chinese apps that have been marked dangerous as they reportedly are either Chinese spyware of some other malicious ware.

According to the report, there are as many as  55 iOS/Android apps made by Chinese developers or have Chinese links which carry the potential of carrying out cyber-attacks against the country as they are said to be sending the user’s data back to the servers in China.

Here is the list of 25 Chinese apps which the agencies believe are Chinese spyware.

  1. Weibo
  2. WeChat
  3. SHAREit
  4. UC News
  5. BeautyPlus
  6. NewsDog
  7. Parallel Space
  8. APUS Browser
  9. Perfect Corp
  10. Virus Cleaner (Hi Security Lab)
  11. Mi Community
  12. DU recorder
  13. Vault-Hide
  14. YouCam Makeup
  15. Mi Store
  16. CacheClear DU apps studio
  17. DU Cleaner
  18. 360 Security
  19. DU Browser
  20. Clean Master – Cheetah Mobile
  21. Baidu Map
  22. Wonder Camera
  23. ES File Explorer
  24. Photo Wonder
  25. QQ Launcher
Be alert, be cautious, stay safe. Indian Social Media encourages fair and systematic account. Hacking is on the horizon, for those who are inattentive. Always check your social media. Be careful about personal and group accounts, stay safe.

Read Also:- Memcached Servers reflection ddos attack

 

Ex-Hacker Adrian Lamo dies aged 37

adrian-lamoHacker Adrian Lamo has died at age 37, according to ZDNet and a Facebook post from his father. The circumstances of Lamo’s death are unknown, but a coroner in Sedgwick County, Kansas, reportedly confirmed the news.

Lamo was born in Boston, Massachusetts in 1981. In the mid-1990s, he volunteered for PlanetOut, a public media company that catered to the LGBTQ community. In 1998, he was appointed to the Lesbian, Gay, Bisexual, Transgender, Queer, and Questioning Youth Task Force by the San Francisco Board of Supervisors.

Lamo first gained notoriety online in the early 2000s for hacking companies like Yahoo! and AOL, as well as The New York Times. In 2004, after accepting a plea bargain, Lamo was sentenced for hacking the newspaper, where he had added his name to an internal list of op-ed writers and racked up $300,000 in charges using the organization’s subscription to Lexis-Nexis, a pay-per-use search tool.

Adrian was given the appellation “Homeless Hacker” by the media because once when he was unemployed he wandered the country by Greyhound bus and hacked corporations from inside abandoned buildings.

He spent almost six months in home detention and studied journalism before becoming a threat analyst.

When former US Army intelligence analyst Chelsea Manning (then Bradley Manning) read about his hacking profile in Wired magazine, Manning contacted him, and the pair started exchanging messages online.

Manning found Adrian a “kindred spirit” and told him about his role as an informer for WikiLeaks and how he leaked the most controversial combat video footage of a helicopter shooting unarmed Iraqi civilians and 260,000 classified diplomatic cables to the whistleblowing website.

However, Adrian then decided to report him and informed the US military of the breach. In an interview with the Guardian in 2013, Adrian defended his decision to turn Chelsea over to the FBI and said:

"There were no right choices that day, only less wrong ones. It was cold, it was needful, and it was no one's to make except mine. I couldn't just do anything, knowing lives were in danger, it's classified information, and when you play Russian roulette, how do you know there's not a bullet in the next chamber?"

"Choosing to interdict a man's freedom knowing it could mean his life, is something that's easy to judge but can only really be understood by living it."

Manning was arrested in May 2010 and sentenced to 35 years in prison for leaking classified documents, though her sentence was later reduced by President Barack Obama, and she was set free last year.

HotSpot Shield, ZenMate&PureVPN leaking users real IP addresses

popular VPN services have been found to leak private user real IP detailsAccording to VPN Mentor, Three popular VPN services have been found to leak private user real IP details, which if exploited could be used to identify users.

The report, published Tuesday, reveals several vulnerabilities in Hotspot ShieldZenmate, and PureVPN all of which promise their users to provide privacy.

Virtual Private Network (VPN)  it difficult for others to identify users and eavesdrop on their browsing habits. VPNs are Most popular in parts of the world where internet access is restricted or censored. Often, the traffic is encrypted so that internet providers, and even the VPN services themselves, have no access.

The researchers also reported similar IP leaking bugs to Zenmate and PureVPN. A PureVPN spokesperson said in an email that the company had fixed the bugs a week earlier. The report was authored by three researchers — Paulos Yibelo, who also found a similar information leak in Hotspot Shield last month; another pseudonymous researcher goes by the handle File Descriptor and the third who wants to keep their identity private.

What Is a VPN?

The purpose of using a VPN depends on the situation but mostly people opt-in for VPNs to fight online censorship by accessing websites that are blocked by their ISPs while some chose to use VPN for anonymity and better privacy.You can be under government surveillance or malicious organizations, hackers can track your IP address and identify your ISP or on a business level, it can allow attackers to carry distributed denial-of-service (DDoS) attacks.

Uses for VPNs.

  • Access a Business Network While Travelling: VPNs are frequently used by business travellers to access their business’ network, including all its local network resources, while on the road. The local resources don’t have to be exposed directly to the Internet, which increases security.
  • Access Your Home Network While Travelling: You can also set up your own VPN to access your own network while travelling. This will allow you to access a Windows Remote Desktop over the Internet, use local file shares, and play games over the Internet as if you were on the same LAN (local area network)
  • Bypass Internet Censorship: Many Chinese people use VPNs to get around the Great Firewall of China and gain access to the entire Internet. (However, the Great Firewall has apparently started interfering with VPNs recently.)
    • Downloading Files: Yes, let’s be honest – many people use VPN connections to download files via BitTorrent. This can actually be useful even if you’re downloading completely legal torrents – if your ISP is throttling BitTorrent and making it extremely slow, you can use BitTorrent on a VPN to get faster speeds. The same is true for other types of traffic your ISP might interfere with (unless they interfere with VPN traffic itself.)

Hackers Exposed Vulnerabilities In 3 Top VPN Vendors

popular VPN services have been found to leak private user real IP details

In keeping with VPN Mentor’s blog post, in an effort to discover vulnerabilities in HotSpot Defend, PureVPN, and Zenmate VPN Mentor employed three moral hackers who after testing concluded all three VPN have been leaking IP deal with of the consumer, even when a VPN is in use posing an enormous privateness menace.

Out of three hackers, one has determined to maintain their identity hidden whereas one going by the net deal with of File Descriptor whereas the opposite Paulos Yi below. Right here it has to be famous that the vulnerabilities exist within the Chrome browser plugins for all three VPNs and never within the desktop or smartphone apps

 

New Attacks Vulnerable to AMD’s Ryzen Chips

Attacks Vulnerable to AMD's Ryzen ChipsA new report published by Tel Aviv based security company CTS-Labs alleges discovering 13 fatal security flaws in AMD’s new lineup of Ryzen and EPYC processors. The report claims these 13 security vulnerabilities fall under four distinct classes which the company has dubbed Ryzenfall, Masterkey, Fallout, and Chimera.

CTS has classified the vulnerabilities, which it found over the course of a six-month investigation, into four categories they’re calling Ryzenfall, Masterkey, Fallout, and Chimera. Full details on each vulnerability can be found in CTS’ 20-page whitepaper. Fortunately, specific technical details that could be used to exploit the vulnerabilities have been omitted. It’s also worth noting that AMD has been made aware of the issues, as have “select security companies” that could help mitigate the fallout and US regulators.Attacks Vulnerable to AMD's Ryzen Chips

RYZENFALL (v1, v2, v3, v4) AMD Vulnerabilities

According to researchers, RYZENFALL vulnerabilities allow unauthorized code execution on the Ryzen Secure Processor, eventually letting attackers access protected memory regions, inject malware into the processor itself, and disable SMM protections against unauthorized BIOS reflashing.

Attacks Vulnerable to AMD's Ryzen Chips

Attackers could also use RYZENFALL to bypass Windows Credential Guard and steal network credentials, and then use the stolen data to spread across to other computers within that network (even highly secure Windows corporate networks).

RYZENFALL can also be combined with another issue called MASTERKEY (detailed below) to install persistent malware on the Secure Processor, “exposing customers to the risk of covert and long-term industrial espionage.”

Masterkey

Masterkey is a set of three vulnerabilities that collectively allow malicious actors to install malware inside the secure processor. From here, the researchers say malware could bypass secure boot and inject code directly into a computer’s BIOS or operating system and disable firmware-based security features within the secure processor like Secure Encrypted Virtualization (SEV) or Firmware Trusted Platform Module (fTPM).

Because most EPYC and Ryzen motherboards on the market use a BIOS from American Megatrends that allows

reflashing from within the OS using a command-line utility, CTS says Masterkey can often be exploited remotely.

Run ‘Kali Linux’ naively obtainable on Home windows 10

 

Run Kali Linux on Windows 10

 

Run Kali Linux on Windows 10 .Now you possibly can obtain and set up Kali Linux instantly from the Microsoft App Retailer on Home windows 10 similar to every other software.

I do know it sounds loopy, however it’s true!

Kali Linux, a highly regarded, free, and open-source Linux-based working system broadly used for hacking and penetration testing, Run Kali Linux on Windows 10  with out requiring twin boot or virtualization

Kali Linux is the newest Linux server to be made by obtainable on the Home windows App Retailer for one-click set up, becoming a member of the checklist of different widespread distribution equivalent to Ubuntu, Open SUSE and SUSE Enterprise Linux.

In Home windows 10, Microsoft has offered a function known as “Home windows Subsystem for Linux” (WSL) that enables customers to run Linux functions instantly on Home windows.

“For the previous few weeks, we have been working with the Microsoft WSL staff to get Kali Linux launched into the Microsoft App Retailer as an official WSL distribution, and right now we’re comfortable to announce the supply of the ‘Kali Linux’ Home windows software,” Kali Linux mentioned whereas saying the information.

Run Kali Linux on Windows 10

Run Kali Linux on Windows 10

If that is your first time utilizing Home windows Subsystem for Linux (WSL), it’s good to allow this elective Home windows function earlier than getting the Kali Linux app.

Comply with this easy step to enable WSL

  • Navigate to Control Panel and go to “Apps and features”
  • Select “Programs and Features” from the right panel
  • Click the “Turn Windows features on or off” from the left menu
  • Select the “Windows Subsystem for Linux” and save it
  • Reboot your system

You’ll be able to even do the identical by opening PowerShell as Administrator and working the next command and restart your pc.

Run Kali Linux on Windows 10

Allow-WindowsOptionalFeature -On-line -FeatureName Microsoft-Home windows-Subsystem-Linux

Now seek for Kali Linux on Home windows Retailer, obtain it with only a single click on. When you launch the applying, it robotically completes Kali set up and can open the console window.

That is it! You may as well test Kali Linux documentation for extra info.

If you’re concerned with enabling Kali’s desktop setting, this is a video demonstration exhibiting how one can set up xfce4 and xrdp to attach Kali Linux over Distant Desktop.

This announcement is very thrilling for safety professionals and penetration testers who’ve restricted toolsets resulting from enterprise compliance requirements.

Kali Linux on Home windows doesn’t include any hacking or penetration testing instruments pre-installed, however you possibly can simply set up them later.

Home windows defender can set off false-positive warning for hacking instruments and exploits, however you needn’t fear about it.

Microsoft is following its dedication to the open supply neighborhood. In 2013, the corporate launched Visible Studio, and a 12 months later, it open-sourced .NET. In 2015, Microsoft open-sourced the Visible Studio Code Editor, as properly.

Github Survived The Biggest DDOS Attack Ever recorded

Github Survived The Biggest DDOS Attack Ever recordedGithub Survived The Biggest DDOS Attack Ever recordedGithub Survived The Biggest DDOS Attack Ever recorded

GitHub’s code hosting website traffic  hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps.

Most Interestingly of the ddost attack , attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.

Earlier this week our member report and publish  detailing how attackers could abuse Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attackthan its original strength

Dubbed Memcrashed, the amplification DDoS assault works by sending a cast request to the focused Memcrashed server on port 11211 utilizing a spoofed IP handle that matches the sufferer‘s IP.

Just a few bytes of the request despatched to the susceptible server set off tens of hundreds of occasions larger response towards the focused IP handle.

Vice president of web security at Akamai says

“So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope.”

engineering weblog, Github says

In a publish on its engineering weblog, Github said, “The assault originated from over a thousand completely different autonomous programs (ASNs) throughout tens of 1000’s of distinctive endpoints. It was an amplification assault utilizing the memcached-based method described above that peaked at 1.35Tbps through 126.9 million packets per second.”
GitHub continued routing its visitors by Prolexic for just a few hours to make sure that the scenario was resolved. Akamai’s Shaul says he suspects that attackers focused GitHub just because it’s a high-profile service that will be spectacular to take down. The attackers additionally could have been hoping to extract a ransom. “The period of this assault was pretty quick,” he says. “I feel it didn’t have any affect so they only mentioned that’s not price our time anymore.”
Till memcached servers get off the general public web, although, it appears possible that attackers will give a DDoS of this scale one other shot.

bpj website hacked by Pak Cyber Thunders

bpj-mla-website-hacked
photo By Facebook Page

bpj website hacked by Pak Cyber Thunders :

Senior BJP MLA Kishan Reddy complaint with Director General of Police M Mahendar Reddy by claiming that his website was hacked by unknown persons, who uploaded content related to Pakistan. In a letter Kishan Reddy said that from last 10 years he has a website www.kishanreddy.com and when his employee opened the website, to upload some content in the news column, it was found that Pak Monster and other content were posted. Realising that the website was hacked, the MLA approached DGP.

Kishan suspect the role of Pakistan or its agents or anti-national behind the hacking. The MLC claimed that it was the second time in the last six months, the website was hacked. Police are yet to register the case and the matter was referred to cyber crime police of Hyderabad commissionerate.

bpj-mla-website-hacked

Memcached Servers reflection ddos attack

memcached amplify ddos attacks
memcached amplify ddos attacks

 

 Memcached Servers reflection ddos attack

Hackers have found a way to amplify distributed denial-of-service attacks by an unprecedented 51,000 times their original strength in a development that white hats say could lead to new record-setting assaults that take out websites and Internet infrastructure.These type of DDoS attacks are possible because of the unsecured way Memcache developers have implemented support for the UDP protocol in their product.

Furthermore, to make matters worse, Memcache servers also expose their UDP port to external connections in the default configuration, meaning any Memcache server, not behind a firewall can be abused for DDoS attacks right now.memcached amplify ddos attacks

How To Memcrashed DDoS Amplification Works?

Attackers are apparently abusing unprotected memcached servers that have UDP enabled. Similar to other amplification methods, the attacker sends a request to the targeted server on port 11211 using a spoofed IP address that matches the IP of the victim. The request sent to the server is just a few bytes, but the response can be tens of thousands of times bigger, resulting in a significant attack.

memcached amplify ddos attacks

The largest memcached DDoS attack observed by Cloudflare peaked at 260 Gbps, but Arbor Networks reported seeing attacks that peaked at 500 Gbps and even more.

Cloudflare Say’s about Memcrashed DDoS

“I was surprised to learn that memcached does UDP, but there you go!” said CloudFlare’s Marek Majkowski. “The protocol specification shows that it’s one of the best protocols to use for amplification ever! There are absolutely zero checks, and the data WILL be delivered to the client, with blazing speed! Furthermore, the request can be tiny and the response huge (up to 1MB).”

Arbor Networks noted that the Memcached priming queries used in these attacks could also be directed towards TCP port 11211 on abusable Memcached servers.

How to protect Memcached  DDoS Servers?

The system administrators of Memcached servers can protect them in one of the following ways:

memcached amplify ddos attacks

  • Update the configuration of the server to listen only on 127.0.0.1 (localhost), if the memcached server is used only locally and there are no external connections to the server. You can do this with the option –listen 127.0.0.1
  • Disable UDP support, if you are not using it. You can do this with the option -U 0
  • Add firewall for UDP port 11211, if you need both external connections and UDP support, make sure the server is accessible only by the IPs you need

Have a question? Ask us in the comments.

Tesla’s Amazon Account Hacked To Mine Cryptocurrency

tesla-cloud-server-to-mine-cryptocurrency-1A hackers group broke into a Tesla-admin Amazon cloud account and used it to cryptocurrency mining, The breach also exposed established data for the electric carmaker.

On Tuesday 20 Feb 2018, cloud security firm RedLock published the firm’s 2018 Cloud Security Trends report which documents the process of an unprotected Kubernetes console referring to automaker Tesla. while according to Sucuri researchers an article on Wikipedia was edited and inserted with a third party link which was compromised to mine cryptocurrency.

Tesla’s AWS Account Hacked To Cryptocurrency Mine

Tesla’s AWS security also contained sensitive data including vehicle telemetry, which was flashed due to the unsecured credentials theft.

The unknown hackers also operated a number of systems to bypass detection. Fairly applying heavy mining pools in their system, for example, the threat instead installed mining pool software and instructed the mining script to connect to an unlisted endpoint.

tesla-cloud-server-to-mine-cryptocurrency

Crypto mining script running in Tesla’s( Image credit:Redlock)

According to the security administrator, this method makes it more difficult for a domain and IP-based threat detection systems to detect such activity.

RedLock releasee a report  in a Monday that it expects 55% of organizations that use public cloud services, such as AWS, Microsoft Azure, or Google Cloud, have exposed to the public “one cloud storage service.” Eight percent have had cryptojacking incidents, according to RedLock.

Uber recently got into hot water with regulators for failing to promptly report a breach that exposed data for 57 million account holders. The hackers reportedly gained access to the data after acquiring keys to the ride-hailing firm’s Amazon cloud accounts, which Uber developers were said to have left open on the code-sharing website Github.

This post was updated to include a statement from Tesla and to correct a typo in the sum of its bounty award.

“The message from this research is loud and clear-the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities,” said Gaurav Kumar, CTO of RedLock. “Security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough.”

Update 15.46 GMT: A Tesla spokesperson told ZDNet:

“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

 

Lazarus Group is back again , now Attacks Banks, Bitcoin Users in New Campaign

Lazarus GroupThe Lazarus Group has been created backward a new  WannaCry ransomware dubbed HaoBao targeting banks and Bitcoin users via spear phishing lures that deliver a new cryptocurrency scanner that hunts for Bitcoin wallets.

Know About The Lazarus Group

Lazerus group also know  HIDDEN COBRA   is a  cybercrime group made up of an unknown number of individuals.he group first came in the news back in 2009 and 2012 by targeting South Korean government institution with large-scale  (DDoS) distributed denial-of-service attack.

However, Kaspersky also declared that the reproduction of the code could be a “false flag” meant to mislead researchers and pin the attack on North Korea, given that the worldwide WannaCry worm cyber attack copied techniques from the NSA as well.

This ransomware leverages an NSA exploit known as EternalBlue that a hacker group known as Shadow Brokers made public in April 2017.  Symantec reported in 2017 that it was “highly likely” that Lazarus groups were behind the WannaCry attack.

Ber Alert Of Phishing Scams on Lazarus Group 

Lazarus Group is out there for the money and its targets include large-scale banking monsters to unsuspecting cryptocurrency investors looking to make money the right way and you can be one of their very next victims so be careful when you transition your crypto wallet.

Recently, Federal Bureau of Investigation (FBI)alert users that cybercriminals have been posing as officials from Internet Crime Complaint Center and sending emails to users about the crime they did not commit since the sole purpose of it is to infect their computers with malware to remove data.

Cryptocurrency attacks
in 2018 Recorded Future issued a report linking the Lazarus Group to attacks on cryptocurrency Bitcoin and Monero users frequently in South Korea. These attacks were reported to be technically similar to early attacks using the WannaCry ransomware and the attacks on Sony PicturesOne of the tactics used by Lazarus groups hackers was to exploit vulnerabilities in Hanscom’s Hangul, a South Korean word processing software.

Image Credit goes to- Kaspersky Lab

Popular News