Category Archives: TechNews

GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.

Current FinFisher surveillance attacks: Are internet providers involved?

Current FinFisher surveillance attacks: Are internet providers involved?

Current FinFisher surveillance attacks: Are internet providers involved?



Security has found that legitimate downloads of several favorite applications/Software including WhatsApp, Skype, VLC Player and WinRAR have reportedly been compromised at the ISP level to share the infamous FinFisher spyware also known as FinSpy.

FinSpy is a highly unknown inspection tool that has previously been connected with British company Gamma Group, a company that professionally sells surveillance and spying software to government agencies over in the world.

Digital surveillance tools are sold by a global firm called Gamma Group and have in the past been sold to oppressive regimes including Bahrain, Egypt and the United Arab Emirates (UAE).
 And In March this year, the company served a security discussion sponsored by the UK Home Office.
This Month (21 September 2017), specialists from cybersecurity firm Eset required that new FinFisher variants had been discovered in seven countries, two of which were being targeted by “man in the middle” (MitM) attacks at an ISP level – packaging genuine downloads with spyware.
Organizations being hit included (WhatsApp, Skype, Avast, VLC Player and WinRAR) it said, attaching that “virtually any application could be misused in this way.”
During a sufferer of the inspection was downloading the software, they would be silently redirected to a version infected with FinFisher, the research found.
During download, the software would install as regular – but Eset found it would also be covertly bundled with the surveillance tool.
The secret virus process was reported as being “invisible to the naked eye.”
And A Microsoft spokesperson, referencing the assumed Skype infections, told IBTimes UK: “We’re aware of the vendor blog and are evaluating claims.” or Avast spokesperson said: “Attackers will always focus on the most prominent targets. Wrapping approved installers of legal apps with malware is not a new concept and we aren’t surprised to see the PC apps mentioned in this report. “What’s new is that this seems to be happening at a higher level. “We don’t know if the ISPs are in cooperation with the malware distributors or whether the ISPs‘ infrastructure has been hijacked.”
Current FinFisher surveillance attacks: Are internet providers involved?
The newest version of FinFisher was spotted with new customised code which kept it from being discovered, what Eset described as “tactical improvements.” Some tricks, it added, were aimed at compromising end-to-end (E2E) encryption software and known privacy tools. One such application was Threema, a secure messaging service. “The geographical dispersion of Eset’s detections of FinFisher variants suggests the MitM attack is happening at a higher level – an ISP arises as the most probable option,” the team said. 
“One of the main implications of the discovery is that they decided to use the most effective infection method and that it actually isn’t hard to implement from a technical perspective,” FilipKafka, a malware researcher at Eset, told IBTimes UK. “Since we see have seen more infections than in the past surveillance campaigns, it seems that FinFisher is now more widely utilized in the monitoring of citizens in the affected countries.”

Here’s How the Attack Works:


During the destination users search for one of the affected applications on legitimate websites and click on its download link, their browser is served a modified URL, which redirects victims to a trojanized installation package hosted on the attacker’s server.



The issues in the installation of a version of the intended legitimate application bundled with the surveillance tool.

“The redirection is achieved by the legitimate download link being replaced by a malicious one,” the researchers say. “The malicious link is delivered to the user’s browser via an HTTP 307 Temporary Redirect status response code indicating that the requested content has been temporarily moved to a new URL.”

And the intact redirection rule, according to researchers, is “invisible to the naked eye” and occurs without user’s knowledge.

Current FinFisher surveillance attacks: Are internet providers involved?


FinFisher Appropriating a Whole Lot of New Tricks


That extra tricks employed by the latest version of FinFisher kept it from being spotted by the researchers.

Maybe Some researchers also note that the advanced version of FinFisher received several technological improvements in terms of stealthiness, including the use of custom code virtualization to protect the majority of its parts like the kernel-mode driver.

It additionally presents control of anti-disassembly tricks, and numerous anti-sandboxing, anti-debugging, anti-virtualization and anti-emulation tricks, aiming at compromising end-to-end encryption software and known privacy tools.

 then guarded messaging application, called Threema, was discovered by the researchers while they were analyzing the recent campaigns.

“FinFisher spyware masqueraded as an executable file named “Threema.” Such a file could be used to target privacy-concerned users, as the legitimate Threema application provides secure instant messaging with end-to-end encryption,” the researchers say. 

“Ironically, getting tricked into downloading and running the infected file would result in the privacy-seeking user being spied upon.” 

Gamma Group has not yet replied to the ESET report.

Hackers used Avast’s c to attack technology companies :Cisco

.CCleaner Command and Control Causes Concern.

Cisco’s Talos security limb Talos has penetrated the malware-laden CCleaner use that Avast so kindly gave to the world and has achieved its purpose was to produce short attacks that attempted to insert top technology organizations. Talos also thinks the malware may have superseded in carrying a payload to targeted organizations.
Hackers broke into publicly used network utility software in August also tried to infect organizations at Microsoft, Intel, and other top technology organizations, according to an analysis by Cisco Systems published late on Wednesday.
Hackers used Avast's c to attack technology companies :Cisco
That implies the crime, uncovered on Monday, was far more serious than originally described by Piriform, maker of the infected CCleaner utility and now a part of Prague-based Avast Software.
Piriform and more newly Avast said in blog posts this week that no harm had been detected, although more than 2 million people had installed tainted versions of CCleaner.
Still, though the translations allotted for antique information with websites guided by the hackers, Avast said the alarm was unwarranted because the company cooperated with researchers and law pressure and took handle of the command sites early on.
Hackers used Avast's c to attack technology companies :Cisco
 Researchers at Cisco, one of the organizations that had warned Avast of the attack, said Wednesday that a switch server caught by US law requirement showed that the hackers had placed further hateful software on a selected assortment of at least 20 devices.
Hackers used Avast's c to attack technology companies :Cisco
 unclear which organizations housed these networks, but the data showed that the hackers had gone after systems at major technology companies. The list included Samsung, Sony, Akamai and Cisco itself.
Truly like the bad guys cast a net and took all the fish, but only wanted to infect the devices that were most interesting,” said researcher Craig Williams of Cisco’s Talos unit.
The hacker could possess working the space given by CCleaner investments to steal technology secrets from those companies, Williams said.
Also troubling, they could have been looking to get the hateful code inside those companies’ products, which are used by high-value targets in government and business around the world.
But Avast Chief Technology Officer Ondrej Vlcek confirmed that “a very small minority of the endpoints” had received subsequent infections. He said the company had been contacting affected firms quietly.
“We effect believe in working public with any of this stuff while the research is still continuing,” he said. “We know that this is also the preference of the law enforcement personnel.”
Hackers used Avast's c to attack technology companies :Cisco
Defense firm Kaspersky Lab, Cisco and others said the attack reused code before seen in hacks connected to Chinese executives. But the code could have been stolen so the CCleaner hackers might not be from that country.
Vlcek said consumer CCleaner users still did not need to restore their networks from reserves.
Our Standards: © Thomson Reuters 2017

APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware

Iran’s hackers exposed: ‘APT33’ group, tied to destructive malware, seeks military secrets

APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware

The Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea.(20 September 2017).
The report by FireEye also says suspected Iranian hackers the left behind a new type of malware that could have been used to destroy the computers infected, and the echo framework of two other Iran-attributed cyberattacks targeting Saudi Arabia in 2012 -2016 that destroyed systems.
Irans office at the United Nations did not immediately answer to a request for judgment Wednesday and its state media did not report on the claims.
However, suspected Iranian hackers have long operated externally caring if people found it was them or if there would be moments, making them incredibly dangerous, said Stuart Davis, a director at one of FireEye‘s subsidiaries.
“Now, without any results, a neighbouring country can compromise and wipe out 20 organizations,” Davis said.

APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware

Figure 3: ALFA TEaM Shell v2-Fake Mail (Default)


FireEye
 relates to the group as APT33, an acronym for “advanced persistent threat”.
“APT33 should be targeted – fording many trades – headquarter in the United States, Saudi Arabia and South Korea,” FireEye said in its report.
The researchers told that the team’s hackers have “shown particular interest in companies in the piloting sector involved in both soldiery and financial capacities, as well as organisations in the energy sector with ties to petrochemical production”.
The report summed: “We assess the targeting of many companies with aviation-related organizations to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia’s service aviation capabilities to enhance Iran’s domestic aviation capabilities.”
Total used phishing email attacks with fictional job possibilities to gain access to the companies affected, feigning domain names to make it look like the information came from defence contractors.
 Hackers maintained inside of the orderliness of those affected for “four to six months” at a time, able to steal data and going behind the malware that FireEye refers to as Shapeshifter.
The coding contains Farsi-language sources, the official language of Iran, FireEye said.
Timestamps in the code also correspond to hackers working from Saturday to Wednesday, the Iranian workweek, Davis said.
Programmes referred in the operations are noted with Iranian coders, servers were registered via Iranian companies and one of the spies appears to have accidentally left his online handle, xman_1365_x“, in part of the computer system.
The title “shows up all over Iranian hacker forums,” FireEye‘s John Hultquist said. “I don’t think they’re worried about being caught. They just fulfil feel like they have to bother.”
One of the email addresses used to register a malicious server belongs to an Ali Mehrabian, who used the same address to create maybe 120 Iranian websites over the past six years.
Not Mehrabian, who listed himself as living in Tehran nor “xman_1365_x” returned emails seeking comment.
Iran developed its cyber-capabilities in 2011 after the Stuxnet computer virus crashed thousands of centrifuges involved in Iran’s contested nuclear program.Stuxnet is generally thought to be an American and Israeli world.
Iran is believed to be behind the spread of Shamoon in 2012, which hit Saudi Arabian Oil Co. and Qatari natural gas producer RasGas.
The infection destroyed hard drives and then displayed a picture of a burning American flag on computer screens. Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.
And The Another another version of Shamoon raced through Saudi government machines in new 2016, this time having the destroyed computers display a photograph of the body of 3-year-old Syrian boy AylanKurdi, who flooded leaving his country’s civil war. Doubt again fell on Iran.
APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware

Photo by: Google

FireEye‘s report said it believed APT33 “is likely in search of strategic intelligence capable of benefiting a government or a military sponsor”.
Long on the list of any potential suspects within Iran would be its paramilitary Revolutionary Guard.
US prosecutors in March 2016 accused hackers associated with Guard-linked groups of beating dozens of banks and a little dam near New York City.
 Maybe Hacker attached to the Guard also have been assumed of targeting the email and social-media accounts of Obama administration officials.

CCleaner Software Hacked with Backdoor; 2 Million Users Infected

CCleaner Software Hacked with Backdoor; 2 Million Users Infected


If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attention—your computer has been compromised.
CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance.
Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.

According to Cisco Talos’ blog post, the download server for CCleaner was compromised with a backdoor on September 11, 2017, and the firm was able to identify the threat on September 13, 2017.

“We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download. During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner’s download server as recently as September 11, 2017,” said Cisco.
“In reviewing the Version History page on the CCleaner download site, it appears that the affected version (5.33) was released on August 15, 2017. On September 12, 2017, version 5.34 was released. The version containing the malicious payload (5.33) was being distributed between these dates. This version was signed using a valid certificate that was issued to Piriform Ltd by Symantec and is valid through 10/10/2018. Piriform was the company that Avast recently acquired and was the original company who developed the CCleaner software application,” Cisco further explained.
The malicious software was programmed to collect a large number of user data, including:

  • Computer name
  • List of installed software, including Windows updates
  • List of all running processes
  • IP and MAC addresses
  • Additional information like whether the process is running with admin privileges and whether it is a 64-bit system.

How to Remove Malware From Your PC


According to the Talos researchers, around 5 million people download CCleaner (or Crap Cleaner) each week, which indicates that more than 20 Million people could have been infected with the malicious version the app.

“The impact of this attack could be severe given the extremely high number of systems possibly affected. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week,” Talos said.

However, Piriform estimated that up to 3 percent of its users (up to 2.27 million people) were affected by the malicious installation.

Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. The latest version is available for download  HERE !!


https://www.piriform.com/ccleaner/download

Loading…

M.Zuckerberg cover his headphone jack with black tape-Know Why?

Reason Why Mark Zuckerberg cover his headphone jack with black tape.

M.Zuckerberg cover his headphone jack with black tape-Know Why?

Mark Zuckerberg, shared a photo to his Facebook account, celebrating the growing user base of Instagram, which is owned by Facebook.
Instagram – A Photo sharing social networking site, is also owned by Zuckerberg, who bought it with a whopping $1 Billion.
This is what Mark shared along with the photo;
More than 500 million people now use Instagram every month — and 300 millionevery day. The Instagram community has more than doubled over the past two years. This is a tribute to Kevin Systrom and Mike Krieger‘s vision, and to people everywhere who have opened a window into their world — from big events to everyday moments. Thanks for making Instagram such a beautiful place.

So, what’s more, interesting about this photo?

An eagle-eyed Twitter user named Chris Olson noticed that in the image’s background, his laptop camera and microphone jack appeared to be covered with tape.

3 things about this photo of Zuck:

M.Zuckerberg cover his headphone jack with black tape-Know Why?

  1. Camera covered with tape
  2. Mic jack covered with tape
  3. Email client is Thunderbird
Mark, himself is a security researcher and an expert; he is aware of all the security threats and measure to be taken to stay away. He is also known for few of his security breach at Harvard student Database.

Reasons behind Taping Camera, Closing USB and Mic Jack ports:

The taped-over camera and microphone jack are usually a signal that someone is concerned, perhaps only vaguely, about hackers’ gaining access to his or her devices by using remote-access trojans — a process called “ratting.” (Remote access is not limited to ratters) You can read more about RAT.
This is a very old practice and an Electronic Frontier Foundation has created webcam stickers that you can order for just five bucks. Almost, all the security researchers are aware of the Webcam hack, know more about Electro-Optical Sigint

Electro-Optical SIGINT:

That 15″ MacBook Pro has a mini TOSLINK optical audio output inside the headphone jack which outputs, when active, light in the 650nm portion of the visible spectrum. That opens up a potential (albeit very, very difficult) opportunity for someone to RAT  his laptop, and either:
A) engage the microphone*
B) tap the incoming audio stream if he’s currently using a USB mic
C) Stream data of any kind to the TOSLINK interface (which operates at a respectable 125Mbit/s.)
then, with some very (VERY) good optics and signal processing, capture that optical stream from afar. Et voilà.
If all that sounds implausible… then check out the very real and far-more-implausible-sounding Van Eck phreaking to see the sorts of things a clever hacker/engineer can pull off with a little bit of signal and enough sensitive gear.
Which is not on the side on this model, it is buried in the hinge well (I have this same laptop, the headphone jack is adjacent to the caps lock key as in the photo). This makes it difficult to stifle, unfortunately, and I wouldn’t be surprised if Zuckerberg has opened his laptop up and electrically disabled the mic.

In one of his leaks, Edward Snowden said the following;

According to The Intercept, the NSA uses a plug-in called GUMFISH to take over cameras on infected machines and snap photos. Another NSA plug-in called CAPTIVATEDAUDIENCE hijacks the microphone on targeted computers to record conversations.
Additionally, there is also a news suspecting that Facebook listens to us through our Microphone and Speakers even when they are not in use by the account holder.
So, if Facebook is doing that, there might be chances of other Social Networking sites doing the same without our permission. Just, as an extra security measure mark has taped the Mic port as well.

Should you also consider this?

We all know that Mark is a high-value target. A recent hacking of his Twitter and LinkedIn accounts shows that he most likely committed two basic privacy faux pas: He may have used the same password across several websites and did not use two-factor authentication.
I would suggest everyone consider this, as no matter how hard you try to keep your system update and use the latest version of software programs, or staying away from suspicious links; hackers will find a way to intrude into your Laptop or PCs somehow. It’s always advisable to take an extra precaution as the chances of getting compromised are very high.
Source: Quora


Apple iPhone X: apple iphone x release date and Features or Much More

Apple iPhone X: Its Features And Much More

Apple iPhone X: apple iphone x release date and Features or Much More
Photo By: iPhone


Apple has surprised its fan by introducing a special edition phone, the all-new iPhone X to celebrate.its 10th anniversary. Considered to be the phone of the future generation, the main feature that steals the show towards it is the Face ID Recognition and the new Super Retina display. Having an Apple
A11 Bionic chip in it, it makes iPhone X one of the best phones for now as this chip works really fast. The unique feature is in iPhone X, Apple has provided a full screen and the iPhone button is removed.

Expected to release in November this year, it is a slim model having IOS 11 and 64/256 GB of internal storage with 3GB Ram and A11 Apple Bionic Processor which is far more than enough for a user or an iPhone lover. Apple iPhone X provides a 12 MP Rear camera and 7 MP front camera which is really satisfying for a photo lover as we everyone know the camera quality of the iPhones.
While having introduced Face ID over Touch Id one big question is its Speed and accuracy, Though Apple has said that the Face ID is more accurate, incredibly fast and precise than the Touch ID, it’s merely hard to accept this until one uses this feature practically.

iPhone X supports wireless charging technology for the first time but it's not new for the smartphone the world as in past wireless charging was a specific feature of phones like Google Nexus, Nokia Lumia 1020 and Microsoft Lumia 950 and 950XL. Yet again the Apple’s facial recognition system may be advanced and more precise, but it's not Apple that has introduced this for the first time as facial recognition was first added by Google in its Android phones a way back in 2011. Facial recognition technology happens also to be one of the keys
the feature of Apple’s Rival Samsung’s Note 8, S8 and S8 Plus According to sources, Apple had been planning to build touch ID in the iPhone X’s Screen but had to abandon the idea very recently, due to manufacturing issues.


Loading…

Price

The iPhone X will be made available in 64GB and 256GB configurations, which will fetch £999 and £1,149 in the UK, respectively. Pricing in the US starts at $999. 

Apple will also make the handset available through its iPhone Upgrade Program, with monthly payments starting at £56.45.


Launching in November this year, it’s been one of the most awaited phones of 2017.

OurMine hacks video hosting service Vevo; leaks 3.12TB data online

OurMine hacks video hosting service Vevo; leaks 3.12TB data online

SELF-STYLED WHITE HAT HACKERS OurMine have hacked music video outfit Vevo and unleashed 3.12TB worth of internal files.

OurMine, which last month claimed Wikileaks as a victim, got in touch with INQ on Thursday to reveal that Vevo – a joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Alphabet Inc – has become the latest fatality of its hacking spree.

The firm has published 3.2TB of internal files from Vevo, but as noted by Gizmodo, the majority of the files seem “pretty mild” and include benign data including weekly music charts, pre-planned social media content, and various details about the artists under the record companies’ management.

Some files were more sensitive, though, such as one which reveals the alarm code for the company’s offices.

OurMine tells us that it leaked Vevo’s files after one of the company’s employees told it to “fuck off”, but added that it will take down the files if Vevo asks it to.

Vevo has confirmed the hack in a statement, saying the company “can confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure.”

As well as Wikileaks, OurMine last month took brief control of some of HBO’s social media accounts, including ones related to the Game of Thrones.

“Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security”, says the tweet that went out across a number accounts.

The hacking outfit has previously exposed the Twitter, and other social media, accounts of Mark Zuckerberg, Google CEO Sundar Pichai, and Buzzfeed.

Loading…

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”


Usually, a bug bounty program helps companies secure their software and products from zero-day vulnerabilities that can cause massive damage if cybercriminals get their hands on them.
In the record, Zerodium command grants a sum of $1 million to the successful member. But will the group share those zero-day flaws with Tor? Well, possibly not since the company’s Tor Bounty page suggests that some individual goal of launching the special bounty for Tor is to “help our government customers fight crime and make the world a better and safer place for all.”
“While Tor system and Tor Browser are fabulous plans that allow authorized users to adjust their privacy and security on each internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse,” states Zerodium.
Though Zerodium, an American erudition security organization, and premium zero-day acquisition policies have launched a Tor Browser Zero-Day Bounty; the purpose of which is to get hackers and contract researchers to find zero-day flaws in Tor browser on Tails Linux and Windows running system and report it to the company.
The premium application is disclosed until November of the aforementioned year but depending on that payout, the arrangements may be stopped before the limit date. Extra powerful practice to keep in mind is that while JavaScript exploits are eligible for submission, a hacker with fully functional zero-day exploit without JavaScript will go home with more money.
Zerodium must be promoting bug premium appointments for the last few years. In August, the partnership started memoranda to hack Messenger apps such as Telegram, WeChat, iMessage, WhatsApp, Signal and Facebook Messenger.
Moreover, the assent opinion analysis need rely on private, private, unknown, and unreported zero-days, and must bypass all exploit reductions applicable to each target category. The initial attack vector must be a web page targeting the latest versions of Tor Browser while The whole exploitation process should be achieved silently, without triggering any message or popup, and without requiring any user interaction except visiting a web page.

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”
The group also invited hackers to find zero-day flaws in iPhone and remotely hack the device and receive $1,500,000 in return. Moreover, platforms like Windows 10, Chrome, Firefox, and WordPress, etc. are also in line for the hackers to try their skills.

“Nonetheless, because the company has insinuated that these exploits will be shared with government it will be important to see the response from privacy advocates since Microsoft a couple of a months before pushed administration companies for not sharing vulnerabilities with manufacturers and piling up codes of software that can be easily stolen by hackers and exploited for their own unscrupulous gain.
Tor network itself launched its first public bug bonus program back in July this year. Naturally, this premium for which is only $4000 since it’s run by a combination of volunteer-operated servers that enables people to improve their privacy and security on the Internet.

Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments



Zerodium—a company that specializes in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system.

Zero-day exploit acquisition platform has also published some rules and payout details on its website, announcing that the payout for Tor exploits with no JavaScript has been kept double than those with JavaScript enabled

It like Tor Browser zero-day achievements are in great need normal now—so many so that someone is willing to pay ONE MILLION dollars.

Tor browser users should take this news an early warning, especially who use Tails OS to protect their privacy.


.The company has also clearly mentioned that the exploit must leverage remote code execution vulnerability, the initial attack vector should be a web page and it should work against the latest version of Tor Browser.


Moreover, the zero-day Tor exploit must work without requiring any user interaction, except for victims to visit a web page.

Another assault vectors so as for express via hateful text is not suitable for this bounty, but ZERODIUM may, at its sole option, make a distinct offer to acquire such exploits.

Zerodium to Sell Tor Browser 0-Days to Law Enforcement Agencies.

The zero-day business has long held a profitable market for private firms that typically offer more payouts for undisclosed vulnerabilities than big technology companies, Zerodium says that it wants to resell the Tor browser exploits to law enforcement agencies to fight crime.

In an FAQ, the company has admitted that it will sell the acquired Tor zero-days to law enforcement agencies, and possibly the commercial malware development companies who sell spyware to governments.

“In many cases, [Tor] used by ugly people to conduct activities such as drug trafficking or child abuse. We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all,” Zerodium said.

Payouts for Tor Browser 0-Day RCE Exploits.


Here is some list of  Zerodium payouts for Tor Browser Exploits:



  • RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) without JavaScript: $250,000
  • RCE (No LPE) for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) without JavaScript: $185,000
  • RCE+LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) with JavaScript: $125,000
  • RCE (No LPE) for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) with JavaScript: $85,000
  • RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) without JavaScript: $200,000
  • RCE (No LPE) for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) without JavaScript: $175,000
  • RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) with JavaScript: $100,000
  • Only RCE (No LPE) for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) with JavaScript: $75,000



Those interested can submit their exploit until November 30th, 2017 at 6:00 pm EDT. This company including that the premium may be canceled ere its close if the total payout to researchers transfers one million U.S. dollars ($1,000,000).  




Google Chrome will warn users of ‘man in the middle’ attack.

Google Chrome will warn users of ‘man in the middle’ attack.
Google Chrome will warn users of ‘man in the middle’ attack.


Looks like Google is finally taking serious measure to secure its most used product the Chrome web browser  And giant have announced that upcoming Chrome 63 browser will be equipped with a new security feature aiming to alert users of ‘man in the middle’ attacks in which an attacker intercepts communication between two systems.

Google Chrome will warn users of ‘man in the middle’ attack.

Coming this year in December, Chrome 63 will send notification after detecting a large number of SSL connection errors implying and the attacker is trying to intercept your system web traffic. The new security measure will also send notifications for malware as well as legitimate applications. That means in case your firewall or anti-virus software fails to detect and notify you or a malware evades anti-virus detection Chrome 63 will have your back.

Behind developing this feature is Sasha Prego who announced the news on Twitter. “Excited to announce my intern project is launching in @Google Chrome M63! New error pages to help users struggling with MITM software,” tweeted Prego‏.

Excited to announce my intern project is launching in @GoogleChrome M63! New error pages to help users struggling with MITM software. ?✨ pic.twitter.com/qItF3T1K1z

— Sasha Perigo (@sashaperigo) September 8, 2017

1 error page, we say a user has “misconfigured” software if they Did not  have the root required for the “ man in the middle” attack  program – 2 We check the error code the certificate validator threw, and check fields on the missing cert to see if it is a man of the middle attack  software – 3 This error page will only be shown to users who were already seeing SSL errors. If you’re not seeing SSL errors right now, you’re all good”, Prego.


Google plans to release the Chrome 63 browser on 5th December however you can test the feature on Chrome Canary.


Remember, about six months ago; Google introduced “Safe Browsing” feature for mac-OS that sends a notification to users whenever they visit a malicious website or download a file containing malware. Moreover, Google also launched bug bounty program for Android operating system showing its commitment to a secure mobile operating system. Let’s hope for a secure web. 

Loading…