Showing posts with label internet security. Show all posts
Showing posts with label internet security. Show all posts

Saturday, August 10, 2019

RASMAN Bug: New Bug to Watch Out for

Windows RASMAN Bug
Windows 10 users might need pest control or in technical terms a “fix” for what is now a newly discovered bug called RASMAN or Remote Access connection Manager bug. The bug seemingly affects only the version 1903 of Windows 10 and not any older versions.

What does Remote Access connection Manager or the RASMAN bug Do?

RASMAN basically is a software that manages VPNs and Windows connections to the outside world or to the more commonly known internet.

The bug will consequently affect this part of Windows functioning. Microsoft even went on their support page and said that RASMAN would stop working and an error “0xc0000005” will be displayed. It has also been noted that this bug seems to be seen only on PCs where the VPN is pegged as always on or “AOVPN” instead of manual only VPN connections.

A Fix for the RASMAN Bug in Store? 


Microsoft says that they are working on a fix as we speak or as I type and will most probably be available later this month.

At present there are no real estimates of the range of this bug. But according to Forbes the number of users affected could range in the 50 million range.

Who’s Affected by the RASMAN Bug? 


The RASMAN bug only affects user’s VPN connections. The bug was first discovered in the recent Windows 10 May 2019 Update. Remote Access Connection Manager typically runs in the background to ensure smooth functioning for the always – on – kinda – VPN. Besides the always – on variety, even VPNs with dial up connections may be impacted.

There are many people worldwide who use a VPN connection, so the number of users affected is likely to be huge. Running in the millions.

Besides getting the error mentioned by Microsoft, you may also see error in the application section in windows Logs coming with Event ID 1000. This will reference an error “svchost.exe_RasMan” and you may also see “rasman.dll”.

As mentioned earlier only users with an always on VPN connection will be affected. So, this is most likely going to affect users in enterprises or in countries subject to strict government control or high levels of censorship.

A Workaround? 


There is also a workaround for the issue by tweaking a few settings. First you have to go to Computer configuration, then Administrative templates. When there, go on to windows components and then data collection and preview builds. There choose allow telemetry and then change the value of safe policy to enabled and set it to either 1 which is basic or 2 enhanced or 3 full.

The alternate route involves the registry file. If you’re someone comfortable with doing this then locate the value for SubKey

HKEY_LOCAL_MACHINE>SOFTWARE>Policies>Microsoft>Windows>dataCollection and then you can change the telemetry settings to 1, 2 or 3 depending on whether you want it as basic, enhanced or full.

If, however you don’t like messing around with registry files or group policy settings then you can always wait for the Windows fix.

Thursday, August 1, 2019

Sodin Encryption Ransomware: New Ransomware Found

Sodin Encryption Ransomware: New Ransomware Found



Top security firm- Kaspersky recently discovered a new ransomware that seemingly targets a known Windows flaw to get elevated privileges. Encryption Ransomware Sodin as the ransomware has come to be known, takes advantage of the architecture of the CPU to avoid anyone from discovering it. This is something that is not commonly seen in ransomware.

A top Security researcher up at Kaspersky also said that it’s not everyday that they get to see ransomware that was so elaborate and sophisticated. As mentioned earlier the whole using – of – CPU Architecture – to – avoid – detection is not something that encryptors normally do.

Number of Attacks Expected with Encryption Ransomware Sodin: 


Experts expect a rise in the number of attacks involving ransomware- sodin. They say this as it is an extremely sophisticated system that involves a lot of resources to create. No encryptor is going to go to all that trouble and money, not to mention, to create a ransomware without any chances of a huge pay off.

Areas Targeted by the Ransomware- Sodin: 


This ransomware has targeted many countries of the world with a spat of the ransomware being seen in Asia. Countries such as Taiwan have been detected with 17.6% of the total attacks and with a 9.8% in Honk Kong. Add to that an 8.8% in the Republic of Korea, and the total comes up to 36.2% in Asia alone. These are just those figures that have been discovered at present.

Asia is not the only the continent to be affected too. Europe, America and Latin America have also reported cases of Sodin.

Besides simply affecting the system, victims were also to pay up $2500 worth of Bitcoin to free up their systems from the control of Sodin.

More about Sodin: 


There was an earlier vulnerability known as CVE-2018-8453 which was used by a hacking group known as FruityArmor. However, this vulnerability was patched on the 10th of October 2018. It was this vulnerability that is used by Sodin to gain control of a user’s PC.


How to Avoid Getting in the grasps of  this ransomware: 


To ensure that you don’t fall a prey to the ransomware- Sodin, make sure you’ve got the latest in software updates on your PC.

Kaspersky researchers also said that by having security products that made regular assessments on vulnerabilities as well as giving patches would help solve problems such as these.

CyberArk have tested Sodin and have found that it can’t get through to Endpoint Privilege Manager’s feature set. The set is a combination of least privileges, application control policies on end point and servers and credential theft protection. CyberArk has tested millions of samples of various ransomware to better understand the infection and how to remove it.

Based on this research, the system is able to identify all known ransomware. For those that it does not have any prior knowledge about, it marks as suspicious and protects information accordingly.

This means that if one end point becomes infected the rest are protected from an organised attack.

Wednesday, November 7, 2018

Apple Just Killed GrayKey iPhone Passcode Hack

GrayKey iPhone

How Apple’s iOS 12 may have just Blocked GrayKey from accessing your iPhone

Everyone believes Apple’s iPhones are one of the best smart phones in the market which maybe true of course! One of the main reasons why, is because of the tight security that Apple gadgets gives to a user. This is at least what many believe to be true but is it a fact? In Android while everything is open source where all are able to see and dissect- that is if you’re an expert in such stuff, Apple seems to be a closed book. That is until GrayKey.

Apple, this may come as a surprise to some, but it is still not indefensible.With GrayKey, users, that is mainly law enforcement, can access your data which is kept locked up in your phone. Of course this whole procedure has not come cheap to them.

What really is GrayKey? 


Grayshift, the makers behind GrayKey manufactured a device that can apparently unlock your iPhone and get to your data. This GrayKey is only sold to law enforcement but has now become useless after Apple’s release of iOS 12.

Grayshift keeps the coding to GrayKey a secret and sells it only to governments and law enforcement to decrypt encrypted devices such as the iPhone.

GrayKey sells for $15,000 a piece with that one piece being able to unlock only 300 devices and for the unlimited variety, the government would have to shell out another $15,000.

Apple’s first Strike to GrayKey: 


The unlimited license that GrayKey provided became less appealing over the summer as Apple launched USB restricted mode in iOS. This update basically ensures that iPhone data is secure after one hour of the phone being locked.

This defense was however short lived as many experts speculated that hackers could keep iPhones unlocked for longer until they got into secure files.

GrayKey one Apple zero!

Apple comes out the winner with GrayKey: 


With iOS 12 Apple seems to have turned the tables on GrayKey. How you say? Well we don’t really know. All we do know is that GrayKey will be able to work only on partial extraction mode now. Which means that all law enforcement officials will be able to get is a few unencrypted files, metadata, folders and not much else.

Keeping a secret with GrayKey:


Grayshift or the makers behind GrayKey have kept everything hush hush about their breakthrough gadget. So, it becomes difficult to speculate how exactly Apple has blocked GrayKey without really knowing how it works.

The bare minimum that we know, is that GrayKey would run propriety software onto the iPhone and open the passcode without the retry option coming on.

Apple may have used deep kernel changes as well as the previous USB restricted mode to block GrayKey besides other things.

But this is not the end for GrayKey. As the company has made a lot of money in the Apple iPhone hacking game it is not likely that they are going to quit anytime soon.

Friday, October 5, 2018

Fruitfly Mac Malware: How to Protect Yourself from Undetected Malware

Fruitfly Mac Malware
credit:NJCCIC
Do you know that from past 15 years there is an undetected malware hovering over your Mac systems? The Fruitfly mac malware is the one that has been undetected since a very long time.

So, if you are not updated with that fruitfly story then here is the brief and latest news for you.

Fruitfly Latest Update: 


FBI has finally solved the 15 years undetected fruitfly mac malware mystery. The Mysterious mac malware was created by an Ohio man just to take control of the malware victims & Mac computers.

The hacker has stoled flies, keyboard strokes, and also watched victims via their webcam secretly and had listened to their private conversations as well. According to the latest FBI report the man has created this fruitfly mac malware in 2003 itself when he was at the age of just 14 years. Since then he is using this malware until his arrest 2017.

The crazy think about this malware is the mac upgraded versions of antivirus programs never detected this “Fruitfly” malware on any of the victim's computers. Even the experts couldn't figure out the working process of a fruit fly and how its creator has spread that virus around the Mac computers.

According to the FBI, the accused used a port scanner to find the internet macs with weak passwords and he logged into these weak systems remotely via the open service ports and he installed and hid the “fruitfly on the user's computers without their notice.

Now, if you are really new this term “fruitfly mac malware” means you will be banging your heads and thinking about what is fruitfly and whats the relation between mac and that fruitfly etc.

If you are one of them then don’t worry here I am going to cover everything about the Fruitfly mac malware.

What is Fruitfly Malware? 


The fruitfly malware is a stealthy but very highly-invasive malware on Macs. As said above this particular malware has been around the Macs for almost 15 years. Even Mac Antivirus programmes and other anti-malware software hasn't found that virus.

Fruitfly Mac malware Discover: 


This highly-invasive malware was first discovered back in January 2017 with a normal blog post from the Malware bytes and it has highlighted its existence.

In that post, the author has explained how fruitfly infects mac computers and he also stated that it has an ability to capture screenshots, view keystrokes and control webcams etc on the Mac. In that post, he also stated that the creator of the malware will have full access to all affected victims.

At that point of discovery, they suspected that the malware has been around 2014 since the OS X Yosemite update but it recently it has been relieved that it was first created in 2003 itself by a 14 years old kid. You will know more about him below.

In that blog post, they have said that this malware is targeting biomedical research centers. And they also said that the first version of this fruit fly is really unsophisticated and it is just using a hidden file and a launch agent to keep the mac infected.

New updated Varients of Fruitfly Emerge: 


After first discover of this fruitfly malware most of the experts tried to resolve this malware but they couldn't crack it. At some stage, all thought the new update from Apple has patched the issues.

But the new variants of fruit fly have emerged and they have infected a large number of computers. The new version has also been undetected by all antivirus. That has made this malware spread even more.

In the July of 2018, a former NSA hacker has done a in-depth analysis of the latest variant and told some interesting facts about the malware. He stated that despite the virus is relatively simple but the malware has full control over the system as there will be no speed in processing and other factors it has been undetected.

In that wardly research somehow he could crack the malware and found the malware creator ip address, the name of the users and other necessary information. And he also found that there are more than 400 infected macs connected to the registered services as he was unable to view the IP addresses and users of those devices he didn't speak a word about them.

He later tried to do further research but said that there’s no way to know how the malware infects computers. However, he said one information that this whole virus has been spread through a tedious and malicious email attachment.

Who’s the mysterious man behind the Fruitfly? 


At that point of time even though he collected all the information but he couldn't do anything because he skipped from his network. But, wardly has discovered that he is a single hacker rather than the team of a hacker. However, he recently got caught in the FBI investigation and he is behind bars.

Although we can't share enough information about him as we only know some information we can say that person is from Ohio State and he has found that malware in 2003.

Who is affected by fruitfly: 


As said, in the above statement the fruitfly has affected more than 400 plus mac computers in a single server but to be frank the list could be increased as well. Although you don't have to worry about these because you can protect yourself from these kinds of attacks. In this article, I am going to disclose how you can protect from fruit fly and other types of malware.

How to protect yourself from fruitfly: 


Apple has released all the security patches for fruitfly earlier this year. But as the newer version comes into the place you have to be very careful in dealing with email attachments and spam emails.
You should not open any kind of spam or unknown emails. Apart from that, you have to keep your password much stronger than ever because he has remotely accessed weak password-protected accounts. So, you have to take care of your password as well.

As of now, the mystery has been relived so all the antivirus has updated their core algorithm according to it and you can quickly find these type of malware with Anti-malware or Antivirus programs.

How that fruitfly malware looks like: 


If you are a techie who is striving to see the malware code means you can see that in this posts. This code was first published in the “ malware bytes” Blog post only. We are just using this as a reference to show you how the fruitfly mac malware looks like.

The malware was extremely simplistic on the surface, consisting of only two files:

~/.client
SHA256:
ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044

~/Library/LaunchAgents/com.client.client.plist
SHA256: 
83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3

You can see full code in the malware bytes post. This is all about the fruitfly mac malware.

Conclusion: 


As this fruitfly malware can be detected by some of the antimalware tools you can stay protected from it. Along with that keep, a secure and robust password will always keep you safe from most of the malicious programs.

I hope I have covered every aspect of the fruitfly mac malware. Now it's up to you if you have any queries you can let us know in comments section below.

Thursday, January 11, 2018

Intel, ARM and AMD Chip Scare: What You Need to Know

chip
In recent news Google’s team Zero team has come out with a report that shows that hackers could potentially get through to your personal data through a fundamental fault in chips.

Coming at a not so great time for the industry with the consumer electronics trade show only a few days away, this scare about a security flaw has put the world on pins. With 1.5 billion users having laptops and desktop computers, the security flaw is far reaching and could be potentially very damaging.

What is the security Flaw about? 

Researchers have discovered that flaws in CPUs or to be more precise the chips that do most of the processing, seem to have gaps that allow or could allow hackers to gain access to a user’s most private data such as credit card passwords. These chips that are most susceptible to hacking are the Intel, ARM and AMD chips.

The security flaws are mainly of two categories. Meltdown is one of the security flaws that affect desktops, laptops and internet servers running on an Intel chip. The more far reaching of the security flaws is spectre that could affect smartphones, tablets as well as PCs running on any of the three chips that is Intel, ARM and AMD.

Also coming under the purview of the security flaw is any computer or device connected to the cloud, too can be susceptible to an attack.

How serious is this Security Flaw to be taken? 

The security flaw is no doubt far reaching, however, there have not been any reported cases of people taking advantage of this security flaw at present.

This is not to say that with the news being divulged of such a security flaw, there won’t be people out there who are going to look out for loopholes to get to user’s personal data.

The most important thing for users to do at present is to ensure that their systems are up to date with the latest update and any third party security packs should also be updated at the earliest.

Safeguarding against the Security Flaw: 

The news about the security flaw was already known to tech experts at least 6 months prior to when the issue has come out. This has given them ample time to develop patches and fixes for the security flaw.

All users no matter what the device should install the latest update as soon as possible to protect their data from any potential threats.

Effects of downloading the patches: 

Downloading the patches, as researchers have discovered, will likely slow down performance by at least 30%. Intel has rubbished the claims saying that they are exaggerated and any performance slowdown will be mainly work related.

With the CES coming up shortly, researchers are worried about how news of the security flaw is likely to affect sales of products on display.

News of the security flaw has revealed a fundamental flaw in the way that chips are made which will now require a complete rethinking of how chips are to be developed.

Tuesday, December 19, 2017

Why A Little Prevention Can Go A Long Way: Taking A Look At Apple’s Newest Security Glitch

total av
Security issues are always problematic, nerve wracking, and potentially dangerous. While we might expect that non-tech savvy people have unsecured operating systems, even tech companies with a long history and respectable reputation aren’t immune when it comes to making a mistake regarding security.

In late November, when the news of a security breach spread quickly, Apple had little time to find a way to fix the potentially dangerous problem on the Mac OS High Sierra. Just in case you were offline or disconnected from the major comings and goings of the tech world, here’s a brief synopsis of what happened.

A Major Scare on Mac OS High Sierra


Gaining full access to a computer system should never be easy. Unfortunately, when a glitch occurred in High Sierra’s security, virtually any user could replace a username and password with “root” whenever prompted to enter in secure information.

What is “root” and why is it a big deal? According to Apple, the user account named “root” is a superuser (or a Mac administrator) who has reading and writing privileges to other parts of the computer, which includes files in other Mac OS user accounts.

Normally, the “root” user is disabled and you can enable certain functions after following a long sequence of steps. When any High Sierra user had access as a Mac Administrator, this made systems extremely vulnerable (especially on computers where there were multiple users).

While many users weren’t interested in admin privileges or didn’t feel threatened because they are the only one who uses the computer, it was a big security scare that needed a fast fix. Apple was able to remedy the issue, with little criticism, and for now, High Sierra is operating as normal, which is a huge relief for Apple and its users, alike.

What Do We Learn From This Security Scare? 


Not only do we learn that even professional, knowledgeable, and reputable companies make mistakes, but having extra security on your computer, such as programs like Total Av, can save you from spending money on fixing the issue or worrying about if any of your personal information is in someone else’s hands.

Many tech companies offer good security and have automatic updates for all of their users, but there’s nothing wrong with taking the initiative to make your computer as secure as possible.

While Apple may have learned its lesson to tighten up its security, there’s always a chance that another security scare, much like the High Sierra debacle, can arise at any moment and make millions of computer users at risk of a security breach.

If you add a little extra security to your computer your computer and your information will stay safe is all other security measures fail. Worried that you may be “too protected?” When it comes to securing your computer, and all the information on it, there’s no such thing as being too protected.

Monday, October 9, 2017

Boot Bug in Macs and PC’s

 Mac
Your Mac or Pc could be at risk. Duo security a leading security agency has recently reported that a number of computers could be at risk from sophisticated attacks on personal data stored in computers due to outdated tech.

Many macs were the subject of this research, with many found not to be updating core firmware. This poses a major problem as these computers could be the subject of organized hacking. Although the software, that is operating systems, are being updated on a regular basis especially with prompts given by the computer itself, the basic firmware is not being updated in some computers.

This firmware is known as Extensible Firmware Interface or EFI in short. What it does is to ensure that the computer starts up and runs the main operating system. What it basically means is that it is the foundation for all the rest of the software programs. Of course this is not a problem that relates to only Apple computers but also to windows run computers. Research shows that windows run computers may be even adversely affected due to the fact that computers are made by a range of manufacturers thereby making it difficult to bring all the security for the firmware under a single umbrella or to follow common standards.

Research of more than seventy thousand has showed that some computers could be at risk from a well- resourced and organized hacker such as foreign governments, for espionage purposes. While it may not pose so much of a threat to house users, it could cause serious problems for big players in the field such as government bodies running on outdated versions, banks, top companies and the like.

The boot bug problem is even more serious because of the fact that it does not inform the user of updates to the firmware. Duo security was alarmed to see that so many macs were susceptible to boot bug. They had to go back and double check the results to ensure that they had reached the right conclusions.

How boot bug came into focus is when researchers studied mac computers to see whether they updated firmware when software was updated, which is supposed to be done automatically when software is updated (No prompts are given to the users to update firmware separately) , they found that few computers were not doing the same. At least 4.2% of the computers tested were not being updated. This led to the question as to why this was not happening. Till date no conclusive answer has been reached.

As many as 16 models of Apple macs have been affected by boot bug. Duo security is now providing various tools to be used to identify boot bug in various organizations. Apple has not only appreciated the finding but is also working alongside the security firm to analyze the cause of boot bug. So far both companies are not able to find the answer for such a problem. Shell scripting for network engineers helps both new and experienced professional network engineers to Bash shell scripting on the Linux operating system.


Apple has addressed the problem by releasing a feature known as High Sierra which is a software that runs in the background and checks every week to see if firmware is being updated. If this is not happening then the user is informed to contact the company.

Apple said in an interview that it is committed to providing the best security possible to their users and is taking steps to rectify the issue.

Friday, April 28, 2017

iPhone Users Warned About Potentially Dangerous "Siri 108" Prank

Siri 108

Caution – Viral Social Media Campaign 


The police department all across the United States are annoyed over a viral social media campaign which has encouraged iPhone users in saying the number 108 to Siri as a prank, which has gone viral. The police have stated that the scam has been spreading all over Facebook as well as Twitter and when iPhone users tend to test the Siri command `just for fun’, they are in reality tying up phones lines at the emergency call centres.

 If you dial 108 you will hear `calling emergency services in five seconds and within a span of five seconds, you will be transferred to 911. Sergeant Adrian Page with the Lonoke Police Department in Arkansas in a Facebook post which had gone viral with over 1,100 shares, had informed users not to fall for it, since it seems to tie up emergency lines. It has been designed specially as a panic code. The number 108 is in fact the emergency services number in India.

 As reported by sources, Apple desired to make it simple for people to contact emergency services from any location in the world and so telling Siri any emergency number of a country would get the user connected to the service for any location. You could ask Siri to call 911 if one is visiting the U.K. and it would dial 999 for local help.

Phone System Preventing Emergency Calls


The Annapolis Police Department in Maryland had mentioned that this prank has been spreading among Annapolis teens and has the possibility to tie up dangerously the 911 phone system preventing emergency calls from being instantly answered.

They have cautioned users not to fall for this trick. According to the National Emergency Number Association , around 240 million calls are said to be made to 911 each year in the U.S. most of which are made from wireless devices and placing prank call to 911 is said to be an offence.

The Marshall Police Department in Wisconsin had warned recently that this prank is problematic since it tends to use resources which are important for others attempting to receive help in case of genuine emergency conditions.

 The police has informed that essentially, telling Siri to call 108 is not a jest and the same should not be done unless in genuine emergency cases. The police agencies all over the U.S. have been cautioning iPhone users of a probable dangerous viral social media prank.

Users Call Emergency Services From Any Location

Pranksters are attempting to trick users into saying `Hey Siri, 108, prompting the digital assistant to contact emergency services wherein the number in India is equivalent of 911. Siri tends to begin a five second countdown on hearing `108’ enabling the users with the opportunity to terminate the call before it goes through.

 But pranksters who seem to share the trick tell users to `close their eyes and wait for 5 seconds before looking at their phone. Though 108 is said to be the emergency service number in India, Apple has made it that way in order that users can call emergency services from any location they may tend to be in the world, according to CNET.

 Users sharing the trick on social media may consider it as harmless but a similar incident had resulted in the death of a six month old boy wherein the caregiver had called 911 thrice on T-Mobile phone and was kept on hold each time she had called and resulted in the death of the infant.

Wednesday, September 14, 2016

Apple Mac Virus Can Take Screenshots and See Everything You Type

mac

Mac Users Cautioned – Latest Dangerous Virus


Owners of Apple Mac are being cautioned regarding a latest dangerous virus which seems to view all things typed, takes screenshots every thirty seconds as well as accesses all your documents and the videos.Some years back, Flashback malware had broken a security flaw in Java and managed to infect 600,000 Macs, roughly 1% of the user base. Details regarding the same have been posted on the website of Apple.

Thereafter there have been other issues. The KitM.A backdoor application on OS X had taken screenshots of the desktop of user and recently the Rootpipe exploit seemed to be difficult in fixing it. Bogdan Botezatu, Senior E-Threat Analyst of Bitdefender has clarified that `Mac OS X software has more high-risk susceptibilities than all forms of Windows put together.

Apple markets these products as virus-free and states that you do not need an antivirus since they are aware that people hate antivirus software. These utilities often tend to slow down the computer, so they don’t want to promote them’. The Apple Mac virus is a kind of a malware known as Mokes.A which had been discovered by Stefan Orloff from Kaspersky Labs. Same type of malware had also been discovered earlier this year on windows.

Enables Hackers to Remotely Take Control


Since the virus has the potential of seeing what keys have been typed by the user, it tends to give cyber criminals access to passwords, details of bank account together with other personal information. Stefan warns that it also enables the hackers to remotely take control of a breached Mac.

The detection of this unusual OS X malware came up a week after Apple had been forced to release two major security updates for iOS as well as OS X operating systems. Updates had been released after security analysts found out that the hackers could control a device with only a click of a malevolent link.

 Though the devices of Apple are said to be less vulnerable to malware and the viruses than PCs, this is not the first effort that hackers have attempted to target the Mac computers. Mac users had been targeted, earlier in the year in a ransomware attack which could lock their machine till they had handed over payment to the hackers.

Mokes.A Virus – Infect Macs


iPhone users most recently had been continually under attack in an extensive range of phishing attacks. It was unknown how precisely the Mokes.A virus tends to infect Macs; it seems a complex thing for user to know how to defend themselves from it.

Often users are reminded to utilise the anti-virus software and refrain from downloading software, email attachments or any other files from any unreliable source. Users are recommended to always ensure that their operating system is kept up to date. Since several people refrain from using antivirus software on Macs, it tends to get difficult in handling the size of the risk.

Bogdan clarifies that the absence of adoption of antivirus solutions on Mac OS X is evading the truth since malware is not going to get reported. All are aware of the happenings in the Windows eco-system due to this visibility and threat intelligence, but with Mac OS X there is often no antivirus to report back to base’.

Friday, March 4, 2016

Thousands Of Popular Sites' at Risk of Drown Hack Attacks

Drown_Attack

HTTPS Susceptible to Drown Attacks


Researchers on discovering that a new method tends to disable their encryption protection have cautioned websites that they could be exposed to spies. An expert has stated that a third of all computer servers using the HTTPS protocol tend to be represented often by a padlock in web browsers and were susceptible to the so called Drown attacks.

They have warned that the passwords, credit card numbers, emails as well as sensitive documents can be stolen as a result. The issue would be sought though it would take some time for several of the website administrators to protect their systems. A tool that would identify websites which tends to be susceptible has been released by the researchers. They have said that they had not released the code used to prove their theory since there seems to be several servers still susceptible to the attack.There is no evidence yet, that hackers have worked out how to replicate their technique.

An independent expert had commented that he had no doubt that the problem could be real. Prof Alan Woodward from the University of Surrey has stated that `what is shocking regarding this is that they have found a way to use a very old fault which we have known since 1998 and all this was perfectly avoidable.

Computer Server Prone to Attack Supporting Encryption SSlv2


It is the outcome of having used deliberately weakened encryption that people broke years ago and is now combing back to haunt us. Researchers, cyber-security experts from universities in Israel, Germany and US, together with member of Google’s security team have discovered that a computer server can be prone to attack by just supporting 1990s-era encryption protocol SSLv2 – Secure Sockets Layer version 2, even if it employs a day-to-day more modern encryption standards to scramble communications.

Older email servers, in practice, could be more likely in having this problem than the latest computers naturally used to power websites. However, several of the organisations tend to reuse encryption certificates and keys between the two sets of servers. Researchers have dubbed the flaw Drown, which is an acronym for decrypting the Rivest-Shamir Adleman – RSA process with obsolete together with weakened encryption.

Careless Server Configuration


They wrote that operators of vulnerable servers should take action. There is nothing practical which browsers or end-users can do on their own to protect against this attack. The SSLv2 procedure had been weakened deliberately since at the time of its development, the US government needed to attempt to restrict the availability of tough encryption standards to other countries.Prof Matthew Green from Johns Hopkins University had blogged that the problem is while clients such as web browsers have done away with SSLv2, several servers tend to support the protocol.

 In most of the cases, it is the outcome of careless server configuration. In others, the fault lies with inferior obsolete embedded devices which have not seen an update of software in years and possibly never will. A considerable amount of computational force would be needed to mount a successful attack on a website.

 However, researchers have stated that under normal situations, hackers tend to rent the needed capacity from Amazon’s cloud compute division for a sum of $440. Besides this, since several of the servers seem to be in danger to Drown had also been affected by separate bug, a successful attack could be carried out utilising a home computer.

Tuesday, October 6, 2015

Over a billion Android Devices Vulnerable to Latest Stagefright Bug

Stagefright_Bug

Billion plus Android Devices at Risk – Stagefright


According to security experts, over one billion Android devices are considered to be at risk from new vulnerability known as Stagefright 2.0.This vulnerability had been discovered by a team of researcher at Zimperium, which is a mobile security firm and is considered to affect almost all Android devices from the first version in 2008.

 The new bug had been discovered in Google’s mobile operating system that enables attackers to insert malicious code in deviceto retrieve information when a use accesses a particularly crafted MP3 or MP4.The attack is on the vulnerability in MP3 and MP4 video files which once opened tend to remotely execute code. This could comprise of installing malware, get hold of data for identity fraud or to access photos as well as messages.

 Due to the nature of the vulnerability, it would be difficult to tell if a device has been affected. First Stagefright bug is said to leave device susceptible to exploitation with the video sent through MMS that are utilised as an avenue of attack. Since several messaging apps tend to process the videos automatically, there are possibilities of being targeted without being aware of it.

Stagefright 2.0 - Dangerous


Speculations are on that Stagefright 2.0 could also be quitedangerous. Stagefright 2.0 tends to utilise similar avenues in exploiting the weakness, by using MP3 audio of MP4 video files which when opened, the malicious files tends to activate a remote code execution – RCE, providing scope for hackers with the capabilities of remotely executing activities on the device.

This could comprise of media player or messengers besides mining data for identity fraud, installing malware and much more. There are various ways by which a user could be attacked. At first a hacker would try convincing a user to visit a malicious webpage and view music or a video file which would provide the hacker with an opportunity of hacking a user.

 Moreover they could also intercept unencrypted traffic from the device and another server which is known as a man-in-middle attack for the purpose of inserting the malicious code in the file which is to get transferred.

Susceptibility is in Processing of Metadata in Files


According to Zimperium in a blog post recently has mentioned that `the susceptibility is in the processing of metadata in the files and hence only viewing a song or a video would help to activate the issue’. Zimperium had also notified the Android Security Team of the problem. Google had mentioned in Nexus Security Bulletin that `vulnerability in media-server would enable an attacker during media file and data processing of a specially crafted file to cause memory corruption and probably remote code execution as the media server process.

The issue is considered as Critical severity due to the possibility of remote code execution as the privileged media-server service. The media-server service has access to audio and video streams together with access to privileges which are normally not accessible to third party apps. Attackers at this point of time are still assumed and users are not yet subjected to the bug.

Google has informed that the vulnerability handled in its monthly security and a fix is likely to be issued in its monthly security update for Android in October with patches for other phones in the pipeline. Besides this Google has also made provision for patches to LG, HTC, Huawei, Samsung and Sony wherein the companies would probably roll out over the next month.

Monday, September 7, 2015

Chinese iPhone Users Hit by 'KeyRaider' Malware

Keyraider
iPhone had commanded a safe and sound to be true a secure history in its eight years of history. It happens to be the most secure smartphone till now. Most of the people resort to jailbreak the iPhone in order to download mobile apps from other online play stores. This seriously limits the security level by removing the system security features, which are made available on the iPhone by Apple. A malicious software had been successful in stealing a wide number of login names and passwords from more than 225,000 Apple accounts in China.

A security firm finds a rogue malware in iPhone devices

A security firm named Palto Alto Networks was investigating the suspicious activity found a wide number of Apple devices. During the investigation, it came across a malicious software family, which was specifically targeting the Jailbroken Apple iPhones devices for some time.

This malicious software is being KeyRaider and it has affected a large number of iPhone users in China along with 17 other nations.

How KeyRaider affected the iPhone users?

Once an iPhone user downloads and install the malware which remains hidden in the packages of codes and it offers a number of tweaks to the iPhone’s operating system. The Keyraider is designed in s such a way wherein it can easily intercept the user’s iTune’s login details and then store the same data on a remote server.

After stealing the user’s iTunes payment information and other details, attackers use it to install paid apps on other iOS devices. Palo Alto Networks had even found a separate app, which allows the users to install paid apps from the Apple app store of cost and till now this app has been downloaded more than 20,000 times. The payment from this free app is being done by the KeyRaider’s victims.

How serious is this attack?

For most of the iPhone users KeyRaider is not a big issue as long as they install only those apps, which are approved by the Apple’s app store. It should be noted that most of the iPhones are not Jailbroken but users who had already jailbroken their devices should certainly worry about the KeyRaider as it can easily steal their lognames and passwords and other things.

People who had already suffered from the damage of KeyRaider will find themselves being charged for someone else’s stolen iPhones apps. The security firm had even stated that in some cases it found evidence wherein malware was used in locking up the phone and asking for ransom.
Beware of third-party app stores
Apple devices are third most popular brand in China after the Huawei and Xiamoi as per the reports by IDC. Apple app store has a wide number security checks in place, which helps in thwarting the malicious apps from listing in the store and helps in safeguarding the iPhone users. But the third party app store doesn’t offer similar kind of security checks and controls in place which results in the distribution of malicious software.

Tuesday, January 20, 2015

Apple Laptops Vulnerable To Virus That 'Can’t Be Removed


Thunderstrike
Thunderstrike – Malicious Code in Boot ROM 

Security researcher has discovered a way to install malicious code on a small chip built in Apple laptop which would resist any attempt in removal of it and even replacing the entire hard disk will not be capable of deleting it.

 The attack named, `Thunderstrike’ installs the malicious code in the Boot ROM of the system through the Thunderbolt port. Thunderstrike is undetectable and would need an attacker to get access to a machine for a few moments and since it is new, no security software would be on the lookout for it. Trammel Hudson working for New York hedge fund Two Sigma Investments noted the discovery when his employer asked him to check into the security regarding Apple laptops.

He wrote a comment in an annotated version of a talk given at the 31C3 conference stating that they were considering deploying MacBook and was asked to use his reverse engineering experience to look into the reports of rootkits on the Mac. The first step he took was in dismantling one of the laptops in order to gain access to the boot ROM which is a small chip containing the code that enables the computer to operate when switched on, before the main operating system is loaded.

Bootkit – Difficult to Delete

The malicious code could be hidden in this ROM and unlike other normal virus residing on the hard disk, this particular one cannot be deleted which is known as bootkit. The code could be used to do anything, an attacker would desire, from covertly probing the user to leaking sensitive data that is available on the machine.

 Researchers, though earlier have observed that modifying the contents of the ROM in Apple laptops causes the computer being completely unusable and as security measures, one should look for any changes and shut down if they come across anything. Hudson was of the opinion that these security measures could always seem to be `doomed to fail’ or `futile’ since anyone getting access to the contents of the ROM could also get access to the code which checks the ROM for changes.

On the contrary, he states that there should be some unchangeable hardware chip which could perform these checks. It was also observed that the attack could be done without the need of physically taking the machine apart in order to get the chip, which can be done by using the Thunderbolt port and theoretically any device, a monitor, printer or hard disk could be utilised in stalling malicious code by plugging it in some simple steps.

Partial Fix - By Apple

Hudson informed that Apple is planning a `partial fix’, as a firmware update would stop the ROM from being overwritten with malicious code in certain situations, though not all, like when a machine is being rebooted with a malicious Thunderbolt device plugged in. He had approached the company regarding the flaw in 2013.

His suggestion to prevent the attack is to overwrite the ROM with their own code which would disable any remote attacks through the Thunderbolt port and then paint over the screws on the laptop with nail varnish to detect any unauthorised physical access to the ROM. This measure however is time consuming since it is out of reach to all but only to the most advanced security experts.




Friday, November 7, 2014

Apple Malware Affects Chinese Users


Malware
New Type of Malware - WireLurker

A new type of malware has been discovered by Palo Alto Networks which can infect Apple desktop and mobile operating systems, highlighting the increasing attacks on iPhones as well as Mac computers.

The malware tends to target Mac computers through a third party store before it can copy itself to iOS devices and researchers warn that the malware steals information and is capable of installing other damaging apps.

`WireLurker’ as it is called, is unlike anything that is seen with regards to Apple iOS and OS X malware, according to Ryan Olson, Intelligence director of Palo Alto Network and `the technique in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best known desktop and mobile platforms’.

 It also has the potential to transfer from an Apple Mac computer to mobile devices with the use of a USB cord on regular, non-jail broken iOS devices and hop from infected Macs to iPhone.

Attackers – Chinese

Recent statement from Palo Alto Networks report that it has seen indication that the attackers were Chinese and the malware originated from Chinese third party apps store and seemed to affect users in the country.

As per the security firm, the malware can steal a variety of information from mobile devices, it infects and regularly request updates from the attacker’s control server. The company states that it is under active development and its creator’s final goal is not known.

It was first noticed by Palo Alto Networks in June when a developer Tencent a Chinese firm, realised that there were suspicious files and processes occurring on his Mac and iPhone and on further inquiries it was revealed that a total of 467 Mac programs listed on the Maiyadi App Store had been compromised to be included in the malware where they were downloaded 356,104 times till 16th October.

The software that was infected was popular games inclusive of Angry Birds, Pro Evolution Soccer 2014, The Sims 3 and Battlefield – Bad Company 2.

Communicates with Command & Control Server

The malware spreads via infected apps that are uploaded to the apps store which in turn were downloaded on Mac computers. Once the malware gets on the Mac, it communicates with a command and control server to check if there is a need to update its code, waiting till an iPhone, iPad or iPod is connected.

If an iOS device is connected, the malware checks it was jail-broken which is a process utilized by some in order to remove some of Apple’s restrictions and if jai-broken, WireLurker then backs up the device’s apps to the Mac, and repackages them with malware, installing the infected versions back on the iOS machine.

If it is not jail-broken, in the case of most of the iOS devices, WireLurker takes advantage of the technique which has been created by Apple to enable businesses to install special software on their employee’s tablets and handsets.

 To reduce the risk of attack, Palo Alto Network have suggested the following: not to download Mac app from third party stores, not to jailbreak iOS devices, not to accept request for new `enterprise provisioning profile’, unless it comes from an authorised party for instance the employer’s IT department, not to connect the iOS device to unreliable computers and accessories to either copy information or charge the machines.

Tuesday, August 26, 2014

5 ways to increase security and privacy of your iPhone, iPad and Mac

Apple products are known for not just their simple yet awe inspiring designs but also the hardware mechanism that makes them such useful devices. The Apple product owners have from little to no reasons to complain and have been fully satisfied as far as the product performance is concerned. However, with the number of users increasing exponentially, it is only a matter of time when someone will be able to hack into the Fort Knox of devices. This is the reason why you as an end user should pay greater attention to the security of your iPhone, iPad and Mac.

Even though Apple makes its products more and more convenient with each upgrade, it is the responsibility of the end user to ensure its complete safety and maintain its privacy. Depending upon the sensitivity of the data on your device, you can toggle the settings on your phone and monitor the security arrangements. The idea is not make the phone so impenetrable that even the user gets nightmares while trying to get inside their device. However, the security and privacy tips will only make sure that breaking into your phone or device is extremely unattractive to the thieves or pranksters who can be dissuaded from their antics by just looking at the layered security.

Use a reasonably strong Pass Code 

The latest iPhone 5S has a biometric system which is unbeatable when it comes to identifying its true owner. However, for any other devices, the owners can use reasonably tough pass codes to unlock their phones. They should be hard to guess but not something you can’t easily memorize. iPhone 5S users can also use stronger pass codes rather than using the biometric unlocking system for added security.

Turn off Personal Notifications on the locked screen

While it is very simple to quickly gaze at notifications on the home screen, it can also be very unsafe if your phone is in the hands of anyone other than you. Your pass code lock will defeat the whole purpose if people can read your personal notifications even when the phone or the device is locked. It is better to turn off the notifications on your home screen when the screen is locked so that no one but you can read your private messages.

Go for 2-tiered security layer

This might seem a little over the top to add to layers of security on your Apple device. However, considering the sensitivity of the data we have on our phones these days, it seems like a very small level of security. All it takes is add another layer of password on the apps to get the added security. You can make your device twice as strong by just introducing another level of pass code.

Keep your web browsing private

If you do not wish your web browsing history to be tracked or recorded, you can use the private browsing feature of safari. You can also enable the private browsing from the bookmarks, tabs etc which makes it easier and more convenient. Also, if you are on the network that you do not trust and are using the browsing for personal and sensitive information then you can also gain access to the VPN service that will keep your data private. Needless to mention that with all the browsing that happens on internet enabled devices, you must also secure your devices with a reliable piece of antivirus software like Bitdefender Antivirus for Mac that will deter any hacker from trying to hack into your device.

Delete the Web History Data

If you have not used private browsing by Safari and now want to remove the data from your device, you also have the option of wiping your device clean and start afresh.