Author Archives: Nandita Jha (noreply@blogger.com)

E Hacking News – Latest Hacker News and IT Security News: Malware ‘Operation Sharpshooter’ hits government and defense firms: McAfee



McAfee's research team have found a new malware campaign that has targeted dozens of private and government organizations around the world.

The malware campaign dubbed as  “Operation Sharpshooter” has targeted more than 100 organizations in 24 countries in just a few weeks. The organizations were affected by the campaign includes nuclear sector, defense, energy, and financial companies.

The hackers send a  phishing email giving an impression to the reader as a recruitment message, once he/she opens the message, the Rising Sun implant is installed inside the device and it gives a fully functional, modular backdoor that performs reconnaissance on victims’ network.

After setting up of the Rising Sun implant, attackers gain a full access to machine level info, including documents, usernames, network configuration, and system settings.

"We know that this campaign was intended to conduct espionage, indeed it was only recently launched. The question of the ultimate purpose remains to be seen," Raj Samani, chief scientist at McAfee, told CNBC.

"In many cases, such attacks are a precursor for something else, however, we are hopeful that identifying and sharing the details will prevent the true nature of the campaign from being carried out."

As per the primary investigation, it appears that the attack could be linked to the Lazarus Group, a cybercrime group associated with North Korea because it uses the same source code of a hack that targeted South Korean firms in 2015.

The “numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags,” the research said.


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Toyota Develops a Car Hacking Tool ‘PASTA’


A security researcher at an automobile maker Toyota has developed an open source tool dubbed as PASTA (Portable Automotive Security Testbed) for testing the cyber vulnerabilities in modern vehicles.

The researcher Takuya Yoshida, who is a member of Toyota's InfoTechnology Center, demonstrated the  PASTA testing platform at the BLACKHAT EUROPE 2018, along with this other team members.

The company has revealed that they plan to share PASTA’s specifications on Github, and initially, Toyota intends to sell the system in Japan only.

"There was a delay in the development of cybersecurity in the automobile industry; [it's] late," Toyama said in a pdf shared by a Blackhat Europe.

The PASTA is a 8kg portable briefcase size. It exposes flaws in the automated, internet-connected automobiles.

According to the researcher, the tool simulates a remote operation of wheels, brakes, windows, and other car features rather than "the real thing," for safety reasons.

"It's small and portable so users can study, research, and hack with it anywhere," Toyama further added.


Here are the complete White paper and Presentation for Car Hacking Tool project.
Download Presentation Slides
Download White Paper


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Phishing Emails Requests Gift Card Purchases




Hackers are doing their best to maximum utilize the holidays for financial gain. The attackers have launched a new spear phishing attack in which they pose as CEOs of the victim's workplace to trick them by sending gift cards, a per report of email security researchers at Barracuda Networks. 

These phishing campaign emails don't include any attachments,  malicious links, or any other files, unlike other phishing campaigns. The other major thing in this campaign is that is sent from a trusted email domain. As a result, most of the email filters do not find them as a threat. 

According to Barracuda Networks, the attackers are targeting users not only by using a phishing campaign but also psychologically. By impersonating as a  CEO, they are urging users for requests for secrecy, it seems that attackers have researched a lot about the relevant details and implied urgency. 

“In all of these attacks, the emails were sent from free personal email services with a relatively high reputation. In addition, they do not contain any type of malicious payloads, such as links or attachments,” wrote Asaf Cidon, Vice President at  Barracuda Networks. 

“Instead the emails rely solely on social engineering and impersonation to trick their targets. These types of attacks are very hard for traditional email filters to pick up because they are targeted, have a high reputation, and do not contain any obvious malicious signals.”


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Hacker hijacks 50,000 printers urging them to subscribe to PewDiePie’s Youtube channel




A hacker took the whole sole responsibility of hijacking over 50,000 printers worldwide to print a message to subscribe to  PewDiePie's YouTube channel, which is the most -subscribed channel on YouTube.

Youtuber Felix Kjellberg owns the top channel for years now, but his position has been threatened by a channel T-Series, which is owned by a music production company in India. The growth rate of a subscriber of the music channel has been explosive in 2018,  it has over 72 million subscribers while PewDiePie has 150,000 fans. Many analytics think that T-Series’ subscriber would soon overthrow PewDiePie from its position, but Kjellberg's fans are putting up a fight. 

The Twitter handle, TheHackerGiraffe, tweeted about the attack in a Reddit AMA that reads, ‘I hacked 50,000 printers worldwide out of potential 800,000 for PewDiePie and security awareness.’

The hacker took advantage of an open network port of printers that are connected to the internet. To exploit this flaw they used a tool called PRET, which  allow attackers to “captur[e] or manipulat[e] print jobs, accessing the printer’s file system and memory or even causing physical damage to the device.”

According to the Verge report, the attackers used Shodan, a database of devices connected with the internet where the hacker "found 80,000 connected printers and decided to attack 50,000 of them to raise awareness about printer security." Out of all the hacked printers, about 15000 printers were in India.


“Your printer is exposed,” TheHackerGiraffe replied to a user on Twitter. “I’m trying to warn you to close it, how else am I gonna get your attention?”

“I didn’t think this would work when I did it,” TheHackerGiraffe said on Twitter. 


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: SKY Brazil’s unprotected servers exposed 32 million customer records



A leaky database belonging to 32 million customers of SKY Brasil is available to anyone without any password protection. 

A Brazilian security researcher Fabio Castro discovered multiple servers in Brazil running Elasticsearch that doesn't need any authentication to retrive information, was available for hackers to steal informations. 

 According to the security researcher, the informations contained on the database included customers’ full names, email addresses, service login passwords, client IP addresses, payment methods, phone numbers, and street addresses. 

The size of one of the databases discovered was over 429GB, and it contained very sensitive informations of SKY customers. 

"The data the server stored was Full name, e-mail, password, pay-TV package data (Sky Brazil), client ip addresses, personal addresses, payment methods," Castro told BleepingComputer. "Among other information the model of the device, serial numbers of the device that is in the customer's home, and also the log files of the whole platform."

Sky Brasil did not reply to a request for a comment. 


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Marriott hotel hack exposes 500 million customers data




Marriott International Inc. has admitted that a massive data breach has compromised the  guest reservation database at its Starwood unit which affected approximately 500 million guests. 

The hotel chain said in an internal investigation they found out an unauthorized party had been found accessing, coping, andd encrypting its data from reservation system since 2014. 

Once the internal investigation is completed the company would notify all its customers whose records were breached.

The company released a statement stating: "For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”

 Some of the customer's payment card number and payment card expiration date were also included in the database. Marriott had reported the breach to law enforcement.

“There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken," the company said in its statement. "For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.

The company has launched a separate website to  readdress the grievances of the affected customers and give them  more information about the breach. They are offering  customers from US and some other countries a year-long  free subscription to a fraud-detecting service.

“We deeply regret that this incident happened,” said Arne Sorenson, Marriott’s president. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests and using lessons learned to be better moving forward.”




E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Fraudsters using Google Map flaw to dupe people




Scammers have found a new loophole in the Google Maps  interface that allows them to edit the contact details and addresses of major banks, by which they have tricked users into revealing their their bank details like CVV and ATM PINs.

According to Google’s User Generated Content policy, anyone can edit the contact details and address on the platform. Taking advantage of this flaw,  a group of Thane-based con artists have updated the contact details of Bank of India and putted their own contact number, by this way they have been able to fool people.

“We have received at least three complaints from the Bank of India (BoI) over the last one month. In all three instances, we immediately notified the authorities at Google,” the Superintendent of Police, Balsing Rajput of the State cyber police quoted in the Hindu.

Meanwhile, the Bank of India spokesperson said that they have checked and changed the contact details of their branches on the Google Maps.


BOI's spokesperson said, “After these incidents came to our notice, we modified the contact details on these branch listings on Google Maps. We asked users to use only Bank of India’s official website to search for branch contact details.”

However, the Google's spokesperson said, “Overall, allowing users to suggest edits provides comprehensive and up-to-date info, but we recognize there may be occasional inaccuracies or bad edits suggested by them. When this happens, we do our best to address the issue as quickly as possible. The Google Safety Center outlines tips to help consumers stay safe online.”


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Facebook Messenger app crashed for users around the world




 

 

Facebook Messenger has crashed for several users around the world, it specifically affected users in the United States and Europe.

The outage happened a day just after launching a new feature which allow users to delete messages on the app. However, on late Monday, thousands of users were unable to receive messages, send messages, some of them even faced problem in logging-in, and connecting to the Facebook servers.


According to the Down Detector, a portal which track outages report that within ten minutes of Messenger's blackout they got 2,535 reports, and multiple reports were reported from around the world on Twitter.



The Messenger was down for a few hours before being set to normalcy. Facebook did not reveal the reason behind the outage.


"Messenger is generally reliable, but has had more issues recently, with four outages in September alone," said a Forbes report.


The Facebook has introduced a new "Remove for Everyone" feature on its messaging, it gives users ten minutes to delete a sent message. It was initially only available for CEO Mark Zuckerberg. Now, it is being rolled out for all the users around the world.

 

Messenger has over 1.3 billion monthly active users, and 1.5 billion monthly average users.




 


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Security bug exposes password of Instagram users





A security bug inside Instagram's “Download Your Data” tool that could have been exploited to expose password of thousands of users around the world.

 The feature "Download Your Data" was introduced in April this year after the change in the European Union’s General Data Protection Regulation (GDPR).  It allows users to download a copy of their data.

According to the Independent, the users who used the feature were able to see their password in the URL of their web browsers. Upon further investigation, it was revealed that the passwords were stored on Facebook’s servers as well.


However,  the Facebook-owned company had sent a notification stating that all the data has been deleted and the feature has been updated as soon as they got to know about it.

Meanwhile, Instagram insists that only a “small number of people” have been affected by this security breach, and they have sent notifications to all its users who were affected by this, and those who have not been informed remain unaffected.



E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Malware-Laced Call Recorder App Available on Google Play





A trojan wrapped into inside a Simple Call Recorder app was discovered by an ESET malware researcher Lukas Stefanko. The malware tricks user in downloading an additional app, which appears as a recent Update from Adobe Flash Player.

The security researcher discovered the malicious app on the  Google Play Store on November 30, 2017, till then the app has been installed more than 5,000 times on different devices.

“Simple Call Recorder lasted on the Google Play almost for a year, which is really a long time before being removed, if we consider that the app contained flashplayer_update.apk string inside,” said Stefanko in a post.


The app Simple Call Recorder was published by FreshApps Group, but now it has been removed from the Google Play.

Once the app is installed in the device, it automatically decrypts the additional binary file carried in “assets” and dynamically loads the files, said Stefanko.

 The app is capable of both recording the calls and downloading an additional malicious app.

Stefanko said that “I could not retrieve the app through the link that is hard-coded into the APK. It is likely that the app has already been removed from the server after being available for download for over 11 months, but the server is still live.”

According to Stefanko, he found two other call recording apps on Google Play,  which has the same functionality as of Simple Call Recorder, but they did not contain any kind of malicious code.

Till today,  Stefanko has found more than 50 malicious apps, which has been installed on more than 350,000 times on different platforms with capabilities varying from scooping on WhatsApp messages to sensitive data like browsing history, photos, passwords etc. 


E Hacking News - Latest Hacker News and IT Security News