Friday, May 26, 2017

Millions of Android Phones including latest Versions Vulnerable to Cloak & Dagger attack

Cloak & Dagger attack discovered by security experts from Georgia Institute of Technology, which allows attackers to get complete control over your device.
These attack just require two permission that, in the event that the application is installed from the Play Store, the client does not require to grant permission and even the users are not notified.
Users don’t get notified about this malicious activity, and it will affect all the versions of Android including (including the latest version, Android 7.1.2).
at No comments:

A Malvertiser called “RoughTed” Bypass Ad-blocker and Get Half a Billion visits in 3 Months

A Malvertiser called “RoughTed” Successfully Bypass the Ad-Blockers and Delivery Malicious  Payloads into the visitors Operating Systems and Browsers which is used to visit the “RoughTed” Malvertiser Contain websites.
RoughTed used to Generate a huge amount of traffic by Bypass the Ad-Blockers and it contains many malicious Payloads to inject into visitors host.
RoughTed related domains used to generate half a billion hits and many successful Compromises has been identified within 3 months and Traffic comes from thousands of publishers, some ranked in Alexa’s top 500 websites by Malwarebytes Research Team.
at No comments:

Android Application Penetration Testing Part – 4

As per my last article(Android Application Penetration testing Part 1), (Android Application Penetration testing Part 2), (Android Application Penetration test part-3) we had look on basic architecture and penetration testing tools and ADB. Now let’s see some entry points for android application Penetration testing.
From the perspective of security the manifest file is usually the first thing that a penetration tester will check on an engagement.
Android Manifest File
  • It provides all details about android application
  • It names the java package for the application
  • It declares all permissions
  • It describes android applications components
  • It contains declaration of minimum level of API which application requires
  • minimum Android version required to run the program
  • services
at No comments:

Decryptor tool for BTC ransomware released – Avast

BTC ransomware was distributed using traditional methods embedding the malicious file in the body of the email or sending them directly as an attachment.
It doesn’t use any well-known vulnerabilities to replicate as like we saw with WannaCry and EternalRocks.
This ransomware was distributed through well know file extensions like (.doc,.jpg,.jpeg,.mp4,.PSD,.pfx,.pdf) and so on. Once it infected it will rename the file in following format FileName.Extension.[Email].Ext2.
at No comments:

Trend Micro ServerProtect Contains Multiple Critical Arbitrary Code Execution Vunerabilities including XSS and CSRF

A Trend Micro product ServerProtect for Linux 3.0 Contain 6 Major and very critical vulnerabilities Discovered. ServerProtect Protecting against viruses, rootkits, and data-stealing malware while simplifying and automating security operations on servers and storage systems.
This 6 vulnerabilities allowing  remote code execution as root in the Victims Machine by via Man-in-the-Middle Attack and exploiting vulnerabilities in the Web-based Management Console.
at No comments:

New Burp Suite Version 1.7.23 adds support for 5 new Vulnerabilities

Burp Suite is a graphical tool for testing Web application security. The tool is composed in Java and created by PortSwigger Security.
Burp Scanner is composed by industry-driving penetration testers. Burp Scanner incorporates a full static code investigation engine for the discovery of security vulnerabilities.
Burp’s scanning logic is persistently refreshed with upgrades to guarantee it can locate the most recent vulnerabilities.
at No comments:

Samsung Galaxy iris recognition can be Hacked simply with Owner’s Photo

Security specialists from Chaos Computer Clubs found basic strides to break iris recognition system scanner of the new Samsung Galaxy S8.

Samsung Galaxy S8 system guarantees secure individual client verification by utilizing the unique pattern of the human iris. But from the test directed by CCC demonstrates that this guarantee can’t be kept.

To note the Samsung Galaxy S8 is the first flagship smartphone with iris acknowledgment.They provide a video demonstration with simple steps.The biometric system is manufactured by the organization Princeton Identity Inc.

Read More at GBHackers On Security
at 1 comment:

200 Million Downloaded video players including VLC Player are vulnerable to Malicious subtitles Attack -A Complete Takeover Attack

A new Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by  Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to complete take over to the infected machine.
This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by tricks victims.
Attackers used two Major Attack Vectors to spreading crafting malicious subtitle files into Victims Media Player.
at No comments:

Online Password Bruteforce Attack With THC-Hydra Tool -Tutorial

According to Kali, Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add.
This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
at No comments:

Sunday, May 21, 2017

Bitcoin Price Climbs as high as Ever – History Created

Bitcoin Price Climbs as High as Ever reaches $2000 without precedent for history. The cash’s value ascended as much as 2.62% amid the session according to Coindesk’s BPI.
The cost has shot up by 60 percent in the course of the most recent month and that has pulled in numerous Indians to this digital money.
Bitcoin Value Climbs more than $1000 at the start of 2017 for the first time in last three years. At 09:00, the BPI( Bitstamp Price Index) saw bitcoin reach $1006.32.
at No comments:

Android Application Penetration testing Part 3

With my last article(Android Application Penetration testing Part 1), (Android Application Penetration testing Part 2)we had look on basic architecture and penetration testing tools. Now Let’s dig dipper with ADB

Android Debug Bridge

Android Debug Bridge (adb) is a versatile command-line tool that lets you communicate with a device.
Adb install – It is used to install an apk file into an Emulated/Connected Device
Adb pull – It is used to fetch some data from Emulated device (remote) to local host (local).
Adb push – It is used to push some data from local host (local) to Emulated Device (remote).
at No comments:

Saturday, May 20, 2017

New SMB Network Worm “MicroBotMassiveNet” Using 7 NSA Hacking Tools , Wannacry using only Two

A New Network Worm called “MicroBotMassiveNet” (Nick Name:EternalRocks) Discovered Recently  which is also  Performing in SMB Exploit as Wannacry .“MicroBotMassiveNet” self Replicate with the targeting network and Exploit the SMB Vulnerability.
NSA Hacking tools are the major medium for “MicroBotMassiveNet” (Nick Name:EternalRocks) to Spread and Self Replicate Across the Network by using Remote Exploitation by the Help of 7 NSA Hacking tools which i have mentioned below.
at No comments:

Offline Password Cracking with John the Ripper – Tutorial

John the Ripper is intended to be both elements rich and quick. It combines a few breaking modes in one program and is completely configurable for your specific needs.
John is accessible for several different platforms which empower you to utilize a similar cracker everywhere.John the Ripper Pro includes support for Windows NTLM (MD4-based) and Mac OS X 10.4+ salted SHA-1 hashes.

Extracting hashes From Linux

Every Linux user know that the passwords hashed are stored in /etc/passwd, one can see the file using command root@kali:~# cat /etc/passwd

Extracting hash dumps from Windows machine

Pwdump is a significant simple handy tool to yield the LM and NTLM secret word hashes of local client accounts from the Security Account Manager (SAM).
at No comments:

Friday, May 19, 2017

Penetration Testing Checklist with Android ,windows ,Apple & Blackberry Phones

Here we are going to have a look about some of Common & important  Penetration Testing Checklist for widely used OS Platforms for mobile Devices – Android, Windows, Apple, Blackberry.
we have already posted an article for Deep Checklist of  Android Penetration testing checklist here we will see for other Platforms As well.
Read More at GBHackers On Security
at No comments:

ATM Black box attacks – ATM Jackpotting

Culprits in charge of this new and advanced technique for ATM jackpotting were distinguished in various nations over various timeframes in 2016 and 2017.
The attempts of some of the EU Member States and Norway, upheld by Europol’s European Cybercrime Center (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), finished in the capture of 27 people connected with purported ATM “Discovery” assaults crosswise over Europe.
at No comments:

Thursday, May 18, 2017

Zomato’s Massive Data Breach About 17 Million User Record Stolen and Revealed in Dark web

Zomato Reports a massive Data breach that, 17 Million user records were stolen. Zomato over 120 million active users in worldwide and Zomato offers details of best cities to people’s find food orders and Restaurants.
A Security team from Zomoto Discovered this biggest Data breach and reports to their registered users.
According to the report by Zomato, the Stolen data’s contain information’s such as Registered users USERNAME and  Hashed PASSWORD.
since all the password contains encrypted hash format Zomato believe and report that, there is no way to reversed and Decrypt to plain text.
at No comments:

Joomla! 3.7.1 is released to address a critical SQL Injection Vulnerability

A critical SQL Injection Vulnerability( CVE-2017-8917) with Joomla! 3.7, if you are Joomla user it’s you need to update immediately.
 Joomla! is a content management system (CMS), that allows you to make websites and powerful on-line applications.
A content management system software that keeps track of each piece of content on your internet site, very like your native library keeps track of books and stores them.
The serious advantage of employing a CMS is that it needs virtually no technical ability or information to manage. Since the CMS manages all of your content, you do not ought to.
at No comments:

WordPress 4.7.5 released with patch for Six Major Security Issues Including CSRF & XSS

Most expected WordPress 4.7.5 is now available for update. This security update covers six security issues that exist with WordPress version 4.7.4 including CSRF.

Security Issues addressed

  1. Insufficient redirect validation within the communications protocol category. Reported by Ronni Skansing.
  2. Improper handling of post meta information values within the XML-RPC API. Reported by guided missile Thomas.
at No comments:

A complete Lookback of Historical Wannacry Ransomware Cyber Attack

Wannacry (WannaCrypt,WanaCrypt0r 2.0,Wanna Decryptor), A Computer Malware family called Ransomware that actually target the Microsoft Windows Operating systems  SMB exploit leaked by the Shadow Broker that encrypting data and demanding ransom payments in the cryptocurrency bitcoin
This Ransomware rule spreads by means of spam messages and malicious download links uniquely intended to lock the documents on a PC, until the casualty pays the payment request, more often than not $300-$500 in Bitcoins.
at No comments:

SIEM better visibility for analyst to handle an incident with Event Id

We are in the complex world where attacks are increasing day by day, so today the cyber intelligence depends in siem as a part of infosec (security incident and event management).
Most companies depend on logs and packets to have a better view.. above 90 % of them are working with logs rather than packets. People, process, and technology will be a triangle for security operations.
at No comments:

Sunday, May 14, 2017

Android Application Penetration testing Part 2

With my last article(Android Application Penetration testing Part 1) we had look on basic architecture of the android device. Now Let’s collect some android application Pen-test tools and build a setup for hacking:
There are many tools for an android application penetration test, But which tools are used for which purpose and which details we can extract from it is the most important thing.
We can also use set of all tools built in some framework. They all are available as open source
Appuse, Appie, Santoku, Pentestbox, MobSF etc.
at No comments:

Saturday, May 13, 2017

Wireless Penetration Testing Checklist – A Detailed Cheat sheet

Wireless Penetration testing is the Actively Examine the Process of Information security Measures which  is Placed in Wireless Networks and also analyses the Weakness, technical flows and Critical wireless Vulnerabilities.
Most important counter Measures we should focus on Threat  Assessment,Data theft Detection, security control auditing ,Risk prevention and Detection , information system Management ,Upgrade infrastructure and Detailed report should be prepared.
at 1 comment:

Friday, May 12, 2017

Ransomware Back in Action-JAFF Distributed using malicious PDF documents

Ransomware JAFF Back in action this late April, circulating through malicious PDF files.Necurs, one of the biggest botnets, went disconnected amid the occasion time of 2016 and from May 11, Necurs began spreading another ransomware called JAFF.
Check Point’s global sensors have spotted as many as 40,000 emails in the last few hours, at an infection rate of approximately 10,000 emails sent per hour.
Ransomware is a kind of malware that keeps or cutoff user’s from getting their System, either by locking the system’s screen or by locking the user’s files unless a ransom is paid.     To read more about Ransomware.

at No comments:

Thursday, May 11, 2017

Critical Vulnerability with OnePlus devices allows Remote Exploitation

Security specialists from Alephsecurity found new insignificant vulnerabilities (CVE-2017-5948, CVE-2017-8850, CVE-2017-8851, CVE-2016-10370) on OnePlus One/X/2/3/3T OxygenOS and HydrogenOS.
They vulnerabilities influence with the most recent versions (4.1.3/3.0) and beneath.
With these vulnerabilities attackers can achieve a MitM attack and get included in OTA(update process), by doing this they can downgrade the OS and even they can replace OxygenOS with HydrogenOS, without a factory reset.
This vulnerability reported to OnePlus Security on January 26/2017, by Roee Hay from Aleph Research.
at No comments:

Wednesday, May 10, 2017

New Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware Attacks

A new Android vulnerability discovered in Android’s security Mechanism which leads to several android permission based attacks during run-time including ransomware, banking malware and adware.
According to the Google Policy  gives extensive permissions to apps installed directly from Google Play,this flow  consists of several groups of permissions, with permissions considered as “dangerous” granted only during run-time which introduced for Android version 6.0.0, “Marshmallow”
According to Check Point Researchers ,it means first time an app tries to access a “dangerous” resource, the user is required to approve the necessary permission.
at No comments:

Monday, May 8, 2017

Android Application Penetration Testing – Part 1

After web applications more concern area is mobile application penetration test Let’s start with some basics.
For hardware we always required drivers as software so that those hardware can smoothly work. We choose Linux kernel because it has Security features like
  • A user-based permissions model
  • Process isolation
  • Extensible mechanism for secure IPC
  • The ability to remove unnecessary and potentially insecure parts of the kernel
Hardware Abstraction Layer just gives Applications direct access to the Hardware resources.
Bluetooth, audio, radio are examples.

Read More at GBHackers On Security

at No comments:

Saturday, May 6, 2017

Exploitation Framework for Embedded devices – RouterSploit

The RouterSploit Framework is an open-source exploitation framework devoted to embedded devices. It includes various modules that aid penetration testing operations:
  • exploits – modules that take advantage of identified vulnerabilities
  • creds – modules designed to test credentials against network services
  • scanners – modules that check if a target is vulnerable to any exploit

Requirements

  • gnureadline (OSX only)
  • requests
  • paramiko
  • beautifulsoup4
  • pysnmp
It is a critical vulnerability which allows an attacker to take remote control of a router connected to the Internet and it can be fixed only by hardware vendors.
root@kali:~# routersploitrsf (Misfortune Cookie) > show options
at No comments:

Friday, May 5, 2017

A Botnet called “Bondnet” Compromised Thousands of Windows servers and Perform DDOS used to Mines for Cryptocurrencies

A Botnet called “Bondnet” compromised more than 15,000 machine including Thousands of  Windows servers and control all its Activities Remotely and recent Discover stats that “Bondnet” Suspect for mine different cryptocurrencies.
Bondnet Botnet performance seems highly sophisticated  and  everyday more than 2000 Compromised Machines which equals to 12,000 cores reports to Bondnet Command & Control Server (C&C Server) and performing DDOS Attack.
This Botnet Attack victim machines by using different type of public exploits and installs a Windows Management Interface (WMI) Trojan  communicates with a Command and Control (C&C) server under the name of Bond007.01 operation.
at No comments:

Analyzing embedded files and executable code with Frimware Images – Binwalk

Binwalk is a device for looking a given binary image for embedded documents and executable code. Specifically, it’s far designed for figuring out files and code embedded inner of firmware images.
Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility.
  • Author: Craig Heffner
  • License: MIT
Binwalk additionally consists of a custom magic signature report which contains progressed signatures for documents which are typically found in firmware photos including compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, and so forth.
at No comments:

Malware Tricks to Avoid Detection by using Big Junk Data and Activates a Backdoor

A New technique used by Malware authors by Creating More unwanted junk file embedded with Malicious payload which leads to Avoid Detection by AV. Those unwanted Garbage files contains more than 100 MB junk files.
According to the Researchers from Kaspersky ,attacker has been using the XXMM malware toolkit and this sample has a very big overlay of junk data and 20 other similar samples are collected by YARA Rules.
This Malware identified as a Trojan loader which leads to Open a Backdoor in Victim Machine and the Backdoor name is Discovered as a “wali”
at No comments:

Monday, May 1, 2017

Biggest Bitcoin Wallet Hack in History, Around US$5 Million Worth Bitcoin Currency Stolen

Four Bitcoin Hot-Wallets of South Koren  Bitcoin exchange Firm Yapizon Hacked and Stolen Around “3816.2028 Bitcoin” ( Nearly 5 Million USD) and its makes Massive Impact for Yapizon which is  36.594% of Total Users Founds.
According to the Report from Yapizon (Transulate) This Massive Hacking Attempted at On Saturday, April 22, 2017, a hacker attack between 02:00 and 03:00.
Since its a Biggest Attack, Yapizon  trying to Recover and Measures the Attack which is Lost by the Members from the Company and Planing to repurchase the revenues and ultimately make the loss of the members 0%.
at No comments:
Subscribe to: Posts (Atom)