Blog

Information Security Blog | Cyber Security Blog
Read More
“WikiLeaks” 11,000 Private messages on Twitter is Exposed Online by an Activist - 4.5 out of 5 based on 2 reviews

                                                              

WikiLeaks is a multi-national organisation and associated library, possibly the most opaque transparent organisation founded by Julian Assange.
It is well-known for publishing leaked secrets on it’s website.

 

Emma best, An activist published 11,000 WikiLeaks Twitter DM’s from a Twitter Group chat between the WikiLeaks and it’s close supporters.

Read More
WannaCry Analysis - 4.9 out of 5 based on 8 reviews

Ransomware is a malware that encrypts contents on infected systems and demands payment in bitcoins.

How is it Spreading? 

  1. WannaCry / WannaCrypt encrypts the files on infected Windows systems.
  2. There are two key components – a worm and a ransomware package
  3. It spreads laterally between computers on the same LAN by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems.
  4. It also spreads through malicious email attachments.
  5. This exploit is named as ETERNALBLUE.
  6. Initial ransom was of $300 USD but the group is increasing the ransom demands upto $600 in Bitcoin.
Read More

There's some potentially bad news for a lot of Oracle customers surfacing today, as it seems the company has fallen victim to a data breach. According to KrebsOnSecurity, the breach affected Oracle's MICROS division, which provides point-of-sale systems and support for many businesses around the world. In fact, the number of locations using MICROS around the world comes in at more than 330,000, spread across 180 different countries.


That makes MICROS one of the most used point-of-sale systems in the world. According to the KrebsOnSecurity report, the breach was considered to be small-scale at first, with anonymous sources claiming that what likely occurred was a single system became infected by malware before spreading that infection to other systems on Oracle's network.

Though Oracle is said to still be investigating the scale of the attack, here's the kicker about this report: a pair of unnamed sources told KrebsOnSecurity that the MICROS customer support portal was seen communicating with a server belonging to the Russain Carbanak Gang, which allegedly has a long and storied history with stealing money through attacks like these.

When discussing the systems that eventually became infected, Krebs' sources mentioned the ticketing system Oracle uses to help MICROS customers troubleshoot problems. These sources also claim that the hackers placed malicious code on the support portal itself, potentially making off with client usernames and passwords.

None of that has been confirmed yet, but Krebs said that Oracle didn't comment on the rumors directly, and we found the same when we got in touch with the company.

Read More

On 6th august, 25 years ago the world’s first website went live to the public. The site, created by Sir Tim Berners-Lee, was a basic text page with hyperlinked words that connected to other pages.

Berners-Lee used the public launch to outline his plan for the service, which would come to dominate life in the twenty-first century.

Berners-Lee wanted the World Wide Web to be a place where people could share information across the world through documents and links navigated with a simple search function.

Wow. I’ve been doing a podcast for more than 22 years. I didn’t realize I had started so soon after the web went online.

 

Read More
Joomla anti-hacking tips - 5.0 out of 5 based on 1 review

Most Joomla attacks are a result of plugin/components vulnerabilities, weak passwords, and obsolete software. Perhaps the biggest disadvantage of every OpenSource CMS is that anyone can download the full source code; this makes it easy for an attacker to determine if your site is running Joomla!, and often he will know the weak points of each version, sometimes even better than you do.


Let this motivate you: we see between 100 – 1,000 unauthorized login attempts every single day at the sites we host (Documentation, Magazine and the main Gavick.com). The vast majority of these are hackers using brute force techniques to get into websites. That’s why you should be ready; so take some precautions to minimize the risk of your website getting broken into.

A classic example of weak security is continuing to use the word ‘admin’ as a user name – this is the default super administration account that’s created when you first install Joomla! – along with a password that brute-force attempts are likely to succeed in guessing. So don’t waste time anymore and rename ‘admin’ account with a different name and ensure it has a strong password.
Ensure that you have installed the latest versions of both the Joomla core itself and any third-party extensions.
You can use Akeeba CMS Update tool – which allows you define specific Super User accounts to be emailed when an update is available, Automatic updates and gives automatically backup your site before updating Joomla.
Outdated versions of the Joomla extension may contain a very serious security vulnerability that allows a hacker to upload files to a website. Exploitation of this vulnerability has been a common cause of the hackings among the hacked Joomla websites. Even if your Joomla doesn’t show if new version is available regularly check on developer page.
Turn on Search Engine Friendly URLs – this will hide typical Joomla URLs.
Disable New User Registration in User Manager – if you don’t need new users added from front-end.

Read More
Your smartphone battery status is enough to trace you - 5.0 out of 5 based on 1 review

Smartphone users are being warned after new research has discovered an alarming new security flaw that is being used to monitor online activity.

According to the research, the battery level of your smartphone is being used to monitor which websites you visit.

The study carried out by Princeton University explains how the smartphone battery status is being used to track your every move online.

The research looks at the smartphone battery status API, which is present in all the leading web browsers including Chrome, Opera and Firefox.

The API or (application programming interface) was introduced with HTML5 and is designed to inform websites on different battery levels and performance in order to serve up lower power versions of the site when required.

When it was first introduced back in 2015, concerns were raised that the battery life of users could be used to track them online.

By looking at a combination of battery life as a percentage and the amount of battery loss in seconds and then cross referencing this data with other online identifiers, sites could potentially pinpoint specific devices.

Say for example a user opened their local animal charity website on Firefox and then opened an animal hunting website using Google Chrome through a totally separate connection using a VPN, the two connections should be almost impossible to link with one another.

However, according to the research something like an advert that loaded on both websites would be able to tell that the two connections were linked from the same devil

The research from Princeton University found that tracking scripts used in the battery status API actually “fingerprints” a device allowing it to be continuously identified across a variety of different sites.

The research was highlighted earlier this week by Lukasz Olejnik who posted about it on his blog. Lukasz was one of the researchers who raised concerns about the smartphone battery status API in 2015.

“Some companies may be analysing the possibility of monetising the access to battery levels,” said Lukasz .

“When battery is running low, people might be prone to some – otherwise different – decisions. In such circumstances, users will agree to pay more for a service.”

Read More

US Democratic presidential candidate Hillary Clinton says Russian intelligence services hacked into Democratic National Committee computers and she has accused Republican contender Donald Trump of showing support for Russian President Vladimir Putin.

"We know that Russian intelligence services hacked into the DNC and we know that they arranged for a lot of those emails to be released, and we know that Donald Trump has shown a very troubling willingness to back-up Putin, to support Putin," Mrs Clinton said in an interview with Fox News on Sunday.

The United States has not publicly accused Russia of being behind the hack of Democratic Party computers.

Cyber security experts and US officials, however, said they believed Russia engineered the release of the emails to influence the November 8 US presidential election.

Asked if she believed Mr Putin wanted Mr Trump to win the White House, Mrs Clinton said she was not going to jump to that conclusion.

"But I think laying out the facts raises serious issues about Russian interference in our elections, in our democracy," Mrs Clinton said.

The US would not tolerate that from any other country, especially one considered an adversary, she said.

"For Trump to both encourage that and to praise Putin despite what appears to be a deliberate effort to try to affect the election I think raises national security issues," she said.

The New York businessman has praised Mr Putin, saying he was a stronger leader than US President Barack Obama, a Democrat.

Read More

Facebook Inc.’s 38 million reais (approx. $11.6 million) of funds have been frozen by Brazilian federal prosecutors following a conflict over access to WhatsApp messages, according to a report published by the Wall Street Journal on Thursday.

Brazilian prosecutors blocked the funds after the social network giant declined to follow a court verdict to deliver information contained in certain user’s WhatsApp messages. Facebook hasn’t responded to the news so far.

Prosecutors said that the 38 million reais relates to one million reais for each day since the company’s noncompliance with a court order to hand over WhatsApp messages associated to a criminal inquiry.

A couple of weeks ago, a Brazilian judge terminated WhatsApp service in Brazil when a similar request for collaboration was refused. However, service was restored the same after a lower court’s verdict was overturned by Brazil’s Supreme Court.

It wasn’t the first time that local judges, having considerable power in the country, had shut down WhatsApp service in Brazil. Though, each time service was rapidly restored. Whenever the service is blocked, it leaves millions of people without access to the most famous app in Brazil, as over half of the country’s population is estimated to use WhatsApp and most of them solely rely on it for communicating with friends and family.

Facebook argues that WhatsApp does not store users’ messages and, therefore, it cannot offer what it doesn’t have.

Earlier this year, Brazilian federal police temporarily detained Diego Dzodan, who is vice president Facebook’s Latin America operations, for purportedly not fulfilling police requests for giving access to WhatsApp messages associated to a drug-trafficking and organized-crime case. At that time, Facebook condemned the arrest and claimed that the executive had no relation to the inquiry.

Read More

SMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past.

Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection.

For example, if you have 2FA enabled on Gmail, the platform will send a six-digit passcode to your mobile phone every time you sign in to your account.


But, the US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns.

Here's what the relevant paragraph of the latest DAG draft reads:
"If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
Due to rise in data breaches, two-factor authentication has become a standard practice these days. Many services are offering SMS-based 2FA to its consumers, just to ensure that hackers would need both their passwords and mobile phone in order to hack their accounts.

However, NIST argues that SMS-based two-factor authentication is an insecure process because it's too easy for anyone to obtain a phone and the website operator has no way to verify whether the person who receives the 2FA code is even the correct recipient.

In fact, SMS-based two-factor authentication is also vulnerable to hijacking, if the individual uses a voice-over-internet protocol (VoIP) service, which provides phone call service via a broadband internet connection instead of a traditional network.

Since some VoIP services allow the hijacking of SMS messages, hackers could still gain access to your accounts protected with SMS-based two-factor authentication.

Read More

DDoS attacks increased 83 percent to more than 182,900 attacks in the second quarter of the year, according to Nexusguard.

The newest report shows that Russia has become the No. 1 victim country. Starlink – a Russian ISP supporting small, medium and large enterprises – received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter.

Nexusguard’s researchers attributed this increase to nationalist hacktivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity.

“We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” said Terrence Gareau, chief scientist at Nexusguard.