му TBits-iи

Facebook admits public data of its 2.2 billion users has been compromised

noreply@blogger.com (T-W-S) — Fri, 06 Apr 2018 19:38:00 +0000

Facebook admits public data of its 2.2 billion users has been compromised

Facebook dropped another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious third-party scrapers have compromised their public profile information.

On Wednesday, Facebook CEO Mark Zuckerberg revealed that "malicious actors" took advantage of "Search" tools on its platform to discover the identities and collect information on most of its 2 billion users worldwide.

The revelation once again underlines the failure of the social-media giant to protect users’ privacy while generating billions of dollars in revenue from the same information.

The revelation came weeks after the disclosure of the Cambridge Analytica scandal, wherein personal data of 77 million users was improperly gathered and misused by the political consultancy firm, who reportedly also helped Donald Trump win the US presidency in 2016.

However, the latest scam revealed by the social media giant about the abuse of Facebook's search tools over the course of several years impacts almost all of its 2.2 billion users, making it the worst year for the world's largest social network.

"It is clear now that we didn't do enough, we didn't focus enough on preventing abuse," Zuckerberg told press reporters. "We didn't take a broad enough view of what our responsibility is, and that was a huge mistake."

The company said it had disabled the feature—which allows anyone to look up users by entering phone numbers or email addresses into Facebook's search tool—in its site's search function that enabled malicious actors to scrape public profile information.

Here's How Scrapped Data Could Have Helped Cybercriminals

As mentioned above, the source of this scam was Facebook's search function, which was turned on by default. Hackers took help of "Dark Web," where criminals post personal information of users stolen from data breaches over the years, to collect.

Once they had their hands on email addresses and phone numbers, the hackers then used automated computer programs to feed the email addresses and phone numbers into Facebook’s "search" box.

This scan allowed them to find out the full names of people associated with the email addresses or phone numbers, along with the Facebook profile information they chose to make public, which often includes names, profile photos, and hometown.

This collected information was then more likely to be used by cybercriminals to target particular individual using social engineering or other cyber attacks.

"Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name," Facebook Chief Technology Officer Mike Schroepfer said in a blog post describing changes the company has made to its service to protect its users’ data better.

"However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way."

While apologizing "second time" to its users, Zuckerberg said this feature has immediately been turned off, noting that the scraped profile information was only limited to what was publically viewable.

However, Zuckerberg defended gathering users' data for a business model, arguing "People tell us that if they’re going to see ads, they want the ads to be good."

"On the one hand, people want relevant experiences, and on the other hand there is some discomfort about how data is used," Zuck added. "I think the overwhelming feedback is for wanting a good experience."

Also, it was initially reported that Cambridge Analytica quiz app gathered data on some 50 million Facebook users, but Facebook revised that number upward by 74 percent, i.e., over 77 million.

In an effort to protect its users private data, Facebook is now restricting third-party apps from accessing users’ information about their relationship status, religious or political views, work history, education, habits, interest, video watching, and games—basically almost every information data brokers and businesses collect to build profiles of their customers' tastes.

The company is all set to roll out a new feature on Monday that will inform users who were affected by the Cambridge Analytica data leak.

Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

noreply@blogger.com (T-W-S) — Fri, 06 Apr 2018 18:56:00 +0000

Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars.

Last year, we saw some major ransomware outbreaks, including WannaCry and NotPetya, which wreaked havoc across the world, hitting hundreds of thousands of computers and business networks worldwide.

From small to mid-range businesses, Microsoft Office 365 remains the most widely used and fastest-growing work office suite, so it's no surprise that it has become a primary target for viruses, ransomware, and phishing scams.

In fact, most strains of ransomware target Microsoft productivity apps such as Word, Excel and encrypt sensitive data to hold the company hostage until the ransom is paid.

Now, to combat such cyber attacks, Microsoft has announced some new security features for Office 365 that can help users mitigate the damage done by ransomware and other malware infections.

The new features were initially introduced for OneDrive for Business, but that the company is now rolling them out to anyone who has signed up for an Office 365 Home or Personal subscription, Microsoft Office blogsays.

Here below I have briefed the list of new features:

File Recovery and Anti-Ransomware

Files Restore—Microsoft Office 365 now allows users to restore entire OneDrive to a previous point in time within the last 30 days. This feature can be used to recover files from an accidental mass delete, file corruption, ransomware, or any catastrophic event.

Ransomware detection & recovery—Office 365 had also introduced a new security feature that detects ransomware attacks and alerts you through an email, mobile, or desktop notification while helping you restore your OneDrive to a point before the malware compromised files.

Security and Privacy Features

Office 365 has added three new features to help keep your confidential or personal data (such as tax documents, family budgets, or a new business proposal) secure and private when sharing them online.

Password protected sharing links—This feature allows you to set a password for your shared file and folders, preventing unauthorized access even if your recipient accidentally forwards protected documents to others.

Email encryption—This feature allows users to send/receive end-to-end encrypted emails in Outlook over a secure connection, providing additional protection to minimize the threat of being intercepted.

Prevent forwarding—Microsoft now enables you to restrict your email recipients from forwarding or copying emails you send to them from Outlook. Besides this, any MS Office document attached to your emails will remain encrypted even after downloading, so if the recipient shares your attachment with others, they will not be able to open it.

Advanced Protection from Viruses and Cybercrime

Advanced link checking in Word, Excel, and PowerPoint—Office 365 also offers built-in real-time web protection, which monitors every link you click in Word, Excel, and PowerPoint and notifies you if it is suspicious.

File Recovery and Anti-Ransomware features began rolling out starting today and will be available to all Office 365 users soon, while features to help keep your information secure and private (including password protected sharing links, email encryption, and prevent forwarding) will start rolling out in the coming weeks.

Advanced link checking and advanced attachment scanning are already available in MS Outlook that protects you from previously unseen viruses and phishing scams in real-time. However, advanced link checking in Word, Excel, and PowerPoint will roll out in the second half of 2018.

Finland's 3rd Largest Data Breach Exposes 130,000 Users' Plaintext Passwords

noreply@blogger.com (T-W-S) — Fri, 06 Apr 2018 18:53:00 +0000

Finland's 3rd Largest Data Breach Exposes 130,000 Users' Plaintext Passwords

Over 130,000 Finnish citizens have had their credentials compromised in what appears to be third largest data breach ever faced by the country, local media reports.

Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus"), a company that provides business advice to entrepreneurs and help them create right business plans.

Unknown attackers managed to hack the website (http://liiketoimintasuunnitelma.com) and stole over 130,000 users’ login usernames and passwords, which were stored on the site in plain-text without using any cryptographic hash.

Right after knowing of the breach on 3rd April, the company took down the affected website, which is currently showing "under maintenance" notice with a press release about the incident on its homepage.

"We are very sorry for all the people who have been subjected to crime and who may be affected by mental or financial disadvantages. Unfortunately, we are not yet able to know exactly how many people are and what information this information breaks. We have filed an offense report, and the parties do not need to report to the police separately," says Jarmo Hyökyvaara, Chairman of the Board of the New Business Center of Helsinki.

"The maintenance and security of our service was the responsibility of our subcontractor, our long-term partner. Unfortunately, the security of the service has not been enough to prevent this kind of attack. This is, in part, our mistake, and as a subscriber and owner of the service we are responsible for this."

The company also ensures that the detailed information of its customers was stored on a different system, which was not affected by the data breach.

The incident has been reported to the Helsinki police, who is currently investigating the case as a gross fraud.

As soon as the website returns, users who have an account with the affected website are strongly recommended to change their passwords.

Since the plain-text passwords have been exposed to hackers, it would be a great idea for users to change their passwords for any other website, in case they are using identical to the one used on this website.

Ex-Hacker Adrian Lamo Dies at Age 37 - Mr. R3x

noreply@blogger.com (T-W-S) — Tue, 20 Mar 2018 23:14:00 +0000

Ex-Hacker Adrian Lamo Dies at Age 37

Adrian Lamo, the hacker who tipped off the FBI about Wikileaks whistleblower Chelsea Manning, dies at the age of 37, according to a Facebook post by his father Mario Lamo-Jiménez.

"With great sadness and a broken heart I have to let know all of Adrian's friends and acquaintances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son..." he posted.

At this moment the cause of death is unknown, though reportedly Adrian was diagnosed with Asperger Syndrome in July 2010 and briefly hospitalized.

Adrian was a former hacker, threat analyst, and writer, who had previously been behind several high-profile security breaches but gained headlines after breaking into The New York Times computer systems in 2002.

Adrian was given the appellation "Homeless Hacker" by the media because once when he was unemployed he wandered the country by Greyhound bus and hacked corporations from inside abandoned buildings.

He spent almost six months on home detention and studied journalism before becoming a threat analyst.

When former US Army intelligence analyst Chelsea Manning (then Bradley Manning) read about his hacking profile in Wired magazine, Manning contacted him, and the pair started exchanging messages online.

Manning found Adrian a "kindred spirit" and told him about his role as an informer for WikiLeaks and how he leaked the most controversial combat video footage of a helicopter shooting unarmed Iraqi civilians and 260,000 classified diplomatic cables to the whistleblowing website.

However, Adrian then decided to report him and informed the US military of the breach. In an interview with the Guardian in 2013, Adrian defended his decision to turn Chelsea over to the FBI and said:

"There were no right choices that day, only less wrong ones. It was cold, it was needful, and it was no one's to make except mine. I couldn't just do anything, knowing lives were in danger, it's classified information, and when you play Russian roulette, how do you know there's not a bullet in the next chamber?"

"Choosing to interdict a man's freedom knowing it could mean his life, is something that's easy to judge but can only really be understood by living it."

Manning was arrested in May 2010 and sentenced to 35 years in prison for leaking classified documents, though her sentence was later reduced by President Barack Obama, and she was set free last year.

Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files - Mr. R3x

noreply@blogger.com (T-W-S) — Tue, 20 Mar 2018 22:34:00 +0000

Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files

You have always been warned not to share remote access to your computer with untrusted people for any reason—it's a basic cybersecurity advice, and common sense, right?

But what if, I say you should not even trust anyone who invites or offer you full remote access to their computers.

A critical vulnerability has been discovered in Microsoft's Windows Remote Assistance (Quick Assist) feature that affects all versions of Windows to date, including Windows 10, 8.1, RT 8.1, and 7, and allows remote attackers to steal sensitive files on the targeted machine.

Windows Remote Assistance is a built-in tool that allows someone you trust to take over your PC (or you to take remote control of others) so they can help you fix a problem from anywhere around the world.

The feature relies on the Remote Desktop Protocol (RDP) to establish a secure connection with the person in need.

However, Nabeel Ahmed of Trend Micro Zero Day Initiative discovered and reported an information disclosure vulnerability (CVE-2018-0878) in Windows Remote Assistance that could allow attackers to obtain information to further compromise the victim's system.

The vulnerability, which has been fixed by the company in this month's patch Tuesday, resides in the way Windows Remote Assistance processes XML External Entities (XXE).

The vulnerability affects Microsoft Windows Server 2016, Windows Server 2012 and R2, Windows Server 2008 SP2 and R2 SP1, Windows 10 (both 32- and 64-bit), Windows 8.1 (both 32- and 64-bit) and RT 8.1, and Windows 7 (both 32- and 64-bit).

Exploiting Windows Remote Assistance to Steal Files

Since a security patch for this vulnerability is now available, the researcher has finally released technical details and proof-of-concept exploit code for the flaw to the public.

In order to exploit this flaw, which resides in MSXML3 parser, the hacker needs to use "Out-of-Band Data Retrieval" attack technique by offering the victim access to his/her computer via Windows Remote Assistance.

While setting up Windows Remote Assistance, the feature gives you two options—Invite someone to help you and Respond to someone who needs help.

Selecting the first option helps users generate an invitation file, i.e. 'invitation.msrcincident,' which contains XML data with a lot of parameters and values required for authentication.

Since the parser does not properly validate the content, the attacker can simply send a specially crafted Remote Assistance invitation file containing a malicious payload to the victim, tricking the targeted computer to submit the content of specific files from known locations to a remote server controlled by the attackers.

"The stolen information could be submitted as part of the URL in HTTP request(s) to the attacker. In all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action," Microsoft explains.

"This XXE vulnerability can be genuinely used in mass scale phishing attacks targeting individuals believing they are truly helping another individual with an IT problem. Totally unaware that the .msrcincident invitation file could potentially result in loss of sensitive information," Ahmed warns.

Among patching other critical vulnerabilities fixed this month, Windows users are highly recommended to install the latest update for Windows Remote Assistance as soon as possible.

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

noreply@blogger.com (T-W-S) — Fri, 12 Jan 2018 12:09:00 +0000

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products.

The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years.

What are Spectre and Meltdown?

We have explained both, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article.

In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information.

Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running on a device, allowing attackers to steal passwords, login keys, and other valuable information.

Protect Against Meltdown and Spectre CPU Flaws

Some, including US-CERT, have suggested the only true patch for these issues is for chips to be replaced, but this solution seems to be impractical for the general user and most companies.

Vendors have made significant progress in rolling out fixes and firmware updates. While the Meltdown flaw has already been patched by most companies like Microsoft, Apple and Google, Spectre is not easy to patch and will haunt people for quite some time.

Here's the list of available patches from major tech manufacturers:

Windows OS (7/8/10) and Microsoft Edge/IE

Microsoft has already released an out-of-band security update (KB4056892) for Windows 10 to address the Meltdown issue and will be releasing patches for Windows 7 and Windows 8 on January 9th.

But if you are running a third-party antivirus software then it is possible your system won’t install patches automatically. So, if you are having trouble installing the automatic security update, turn off your antivirus and use Windows Defender or Microsoft Security Essentials.

"The compatibility issue is caused when antivirus applications make unsupported calls into Windows kernel memory," Microsoft noted in a blog post. "These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot."

Apple macOS, iOS, tvOS, and Safari Browser

Apple noted in its advisory, "All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time."

To help defend against the Meltdown attacks, Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2, has planned to release mitigations in Safari to help defend against Spectre in the coming days.

Android OS

Android users running the most recent version of the mobile operating system released on January 5 as part of the Android January security patch update are protected, according to Google.

So, if you own a Google-branded phone, like Nexus or Pixel, your phone will either automatically download the update, or you'll simply need to install it. However, other Android users have to wait for their device manufacturers to release a compatible security update.

The tech giant also noted that it's unaware of any successful exploitation of either Meltdown or Spectre on ARM-based Android devices.

Firefox Web Browser

Mozilla has released Firefox version 57.0.4 which includes mitigations for both Meltdown and Spectre timing attacks. So users are advised to update their installations as soon as possible.

"Since this new class of attacks involves measuring precise time intervals, as a partial, short-term mitigation we are disabling or reducing the precision of several time sources in Firefox," Mozilla software engineer Luke Wagner wrote in a blog post.

Google Chrome Web Browser

Google has scheduled the patches for Meltdown and Spectre exploits on January 23 with the release of Chrome 64, which will include mitigations to protect your desktop and smartphone from web-based attacks.

In the meantime, users can enable an experimental feature called "Site Isolation" that can offer some protection against the web-based exploits but might also cause performance problems.

"Site Isolation makes it harder for untrusted websites to access or steal information from your accounts on other websites. Websites typically cannot access each other's data inside the browser, thanks to code that enforces the Same Origin Policy." Google says.

Here's how to turn on Site Isolation:

Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
Look for Strict Site Isolation, then click the box labelled Enable.
Once done, hit Relaunch Now to relaunch your Chrome browser.

Linux Distributions

The Linux kernel developers have also released patches for the Linux kernel with releases including versions 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97, which can be downloaded from Kernel.org.

VMware and Citrix

A global leader in cloud computing and virtualisation, VMware, has also released a list of its products affected by the two attacks and security updates for its ESXi, Workstation and Fusion products to patch against Meltdown attacks.

On the other hand, another popular cloud computing and virtualisation vendor Citrix did not release any security patches to address the issue. Instead, the company guided its customers and recommended them to check for any update on relevant third-party software.

WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

noreply@blogger.com (T-W-S) — Fri, 12 Jan 2018 12:02:00 +0000

WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps.

Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services.

The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service.

In order words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean.

However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system.

Researchers from Ruhr-Universität Bochum (RUB) in Germany found that anyone who controls WhatsApp/Signal servers can covertly add new members to any private group, allowing them to spy on group conversations, even without the permission of the administrator.

As described by the researchers, in the pairwise communication (when only two users communicate with each other) server plays a limited role, but in case of multi-user chats (group chat where encrypted messages are broadcasted to many users), the role of servers increases to manage the entire process.

That's where the issue resides, i.e. trusting the company's servers to manage group members (who eventually have full access to the group conversation) and their actions.

As explained in the newly published RUB paper, titled "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," since both Signal and WhatsApp fail to properly authenticate that who is adding a new member to the group, it is possible for an unauthorized person—not a group administrator or even a member of the group—to add someone to the group chat.

What's more? If you are wondering that adding a new member to the group will show a visual notification to other members, it is not the case.

According to the researchers, a compromised admin or rogue employee with access to the server could manipulate (or block) the group management messages that are supposed to alert group members of a new member.

"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group, however, leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group," the paper reads.

"Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally, the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces."

WhatsApp has acknowledged the issue, but argued that if any new member is added to a group, let's say by anyone, other group members will get notified for sure.

"We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user," a WhatsApp spokesperson told Wired.

"The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."

But if you are not part of a group with very selected members, I'm sure many of you would relatively ignore such notifications easily.

Researchers also advised companies to fix the issue just by adding an authentication mechanism to make sure that the "signed" group management messages come from the group administrator only.

However, this attack is not easy (exception—services under legal pressure) to execute, so users should not be worried about it.

Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

noreply@blogger.com (T-W-S) — Fri, 12 Jan 2018 12:00:00 +0000

Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues.

Disclosed today by Google Project Zero, the vulnerabilities potentially impact all major CPUs, including those from AMD, ARM, and Intel—threatening almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system.

These hardware vulnerabilities have been categorized into two attacks, named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could allow attackers to steal sensitive data which is currently processed on the computer.

Both attacks take advantage of a feature in chips known as "speculative execution," a technique used by most modern CPUs to optimize performance.

"In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions," Project Zero says.

Therefore, it is possible for such speculative execution to have "side effects which are not restored when the CPU state is unwound and can lead to information disclosure," which can be accessed using side-channel attacks.

Meltdown Attack

The first issue, Meltdown (paper), allows attackers to read not only kernel memory but also the entire physical memory of the target machines, and therefore all secrets of other programs and the operating system.

“Meltdown is a related microarchitectural attack which exploits out-of-order execution in order to leak the target’s physical memory.”

Meltdown uses speculative execution to break the isolation between user applications and the operating system, allowing any application to access all system memory, including memory allocated for the kernel.

“Meltdown exploits a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection.”

Nearly all desktop, laptop, and cloud computers affected by Meltdown.

Spectre Attack

The second problem, Spectre (paper), is not easy to patch and will haunt people for quite some time since this issue requires changes to processor architecture in order to fully mitigate.

Spectre attack breaks the isolation between different applications, allowing the attacker-controlled program to trick error-free programs into leaking their secrets by forcing them into accessing arbitrary portions of its memory, which can then be read through a side channel.

Spectre attacks can be used to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

“In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.” the paper explains.

“KAISER patch, which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.”

According to researchers, this vulnerability impacts almost every system, including desktops, laptops, cloud servers, as well as smartphones—powered by Intel, AMD, and ARM chips.

What You Should Do: Mitigations And Patches

Many vendors have security patches available for one or both of these attacks.

Windows — Microsoft has issued an out-of-band patch update for Windows 10, while other versions of Windows will be patched on the traditional Patch Tuesday on January 9, 2018
MacOS — Apple had already fixed most of these security holes in macOS High Sierra 10.13.2 last month, but MacOS 10.13.3 will enhance or complete these mitigations.
Linux — Linux kernel developers have also released patches by implementing kernel page-table isolation (KPTI) to move the kernel into an entirely separate address space.
Android — Google has released security patches for Pixel/Nexus users as part of the Android January security patch update. Other users have to wait for their device manufacturers to release a compatible security update.

Mitigations for Chrome Users

Since this exploit can be executed through the website, Chrome users can turn on Site Isolation feature on their devices to mitigate these flaws.

Here's how to turn Site Isolation on Windows, Mac, Linux, Chrome OS or Android:

Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
Look for Strict Site Isolation, then click the box labeled Enable.
Once done, hit Relaunch Now to relaunch your Chrome browser.

There is no single fix for both the attacks since each requires protection independently.

Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day

noreply@blogger.com (T-W-S) — Fri, 12 Jan 2018 11:54:00 +0000

Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day

If you think that only CPU updates that address this year's major security flaws—Meltdown and Spectre—are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to.

Microsoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been actively exploited by several threat groups in the wild.

Sixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework.

The zero-day vulnerability (CVE-2018-0802), described by Microsoft as a memory corruption flaw in Office, is already being targeted in the wild by several threat actor groups in the past few months.

The vulnerability, discovered by several researchers from Chinese companies Tencent and Qihoo 360, ACROS Security's 0Patch Team, and Check Point Software Technologies, can be exploited for remote code execution by tricking a targeted user into opening a specially crafted malicious Word file in MS Office or WordPad.

According to the company, this security flaw is related to CVE-2017-11882—a 17-year-old vulnerability in the Equation Editor functionality (EQNEDT32.EXE), which Microsoft addressed in November.

When researchers at 0Patch were analysing CVE-2017-11882, they discovered a new, related vulnerability (CVE-2018-0802). More details of CVE-2018-0802 can be found in a blog post published by Check Point.

Besides CVE-2018-0802, the company has addressed nine more remote code execution and memory disclosure vulnerabilities in MS Office.

A spoofing vulnerability (CVE-2018-0819) in Microsoft Outlook for MAC, which has been listed as publicly disclosed (Mailsploit attack), has also addressed by the company. The vulnerability does not allow some versions Outlook for Mac to handle the encoding and display of email addresses properly, causing antivirus or anti-spam scanning not to work as intended.

Microsoft also addressed a certificate validation bypass vulnerability (CVE-2018-0786) in .NET Framework (and .NET Core) that could allow malware authors to show their invalid certificates as valid.

"An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose," describes Microsoft. "This action disregards the Enhanced Key Usage taggings."

The company has also patched a total of 15 vulnerabilities in the scripting engine used by Microsoft Edge and Internet Explorer.

All these flaws could be exploited for remote code execution by tricking a targeted user into opening a specially-crafted webpage that triggers a memory corruption error, though none of these has been exploited in the wild yet.

Meanwhile, Adobe has patched a single, out of bounds read flaw (CVE-2018-4871) this month that could allow for information disclosure, though no active exploits have been seen in the wild.

Users are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

8 More Chrome Extensions Hijacked to Target 4.8 Million Users

noreply@blogger.com (T-W-S) — Thu, 17 Aug 2017 17:45:00 +0000

8 More Chrome Extensions Hijacked to Target 4.8 Million Users

Google's Chrome web browser Extensions are under attack with a series of developers being hacked within last one month.

Almost two weeks ago, we reported how unknown attackers managed to compromise the Chrome Web Store account of a developer team and hijacked Copyfish extension, and then modified it to distribute spam correspondence to users.

Just two days after that incident, some unknown attackers then hijacked another popular extension'Web Developer' and then updated it to directly inject advertisements into the web browser of over its 1 million users.

After Chris Pederick, the creator of 'Web Developer' Chrome extension that offers various web development tools to its users, reported to Proofpoint that his extension had been compromised, the security vendor analysed the issue and found further add-ons in the Chrome Store that had also been altered.

According to the latest report published by the researchers at Proofpoint on Monday, the expanded list of compromised Chrome Extensions are as below:

Chrometana (1.1.3)
Infinity New Tab (3.12.3)
CopyFish (2.8.5)
Web Paint (1.2.1)
Social Fixer (20.1.1)

Proofpoint researcher Kafeine also believes Chrome extensions TouchVPN and Betternet VPN were also compromised in the same way at the end of June.

In all the above cases, some unknown attackers first gained access to the developers' Google web accounts by sending out phishing emails with malicious links to steal account credentials.

Once the attackers gained access to the accounts, either they hijacked their respective extensions and then modified them to perform malicious tasks, or they add malicious Javascript code to them in an attempt to hijack traffic and expose users to fake ads and password theft in order to generate revenue.

In the case of the Copyfish extension, the attackers even moved the whole extension to one of its developers' accounts, preventing the software company from removing the infected extension from the Chrome store, even after being spotted compromised behaviour of the extension.

"Threat actors continue to look for new ways to drive traffic to affiliate programs and effectively surface malicious advertisements to users," researchers concluded. "In the cases described here, they are leveraging compromised Chrome extensions to hijack traffic and substitute advertisements on victims' browsers."

"Once they obtain developer credentials through emailed phishing campaigns, they can publish malicious versions of legitimate extensions."

At this time, it is unclear who is behind the hijackings of Chrome Web extensions.

The best way to protect yourself from such attacks is always to be suspicious of uninvited documents sent over a phishing email and never click on links inside those documents unless verifying the source.

Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests

noreply@blogger.com (T-W-S) — Thu, 17 Aug 2017 17:42:00 +0000

Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests

An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries.

Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks at European hotels and attributed it to the Fancy Bearhacking group.

Fancy Bear—also known as APT28, Sofacy, Sednit, and Pawn Storm—has been operating since at least 2007 and also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election.

The newly-discovered campaign is also exploiting the Windows SMB exploit (CVE-2017-0143), called EternalBlue, which was one of many exploits allegedly used by the NSA for surveillance and leaked by the Shadow Brokers in April.

EternalBlue is a security vulnerability which leverages a version of Windows' Server Message Block (SMB) version 1 networking protocol to laterally spread across networks and also allowed the WannaCry and Petya ransomware to spread across the world quickly.

Since the EternalBlue code is available for anyone to use, cyber criminals are widely trying to use the exploit to make their malware more powerful.

Just last week, a new version of credential stealing TrickBot banking Trojan was found leveraging SMB to spread locally across networks, though the trojan was not leveraging EternalBlue at that time.

However, researchers have now found someone deploying the exploit to upgrade their attack.

"To spread through the hospitality company's network, APT28 used a version of the EternalBlue SMB exploit," FireEye researchers write. "This is the first time we have seen APT28 incorporate this exploit into their intrusions."

Researchers have seen ongoing attacks targeting a number of companies in the hospitality sector, including hotels in at least seven countries in Europe and one Middle Eastern country.

Here's How the Attack is Carried Out

The attacks began with a spear phishing email sent to one of the hotel employees. The email contains a malicious document named "Hotel_Reservation_Form.doc," which uses macros to decode and deploy GameFish, malware known to be used by Fancy Bear.

Once installed on the targeted hotel's network, GameFish uses the EternalBlue SMB exploit to laterally spread across the hotel network and find systems that control both guest and internal Wi-Fi networks.

Once under control, the malware deploys Responder, an open source penetration testing tool created by Laurent Gaffie of SpiderLabs, for NetBIOS Name Service (NBT-NS) poisoning in order to steal credentials sent over the wireless network.

While the hacking group carried out the attack against the hotel network, researchers believe that the group could also directly target "hotel guests of interest"—generally business and government personnel who travel in a foreign country.

The researchers revealed one such incident that occurred in 2016 where Fancy Bear accessed the computer and Outlook Web Access (OWA) account of a guest staying at a hotel in Europe, 12 hours after victim connected to the hotel’s Wi-Fi network.

This is not the only attack that apparently aimed at guests of hotels. South Korea-nexus Fallout Team (also known as DarkHotel) has previously carried out such attacks against Asian hotels to steal information from senior executives from large global companies during their business trips.

Duqu 2.0 malware also found targeting the WiFi networks of European hotels used by participants in the Iranian nuclear negotiations. Also, high-profile people visiting Russia and China may have their laptops and other electronic devices accessed.

The easiest way to protect yourself is to avoid connecting to hotel Wi-Fi networks or any other public or untrusted networks, and instead, use your mobile device hotspot to get access to the Internet.

CopyCat Android Rooting Malware Infected 14 Million Devices

noreply@blogger.com (T-W-S) — Fri, 07 Jul 2017 15:08:00 +0000

CopyCat Android Rooting Malware Infected 14 Million Devices

CopyCat Android mobile malware was able to infect over 14 million devices last year and root eight million of them, researchers have revealed.

The malware, spread through popular apps repackaged with the malicious code and distributed through third-party stores and phishing scams -- but not Google Play -- infects devices in order to generate and steal advertising revenue.

According to Check Point researchers, the hackers behind the campaign were able to earn roughly $1.5 million in two months, infecting 14 million devices globally and rooting 8 million of them in what the security team calls an "an unprecedented success rate."

Check Point

Once a device is infected, CopyCat waits until a restart to allay suspicion then attempts to root the device. Check Point says that CopyCat was able to successfully root 54 percent of all the devices it infected, "which is very unusual even with sophisticated malware."

In order to achieve root status, the malicious code uses six different vulnerabilities for Android versions 5 and earlier through an "upgrade" pack pulled from Amazon web storage. Some of the flaws the malware tests for are extremely old and the most modern ones were discovered over two years ago -- and so should your device be patched and up-to-date, CopyCat should not be a worry.

"These old exploits are still effective because users patch their devices infrequently, or not at all," the researchers note.

The malware then injects malicious code into the Zygote app launching process, which permits attackers to generate fraudulent revenue by installing apps and substituting the user's referrer ID with their own, as well as display fraudulent ads and applications.

This technique was first used by the Triada Trojan. According to Kaspersky Labs, the malware targeted the same process to gain superuser privileges before using regular Linux debugging tools to embed its DLL and target mobile browsers.

In total, fraudulent ads were displayed on 26 percent of infected devices, while 30 percent were used to steal credit for installing apps on Google Play. In addition, Check Point says the malware would also send device brand, model, OS version and country to CopyCat command and control (C&C) centers.

At the peak of the campaign in April and May 2016, CopyCat mainly infected users in Asia, although over 280,000 infections were also recorded in the United States.

Check Poin

Google was able to quell the campaign, and now the current number of infected devices is far lower -- but those affected by the malware may still be generating revenue for the attackers today.

The researchers are not sure who is behind the malware campaign but has tentatively linked MobiSummer as some of the malware's code is signed by the Chinese ad network.

See also: Windows ransomware found to be incredibly rare

Earlier this week, a UK teenager was charged for supplying malware for use in distributed denial-of-service (DDoS) attacks and assisting criminals in striking high-profile targets worldwide, including NatWest, Vodafone, O2, BBC, BT, Amazon, Netflix, and Virgin Media, among others.r

AlphaBay Dark Web Market Goes Down; Users Fear Exit-Scam

noreply@blogger.com (T-W-S) — Fri, 07 Jul 2017 14:59:00 +0000

AlphaBay Dark Web Market Goes Down; Users Fear Exit-Scam

Some users at Reddit and Twitter are claiming that AlphaBay's admins may have shut down the marketplace to withdraw a huge number of bitcoins from the site's accounts.

The withdrawal Bitcoin transactions total 1,479.03904709 Bitcoin (roughly $3.8 Million), which led to suspicion from some users that the site’s admins may have pulled an exit scam to steal user funds.

In March 2015, the largest (at the time) dark web market 'Evolution' suddenly disappeared overnight from the Internet, stealing millions of dollars worth of Bitcoins from its customers.

However, users no need to worry—at least right now when nothing is confirmed, and the timing of the two incidents—site downtime and Bitcoin withdrawals—may be just coincidental.

This is not the first time AlphaBay goes offline. Last year, the site went down for about four days. Also, the blockchain transactions of about $3.8 Million are not enough for AlphaBay moderators to go offline.

One user on Reddit calls for calm and patience, saying "Now I'll admit I don't know for sure what's going on, and I am a bit nervous myself because if this is the end then I've lost a couple of hundred dollars myself But think about it Last year alphabay went down for about 4 days."

"Everyone was saying for sure that this was it, but it was not. It took the alphabay moderators days to update people on what was going on too; they're known to do this. Also about that blockchain transaction.. 44 bitcoins rounds off to about 4 million US. [I don’t know] about you but that doesn't sound like nearly enough money."

While AlphaBay continues to be down, and AlphaBay-associated Redditor who goes by moniker Big_Muscles has called users to calm down, saying the site's servers are under update and will be "back online soon."

Also unlike Silk Road, there is no indication that the law enforcement took down the AlphaBay marketplace.

Silk Road was shut down in 2013 after the arrest of its unassuming founder, Ross William Ulbricht. The FBI seized bitcoins (worth about $33.6 million, at the time) from the site, which were later sold in a series of auctions by the United States Marshals Service (USMS).

AlphaBay Market, one of the largest Dark Web marketplaces for drugs, guns, and other illegal goods, suddenly disappeared overnight without any explanation from its admins, leaving its customers who have paid large sums in panic. AlphaBay, also known as "the new Silk Road," has been shut down since Tuesday night. The site also came in the news at the beginning of this year when a hacker successfully hacked the AlphaBay site and stole over 200,000 private unencrypted messages from several users. Although the website sometimes goes down for maintenance, customers are speculating that the admins have stolen all their Bitcoins for good measure, when heard no words from the site's admins on the downtime. Some users at Reddit and Twitter are claiming that AlphaBay's admins may have shut down the marketplace to withdraw a huge number of bitcoins from the site's accounts. The withdrawal Bitcoin transactions total 1,479.03904709 Bitcoin (roughly $3.8 Million), which led to suspicion from some users that the site’s admins may have pulled an exit scam to steal user funds. In March 2015, the largest (at the time) dark web market 'Evolution' suddenly disappeared overnight from the Internet, stealing millions of dollars worth of Bitcoins from its customers. However, users no need to worry—at least right now when nothing is confirmed, and the timing of the two incidents—site downtime and Bitcoin withdrawals—may be just coincidental. This is not the first time AlphaBay goes offline. Last year, the site went down for about four days. Also, the blockchain transactions of about $3.8 Million are not enough for AlphaBay moderators to go offline. One user on Reddit calls for calm and patience, saying "Now I'll admit I don't know for sure what's going on, and I am a bit nervous myself because if this is the end then I've lost a couple of hundred dollars myself But think about it Last year alphabay went down for about 4 days." "Everyone was saying for sure that this was it, but it was not. It took the alphabay moderators days to update people on what was going on too; they're known to do this. Also about that blockchain transaction.. 44 bitcoins rounds off to about 4 million US. [I don’t know] about you but that doesn't sound like nearly enough money." While AlphaBay continues to be down, and AlphaBay-associated Redditor who goes by moniker Big_Muscles has called users to calm down, saying the site's servers are under update and will be "back online soon." Also unlike Silk Road, there is no indication that the law enforcement took down the AlphaBay marketplace. Silk Road was shut down in 2013 after the arrest of its unassuming founder, Ross William Ulbricht. The FBI seized bitcoins (worth about $33.6 million, at the time) from the site, which were later sold in a series of auctions by the United States Marshals Service (USMS).

This newly discovered bug allows any website to crash a Windows Vista, 7, or 8 PC

noreply@blogger.com (T-W-S) — Fri, 07 Jul 2017 13:53:00 +0000

This newly discovered bug allows any website to crash a Windows Vista, 7, or 8 PC

Windows 7 users may want to forget this month as soon as possible. Recently, the widely spread WannaCry ransomware virus had infected computers around the world, of which majority of those affected were Windows 7 users. And, now in what looks like a major throwback from the 1990s, a new bug has been discovered that can slow down and crash systems running Windows Vista, Windows 7 or Windows 8/8.1, reports ArsTechnica. Malicious users can abuse this bug to attack other people’s systems by using certain bad filenames to lock their system or crash it with a blue screen of death (BSOD).

For those unfamiliar, this newly discovered bug is an upgraded version of an annoying old bug known as concon. This was a computer bug that appeared in the Windows 95 and Windows 98 operating systems and was considered as a security vulnerability because malicious web pages would crash systems with links such as file:///C:/con/con.

So, how does this new iteration of bug work? This bug allows a malicious website to load an image file with the “$MFT” name in the directory path. “$MFT” is a filename given to a special metadata file that’s used by Windows’ NTFS filesystems. Since the file exists in the root directory of each NTFS volume, it’s hidden from view and inaccessible to most software. However, it is handled by the NTFS driver in special ways.

When someone tries embedding certain bad filenames by using them as image sources, it can lock the system or occasionally crash with a BSOD. For instance, if you are trying to open the file c:\$MFT\123, the NTFS driver locks the filesystem and never releases it, which in turn prevents any apps that are running from accessing data on the hard drive. This ultimately causes the affected system to slow down, hang, or worse, crash by making way for the dreaded BSOD. The only way that you can get yourself out of this situation is by rebooting your system.

While Microsoft has been informed of the bug, it is not clear as of yet when it will release a fix for the problem. Meanwhile, Windows 10 users remain unaffected by the new bug.

Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

noreply@blogger.com (T-W-S) — Fri, 07 Jul 2017 13:48:00 +0000

Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

Around 10 Million Won worth of bitcoins were allegedly stolen from a single victim's account, according to the Kyunghyang Shinmun, a major local newspaper.

A survey of users who lost cryptocurrencies in the cyber attack reveals "it is estimated that hundreds of millions of won [worth of cryptocurrencies] have been withdrawn from accounts of one hundred investors. One member claims to have had 1.2 billion won stolen."

Besides digital currencies, hackers were succeeded in stealing the personal information of 31,800 Bithumb website users, including their names, email addresses, and mobile phone numbers, the South Korean government-funded Yonhap News reported.

However, Bithumb claims that this number represents approximately 3% of its customers.

The exchange also told Yonhap that it contacted South Korea's cybercrime watchdog on June 30, Friday after it learned of the hack on June 29.

Bithumb believes that one of its employee's home computer was hacked in the attack and not its entire network and no passwords were compromised, so it is impossible for hackers to gain direct access to user accounts.

The digital currency exchange says that the loss of funds is the result of using "disposable passwords" in order to carry out digital transactions online.

"The employee PC, not the head office server, was hacked. Personal information such as mobile phone and email address of some users were leaked," Bithumb told the newspaper. "However, some customers were found to have been stolen from because of the disposable password used in electronic financial transactions."

While more than 100 Bithumb customers have already filed a complaint with the National Police Agency's cybercrime report center regarding the hack, South Korean officials are now investigating the incident.

One of the world's largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised. Bithumb is South Korea's largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea's currency, the Won. Bithumb is currently the fourth largest Bitcoin exchange and the biggest Ethereum exchange in the world. Last week, a cyber attack on the cryptocurrency exchange giant resulted in a number of user accounts being compromised, and billions of South Korean Won were stolen from customers accounts. Around 10 Million Won worth of bitcoins were allegedly stolen from a single victim's account, according to the Kyunghyang Shinmun, a major local newspaper. A survey of users who lost cryptocurrencies in the cyber attack reveals "it is estimated that hundreds of millions of won [worth of cryptocurrencies] have been withdrawn from accounts of one hundred investors. One member claims to have had 1.2 billion won stolen." Besides digital currencies, hackers were succeeded in stealing the personal information of 31,800 Bithumb website users, including their names, email addresses, and mobile phone numbers, the South Korean government-funded Yonhap News reported. However, Bithumb claims that this number represents approximately 3% of its customers. The exchange also told Yonhap that it contacted South Korea's cybercrime watchdog on June 30, Friday after it learned of the hack on June 29. Bithumb believes that one of its employee's home computer was hacked in the attack and not its entire network and no passwords were compromised, so it is impossible for hackers to gain direct access to user accounts. The digital currency exchange says that the loss of funds is the result of using "disposable passwords" in order to carry out digital transactions online. "The employee PC, not the head office server, was hacked. Personal information such as mobile phone and email address of some users were leaked," Bithumb told the newspaper. "However, some customers were found to have been stolen from because of the disposable password used in electronic financial transactions." While more than 100 Bithumb customers have already filed a complaint with the National Police Agency's cybercrime report center regarding the hack, South Korean officials are now investigating the incident.

WebSites Found Collecting Data from Online Forms Evena Before You Click Submit

noreply@blogger.com (T-W-S) — Wed, 21 Jun 2017 13:25:00 +0000

WebSites Found Collecting Data from Online Forms Evena Before You Click Submit

'Do I really need to give this website so much about me?'

That's exactly what I usually think after filling but before submitting a web form online asking for my personal details to continue.

I am sure most of you would either close the whole tab or would edit already typed details (or filled up by browser's auto-fill feature) before clicking 'Submit' — Isn't it?

But closing the tab or editing your information hardly makes any difference because as soon as you have typed or auto-filled anything into the online form, the website captures it automatically in the background using JavaScript, even if you haven't clicked the Submit button.
During an investigation, Gizmodo has discovered that code from NaviStone used by hundreds of websites, invisibly grabs each piece of information as you fill it out in a web form before you could hit 'Send' or 'Submit.'

NaviStone is an Ohio-based startup that advertises itself as a service to unmask anonymous website visitors and find out their home addresses.

There are at least 100 websites that are using NaviStone's code, according to BuiltWith, a service that tells you what tech sites employ.

Gizmodo tested dozens of those websites and found that majority of sites captured visitors' email addresses only, but some websites also captured their personal information, like home addresses and other typed or auto-filled information.

How Websites Collect 'Data' Before Submitting Web Forms

Using JavaScript, the websites in question were sending user's typed or auto-filled information of an online form to a server at "murdoog.com," which is owned by NaviStone, leaving no option for people who immediately change their minds and close the page.

When the publication asked NaviStone that how it unmasks anonymous website visitors, the company denied revealing anything, saying that "its technology is proprietary and awaiting a patent."

However, when asked whether email addresses are gathered in order to identify the person and their home addresses, the company's chief operating officer Allen Abbott said NaviStone does not "use email addresses in any way to link with postal addresses or any other form of PII [Personal Identifiable Information]."

"Rather than use email addresses to generate advertising communications, we actually use the presence of an email address as a suppression factor, since it indicates that email, and not direct mail, is their preferred method of receiving advertising messages," Abbott said.

Some websites using NaviStone's code are collecting information on visitors who are not even their customers and do not share any relationship with the companies.

"Three sites—hardware site Rockler.com, gift site CollectionsEtc.com, and clothing site BostonProper.com—sent us emails about items we'd left in our shopping carts using the email addresses we'd typed onto the site but had not formally submitted," Gizmodo writes.

After the story had gone live, NaviStone agreed to no longer collect email addresses from visitors this way, as Abbott said, "While we believe our technology has been appropriately used, we have decided to change the system operation such that email addresses are not captured until the visitor hits the 'submit' button."

Disable Auto-Fill; It’s Leaking Your Information!

In order to protect yourself from such websites collecting your data without your consent, you should consider disabling auto-fill form feature, which is turned on by default, in your browser, password manager or extension settings.

At the beginning this year, we also warned you about the Auto-fill feature, which automatically fills out web form based on data you have previously entered in similar fields but can be misused by attackers hiding fields (out of sight) in the web form and stealing your personal information without your knowledge.

Here's how to turn this feature off in Chrome:

Go to Settings → Show Advanced Settings at the bottom, and under the Passwords and Forms section uncheck Enable Autofill box to fill out web forms with a single click.

In Opera, go to Settings → Autofill and turn it off.

In Safari, go to Preferences and click on AutoFill to turn it off.

Also, think twice before filling your details into any web form, before it gets too late.

What is Bitcoin and Bitcoin Mining? Bitcoin explained in dummy language

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:47:00 +0000

What is Bitcoin and Bitcoin Mining? Bitcoin explained in dummy language

Bitcoin has been in news for past few days. One of the reasons is that, a few days ago, the WannaCry ransomware struck the world and made headlines. One aspect of this attack, however, was the demand by the attackers to be paid in Bitcoin rather than traditional currencies of Dollar, Pound or Euros.

However, we are much interested in the second reason. Bitcoin touched a lifetime high of $2400 last week and will soon be touching $2500. Which means if you had bought Bitcoins in the period July 2010 to December 2013 when it was $7 to $25 a piece, you could be a multimillionaire now. Bitcoin as a currency that was debunked and criticized by central bankers of almost all nations has now suddenly become the toast of the Internet. Why? Through this article, we explain what is Bitcoin and how it is produced (mined)!

New Age Currency- Bitcoin Cryptocurrency

Bitcoin is a virtual currency of the Internet also called “cryptocurrency”. A person known only by the name of Satoshi Nakamoto introduced the world to Bitcoin back in 2009. His true identity still remains hidden though many websites have claimed to have identified him or rather found him, over past 8 years.

Bitcoins in simple terms are virtual coins that are transferred over the internet. A bitcoin like mentioned earlier, is a currency, meaning it has a foreign exchange value just as the Euro does against the US Dollar. However, the only difference is that dollars, pounds, and euros can be stored in your pant wallet while Bitcoin can only be saved online. The reason such cryptocurrencies are in demand is because of their ability to be transferred directly between individuals bypassing the banking system and thus making the sender and receiver of every bitcoin transaction nominally anonymous though he/she can be tracked through blockchain exchange.

Bitcoin is a digital currency that isn’t regulated by anybody leave alone any central bank. Therefore it has no interest rate, repo rate or any other rate that central bankers decide to levy on their respective currencies. It is a currency that is generated by painstaking mathematical computations and policed by millions of computer users called ‘miners’. Bitcoins are basically electricity, converted into a long string of code that has monetary value. The value of a single bitcoin also varies just as any other currency with it hitting a high of $1000 USD in 2015 – the same time when its popularity spread into mainstream conscience and it has dipped significantly since before rebounding again in 2016 and now touching lifetime highs of $2500 per bitcoin.

Bitcoin Mining

Now that we understand what a bitcoin is, the next thing is to understand how is it generated. One way to get bitcoins is to buy one through many of the online Bitcoin exchanges. You will need to have a bitcoin wallet installed on one your devices or use an online wallet by one of many service providers and then one can send and receive bitcoins just as one would emails. Bitcoin is underpinned by a peer-to-peer computer network made up of its users’ machines, similar to the networks that underpin BitTorrent, a file-sharing system. Bitcoins are mathematically generated as computers in this network carry out complex number-crunching tasks – a procedure termed bitcoin mining.

Bitcoin mining is a serious business with many tech companies manufacturing special computers called ASIC computers. These ASIC computers cost lots of moolah and are capable of doing the painstaking calculations for bitcoin mining.

Once you have installed a Bitcoin wallet, you will receive an encrypted address with the ability to generate more whenever needed. This address can then be shared with anyone from whom you wish to receive payment in the form of bitcoins. This system is secured by a concept called blockchain. Workers or miners are paid freshly created bitcoins for verifying Bitcoin transactions.

The mathematics of the bitcoin system was created in such a way that there is an upper limit to the number of bitcoins that can be mined. The ceiling is said to be around 21 million. The mining of bitcoins gets tougher and tougher the closer we get to the ceiling. Being unable to be regulated by any agency, Bitcoin also has the added advantage of not having it value diluted because a government somewhere decided to jump onto the bandwagon and release bitcoins of its own.

If you did not buy bitcoins when they were available for $7-25 a piece, you probably missed the bus but you can always buy them now with a hope of a single bitcoin touching $10000 as predicted by many bitcoin aficionados.

Extratorrent.cc shutdown effect – The Pirate Bay keeps crashing intermittently

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:42:00 +0000

Extratorrent.cc shutdown effect – The Pirate Bay keeps crashing intermittently

Have you noticed a peculiar thing since the ExtraTorrent.cc shut down permanently? Visit The Pirate Bay and you will find it working normally. Search for a movie, TV show or any other torrent and the torrent website will suddenly throw up a CloudFlare error. A couple of tries later you may get your torrent download as you wished but it seems that the world’s most popular torrent website, The Pirate Bay is not able to cope up with the deluge of torrent downloaders after the demise of ExtraTorrent.cc.

ExtraTorrent shuts down permanently; Top 3 alternatives

The problem is somewhat aggravated by the sudden spurt of ExtraTorrent clones and proxies which are filled with malware, adware and viruses. Torrent users prefer the cleaner and safer TPB to these clones and as such are flocking to TPB resulting in users getting constant errors when browsing TPB.

For the uninitiated, ExtraTorrent.cc used to be the second most visited torrent website after TPB and was used to download games, movies, music, NFSW stuff, and e-book torrents. When the ExtraTorrent ship seemed to sail in calm waters, out of blue SAM the owner of ExtraTorrent mysteriously shut down the world’s second-largest torrent download website on May 17th.

Like SAM warned, the Internet was soon filled with wannabe ExtraTorrent clones and mirror websites. Most of these websites were using ExtraTorrent skin almost fooling the torrent community into believing they were genuine ExtraTorrent heirs. A similar site called ExtraTorrent.cd was resurrected by so-called ‘former admins.’ But soon torrent downloaders found the site filled with malicious software and viruses. So, to fulfill their torrent needs, users flocked to The Pirate Bay. TPB apparently wasn’t prepared to handle the huge influx of former ET users.

Speaking with TorrentFreak, a TPB staffer said that the ‘big wave of new visitors’ has caused ‘gateway errors’ a tech lingo for website downtime due to heavy traffic. TPB admin Spud17 says that though TPB has seen a heavy increase in torrent downloaders, their membership registrations remain constant suggesting that torrent users are just seeking an alternative torrent download website.

“Registrations haven’t suddenly increased or anything like that, and visitor numbers to the forum are about the same as usual.”

Indians had been great fans of ExtraTorrent.cc and India accounted for over 50% of the total ExtraTorrent.cc visitors. Now, Spud17 says that over 40% of new visits registered on The Pirate Bay came from India. Mind you, ExtraTorrent was blocked by the top Indian communications watchdog, TRAI in 2016 and could be visited only by using VPN or proxies.

More Torrent website shutdowns to come?

We had reported at the start of 2017 that the media companies, anti-piracy groups, and authorities were creating extra pressure on torrent websites to shut down their business. The ExtraTorrent’s shutdown comes in the wake of other popular torrent site closures. Authorities successfully shut down KickAssTorrents and Torrentz.eu last year and it was followed by the shutdown of popular movie streaming websites like Putlocker.ch and Coke&Popcorn. TPB has been the top target of such anti-piracy groups but it has withheld the pressure preferring to shift its hydra-like domain to different addresses. With Google, Microsoft and other tech companies joining hands with ISPs to root out torrents websites altogether from the face of the earth, TPB and the remaining torrent websites face a daunting task to stay afloat.

Microsoft accidentally releases faulty Windows 10 internal build 16212 which bricks PCs and Laptops

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:40:00 +0000

Microsoft accidentally releases faulty Windows 10 internal build 16212 which bricks PCs and Laptops

Microsoft is known for its bungled updates and patches but this one takes the cake. Due to some inadvertent error, Microsoft released an internal Windows 10 build to users. The problem with the released build is that it was in testing phase and never meant to be released. As you all know, Windows 10 automatically updates the releases that Microsoft issues. The same happened with this faulty build and the members of Windows 10 Insider Program automatically updated and bricked their PC/laptops.

The issue was first noticed by MSPowerUser which reported that PC/laptops which automatically updated the faulty update. Microsoft accidentally rolled out the Windows 10 build 16212 for x86 PCs and phones running Windows 10. The immediate result of the update was bricked PC/laptops and smartphone running on Windows 10.

While such faulty update releases from Microsoft are a part of the tech folklore, this internal build 16212 was probably meant for internal testing by Microsoft engineers. It can be safely said that the internal build 16212 that was released was not even an alpha update. Geeks would know that companies generally release beta candidates to their testers for bugs and error reporting. As soon as the PCs/laptops and mobiles which updated to the new build, they crashed.

Some users reported that their Pcs/laptops/mobiles went to a boot loop after being updated this internal build 16212 PCs.MSPowerUser also reported that the Build 16212 causes Windows 10 Mobile devices to enter a boot loop, requiring users to reset their device using the Windows Device Recovery Tool. Resetting your device means losing your personal data which every person hates.

The internal build 16212 was also released to some regular users who aren’t part of the Windows Insider program. This may mean that some Windows 10 users who are not part of the Windows 10 Insiders Program may also become part of the mayhem. Dona Sarkar of Windows Insiders community tweeted warning both power users and testers not to update their PCs/mobiles with the new update.

Here is what you should do if your PC/laptop/mobile is updated with the new Internal Build 16212

At present it is unclear exactly how many Windows 10 users have updated this faulty build. Microsoft has said that its analysis shows only a small portion of Insiders got these builds. If you are one of the users who has already updated the internal build 16212, Microsoft has issued the following advice.

“If you received this build (from RS_EDGE_CASE) on your PC: Please be aware that this build was never intended to go out to Windows Insiders and may include issues that impact usability of your PC – more so than the normal builds we give you.

“You can either sit tight and wait for us to publish a newer build to you or you can roll-back to the previous build via Settings > Update & security > Recovery. And check your Windows Insider Program settings.

NOTE: You have up to 10 days to roll-back and this will only work if you did not do Disk Cleanup to remove your previous Windows installation.

5 Reasons why internet security is crucial in 2017

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:35:00 +0000

5 Reasons why internet security is crucial in 2017

Ever imagined a week without the internet? That sounds crazy, especially if your bread and butter require that you always stay online. As we live in the Internet Age, it is next to impossible to imagine life without staying connected. The internet is a useful tool in many aspects of our life, from communication down to business.

While the internet is proven to be useful, it also comes with a few drawbacks. Some people are using the Internet to cause harm to others. In the United Kingdom alone, there were an estimated 6.2 million incidents of cyber crime in 2016. Even Singapore, which is dubbed as the safest country in Asia, is not free from online scams.

The government, as well as many private organizations, are becoming more proactive in dealing with the growing rate of cyber security. Here are some reasons why Internet security is of the utmost importance in 2017:

Computer viruses and malware are more complex than ever. The Locky ransomware, by far, is the most dangerous computer virus you could have. The intruders will send you a fake email demanding you to open an attached Word document. Once you open the document, it will enable Macro commands and the malware could get inside your computer.
Scammers are using more advanced ways of tricking users. PhishMe’s chief technology and officer Aaron Higbee said the recent Google Docs phish scam tricks the user into granting permissions to a third-party app. The scammers will not lead you to fake websites for you to give up your passwords. They will not use malware to cause harm. The scammers are pretty good at mimicking Google web pages you would think they are authentic.
Data breaches in 2017 are the worst so far. When an unauthorized individual used your sensitive and confidential data, you just became a victim of data breaching. Aside from individuals, popular hotel chains, fast food chains, and even job-seeking websites have been victims of data breaching.
There are hackers who will do everything they can to cause disruption. Some hackers will not harm your computer with a virus but will steal your data for their advantage. Hackers usually target government networks because it becomes easier for them to access people’s personal information, including social security numbers and fingerprints.
Business Email Compromise (BEC) attack would likely continue to grow according to FBI. In this kind of phishing scam, the attacker will impersonate a company’s executive and will encourage customers or employees to transfer funds. You may use an email protection kit to stop attacks before they reach your inbox.

How will you protect yourself from any form of phishing? The best way to do that is to install a legitimate antivirus software that offers an overall protection from threats. The best computer antivirus according to Computer Fixperts has a thorough malware detection. Furthermore, it should safeguard you against dangerous websites, harmful downloads, and suspicious emails. For maximum protection against online threats, make sure that your antivirus software is up-to-date.

LinkedIn Hacker, Wanted by US & Russian, Can be Extradited to Either State

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:23:00 +0000

LinkedIn Hacker, Wanted by US & Russian, Can be Extradited to Either State

The alleged Russian hacker, who was arrested by the Czech police in Prague last October on suspicion of massive 2012 data breach at LinkedIn, can be extradited to either the United States or Russia, a Czech court ruled on Tuesday.

Yevgeniy Aleksandrovich Nikulin, a 29-years-old Russian national, is accused of allegedly hacking not just LinkedIn, but also the online cloud storage platform Dropbox, and now-defunct social-networking company Formspring.

However, he has repeatedly denied all accusations.

Nikulin was arrested in Prague on October 5 by the Czech police after Interpol issued an international arrest warrant against him.

Nikulin appeared at a court hearing held inside a high-security prison in Prague on Tuesday and emaciated after eight months in solitary confinement.
The court ruling, pending appeals, left the final decision in the hands of Czech Justice Minister Robert Pelikan, who can approve extradition to one of the countries and block the other.

The United States has requested Nikulin extradition for carrying out hacking attacks and stealing information from several American social networking companies, including LinkedIn, Dropbox, and Formspring, between March 2012 to July 2012.

However, Russia, where Nikulin is facing a lesser charge, has requested his extradition on a separate cyber theft charge of stealing $3,450 via the Internet in 2009.

"Both [case] documents are very, very sufficient for reasonable suspicion that [the offenses] took place and that there is a reason to press charges," the judge said.

Hacker Claims FBI Pressured Him to Confess to US Election Hacks

Nikulin's arrest last October came three days before the United States officially accused Russia of hacking the Democratic National Committee (DNC) and interfering in the 2016 presidential election.

Nikulin's lawyer says the case is a set-up, indicating that his arrest may have deeper inclinations than over the cyber attacks against American firms.

The Guardian reported Nikulin was interrogated in Prague, where he currently remains imprisoned, by FBI special agent Jeffrey Miller.

Nikulin wrote in a letter from prison that during his interrogation, Miller reportedly brought up the US election hacking and claimed that the FBI agent pressured him to admit to the DNC hack and promised him good treatment if he accepted to cooperate.
Nikulin wrote in the letter that he rejected the offer. His lawyer indicated that Nikulin was not a hacker, but just a victim of an FBI plot.

"Do you really imagine that a high-ranking FBI agent is going to travel all the way from San Francisco just to read this guy his rights?," Nikulin lawyer said.

Mark Galeotti, a senior security researcher at the Institute of International Relations Prague, also showed his concern about an FBI agent traveling to another country to extradite a hacker.

"An FBI agent traveling from the US to a third country as part of an extradition request is extremely unusual and highlights that the case is seen as significant," Galeotti said, as quoted by the Guardian.

Nikulin's Russian lawyer stated that his client's life revolved around buying and selling luxury cars, adding that Nikulin was "useless with computers" and capable of checking his email and no more and, far from being a super-hacker who can hack big firms.

Tuesday's court hearing was held in a tiny room inside the prison for security reasons, to which Nikulin’s Czech lawyer said: "In all my 25 years as a lawyer, I don’t remember any cases being tried inside the prison, including serial killers or organized crime cases."

Now, the final decision is in the hands of the Czech Justice Minister Robert Pelikan, who is slated to decide where Nikulin will be extradited: The United States, where he can face a "disproportionately harsh" sentence of 54 years behind bars, or Russia, where he faces a lesser charge of cyber theft.

Online Training for CISA, CISM, and CISSP Cyber Security Certifications

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:17:00 +0000

Online Training for CISA, CISM, and CISSP Cyber Security Certifications

Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks.

With more money at risk and data breaches at a rise, more certified cyber security experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber thieves.

That's why jobs in the cyber security field have gone up 80% over the past three years than any other IT-related job. So, this is the right time for you to consider a new career as a cyber security professional.
Cyber security experts with industry-standard certification are coming from a wide range of backgrounds, who prepare themselves to protect computer systems and networks from viruses and hackers.

But before getting started your career as a cyber security expert, it's important to understand basics of networks and how data moves from place to place, and for this, you are highly advised to gain some valuable cyber security certifications.

Cyber security certifications not only boost your skills but also verify your knowledge and credibility.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cyber security certification exams: CISA, CISM, and CISSP.

Online Training for CISA, CISM, and CISSP Certifications

With this online training course, you will get the materials you require to dive deep into the most proven and practical methods for protecting vulnerable networks and any business environment.

From the fundamentals of cryptography and encryption to the security holes in computer networks and mobile apps, this course will help you learn about information security audits, assurance, guidelines, standards, and best cyber security practices in the industry.
If you don't know what are CISA, CISM, and CISSP certifications, below you can find brief information about the courses and their importance in IT industry.

CISA - Certified Information Systems Auditor

The CISA certification is renowned across the world as the standard of achievement for those who audit, monitor, access and control information technology and business systems.

Being CISA-certified showcases candidates for their audit experience, skills, and knowledge, and signifies that you are an expert in managing vulnerabilities, instituting controls and ensuring compliance within the enterprise.

CISM - Certified Information Security Manager

The demand for skilled information security managers is on the rise, and CISM is the globally accepted certification standard of achievement in this area.

The uniquely management-focused CISM certification ensures you are re-equipped with the best practices in the IT industry and recognises your expertise to manage, design, and oversee and assess an enterprise's information security.

CISSP - Certified Information Systems Security Professional

The CISSP certification is a globally-recognised certification in the field of information security and has become a standard of achievement that is acknowledged worldwide.

Offered by the International Information Systems Security Certification Consortium, commonly known as (ISC)², CISSP is an objective measure of excellence, which requires a broad level of knowledge.

How to Join Cybersecurity Certification Training?

If you want to select the best and cost-efficient course to pass CISA, CISM, and CISSP certifications, the Cybersecurity Certification Mega Bundle course is the one for you to begin with.

You can get Cybersecurity Certification Mega Bundle for just $69 (after 93% discount) at the THN Deals Store.

So, to Sign-up for the Cybersecurity Certification Mega Bundle course, click on this link and get your online course now.

We also provide 15-Day Money Back Guarantee. So in case, you are not satisfied with this course for any reason, we will issue a refund within 15 days of purchase. We want you to be happy with every course you purchase!

How to Hack Someone's Facebook Account Just by Knowing their Phone Numbers

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:11:00 +0000

How to Hack Someone's Facebook Account Just by Knowing their Phone Numbers

Update: If you think this technique is old and can not be used to hack your social media, bank or any online accounts, then you are mistaken. A real-world SS7 attack has been spotted this month when some unknown hackers exploited the design flaws in the Signaling System 7 (SS7) to drain victims' bank accounts.

Hacking Facebook account is one of the major queries on the Internet today. It's hard to find — how to hack Facebook account, but researchers have just proven by taking control of a Facebook account with only the target's phone number and some hacking skills.

Yes, your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke!

Hackers with skills to exploit the SS7 network can hack your Facebook account. All they need is your phone number.

The weaknesses in the part of global telecom network SS7 not only let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale but also let them hijack social media accounts to which you have provided your phone number.
SS7 or Signalling System Number 7 is a telephony signaling protocol that is being used by more than 800 telecommunication operators worldwide to exchange information with one another, cross-carrier billing, enabling roaming, and other features.

However, an issue with the SS7 network is that it trusts text messages sent over it regardless of their origin. So, malicious hackers could trick SS7 into diverting text messages as well as calls to their own devices.

All they need is the target’s phone number and some details of the target’s device to initiate the silent snooping.

The researchers from Positive Technologies, who recently showed how they could hijack WhatsApp and Telegram accounts, now gave the demonstration of the Facebook hack using similar tricks, Forbes reported.

SS7 has long been known to be vulnerable, despite the most advanced encryption used by cellular networks. The designing flaws in SS7 have been in circulation since 2014 when the team of researchers at German Security Research Labs alerted the world to it.

Here's How to Hack Any Facebook Account:

The attacker first needs to click on the "Forgot account?" link on the Facebook.com homepage. Now, when asked for a phone number or email address linked to the target account, the hacker needs to provide the legitimate phone number.

The attacker then diverts the SMS containing a one-time passcode (OTP) to their own computer or phone, and can login to the target’s Facebook account.
The issue affects all Facebook users who have registered a phone number with Facebook and have authorized Facebook Texts.

Besides Facebook, researchers' work shows that any service, including Gmail and Twitter, that uses SMS to verify its user accounts has left open doors for hackers to target its customers.

Although the network operators are unable to patch the hole sometime soon, there is little the smartphone users can do.

Do not link your phone number to social media sites, rather rely solely on emails to recover your Facebook or other social media accounts.
Use two-factor authentication that does not use SMS texts for receiving codes.
Use communication apps that offer "end-to-end encryption" to encrypt your data before it leaves your smartphone over your phone's standard calling feature.

Update: However, the important thing to note is that the issue has actually nothing to do with Facebook security or other website's security, instead it is the weakness in the telecom network.

"Because this technique [SSL exploitation] requires significant technical and financial investment, it is a very low risk for most people," Facebook spokesperson told The Hacker News.

"As an added precaution, we recommend turning on two-factor authentication, called Login Approvals, in your Facebook security settings. Doing this will disable recovery via SMS on your account so even if someone has your phone number, they'll still need your password to access your account."

Hackers can spy on your calls and track location, using just your phone number

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:09:00 +0000

Hackers can spy on your calls and track location, using just your phone number

IN BRIEF

The famous ‘60 Minutes’ television show shocked some viewers Sunday evening when a team of German hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through Los Angeles.

Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allows hackers to track phone locations, listen in on calls and text messages.

The global telecom network SS7 is still vulnerable to several security flaws that could let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks.

All one need is the target's phone number to track him/her anywhere on the planet and even eavesdrop on the conversations.

SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.

Hackers Spied on US Congressman's Smartphone

With US Congressman Ted Lieu's permission for a piece broadcast Sunday night by 60 Minutes, Karsten Nohl of German Security Research Labs was able to intercept his iPhone, record phone call made from his phone to a reporter, and track his precise location in real-time.

During the phone call about the cell phone network hacking, Lieu said: "First, it's really creepy, and second, it makes me angry."

"Last year, the President of the United States called me on my phone, and we discussed some issues," he added. "So if hackers were listening in, they'd know that phone conversation, and that is immensely troubling."

What's more awful is that the designing flaws in SS7 have been in circulation since 2014, when the same German researchers' team alerted the world to it. Some flaws were patched, but few apparently remain or intentionally left, as some observers argue, for governments to snoop on its targets.

The major problem with SS7 is that if any one of the telecom operators is hacked or employs a rogue admin, a large scale of information, including voice calls, text messages, billing information, relaying metadata and subscriber data, is wide open to interception.

The weakness affects all phones, whether it's iOS, Android, or whatever, and is a major security issue. Although the network operators are unwilling or unable to patch the hole, there is little the smartphone users can do.

How Can You Avoid this Hack?

The best mitigation is to use communication apps – that offers "end-to-end encryption" to encrypt your data before it leaves your smartphone – over your phone's standard calling feature.

Lieu, who sits on House subcommittees for information technology and national security, also argues for Strong Encryption that, according to the Federal Bureau of Investigation (FBI), make it harder to solve crimes.

Lieu strongly criticized the United States agencies, if any, that may have ignored such serious vulnerabilities that affect Billions of cellular customers.

"The people who knew about this flaw [or flaws] should be fired," Lieu said on the show. "You can't have 300-some Million Americans—and really, right, the global citizenry — be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data."

Few of such apps that are popular and offers end-to-end encryption are Signal, WhatsApp, and Apple's iMessage service that keep users communications safe from prying eyes and ears.

Here's the Facebook Hacking Tool that Can Really Hack Accounts, But

noreply@blogger.com (T-W-S) — Sat, 03 Jun 2017 10:05:00 +0000

Here's the Facebook Hacking Tool that Can Really Hack Accounts, But...

Yes, you heard me right.

A newly discovered Facebook hacking tool actually has the capability to hack Facebook account, but YOURS, and not the one you desire to hack.

How to Hack Facebook account? How to Hack my Girlfriends Facebook account? My boyfriend is cheating on me, How do I hack his Facebook Account?

These are the queries that most of the Internet users search on Google.

But Beware! If you come across any Facebook hacking tool that promises you to help you hack your friends Facebook accounts, you may end up downloading a hacking tool that could hack you, instead of them.

Facebook Hacking Tool that Can Really Hack, But Your Accounts

Dubbed Remtasu, the tool is marketing itself as a Facebook hacking tool but actually is a Windows-based Trojan that has accelerated globally over the past year, and has now capability to disguise itself as an app for accessing people's Facebook account credentials.

The tool contains a Keylogger that can capture all your keystrokes and store them in a file that is subsequently sent to the attacker's server.

The malicious Facebook hacking tool is exploiting "the constant desire of a lot of users to take control of accounts from this well-known social network," according to a Monday blog post by IT security company ESET.

How Remtasu Works:

The malicious tool is delivered via direct download websites.

Once a user visits one of these websites, the dangerous Win32/Remtasu.Y malware automatically gets downloaded and executed on victim's machine and hide itself among other files.

Remtasu has capability to:

Open and obtain information from the clipboard.

Capture keystrokes.

Store all the data in a file which is subsequently sent to an FTP server.

The worst part is yet to come:

The malware remains on the infected computer even when the victim reboots their system or attempts to find the malware threat in the list of active processes.

"In this case, the malware replicates itself, saving the copy in a folder that it also creates within the system32 folder," reads the post. "The new InstallDir folder remains hidden inside the system files, making it difficult for users to access."

Most affected parts of the world include Colombia, Turkey, Thailand and elsewhere. In past, Remtasu was distributed through malicious files attached to phishing emails purporting to be from legitimate government or businesses organisations.