image
By Zehra Ali Open the Internet and your screen will be flooded with hacking news and exploits carried out through the use of sophisticated techniques. It is not uncommon to land on news reports of millions of compromised Internet devices. These stories emerge not merely because of the hacker’s expertise, although this plays a large part. Just as crucial is the lack […] This is a post from HackRead.com Read the original post: Top 10 Best Antivirus software for 2019

Source

image
By Waqas It hasn’t even been 15 days since details of the world’s biggest online private data dump were discovered by security researchers and now its second “installment” has posted online. As per the report from Heise.de, a German-language website, the first collection, which was published on January 17 and dubbed as Collections #1 had approx. 770 […] This is a post from HackRead.com Read the original post: World’s largest data dump surfaces on web with 2.2 billion accounts

Source

image
By Waqas Hungary’s Prosecution Service has accused an ethical hacker and computer specialist of infiltrating the Magyar Telekom database. The office found him involved in a crime that disrupted the operations of a “public utility” thereby attempting to endanger the society. Reportedly, the hacker identified serious vulnerabilities in Magyar Telekom and reported them to the company. He […] This is a post from HackRead.com Read the original post: Ethical hacker may get 8 years in prison for reporting flaws in Magyar Telekom

Source

image
Interior decorating website Houzz on Friday issued a notice that user data – including usernames, passwords and IP addresses – had been accessed by an “unauthorized third party.” Houzz connects consumers to varying home-goods departments or professionals for purchasing furniture. The Palo Alto, Calif.-based company said that a rogue third-party had obtained a file with the user data. That data includes internal account data like user ID, prior Houzz usernames, one-way encrypted passwords (salted uniquely per user), IP address, and city and ZIP code inferred from IP address. Also accessed was publicly visible info from a user’s Houzz profile (first name, last name, city, state, country, profile description). If users had logged into Houzz using Facebook, the user’s public Facebook ID was exposed as well. “Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party,” the company said in an alert on its website. “The security of user data is our priority. We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment and remediation efforts. We have also notified law enforcement authorities.” Interested in learning more about privacy and data breach trends? Watch the free, on-demand Threatpost webinar, as editor Tom Spring examines the data breach epidemic with the help of noted breach hunter and cybersecurity expert Chris Vickery. Vickery shares how companies can identify their own insecure data, remediate against a data breach and offers tips on protecting data against future attacks. User Social Security numbers, payment cards, bank accounts and other financial information were not impacted. Houzz said that it learned about the incident in late December, but it didn’t say how long the third party had access to the file for. The company said that not all Houzz users were impacted by the incident. When asked specifically how many Houzz customers were impacted and what the root cause of the breach stemmed from, a Houzz spokesperson told Threatpost: “Because the investigation is still ongoing, the best information we are able to provide has already been covered in the FAQ.” In the email to impacted customers, Houzz urged them to change their passwords in their account settings. @troyhunt FYI, web site @houzz got hacked. Just got this email notice. pic.twitter.com/QKB7iUGu1W — Stewart Rand (@stewssr) January 31, 2019 Tim Erlin, vice president of product management and strategy at Tripwire, said that the breach highlights the risks of password reuse. “While it might not be clear how this sensitive data was obtained, this is a good example of the risks of password reuse,” he said in an email. “If you used the same password for your Houzz account that you used for a more sensitive account, then you’ve put that more sensitive account at risk as well. Using unique passwords is a good way to protect yourself from this type of risk. Using multi-factor authentication is another way to reduce the risk. The internet is all about connection, and sometimes those connections work to the advantage of attackers.” The breach is only the latest security incident so far in January – Discover Financial, IT management giant Rubrik, Airbus, the City of St. John in New Brunswick, Canada and the State Bank of India have all reported data exposures. Separately this week, 2.2 billion records were discovered on the Dark Web as part of a data dump that’s being called “Collections #2-5.” Interested in learning more about privacy and data breach trends? Watch the free, on-demand Threatpost webinar, as editor Tom Spring examines the data breach epidemic with the help of noted breach hunter and cybersecurity expert Chris Vickery. Vickery shares how companies can identify their own insecure data, remediate against a data breach and offers tips on protecting data against future attacks.

Source

image
By Uzair Amir UAE Launched Aggressive Cyber Espionage Campaign using KARMA and Expertise of Ex-NSA Operatives. Though it seems hard to believe it is indeed true that the smartphones of several prominent political and governmental personalities worldwide have been hacked by former US intelligence officers who now work for the UAE (United Arab Emirates) government. Prominent figures targeted […] This is a post from HackRead.com Read the original post: Hackers used Karma tool to hack iPhones of prominent Govt officials

Source

image
More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union's law enforcement agency. In April 2018, investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser[.]org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks. Webstresser.org (formerly Webstresser.co), as it appeared in 2017. In the United Kingdom, police have seized more than 60 personal electronic devices from a number of Webstresser users, and some 250 customers of the service will soon face legal action, Europol said in a statement released this week. “Size does not matter – all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,” Europol officials warned. The focus on Webstresser's customers is the latest phase of “Operation Power Off,” which targeted one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks. WebStresser was one of many so-called “booter” or “stresser” services — virtual hired muscle that even completely unskilled users can rent to knock nearly any website or Internet user offline. Operation Power Off is part of a broader law enforcement effort to disrupt the burgeoning booter service industry and to weaken demand for such services. In December, authorities in the United States filed criminal charges against three men accused of running booter services, and orchestrated a coordinated takedown of 15 different booter sites. This seizure notice appeared on the homepage of more than a dozen popular “booter” or “stresser” DDoS-for-hire Web sites in December 2018. The takedowns come as courts in the United States and Europe are beginning to hand down serious punishment for booter service operators, their customers, and for those convicted of launching large-scale DDoS attacks. Last month, a 34-year-old Connecticut man received a 10-year prison sentence for carrying out DDoS attacks a number of hospitals in 2014. Also last month, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia's Internet access in 2016. In December 2018, the ringleader of an online crime group that launched DDoS attacks against Web sites — including several against KrebsOnSecurity — was sentenced to three years in a U.K. prison. And in 2017, a 20-year-old from Britain was sentenced to two years in jail for renting out Titanium Stresser, a booter service that earned him $300,000 over several years it was in operation. Many in the hacker community have criticized authorities for targeting booter service administrators and users and for not pursuing what they perceive as more serious cybercriminals, noting that the vast majority of both groups are young men under the age of 21 and are using booter services to settle petty disputes over online games. But not all countries involved in Operation Power Off are taking such a punitive approach. In the Netherlands, the police and the prosecutor’s office have deployed new legal intervention called “Hack_Right,” a diversion program intended for first-time cyber offenders. Europol says at least one user of Webstresser has already received this alternative sanction. “Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to use these wisely,” Europol said. According to U.S. federal prosecutors, the use of booter and stresser services to conduct attacks is punishable under both wire fraud laws and the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and may result in arrest and prosecution, the seizure of computers or other electronics, as well as prison sentences and a penalty or fine.

Source

image
Many of you might have this question in your mind: “Is it illegal to test a website for vulnerability without permission from the owner?” Or… “Is it illegal to disclose a vulnerability publicly?” Well, the answer is YES, it’s illegal most of the times and doing so could backfire even when you have good intentions. Last year, Hungarian police arrested a 20-year-old ethical hacker accused of finding and exploiting serious vulnerabilities in Magyar Telekom, the largest Hungarian telecommunication company, who is now facing up to 8 years in prison. According to local Hungarian media, the defender first discovered a severe vulnerability in Magyar Telekom systems in April 2018 and reported it to the company officials, who later invited him to a meeting. Reportedly, the hacker then traveled to Budapest for the meeting, which didn't go well as he expected, and apparently, the company did not permit him to test its systems further. However, the man continued probing Magyar Telekom networks and discovered another severe vulnerability at the beginning of May that could have allowed an attacker to access all public and retail mobile and data traffic, and monitor company's servers. When Magyar Telekom detected an “uninvited” intrusion on their internal network, the company on same day reported the incident to the police, leading to his arrest. The hacker is currently on trial. The Hungarian Prosecution Service is requesting a prison sentence, while the Hungarian Civil Liberties Union, a non-profit human rights watchdog, is defending the hacker, claiming that the indictment is inaccurate, incomplete and in false colors. However, the Prosecutor's Office said “anyone who reads the prosecutor’s document can make sure that the indictment contains all information,” arguing that the defendant crossed a line and due to the danger his actions may have posed to society, he must face legal consequences. The Prosecutor's Office also offered the man a plea bargain, which said if he admitted his guilt, he would be given a 2-year suspended sentence, and if not, he would have to serve five years in jail. After he refused the plea deal, the hacker has now been charged with an upgraded crime in the indictment, i.e., disrupting the operation of a “public utility,” which could soon end him up behind bars for up to 8 years, if proven guilty. Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.

Source

Many of you might have this question in your mind:

“Is it illegal to test a website for vulnerability without permission from the owner?”

Or… “Is it illegal to disclose a vulnerability publicly?”

Well, the answer is YES, it’s illegal most of the times and doing so could backfire even when you have good intentions.

Last year, Hungarian police arrested a 20-year-old ethical hacker accused of

Source

image
UPDATE An Iran-linked APT known as Chafer has been spotted targeting various entities based in Iran with an enhanced version of a custom malware that takes a very unique approach to communication by using the Microsoft Background Intelligent Transfer Service (BITS) mechanism over HTTP. Meanwhile the victimology suggests the threat group is waging a cyber-espionage operation against diplomats there. Remexi, Remixed Over the course of the autumn, analysts at Kaspersky Lab observed attackers targeting embassies using an improved version of the Remexi malware, which Chafer has used in the past. It’s a spyware, capable of exfiltrating keystrokes, screenshots and browser-related data like cookies and history. Remexi developers used the C programming language and the GCC compiler on Windows in the MinGW environment to create the latest version of the malware (which has a March 2018 time stamp). The main notable aspect of the code is that it consists of several working threads dedicated to different tasks that it deploys in its working directory, according to Kaspersky. These include command-and-control (C2) command parsing, data exfiltration, launching victim activity logging in a separate module and seven threads for various espionage and auxiliary functions. It’s also worth noting how these threads share information. “One of the malware threads checks in an infinite loop if the mouse button was pressed and then also increments the integer iterator infinitely,” Kaspersky analysts said, in a posting this week. “If the mouse-hooking function registers a button hit, it lets the screenshotting thread know about it through a global variable. After that, it checks if the iterator divided by (captureScreenTimeOut/captureActiveWindowTimeOut) has a remainder of 0. In that case, it takes a screenshot.” Legit Microsoft Tools in the Mix A notable aspect of the improved trojan is the fact that the Remexi developers are relying on legitimate Microsoft utilities. For instance, for both C2 communication and exfiltration, Remexi uses the aforementioned BITS mechanism over HTTP. “One of the things we keep in mind when we attribute a campaign to one or another actor is malefactors’ tactics, techniques and procedures (TTP),” said Denis Legezo, senior security researcher, Global Research and Analysis Team (GReAT) at Kaspersky Lab. “Some of them develop all the needed tools from scratch, and others extensively use third-party applications alongside the code by their own developers. Chafer now is among the latter ones. Data exfiltration using BITS/bitsadmin.exe isn’t typical at all.” He added, “In terms of protective measures, such communication mechanism means that the system administrators have to check BITS inbound/outbound traffic to external network resources in their environments.” This “greater reliance on freely available software tools, also known as ‘living off the land'” offers threat groups a key advantage, according to previous Chafer analysis from Symantec: “By limiting their use of malware, groups such as Chafer hope to be less conspicuous on a victim’s network and, if discovered, make their attack more difficult to attribute.” Remexi also employs XOR encryption with a hardcoded key for its configuration and RC4 with a predefined password for encrypting the victim’s data. There are unique keys used by different samples, including the use of the word “salamati,” which means “health” in Farsi. How Remexi is arriving on victims’ desktops remains a bit of a mystery. “So far, our telemetry hasn’t provided any concrete evidence that shows us how the Remexi malware spread,” analysts said. “However, we think it’s worth mentioning that for one victim we found a correlation between the execution of Remexi´s main module and the execution of an AutoIt script compiled as PE, which we believe may have dropped the malware.” That said, in earlier attacks from 2015, Symantec found evidence that Chafer had been compromising targeted organizations by attacking their web servers, likely through SQL injection attacks, in order to drop malware onto them. In 2017, the group added a new infection method to its toolkit, using malicious documents which are likely circulated using spear-phishing emails sent to individuals working in targeted organizations. Victimology As for the victimology, Kaspersky speculates that the campaign could a domestic affair. In addition to the aforementioned “salamati” being used as a Farsi-language human-readable encryption key, the vast majority of the users targeted by this new variant of Remexi appear to have Iranian IP addresses, including those tied to foreign diplomatic entities based in the country. “They were after local hosts for years, but foreign diplomatic entities are something new for them from our point of view,” Legezo told Threatpost. “We saw several emerging actors moving from domestic campaigns to international ones. Such development seems quite logical: they got experience, toolsets became more mature and the set of tasks also broadens.” Also, “among the artifacts related to malware authors, we found in the binaries a .pdb path containing the Windows user name ‘Mohamadreza New,'” the analysts noted. “Interestingly, the FBI website for wanted cybercriminals includes two Iranians called Mohammad Reza, although this could be a common name or even a false flag.” This victim set could signal a return to Chafer’s roots. According to the prior analysis from Symantec, foreign diplomats inside Iran have been a target for Chafer in the past. But the APT, which has been around since at least 2014, switched up its tactics in 2017 to expand beyond Iran to “hit organizations in Israel, Jordan, the United Arab Emirates, Saudi Arabia and Turkey.” Outside of the Middle East, Symantec also found evidence of attacks against one African airline and attempts to compromise an international travel reservations firm. Sectors targeted included airlines; aircraft services; software and IT services companies serving the air and sea transport sectors; telecom services; payroll services; engineering consultancies; and document management software. “So far, the campaign’s TTPs aren’t state of the art, but a trend among emerging actors is quite visible: they are becoming more mature and broadening their set of targets,” Legezo told Threatpost. “Speaking about targeted malware, one shouldn’t consider anyone as an amateur. Maybe we don’t see ‘advanced’ (from ‘APT’ abbreviation) techniques used in every campaign, but ‘persistent’ is here for sure anytime. Therefore, it’s important to think about protective measures, like security software, a remediation plan and threat intelligence in advance.” This post was updated at 2:35 p.m. ET on Feb. 4 to reflect additional researcher insights.

Source

More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union’s law enforcement agency.

In April 2018, investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser[.]org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks.

Webstresser.org (formerly Webstresser.co), as it appeared in 2017.

In the United Kingdom, police have seized more than 60 personal electronic devices from a number of Webstresser users, and some 250 customers of the service will soon face legal action, Europol said in a statement released this week.

“Size does not matter – all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,” Europol officials warned.

The focus on Webstresser’s customers is the latest phase of “Operation Power Off,” which targeted one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks. WebStresser was one of many so-called “booter” or “stresser” services — virtual hired muscle that even completely unskilled users can rent to knock nearly any website or Internet user offline.

Operation Power Off is part of a broader law enforcement effort to disrupt the burgeoning booter service industry and to weaken demand for such services. In December, authorities in the United States filed criminal charges against three men accused of running booter services, and orchestrated a coordinated takedown of 15 different booter sites.

This seizure notice appeared on the homepage of more than a dozen popular “booter” or “stresser” DDoS-for-hire Web sites in December 2018.

The takedowns come as courts in the United States and Europe are beginning to hand down serious punishment for booter service operators, their customers, and for those convicted of launching large-scale DDoS attacks. Last month, a 34-year-old Connecticut man received a 10-year prison sentence for carrying out DDoS attacks a number of hospitals in 2014. Also last month, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016.

In December 2018, the ringleader of an online crime group that launched DDoS attacks against Web sites — including several against KrebsOnSecurity — was sentenced to three years in a U.K. prison. And in 2017, a 20-year-old from Britain was sentenced to two years in jail for renting out Titanium Stresser, a booter service that earned him $300,000 over several years it was in operation.

Many in the hacker community have criticized authorities for targeting booter service administrators and users and for not pursuing what they perceive as more serious cybercriminals, noting that the vast majority of both groups are young men under the age of 21 and are using booter services to settle petty disputes over online games.

But not all countries involved in Operation Power Off are taking such a punitive approach. In the Netherlands, the police and the prosecutor’s office have deployed new legal intervention called “Hack_Right,” a diversion program intended for first-time cyber offenders. Europol says at least one user of Webstresser has already received this alternative sanction.

“Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to use these wisely,” Europol said.

According to U.S. federal prosecutors, the use of booter and stresser services to conduct attacks is punishable under both wire fraud laws and the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and may result in arrest and prosecution, the seizure of computers or other electronics, as well as prison sentences and a penalty or fine.

Source