h4ck3r _ N3w5

The respected encryption and network security company RSA Security (now a division of EMC), whose respect was already on stack after revelation by former NSA contractor Edward Snowden revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which the most trusted security provider company RSA used in its Bsafe security tool.

Until then RSA wasn’t able to come up from this aspersion, a new document by Snowden revealed that RSA received $10 million from NSA for keeping Encryption Weak.
Researchers from Johns Hopkins, the University of Wisconsin, the University of Illinois have claimed that the RSA adopted one more NSA recommended tool called Extended Random extension for secure websites, which actually helps NSA to crack a version of the Dual Elliptic Curve software tens of thousands of times faster, Reuters reported.
Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC_DRBG) is a cryptographically secure pseudorandom number generator, that was developed by the National Security Agency (NSA) cryptographers and later adopted by RSA in its BSafe security kit, which also adopted Dual Elliptic Curve.

“While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.”

RSA intently denying the allegations, said it had not intentionally weakened security on any product. Extended Random had been removed from RSA’s protection software in the last six months.

“We could have been more skeptical of NSA’s intentions,” RSA Chief Technologist Sam Curry told Reuters. “We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure.”

Yet, it has not been disclosed that RSA has also taken any money from NSA for adding this second backdoor or not. But, the Story once again raised some disturbing questions in everyone’s mind about the relationship between the US intelligence agency NSA and the security provider company RSA.

via The Hacker News http://ift.tt/1ffBi7t

Again the sophisticated piece of malware, “njRAT” has come to picture targeting the government agencies and organizations in the Middle East, according to the research carried out by Symantec security researchers.
The researchers analyzed 721 samples of malicious code ‘njRAT’ and revealed that a large number of about 24,000 infected computers worldwide were targeted by the malware infections with 542 control-and-command (C&C) server domain names.

njRAT is not a new piece of malware in the market, it is available since June 2013. Till now its three variants have been released and all of which can be propagated through infected USB keys or networked drives.

njRAT is a Remote Access Trojan (RAT) intensive in its data-stealing capabilities. In addition to log keystrokes, the malware is capable to access the victim’s camera, steal credentials stored in browsers, upload and download files, perform process and file manipulations, view the victim’s desktop.

This RAT can be used to control networks of computers called Botnets, with the caliber to let the attacker update, uninstall, disconnect, restart, close the RAT and rename its campaign ID and an attacker has capabilities to create and configure the malware to spread through USB drives with the help of the Command & Control server software.

HOW TO USE njRAT
It is estimated that the popularity of the njRAT malware in the Middle East and North Africa is because of a large number of online community providing support in the form of instructions and tutorials for development of the malware.

“Technical support and tutorials on using njRAT are widely available on the Web. Symantec has found numerous video tutorials in the Arabic language containing step-by-step processes for downloading and setting up the malware, including steps such as dynamic DNS naming for C&C servers. This level of support enables attackers in the region to easily to build tools and server components for njRAT.” researchers said.

Symantec has also spotted 487 groups of cyber criminals setting-up attacks using njRAT and these “attacks appear to have different motivations, which can be broadly classed as hacktivism, information theft, and botnet building.”

FATHER OF njRAT

“The malware’s author also appears to hail from the region. njRAT appears to have been written by a Kuwait-based individual who uses the Twitter handle @njq8. The account has been used to provide updates on when new versions of the malware are available to download.” they added.

Symantec said that nearly 80 percent of the command and control servers worldwide were located in the Middle East region and North Africa, such as Saudi Arabia, Iraq, Tunisia, Egypt, Morocco, Algeria, Palestine and Libya.

“One such group is the S.K.Y.P.E/Tagged group, which has C&C servers hosted in Egypt and Algeria. The group’s vector for infection is a screensaver hosted on the file sharing site ge.tt. When victims download the compressed .rar file containing the screensaver, they get an executable containing njRAT.”

via The Hacker News http://ift.tt/1gU7qiM

Smart Phones, Smart TVs, Smart Refrigerators, even Smart Cars! When it comes to Smart devices, we simply provide them the master control of various tasks to make our life easy and more comfortable, unaware about its worst impact.
At the starting of last month we reported that by using a $20 toolkit called CAN Hacking Tool (CHT), hackers can hack your Smart Cars, giving entire control of your car to an attacker from windows and headlights to its steering and brakes.

Now a new research carried out on the Tesla Smart car has proved that the hackers are able to remotely locate or unlock the Tesla Motors Inc. electric vehicles, just by cracking a six-character password using traditional hacking techniques.

At the Black Hat Asia security conference in Singapore on Friday, Nitesh Dhanjani, a corporate security consultant and Tesla owner, said a recent study conducted by him on the Tesla Model S sedan pointed out several design flaws in its security system, and there wasn’t any hidden software vulnerabilities in the car’s major systems. The major vulnerability sites somewhere else.

According to Dhanjani, the Model S of Tesla Motors requires a key fob in order to drive it, but the car can be unlocked through a command transmitted wireless over the Internet to the Smart car. Now this command could be hijack by the cybercriminals, as it’s quite easy to crack the password using traditional hacking techniques or steel it either way.

By using this password, attackers would not be able to drive your car, but could unlock, locate and gain access to your car and steal its contents, like laptops, tablets, GPS systems, money, or whatever’s stored in the car.

“We cannot be protecting our cars in the way we protected our (computer) workstations, and failed,” he said during a presentation.

HOW TO HACK ‘Tesla Smart Car’

When the users order a car, they are required to sign up an account, secured by a six-character long password (key) that is also used to unlock the mobile phone app to gain access to their online Tesla account (http://ift.tt/wEiCLP).

Tesla Smartphone app is freely available for your device, and using it you can easily locate and unlock your car remotely, furthermore, the app can control and monitor other functions of your car as well.

Now, this password (key) might easily guess by a hacker via a Tesla website, which has no restriction on the number of incorrect login attempts.

“The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account,” Dhanjani said. “It’s a big issue where a $100,000 car should be relying on a six-character static password,” he added.

Dhanjani has reported his findings to Tesla, but Tesla spokesman Patrick Jones declined to comment on it, though he said the research they received by the security experts is carefully reviewed by the carmakers.

“We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process,” Jones said via an email.

Dhanjani also claimed through evidence that Tesla support staff can unlock cars remotely, leaving the car owner vulnerable to hackers, an attacker could masquerade as Tesla staff and might succeed to hack into the users’ car.

These small issues must be seriously considered by the car manufacturers as the coming years will totally based on the Android based Smart Cars, as Google has also tied-up with several Auto manufacturers with the goal to bring Android to Cars with built-in controls and hardware by the end of this year.

via The Hacker News http://ift.tt/1ggDO9r

I know we all have freedom of speech, but unfortunately it’s not free, especially in the countries govern by the governments where they are ready to kill our voice anyhow, even by censoring the social media.
The same happened few days before, when Twitter, the biggest Social Media platform, was banned by the Turkey government after an audio clip was leaked on YouTube and Twitter about the massive corruption of Turkey Prime Minister Recep Tayyip Erdoğan instructing his son to dispose of large amounts of cash in the midst of a police investigation.

The Prime minister of the country, Erdoğan has full control on the old media, the television and the printing press, but he failed to stop the Ten Million Turkish citizen on twitter from sharing the audio all over the social media site, when Twitter itself reportedly refused to delete the incriminating audio of him.

But it doesn’t work very well, since the users have all way out. Millions of Turkey users began using Google’s DNS service to bypass censorship that briefly helped Turks stay connected to Twitter. But, Turkey Government wanted to close all the possible loopholes that had allowed users to circumvent the ban and finally the authorities also blocked the Google DNS service.

On Saturday, Google claims that Internet Service Providers (including TTNet and SuperOnline) in Turkey have set up servers that are masquerading as Google’s DNS service, in order to block services such as YouTube and Twitter which are banned by the government across the country.

Google carried out their own research and cites them as “credible reports”. “We have received several credible reports and confirmed with our own research that Google’s Domain Name System (DNS) service has been intercepted by most Turkish ISPs,” Carstensen wrote in a blog post.

Google’s Public DNS resolution service lets people use the DNS servers (8.8.8.8 & 8.8.4.4) of the Google search engine as an alternative to their DNS provider, very often an ISP. This service offers people in the area of both performance and security benefits over many IPS DNS services.

“Google operates DNS servers because we believe that you should be able to quickly and securely make your way to whatever host you’re looking for, be it YouTube, Twitter, or any other,” Carstensen wrote. He then added, “But imagine if someone had changed out your phone book with another one, which looks pretty much the same as before, except that the listings for a few people showed the wrong phone number.”

This is exactly what Turkish ISPs have done. On Saturday, the government accused YouTube for a recording posted on it of a government official discussing possible military action in Syria. Turkish government ordered YouTube shut down, less than a week it had blocked Twitter.

Now, it can be imagine that by intercepting Google DNS, one can direct the users to any fraudulent site and can also apparently infect the users.

This was not the first time, when a government has been censoring the voice of their people. In 2011, the regime of Hosni Mubarak in Egypt attempted to turn off the internet in a fruitless bid to stop the building revolution against him.
In February 2011, in the wake of the uprisings against Libyan dictator Muammar Gaddafi, his son Muhammad, who was in charge of telecommunications at the time, cut off the internet. Also Syria’s one-party Baath dictatorship banned Facebook and some other social media in 2007.

Let your voice be heard, comment your views below.

via The Hacker News http://ift.tt/1jLFdwK

The Distributed Denial of Service (DDoS) attack has become more sophisticated and complex and therefore has become one of favorite weapon for the cyber criminals to temporarily suspend the services of any host connected to the Internet and till now nearly every big site had been a victim of this attack, from WordPress to online game websites.

According to the new report released by a US based security solutions provider Incapsula, DDOS activities have become threefold since the start of the year 2013, pointing the key source of trash traffic to be the remotely controlled “zombie army” that can be used to flood various websites for DDoS attacks and other malicious activities.

The report site as “DDOS Threat Landscape”, explains that almost one in every three DDoS attacks is above 20Gbps and 81% of attacks feature multiple vector threats.

The attackers are becoming more skillful at working around the network security and reusing their DDOS Botnets to attack multiple targets i.e. around 30% of the Botnets are flooding more than 50 targets a month.

“As early as February 2013 we were able to track down a single-source 4Gbps attacking server, which – if amplified – could alone have generated over 200Gbps in attack traffic,” the company said in its report.
“With such available resources it is easy to explain the uptick in attack volume we saw over the course of the year.”

Attackers are widely using two types of SYN flood attacks, i.e. regular SYN packets and large SYN packets. According to the report, 75% of all large scale network DDoS attacks that are peaking above 20Gbps are using both types of SYN flooding at same time.

However, currently amplification attacks became the most commonly used attack vector for large scale network DDoS attacks. During January and February of 2014 a significant increase in the number of NTP Amplification attacks was noted and

Some statistics are also revealed an evolution of Application DDOS attacks, DDOS traffic is up by 240%, “in almost 30% of all recorded sessions, the DDoS bots Incapsula encountered were able to accept and store cookies, while 0.8% of these bots could also execute JavaScript.”

In terms of emerging threats, the report titled “hit-and-run” DDoS attacks, which were first documented in April 2013 and are the part of another parallel trend of attacks that were specifically designed to exploit vulnerabilities in DDoS protection services and human IT operators.

“These attacks, which rely on frequent short bursts of traffic, are specifically designed to exploit the weakness of services that were designed for manual triggering (e.g., GRE tunneling to DNS re-routing),” report reads. “Hit-and-run attacks are now changing the face of anti-DDoS industry, pushing it towards always-on integrated solutions.”

Around one-third of all Botnets are located in India, China and Iran. The report ranks the United States as number five in the list of ‘Top 10’ attacking countries.

In order to infiltrate systems bots are using spoofed user-agents, which help them to bypass low-level filtering solutions and about 46% of spoofed user-agents came from Chinese search engine Baidu, while nearly 12% mimicked Google.

via The Hacker News http://ift.tt/P6RiyS

Previous articles on The Hacker News have highlighted that How Internet of Things (IoT) opens your home to cyber threats.

Recently the security researchers from vulnerability research firm ReVuln published a video demonstration shows that Philips Smart TV is prone to cyber attacks by hackers.

According to the researchers, some versions of Philips Smart TV with latest firmware update are wide open to hackers and also vulnerable to cookie theft.

The fault is in a feature called Miracast, that allows TVs to act as a WiFi access point with a hard-coded password ‘Miracast,’ and allows devices nearby within the range to connect the device for receiving the screen output.

“The main problem is that Miracast uses a fixed password, doesn’t show a PIN number to insert and, moreover, doesn’t ask permission to allow the incoming connection,” Luigi Auriemma, CEO and security researcher at ReVuln, told SCMagazine.

The vulnerability allows an attacker within the device’s WiFi range to access its various features. The potential attacker can:

• Access the TV’s configuration files
• Access files stored on USB devices attached to the TV
• Replace the image on screen with video or images of its choice
• Control the TVs via an external remote control application
• Steal website authentication cookies from the TV’s browser

“So basically you just connect directly to the TV via WiFi, without restrictions. Miracas is enabled by default and the password cannot be changed.” Luigi said.
The Researchers tested the flaw on Philips 55PFL6008S TV, but believe that many 2013 models are also affected because of the same firmware installed.

However, such attacks are not possible to happen in the wild, but if your neighbor is enough smart and knows your WiFi password, then either you should change your password to stronger one or turn off the Miracast feature on your Philips Smart TV.

Philip says, “Our experts are looking into this and are working on a fix. In the meantime, we recommend customers to switch off their Miracast function of the TV to avoid any vulnerability.”

via The Hacker News http://ift.tt/1hlpDEF

Cyber criminals are more business-minded than you might expect. As the business has moved to greater use of mobile and non-Windows computers, so cyber criminals have adapted techniques monetize their efforts.
Security researchers at Lookout Mobile Security discovered that various apps uploaded to Google Play Store containing hidden Coinkrypt android malware, that can turn your mobile device into crypto-currency miners.

As we know, coin mining is the key component for digital currencies, so the malware uses a botnet of infected Android Smartphones to mine for currency. Such malware does not steal data. Instead, they are capable of mining Bitcoin, Litecoin and Dogecoin using the victim’s device.

“Mining can be incredibly resource-intensive and, if allowed to run without any limits, could potentially damage hardware by causing it to overheat and even burn out.” researchers said.

The Antivirus firm Trend Micro also spotted two apps named – ‘Songs‘ and ‘Prized – Real Rewards and Prizes‘ on Google plat store, infecting users with ANDROIDOS_KAGECOIN.HBT Dogecoin mining malware and already having more than one million installs.

Both apps are available as free downloads for devices running Android 2.2 or later, but they were not created by the same developer. According to researchers, these malware apps will only mine when the infected device is charging.

The Smartphone’s hardware is not powerful enough to mine crypto-currencies. Not exactly a get-rich-quick scheme, so the hackers are targeting digital currencies like Dogecoin or Litecoin i.e. easy-to-mine.

“Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats,” antivirus firm suggested.

Make sure you have unchecked app installation from ‘Unknown sources’ to prevent dropped or drive-by-download malicious app installs.

via The Hacker News http://ift.tt/1hEFHhi

When it comes to Information Security, there’s a great way to learn, train and keep sharp your skills. This can be done using gamification mechanics to speed up the learning curve and improve retention rate. Capture The Flag competitions use gamification mechanics and represent one of the best ways to learn security hands on.

The Infosec team behind Capture The Flag platform CTF365 has created a place for hackers to play weekend CTFs with great prizes, called Hacker’s Dome. In order to access the Hacker’s Dome, you need is a registered and confirmed CTF365 account.

At Hacker’s Dome CTF Platform users can deploy their own CTFs and can invite web developers, system administrators and security professionals to take hard challenges. Think RackSpace, of CTF Competitions.

Hacker’s Dome – First Blood: First Blood is the first CTF and will start on May 17 2014 15:00 UTC and winners will win more than $6000 in prizes.

The Hacker’s Dome is also offering ‘Full Year Metasploit Pro License‘ as Raffle King Prize for winners. “The fact that Metasploit gave us the opportunity to run a raffle off such great King Prize, makes us proud of what we’ve done and it encourages us to keep up our good work.”

If Information Security gamification got your attention, then all you have to do is to get your Hacker’s Dome Access and prepare for First Blood CTF.

Give it a try – Registrations are open ! Hacker’s Dome could become your weekend IT Security trainer – where fun, entertainment and awesome prizes will be at its best. Stay secure while having fun.

via The Hacker News http://ift.tt/O5ym2f

A 31-year-old South Korean has been recently accused by the police for the allegation of infiltrating and hacking the accounts of 25 million users ofNaver, one of the popular search portal in South Korea.

On Wednesday, the Asian National Police Agency revealed that the suspect purchased the private information of 25 million users, including names, residential numbers, Internet IDs and passwords from a Korean-Chinese, back in August last year, Korea Herald reported.

The suspect surnamed ‘Seo’, supposedly used the purchased information to hack into the accounts of Naver users and sent out spam messages and other ‘illicit emails’ to the account holders. He had made an illegal profit of some 160 million won ($148,000) using this, according to the report.

Also a hacker surnamed ‘Hong‘, has been arrested by the police who was suspected to develop the hacking program that automatically enter users’ IDs and passwords, which was apparently used by ‘Seo’ to sign-in to the Naver users’ accounts.

The police have charged three accomplices of Seo without detention and enhancing their investigation to 86 others who are suspected to buy the computer programs made by Hong.

On this issue, a Naver official stressed that Naver was not at fault regarding the incident, rather the personal information of the users are ready to purchase from the black market of the Korea. So, the data are not abused by the internal sources, rather it is very easy for the people having a hand on users’ sensitive information.

He added “the best preventive measure for now would be for users to change their passwords on a regular basis so that even if someone should access their accounts the impact would be minimal.”

He might be right at this point, as earlier this month, 20 Million Credit Cards in South Korea were stolen in the country of 50 million population, which is approx 40% Population of the country who were affected by the Data breach.

Also In 2012, two South Korean hackers were arrested for data from 8.7 million customers in the nation’s second-biggest mobile operator.

via The Hacker News http://ift.tt/P5fPEh

The devices are becoming smarter, therefore the chances to abuse them have increased. As the share of Android has become 87% in the global Smartphone market, so the Android is by far an elementary target of the mobile malware developers.

The number of malware variants has increased rapidly and today 99 out of 100 mobile viruses are targeting Android Devices. Most of the sophisticated malware has the capability to steal keylogs, send text messages to the premium numbers, steal personal data without requesting permission from the device user, also have the caliber to modify SMS and MMS messages and contacts.

Mobile Malware can modify or steal the content stored on your device’s SD card and some advance botnet malware even can give complete remote control of your device to an attacker.

DENDROID

Beginning this month, we warned our readers from one such sophisticated android malware toolkit discovered by the Symantec researchers that dubbed as ‘Dendroid’, which runs on HTTP protocol with various malicious features.

Dendroid toolkit is able to generate a customized malicious APK file that offers many amazing features such as:

• can delete and modify call logs and contacts
• can open any web page on device browser
• dialing any number
• recording calls
• Intercepting device messages
• uploading images and videos to remote server
• can open an installed application
• able to perform DoS attack from the victim’s device
• can change the command and control server location

CERT-IN WARNING ON DENDROID

The Indian Computer Emergency Response Team (CERT-IN) warned about a currently active Dendroid malware campaign that is spreading across India, targeting Android users.

“It has been reported that a malicious toolkit called DENDROID is being used to create trojanized applications that infects Android-based Smartphones. The malware is created by modifying the required permissions by any clean APK (Android Application Package) with Dendroid RAT functionality that allows detailed management of the infected devices,” the Computer Emergency Response Team of India (CERT-In) said in its latest advisory.

DENDROID COSTS $300

Dendroid is an HTTP RAT offers PHP panel, firmware interface, and an APK binder package and can be used to manipulate, locate, and spy on an Android device. The author of Dendroid also offers 24/7 customer support for this RAT and anybody can buy this malware toolkit at just $300.

MEASURES TO PROTECT

• Install applications downloaded from reputed app stores only.
• Keep updating your mobile anti-virus and Firewall solution to protect your device from malware and cyber attacks.
• Always Check applications’ permissions before installing it.

via The Hacker News http://ift.tt/1fmEPNI