The newly discovered ZipperDown vulnerability may allow an remote code execution on iOS apps. It affects 15,978 out of 168,951 iOS apps (around 10%) in total.
Pangu Lab detected the vulnerability and they named it named it ZipperDown “common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected Apps.”
ZipperDown is a very typical programming error that could allow attackers to overwrite the affected app’s data, or even gain code execution in the context of the affected app.
We confirmed several iOS apps with more than 100 millions users are vulnerable to #ZipperDown#, and found more than 10k iOS apps might have the same or similar issues. Check https://t.co/WOg5AGzREb and contact us for details and fix if your app is in the list.
The good news here is that the Execution of the Vulnerability is complicated. The attacker should have the control over the wireless network where the device connected and the affected app should run out of the sandbox.
According to Pangu Lab researchers analysis, the vulnerability affects some famous apps including Weibo, MOMO, NetEase Music, QQ Music and Kwai that are downloaded by more than 100 million users.
The ZipperDown vulnerability details were not disclosed in public to protect the end users, researchers recommend app developers to contact them for more details on ZipperDown.
Pangu Lab researchers said Android users also affected, according to their analysis with the popular Android apps have the similar issues. Android developers can check the vulnerability with ZipperDown Vulnerability Detector for Android, but it may have high false positives.
At this time there is no All-In-One detection for this vulnerability and the researchers recommend the manual inspection to confirm it.
A Man who resided in Latvian has been arrested for running illegal Anti-Virus operation called “Scan4you,” that helps malware authors to test their samples and confirm whether it would be detected by any other antivirus software.
His operation provide some of the sophisticated services for the world’s most destructive hackers to perform various detection test and evade the Legitimate antivirus softwareto compromise the victims.
Ruslan Bondars Age 37, convicted in a US court of one count of conspiracy to violate the Computer Fraud, commit wire fraud and computer intrusion with intent to cause damage.
Bondars operates Scan4you around 7 years (2009-2016) meanwhile he provided various information to cyber criminals including the details that will determine whether their malware would be detected by antivirus software.
Most of the anti-virus that he provided the information is used to protect major U.S. retailers, financial institutions and government agencies from computer intrusions.
John P. Cronan, Acting Assistant Attorney General of the Justice, said, Ruslans Bondars helped hackers test and improve the malware they then used to inflict hundreds of millions of dollars in losses on American companies and consumers,”
Jury convicts cyber-criminal of operating counter antivirus service. https://t.co/lPVKf5UPzr
A customer of Scan4you tested his sample was heavily sophisticated and it was used to steal approximately 40 million credit and debit card numbers.
“Also the Malware steal 70 million addresses, phone numbers and other pieces of personal identifying information, from retail store locations throughout the United States, causing one retailer approximately $292 million in expenses resulting from the intrusion.”
Another malware called “Citadel” also tested within this Scan4you operation that was used to infect over 11 million computers worldwide, including in the United States that resulted in over $500 millions.
According to U.S Justice, Citadel Malware author abused the Scan4you API that was used to directly integrate into the Citadel malware toolkit and the API tool allowed Scan4you users the flexibility to scan malware without the need to directly submit the malware to Scan4you’s website.
35 Years in Prison
Legitimate antivirus scanners such as VirusTotalshare data about uploaded files with the antivirus community and notify the result to their users but Scan4you instead informed its users that they could upload files anonymously and promised not to share information about the uploaded files with the antivirus community.
Bondars have chances to faced maximum penalty of 35 years in prison and the sentenced will be held on September 21 2018.
Parrot Security OS 4.0 released with a number of new tools, updated for packages and bug fixes that released since the last version 3.11.
Parrot security team aid this is an “important milestone in the history of our project.”
Parrot OS has a big repository that collects a lot of amazing hacking tools for newbies and experts. Developed by FrozenBox. The first release was in June 2013.
Netinstall Images added with Parrot 4.0, as an Experimental, because the installers failed when using https and work fine with HTTP said Parrot team.
With NetInstall images you can install the plain operating system or just only the required components. “we decided to provide netinstall images too as we would like people to use Parrot not only as a pentest distribution.”
Docker images
Docker images will be offered as a core container with only the bare system, a more complete environment with a lot of useful tools, and a container dedicated to the Metasploit environment.
With the docker images, you can get access to all the parrot tools in all the isolated environments you need.
Linux Kernel 4.16
Parrot Security OS 4.0 comes with new Linux Kernel 4.16 that contains a number of improvements such as the AMD GPU DC display driver included multi-display support, the patch that optimizes the update of inode data and metadata.
Roaming Mantis Malware expands Geographically with many new capabilities. Initially, it targets only the Android users, now the malware authors improved their code by adding more geographies, platform support, and capabilities.
The DNS hijacking malware Dubbed Roaming Mantis designed to spread via DNS hijacking method. It redirects the users to the malicious pages and leads to download the Trojanized application spoofed Facebook or Chrome.
According to Kaspersky researchers “In May, while monitoring Roaming Mantis, aka MoqHao and XLoader, we observed significant changes in their M.O. The group’s activity expanded geographically and they broadened their attack/evasion methods.”
Geographical Expanded – Roaming Mantis
Now the landing page and the apk file support for 27 new languages covering Europe and the Middle East, so that the landing page and the malicious apk file will be downloaded corresponding to the device language.
According to the Kaspersky report more than 120 users of Kaspersky Lab products were affected in the last 10 days, the most affected countries are Russia, Ukraine, and India.
Phishing Campaign iOS device & mining with PC
Now the group behind Roaming Mantis targets iOS devices as well, with a phishing site http://security[.]apple[.]com to steal the user credentials.
The domain could not be resolved with legitimate DNS as it doesn’t exist and only the rogue DNS can resolve to the domain. If the user establishes the connection via compromised router it resolves with the domains that mimicking the Apple website.
The Phishing page supports for 25 languages and it is designed to steal user ID, password, card number, card expiration date and CVV.
Also, it inherits the web mining via a special script executed in the browser. It uses the most popular Coinhive web miner if the user connects to the landing page their CPU usage will increase terribly.
The threat actors behind Roaming Mantis have been quite active in improving their tools. To evade detection, it generates the malicious filename in real-time.
With the recent campaign it uses email protocol instead of HTTP to retrieve C2 servers, the malware connects via POP3 to a hardcoded outlook credentials and then extracts the real C2 address using the string “abcd” as an anchor.
Researchers concluded, “The rapid growth of the campaign implies that those behind it have a strong financial motivation and are probably well-funded.”
Enterprise Networks can also Focus on DNS flood Attack to protect malware and DDoS Attacks.
An underground hacking group called “Sun Team” distributing spyware on Korean based victims and infiltrate the sensitive information from their devices.
Cybercriminals insert malware on google play store in various apps names such as ApplockFree, FastAppLock, and few other names.
Once the victims download and install the malware, it copies sensitive information including personal photos, contacts, and SMS messages and sends them to the attacker.
These Malicious apps are uploaded by the “Sun Team” and the name was taken from email accounts and Android devices used in the previous attack.
Since its an earlier stage of an attack, infections is quite low compared with previous campaigns.
Malicious Google Play Store App
There are 3 apps are found in play store which in two different related categories and the malware also attempt to spreading via friends asking them to install the apps and offer feedback via a Facebook account.
The first app in this attack, 음식궁합 (Food Ingredients Info), which offers information about food, second and third apps are related to Fast AppLock and AppLockFree, are security related.
” Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server”
AppLockFree is performing a reconnaissance operation and it setting the foundation for the next stage.
Spyware Hacking Operations
This Spyware using Dropbox and Yandex to upload the sensitive files that collected from the infected device via command & control sever
An attacker using the same email address to for two malware campaign which confirms that both actors have been controlled by the same Sun Team hacking group.
According to McAfee, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs.
“In the new malware on Google Play, we again see that the Korean writing in the description is awkward. As in the previous operation, the Dropbox account name follows a similar pattern of using names of celebrities, such as Jack Black, who appeared on Korean TV.”
These features are strong evidence that the actors behind these campaigns are not native South Koreans but are familiar with the culture and language. Researchers said.
Students hacked into Bloomfield Hills High School by exploiting a vulnerability in the system to manipulate their personal grades, attendance and lunch balance information.
They hacked into the student’s information system “MISTAR” that hosts the Student information data, Bloomfield believes that the unauthorized changes made within MISTAR impact more than 20 high school students record in some way.
Bloomfield hired a third-party forensic investigator and the investigation in progress. As a precaution measure, the school resets all Parent Portal passwords on Friday and mailed to all parents detailing the incident and how to change their password upon returning to the system.
“One of our employees who uses the system noticed something unusual upon logging in and then asked some questions and referred it to our helpdesk, and they started digging and found out what was going on,” Superintendent Robert Glass said.
According to school Superintendent, “the consequences to these young individuals are likely to be severe, Our highest priority is our students – their safety, their needs, and their overall education. That said, we also have a responsibility to you, the parents and guardians of our students.”
“Due to student privacy laws, we’re not able to disclose more information but we can assure you that we’re working within the full extent of the Student Code of Conduct and the full extent of the law.” Glass said.
Glass concluded with an apology saying he’s “embarrassed that students from our school districts thought to use their technology skills and their talents to selfishly manipulate grades and other district data for personal gains.”
Bloomfield Hills High School published a YouTube video and a popup statement on their website as a warning for other students. We take seriously our responsibility to gather and restore your information, now the student information system is safe and the vulnerability has been resolved Glass said.
Cybercrime is affecting the personal, educational and financial lives of millions of students each year, yet 66% of Indian educational institutions spendjust 5 to 15%of their IT budget on securing their systems.
Last December Tenafly High School Students hacked his school computer system and changed several of his grades and his overall GPA.
DDoS Attack (Distributed Denial of Service) is a type of attack which originates from multiple computers or devices. The Aim of DDoS Attack is when multiple systems overflow the bandwidth or resources of a targeted system, usually one or more web servers. Such as DDOS Attack is often the result of multiple compromised systems (for example, a botnet) deluging the targeted system with traffic.
Enterprise Network DDoS Protection
An organization should always ensure and focus on maximum Protection level for enterprise networks and you can try a free trial to Stop DDoS Attack in 10 Seconds.
Enterprise Networks should choose the best DDoS Attack prevention services to ensure the DDoS attack protection and prevent their network and website from future attacks.
Implement Infrastructure DDoS Attack Protection that is available as an always-on or an on-demand service that protects any asset against any size DDoS attack.
An organization should safe Guard their DNS Servers from DDoS attacks by implementing Name Server Protection.
Different types of DDoS Attack which helps us to mitigate :
1)Volume Based Attack: Includes UDP floods, ICMP floods, and other spoofed-packet floods. 2) Protocol Attack: Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDOS Attack and many more. 3)Application Layer Attack: Includes low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows or OpenBSD [OpenBSD is a free and open-source Unix-like computer operating system descended from Berkeley Software Distribution (BSD)] vulnerabilities and many more.
Also Read: DDoS Downtime Cost Calculator
Motivations Behind DDoS Attack :
Ideology
Cyber-warfare
Business feuds
Extortion
Online Gaming
Prevention Method :
A DDoS attack is launched simultaneously from multiple different hosts and can affect the availability of even the largest enterprises’ internet services and resources for Infrastructure Protection.
They are a daily occurrence for many organizations; 226,500,000 attacks blocked between August 2015 and November 2016 — 500,000 attacks per day — and not one was successful.
95% of total monthly bandwidth savings and $250,000 cost savings on servers, bandwidth, personnel, and other security measures.
Securing internet-facing devices and website to Block hacking attempts by malicious bots. also, this services is as much about helping to secure the internet as an individual network as it is about reducing the number of devices that can be recruited to participate in a DDoS attack.
The main protocols hackers are abusing to generate DDoS traffic are NTP, DNS, SSDP, Charger, SNMP, and DVMRP; any services using them should be carefully configured and run on hardened, dedicated servers to prevent DDOS Attack.
Common Defenses against DDoS attack
Decrease Per IP connection rate.
Use IDS, Web-application firewalls.
Tweak Connection per IP threshold.
DDoS attacks are measured in two dimensions: the number of malicious packets per second (PPS) and the attack bandwidth in bits per second (bps).
The Simple things to Secure the Network from DDoS Attack :
Change the default password – The virus searched for default settings of the IP devices to take control, it’s better to change the default password to prevent a DDOS Attack.
Update the software – As the battle between cybercriminals and security experts continues, the need to stay up-to-the-minute with the latest updates and security patches becomes more important. Pay attention to the latest updates and make it part of the routine to stay on top.
Preclude remote management – Disable the remote management protocol, such as telnet or HTTP, that provide control from another location. The recommended remote management secure protocols are via SSH or HTTPS.
DDoS Attack Mitigation :
Transparent mitigation – Hackers generally consider those users who lose their access during a DDOS Attack. Since your users do not need to know and do not care that you are under attack, any mitigation technology must continue to let people into your site without delay and without being sent through holding areas, splash screens or receiving outdated cached content. Once the hacker knows that they are going unnoticed, they are improbable to return.
Bots can’t talk, humans can – Everyone is talking about the rise of chatbots or web robots, but are forgetting that humans are pretty good too. Hackers conduct DDoS attacks to cause a nuisance by disobliging websites and users. This will provide you with further insight into how well, or lack thereof your anti-D Dos system is performing.
Make sure you whack all the bots – If we are logging many websites at the same time and so many windows are opened at once, it can slow down the sites. So make sure your screening is airtight, blocking all application layer bot requests.
In reality, there are two parts to DDOS Attack protection: the first is detecting a site is under attack and the second is applying an effective defense. Detection rarely not taken into account, due to its guileful nature. Certainly, your solution is capable of accurately detecting the attack but remains inactive when the site is not under attack. Needless defensive measures are just as bad as no defense measures at all for DDOS Attack.
Newly discovered a powerful spyware distributed via YouTube Videos comments sections and the spyware is capable of steal files and other confidential information from infected devices.
A Malicious Link that distributed via YouTube comments focusing on a computer game called cheats and trainers related videos that make easier to play the computer games.
Cybercriminal generates a malicious link that pointed to Yandex and leaving comments to videos with a link using fake accounts. Also, these malicious links are distributed through Twitter as well.
This Spyware discovered as Trojan.PWS.Stealer.23012 that was written in Python and transformed into an executable file using py2exe.
Cyber criminal are distributing this Spyware using Telegram channel where they are trying to touch with Channel administrator and invited them to write a post on a new program which is developed by them and suggested testing it.
Spyware Infection Operation via YouTube Videos
Once it completes the infection process, it scans all the infected disk searching for saved passwords and cookies files of Chromium-based browsers.
Also, a new version of this trojan steals information from Telegram, FileZilla FTP client, later it archived all the collected data that will be stored in Yandex.Disk.
This Spyware Performing some modification and perform other malicious activities such as steals passwords and cookies files from Google Chrome, Opera, Yandex. Browser, Vivaldi, Kometa, Orbitum, Comodo, Amigo and Torch.
It Also attempts to access the Telegram account by copies the SSFN files from the config subfolder and it creates a copy of the images and documents which is stored in Desktop.
Finally, all the information packed and stored on to the cloud storage called pCloud and the attacker will gain the access those stolen files later.
Another Module that was Written in script language Autoit Drops 4 Malicious files
app.exe
scanner.exe
cloud.exe
w9xpopen.exe
According to DeWeb, It steals confidential information from infected devices. All the other Trojan components are written in Go. One of them scans discs searching for folders where browsers are installed, and another one packs stolen data into archives and loads them onto the pCloud storage.
The researcher also identified the Author is this Spyware and he was actively spreading it with the name of “Yenot Pogromist” and he sells it on the popular website.
The creator of spyware also has a YouTube channel dedicated to developing malicious software and has his own GitHub page where he posts the source code of his malicious programs. DrWeb Said.
Today we want to introduce you to the “Complete Ethical Hacking and Penetration Testing Course A to Z Bundle with 9 Amazing Hacking Courses”.There is always a huge demand for Ethical Hackers and Penetration Testers.
In this course, you will start as a beginner without previous knowledge about Complete Ethical Hacking and Penetration Testing. This course is focused on practical, hands-on side of penetration testing.
Course Material Access
Access 9 Courses, 340 Lessons of content 24/7
Understand how to bypass different security layers after getting proper approval
Learn how to compromise computers, crack passwords, crash systems & compromise applications
Stride towards a career in this fast-growing IT profession
This course will take you through Advance level Ethical Hacking where you will go through 9 Additional $700 Worth Bundle Course along with This Single Package for just for $49 with Lifetime Access.
Here’s what you’ll get in these nine courses:
1.Ethical Hacking from Beginner to Advanced Techniques
2.Cross Site Scripting (XSS) Attacks for Pentesters
3.WebSecNinja: Lesser Known WebAttacks
4.Automated Mobile Application Security Assessment with MobSF
5.Learn The Basics of Ethical Hacking & Penetration Testing
6.Build an Advanced Keylogger Using C++ for Ethical Hacking
7.Linux Security & Hardening: The Practical Security Guide
8.Ethical Hacking for Beginners
9.How to Build a $120,000/Year Career as a Web Penetration Tester
1.Ethical Hacking from Beginner to Advanced Techniques
You will Gain the ability to do ethical hacking From beginning to Advance level skills by taking this course which is Cost of $30. Get answers from an experienced IT expert to every single question you have related to the learning you do in this course including installing Kali Linux, using VirtualBox, basics of Linux, Tor, Proxychains, VPN, Macchanger, Nmap, cracking wifi, aircrack, DoS attacks, SLL strip, known vulnerabilities, SQL injections, cracking Linux passwords, and more topics that are added every month!
Understand how to bypass different security layers after getting proper approval
Learn how to compromise computers, crack passwords, crash systems & compromise applications
Run a buffer overflow from scratch
Stride towards a career in this fast-growing IT profession
2.Cross Site Scripting (XSS) Attacks for Pentesters
In this course, You’ll learn the theory behind how XSS functions, then practical XSS mitigation techniques you can apply to guard against attacks like keylogging, phishing, reverse TCP shell attacks, and much more.
XSS Attack type and attack vector in-depth concepts of Web-based Attacks for Pentesting with Web-Based Application, Mitigations technique, and XSS Payload injection methods.
Understand what XSS is & why it’s important to address this common security vulnerability w/ 16 lectures & 2 hours of content
Learn about different types of XSS: Reflected, Stored, DOM & more
Comprehend the different sources from which XSS originates
Understand the different contexts in XSS: HTML, attribute, etc.
Exploit XSS w/ the OWASP Xenotix XSS Exploit Framework
Master how to implement XSS protection
3. Web Security Ninja: Lesser Known WebAttacks
In this course, you’ll be introduced to a series of lesser-known web attacks and give you a crash course in how to prevent them. This is an outstanding course for professionals looking to broaden their knowledge of their field, as well as beginners interested in web security.
Access 23 lectures & 3 hours of content 24/7
Learn about web attacks & techniques that are uncommonly documented in books & courses
Use accompanied demos & how-to’s to learn how to ward off unusual threats
Understand lesser known XSS variants, Reflected File Download Theory & more
Recognize & prevent SSI Injection & Server Side Request Forgery
4. Automated Mobile Application Security Assessment with MobSF
In this course, you’ll learn how to configure an extendable, scalable web framework called Mobile Security Framework to perform automated security analyses of mobile apps. This is the course to put you on track for a high-paying career in mobile security.
Access 23 lectures & 2 hours of content
Learn how to perform automated security analyses for Android & iOS
Understand real-world use cases for Mobile Security Framework like Android Malware
Deploy Mobile Security Framework in your own environment so you have complete control of the data
Discover the Semi-automatic Dynamic Analyzer for intelligent app logic-based security assessments
5. Learn The Basics of Ethical Hacking & Penetration Testing
This is the perfect course to leap into this lucrative career, learning how to use ethical hacking to reveal potential vulnerabilities in information systems. By the end of this course, you’ll be well versed in the IT skills you need to be a network security pro.
Learn how to gather information intelligence & find web application & system security vulnerabilities
Scan using Nmap to bypass IDS protected targets & understand how to hack clients using modern web browsers
Understand how to exploit Windows & Linux systems
Develop Windows Exploits to test information systems
Find & exploit web application vulnerabilities
Learn how to find open ports in your target & gather information about them
6. Build an Advanced Keylogger Using C++ for Ethical Hacking
In this course, you’ll learn how to code at an advanced level in C++ to build a keylogger from scratch, adding a powerful weapon to your ethical hacking arsenal.
Access 32 lectures & 6 hours of content 24/7
Record any physical keyboard key & mouse click from a simple, central program
Use an arbitrary keymap to translate machine keys
Schedule logfiles to be automatically sent to an e-mail of your choosing
Dive into complex C++ concepts like the Chrono library
7. Linux Security & Hardening: The Practical Security Guide
Through this course, you’ll learn how to tighten up security on any Linux system, adding a valuable skill to your IT resume.
Access 57 lectures & 4 hours of content 24/7
Prevent attackers from breaking into your systems, even when they have physical access to your machine
Understand port scanning & network service detection
Share accounts securely w/ an audit trail
Discover file system security & encryption
8. Ethical Hacking for Beginners
In this demo-heavy, comprehensive course you’ll be immersed in the basics of ethical hacking, from installing the preferred penetration testing OS, Kali Linux, to the many varieties of network threats. This is an excellent first step towards a new career in an exciting IT field.
Access 26 lectures & 7 hours of content 24/7
Exploit security vulnerabilities w/ the Metasploit framework
Make, detect & hide Trojans
Capture network traffic packages & mine them for data
Launch DNS spoof attacks & ARP poisoning attacks
9.How to Build a $120,000/Year Career as a Web Penetration Tester
If you’re looking to build a career in security, there’s no better place to focus your efforts than penetration testing. By understanding the vulnerabilities and dangers presented by your network’s structure, you’ll learn how to remedy these gaps and save your company from major security breaches.
Master ethical hacking techniques used in penetration systems w/ 22 lectures & 5.5 hours of content
Learn the basic methods for penetration testing of a web application
Go step-by-step through the entire penetration testing process
Control remote servers
Practice finding vulnerabilities in apps
Learn to gain information on potential targets
Study various attack types: authentication, session management, access controls, data stores, etc.
Everything shown in the course is made for educational purposes only. In order to do penetration testing on network, web application, server or other devices(s) you must have written permission by the owner.
The new attack that being launched by cyber criminals against DrayTek Routers where they could Exploiting zero-day Vulnerability to change DNS settings of routers.
Taiwan based DrayTek Provides broadband routers series serve any Ethernet-based Internet feeds for home and business networks which enables WAN failover, load-balancing, Bandwidth Management, Firewall, VPN features are available in most models.
Most of the users are reporting that their DrayTek Router DNS settings changed but the Syslog show that no one signed on.
Researcher believes that attacker possibly compromised the Router using brute force attack or they exploiting the zero-day vulnerability.
Successfully compromised routers administration session has been hijacked by an attacker then DNS settings are being altered and redirected to an unknown server located at the Specific server. 38.134.121.95.
In this case, Some of the compromised users reported that they have already changed their default password even though their DNS setting being alternated.
DrayTek has confirmed that there is an issue with their routers So the attack was being targeted by exploiting the Zero-day.
When we analyzed the shodan search and it reveals that there are more than 800,000 DrayTek devices currently running around the world and vulnerable to this new attack,
DrayTek released a security advisory for the its user to protect their router and it warned that, “We are in the process of releasing updated firmware which you should upgrade to as soon as it is available “
Check your DNS and DHCP settings on your router. If you have a router supporting multiple LAN subnets, check settings for each subnet.
Your DNS settings should be either blank, set to the correct DNS server addresses from your ISP or DNS server addresses of a server which you have deliberately set (e.g. Google 8.8.8.8). A known rogue DNS server is 38.134.121.95 – if you see that, your router has been changed.
Along with this warning, DrayTek advised following the various instruction to protect the users from being compromised by new attacks against web-enabled devices.
Also, users should check whether DNS settings are being altered and they are in the process of producing and issuing new firmware and a user should install that as soon as possible.
Until then users can check the routers DNS settings on your router and correct them if changed. also, users need to disable the remote admin unless needed and recommend only using secured (TLS1.2) connections for web admin (for local and remote admin).
