Tuesday, April 1, 2025
Follow us On Linkedin
Home Blog Page 907

‘Professional’ hackers steal industrial secrets from ThyssenKrupp

By
Balaji
-
‘Professional’ hackers steal industrial secrets from ThyssenKrupp

ThyssenKrupp, one of the world’s major steel makers, has said it has fallen victim to a “professional” hacking attack, with the intent of conducting industrial espionage and stealing trade secrets.

Hackers believed to be from Southeast Asia were trying to obtain “technological know-how and research results” from the steel conglomerate, said a company spokesman, confirming a report in the Wirschaftswoche weekly.

“The attack is over and had been repelled,” he added.

The “massive cyber attack” had targeted divisions dealing with orders planning of industrial plants and steel works in Europe.

Highly protected parts of the company such as ThyssenKrupp Marine Systems or the IT control systems of the group’s blast furnaces and power plants were not affected.

“ThyssenKrupp has been the target of a cyber-attack. It has been a professional attack, apparently from the Southeast Asian region.”
“According to our analyses, the aim was essentially to steal technological know-how and research from some areas of Business Area Industrial Solutions (espionage).”

The systems of Business Area Steel Europe were also said to have been affected by the incident.

ThyssenKrupp does not presently have any estimate on the scale of the harm done, or what intellectual property may have been stolen. But it is keen to stress that it does not believe that there were any security deficiencies at the company, and is not blaming staff for making any mistakes:

The incident is not attributable to security deficiencies at ThyssenKrupp. Human error can also be ruled out.

Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks. Early detection and timely countermeasures are crucial in such situations.

ThyssenKrupp has been successful in both respects. We continue to cooperate with several authorities as well as special cyber-crime units of the police force to develop cybersecurity at ThyssenKrupp even further.

 

Be under no illusion – hackers aren’t just interested in stealing your credit card details, your passwords or even your identity.

Organised hacking gangs, some of who are very likely to be state-sponsored, are breaking into companies to steal secrets and to gather information.

ThyssenKrupp owns 670 companies around the world, employing over 150,000 people in approximately 80 countries. It doesn’t just make steel – its other businesses include the production of military submarines and warships.

As we put more and more sensitive information on our corporate networks, more and more governments and intelligence agencies will be minded to create hacking teams to steal it.

Our best defence against such attacks is a layered defence, maximising the opportunities to detect a security breach while minimising the opportunities for a hacker to break through in the first place.

Serious Security flaw Employee’s Provident Fund organisation | EPFO

By
Gurubaran
-
Serious Security flaw Employee’s Provident Fund organisation | EPFO

Employee’s Provident Fund organisation a statutory body under ministry of labour and employement, an Universal Account Number (UAN) will be generated for each of the PF contributing members.e UAN will act as an umbrella for the multiple Member Ids allotted to an individual by different establishments.

Indian security firm Eioneus systems  discovered a serious security flaw on 3rd Dec 2016 and it was reported by them immediately to CERT-IN, NIC, and other government sources which were felt necessary  at the time.

As per the report’s available the issue was critical and it will give full access to the machine, which leads to compromise the entire system.The Tech team also disclosed the vulnerability behavior.

UAN

Snehil Khare official of Eioneus system clarified their intentions stating

“Our motive is to do a responsible vulnerability disclosure and not to abuse the information which was accessed. Our intention was to draw the attention of authorities towards major security concern identified, without ignoring it.”

Due to the very sensitive nature of the incident complete details was not disclosed, but it came to lime light that bug gave access to information such as Provident fund balance, Individual’s KYC details, phone numbers, PAN numbers, bank details ;etc of every provident fund user in the country.

The techfirm also disclosed some screenshot’s to prove they have access to databases.

EPFO

Here you also find the report submitted by the Techfirm to CERT-IN (Computer emergency response team) and was acknowledged by CERT-IN in no time.

EPFO
EPFO

Alphareign New Torrent Engine | Alternative To Pirate Bay and KickassTorrents

By
Priya James
-
Alphareign New Torrent Engine | Alternative To Pirate Bay and KickassTorrents

Alphareign a private torrent search engine to recover the dead Kickass, Piratesbay, Yify/YTS torrents. As we aware everytime a website goes down we can see clones, mirrors and proxies come in place.

Now an torrent private search engine Alphareign seeks to change the entire torrent search pattern. Alphareign helps to find the healthy torrents for the user and deliver them directly, as a registered user you will get faster and healthy torrents.

Alphareign is a torrentz search engine, which is similar to other torrents. However to access this you need to accept an invite link to create the account and gain access.

Why should I join with the Invitation Link?

Currently, AlphaReign counts almost six million of public torrents indexed on the site with the membership continuously growing.

“The main reason is that if we have a login, we can keep torrents from being indexed by search engines and thus DMCA’d much less frequently. We can also block abusive users,”

“While it does create a barrier to entry, we feel the increased control will help us last longer than traditional torrent search engines,” he adds.

Prefinem hopes to increase AlphaReign with new software that allows users to search the DHT network on their own devices, with help from peers. Such a system would remain online, even if the website itself goes down.

“Think of it as like a Tor node, that passes DHT queries in-between all the nodes and each node runs an independent search engine that can be queried by anyone,” he says.

It will be einteresting to see how a private DHT search engine will perform in the long run and will it prove to be tougher than what have been seen in other torrent operations.

Video streaming Website Dailymotion Hacked | 85 Million user accounts Looted

By
Priya James
-
Video streaming Website Dailymotion Hacked | 85 Million user accounts Looted

Dailymotion  is a video-sharing website based in France on which users can upload, watch and share videos. It is one of the biggest video platforms in the world, offering a mix of content from users.

The hack was actually announced by Leakedsource after obtaining a database containing 87.6 million accounts, which has usernames, email address and around 18 million password hashes.

Leaked source who usually crack password from dumped sources, dosen’t have a plan of doing so due to it’s encryption strength. Passwords were hashed with the Bcrypt hashing algorithm, with 10 rounds of rekeying. For more details on Bcrypt.

“It would be a waste of resources for us to crack them, so we typically don’t bother,” a LeakedSource spokesperson told Bleeping Computer via email. “A determined hacker who wants to crack one person’s hash may still be able to.”

dm-dump

Even though passwords are hard to crack, users may be targeted for Phishing campaigns.

How can you stay protected?
  1. Consider using a password manager for additional security.
  2. Leakedsource indexed dailymotion data, you can check for your account breach.
  3. Pay more attention to suspicious email’s, may be they are Phishing emails.

Researchers Find Backdoor Account in 80 Different “SONY” IP Enabled Camera Models

By
Balaji
-
Researchers Find Backdoor Account in 80 Different “SONY” IP Enabled Camera Models

Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp.

Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai.

Two Backdoor Accounts Are Available

According to security researchers of SEC Consult, One backdoor account is available in the Web Interface of Sony’s current IP camera firmware version. This backdoor is set of hardcoded credentials, which is allowing hackers to enable Telnet service of cameras by sending remote requests.

The second backdoor is also a hard coded password which could be used by hackers to gain the root access of devices. After getting root access, they can fully control the devices over Telnet. This password string is available in a cryptographic hash and it is possible to crack it by spending some time on it.

How is it possible?

SEC Consult said that these backdoors had been created by the official developers of Sony.  Not a single footprint of third party programmer has been identified by the security researchers of SEC Consult. It seems like, developers had created these backdoors to debug the device during testing and they forget to remove both of the backdoors from the firmware.

Austrian security firm SEC Consult said it found two apparent backdoor accounts in Sony IPELA Engine IP Cameras  devices mainly used by enterprises and authorities.

“We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an ‘unauthorized third party’ like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755),” SEC Consult wrote.

It’s unclear precisely how many Sony IP cameras may be vulnerable, but a scan of the Web using Censys.io indicates there are at least 4,250 that are currently reachable over the Internet.

Those Sony IPELA ENGINE IP camera devices are definitely reachable on the Internet and a potential target for Mirai-like botnets, but of course it depends on the network/firewall configuration,” said Johannes Greil, head of SEC Consult Vulnerability Lab.

“From our point of view, this is only the tip of the iceberg because it’s only one search string from the device we have.”

Greil said there are other undocumented functionalities in the Sony IP cameras that could be maliciously used by malware or miscreants, such as commands that can be invoked to distort images and/or video recorded by the cameras, or a camera heating feature that could be abused to overheat the devices.

Sony was informed about the issue in October and released firmware updates for all affected camera models on Nov. 28. Users are advised to install these updates as soon as possible, because security cameras have recently been an attractive target for hackers.

Sony did not respond to multiple requests for comment. But the researchers said Sony has quietly made available to its users an update that disables the backdoor accounts on the affected devices. However, users still need to manually update the firmware using a program called SNC Toolbox.

Greil said it seems likely that the backdoor accounts have been present in Sony cameras for at least four years, as there are signs that someone may have discovered the hidden accounts back in 2012 and attempted to crack the passwords then. SEC Consult’s writeup on their findings is available here.

In other news, researchers at security firm Cybereason say they’ve found at least two previously unknown security flaws in dozens of IP camera families that are white-labeled under a number of different brands (and some without brands at all) that are available for purchase via places like eBay and Amazon.

The devices are all administered with the password “888888,” and may be remotely accessible over the Internet if they are not protected behind a firewall. we confirmed that while the Mirai botnet currently includes this password in the combinations it tries, the username for this password is not part of Mirai’s current configuration.

ipcamsticker-580x437

But Cybereason’s team found that they could easily exploit these devices even if they were set up behind a firewall.

That’s because all of these cameras ship with a factory-default peer-to-peer (P2P) communications capability that enables remote “cloud” access to the devices via the manufacturer’s Web site — provided a customer visits the site and provides the unique camera ID stamped on the bottom of the devices.

Although it may seem that attackers would need physical access to the vulnerable devices in order to derive those unique camera IDs, Cybereason’s principal security researcher Amit Serper said the company figured out a simple way to enumerate all possible camera IDs using the manufacturer’s Web site.

“We reverse engineered these cameras so that we can use the manufacturer’s own infrastructure to access them and do whatever we want,” Serper said. “We can use the company’s own cloud network and from there jump onto the customer’s network.”

What Hackers Can Do By Hacking These Cameras?

Hackers could enable Telnet service of devices and can access them over the internet or over the local area network. Hackers can convert these cameras into bots by infecting them with a strong botnet such as Mirai Botnet to perform DDoS (Distributed Denial of Service) Attack on major networks and companies. Hackers could also disrupt working functionality of cameras. Hackers could spy on all those networks which are under Electronic surveillance. Moreover, hackers could send specially crafted videos and images to the control room.

Vulnerable Models of Sony IP Camera
  • SNC-CH115
  • SNC-CH120
  • SNC-CH160
  • SNC-CH220
  • SNC-CH260
  • SNC-DH120
  • SNC-DH120T
  • SNC-DH160
  • SNC-DH220
  • SNC-DH220T
  • SNC-DH260
  • SNC-EB520
  • SNC-EM520
  • SNC-EM521
  • SNC-ZB550
  • SNC-ZM550
  • SNC-ZM551
  • SNC-EP550
  • SNC-EP580
  • SNC-ER550
  • SNC-ER550C
  • SNC-ER580
  • SNC-ER585
  • SNC-ER585H
  • SNC-ZP550
  • SNC-ZR550
  • SNC-EP520
  • SNC-EP521
  • SNC-ER520
  • SNC-ER521
  • SNC-ER521C
  • SNC-CX600
  • SNC-CX600W
  • SNC-EB600
  • SNC-EB600B
  • SNC-EB602R
  • SNC-EB630
  • SNC-EB630B
  • SNC-EB632R
  • SNC-EM600
  • SNC-EM601
  • SNC-EM602R
  • SNC-EM602RC
  • SNC-EM630
  • SNC-EM631
  • SNC-EM632R
  • SNC-EM632RC
  • SNC-VB600
  • SNC-VB600B
  • SNC-VB600B5
  • SNC-VB630
  • SNC-VB6305
  • SNC-VB6307
  • SNC-VB632D
  • SNC-VB635,
  • SNC-VM600
  • SNC-VM600B
  • SNC-VM600B5
  • SNC-VM601
  • SNC-VM601B
  • SNC-VM602R
  • SNC-VM630
  • SNC-VM6305
  • SNC-VM6307
  • SNC-VM631
  • SNC-VM632R
  • SNC-WR600
  • SNC-WR602
  • SNC-WR602C
  • SNC-WR630
  • SNC-WR632
  • SNC-WR632C
  • SNC-XM631
  • SNC-XM632
  • SNC-XM636
  • SNC-XM637
  • SNC-VB600L
  • SNC-VM600L
  • SNC-XM631L
  • SNC-WR602CL

Five new malware programs are discovered every second

By
Balaji
-
Five new malware programs are discovered every second

A new report from the respected independent testing agency AV-Test.org reveals some scary-sounding facts about the state of malware today.

According to AV-Test.org, it has 578,702,687 malware samples in its testing database – with over 115 million discovered so far during 2016 alone.

That translates to 4-5 new malware samples every second of every day.

That doesn’t mean, of course, that your business is likely to encounter each and every one of those malware samples.  Indeed, the vast majority of it will probably never trouble you.

But no-one knows which malware might hit your company next, and so the only sensible approach is to protect against all of it.

Old-fashioned Windows viruses – which replicate – had been thought to be in decline, in favour of Windows-based Trojan horses (which don’t replicate).

windows-malware

However, when comparing first two quarters of 2016 to 2015, AV-Test.org has found that almost half of all new Windows malware (49.2%) can be classified as a “virus” as opposed to 30% in 2015.

Also on the rise is Android-based malware, with AV-Test.org reporting that they have now seen over 16.5 million different samples targeting the smartphone operating system.

Curiously, according to AV-Test.org, a resurgence is being seen in at least one area of malware that had previously thought to have been dwindling.

2

iOS’s malware threat, by comparison, is described as “negligible.”

The report warns that criminals are “massively expanding their activity” when it comes to Android, suggesting that attackers are finding it an increasingly effective way to earn income.

The criminals aren’t creating new strains of malware for fun.  They, just like you, are running a business.  They want their attack to infect corporate networks to steal information, to open backdoors, to hijack systems because that’s how they make their money.

Your job is to do a decent job of defending your users, your customers’ data, your business’s intellectual property, your infrastructure from malware attack.

There’s no such thing as a 100% fool-proof defence, but if you can harden your systems enough there is a chance that even a determined hacker will choose to find a softer target instead.

The good news is that security software is getting better all the time, and more and more businesses are protected proactively against threats – limiting the opportunities for an attack to succeed.

And that, of course, is where AV-Test.org comes in – they are independent experts in evaluating the quality of computer security products – putting them through their paces to determine which vendors are doing a good job, and who has dropped the ball.

When choosing an anti-virus solution for your business, look for a complete solution which has a long track record of performing well in independent comparative tests.

Because the malware attacks aren’t going to stop anytime soon.

The full report can be downloaded from the AV-Test.org website (PDF).

Big Cyber Attack in Russia’s Central Bank-Loses $31 Million

By
Balaji
-
Big Cyber Attack in Russia’s Central Bank-Loses Million

Russia’s central bank saw 2 billion rubles (US$31 million) stolen from accounts as the result of a cyberattack. The theft comes as the country’s security service also claims to have fought off an attack against its financial services industry.

Reuters reports that the bank released a report on Dec. 2 describing a cyberattack that involved “faking a client’s credentials.” Further details were not available.

The stolen money came from accounts held by banking clients at the central bank, The Wall Street Journal reported.

Meanwhile, Russia’s Federal Security Service says it has taken steps to “neutralize” an attack against its financial system. In a statement, the FSB says it has received information that a large-scale cyberattack is planned starting on Dec. 5.

The attacks, which are expected to strike several dozen Russian cities, would be accompanied by the mass sending of SMS messages and a social network and media campaign telegraphing a crisis in the Russian financial system, the FSB claims.

SHIFT related Attack?

The command-and-control server for the attacks is located in the Netherlands and is run by a Ukrainian hosting company called BlazingFast, the FSB says.

Meanwhile, Russia’s Federal Security Service says it has taken steps to “neutralize” an attack against its financial system. In a statement, the FSB says it has received information that a large-scale cyberattack is planned starting on Dec. 5.

The attacks, which are expected to strike several dozen Russian cities, would be accompanied by the mass sending of SMS messages and a social network and media campaign telegraphing a crisis in the Russian financial system, the FSB claims.

The command-and-control server for the attacks is located in the Netherlands and is run by a Ukrainian hosting company called BlazingFast, the FSB says. BlazingFast responded on Facebook that it had not been contacted by the FSB but would cooperate if its network was used for illegal activity.

As soon as BlazingFast became aware of this report, we reviewed all our systems and network and we have not found any abnormal pattern changes that could lead to FSB’s allegations,” the company says.

Fears about attacks on banks have mounted since February when unknown cyber criminals stole $81 million in funds that Bangladesh’s central bank had on deposit at the New York Fed.

Law enforcement agencies around the globe are hunting for the criminals who stole the money using fraudulent wire-transfer requests sent over the SWIFT bank messaging network.

Separately, Russia said on Friday that it had uncovered a plot by foreign spy agencies to sow chaos in the country’s banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust.

Blowback

The targeting of Russia is not surprising given the mix of opportunist cybercriminals, politically motivated hackers and possible state-level actors worried about President Vladimir Putin’s muscle flexing.

In October, the U.S. blamed Russia for hacking the Democratic National Committee along with the email accounts of party officials.

The emails ended up on WikiLeaks and other websites, fueling unending media attention and further skewing an already unconventional presidential campaign (see Microsoft Says Russian DNC Hackers Targeted Zero-Day Flaws).

U.S. Vice President Joe Biden obliquely warned soon after the charge that the U.S. had the capacity to send a “message” to Russia and would do so when the circumstances have the greatest impact, according to The New York Times..

It’s not clear if the U.S. has acted yet. In January, the U.S. Treasury directly accused Putin of being corrupt, alleging that he has amassed a fortune that has been masked through longtime training and practices, according to the BBC.

U.S. spy agencies could conceivably be tasked with using offensive cyberattacks to expose Putin’s finances.

Russia has consistently denied the hacking accusations while casting itself as a victim. In July, the FSB said malicious software infected 20 organizations, with targets including public authorities, scientific and military institutions.

Google Fixes 26 High-Severity Flaws In Chrome Browser – Google Paid 70000$ to External Researchers

By
Balaji
-
Google Fixes 26 High-Severity Flaws In Chrome Browser – Google Paid 70000$ to External Researchers

Google is urging Windows, Mac and Linux users to update their Chrome browsers to fix multiple vulnerabilities that could allow malicious third parties to take control of targeted systems.

The United States Computer Emergency Readiness Team (US-CERT) issued an alert around the Chrome update on Thursday in conjunction with Google, detailing a list of 26 bug bounty payments totaling $70,000 paid to external researchers. According to Google, another 10 security fixes were tackled by Google itself.

Topping the list of vulnerabilities are a dozen “high” severity issues. Five of the flaws are tied to universal cross-site scripting vulnerabilities in Chrome’s Blink component, a web browser engine developed as part of the open-source web browser project Chromium Project.

Four other high-severity vulnerabilities are tied to Google’s problem-plagued Chrome default PDF viewer, called PDFium.

The flaw, described by Google in June, had put users at risk if they were enticed to view a specially crafted PDF document with an embedded jpeg2000 image within the default PDF viewer. Google did not disclose specifics of this most recent PDFium vulnerability in Thursday’s update.

Security researcher Mariusz Mlynski earned $22,500 for finding three of the high-severity bugs tied to cross site scripting errors in Blink. The Polish researcher found similar flaws in May, earning him $15,000.

Two more high-severity vulnerabilities are tied to Chrome’s V8 JavaScript engine. One of the flaws is described as a “private property access in V8” vulnerability.

The other V8 issue is a use after free vulnerability in V8. There were nine reported medium-severity flaws, two of which are related to Chrome’s Omnibox (address bar) which hackers in the past have been able to use to spoof addresses.

This update includes 26 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$N/A][664411] High CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360

[$7500][658535] High CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski

[$7500][655904] High CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski

[$7500][653749] High CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl)

[$7500][646610] High CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous

[$7500][630870] High CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski

[$5000][664139] High CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN

[$3000][644219] High CVE-2016-5203: Use after free in PDFium. Credit to Anonymous

[$3500][654183] High CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB

[$3000][653134] High CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani

[$3000][649229] High CVE-2016-5211: Use after free in PDFium. Credit to Anonymous

[$500][652548] High CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani

[$N/A][601538] Medium CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR

[$3000][653090] Medium CVE-2016-5216: Use after free in PDFium. Credit to Anonymous

[$3000][619463] Medium CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang

[$2500][654280] Medium CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu
(robwu.nl)

[$2000][660498] Medium CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi
(@qab)

[$1500][657568] Medium CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl)

[$1000][660854] Medium CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure

[$1000][654279] Medium CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl)

[$500][657720] Medium CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent’s Xuanwu Lab

[$N/A][653034] Low CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek

[$N/A][652038] Low CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee [$N/A][639750] Low

CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)

[$N/A][630332] Low CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk)

[$N/A][615851] Low CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak

Google also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

 

Network Adapter Priorities | Windows

By
Gurubaran
-
Network Adapter Priorities | Windows
 
Network Adapter :

Network adapter is nothing but an component associated with the Computer’s/Laptop Internal’s hardware which is used to communicate with other computers/appliances over the network.

Now normally we are using Multiple network Adapters, for an Ethernet Connection, VMware, Wireless Connections, we can apply considerations on which network to be used. In our guide we are to examine the behaviour by using an Windows 10 machine.

Windows 10 is good enough and help us in picking correct network adapter if multiple network adapter is available. Now in this guide consider we are having Multiple Network adapters like Ethernet, Wireless, Vmware and VPN.

To Change Network Adapter Priorities

We are having two options in hand to change the adapater priorities, either with powershell or Network Interface Menus. So let’s dive deeper.

Powershell

  • To Launch powershell, tap on Windows key, type powershell and click on Windows powershell that displayed.
  • Now run the Command Get-NetIPInterface which displays all network adapters, their interface index number, and interface metric.
  • Now to change the priority of the adapter run the command Set-NetIPInterface -InterfaceIndex “Index of the adapter you want to change the priority for” -InterfaceMetric “new priority of the adapter”.

             Example: Set-NetIPInterface -InterfaceIndex “11” -InterfaceMetric “90”  ‘

  • Adapters with a lower InterfaceMetric number are prioritized over adapters that have a higher number.
  • Now again you can run the command to view the adapter details.
Interface Method(GUI)      
 
  • Tap on Windows key, type ncpa.cpl and hit the Enter-key to open Network Connection Settings.
  • Right click on the adapter you like to modify and then go to Properties.
  • Locate Internet Protocol Version 4 (TCP/IPv4), select it, and click on the Properties button. Note: If your connection is IPv6, select Internet Protocol Version 6 (TCP/IPv6) instead.
  • Locate and hit the advanced button.
  • Then you can a Network metric box, uncheck Automatic metric box and and enter a new custom Interface metric number (Ensure that you are providing a vaule 2 or higher, becuase 1 is reserved for loopback ).
  • Click ok and repeat the steps if you are suppose to do for Multiple adapters.

VISA Card under “Distributed guessing attack” just 6 seconds to verify Visa card details

By
Balaji
-
VISA Card under “Distributed guessing attack” just 6 seconds to verify Visa card details

New research into the security of Visa credit and debit cards has described the ability to bypass online payment security methods in just six seconds as “frighteningly easy”.

According to new research conducted by Newcastle University in the UK, details of a person’s Visa credit or debit card can be obtained in as little as six seconds, using a technique known as a distributed guessing attack.

The researchers found that by automatically and systematically generating different variations of the cards security data and firing it at multiple websites, within seconds they were able to identify a ‘hit’ and verify all the necessary security data.

When a person makes a purchase online using a card, they are typically asked to provide the card number, expiry date, CVV security code at the back of the card and sometimes their address.

https://youtu.be/uwvjZGKwKvY

This attack, lead researcher Mohammad Ali said, exposes two huge weaknesses in the verification system.

‘Frighteningly easy for attackers’

This allows unlimited guesses on each card data field, using up to the allowed number of attempts – typically 10 or 20 guesses – on each website.

The first weakness indicates the lack of communication between various platforms, as current online payment systems do not detect multiple invalid payment requests from different websites.

The second weakness, the team identified, is that different websites tend to ask for different variations of details in a bid to ensure greater security, yet all it does is help a hacker to build up information on a potential large.

MasterCard unaffected

This means that if a hacker has only the first six digits of the card, they will be able to obtain the three essential pieces of information to make an online purchase within as little as six seconds.

Even the CVV number, that only the holder of the card should be able to see, can be cracked in fewer than 1,000 attempts, thanks to the fact that it is so short in length.

“Spread this out over 1,000 websites and one will come back verified within a couple of seconds. And there you have it – all the data you need to hack the account.”

Worryingly for Visa card owners, Ali and his team determined that it is only applicable to these cards, as MasterCard’s centralised network detects multiple incorrect guesses after 10 attempts.

This distributed guessing attack method, the team believes, likely played a part in the recent cyberattack against the British shopping giant, Tesco.

“The Cyberteam from the Newcastle University believes that the technique, known as a Distributed Guessing Attack, was used in the recent £2.5million hack on the 20,000 customers of Tesco bank”

Ultimately, the only way to secure payment systems against distributed guessing attacks are to centralize as Mastercard has done or standardize, with all sites requiring the same information to validate card numbers. In this way, the attack cannot be scaled, the researchers wrote.

 
1...906907908...911Page 907 of 911

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved