Tuesday, May 20, 2025
Home Blog Page 913

U.S Military Banned Smartphones that Made by ZTE and Huawei

U.S Military Banned Smartphones that Made by ZTE and Huawei

Pentagon banned Smartphones that have been made by Chinese firms ZTE and Huawei to be used in any military services of U.S.

Also the ordered US military bases retail to stop selling the  ZTE and Huawei smartphones due to surveillance precautions.

Pentagon urged to take this action due to Chinese producers could be influenced by the authorities in Beijing to plant code that could spy on servicemen, or even remotely impair communications.

New rules proposed by Pentagon states, Wireless carriers and organizations should not use the federal funds such as “buy networking hardware or administrations from purchase equipment or services from companies that pose a national security threat to United States communications networks or the communications supply chain.”

Also Read:  NSA Collected 534 Million Records of Phone Calls and Text Messages of Americans

According to Wall Street Journal reports, Pentagon officials believe that Huawei and ZTE devices may pose an unacceptable risk to the department’s personnel, information and mission.

An official statement said, It because of national security posed as Hidden ‘backdoors’ to our networks in routers, switches—and virtually any other type of telecommunications equipment—can provide an avenue for hostile governments to inject viruses, launch denial-of-service attacks, steal data, and more.

This ban against ZTE and Huawei was taken on April 25 and Given security concerns about ZTE cell phones and related products, the Pentagon’s exchange services also removed ZTE product.

ZTE Did not comment about this ban but Huawei states that “We remain committed to openness and transparency in everything we do and want to be clear that no government has ever asked us to compromise the security or integrity of any of our networks or devices,”.

Apart from this, the U.S, UK, and India based intelligence services also warned about the risks of using ZTE equipment and services for their infrastructure.

Facebook’s New Tool to Detect and Alert Website Owners About Phishing Attacks

Facebook’s New Tool to Detect and Alert Website Owners About Phishing Attacks

Phishing is one of the most common problems for Internet Users, hackers find a new innovative method to create believable URL’s to trick users.

Attackers launch innovative phishing attacks to trick the users and to steal sensitive data such as their passwords, credit card numbers, or other sensitive information. It is hard to detect as they use a number of techniques to resemble it like a legitimate domain.

Facebook phishing detection tool developed two years ago and now they expanded the capabilities of the tool to alert users when new certificate issued for phishing domains.

When a new certificate appears in the public Certificate Transparency Log the Facebook phishing detection tool analyzes the domains for possible phishing attempts.

Facebook phishing detection tool

If the tool suspects it is a phishing domain then it notifies the subscribers of the legitimate domain by sending email, push, or on-site notifications based on the subscriber preference.

To enable and domain monitoring service and manage your subscriptions visit facebook developers, Developers need to specify the domain name and the alerts they need to specify.

Certificate alerts: Alerts when the new certificate enrolled for the subscribed domain name.

Phishing Alerts: Notifies when the enrolled new certificate seems to be impersonating the
subscribed domain name.

Certificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CA, and domain users. The ultimate goal of CT is to defend mis-issuance of certificates.

Facebook phishing detection tool

Open source tools like Phishing catcher also helps in detection of misissued certificates, malicious certificates, and rogue CAs.

We are also extending our Webhook API to help developers easily integrate this new phishing detection feature into their external systems.” reads facebook statement.

If a domain owner receives a notification that a CA issued a certificate for their domain without an explicit request, they will likely want to contact the CA, check that their identity isn’t compromised and take into account revoking the certificate.

NSA Collected 534 Million Records of Phone Calls and Text Messages of Americans

NSA Collected  534 Million Records of Phone Calls and Text Messages of Americans

An official Report released by U.S. Intelligence agency revealed that Spy agency NSA Collected around 534 Million Records of Phone Calls and Text Messages of U.S Citizens.

This list of data has been collected 2017 alone which is very less than billions of records collected per day by  NSA’s old bulk surveillance system on 2013 which was Revealed by Edward Snowden.

During this operation, NSA collects sensitive include including numbers and time of a call or text message, but not their content.

Privacy advocates who all are concerned about potential government intrusion into the lives of U.S peoples are raising questions about this collection of call records.

According to Reuters Report, The sharp increase from 151 million occurred during the second full year of a new surveillance system established at the spy agency after U.S. Congress passed a law in 2015 that sought to limit its ability to collect such records in bulk.

U.S. intelligence agency report

These records are comprised of metadata about calls (which includes time, duration, and the numbers of both recipient and caller)

This new report an annual set of surveillance-related statistics issued by the Office of the Director of National Intelligence did not explain why the number of records increased so dramatically.

In this case, The NSA has found that a number of factors may influence the number of records collected, Timothy Barrett, a spokesman at the Office of the Director of National Intelligence said.

U.S. intelligence officials have said the number of records collected would include multiple calls made to or from the same phone numbers and involved a level of duplication when obtaining the same record of a call from two different companies.

After the N.S.A. put the record sets obtained from the telecoms into its databases, intelligence analysts queried that data using 31,196 search terms associated with Americans last year, up from 22,360 a year earlier.

New Ransomware Called “BlackRouter” Attack launched through Well-known Legitimate Remote Desktop Tool

New Ransomware Called “BlackRouter” Attack launched through Well-known Legitimate Remote Desktop Tool

Newly discovered BlackRouter ransomware propagating thorough Well-known remote desktop tool called AnyDesk along with malicious Payload.

AnyDesk is widely used Remote Desktop Tool similar to Teamviewer that capable of bidirectional remote control between different desktop operating systems, including Windows, macOS, Linux and FreeBSD, as well as unidirectional access on Android and iOS.

Cybercriminals abusing AnyDesk to distribute the new BlackRouter ransomware with the AnyDesk tool package bundle to infiltrate the victim’s system.

BlackRouter Ransomware bundle with legitimate tool might the technique that attackers used to evade the security software detection.

BlackRouter ransomware Infection Process

Initial propagation starts from vicitms who have been downloaded this ransomware unknowingly from the various malicious website or compromised sites that turned into a malware distribution medium.

Later ransomware dropped two different files into victims computer and execute it to perform the further malicious process.

  • %User Temp%\ANYDESK.exe
  • %User Temp%\BLACKROUTER.exe

First file contains AnyDesk that can perform file transfers, provide a client to client chat and can also log sessions. in this case, attackers using an old version of AnyDesk not a new version.

Second file referred to the actual BlackRouter ransomware to encrypt the infected system files that encrypt different type of extension such as .gif, .mp4, .pdf, .xls etc.

According to Trend Micro, During the infection process, AnyDesk will start running in the affected system’s background and BlackRouter ransomware searches the files in following folders and encrypt all the files.

  • %Desktop%
  • %Application Data%
  • %AppDataLocal%
  • %Program Data%
  • %User Profile%
  • %System Root%\Users\All Users
  • %System Root%\Users\Default
  • %System Root%\Users\Public
  • All Drives except for %System Root%

After it completes the encryption process, it displays the ransom notes that contain the detailed information about what just could happen within the infected computer.

It demands to pay $50 in bitcoin to provide an access to the locked files. and its says, once vicitms paid the ransom amount then they will receive the decryption key via Telegram.

Also, it warned vicitms not to shut down the computer and if they do that then all the encrypted files will be locked forever.

Cybercriminals may be experimenting with AnyDesk as an alternative because Teamviewer’s developers have acknowledged its abuse, and have also included some anti-malware protection in some of its tools. Reserachers said.

330 Million Twitter Users are Urged to Change Passwords after the Twitter Bug Exposed Them in Plain Text

330 Million Twitter Users are Urged to Change Passwords after the Twitter Bug Exposed Them in Plain Text

Twitter urges all of it’s 330 Million users to change the password immediately after a Twitter bug identified in their internal system that exposed the passwords in plain text.

To mask the password twitter uses the hashing function “bcrypt” that replaces the actual password to a random number and stored in the Twitter system. Due to this the Twitter bug that password are were added to their system before hashing process completed.

Now the company said they have resolved the issue removed the passwords, and are implementing plans to prevent this bug from happening again.

Also, the company confirms according to their investigation there is no indication of breach or misuse by anyone. The Twitter blog post doesn’t say how many users affected, according to Reuters “a person familiar with the company’s response said the number was “substantial” and that they were exposed for “several months.”

After the incident disclosure twitter’s share price dropped by 1 percent, the disclosure comes at the lawmakers urges companies on how the credentials are stored.

The General Data Protection Regulation (GDPR) is to be applied from 25 May 2018 and it applies to all companies that collect and process data belonging to European Union (EU) citizens.

GDPR introduces a requirement for all organizations to report certain types of data breaches to the relevant governing body and your customers. You must notify the relevant stakeholders if your data breach will result in discrimination, damage to reputation, financial loss or loss of confidentiality of individuals.

“We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.” reads the company statement.

The company advised user’s Use a strong password and also two enable two-factor authentication.

New Cryptocurrency Mining Malware “MassMiner” Attacking Web Servers Using various Powerful Exploits

New Cryptocurrency Mining Malware “MassMiner” Attacking Web Servers Using various Powerful Exploits

Newly discovered cryptocurrency mining malware called MasssMiner using various powerful exploits to compromise web servers to mine monero Cryptocurrency around the world.

Its act as a worn that has capable of self-replicating through a number of different exploits also perform brute-force attack to compromise and access the  Microsoft SQL Servers.

It using various hacking tools and exploits leveraging single executable and it continuously spreading many ways to accomplish its task.

It infected many countries including India, Germany, Colombia, Vietnam, Bangladesh, China, Venezuela.

MassMiner Infection Process on Web Servers

Initially, MassMiner malware spreading via local network and later it will infiltrate other networks and researchers discovering this propagation via honeypot network.

A machine that infected by MassMiner malware will attempt to spread using an exploit for Apache Struts and later perform reconnaissance operation.

According to Alienvault, MassMiner includes a fork of MassScan, a tool that can scan the internet in under 6 minutes. The MassScan fork passes a list of IP ranges to scan during execution, which includes private and public IP ranges.

MassMiner malware using 3 powerful exploits to against vulnerable networks that was discovered using MassScan.

Once the Microsoft SQL Servers will be compromised, Specific SQL script will install MassMiner and later script will disable the number of important security features such as anti-virus.

Similarly, Weblogic servers download MassMiner via PowerShell and  VisualBasic script is used to deploy the malware to compromised Apache Struts servers.

after the complete infection, it performs a various modification to avoid detection and ensure its persistence.

Later MassMiner connects into its command & control server to download the configuration files “http://server/Cfg.ini”.

Finally, Server download the updates and malicious executable will infect the other machine and enable the Monero wallet and mining pool to send mined currency.

If the HTTP request will never be responded then the malware is capable of successfully running the Miner with its default configuration, researchers said.

Cryptocurrency-mining Malware Sold in Underground Markets Targeting IoT Devices

Cryptocurrency-mining Malware Sold in Underground Markets Targeting IoT Devices

Starting from 2018 cyber threat landscape shifted from Ransomware to Cryptocurrency mining attacks, attackers targeted a number of internet portals and different kinds of servers. Hackers taking each and every probability for mining cryptocurrencies, even they inserted Cryptocurrency mining malware with the embedded videos in word documents.

The Cryptocurrency mining attacks not limited to computer’s, almost every device that connected to the Internet may be a part of it. Cryptomalware based on two methods stealing cryptocurrency and mining cryptocurrency.

Cryptocurrency-mining malware consumes the system resources and utilizes them for mining cryptocurrencies without user permissions. The Cryptocurrency-stealing malware targets wallet address on local storages on various devices and replaces its own address.

Trend Micro researchers published a research report on how cryptocurrency-mining malware is being offered in the underground hacking forums and how the advertised features compare against one another.

Researchers spotted latest offerings of a Monero (XMR) cryptocurrency-mining malware called DarkPope in underground markets offered for $49 with 24/7 support.
Not only the cryptocurrency-mining malware they also offer cryptocurrency-stealing malware ” researchers spotted a piece of cryptocurrency-stealing malware called Pony that offered for $20.”

“We believe this is a huge trend, one that is unlikely to go away anytime soon. We have seen miners moving from bitcoin to Ethereum and now embracing Monero and Zcash. Some criminals have also started conversations about MoneroV, which hasn’t even been released yet.” reads Trend Micro report.

Also read Hackers Illegally Purchasing Abused Code-signing & SSL Certificates From Underground Market

When compared to computers or laptop the smartphones and IoT devices having very less computing power, but attackers creating cryptocurrency-mining malware targeting to infect these devices

The cryptocurrency-mining malware like Hiddenminer uses the all the computational power in mobile devices for mining and could cause the device to overheat and potentially fail.

“It will appear that cryptocurrency malware is gaining traction as a subject in forums within the cybercriminal underground. but still, it is not as profitable as other criminals may think — at least not yet.”

To mitigate from falling to cryptojacking attacks regularly update your device firmware, Don’t use default credentials, stay vigil against known attack vectors.

Exploit Pack V10.07 Released with More than 38.000+ Exploits Including Zero-Days

Exploit Pack V10.07 Released with More than 38.000+ Exploits Including Zero-Days

Exploit Pack is a well-integrated open source tool for conducting professional penetration tests. As like any other penetration testing tool it requires understanding and expertise.

It contains over 38000+ exploits together with zero-days and it supports all the operating systems as targets including Windows, Linux, Unix, Minix, SCO, Solaris, OSX, etc. and even mobile and web platforms.

Exploit pack offers a Graphical user-friendly Interface that supports rapid reconfiguration to adapt exploit codes to the constantly evolving threat environment.

It has been designed by experienced software developers and exploits writers to automate processes so that penetration testers can focus on what’s really important.

Must Read Complete Kali Tools tutorials from Information gathering to Forensics

Anyone with very little will use Exploit Pack to run a deep security testing. It is available for Windows, Linux, and OSX. It is the best alternative for Metasploit.

Exploit pack reacts faster in detecting and analyzing cyber-security incidents by rapidly reacting on the integration of both, offensive and defensive security. It Objectively measures threats, vulnerabilities, impact, and risks associated with it.

“we provide our users with operational exploits and security tools to prevent disasters and measure security and active risks,” says the exploit pack creator Juan Sacco.

The free community edition of the pack contains 400+ exploits, professional pack 38.000+ exploits, and the Premium Pack contains 38.000+ exploits and Zero days.

They use to distribute the packages through the web or as an encrypted bundle and the installation is by just expanding the desired tree and get all the arsenal you need.

Indian Provident Fund Portal Hacked: Attackers May have been Stolen 27 Million Users Sensitive Data

Indian Provident Fund Portal Hacked: Attackers May have been  Stolen 27 Million Users Sensitive Data

A cyber Attack launch into Indian Provident Fund Portal called “Employees  Provident Fund Organization(EPFO)” and hackers may have been stolen around 27 Million registered peoples sensitive data.

The personal and professional details of about 27 Million Indian Peoples registered with the retirement fund body Employees Provident Fund Organisation (EPFO).

A hacked website (Aadhaar.epfoservices.com)provides an Aadhaar Seeding Service for EPFO that has been managed under Indian Government infrastructure called Information and Communication Technology (ICT).

Attackers Exploiting two critical vulnerabilities calledStruct Vulnerability  &  Backdoor shell”  which exists on the hacked website that allow an attacker to successfully compromise the website and gave access to stolen the million of Peoples Sensitive Data.

“backdoor shells” allows hackers gaining control of a portal’s administrator privileges and “Apache Struts”, a widely used Java application that contains a critical vulnerability.

This Attack was launched to target an Aadhaar number and cybercriminals may have been stolen a huge amount of data and the breach has been notified on 22/03/2018.

Letter from VP Joy, Central Provident Fund Commissioner

In the letter checked “secret”, the official composed that the Intelligence Bureau (IB) had Informed them of”hackers exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO.

EPFO is just one of many government departments that use this platform for Aadhaar-seeding various services.

Cyber Security Experts Said, “Each person contributes 12% of salary as provident fund, so salary details could also have been stolen. Also the bank account numbers as people tend to withdraw their PF,”.

The report additionally includes that the central provident fund commissioner has asked the service’s specialized staff to plug vulnerabilities on the entryway that has now been temporarily shut down. For the obscure, the entrance interfaces the Aadhaar number of all workers with their provident fund accounts.

The hacked website contains information about the names and addresses of EPF subscribers besides their employment history.

Few Month before  Indian Aadhaar Details Exposed in Public by More than 200 Government Websites.

Aadhaar Officials said “This matter does not pertain at all to any Aadhaar data breach from UIDAI servers. There is absolutely no breach into Aadhaar database of UIDAI. Aadhaar data remains safe and secure,”.

Kali Linux 2018.2 Released with Fixes for Spectre, Meltdown and Easier Metasploit Script Access

Kali Linux 2018.2 Released with Fixes for Spectre, Meltdown and Easier Metasploit Script Access

Kali Linux 2018.2 released with all updated packages and bug fixes since the last version of the Kali Linux that released last February.

It is the first distribution to include the Linux 4.15 kernel, which contains the most expected patches for Spectre and Meltdown vulnerabilities.

With the hardware part, it includes better support for AMD GPUs and support for AMD Secure Encrypted Virtualization, that allows encrypting the encrypting virtual machine memory and even hypervisor can’t access it.

Easier Metasploit Script Access – Kali Linux 2018.2

If you are an exploit writer, here is a good news for you. Starting form Metasploit-framework_4.16.34-0kali2 the scripts such as pattern_create, pattern_offset, nasm_shell, etc can be called directly as they included links to all of them in the PATH and they are prepended with msf-.

With the previous version, it was hidden under /usr/share/metasploit-framework/tools/exploit/ and cannot be called directly using msf-.

root@kali:~# msf-<tab>
msf-egghunter msf-java_deserializer msf-nasm_shell
msf-exe2vba msf-jsobfu msf-pattern_create
msf-exe2vbs msf-makeiplist msf-pattern_offset
msf-find_badchars msf-md5_lookup msf-pdf2xdp
msf-halflm_second msf-metasm_shell msf-virustotal
msf-hmac_sha1_crack msf-msf_irb_shell

root@kali:~#
root@kali:~# msf-pattern_create -l 50 -s ABC,123
A1A2A3B1B2B3C1C2C3A1A2A3B1B2B3C1C2C3A1A2A3B1B2B3C1
root@kali:~#

Kali Linux 2018.2 includes updates for a number of applications including Bloodhound, OWASP JoomScan, burp suite 1.7.32, reaver v1.6.4 and pixiewps v1.4.2. You can see the complete list under changelog.

Must Read Complete Kali Tools tutorials from Information gathering to Forensics

How to update – Kali Linux 2018.2

apt update
&& apt full-upgrade
apt dist-upgrade
reboot

Recommended reviewing our Kali Linux Tutorials page which covers dozens of Kali Linux Tools. if you are First Time Kali user you can download it from here.

Like Kali Linux, there are some top Penetration Testing & Ethical Hacking Linux Distributions you can see them here.