Friday, May 2, 2025
Home Blog Page 915

New Banking Trojan Steal Money From Bank Accounts by Abusing Windows OS

New Banking Trojan Steal Money From Bank Accounts by Abusing Windows OS

A new dubbed Banking Trojan “Gozi” discovered that is capable of abusing windows users and stealing bank information from victims computer which has some advanced multi-component malicious programs future.

Gozi Banking Trojan Discovered Trojan.Gozi.64,which is used the same source code of the previous version of this malware and also added some advanced future that can infect both 32- and 64-bit Windows versions.

Trojan’s creator embedded a restriction into the malicious program that helps to perform its operation with Windows 7 and other latest version of windows computers.

Also Read:  Ursnif Malware Variant Performs Malicious Process Injection in Memory using TLS Anti-Analysis Evasion Trick

It is used separately downloaded plugins and it does not operate the malicious program in the very old version of Windows OS.

Gozi Banking Trojan used malicious plugins that have been discovered in Microsoft Internet Explorer, Microsoft Edge, Google Chrome, and Mozilla Firefox.

It can perform following malicious activities on the infected computers.

  • Check for any updates for the Trojan;
  • Download from remote server plugins for browsers used for web injections;
  • Download web-injection configurations from a remote server;
  • Obtain personal tasks, including those requiring the download of additional plugins;
  • Remote computer administration.

How does Gozi Banking Trojan Works

Initially, It installs the corresponding module to performing web injections in the browser once the victims install the malicious Plugins in their browser.

Later Gozi Trojan downloaded as a zip with help of command and control server which contains configuration for web injections.

Later Gozi injects the arbitrary content into user-viewed web pages which leads to fake authorization forms on bank websites and in online banking systems.

Since this web page modification directly performed into the infected computer the URL of whatever website is involved remains intact in the browser address bar.

A fake website that completely looks like a bank website Any data the user enters into a fake form is sent to cybercriminals.

According to Dr web, Along with this, some of aditional modules also will be downloaded into victims windows computer that may including remote access capability to injected victims computer, keylogger plugins,a plugin for stealing authorization data from mail clients, and some others.

Gozi Banking Trojan using baseconfig module which stored in a basic configuration that contains C&C’s and the master key to connecting to the server.

it contains some other modules as well, that has some interesting functions.

  • explorer.dll—the main module of the Trojan. It loads and executes the rest of the components using the basic plugins (bl.dll, rt.dll, netwrk.dll);
  • bl.dll—performing of web injections, various types of interactions with named Windows pipes, execution of files from the memory, encryption;
  • rt.dll—interaction with the Windows system registry, with files, operations with strings;
  • netwrk.dll—functions of operation with the network.

The module explorer.dll executes several task types:

  • Check for any updates for the Trojan;
  • Download from remote server plugins for browsers used for web injections;
  • Download web-injection configurations from a remote server;
  • Obtain personal tasks, including those requiring the download of additional plugins;
  • Remote computer administration.

IOC- SHA1

  • SHA1 loader stage 1
  • b974346e2b3a32720d4a214ca2b18a0032867f12
  • SHA1 loader.dll x32 stage 2
  • 1c8e47942eb0bdd32fe2883dee5953de6e06b9b8
  • SHA1 loader.dll x64 stage 2
  • 1a3bceab8c90779fd06760a037a347d21849fe3b

Home Ministry Warned Indian Army not to use Popular Chinese apps such as Truecaller, WeChat, SHAREit

Home Ministry Warned Indian Army not to use Popular Chinese apps such as Truecaller, WeChat, SHAREit

Home ministry of India released a countrywide advisory to all fields of Army and Paramilitary forces to delete specific apps that are created by Chinese companies or the one linking to Chinese servers from their mobile phones.

The list of Apps consist of 42 application, and it includes some of the most famous apps such as TrueCaller, Weibo, WeChat, UC Browser, SHAREit, all officers are strictly advised to delete from their mobile phones immediately personal or official.

It is the first time that a red flag raised against Chinese apps, it was first reported by print and the instructions sent to troops on 24 November.

According to the Advisory report “As per reliable inputs, many Android/IOS apps developed by Chinese developers or having Chinese links are reportedly either spyware or other malicious ware. Use of these apps by our force personnel can be detrimental to data security having implications on the force and national security.”

Top Chinese apps on the List

1. TrueCaller
2. SHAREit
3. CM Browser
4. UC Browser
5. MI Store
6. UC News
7. WeChat
8. Weibo

Also Read Top Secret Data that Belongs to US Army and NSA leaked online

And if some of them are already using the app they are asked to delete the app immediately and to format the smartphone.You can find full of list of apps here.

IN 2010, the Union Home Ministry had mulled whether Chinese companies like Huawei and ZTE could be forbidden in India. Amongst the many gadgets supplied by these firms, the Home Ministry had flagged modems as being particularly vulnerable, Says Indiatoday.

Last month Mr. Rhee belonged to South Korea’s defense panel told that North Korean hackers stole a large data from South Korea military database, including wartime contingency plans jointly drawn by the United States and South Korea.

Data is a significant concern with growing number of cyber threats and data leaks, there are no reports, yet these apps are stealing data, but the security agencies have taken this step as tightening security measures.

Top Secret Data that Belongs to US Army and NSA leaked online

Top Secret Data that Belongs to US Army and NSA leaked online

Critical data that belongs to United States Army Intelligence Security Command (INSCOM) and (National Security Agency) NSA data leaked online Which contains internal data and virtual systems used for secret communication over the Internet.

The cloud leak followed by Pentagon’s Data Leak which exposed than 1.8 billion posts of content of social media contents that captured around 8 years.

Leaked data consist of billions of public internet posts, news commentary and other writings from individuals from the US and other Countries.

Security researcher Chris vickery found amazon Bucket for public access on last September, which allows any user with free AWS account can read and download the contents by just entering the URL.

The respository that present in the bucket has a subdomain “inscom,” which relates to US Army and the NSA. Bucket consists of 47 files and folcers with read permission and three of them with download permissions.

Files that are available to download consist of highly sensitive information exposing national security data, some of it explicitly classified.

Researchers found.ova file which can load through Oracle VirtualBox consists of a Virtual hard drive likely to be used to retrieve data from remote location and they found the data can be accessed without connecting to Pentagon systems.

Top Secret

Hard disk consis of six partitions varying in size from 1 GB to 69 GB, it also exposes private keys that used for accessing distributed intelligence systems used by Invertix administrators.

A hard drive reveals a human-configured installation of files for use with Red Disk, a troubled Defense Department cloud intelligence platform partially integrated into the Pentagon’s DCGS-A program.Upguard said. Also they found a text fine that provides directions for .ova.

It is unnecessary to speculate as to the potential value of such an exposed bucket to foreign intelligence services or malicious individual actors;

The care is taken to classify sections of the exposed virtual drive as “Top Secret” and “NOFORN” provide all the indications necessary to determine how seriously this data was taken by the Defense Department. Says Upguard.

Some of Very Recent Data Leaked Online

  1. Famous Cosmetic Company “Tarte” leaked 2 Million Customers Personal Data Online
  2. Fashion Retailer FOREVER 21 Admits Payment Card Security Breach
  3. Accenture Data Leak Exposed 137 Gigabytes of Highly Sensitive Data Online
  4.  Deloitte Hacked by Cyber Criminals and Revealed Client & Employee’s Secret Emails
  5. Leading research and advisory firms Forrester was hacked
  6. Disqus confirms it’s been hacked and more than 17.5 Million Users Details Exposed
  7. Gaming Service R6DB Database deleted By Hackers and held for Ransom
  8. Biggest Hack Ever – Each and Every Single Yahoo Account Was Hacked in 2013
  9. Pizza Hut Hacked – Users Reporting Fraudulent Transactions on their Cards
  10. Hyatt Hotels Data Breach Exposed 41 Hotel Customers Payment Card Information
  11. Verizon Wireless Confidential DataLeaked Accidentally by Its Employee
  12. ABC Company Massive Data Leaked online from Amazon S3 Bucket
  13. Pentagon Data Leak Exposed 1.8 Billion of Social Media Surveillance Data
  14. Uber Data Breach Exposed Personal Information of 57 Million Uber Users
  15. HP Exposed more than 400,000 Customers Sensitive Information Online
  16. Imgur Data Breach Exposed 1.7 Million Users Emails and Passwords by Hackers

Ursnif Malware Variant Performs Malicious Process Injection in Memory using TLS Anti-Analysis Evasion Trick

Ursnif Malware Variant Performs Malicious Process Injection in Memory using TLS Anti-Analysis Evasion Trick

A Sophisticated Ursnif Malware variant using manipulated TLS call back Anti-Analysis Technique while injecting the Child Process for changing the entry point.

TLS (Thread Local Storage) call backs used for additional initialization and termination that provided by Windows operating system.

Malicious TLS Allows PE files to include malicious TLS callback functions to be executed prior to the AddressOfEntryPoint field in the PE header.

In this case, during analysis phase where analysts trying to find the actual entry point to malcode but Malicious TLS callback function leads to execute the malcode Prior to the Common entry point AddressOfEntryPoint.

The Entry Point (AddressOfEntryPoint) defined in the PECOFF format for executable files refers to location in memory where the first instruction of execution will be placed

unlike Ursnif, Many Malware binaries and packers are using CreateRemoteThread Windows API functions to change the entry point for injecting the Process in the memory.

Also Read: A Banking Trojan Called “Ursnif” Using Mouse Moments for Evasion and Decryption From Virtual Machine

Ursnif Malware Analysis & Distribution

The initial distribution of Ursnif spreading via spam Email campaign with company order related mail contents and once we click the “Review document” then malware downloads a ZIP file named YourMYOBSupply_Order.zip.

The zip file contains a malicious javascript, once it gets executed then it Ursnif/Gozi-ISFB will be downloaded and executed.

Since command & Control server communication completely established HTTPS, it’s very difficult to find through analyzing the normal network activities.

During the Execution process, Ursnif malware tries to create a child process named svchost.exe using  CreateProcessW API function in suspended mode.

According to FireEye,Next, for process hollowing of svchost.exe, the malware creates a section object and maps the section using ZwMapViewOfSection.
It uses the memset function to fill the mapped section with zeroes, and then leverages memcpy to copy the unpacked DLL to that region. The malware then resolves three lower level API functions by walking the ntdll.dll module.
Once the new region of memory allocated it construct the entry shellcode in the new memory space.to identify the mapped session of the child process it reads out the PEB(process environment block) structure of the process using a call to ZwReadVirtualMemory.

After this task accomplished, Ursnif Malware trying to change the PE Header Protection permissions and gain the write permission.

Later it will write 8 bytes of the buffer at offset 0x40 in the entry point of the svchost.exe process executable in the target child process.

Region protection back to normal(“read only”) to avoid the suspicion once it successfully writes the buffer.

Again, it repeats the procedure of changing protections for the PE image of svchost.exe to write 8 bytes at an offset of 0x198 bytes from the start of the process executable.

Ursnif using standard DLLMain call entry point to initialize the injected DLL image and execute its entry.

Ursnif Malware

“This newer variant shows that actors are not only modifying the malware to evade signatures, they are also equipping them with stealthier techniques. Unaware debugging environments or detection frameworks can potentially miss the actual hidden TLS callback entry point, allowing the malware to perform its malicious activities under the hood.”

Indicators of Compromise

Filename :YourMYOBSupply_Order.zip
MD5 : f6ee68d03f3958785fce45a1b4f590b4
SHA256 : 772bc1ae314dcea525789bc7dc5b41f2d4358b755ec221d783ca79b5555f22ce

Filename : YourMYOBSupply_Order.js
MD5 : c9f18579a269b8c28684b827079be52b
SHA256 : 9f7413a57595ffe33ca320df26231d30a521596ef47fb3e3ed54af1a95609132

Filename : download[1].aspx
MD5 : 13794d1d8e87c69119237256ef068043
SHA256 : e498b56833da8c0170ffba4b8bcd04f85b99f9c892e20712d6c8e3ff711fa66c

Complete Advanced IT Cloud Security & Hacking Training Online Course Bundle

Complete Advanced IT Cloud Security & Hacking Training Online Course Bundle

Cloud Security Professionals are the Higly demanded role for many organizations since Cloud computing Security needs rapidly evolving around the world to stop the cloud-based cyber Attacks.

Numerous associations move to the cloud due to expanded effectiveness, information space, versatility, speed and different advantages.

Be that as it may, cloud computing accompanies its own security dangers. To address these difficulties, organizations ought to make a half-breed cloud condition, affirm that their cloud security arrangement offers all day, every day observing and multi-layered safeguards, and actualize safety efforts like encryption, encryption, data backups and identity access management (IAM).

Today we are Introduced to you one of the best Advanced IT Cloud Security & Hacking Training Online Course Bundle for just $34 only.

Data security has never been more important in this age of cyberattacks and snooping, and companies know that which is why they spend big on cloud security experts.

Get this Advanced IT Cloud Security & Hacking Training Online Course for just $34

Coupled with the proper amount of experience, certified employees can serve as a crucial resource towards helping your company defend against a data breach.

Organizations can take their cloud security strategy one step further by hiring IT professionals with the proper certifications.

This advance level course Cost is around $1600. but Our special 95% Discount offer Brought you just  $34 for Course IT Cloud Security & Hacking Training Online Course which  includes 30 Hours of Expert level Training.
 

Benefits of this Cloud Security Course

This Complete Advanced IT Cloud Security & Hacking Training Online Course will walk you through in-depth understanding of cloud-based cyber risk and make you strong with extreme cloud security skills

It will cover complete Advanced Enterprise Security Techniques In This 30-Hour Training by Experienced cloud security Expert.

Get this Advanced IT Cloud Security & Hacking Training Online Course  for just $34

  • Access over 30 hours of training 24/7
  • Explore different types of cloud security threats & how to stop them
  • Gain the technical skills & knowledge to engineer & design secure solutions for advanced enterprise environments
  • Learn essential skills that IT security experts need to know to get certified
  • Use labs, games, & activities to verify your progress
  • Study locking down networks, providing top physical security, & monitoring & auditing security systems
  • Cloud-based hacking Techniques and Prevention methods.
Level Cybersecurity Certification Course will walk you through the skills and concepts you need to master this elite Advanced IT Cloud Security & Hacking Training Online certification 
This course has been designed to address real-world challenges so that the technologies and techniques covered can be applied to any situation.

Also Enroll:  Complete Ethical Hacking and Penetration Testing Course – Become a Professional Ethical Hacker

Details & Requirements

These all the Basic requirements and benefits

  • Length of time users can access this course: 12 months
  • Access options: web streaming
  • Certification of completion included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels
  • Internet required
  • Instant digital redemption

Get this Advanced IT Cloud Security & Hacking Training Online Course for just $34

There are other, less-known cloud security programs as well. Some Cloud platform providers offer product training. Some organizations even custom build a program at the request of a customer.

This complete Advanced IT Cloud Security & Hacking Training Online Course can be taken as self-study, this obviously is not a low-budget option. It does offer hands-on training and some labs, however, which could be worth the extra investment for organizations or individuals looking for a more technical experience.

Google Discovered New Tizi Android Spyware that can Spying WhatsApp, Viber, Skype, LinkedIn

Google Discovered New Tizi Android Spyware that can Spying WhatsApp, Viber, Skype, LinkedIn

A highly critical Tizi Android Spyware discovered from Google Play store that have rooting capabilities to spying the sensitive information in Android mobile users popular social media applications.

Tizi steals sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.

Also Read:  Facebook Image Removal Vulnerability allows Users to Delete any Photos

This spyware app Developers creating a website for promoting the spyware via social media to reach more number of peoples and trick them to install this Malicious spyware app.

Tizi-infected app

It mainly targeting  African countries, specifically: Kenya, Nigeria, and Tanzania . kenya is listed as most impact country by this  Tizi Android Spyware.but there was also a significant number of infections in Nigeria and Tanzania.

This malicious application discovered by google security scan and it mainly performing to gain the root access of the target and exploit the old vulnerabilities.

According to the Google report, around 1,300 devices affected by Tizi and still its rapidly spreading its variant around the world.

How Does Tizi Android Spyware Work?

Since earlier Tizi family variants didn’t have the rooting and obfuscation capabilities, newly spreading this Tizi gain root access of targeting phone is considering as a main future.

Once it gaining the root access of the targeting mobile , it will contact first to the command & control server by sending the SMS with the device’s GPS coordinates.

Communication between C&C Server and Tizi using HTTPS in some specific versions,Tizi uses the MQTT messaging protocol with a custom server.

After established the successful connection, Tiza backdoor performing some dangerous spying activities  such as  recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. 

According to Google, Tizi apps can also record ambient audio and take pictures without displaying the image on the device’s screen.

Tizi Android Spyware Exploiting related vulnerabilities are mainly  target older chipsets, devices, and Android versions.

But most of the vulnerabilities are already patched but Tizi Android Spyware always trying to gain some high level permission by sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls.

Tizi Android Spyware can root the device by exploiting one of the following local vulnerabilities:
  • CVE-2012-4220
  • CVE-2013-2596
  • CVE-2013-2597
  • CVE-2013-2595
  • CVE-2013-2094
  • CVE-2013-6282
  • CVE-2014-3153
  • CVE-2015-3636
  • CVE-2015-1805

Mitigation Steps for  PHA’s

Potentially Harmful Applications are always try to install some harmful malicious application into victims mobile. following steps are common mitigation step to protecting from PHA’s by Google.

  • Check permissions: Be cautious with apps that request unreasonable permissions. For example, a flashlight app shouldn’t need access to send SMS messages.
  • Enable a secure lock screen: Pick a PIN, pattern, or password that is easy for you to remember and hard for others to guess.
  • Update your device: Keep your device up-to-date with the latest security patches. Tizi exploited older and publicly known security vulnerabilities, so devices that have up-to-date security patches are less exposed to this kind of attack.
  • Google Play Protect: Ensure Google Play Protect is enabled.
  • Locate your device: Practice finding your device, because you are far more likely to lose your device than install a PHA.

Facebook Image Removal Vulnerability allows Users to Delete any Photos

Facebook Image Removal Vulnerability allows Users to Delete any Photos

Facebook recently introduced a poll feature which allows users to make votable questions as the status on both Android and iOS apps.

Security researcher Pouya Darabi found a vulnerability that allows anyone to delete any photo from the Facebook platform.

Facebook vulnerability

Darabi explains the vulnerability allows anyone can quickly change the Image ID that associated with any other image ID when sending the request to the facebook server.

Whenever a user tries to create a poll, a request containing gif URL or image id will be sent,
poll_question_data[options][][associated_image_id] contains the uploaded image id.
When this field value changes to any other images ID, that image will be shown in the poll.
After sending the request with another user image ID, a poll containing that image would be created.

If the poll creator deletes the Photo, it deletes victim images as well considering it as poll property.He reported the bug on November 3 and Facebook responds quickly and fixes the bug by 5 Nov 2017.

On November 8 Facebook Awarded $10,000 as bounty for his findings. Earlier this year Security researcher Dan Melamed came with a vulnerability that allows anyone to change the Video ID to any other video on the social media platform.

Before this Darabi found a couple of vulnerabilities with Facebook, in 2015, he found a CSRF on Facebook, and he was granted $15,000.

Linux Distributions Suffering with Denial of Service by systemd Vulnerability

Linux Distributions Suffering with Denial of Service by systemd Vulnerability

A Linux Suffering from systemd(System and Service Manager) vulnerability that leads to performing a Denial of Service in many Linux based Distributions.

Attacker Sending a DNS query to a DNS server by having a Vulnerable system eventually this vulnerability will exploit the Target Linux distribution systems.

systemd is an init system used in Linux distributions to bootstrap the userspace. Subsequently to booting, it is used to manage system processes.

Later, a specific crafted query will return to the DNS server which causes the systemd to perform an infinite loop that pins the system’s CPU usage to 100%.

Also Read: Multiple Denial of service Vulnerabilities Discovered in Linux kernel USB Subsystem

An attacker using phishing and social engineering attack to visit users system to Domain controller and later user will redirect to query the DNS.

Researchers created a custom DNS server which would send back maliciously formed replies to test this vulnerability.

Denial of Service

Packet capture of specially crafted DNS reply

Here a reply contains an NSEC record that is Designed to trigger the vulnerability.

Every time system running systemd uses it for DNS resolution, it will receive this specially crafted DNS packet, and the CPU utilization would hit 100%.

Denial of Service

Maximized CPU utilization

According to Trend Micro, New functions have been added to DNS over time, both to add new features and make it more secure. One of the new types of resource records added in DNS Security Extensions (DNSSEC), as defined in RFC 4034, was the NSEC (Next Secure) record.
The vulnerability lies in the processing of the bits representing pseudo-types in the NSEC bitmap

Patch this Vulnerability in systemd is the most effective way to fix this issue.Trend Micro reported to concern vendors via the Zero-Day Initiative (ZDI) in the same month.No attacks against this vulnerability are known to be in the wild yet.

Mitigation for Denial of Service in Linux

Trend Micro Provide following mitigation technique for this vulnerability.

As we noted earlier, fixes to this vulnerability have been released. We recommend applying these to systems at risk as soon as possible.

System administrators may also opt to block potentially malicious packets manually. Incoming DNS responses should be checked to see if they contain resource records as specified in section 4 of RFC 4034.

Monitor incoming DNS response traffic and detect if the DNS RRs in the answer section contains DNS and record of types as specified in the RFC 4034 section 4, which defines NSEC RRs. If the attached bitmap is processed and contains pseudo-types, it should be blocked

In-depth Analysis of Certificate Transparency – Detect Fake SSL Certificates

In-depth Analysis of Certificate Transparency – Detect Fake SSL Certificates

Certificate Transparency aims at increasing safety with TLS certificates. Most importantly CT was put in the place to defend mis-issuance.

Certificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CA, and domain users. Specifically, Certificate Transparency has three main goals:

Also Read: Fast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL Severs-A Detailed Analysis

Certificate Logs

Certificate logs are simple network services that maintain cryptographically assured, publicly auditable, append-only records of certificates. Anyone can submit certificates to a log, although certificate authorities will likely be the foremost submitters.

Likewise, anyone can query a log for a cryptographic proof, which can be used to verify that the log is behaving properly or verify that a particular certificate has been logged.

The number of log servers doesn’t have to be large (say, much less than a thousand worldwide), and each could be operated independently by a CA, an ISP, or any other interested party.

Monitors

Monitors are publicly run servers that periodically contact all of the log servers and watch for suspicious certificates.

For example, monitors can tell if an illegitimate or unauthorized certificate has been issued for a domain, and they can watch for certificates that have unusual certificate extensions or strange permissions, such as certificates that have CA capabilities.

A monitor acts much the same way as a credit-reporting alert, which tells you whenever someone applies for a loan or credit card in your name. Some monitors will be run by companies and organizations, such as Google, or a bank, or a government.

Others will be run as subscription services that domain owners and certificate authorities can buy into. Tech-savvy individuals can run their own monitors.

ct1

Auditors

Auditors are lightweight software components that typically perform two functions. First, they can verify that logs are behaving correctly and are cryptographically consistent.

If a log is not behaving properly, then the log will need to explain itself or risk being shut down. Second, they can verify that a particular certificate appears in a log.
 
This is a particularly important auditing function because the Certificate Transparency framework requires that all SSL certificates be registered in a log. If a certificate has not been registered in a log, it’s a sign that the certificate is suspect, and TLS clients may refuse to connect to sites that have suspect certificates.
 

How Certificate Transparency works?

Components of Certificate Transparency 

  1. Certificate Authorities CA (Comodo, DigiCert, Verisign, Thawte)
  2. Log Servers that act as public repositories for the certificate records.
  3. The browsers of any client accepting certificates (they act as auditors)
  4. Publicly run servers that monitor newly added certificate logs to check for mis-issuances

The following occurs when a CA logs a certificate:

  1. The CA creates what is called a “pre-certificate,” which contains the SSL Certificate’s information. The CA then sends this pre-certificate to its trusted Log server.
  2. The Log server then accepts this information and returns a “signed certificate timestamp” or SCT. The SCT essentially promises to log the certificate within a certain period of time. This time frame is known as the Maximum Merge Delay or MMD—it may never exceed 24 hours.
ssl
  1. The SCT is then accepted by the CA and added to the body of the SSL Certificate (or sometimes presented by other means). The SCT’s presence is, itself, a signal that the certificate has been published in a CT log.

There are three ways for an SCT to be delivered with the SSL Certificate:

  • X509v3 Extension
  • TLS Extension
  • OCSP Stapling
ssl1

Advantages of Certificate Transparency

  • Early detection of misissued certificates, malicious certificates, and rogue CAs.
  • Faster mitigation after suspect certificates or CAs is detected.
  • Better oversight of the entire TLS/SSL system.

Imgur Data Breach Exposed 1.7 Million Users Emails and Passwords by Hackers

Imgur Data Breach Exposed 1.7 Million Users Emails and Passwords by Hackers

Imgur Data Breach exposed almost 1.7 Million Users sensitive Emails and Passwords that was occurred in 2014.

Imgur is an online image sharing community which has 150 Million total users, 6 Billion page views per month, 1.5 Million Images uploading daily by Imgur visitors.

This potential Imgur Data Breach was reported by a Web security Expert Troy hunt who is actively running Data Breach services called  Have I Been Pwned.

Imgur Data Breach Investigation

After his Incident Report passed to Imgur’s Chief Operating Officer via Email. Further investigation revealed, and Imgur team finally confirmed that approximately 1.7 million Imgur user accounts were compromised in 2014.

Since Imgur has never asked for real names, addresses, phone numbers, or other personally-identifying information (“PII”), so the information that was compromised did NOT include such PII.

At that time Imgur used an older hashing algorithm that leads to hackers performing Brute force attack against the Imgur Website.

Troyhunt  said, “I disclosed this incident to Imgur late in the day in the midst of the US Thanksgiving holidays,” said Hunt. “That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary.”

Imgur Started notifying to impacted users via their registered email address, and they urged to update their passwords.

According to Imgur, we are still actively investigating the intrusion; we wanted to inform you as quickly as possible as to what we know and what we are doing in response. But Imgur said that site security had improved since the breach.

Some of Very Recent Data Leaked Online

  1. Famous Cosmetic Company “Tarte” leaked 2 Million Customers Personal Data Online
  2. Fashion Retailer FOREVER 21 Admits Payment Card Security Breach
  3. Accenture Data Leak Exposed 137 Gigabytes of Highly Sensitive Data Online
  4.  Deloitte Hacked by Cyber Criminals and Revealed Client & Employee’s Secret Emails
  5. Leading research and advisory firms Forrester was hacked
  6. Disqus confirms it’s been hacked and more than 17.5 Million Users Details Exposed
  7. Gaming Service R6DB Database deleted By Hackers and held for Ransom
  8. Biggest Hack Ever – Each and Every Single Yahoo Account Was Hacked in 2013
  9. Pizza Hut Hacked – Users Reporting Fraudulent Transactions on their Cards
  10. Hyatt Hotels Data Breach Exposed 41 Hotel Customers Payment Card Information
  11. Verizon Wireless Confidential DataLeaked Accidentally by Its Employee
  12. ABC Company Massive Data Leaked online from Amazon S3 Bucket
  13. Pentagon Data Leak Exposed 1.8 Billion of Social Media Surveillance Data
  14. Uber Data Breach Exposed Personal Information of 57 Million Uber Users
  15. HP Exposed more than 400,000 Customers Sensitive Information Online