10000

now browsing by tag

 
 

#school | #ransomware | Michigan District school faces a ransomware attack; hackers demand $10,000 in BTC.

Source: National Cyber Security – Produced By Gregory Evans

According to a local news report, the Richard Community school in Michigan was hacked over the winter holidays, and the hacker encrypted the school’s sever using ransomware attack. The hackers have demanded $10,000 in bitcoin to restore the server. The School’s IT department revealed that the hack had occurred on December 27.

 

School refuses to pay ransom to hackers.

The Michigan district school’s IT department immediately shut down the server after discovering the hack and made sure the back serves had not been compromised. The school informed the Michigan police and are trying to track down the hacker. The hack had affected the school district’s telephones, copiers, classroom technology, and even the heating system, but no student’s or staff’s personal information was compromised, according to the school. The server is expected to be back up and running before school resumes next week.

 

Increase in ransomware attacks around the world.

The ransomware attack on the Michigan district school was not an isolated incident. There have been several ransomware attack reports from around the world. The most common targets for these hackers are schools, hospitals, and local businesses. Last year three schools alone in New York faced the similar attacks. In November 2019, the Mexican state-owned petroleum company Pemex also suffered a ransomware attack where hackers had demanded $5 million in BTC to decrypt the server.

Source link

The post #school | #ransomware | Michigan District school faces a ransomware attack; hackers demand $10,000 in BTC. appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers have made just 3.7 bitcoin – or less than $10,000 – with the latest cyberattack

Source: National Cyber Security – Produced By Gregory Evans

Those behind the recent cyberattack affecting businesses around Europe have successful received a total of nearly 4 bitcoins, worth around $9621 at today’s price. On Tuesday, reports emerged of a ransomware virus affecting businesses and governments throughout Eastern Europe. Ukraine and Russia have been particularly affected. The malware, which has…

The post Hackers have made just 3.7 bitcoin – or less than $10,000 – with the latest cyberattack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Researchers Get $10,000 for Hacking Google Server with Malicious XML

A critical vulnerability has been uncovered in Google that could allow an attacker to access the internal files of Google’s production servers. Sounds ridiculous but has been proven by the security researchers from Detectify.The vulnerability resides in the Toolbar Button Gallery (as shown). The team of researchers found a loophole after they noticed that Google Toolbar Button Gallery allows users to customize their toolbars with new buttons. So, for the developers, it is easy to create their own buttons by uploading XML files containing metadata for styling and other such properties.This feature of Google search engine is vulnerable to XML External Entity (XXE).

 

It is an XML injection that allows an attacker to force a badly configured XML parser to “include” or “load” unwanted functionality that can compromise the security of a web application.“The root cause of XXE vulnerabilities is naive XML parsers that blindly interpret the DTD of the user supplied XML documents. By doing so, you risk having your parser doing a bunch of nasty things. Some issues include: local file access, SSRF and remote file includes, Denial of Service and possible remote code execution. If you want to know how to patch these issues, check out the OWASP page on how to secure XML parsers in various languages and platforms,” the researchers wrote on a blog post. Using the same, the researchers crafted their own button containing fishy XML entities. By sending it, they gain access to internal files stored in one of Google’s production servers and managed to read the “/etc/passwd” and the “/etc/hosts” files from the server.By exploiting the same vulnerability the researchers said they could have access any other file on their server, or could have gain access to their internal systems through the SSRF exploitation.The researchers straight away reported the vulnerability to the Google’s security team and rewarded with $10,000 (€7,200) bounty for identifying an XML External Entity (XXE) vulnerability in one of the search engine’s features.

Source: http://whogothack.blogspot.co.uk/2014/04/researchers-get-10000-for-hacking.html#.Vk44iVUrLIU

The post Researchers Get $10,000 for Hacking Google Server with Malicious XML appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

First Paid Fake Android Antivirus App Downloaded 10,000 times from Google Play Store

Well, we all are very conscious, when it comes to the security of our personal information, security of our financial data and security of everything related to us. In the world of Smart devices where our Smartphones knows more than we know ourselves.To keep our device protected from harmful viruses, malware or spyware, we totally depend on various security products such as antivirus, firewall and privacy guard apps, that we typically install from some trusted sources, Google Play Store. Most Antivirus apps are available to download for free, but some of them are paid with extra premium features like advance firewall protection, anti theft, App Locker or Cloud Backup etc.But do you believe that just because you’re downloading an application from an official app store and also if its a premium paid version, you’re safe from malicious software? Think twice.In Past, Mobile Security Researchers had spotted numerous fake mobile antivirus scanners that were available for free download at Google’s Play marketplace, but its the first time when a cyber criminals are offering a fake, but paid Antivirus Solution called ‘Virus Shield’ for your Android device at Google’s play store.Virus Shield masquerade itself as an antivirus that claims to “protect you and your personal information from harmful viruses, malware, and spyware” and also “Improve the speed of your phone,” which it does with just a click. Moreover, it claims to have least effect on battery, run in the background, and in addition it also acts as adblock software that will stop those “pesky advertisements,” which we deal every day.MORE THAN $40,000 FRAUD AT GOOGLE PLAY STOREVirus Shield antivirus app costs $3.99, and has been on the Google Play Store for just over a week and has already been successfully downloaded more than 10,000 times by Smartphones users with a 4.7 star review from 1,700 people, that means total amount received by developer is more than $40,000.Even 2,607 users had hit the Google “recommend” button, which means that the antivirus app must be doing great to users who look for trusted and efficient antivirus app to secure their devices.Surely it doesn’t scan or detect anything. Android Police has discovered that the app only changes a red “X” graphic to a red “check” graphic, that’s it, nothing less or more.

The virus shield antivirus app is a total scam and it doesn’t scan or secure your device, which means thousands of users have been scammed out of their money.When the creator (email : Jesse_Carter@live.com) tracked down by the investigators, it revealed that the creator was a well known scammer who was also accused and banned from forums for trying to scam people out of various low-valued online game items. You can check out the code for yourself from here, as the android police have decompiled the app and mirrored the java code on GitHub.There is no such way to protect you from these kinds of fraudsters. All you can do is report the Virus Shield via the Play Store app by listing the app’s “flag as inappropriate,” then tap “other objection” and write about the app’s fraud to users. Alternatively, you can report it on the web. Users are advised to only download applications from known and trusted publishers.

Source: http://whogothack.blogspot.co.uk/2014/04/first-paid-fake-android-antivirus-app.html#.Vj-X1_mqqko

The post First Paid Fake Android Antivirus App Downloaded 10,000 times from Google Play Store appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

Researchers got Rewarded by $10,000 for Reporting XXE Vulnerability in Google

A critical bug XXE vulnerability has been found by researchers which let researchers access the internal files of Google’s production servers. Sounds surprising but it has been really found by hackers which let hackers read any internal files.

As shown, the vulnerability was in Google Toolbar Button Gallery. Team of Researchers found a bug when they noticed that google allows users to customize their toolbars with adding new buttons. For developers its easy to make their own new buttons by uploading XML files containing Meta Data for styling.

This vulnerability can be called as “XML External Entity(XXE) or “XML Injection“. The researchers crafted there own buttons, by uploading it they gained access to internal files of Google Production server like they managed to read “/etc/passwd” and “/etc/hosts“.
The team of researchers reported the vulnerability to Google  as we all know , Google is having a famous bug bounty program, When they reported XXE vulnerability to Google so they rewarded the researchers which $10,000 for identifying bug in search engine’s feature.

Source: http://whogothack.blogspot.co.uk/2014/04/researchers-got-rewarded-by-10000-for.html#.Vhp1Lfmqqko

The post Researchers got Rewarded by $10,000 for Reporting XXE Vulnerability in Google appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

This Guy Convinced Google, Dropcam, Pinterest To Let 10,000 Hackers AttackNational Cyber Security

nationalcybersecurity.com – A startup called Bugcrowd has built a network of 11,700 hackers (and growing) worldwide. They are tasked with ripping into software and websites like trained attack dogs. The more bugs they find, t…

View full post on Hi-Tech Crime Solutions Weekly

This Guy Convinced Google, Dropcam, Pinterest To Let 10,000 Hackers Attack

This Guy Convinced Google, Dropcam, Pinterest To Let 10,000 Hackers Attack

A startup called Bugcrowd has built a network of 11,700 hackers (and growing) worldwide. They are tasked with ripping into software and websites like trained attack dogs. When they find a bug, they get paid. The more bugs they find, […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security