hijack

now browsing by tag

 
 

iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps

Source: National Cyber Security – Produced By Gregory Evans

iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps

The cyber security community is still reeling after the revelation of the KRACK security vulnerability that breaks down Wi-Fi encryption. Now it seems another Wi-Fi-based bug has also been discovered.

Presented at the global Pwn2Own hacking contest in Tokyo, a team of researchers demonstrated how a separate Wi-Fi bug could be exploited to gain entry to iPhones and install malicious apps on them without the owners knowledge.

The details of the threat haven’t been made public yet as Apple hasn’t had time to patch the flaw. It’s discovery was enough to net the Tencent Keen Security Lab the top prize of $110,000.

The hacking contest is set up and run by the Zero Day Initiative, which seeks to find vulnerabilities in popular products and services and alert the manufacturers in time.

According to the official event page , the Tencent Keen Security Lab team used “code exectution through a WiFi bug” to escalate “privileges to persist through a reboot.” Effectively breaking through an iPhone’s lock screen through a Wi-Fi network.

The flaw will be relayed to Apple which could offer a software patch to close the gap.

“Once we verify the research presented is a true 0-day exploit, we immediately disclose the vulnerability to the vendor, who then has 90 days to release a fix,” explains the Zero Day Institute.

“Representatives from Apple, Google, and Huawei are all here and able to ask questions of the researchers if needed.

“At the end of the disclosure deadline, if a vendor is unresponsive or unable to provide a reasonable statement as to why the vulnerability is not fixed, the ZDI will publish a limited advisory including mitigation in an effort to enable the defensive community to protect users.”

As ever, from a security standpoint it is always advisable to make sure your phone is running the latest OS version and you closely vet the permissions you give to certain apps.

The post iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Attackers #hijack #state agency #server for #malware

Source: National Cyber Security – Produced By Gregory Evans

Attackers #hijack #state agency #server for #malware

Cybercriminals are always upping their game. One of their latest gambits, a sophisticated phishing attack that involved hosting malware on at least one state’s government servers, shows that they may be outpacing the good guys.

The multistage targeted attack, discovered and announced last week by researchers at the Cisco Talos threat intelligence group, began with the bad actors creating a realistic-looking “spoof” email that purported to be from the Securities and Exchange Commission. This spear-phishing email was sent out to a number of government agencies in a highly targeted scheme, which the researchers deduce came from a motivated threat actor or group that continues to operate.

At the government agencies where the phishing emails succeeded, the online criminals were able to surreptitiously plant malicious code on government servers in at least one state, Louisiana, to create a “malware infection chain” likely to dupe other targets. Representatives from the state of Louisiana had no comment for this story.

According to Craig Williams, senior technical leader at Cisco Talos, this attack is similar to previous so-called DNSMessenger attacks, which have become more frequent this year, whereby sophisticated techniques are used to infect legitimate enterprise and government computer systems with viruses, ransomware, Trojans and other types of malware.

“We have threat hunting techniques specifically designed to detect DNSMessenger,” said Williams, describing how he and his team of researchers tracked this exploit and the infected state government server. “Once we examined the malware sample, that led us to the web server.” He added that it appeared only “a single server” was affected.

While the researchers appear to have exposed this attack before it could gain too much traction (and impact more government servers), the growing creativity and sophistication of both the phishing attacks and hackers’ ability to insert malware into a legitimate government enterprise servers underscores how much more crafty and talented cybercriminals are becoming, according to Williams. “By using ‘known good’ servers, attackers are hoping to go unnoticed,” he said. “No one would normally question someone connecting to a state of Louisiana public web server, for example.”

And the government sector is becoming an increasingly attractive target for such attacks. According to the 2017 U.S. State and Federal Government Cybersecurity Report, released in August 2017 by SecurityScorecard, government organizations received the lowest security scores across multiple sectors, including transportation, retail and healthcare. “It’s clear that cybersecurity incidents are not going anywhere and that government will continue to remain a target,” the report concluded. “But with technology propelling forward and hackers as motivated as ever, government agencies are struggling to put up effective cybersecurity defenses, and hackers are taking advantage.”

Williams agreed. “We will likely see the actors behind DNSMessenger continue to use any public server they can compromise,” he said. “It helps the actors hide their infrastructure and go undetected longer.”

The post Attackers #hijack #state agency #server for #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #hackers can #hijack your #computer to make free #money

Source: National Cyber Security – Produced By Gregory Evans

How hackers can hijack your computer to make free money

If you experienced a sudden drop of performance when visiting Politifact on Friday, it was most likely because the popular fact-checking website was fast busy taxing your computer’s resources to make money—and no, you’re not getting a cut.

Hackers allegedly compromised the website and inflicted it with a cryptocurrency-mining script, a program that uses visitors’ CPU power to generate Monero, a digital currency like Bitcoin that professes anonymity.

The same script appeared on Showtime’s website late last month, though it was quickly removed after news broke on Twitter and several tech publications. Showtime never made it clear whether the script was added intentionally or was the result of their website being compromised. Pirate Bay intentionally experimented with the script but later removed it due to negative visitor feedback.

These are just a few of the increasing number of cases where the resources of computers like yours or mine have been hijacked to generate digital money without their owners’ consent. With the prices of cryptocurrencies steadily rising, plenty of people—including malicious hackers—are on the lookout to pad their wallets.

What is cryptocurrency mining?

While you can always buy cryptocurrencies on online exchanges, an alternative way to obtain them is to “mine” them, which will cost nothing if others are doing it for you.

Cryptocurrencies run on blockchain technology, a distributed ledger that exists on thousands of computers at the same time and obviates the need for middlemen and brokers such as banks and financial institutions. Records are stored on the ledger in blocks and are linked together through cryptographic equations, hence the name.

Before a new block is added to the blockchain, it has to be validated and verified through solving complicated mathematical problems. The process, called mining, requires a lot of computing power and ensures that no one can compromise the integrity of the system.

Anyone can become a miner by installing mining software and joining the network. The first miner to solve the equation gets to append the new block to the blockchain and be rewarded in cryptocurrencies and transaction fees.

Mining bitcoins requires huge amounts of computing power and requires specialized hardware available in large data centers. On the other hand, Monero, which was launched in 2014, can be mined with ordinary CPUs. Hackers can easily get involved by assembling a mining botnet, a network of computers infected with malware that enables cybercriminals to control them from afar.

How hackers are mining cryptocurrencies

Coinhive, the script used on the Showtime and Pirate Bay sites, was developed by a namesake company earlier this year and was introduced as “a viable alternative to intrusive and annoying ads that litter so many websites today.” It was also meant to address the rise of ad-blockers, which are hurting the bottom line of websites that rely on ads. The hosting website takes 70 percent of the proceeds and the rest goes to Coinhive. (The user naturally gets nothing.)

Given the inconspicuous way the script works, it has become a favorite money-making tool for hackers. In the past weeks, the script has popped up in numerous Google Chrome extensions and hacked WordPress and Magento websites.

Coinhive has expressed disappointment in the shady use of its tools and has promised to alter the script to obtain visitors’ consent before using their CPU for mining in the future. Meanwhile, several ad-blockers have added support to block Coinhive’s script.

However, Coinhive is not the only tool hackers are using to mine cryptocurrencies. Cryptocurrency mining malware and schemes have been around for several years. But the past months have seen a spike in mining activity, largely due to the rising price of cryptocurrencies.

Slovakian cybersecurity vendor ESET recently discovered a malware that exploits unpatched vulnerabilities in Windows Server 2003 machines to mine tens of thousands of dollars’ worth of Monero every month.

Kaspersky Labs reported that cryptocurrency-mining malware has targeted more than 1.65 million computers in the first eight months of 2017, an uptick compared to previous years. IBM’s X-Force security team has found a sixfold increase in cryptocurrency-mining attacks aimed at enterprise networks.

How to protect yourself against cryptocurrency miners

While cryptocurrency miners won’t steal your data or encrypt your files like other malware, they are annoying nonetheless and can negatively impact the performance of your computer. Here are several ways you can prevent hackers from lining their pockets with your CPU:

Install an antivirus and keep it up to date: Most antivirus solutions detect and removing cryptocurrency mining tools as harmful software.

Install an ad-blocker: If you’re using AdBlock Plus or AdGuard, both block Coinhive’s JS library.
Install a cryptomining blocker extension on your browser: Developers have created Chrome extensions that scan your browser and terminate scripts that “look” like Coinhive. AntiMiner, No Coin, and minerBlock are three plugins that will help protect you against cryptocurrency miner scripts.

Source:

The post How #hackers can #hijack your #computer to make free #money appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Pakistani Hackers Hijack Google Website

Source: National Cyber Security – Produced By Gregory Evans

Pakistani Hackers Hijack Google Website

The Bangladesh domain belonging to Google is the latest to become the victim of hackers, as a group of attackers apparently coming from Pakistan managed to deface the search engine page and post their own message on the site.
Hackers

The post Pakistani Hackers Hijack Google Website appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

This is how hackers can hijack cell phone towers!

cell-phone-tower-hacking

Source: National Cyber Security – Produced By Gregory Evans

This is how hackers can hijack cell phone towers!

Attackers Hijack Cellular Phone Towers Thanks To Critical Flaws
You and I are afraid of somebody hacking our smartphones and stealing critical information, but what happens when hackers hijack a whole cellular network by hacking into cellphone towers? No, this

The post This is how hackers can hijack cell phone towers! appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers hijack Jeep’s computer system, crash it from miles away

Source: National Cyber Security – Produced By Gregory Evans

Two hackers hijacked the controls of a speeding Jeep Cherokee and cut the engine on a St. Louis highway — all from laptops miles away. They later steered the SUV around an empty parking lot, disabling the brakes as the driver pumped the useless pedal and crashed head on into a ditch. The terrifying stunt, conducted with the help of a reporter for Wired, revealed a potentially fatal flaw in the growing number of high-tech rides. Hackers Charlie Miller and Chris Valasek claim nearly a half-million vehicles are vulnerable across the country and the numbers are growing. “This is what everyone who thinks about car security has worried about for years,” Miller told Wired. “This is a reality.” The virtual backseat drivers can slip in through a vehicle’s smartphone-friendly entertainment system and wreak havoc on other computer-controlled operations — basically everything in modern automobiles. Miller and Valasek, both cybersecurity researchers, claim they’ve warned carmakers about the danger for years but no one took them seriously — so they decided to prove it. The two sent Wired reporter Andy Greenberg on the road in a Jeep and launched a cyber attack as he hit speeds of 70 mph on a Missouri […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Hackers hijack Jeep’s computer system, crash it from miles away appeared first on National Cyber Security.

View full post on National Cyber Security

Rugby World Cup 2015 tickets: Cyber criminals plotting to hijack launch

Rugby World Cup 2015 tickets: Cyber criminals plotting to hijack launch

Organised criminals with links to the arms and drugs trade were on Wednesday night plotting to hijack the Rugby World Cup ticket launch and hold countless ordinary fans to ransom on the secondary market. Tournament organisers and senior police officers […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Repeated attacks hijack huge chunks of Internet traffic, researchers warn

  Huge chunks of Internet traffic belonging to financial institutions, government agencies, and network service providers have repeatedly been diverted to distant locations under unexplained circumstances that are stoking suspicions the traffic may be surreptitiously monitored or modified before being passed along to its final destination. Researchers from network intelligence firm Renesys made that sobering assessment in […] View full post on Gregory d. evans