Insanely News

Diffusione di informazioni obiettive e costruttive.

Insanely News

Categoria: Hacking

wannacry ransomware

New Global Ransomware attack creates turmoil across the Globe

(InsanelyNews) Computer systems across the world are attacked by a ransomware, which bore similarities to a recent assault that crippled millions of network.

Many companies in Russia, United States, and across the globe are reporting that their It systems are being disrupted as a result of the cyber attack. British advertising agency WPP, Ukrainian firms, including the state power company and Kiev’s main airport, were among the first to report about the issue.

The Ukrainian’s Nuclear Power Plant, Chernobyl, had to switch manual checking of radiation level after its Window-based sensors were affected by a cyber attack.

According to the Experts, the malware is exploiting the same weaknesses that were used by the WannaCry ransomware attack last month.

“It initially appeared to be a variant of a piece of ransomware that emerged last year,” said computer scientist Prof Alan Woodward. “The ransomware was called Petya and the updated version Petrwrap. “However, now that’s not so clear.” The Russian cyber security firm Kaspersky Lab said that the malware was a “new ransomware that has not been seen before,” but it resembles Petya, an old malware. As a result, the firm named it NotPetya.

They reported that it attacks had been detected in Poland, Italy, Germany, France and the US in addition to the UK, Russia, and Ukraine.

 

Source

cybersecurity

Cybersecurity threats emerging from webcams worldwide

(InsanelyNews) Webcams which are utilised for numerous applications both at individual and organisational levels have transformed into new cybersecurity dangers, another report said on Tuesday. As indicated by a report titled “Vulnerabilities in Foscam IP Cameras” by Finland-based digital security firm F-Secure, different vulnerabilities are tormenting a huge number of web-associated cameras around the world.

The scientists found an aggregate of 18 vulnerabilities in these webcams and expressed that an aggressor can see the video sustain, control the camera operation and transfer and download records from the inherent FTP server.

“Foscam-made IP cameras have multiple vulnerabilities that can lead to full device compromise,” the report claimed.

“An unauthenticated attacker can persistently compromise these cameras by employing a number of different methods leading to full loss of confidentiality, integrity and availability, depending on the actions of the attacker,” it added.

F-secure informed Foscam about the vulnerabilities, however, got no reaction. As indicated by F-secure, Foscam has purportedly a background marked by bugs enabling access to video nourishes from IP cameras and infant screens.

Source

hacker news virgin media

HACKER NEWS: VIRGIN MEDIA ROUTERS VULNERABLE

(InsanelyNews) HACKER NEWS: Virgin Media has cautioned 800,000 clients using its Super Hub 2 switch to change their passwords in light of the fact that a security helplessness could open their passwords to programmers, empowering aggressors to pick up control of other brilliant gadgets on the system.

Hacker News

The organization says that the danger of trade off is just negligible, however, clients who haven’t changed the default watchword shown on a sticker connected to the switch to change both that and their system secret key with a specific end goal to ensure against potential assaults.

Virgin has exhorted Super Hub 2 clients to change to a “one of a kind” secret word which ought to contain no less than 12 characters utilizing a blend of upper and lower case letters and numbers.

The notice comes after an examination by moral programmers at SureCloud who discovered they could invade Super Hub 2 and utilize it to access to other family unit associated gadgets including youngsters’ toys, web associated IP cameras, smartlocks and that’s only the tip of the iceberg. Indeed, even Amazon Echo was found to have a defenselessness with respect to voice requesting, yet it was difficult to break. An aggregate of 15 gadgets were associated with a testing domain and scientists discovered vulnerabilities in eight of them, including the Super Hub 2 switch, the passage to every one of the gadgets inside the earth. Moral programmers say they could rupture it inside days.

In any case, Virgin Media, while noticing the helplessness, have indicated this being an issue which exists of all switches of this age, however that the organization, and also issuing exhortation to change passwords, will be overhauling clients to a more up to date form of the switch. “The security of our system and of our clients is of principal significance to us. We consistently overhaul our frameworks and hardware to guarantee that we meet all present industry gauges,” said a Virgin Media representative told ZDNet.

Source

malware

Bitcoin : created a malware for Raspberry-Pi that produces them

(InsanelyNews) A  Russian security site Dr.Web has discovered a new malware called Linux.MulDrop.14 which is striking Raspberry Pi computers.

While examining the two different Pi-based trojans-including Linux.MulDrop.14. They found a trojan that uses Pi to mine BitCoins some form of crypto currency. However, the another trojan sets up a proxy server. According to the website: “Linux Trojan that is a bash script containing a mining program, which is compressed with gzip and encrypted with base64. Once launched, the script shuts down several processes and installs libraries required for its operation. It also installs zmap and sshpass.

It changes the password of the user “pi” to “\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1”. The malware is programmed to search for network machines which have open port 22, and then it tries to log in using the default Raspberry Pi credentials.

According to the reports of Hackaday (http://hackaday.com), “Embedded systems are inviting target for hackers. Sometimes it is for the value of the physical system they monitor or control. In others, it is just the compute power which can be used for denial of service attacks on others, spam, or — in the case — BitCoin mining. We wonder how large does your Raspberry Pi botnet needs to be to compete in the mining realm?” The users should change their default passwords on their  Pi, so to avoid any kind of problem. And it is advised that users must use two-factor authentication.

 

Source

firefox

Firefox : Mozilla releases update for Firefox 54

(InsanelyNews) Mozilla has released a patch for a most dangerous bug and  total of 32 bugs, in the Firefox 54 browser

The company has published latest security advisory on Tuesday, three of the resolved vulnerability included the critical ones.  The bug now resolved is a use-after-free vulnerability in the Firefox 54 browser.

The vulnerability, CVE-2017-5472, was the most dangerous vulnerability. Security researcher Nils,  within the Firefox frame loader, discovered it during tree reconstruction while regenerating a CSS layout. Whenever the browser tried to using a node in the tree there is a potentially exploitable crash because the tree no longer exists. In the latest update, three other dangerous vulnerabilities were also sloved.

“One vulnerability is (CVE-2017-7749)  use-after-free vulnerability when using an incorrect URL during the reloading of a docshell, another use-after-free vulnerability which occurs during video control operations when a < track > element holds a reference to an older window if that window has been replaced in the DOM (CVE-2017-7750), and a third use-after-free vulnerability with content viewer-listeners (CVE-2017-7751).”

All of these vulnerabilities resulted in a  crash which could be exploited easily. In addition to the critical vulnerabilities, Mozilla has patched six other bugs which had high impact.  A security flaw in WebGl, an escalation bug in the Firefox installer,  out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory in the Graphite 2 library. Another bug, CVE-2017-7759, affected users of  Firefox operating system on the Android mobile. “Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local file: URLs, allowing for the reading of local data through a violation of same-origin policy,” Mozilla says.  Mozilla teams hope to lure users with the latest update which will reduce memory demands, increase performance and speed things up when surfing the Internet.

Source

malware

Malware responsible for Ukraine blackout is the most dangerous tool

(InsanelyNews) A week before last Christmas on December 17, hackers with suspected ties to Russia took down the electric transmission station north of Kiev city, blacking out a portion of the Ukranian capital for about an hour which was equivalent to a fifth of its total power capacity. The cyber security researchers have now found an advanced malware that may have triggered the blackout as a mere dry run.

 

Cybersecurity firms ESET and Dragos Inc. plan today to release detailed analyses of a piece of malware used to attack electric utility Ukrenergo seven months ago, what they say represents a dangerous advancement in critical infrastructure hacking. The researchers describe that malware, which they’ve alternately named “Industroyer” or “Crash Override,” as only the second-ever known case of malicious code purpose-built to disrupt physical systems. The first, Stuxnet, was used by the US and Israel to destroy centrifuges in an Iranian nuclear enrichment facility in 2009.

 

Crash Override is a completely new platform that was far more advanced than the general-purpose tools the same group used to attack Ukraine's power grid in December 2015. Instead of gaining access to the Ukrainian utilities’ networks and manually switching off power to electrical substations, as hackers did in 2015, the 2016 attack was fully automated. It was programmed to include the ability to “speak” directly to grid equipment, sending commands in the obscure protocols those controls use to switch the flow of power on and off. That means Crash Override could perform blackout attacks more quickly, with far less preparation, and with far fewer humans managing it, says Dragos’ Rob Lee.

 

This discovery is prompting concerns that the attack tools can be used against a broad range of electric grids around the world to sabotage operations including America. The malware is designed to take advantage of the world’s outdated power grids to shut off electricity in entire cities. The malware targets circuit breakers and is able to hijack electrical systems from afar by taking advantage of communication protocols for power supply, infrastructure, transportation controls and water and gas systems used all over the world which can hit more closer to home than email and data breaches.

 

The researchers say this new malware can automate mass power outages and includes swappable, plug-in components that could allow it to be adapted to different electric utilities, easily reused, or even launched simultaneously across multiple targets. They argue that those features suggest Crash Override could inflict outages far more widespread and longer lasting than the Kiev blackout.

 

What makes Crash Override so sophisticated is its ability to use the same arcane technical protocols that individual electric grid systems rely on to communicate with one another. The malware’s dangerousness lies in the fact that it uses protocols in the way they were designed to be used. The problem is that these protocols were designed decades ago, and back then industrial systems were meant to be isolated from the outside world. Thus, their communication protocols were not designed with security in mind. That means that the attackers didn't need to be looking for protocol vulnerabilities; all they needed was to teach the malware "to speak" those protocols. As such, the malware is more notable for its mastery of the industrial processes used by global grid operators than its robust code. Its fluency in the low-level grid languages allowed it to instruct Ukrainian devices to de-energize and re-energize substation lines.

 

As technology grows smarter and helps manage our homes, cities and businesses, it's become a prime target for both criminal and nation-state hackers. ESET security researcher Robert Lipovsky says, “If this is not a wake-up call, I don’t know what could be.”

 

The cyberattack-caused blackout in Kiev didn't lead to any disasters, but experts warn that it's only a preview of the future of cyber warfare.

 

Attacks targeting infrastructure can lead to chaos, like when engineers hacked into Los Angeles' traffic signal system and purposely created traffic jams. That makes it the biggest threat to industrial systems.

Source

wannacry ransomware

WannaCry: ” Millions of devices still vulnerable “

(InsanelyNews) In the annual National Exposure Index report, Rapid7 has revealed that post-WannaCry still 160 million devices have open ports which include computers, IoT devices and servers that should not be exposed to the public network. About 15% of healthcare organisations are running on outdated systems or browsers. While many of these organisations simply lack the funding to update its systems, outdated platforms put these providers at risk.
 
The ambitious project scanned more than three billion IP-addressable, public internet servers and checked for exposed services on 30 different ports on each device. The researchers also found that the file-sharing server message block (SMB) port 445 had exposed 5.5 million internet-connected devices. In 2016, 4.6 million internet-connected devices left port 445 wide open.
 
More than 800,000 of these were Microsoft Windows systems across most products and versions using SMB file-sharing protocol which were specifically vulnerable to wormable WannaCry ransomware.
 
The use of open source file-sharing software Samba also exposes organisations to risks of similar vulnerability exploits, said Tod Beardsley, principal security research manager at Rapid7.
 
This finding shows why the WannaCry ransomware attack in May 2017 spread so widely in a short period due to its use of an SMB exploit leaked by the Shadow Brokers hacking group. More than 200,000 computers in 150 countries were affected before the international security community was able to halt the spread of the malware.
 
Things are notably better when it comes to protecting vulnerable Telnet ports that fueled the Mirai botnets. The number of those ports vulnerable dropped from 15 million to 10 million during the past year–a 33 percent reduction.
 
In a rare move, Microsoft has released additional security patches for Windows XP and Server 2003 users to protect against potential nation-state activity and destructive cyber attacks, such as those seen in the WannaCry attacks on May 12. The security patches are included in the company’s June 12 patch and fix three outstanding vulnerabilities built by NSA.
 
Microsoft previously said it would not fix these exploits, but changed course upon recognising the elevated risk of disruptive cyber attacks.
 
In the report, Rapid 7 also looked at worst-offender nations when it comes to open and exposed ports. The most exposed regions include Zimbabwe, Hong Kong SAR, Samoa, the Congo Republic, Tajikistan, Romania, Ireland, Lithuania, Australia and Estonia.
 
The report was aimed at highlighting the fact the Internet absent of cryptographic protection only encourages a hostile environment endangering both the virtual and the physical world of those devices connected to it.
 
Businesses are being urged to review what they are exposing to the internet to reduce their vulnerability to attack. A security firm has warned that there will be a major database attack in the next year unless businesses act to put in appropriate protection measures. Organisations should review their use of file-sharing services, identify where they are absolutely necessary, and eliminate them wherever possible.
 
Instead of using file-sharing services such as SMB and Samba, Beardsley said organisations should use cloud-based services that are inherently more secure through the use of HTTP over the Secure Sockets Layer (SSL), commonly known as HTTPS.
 
amazon hacking

Hacking: Amazon devices can be exploited to steal your bank account

(InsanelyNews) Hacking: while it may be convenient to walk into your home and turn the lights on by simply saying “Alexa” or “Ok Google,” a security expert has warned that devices like the Amazon Echo could pose a serious security risk. “If hackers find a way to compromise these devices in our homes, they could have it recording all of the time and you wouldn’t necessarily know,” explained cyber security expert Dr. Jason Nurse. “They could hear you discussing your holiday plans, so they know when you are away and could burgle you. They may hear you buying something on the phone, giving away your credit card details.”

Nurse’s comments came during a recent speech at the Cheltenham Science Festival. The cyber security expert explained that he is so concerned about the potential privacy risks that come with the use of devices like the Amazon Echo that he refuses to keep electronic assistants of any kind in his home.

But despite the fact that your banking information is put in jeopardy every time you turn on your Amazon Echo, the gadget is more popular than ever. With the ability to answer virtually any question you have, pick up commands even in a noisy room, track online shopping and even lower the thermostat, it’s easy to see why devices like the Amazon Echo are being used by millions of people across the country. But still, some are concerned that such gadgets are inviting electronic spies right into their living rooms.

“If there’s something private you want to say, the first thing you should do is mute the device… or turn it off,” Dr. Nurse advises. “You should think twice about what you say in front of these devices.” Dr. Nurse went on to explain that “someone else in your home may say the wake word without your knowledge and start it recording while you are discussing something private or sensitive.”

 

In the case of the Amazon Echo, the “wake word” is “Alexa,” and in the case of Google Home, the “wake word” is “Ok Google.”

Although an Amazon spokesperson claimed that they take customer privacy very seriously by the hacking operation, this isn’t the first time that the electronic commerce company has been surrounded by controversy. Back in April, Natural News reported on the potential privacy risks concerning the Echo Look, a $199 device recently released by Amazon that has the ability to watch you get dressed in your own bedroom. Even though the original purpose of the Echo Look was to give you recommendations on what to wear, many people are concerned that it could secretly record you during some of your most intimate moments.

With technology advancing at an astonishing rate and new devices coming out every year that once were only imaginable in science fiction films, our everyday lives are becoming more and more simplistic. We used to have no choice but to drive our own cars from point A to point B; now we have the option of purchasing a car that is able to drive itself. We used to have to walk into a dark house and feel around blindly for the light switch; now all we have to do is say “Alexa, turn on the lights.” Without question, life is much more convenient than it was even just five years ago.

But just because it is more convenient doesn’t mean it’s safer. As a matter of fact, one could argue that with the invention of devices like the Amazon Echo, people are more at risk of experiencing some type of privacy violation, whether it’s a video recording taken of you while you get dressed or a hacker stealing your banking information. That is why it is up to companies like Amazon and Google to continue looking for ways to protect the privacy rights of their customers, while simultaneously putting new products on the market.

Sources:

Dailymail.co.uk

NaturalNews.com

Android, qualcuno può controllare la vostra fotocamera

Siamo sicuri di essere al sicuro?!?

Kali Linux è una distro Linux creata ad hoc per scoprire le vulnerabilità e analizzarle. Android è un sistema operativo ormai diffusissimo ma ricco di vulnerabilità che si possono sfruttare per avere un accesso da amministratore.
Oggi come oggi con tutti dispositivi che sono connessi continuamente alla rete, c’è il bisogno di prendere le dovute precauzioni, in quanto con un pò di conoscenza in più, nel campo informatico, si può disporre del totale controllo di un dispositivo, anche se sta dall’altra parte del mondo.

Questa guida è a scopo dimostrativo e non vuole invogliare nessuno a violare la legge.

Powered by WordPress & Theme by Anders Norén

English English Italian Italian