www.infysec.com
Demystifying Innovations
DMA Locker is a dangerous ransomware, newly discovered, to lock your computer, denying access to your own files. It may cause great tension. This gradually infiltrates and encrypts stored data, and the message is displayed as “All of your files are encrypted by DMA Locker”. Also, DMA locker asks the victim to pay a ransom in exchange for a private key to decrypt the locked file.
As DMA Locker coding is so shoddy, sometimes the malware crashes before victim receives a ransom demand. As a result, users may find its computer inactive without knowing the reason behind it.
How it is Dangerous: Containing all the information regarding encryption and payment, this ransomware displays message stating victim must pay a 15 Bitcoin (BTC) ransom that is equivalent to US$6491.25. Or else, the encrypted data will be lost. Also, victims are provided the instructions to pay step by step. Actually, ransoms demanded by other ransomware type viruses fluctuates between 0.5 to 1.5, making DMA Lockers’ ransom higher.
Process of DMA Locker Removal: The bad news is that there are no tools able to decrypt the files or data. The best way to recover the files is to restore your system from backups. If you are backing up your information on the external server, before ransomware attacks your computer, it is very easy to recover the files or data logging in to the respective interface. Before doing this, ensure to remove the ransomware.
In order to remove the DMA Locker, if you are using Windows XP and Windows 7, restart your computer. During the start process, press F8 key multiple times until you see the Windows Advanced Option menu and select Safe Mode with Networking from the list.
If you are Window 8 users, go to windows 8 start screen, in the search result select setting, type Advanced. Click on Advanced start up options, in the opened 'General PC Settings' window, and then select advanced start up. Click on 'restart now button' to restart your computer into the 'Advanced Startup options menu'. Go ahead and click the 'troubleshoot' button, and click on 'advanced options' button. In the advanced option screen, click 'Startup Settings'. Then click on the ‘Restart button’. Your computer will restart into the startup setting screen. Press F5 to boot in safe mode with networking.
Despite of having high security, you may fall prey to criminals in any form. Do you believe, your customer data have not been stolen? Are your websites completely secured? To know, scan your websites and get the reports in details.
As all we know from the various news channels and websites that Israeli Power Grid Authority had undergone massive cyber attack. But the truth has been revealed that the Power Grid was not affected, the only Israeli Electricity Authority was affected.
Yuval Steinitz, Israel's energy minister, asserted stating, Israel's Electricity Authority, which is the regulator of the Israel power company, was hit by a severe cyber attack. The Power Grid itself was not affected at any cost.
Also, he stated, “The virus was already identified and the right software was already prepared to neutralize it,” he said. “We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should.”
Power Grid Not Affected: The huge misunderstanding between Electricity Authority and Power Grid has been relayed to the world through media. The real fact is that The Israel Electric Authority is no way related to the networks of the Israeli electric companies, distribution sites or transmission. The Israeli Electric Authority is a regulatory body of consisting of few members, and the cyber attack happened on their network.
Tim Erlin, director of security and risk at Tripwire, expressed in reply to the email of SCMagazineUK that the attack doesn't happen on Israel Power Grid, but on the regulatory body, The Electricity Authority. This difference is significant as transmission, generation and distribution facilities have a direct impact on electricity supply than the authority that regulates them.
Before going through this information, one must understand the difference between The Electricity Authority and The Power Grid. The misunderstanding between these two terms, created a lot of confusion.
Gil Shwed, CEO of Check Point Software Technologies, expressed another attack, stating Iran launched a cyber attack that targeted Israeli army generals, scientist and human rights activists in the Arabian Gulf. According to Gil Shwed, the attack commenced a few months ago targeting 1,600 people worldwide. People were sent emails that led to infect their computers with malware upon opening that particular email.
It is out of our predictions how attacks will affect us and in which form. However, precaution is always better than cure. If you are under regular precaution, you will not have to take steps to cure. Scan your websites and know the vulnerabilities to have precautions not to be the victim of cyber attacks.
A severe vulnerability, found in eBay online sale platform, could let attackers launch the Phishing Attack against visitors. Spreading across 30 countries and serving around 150 million active users, eBay has earned the crown of kings in the e-commerce platform. As a successful company, it is no surprise that it has been the target of many attackers. It is discovered that an eBay visitor can be tricked easily by bypassing eBay’s code validation and execute malicious Java script code on target eBay users.
How a visitor can be Tricked: It is very simple to trick visitors through this vulnerability. An Attacker can send a legitimate page that contains malicious code to the target users, and users can be tricked into opening the malicious page. That page triggers the code execution that leads to various attacks starting from Phishing to binary download.
This vulnerability is exposed by a security researcher of Check Point who states “This vulnerability allows attackers to bypass eBay’s code validation and control the vulnerable code remotely to execute malicious Java script code on targeted eBay users. If this flaw is left unpatched, eBay’s customers will continue to be exposed to potential phishing attacks and data theft.”
JSF**k Technique: This is an esoteric and educational programming style that’s based on the atomic parts of JavaScript which uses only six different characters to execute the code. An attacker can use this technique in the description to pull the code. While eBay denies users from including scripts and iFrames in the descriptions by filtering out HTML tags, the validation mechanism fails to validate in the presence of JSF**k code. This technique can bypass the various intrusion prevention systems and web application firewalls with the help of different characters to execute code.
This flaw provides cyber criminals an easiest way to exploit the users sending a link to an attractive product to execute the attack. The attack aims to spread the malware and steal the private information of users. In addition, an attacker could create an alternate login option pop up via Gmail or Facebook and take over the user’s account.
If you scroll down only ten pages, you will find hundred of cyber threats happening every day, especially, e-commerce companies face these problems due to various known or unknown vulnerabilities. Do scan your websites to know the vulnerability and patch it as soon as possible to avoid the cyber threats.
Vulnerabilities are the prime gateways of cyber crimes. Even though it is a small bug, it can be a big weapon of criminals. Three vulnerabilities have been found in Nginx web server that could provide opportunities for the attackers to exploit.
Flaws Found in Different Versions: These flaws are identified in Nginx versions between 0.6.18 and 1.9.9 where the resolver directive is used in the configuration file. An invalid pointer dereference, Use-after-free condition and CNAME resolution flaws, found in Ngnix server, are not much severe, but it can lead to cyber threat. In order to avoid the attacks, you can upgrade to the latest Nginx version 1.9.10 and 1.8.1.
Types of Flaws: As mentioned above, Ngnix Resolver holds three flaws: An invalid pointer dereference, Use-after-free condition and CNAME resolution.
- An invalid pointer dereference: This happens, while DNS server responds, enabling attackers to forge UDP packets from the DNS server to affect worker process crash. Apart from this, there are lots of impacts your website will have.
- Use-after-free condition: User-after-free condition may occur during CNAME response process. It allows attackers to trigger name resolution to cause worker process crash.
- CNAME resolution: The last flaw is Cname resolution that is insufficiently limited where an attacker can trigger arbitrary name resolution that leads to an excessive resource consumption in worker processes.
As per Nginx Security advisory, these problems affect only Nginx 0.6.18 and 1.9.9, if resolver directive is used in the configuration file.
Non-Security Flaws: Apart from these, there are few non security bugs have been discovered in Ngnix server. Nginx version 1.9.10, which is advisable to upgrade, has fixed the issue where the proxy_protocol parameter of the listen directive was not working properly. The other problem was that upstream servers cached incorrectly when using the Keepalive directive, which was fixed in version 1.9.10.
After version 1.7.11 introduced, few problems appeared which prevent Ngnix from starting on different old Linux variants. Version 1.8.1 has come up with the resolution of this problem.
Version 1.8.1 also fixed the issue that was appearing in a worker process, if the alias directives and try file were used inside a location. Other bugs were also fixed.
Recently, Nginx released its flagship product Ngnix Plus R8 that carries a lot of features and it has also improved HTML5 video caching features, HTTP2 capabilities and OAuth authentication. So, if you are running your websites on Nginx server, upgrade it as soon as possible. We, at DoWebScan, are also providing modules of vulnerability test and Penetration test with advanced features to keep your websites secured.
Thousands of e-commerce companies, using Magento, are at risk as critical bug found in Magento. If you are using Magento to run your websites, patch it as soon as possible to protect your websites from massive attacks.
Stored XSS Flaw in Magento: It is found that the stored cross–site scripting (XSS) vulnerability exists in all versions of Magento community edition 1.9.2.2 and earlier including enterprise edition 1.14.2.2 and earlier. There is a plethora of consequences of the stored cross–site scripting (XSS) flaws. An attacker can take over your website via administrator account, steal the credit card information and customers’ data and control the Magento based online store through this flaw.
How It is Exploitable: An attacker can embed the malicious Javascript code inside customer registration forms. Then Magento runs and executes the Javascript code in context of the administrator account that makes possible for an attacker to steal administrator session and have the control on entire server running the e-commerce platform.
According to Sucuri Advisory, "This vulnerability affects almost every install of Magento CE <1.9.2.3 and Magento EE <1.14.2.3. The buggy snippet is located inside Magento core libraries, more specifically within the administrator’s backend. Unless you’re behind a WAF or you have a very heavily modified administration panel, you’re at risk." "As this is a Stored XSS vulnerability, this issue could be used by attackers to take over your site, create new administrator accounts, steal client information, anything a legitimate administrator account is allowed to do."
However, this vulnerability is patched and fixed. So, the awareness of latest bug and fixing it soon, is always considered as an active security action. The regular vulnerability test is required to have your websites secured.
Are you aware of the various attempts taken by the hackers on your website? Everyday sophisticated trials are happening to hack your websites. Every moment is precious for you to protect your website. Even though you follow the regular security system, the tricky ways of hacking can crack the wall of your web security. Hacking is growing rapidly for every business both large and small. Now, the question is, why do Hackers hack your website? A plethora of reasons is roaming in the mind of hackers to target the websites.
Why Hackers Hack Your Website: The known reasons will help you to save your website from the massive cyber attacks. The most common reasons for hacking the websites are:
- Knock Down Your Business: The main goal of your competitors are to affect your website or business severely to shut down. Distributed Denial of Service (DDoS) is the most popular form of server Disruption attack.
- Economic Gains: This digital era has opened the various gates for hackers to steal the money through net banking by placing Banking Trojans. The net banking becomes more significant areas to steal the money.
- Gaining Information (Starting from employees’ data to company data): The most common motives of hackers to leak the information starting from employees’ data to company data that can lead to a great loss for your business.
-
Exposure of Customer’s information: Most of the hackers steal the potential customer’s information and sell it outside. This can break the seal of Trustworthy.
-
Credit Card Information Leakage: Online transaction provides the convenience, but it became the easiest way of privacy breach. Hackers try to steal the credit card information of the customers every day.
-
To Show the Potential: To grab the attention of people and show their own ability/skill, hackers target the popular websites to hack.
Methods of Hacking: “How do they hack“ is also important like “Why do they hack”. Below mentioned descriptions will provide you with fair ideas of various methods of hacking.
- Vulnerability Scanning: It refers to the security technique that identifies the weaknesses of the websites that can be the common gateway of several threats. By applying the sophisticated techniques, hackers can infiltrate the security system to gain the unauthorized access. Once your website has unethical trespassers, various gates will be opened for the hackers to have control on your domain. So, regular Vulnerability Scanning can save your websites from various threats.
- SQL Injection Attack: Hackers can edit, insert and modify the data through this form that can lead to the massive attacks.
- Cross Site Scripting Attack: This attack is also known as XSS attack. It is a type of injection in which malicious scripts are injected into, and XSS vulnerability originates when web applications take data from users and include it dynamically in web pages without validating the data properly.
- Cross-Site Request Forgery Attacks: It happens when a user logs into his account, and a hacker gets an opportunity to send the user forged HTTP request to gain his cookie information.
- DDOS Attack – Distributed Denial Of Service Attack: When a server or machine services are not available to its user, DDOS attacks happen. For instance; when a system is offline, a hacker can proceed to compromise either the entire website or a specific function of a website to their own advantage.
Protect Your Website: Having regular vulnerability Scanning and patching the flaws, offered by DoWebScan, will protect your website from hackers target. Regular scanning will provide you up to date report to keep a protective eye on your website to guard.
What is Kali Linux Rolling: After a long walk, the hacker’s favorite operating system Kali has raised its neck with first rolling releases on 21st January, 2016. Kali Linux is a powerful tool for penetration testing and it has more than 600 ethical hacking tools, in addition of Wireshark, Nmap, Armitage, Aircrack, Burp Suite etc. The last releases, Kali Linux 2.0 brought plethoras of features ranging from GNOME 3 to supporting KDE, GNOME3, Xfce, MATE, e17, lxde and i3wm. But Kali Linux Rolling came with more advanced features and more customizable.
New Changes in Kalli Linux Rolling: It came with the few changes that enable professionals to perform their tasks easily all the time.
- Continuously Updated Penetration Tools: The significant part is to ensure a constant flow of the latest package versions where Kali Linux Rolling ensures the latest stable releases of the tools. This usually takes a time of 24-48 hours from the notification of a new tool update to its packaging, testing, and pushing into our repositories.
- Kali Linux Package Tracker: This is another new feature Kali Linux rolling introduced, and it allows you to follow the evolution of Kali with the help of a powerful web-based interface. You can check the installed and newest versions of tools with the help of this tracker at any moment.
- Installation of VMware Guest Tools: This change emphasizes in the way how VMware guest tools are installed. This release looks after the VMware recommendation that suggests using distribution-specific open-vm-tools instead of the VMware Tools package for the guest machines.
VMware Tools & Open-VM-Tools: The VMware Tools package comes with the VMware products that contain both open source and closed source components while the open VMware Tools Package is just the open source component of the VMware Tools. In general the basic features of both are same, but there are very few extra things VMware Tools includes. If your Linux distro has a VMware Tools package in its repositories, it is based on Open VM Tools, not VMware Tools.
Why It Is Different: Kali Linux is designed to be used in a ”single root user” case, due to the nature of security audit. Most of the penetration testing tools need escalated privileges where as Kali Linux needs only enable root privileges when necessary. Top of that, It contains sysvinit hooks that disable network services by default. Also, it uses an upstream kernel, patched for wireless injection.
DoWebScan adheres all the Kali Linux standards to do penetration testing and uses the advanced tools to provide you accurate report in detail and appropriate solutions. Its aim is to provide strong security to your website with all advanced ways.
Being highlighted for getting trapped, you will gain only sympathy, but lose so many things ranging from reputation to customers’ trust. Currently, people investigate and check the histories and reviews of the companies before heading to purchase or having any services. Your website is your brand, when it becomes the big news for not having a strong security system and being victims of the skilled hackers, you lose a number of customers and their trust. So do you like to be the headline of well known channels and media websites?
Various Attacks: Let’s have an overview of the security realm and find the major attacks that happened earlier. Israeli power grid suffered from a huge cyber attack one day ago. Similarly, if we enumerate the data breach happenings, our hair will turn grey. The big companies that provide the security services others were not able to escape from the eyes of hackers. Starting from Kaspersky to PayPal were being highlighted for privacy breaches. All the data and private information leaked in a blink of an eye. Even the personal email account of the CIA’s (Central Intelligence Agency) director was compromised, which was really shocking. After seeing the sophisticated ways of hacking, you can’t tell that you are secured. No matter if it is a big or small, but criminal’s eyes are always on your web vulnerabilities to get into.
Identifications of the Attacks: In order to face these challenges or not to be affected, first know the root causes of the attacks. Once you have fair ideas on the existing flaws in your website, you can take the relevant solutions to protect your brand. There are various flaws starting from SQL Injection, Code Injection, Path traversal, Unvalidated redirects to XML Injection and Private IP aspanress disclosure through which hackers can get into your website to steal the information. The identification of these kinds of flaws is the first step of protecting your brand from the threats which DoWebScan offers in its scanning module.
Take the Best Preventive: There is no guarantee of ensuring your brand will not be on the list of the headline as hackers’ sophisticated strategies are out of our imaginations. So scanning is the best way to identify the flaws in order to avoid the unseen threats. Scan your website and get the vulnerability reports in detail to measure your security level. Based on the given report you can have the relevant protection plan.
In order to have tricks to handle upcoming threats, join us at our Webinar on 4th February, 2016 at 9:30 pm. So you will have a well-organized plan from the beginning of the year to defend the upcoming privacy breach.
Android users are being targeted by a new malware for financial exploit
Providing the convenience to the users, the latest technology opens the small paths to exploit financially. Over millions of people use their smart phones to pay for several goods and services. The year of 2015 found criminals exploited users focusing on the malicious financial programs for mobile devices. The early version of Asacub Trojan found the way of stealing the list of installed apps, sending SMS messages to given numbers, browser history, contact details including blocking screen of an infected device, etc. But later on, the advanced version of Asacub Trojan provided the wide picture of stealing the various information ranging from the tools that confirm the transformation of the stolen money to the phishing pages that replicate the log-in pages of the banking applications. Criminals’ initial activities created an idea that the only focus was Russian and Ukrainian banks as the programs were developed to replicate only the Russian and Ukrainian users. But it was not true, criminals’ wide target ranged from Russian, Ukrainian to US users. As their target expanded, the features of the new set of the Asacub Trojan also developed which contained starting from the call redirection to sending USSD requests. Especially, these advanced features empowered Asacub for the financial fraud.
After having a close observation on the Asacub Trojan, it was found that more than 6,500 attempts were made to infect the users with the malware within one week but, the good news was that criminals achieved no successful attempts. However, after that more than 37,000 attempts were made that tells us the wider picture of the Asacub Trojan status in 2016. Look at below to view the number of users who have been attacked:
Infected device can open the small ways for Asacub Trojans to gain control over the system that can enable criminals to steal data ranging from messages, banking credentials, snapshots, to forward calls including installing malware, and even it could be used for blackmailing or malware distribution. This is a one-stop-shop hackers asset.
The latest analysis found out the link between Asacub Malware and criminals, window based spyware called CoreBot. The domains used by CoreBot are registered to the same person as the domain used by Command & Control center. The assumption is that two types of malware are being developed by the same gang. So the criminal's target in 2016 is very huge. Users need to be extra careful to ensure not to be the next victim. In order to avoid that challenge, scan your website with DoWebScan to know the vulnerability as criminals may steal the information of your users. When users have strong faith on your brand or payment system, your responsibility is to protect their information from criminals. So vulnerability scanning and penetration testing are the most significant parts to keep healthy your security system. We offers both vulnerability scanning and penetration testing which can protect your employee’s information.