Archive for October 13th, 2014

Backdoor found in Netis or Netcore Routers, Check for yours NOW!

Home / Safety Tips / Backdoor found in Netis or Netcore Routers, Check for yours NOW!

Backdoor found in Netis or Netcore Routers, Check for yours NOW!Share2

Netis Routers

Maybe you are using a router of the Chinese company Netcore, which is also known as Netis outside the china and if yes you are using the same router device that I am talking about, so beware from now, as your network can be hacked by an attacker any time.

Router manufactured by the company named Netcore or Netis has a backdoor that can easily run arbitrary code on these routers, rendering it vulnerable as a security device.

According to the Trend Micro, after successfully gaining access inside the router, an attacker can easily run malicious code on routers and change settings.

If we talk more about the company speciality, so it is the best known company that is providing the best wireless transfer speed up to 300Mbps, offering a better performance on online gaming, video streaming, and VoIP phone calling.

In simple words, the vulnerability in the router is an open UDP port listening at port 53413 in the router. This port is accessible from the WAN side of the router. This means that if the router in question has an externally accessible IP address (i.e., almost all residential and SMB users), an attacker from anywhere on the Internet can access this backdoor:
netstat

Upon further more research on this issue, Trend Micro found that This backdoor is “protected” by a single, hardcoded password located in the router’s firmware, which is remain same for all the routers and the scary thing is— users cannot modify or disable this backdoor.

Add comment October 13th, 2014

Police spent $2.5 MILLION on hacking software to track phones and computers

spying
This is not the old story that “NSA is spending lots of money on softwares that spying on the people,” and here is a latest example of this, when it was revealed by the documents leaked by WikiLeaks that Police has spent $2.5 MILLION on advanced spyware and hacking software to track phones and computers.

WikiLeaks named The New South Wales Police Force, which is using advanced hacking software to keep on eye on the users during investigations, according to the document published Monday.

The documents show that Police has spent $2.5 MILLION on a software which is able to spy on the users machine, that after installation able to log keystrokes and take screenshots.

Home / News / Police spent $2.5 MILLION on hacking software to track phones and computers

Police spent $2.5 MILLION on hacking software to track phones and computers

  • Share3

Before reading any posts on HNB, we would like to tell you that every post here is for your online security, safety or for awareness, and we do not teach hacking through our articles, if you find something which is being used to damage your online property or something like that, REPORT HERE.

spying
This is not the old story that “NSA is spending lots of money on softwares that spying on the people,” and here is a latest example of this, when it was revealed by the documents leaked by WikiLeaks that Police has spent $2.5 MILLION on advanced spyware and hacking software to track phones and computers.

WikiLeaks named The New South Wales Police Force, which is using advanced hacking software to keep on eye on the users during investigations, according to the document published Monday.

The documents show that Police has spent $2.5 MILLION on a software which is able to spy on the users machine, that after installation able to log keystrokes and take screenshots.

It is also said that some of the versions of the software able to remotely capture Skype and instant-messenger conversations and also able to access microphones and web-cam.

NSW Police have nine licences for different kind of softwares which includes FinSpy and FinFly, in the past three years, according to the documents.

You know one thing, Five of the Nine licences are remain valid.

Police spokesperson decline to comment upon this issue. For your general information, NSW police able to remotely monitor the victim computer under warrant.

Home / News / Police spent $2.5 MILLION on hacking software to track phones and computers

Police spent $2.5 MILLION on hacking software to track phones and computers

  • Share3

Before reading any posts on HNB, we would like to tell you that every post here is for your online security, safety or for awareness, and we do not teach hacking through our articles, if you find something which is being used to damage your online property or something like that, REPORT HERE.

spying
This is not the old story that “NSA is spending lots of money on softwares that spying on the people,” and here is a latest example of this, when it was revealed by the documents leaked by WikiLeaks that Police has spent $2.5 MILLION on advanced spyware and hacking software to track phones and computers.

WikiLeaks named The New South Wales Police Force, which is using advanced hacking software to keep on eye on the users during investigations, according to the document published Monday.

The documents show that Police has spent $2.5 MILLION on a software which is able to spy on the users machine, that after installation able to log keystrokes and take screenshots.

It is also said that some of the versions of the software able to remotely capture Skype and instant-messenger conversations and also able to access microphones and web-cam.

NSW Police have nine licences for different kind of softwares which includes FinSpy and FinFly, in the past three years, according to the documents.

You know one thing, Five of the Nine licences are remain valid.

Police spokesperson decline to comment upon this issue. For your general information, NSW police able to remotely monitor the victim computer under warrant.

None of the other security agencies named in the documents. It is believed that these documents are the result of the hacking attack in August.

The software has previously been criticised for enabling oppressive regimes to spy on dissidents.

Add comment October 13th, 2014

Shellshock: A ‘Bash’ Bug which leaves almost every user on Internet vulnerable

Home / News / Shellshock: A ‘Bash’ Bug which leaves almost every user on Internet vulnerable

Shellshock: A ‘Bash’ Bug which leaves almost every user on Internet vulnerable

  • Before reading any posts on HNB, we would like to tell you that every post here is for your online security, safety or for awareness, and we do not teach hacking through our articles, if you find something which is being used to damage your online property or something like that, REPORT HERE.

bash bug
This is a bug which is said to be very much bigger than the previous flaw called Heartbleed, which left all the secure SSL systems vulnerable, but this time a bug is found which able to compromise your system and then able to run commands or execute any malicious program onto your computer or device.

This harmful bug dubbed as ‘Shellshock’. As I said above this is a superbug, so here is, why it is called the SuperBug:

  • Shellshock is a Bash bug and able to exploit any operating system.
  • This Bug able to send a command to the exploited system through a code.
  • The particular area, which is able to exploit the system is generally blocked, but the Bash opens all doors to the system
  • Apple Mac OS X users able to run it from their terminal, others people linux operating systems
  • simple words, The flaw is ‘Bash’ which contained in a piece of software and that software used by the operating systems and other website servers.

    At this time, there is not any critical update or any idea found by the security researchers to save millions of users online, and the the UK and US governments also have issued national alerts in response to the bug, warning that it may compromise organisations responsible for “critical national infrastructure” such as power stations if it is not rapidly dealt with.

    Statement issued by The Information Commissioner’s Office (ICO):

    The Shellshock flaw “could be allowing criminals to access personal data held on computers or other devices”, which “should be ringing real alarm bells” for British businesses which are legally obliged to keep their customers’ details secure.

Add comment October 13th, 2014

Google may be fined $100 Million for not removing celebrities nude images

last month, a series of “The Fappening” is being released with its different versions, which contained nude images of some of the high profile actresses.

The event, which media outlets and Internet users referred to under names such as “Celebgate” and “The Fappening”, was met with a varied reaction from the media and fellow celebrities.

Actresses: including Jennifer Lawrence, Kate Upton, Amber Heard, Rihanna,Ariana Grande, Selena Gomez and Cara Delevingne nude images are being distributed online on various sites, including some of the torrent sites.

wyers from the celebrities side threatening to sue Google for $100 million for allegedly failing to remove the images and “making millions from the victimization of women,” The New York Post reports.

Well, this all started from Apple iCloud security, but after the results of inspection, Apple notified that there is not such a iCloud hack type issue, nude and some personal pics of the celebrities were hacked in a targeted hack attack to the victim.

Hollywood lawyer Marty Singer, who is representing all the hacked nude images actreess written a letter to the Google founders Larry Page and Sergey Brin, as well as Eric Schmidt and Google lawyers accusing them of “blatantly unethical behavior” – and comparing their alleged lack of action to the NFL leadership’s handling of the Ray Rice affair.

It has been also claimed by the lawyer that instead of removing the images from the search engine, Google is earning profit, as recently Reddit did.

ust six days, Reddit earned enough money from the nude pics scandal to power its servers for roughly a month, says John Menese, the 33-year-old creator of a Reddit sub-forum.

According to the letter, Google has failed, “to act expeditiously, and responsibly to remove the images, but in knowingly accommodating, facilitating, and perpetuating the unlawful conduct. Google is making millions and profiting from the victimization of women.”

 

Add comment October 13th, 2014

Flaw allows to Loot cash from ATMs without Cards

Home / News / Flaw allows to Loot cash from ATMs without Cards

Flaw allows to Loot cash from ATMs without Cards

  • Share3

Before reading any posts on HNB, we would like to tell you that every post here is for your online security, safety or for awareness, and we do not teach hacking through our articles, if you find something which is being used to damage your online property or something like that, REPORT HERE.

atm
I reported about various ATM hacks, in which hackers use cloned or theft cards at the door and loot the cash easily, but this time hackers found something different, they actually now able to loot cash without any of the ATM Card.

One of the security firm named Kaspersky Lab from Moscow reported about this new flaw of the ATM on its blog, explaining about the ATM scams on the rise worldwide.

Russia is at the No.1 in this ATM Scam and 2nd one is United States.

How hackers cracking the Machines?
Hackers able to get inside the ATM Machines by unlocking an ATM’s enclosure (By default master key,) and then infect the machine with a CD that contains a piece of malware known as Backdoor.MSIL.Tyupkin. After some days, attacker or Hacker returns to the ATM machine and use Tyupkin to dispense up to 40 bills without the need for verification.

Which ATMs are infected?
You can’t find out yourself manually, but the ATMs admin knows this for sure, as the virus able to infect machines running Windows 32-bit operating system. Furthermore, Tyupkin accepts commands only in the dead of night on certain days of the week, keeping the exploit well-hidden most of the time.

For a successful run of the program, he or she needs a special PIN, which is generated via an algorithm unique to the malware. After that, one can able to withdraw 40 bills at a time directly from the ATM: no user account required.

Are you affected by this Hack Attack on ATMs?
Nope, this is not possible, as the ATM is vulnerable, Not your account, so users who do use machines on daily basis no need to worry about the hack.

Add comment October 13th, 2014


Calendar

October 2014
M T W T F S S
« Sep   Nov »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Posts by Month

Posts by Category