Security News

More than 60,000 stolen digital profiles are currently up for sale on Genesis Store, a private and invitation-only online cybercriminal market discovered and exposed by Kaspersky Lab researchers.

“The profiles include: browser fingerprints, website user logins and passwords, cookies, credit card information. The price varies from 5 to 200 dollars per profile – it heavily depends on the value of the stolen information,” said the researchers.

A digital fingerprint is a complex collection of system properties up to 100 attributes, from IP addresses, screen size, device ID, timezone, GPU/CPU info, cookies, and many others—and user behavioral characteristics that can range from the user interests and custom system configuration changes to the time spent on specific websites and mouse movement behavior.

Read more »

FireEye today released Commando VM, a first of its kind Windows-based security distribution for penetration testing and red teaming.

When it comes to the best-operating systems for hackers, Kali Linux is always the first choice for penetration testers and ethical hackers.

However, Kali is a Linux-based distribution, and using Linux without learning some basics is not everyone’s cup of tea as like Windows or macOS operating systems.

Moreover, if you are wondering why there is no popular Windows-based operating system for hackers? First, because Windows is not open-source and second, manually installing penetration testing tools on Windows is pretty problematic for most users.

To help researchers and cyber security enthusiasts, cybersecurity firm FireEye today released virtual machine (VM) based installer for Commando VM—a customized Windows-based distribution that comes pre-installed with useful penetration testing tools, just like Kali Linux.

“Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments,” FireEye says. “Commando VM was designed specifically to be the go-to platform for performing these internal penetration tests.”

The release 1.0 includes two different VM images, one based upon Windows 7 and another Windows 10.

Both Commando VMs include more than 140 tools, including Nmap, Wireshark, Remote Server Administration Tools, Mimikatz, Burp-Suite, x64db, Metasploit, PowerSploit, Hashcat, and Owasp ZAP, pre-configured for a smooth working environment.

 

According to one of the authors of Commando VMs, the following are the top three features of the tool that make it more interesting:

  • Native Windows protocol support (SMB, PowerShell, RSAT, Sysinternals, etc.)
  • Organized toolsets (Tools folder on the desktop with Info Gathering, Exploitation, Password Attacks, etc.)
  • Windows-based C2 frameworks like Covenant (dotnet) and PoshC2 (PowerShell)

 

“With such versatility, Commando VM aims to be the de facto Windows machine for every penetration tester and red teamer,” FireEye says.

“The versatile tool sets included in Commando VM provide blue teams with the tools necessary to audit their networks and improve their detection capabilities. With a library of offensive tools, it makes it easy for blue teams to keep up with offensive tooling and attack trends.”

According to FireEye, Commando VM also uses Boxstarter, Chocolatey, and MyGet packages to install all software packages. Running a single command will automatically update all your installed hacking software on Commando VM.

To use this on your Windows computer, you need at least 60 GB of free hard drive space, 2GB of RAM and a virtual machine software, like VMware or Oracle VirtualBox installed on your system.

Installing Commando VM is pretty easy. Just download the Commando VM, decompress it and then execute the PowerShell script available in the package to complete the installation.

The remaining installation process will be done automatically, which may take between 2 to 3 hours to finish depending upon your Internet speed.

“The VM will reboot multiple times due to the numerous software installation requirements,” FireEye says. “Once the installation completes, the PowerShell prompt remains open waiting for you to hit any key before exiting.”

After the completion of the installation process, you’ll be presented with Commando VM, and all you need to do is reboot your machine to ensure the final configuration changes take effect.

In recent years, we have been asked by a number of our readers to list some of the best Windows-based operating systems for penetration testing. Commando VM is the first, and now I believe we will have more to this list really soon.

 

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Radiation Monitoring Devices feature several security vulnerabilities that can be exploited by cyber criminals with devastating effect, note researchers at IOActive. Hackers can conduct man-in-the-middle attacks on Radiation Monitoring Devices to send incorrect readings of radiation levels to operators.

While inspecting Radiation Monitoring Devices that are widely-deployed in critical infrastructure like nuclear plants, hospitals, borders and seaports to detect real-time radiation levels, researchers at security firm IOActive discovered several security vulnerabilities that can be exploited by hackers for various purposes.

Considering how important Radiation Monitoring Devices are in terms of keeping the population safe from nuclear radiation and detecting leakages in nuclear plants, losing control of such devices may render an entire population vulnerable to radiation as well as cause malfunctioning of nuclear plants. Considering that such devices feature software and hardware vulnerabilities, it is only a matter of time before they are exploited by criminals unless such issues are fixed.

By hacking into Radiation Monitoring Devices, hackers can falsify measurement readings to simulate a radiation leak, trick authorities to give incorrect evacuation directions, or send incorrect readings to operators to keep them from identifying radioactive materials.

Researchers at IOActive found that security vulnerabilities exist in Radiation Monitoring Devices built by various vendors including Ludlum Measurements and Mirion. Ruben Santamarta, Principal Security Consultant for IOActive, conducted various tests on hardware and software and also used reverse engineering and RF analysis to uncover the said vulnerabilities.

“Failed evacuations, concealed persistent attacks and stealth man-in-the-middle attacks are just a few of the risks I flagged in my research. Being able to properly and accurately detect radiation levels, is imperative in preventing harm to those at or near nuclear plants and other critical facilities, as well as for ensuring radioactive materials are not smuggled across borders,” he said.

Security vulnerabilities in radiation monitors are an indication of how critical infrastructure in various countries can be hacked or controlled by hackers with intent to cause damage. An eye-opening report from the National Cyber Security Centre revealed that earlier this year, hackers were able to compromise a number of Industrial Control System engineering and services organisations in the UK.

The report added that suspected hackers have been trying to connect organisations’ industrial control systems to malicious IP addresses using SMB and HTTP vulnerabilities in order to gain access to user passwords.

Hackers have also successfully breached ‘administrative and business networks’ of several nuclear power plants, manufacturing plants, and some energy facilities in the United States as confirmed by the FBI and the Department of Homeland Services. Fortunately, they were not able to breach critical networks as they were separated from the Internet as well as corporate networks.

 

The information contained in this website is for general information purposes only. The information is gathered from TEISS.CO.UK while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Microsoft on Thursday announced that the company is bringing its anti-malware software to Apple’s macOS operating system as well and to more platforms soon, like Linux.

As a result, the technology giant renamed its Windows Defender Advanced Threat Protection (ATP) to Microsoft Defender Advanced Threat Protection (ATP) in an attempt to minimize name-confusion and reflect the cross-platform nature of the software suite.

For all those wondering if Mac even gets viruses—macOS is generally more secure than Windows, but in recent years cyber criminals have started paying attention to the Mac platform, making it a new target for viruses, Trojans, spyware, adware, ransomware, backdoors, and other nefarious applications.

Moreover, hackers have been successful many times. Remember the dangerous FruitFly malware that infected thousands of Mac computers, the recently discovered cryptocurrency-stealing malware CookieMiner and DarthMiner.

Microsoft Defender ATP Antivirus for Mac

Microsoft has now come up with a dedicated Defender ATP client for Mac, offering full anti-virus and threat protection with the ability to perform full, quick, and custom scans, giving macOS users “next-generation protection and endpoint detection and response coverage” as its Windows counterpart.

“We’ve been working closely with industry partners to enable Windows Defender Advanced Threat Protection (ATP) customers to protect their non-Windows devices while keeping a centralized “single pane of glass” experience,” Microsoft says in a blog post.

Microsoft also promised to add Endpoint Detection and Response, and Defender ATP’s new Threat and Vulnerability Management (TVM) capabilities in public preview next month.

TVM uses a risk-based approach to help security teams discovery, prioritize, and remediate known vulnerabilities and misconfigurations using a mixture of real-time insights, added context during incident investigations and built-in remediation processes through Microsoft’s Intune and System Center Configuration Manager.

For now, the tech giant has released Microsoft Defender ATP for Mac (compatible with macOS Mojave, macOS High Sierra, or macOS Sierra) in limited preview for businesses that have both Windows and Mac computer systems.

 

//www.youtube.com/watch?v=26z6SwScYx4

Like MS Office for Mac, Defender for Mac will also use Microsoft AutoUpdate software to get the latest features and fixes on time. While Microsoft has announced its plans to launch Defender ATP for more platforms in the future, the company has not explicitly named those platforms.

Also, it is not clear if Microsoft is also planning to launch a consumer version of Microsoft Defender for Mac users in the future. Microsoft’s business customers can sign up here for the limited preview.

In the attempt to make its security software available to more people, Microsoft just last week released Windows Defender extensions for Mozilla Firefox and Google Chrome as well.

 

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

People should stop using patterns to unlock their devices, researchers have warned.  A new study has found that it’s a lot easier for people who might be looking over your shoulder as you unlock your phone to memorise a pattern than a passcode. So-called “shoulder surfing attacks” can be easy for a criminal to plan and execute, but you can protect yourself by switching to a PIN code and increasing its length from four digits to six, the researchers say. They got over 1,000 volunteers to act as attackers, challenging them to memorise a range of unlocking authentications – four- and six-digit PINs, and four- and six-length paŠtterns with and without tracing lines – by watching a victim over their shoulder from a variety of angles. The 5-inch Nexus 5 and 6-inch OnePlus One were the two handsets used in the study, as the researchers say they “are similar to a wide variety of displays and form factors available on the market today, for both Android and iPhone”. The researchers also considered single and multiple views for the attacker and two different hand positions for the victim – single-handed thumb input and two-handed index-€finger input.

 

The study found that four-length patterns with visible lines were far easier to crack, as a result of shoulder surfing, than any other type of unlocking authentication they tested. “We €find that PINs are the most secure to shoulder surfi€ng attŠacks, and while both types of paŠttern input are poor, pattŠerns without lines provides greater security,” the researchers, from United States Naval Academy and the University of Maryland, said. “ŒThe length of the input also has an impact; longer authentication is more secure to shoulder sur€fing. Additionally, if the attŠacker has multiple-views of the authentication, the aŠttacker’s performance is greatly improved.”

 

In tests, 10.8 per cent of six-digit PINs were cracked after one observation. This figure rose to 26.5 per cent after two observations. 64.2 per cent of six-length patterns with tracing lines, meanwhile, were cracked after one observation. This rose to 79.9 per cent after two observations. 35.3 per cent of six-length patterns without tracing lines were cracked after one viewing, rising to 52.1 per cent after two viewings. “Shorter paŠtterns were even more vulnerable,” said the researchers, who added that even people who use fingerprint or face-scanning technology to unlock their phones should be ary of their findings.  “Biometrics are a promising advancement in mobile authentication, but they can be considered a reauthenticator or a secondary-authentication device as a user is still required to have a PIN or paˆttern that they enter rather frequently due to environmental impacts (e.g., wet hands),” they said.

“ThŒere are also known to be high false negatives rates associated with biometrics. Further, users with biometrics o‰ften choose weaker PINs as compared to those without, suggesting that the classical unlock authentication remains an important aŠttack vector going forward.”

A separate study published earlier this year found that the majority of lock patterns can be cracked within five attempts.

 

he information contained in this website is for general information purposes only. The information is provided by independent and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control