Showing posts with label Online security. Show all posts
Showing posts with label Online security. Show all posts

Wednesday, September 14, 2016

Apple Mac Virus Can Take Screenshots and See Everything You Type


Mac Users Cautioned – Latest Dangerous Virus

Owners of Apple Mac are being cautioned regarding a latest dangerous virus which seems to view all things typed, takes screenshots every thirty seconds as well as accesses all your documents and the videos.Some years back, Flashback malware had broken a security flaw in Java and managed to infect 600,000 Macs, roughly 1% of the user base. Details regarding the same have been posted on the website of Apple.

Thereafter there have been other issues. The KitM.A backdoor application on OS X had taken screenshots of the desktop of user and recently the Rootpipe exploit seemed to be difficult in fixing it. Bogdan Botezatu, Senior E-Threat Analyst of Bitdefender has clarified that `Mac OS X software has more high-risk susceptibilities than all forms of Windows put together.

Apple markets these products as virus-free and states that you do not need an antivirus since they are aware that people hate antivirus software. These utilities often tend to slow down the computer, so they don’t want to promote them’. The Apple Mac virus is a kind of a malware known as Mokes.A which had been discovered by Stefan Orloff from Kaspersky Labs. Same type of malware had also been discovered earlier this year on windows.

Enables Hackers to Remotely Take Control

Since the virus has the potential of seeing what keys have been typed by the user, it tends to give cyber criminals access to passwords, details of bank account together with other personal information. Stefan warns that it also enables the hackers to remotely take control of a breached Mac.

The detection of this unusual OS X malware came up a week after Apple had been forced to release two major security updates for iOS as well as OS X operating systems. Updates had been released after security analysts found out that the hackers could control a device with only a click of a malevolent link.

 Though the devices of Apple are said to be less vulnerable to malware and the viruses than PCs, this is not the first effort that hackers have attempted to target the Mac computers. Mac users had been targeted, earlier in the year in a ransomware attack which could lock their machine till they had handed over payment to the hackers.

Mokes.A Virus – Infect Macs

iPhone users most recently had been continually under attack in an extensive range of phishing attacks. It was unknown how precisely the Mokes.A virus tends to infect Macs; it seems a complex thing for user to know how to defend themselves from it.

Often users are reminded to utilise the anti-virus software and refrain from downloading software, email attachments or any other files from any unreliable source. Users are recommended to always ensure that their operating system is kept up to date. Since several people refrain from using antivirus software on Macs, it tends to get difficult in handling the size of the risk.

Bogdan clarifies that the absence of adoption of antivirus solutions on Mac OS X is evading the truth since malware is not going to get reported. All are aware of the happenings in the Windows eco-system due to this visibility and threat intelligence, but with Mac OS X there is often no antivirus to report back to base’.

Saturday, September 3, 2016

Hacker 'Guccifer' Jailed for Four Years

A hacker that is believed to hails from Romania who has targeted US politicians that maintain a high profile has been sentenced to a prison period of 52 months. His name is Marcel Lazar however online he is commonly known as "Guccifer". It was in May that he pleaded guilty for theft of aggravated identify as well as access of computers that were unauthorized.

Marcel Lazar is known to have targeted many individuals such as the ex-secretary of state –Mr. Colin Powell as well as many members of the Bush family. In the year 2014 Marcel Lazar was arrested in Romania for a period of 4 years on charges for his hacking. While in March 2016 Marcel Lazar was handed over to face charges in the US.

44 year old Marcel Lazar is known to have uncovered Hillary Clinton, the presidential nominees email account back in the year 2013 by breaking into Hillary's former political advisor - Sidney Blumenthal's account.

After a mere two years it has been understood that Mrs Clinton made use of her personal account exclusively and that account was connected to a server which was private at her residence in New York while she was serving as secretary of state.

A while later, it became a matter of FBI investigation that Hillarys private email was being made use of while she was at the State Department. This investigation has followed her on the campaign trail as well which is pretty recent.

Clinton's 'email gate' diced and sliced

It was some time previously in this year that Marcel Lazar stated that Mrs Hillarys private server had been hacked by him, however this claim has been denied by the Clinton campaign as there has been no breach noticed by them. At the same time, the FBI also stated that nothing has been found to state and ensure that Marcel Lazar has hacked Hillary. Marcel Lazar, prior to this, in Romania was a taxi driver by profession and in the duration of 2012-2014 is known to have hacked into approximately 100 email accounts of the US which is beyond belief.

Democratic hack: Who is Guccifer 2.0? 

It was not so long ago in June this year itself that a hacker who goes by the name "Gucffier 2.0" online claimed that he had acquired data on the Democratic National Committee as well as the Democratic Congressional Campaign Committee. The officials of the US intelligence seem believe that there is a definite link between Guccifer 2.0 and the Russian intelligence services, they also suggest that the hacking was sponsored by the state which could lead to high levels of unrest if found to be true.

However until date there has been no connection found between Marcel Lazar and Guccifer 2.0. Nonetheless investigations regarding the same are still being carried out so as to crosscheck if there is any connection as well as work towards bringing an end to the hacking.

Friday, May 13, 2016

iPhone App can alert you if Your Device Gets Hacked


An App to Alert User if Device is Hacked

An app has been developed to alert the user if their device tends to get hacked. Systems and Security Info that debuted in Apple’s App Store over the weekend, offers a multitude of details regarding your iPhone. The app displays your CPU, memory as well as the disk usage together with a list of all running processes. With regards to security, it can also tell if your device has been compromised or probably affected by any malware. Considerable amount of information in the app seems to be basic and easy to understand.

A green light near a specific item is good since it means that you are in the clear while a red light would indicate that there could be a likely security problem. The app also makes you aware if the device has been jailbroken, which is important if one has bought a used phone or had lent it to someone.

 Jailbroken devices however are more vulnerable to malware since their owners can install app which bypass the intense scrutiny of Apple. Jailbreaking an iOS device enables users to gain more control over their device, interfering with the operating system, tweaking the iOS user interface as well as enabling apps to be installed from third party app stores, like Cydia.

Apple Making Jailbreaking Difficult for Device Owners

At the same time it is disapprove by Apple since it rips out most of the security which Apple had built in iOS, designed to protect users from malicious attacks and un-vetted apps. Due to this Apple is keen on making jailbreaking as hard as possible for device owners. By comparison, it is much easier to install unauthorised code on an Android device. Apple, Google as well as other software makers have been continually fighting to avert malware-ridden apps from attacking their respective app stores and devices.

The iOS operating system of Apple has mostly been considered more secure than the Android of Google since Apple provides a tighter vetting process to approve apps. However certain malware strains seem to have infected the devices of Apple, even those that have not been jailbroken. System and Security Info had been developed by Stefan Esser, a German security researcher as well as an iOS hacker who had cooked up jailbreaks for different versions of iOS in the past.

Provide Public with Low Cost Solution

Esser stated that with the new app, he wanted to provide the public with low cost solution which would enable them to find out if someone used one of the public jailbreak or a customized version to hack and backdoor the device. Moreover, the app also fixes if the programming code in iOS is digitally signed by Apple to check that it is not altered by an outside party.

Esser assured a series forthcoming blog posts to explain further on how the app tends to work and what it means when it notices any issues on the iPhone. Protecting one’s iPhone is important since your smartphone possibly knows more about you, than your closest friend or partner.

A smartphone tends to carry all the photographs, together with your private messages, your location, your contacts, your online searches as well as the phone conversations. If the new iOS app tends to help iPhone and iPad owners in informing them when their devices have been secretly jailbroken, then it is certainly a good option for security.

Friday, March 4, 2016

Thousands Of Popular Sites' at Risk of Drown Hack Attacks


HTTPS Susceptible to Drown Attacks

Researchers on discovering that a new method tends to disable their encryption protection have cautioned websites that they could be exposed to spies. An expert has stated that a third of all computer servers using the HTTPS protocol tend to be represented often by a padlock in web browsers and were susceptible to the so called Drown attacks.

They have warned that the passwords, credit card numbers, emails as well as sensitive documents can be stolen as a result. The issue would be sought though it would take some time for several of the website administrators to protect their systems. A tool that would identify websites which tends to be susceptible has been released by the researchers. They have said that they had not released the code used to prove their theory since there seems to be several servers still susceptible to the attack.There is no evidence yet, that hackers have worked out how to replicate their technique.

An independent expert had commented that he had no doubt that the problem could be real. Prof Alan Woodward from the University of Surrey has stated that `what is shocking regarding this is that they have found a way to use a very old fault which we have known since 1998 and all this was perfectly avoidable.

Computer Server Prone to Attack Supporting Encryption SSlv2

It is the outcome of having used deliberately weakened encryption that people broke years ago and is now combing back to haunt us. Researchers, cyber-security experts from universities in Israel, Germany and US, together with member of Google’s security team have discovered that a computer server can be prone to attack by just supporting 1990s-era encryption protocol SSLv2 – Secure Sockets Layer version 2, even if it employs a day-to-day more modern encryption standards to scramble communications.

Older email servers, in practice, could be more likely in having this problem than the latest computers naturally used to power websites. However, several of the organisations tend to reuse encryption certificates and keys between the two sets of servers. Researchers have dubbed the flaw Drown, which is an acronym for decrypting the Rivest-Shamir Adleman – RSA process with obsolete together with weakened encryption.

Careless Server Configuration

They wrote that operators of vulnerable servers should take action. There is nothing practical which browsers or end-users can do on their own to protect against this attack. The SSLv2 procedure had been weakened deliberately since at the time of its development, the US government needed to attempt to restrict the availability of tough encryption standards to other countries.Prof Matthew Green from Johns Hopkins University had blogged that the problem is while clients such as web browsers have done away with SSLv2, several servers tend to support the protocol.

 In most of the cases, it is the outcome of careless server configuration. In others, the fault lies with inferior obsolete embedded devices which have not seen an update of software in years and possibly never will. A considerable amount of computational force would be needed to mount a successful attack on a website.

 However, researchers have stated that under normal situations, hackers tend to rent the needed capacity from Amazon’s cloud compute division for a sum of $440. Besides this, since several of the servers seem to be in danger to Drown had also been affected by separate bug, a successful attack could be carried out utilising a home computer.