Binary Protectors Blog

Peace Of Mind Isn’t Priceless.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts
DUAL-BAND WIRELESS AC3100 GIGABIT ROUTER

BEST HOME HIGH POWERED ROUTER!

Combining high output power and cutting-edge technology, the Luxul XWR-3100 delivers exceptional data rates and outstanding wireless coverage for a world-class Wi-Fi experience. Not just a wireless router, the XWR-3100 is also capable of controlling two additional wireless access points for seamless client roaming.

World-Class Wireless

With leading-edge 802.11ac 4x4 Dual-Band technology, the XWR-3100 delivers data rates up to 3100Mbps. The XWR-3100 isn't just about faster speeds, though. Beamforming, which directs signals from the AP toward each client, focuses the data transmission so that more data reaches each targeted device instead of radiating in all directions equally.

The bottom line is outstanding wireless coverage and network performance.

Seamless Roaming

For installations where an additional wireless access point may be necessary, the XWR-3100 offers a simple, reliable and cost-effective solution. Designed specifically for integrators, the XWR-3100 provides simple and time-saving wireless network setup, while solving client roaming issues using Luxul’s exclusive Roam Assist™, technology previously found only in the XWC-1000 Wireless Controller.

Capable of easily managing up to two additional access points, the XWR-3100 offers a simple, reliable and cost-effective multi-access-point solution for many residential and small commercial networks.

Empowered Networking

The XWR-3100 offers everything you’d expect in a full-featured high-performance router including guest networking and VPN remote access, but it doesn’t stop there. New enhanced capabilities are already in development, including easy-to-use parental controls and powerful remote management. These capabilities will make networks safer, more capable and more reliable, while offering recurring revenue opportunities for installers.

With seamless roaming, installation simplicity, sensible pricing and a growing list of features, the XWR-3100 meets the needs of the professional integrator and helps installers satisfy their clients’ ever-increasing demands for better networks. With Luxul, integrators are now able to offer customers a world-class empowered Wi-Fi network more cost-effectively than ever before.

Features:

  • 802.11ac Wi-Fi (data transfers up to 3100Mbps)
  • Easily Expands Wi-Fi Network with up to 2 Additional APs
  • Seamless Roaming with Luxul Roam Assist™
  • 4x4 MU-MIMO (Wave 2)
  • High Power for Extended Signal Range
  • Concurrent Dual-Band Wireless AC
  • 2.4 and 5GHz Beamforming
  • Quality of Service (QoS)
  • VPN Remote Access
  • Secure Guest Networking
  • Virtual Local Area Network (VLAN)
  • Network Security and Firewall
  • 1 WAN and 4 LAN Gigabit Ports
  • USB 3.0 Port
  • Three Year Limited Warranty

 

This is the best home router without SECURITY.  Period.

Alex Athineos
Managment

Hits: 1490
0
Apps Allow ANYONE to Create Ransomeware!  They are EASY TO USE!  BEWARE!

"Ransomware" threat is on the rise, and cyber criminals are making millions of dollars by victimizing as many people as they can—with WannaCryNotPetya and LeakerLocker being the ransomware threats that made headlines recently.

What's BAD? Hacker even started selling ransomware-as-a-service (RaaS) kits in an attempt to spread this creepy threat more easily, so that even a non-tech user can create their own ransomware and distribute the threat to a wider audience.

The WORSE—You could see a massive increase in the number of ransomware campaigns during the next several months—thanks to new Android apps available for anyone to download that let them quickly and easily create Android ransomware with their own devices.

Security researchers at Antivirus firm Symantec have spotted some Android apps available on hacking forums and through advertisements on a social networking messaging service popular in China, which let any wannabe hacker download and use Trojan Development Kits (TDKs).

How to Create Your Own Android Ransomware


With an easy-to-use interface, these apps are no different from any other Android app apart from the fact that it allows users to create their custom mobile malware with little to no programming knowledge.

To create customized ransomware, users can download one such app (for an obvious reason we are not sharing the links), install and open it, where it offers to choose from the following options, which are displayed on the app's on-screen form:

The message that is to be shown on the locked screen of the infected device

  • The key to be used to unlock that infected device
  • The icon to be used by their malware
  • Custom mathematical operations to randomize the code
  • Type of animation to be displayed on the infected device


Once all of the information has been filled in, users just require hitting the "Create" button.

If the user hasn't before, the app will prompt him/her to subscribe to the service before proceeding. The app allows the user to start an online chat with its developer where he/she can arrange a one-time payment.

fter the payment has been made, the "malware is created and stored in the external storage in ready-to-ship condition," and then the user can continue with the process, making as many as victims as the user can.

"Anyone unlucky enough to be tricked into installing the malware will end up with a locked device held to ransom," Symantec researchers say. 
"The malware created using this automation process follows the typical Lockdroid behavior of locking the device’s screen with a SYSTEM_ALERT_WINDOW and displaying a text field for the victim to enter the unlock code."

The Lockdroid ransomware has the ability to lock the infected device, change the device PIN, and delete all of its user data through a factory reset, and even prevent the user from uninstalling the malware.

Such apps allow anyone interested in hacking and criminal activities to develop a ready-to-use piece of ransomware malware just by using their smartphones without any need to write a single line of code.

"However, these apps are not just useful for aspiring and inexperienced cyber criminals as even hardened malware authors could find these easy-to-use kits an efficient alternative to putting the work in themselves," the researchers say.

So, get ready to expect an increase in mobile ransomware variants in coming months.

Peace Of Mind Isn’t Priceless.

Alex Athineos,
Managment

 

Hits: 1470
0
Flaw in Modern Cars Allows Hackers to Disable Safety Features!

Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car's functions—from instrument cluster to steering, brakes, and accelerator—are electronically controlled.

No doubt these auto-control systems make your driving experience much better, but at the same time, they also increase the risk of getting hacked.

Car Hacking is a hot topic, though it is not new for security researchers who hack cars. A few of them have already demonstrated how to hijack a car remotely, how to disable car's crucial functions like airbags, and even how to remotely steal cars.

Now, security researchers have discovered a new hacking trick that can allow attackers to disable airbags and other safety systems of the connected cars, affecting a large number of vendors and vehicle models.

Peace Of Mind Isn’t Priceless.

Alex Athineos,
Management

Tagged in: Flaw In Modern Cars
Hits: 1367
0
Dynamic DNS And Your Home Camera System.  IMPORTANT NOTICE!

Dynamic DNS is used for homeowners with changing IP addresses.  Dynamic DNS keeps a host name such as XXX.XX.com as your own and uses your changing home IP address.  Home Surveillance cameras use this to broadcast incoming connections with the homeowner from any device.  Each homeowner uses their Dynamic DNS rather than their IP address.  Its easier and it never changes.

There is an inherit Internet Security problem with this.  Since your Dynamic DNS doesn't change, your much more susceptible to Internet Attacks.  A hacker can now use this never changing address to do illicit things to your network.  Furthermore if the provider of the Dynamic DNS gets hacked all of those addresses it provides is now in the Hackers possession.  Most people who have Dynamic DNS also have Cameras for the specific reason of remote monitoring.

Binary Protectors understands this.  Instead of just installing cameras, we also use the highest quality Dynamic DNS and then protect the home network using the most secure systems available today.

Peace Of Mind Isn’t Priceless.

Alex Athienos,
Management

Hits: 1616
3 CIA Developed Hacking Tools For MacOS And Linux

WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed 'Imperial,' which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems.

If you are a regular reader of THN, you must be aware that this latest revelation by the whistleblower organisation is the part of an ongoing CIA-Vault 7 leaks, marking it as the 18th batch in the series.

If you are unaware of the Vault 7 leaks, you can head on to the second of this article for having a brief look on all the leaks at once.

Achilles — Tool to Backdoor Mac OS X Disk Images


Dubbed Achilles, the hacking tool allows CIA operators to combine malicious Trojan applications with a legitimate Mac OS app into a disk image installer (.DMG) file.

The binding tool, the shell script is written in Bash, gives the CIA operators "one or more desired operator specified executables" for a one-time execution.

As soon as an unsuspecting user downloads an infected disk image on his/her Apple computer, opens and installs the software, the malicious executables would also run in the background.

Afterwards, all the traces of the Achilles tool would be "removed securely" from the downloaded application so that the file would "exactly resemble" the original legitimate app, un-trojaned application, making it hard for the investigators and antivirus software to detect the initial infection vector.

Achilles v1.0, developed in 2011, was only tested on Mac OS X 10.6, which is Apple's Snow Leopard operating system that the company launched in 2009.

SeaPea — Stealthy Rootkit For Mac OS X Systems


The second hacking tool, called SeaPea, is a Mac OS X Rootkit that gives CIA operators stealth and tool launching capabilities by hiding important files, processes and socket connections from the users, allowing them to access Macs without victims knowledge.

Developed in 2011, the Mac OS X Rootkit works on computers running then-latest Mac OS X 10.6 (Snow Leopard) Operating System (32- or 64-bit Kernel Compatible) and Mac OS X 10.7 (Lion) Operating System.

The rootkit requires root access to be installed on a target Mac computer and cannot be removed unless the startup disk is reformatted or the infected Mac is upgraded to the next version of the operating system.

Aeris — An Automated Implant For Linux Systems


The third CIA hacking tool, dubbed Aeris, is an automated implant written in C programming language that is specifically designed to backdoor portable Linux-based Operating Systems, including Debian, CentOS, Red Hat — along with FreeBSD and Solaris.

Aeris is a builder that CIA operators can use to generate customised impacts, depending upon their covert operation.

Previous Vault 7 CIA Leaks


Last week, WikiLeaks revealed about CIA contractor Raytheon Blackbird Technologies, which analysed in-the-wild advanced malware and hacking techniques and submitted at least five reports to the agency for help develop their own malware.

Since March, the whistle-blowing group has published 18 batches of "Vault 7" series, which includes the latest and last week leaks, along with the following batches:

  • Highrise Project — the alleged CIA project that allowed the spying agency to stealthy collect and forwarded stolen data from compromised smartphones to its server through SMS messages.
  • BothanSpy and Gyrfalcon — two alleged CIA implants that allowed the spying agency to intercept and exfiltrate SSH credentials from targeted Windows and Linux operating systems using different attack vectors.
  • OutlawCountry – An alleged CIA project that allowed it to hack and remotely spy on computers running the Linux operating systems.
  • ELSA – the alleged CIA malware that tracks geo-location of targeted PCs and laptops running the Microsoft Windows operating system.
  • Brutal Kangaroo – A tool suite for Microsoft Windows used by the agency to targets closed networks or air-gapped computers within an organization or enterprise without requiring any direct access.
  • Cherry Blossom – An agency's framework, basically a remotely controllable firmware-based implant, used for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices.
  • Pandemic – A CIA's project that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.
  • Athena – A CIA's spyware framework that has been designed to take full control over the infected Windows PCs remotely, and works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.
  • AfterMidnight and Assassin – Two alleged CIA malware frameworks for the Microsoft Windows platform that has been designed to monitor and report back actions on the infected remote host computer and execute malicious actions.
  • Archimedes – Man-in-the-middle (MitM) attack tool allegedly created by the CIA to target computers inside a Local Area Network (LAN).
  • Scribbles – A piece of software reportedly designed to embed 'web beacons' into confidential documents, allowing the agency to track insiders and whistleblowers.
  • Grasshopper – Framework which allowed the spying agency to easily create custom malware for breaking into Microsoft's Windows and bypassing antivirus protection.
  • Marble – Source code of a secret anti-forensic framework, basically an obfuscator or a packer used by the CIA to hide the actual source of its malware.
  • Dark Matter – Hacking exploits the agency designed to target iPhones and Macs.
  • Weeping Angel – Spying tool used by the agency to infiltrate smart TV's, transforming them into covert microphones.
  • Year Zero – Alleged CIA hacking exploits for popular hardware and software.

Peace Of Mind Isn’t Priceless.

WiKiLeaks
Alex Athineos,
Management

Hits: 1529
0
General Cyber Security Problem and How We Can Fix It

The Cyber Security problem is more prevalent than any one person knows.  Only the Government understands that this is the quintessential problem of this century.  You have our new administration hiring Rudy Giuliani and still cannot fix the problem because the problem is not an internal one.  It is an “External END-USER Problem”.  What that means is that the large companies like Amazon, Google and the like will never agree to change one packet of data that transmits through the Internet as it stands today.  In other words the Internets inner-workings will not change.  The only change that can happen to protect people is at the “End Point”.  The “End Point” is the landing of each connected device.  The landing needs to be of each inter connected device is at the Modem or DMARK.  From there the transmission of all data goes through a “Router”.  This is the “End Point” we protect.  We change this Router to a Firewall/Router with all the subscriptions that completely protect each “End Point”.  Each “End Point” is a home, a business, hotel, building, hospital, airport or government entity.  Every home has a router and modem.  Every business or said entity has the same.  This is how we protect our customers.

 

The way revenue is generated with protecting homes and businesses is the use of specialty firewalls made by Watchguard which are proven to be the best on the market.  We capture revenue on the up front sale of each client and a monthly management charge for each as well just like the ADT model.

 

Binary Protectors will be set up to protect each customer with private email servers for each client.  Setting up Watchguard Dimension which shows each client the Internet Traffic that goes through each of the Firewalls –on the fly-.   Binary Protectors has a proprietary Configuration File that sits on each of these Firewalls, but are specific to each client.

 

Global Understanding of this prevalent problem is not happening.  This is why having a very good PR component to the marketing aspect of the business is critical.  Currently there is NO company that is the “Go To” company to fix any Cyber Security problem.  Binary Protectors needs to become this as a first to market company to protect against all illicit internet threats.

 

Binary Protectors ensures every connected device on each client network is protected.  This includes every computer, server, cell phone, tablet, laptop and the like.

 

By: Alex Athineos

Managment

Tagged in: cyber security
Hits: 1476
Kapersky & Microsoft Fight About Disabling Kapersky Antivirus in Win10!

Russian antivirus vendor Kaspersky Lab is so upset with US software giant Microsoft that the security firm has filed more antitrust complaints against the company.

The antivirus firm initially filed a lawsuit late last year against Microsoft with Russian Federal Anti-monopoly Service (FAS) over alleged abuse of Microsoft's dominant position in the desktop market to push its own antivirus software with Windows 10 and unfair competition in the market.

Microsoft ships Windows 10 with its own security software Windows Defender, which comes enabled it by default with the operating system.

While Microsoft has made some changes in Windows Defender since the initial complaint, Kaspersky Lab is not satisfied with the changes, filing more antitrust complaints against the software giant, this time with the European Commission and the German Federal Cartel Office.

Kapersky.Image

The antivirus firm told European antitrust regulators that Microsoft prevents third-party security software vendors from competing on equal footing with software products built into the ubiquitous Windows operating system.

"Microsoft uses its dominant position in the computer operating system market to fiercely promote its own—inferior—security software (Windows Defender) at the expense of users' previously self-chosen security solution," says co-founder Eugene Kaspersky in a blog post.

Kaspersky claims that Microsoft removes its antivirus software from the Windows operating system when users upgrade their systems to Windows 10, and enables its own Windows Defender anti-virus solution.

What's even more? Kaspersky also claims that Redmond doesn't provide enough time to fully test its latest Windows 10 upgrades in order to ensure that its existing software is compatible with the OS.

Peace Of Mind Isn’t Priceless.

Alex Athineos
The Hacker News

Hits: 1336
0
Increadible Vulnerabilities Found In Pacemakers!!! Its the PaceMaker HACK!

"If you want to keep living, Pay a ransom, or die." This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit.

Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could eventually take their lives.

A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest to help control the heartbeats. This device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.

While cyber security firms are continually improving software and security systems to protect systems from hackers, medical devices such as insulin pumps or pacemakers are also vulnerable to life-threatening hacks.

In a recent study, researchers from security firm White Scope analysed seven pacemaker products from four different vendors and discovered that they use more than 300 third-party libraries, 174 of which are known to have over 8,600 vulnerabilities that hackers could exploit in pacemaker programmers.

"Despite efforts from the FDA to streamline routine cyber security updates, all programmers we examined had outdated software with known vulnerabilities," the researchers wrote in a blog post about the study.
"We believe that this statistic shows that the pacemaker ecosystem has some serious challenges when it comes to keeping systems up-to-date. No one vendor really stood out as having a better/worse update story when compared to their competitors."

The White Scope analysis covered implantable cardiac devices, home monitoring equipment, pacemaker programmers, and cloud-based systems to send patient's vital data over the Internet to doctors for examining.

Peace Of Mind Isn’t Priceless.

Alex Athineos
The Hacker News

Tagged in: PaceMaker Hack
Hits: 1314
CIA Tool Hacks Windows Computers Silently over the Internet

WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing an alleged CIA project that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.

Codenamed Pandemic, the tool is a persistent implant for Microsoft Windows machines that share files with remote users on a local network.

The documents leaked by the whistleblower organisation date from April 2014 to January 2015.

According to WikiLeaks, Pandemic infect networks of Windows computers through the Server Message Block (SMB) file sharing protocol by replacing application code on-the-fly with a trojanized version of the software.

"Pandemic is a tool which is run as kernel shellcode to install a file system filter driver," a leaked CIA manual reads. "The filter will 'replace' a target file with the given payload file when a remote user accesses the file via SMB (read-only, not write)."

 

'Pandemic' Turns File Servers into 'Patient Zero'


Once compromised, the infected Windows file server acts as a "Patient Zero" – the first identified carrier of any communicable disease during an outbreak – which is then used to deliver infections on machines inside the network.

Now, whenever any targeted computer attempts to access a file on the compromised server, Pandemic intercepts the SMB request and secretly delivers a malicious version of the requested file, which is then executed by the targeted computer.

According to the user manual, Pandemic takes only 15 seconds to be installed on a target machine and can replace up to 20 legitimate files (both 32-bit and 64-bit files) at a time with a maximum file size of 800MB.

Since the tool has been specifically designed to infect corporate file sharing servers and turns them into a secret carrier for delivering malware to other persons on the target network, it has been named Pandemic.'

Peace Of Mind Isn’t Priceless.

 

Alex Athineos,
The Hacking News

Tagged in: New CIA Tools Hacks
Hits: 1456
0
AfterMidnight And Assasin CIA Windows Malware Framework WikiLeaks Reveals!

When the world was dealing with the threat of the self-spreading WannaCry ransomware, WikiLeaks released a new batch of CIA Vault 7 leaks, detailing two apparent CIA malware frameworks for the Microsoft Windows platform.

Dubbed "AfterMidnight" and "Assassin," both malware programs are designed to monitor and report back actions on the infected remote host computer running the Windows operating system and execute malicious actions specified by the CIA.

Since March, WikiLeaks has published hundreds of thousands of documents and secret hacking tools that the group claims came from the US Central Intelligence Agency (CIA).

This latest batch is the 8th release in the whistleblowing organization's 'Vault 7' series.

'AfterMidnight' Malware Framework


According to a statement from WikiLeaks, 'AfterMidnight' allows its operators to dynamically load and execute malicious payload on a target system.

The main controller of the malicious payload, disguised as a self-persisting Windows Dynamic-Link Library (DLL) file and executes "Gremlins" – small payloads that remain hidden on the target machine by subverting the functionality of targeted software, surveying the target, or providing services for other gremlins.

Peace Of Mind Isn’t Priceless.

Alex Athienos,
Swati Khandelwai
The Hacker News

Hits: 1316
0
Chinese Hackers FINED 9 Million for Stealing Trade Secrets!

It's about time!

Three Chinese hackers have been ordered to pay $8.8 million (£6.8 million) after hacking email servers of two major New York-based law firms to steal corporate merger plans in December 2016 and used them to trade stocks.

The U.S. District Judge Valerie Caproni in Manhattan sued 26-year-old Iat Hong, 30-year-old Bo Zheng, and 50-year-old Hung Chin, over a multi-million dollar insider trading scam.

 

Peace Of Mind Isn’t Priceless.

 

Alex Athineos,
Management

Hits: 1486
Mac Website Of Popular Software HACKED & Is Spreading MALWARE!!!!

If you have recently downloaded the popular open source video transcoder app HandBrake on your Mac, there are chances that your computer is infected with a notorious Remote Access Trojan (RAT).

The HandBrake team issued a security alert on Saturday, warning Mac users that one of its mirror servers to download the software has been compromised by hackers.

In case you aren't aware, HandBrake is an open source video transcoder app that allows Mac users to convert multimedia files from one format to another.

According to the HandBrake team, an unknown hacker or group of hackers compromised the download mirror server (download.handbrake.fr) and then replaced the Mac version of the HandBrake client (HandBrake-1.0.7.dmg) with a malicious version infected with a new variant of Proton.

Originally discovered in February on a Russian underground hacking forum, Proton is a Mac-based remote access trojan that gives attackers root access privileges to the infected system.

The affected server has been shut down for investigation, but the HandBrake team is warning that anyone who has downloaded HandBrake for Mac from the server between May 2 and May 6, 2017, has a "50/50 chance" of getting their Mac infected by Proton.

How to Check if You're Infected?


The HandBrake team has provided instructions for less technical folks, who can check if they've been infected.

Head on to the OSX Activity Monitor application, and if you see a process called "Activity_agent" there, you are infected with the trojan.

You can also check for hashes to verify if the software you have downloaded is corrupted or malicious. The infected app is signed with the following hashes:
SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274
SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793
If you have installed a HandBrake.dmg with the above checksums, you are infected with the trojan.

How to Remove the Proton RAT?


The HandBrake developers have also included removal instructions for Mac users who have been compromised.

Follow the following instructions to remove the Proton Rat from your Mac:

Step 1: Open up the "Terminal" application and run the following command:
launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
rm -rf ~/Library/RenderFiles/activity_agent.app

Step 2: If ~/Library/VideoFrameworks/ includes proton.zip, remove the folder.

Step 3: once done, you should remove any installations of Handbrake.app you may find.

However, instead of stopping here; head on to your settings and change all the passwords that are stored in your OS X KeyChain or any browser password stores, as an extra security measure.

Meanwhile, Mac users who have updated to HandBrake version 1.0 or later are not affected by the issue, as it uses DSA signatures to verify the downloaded files, so malware-tainted version reportedly would not pass the DSA verification process.

Peace Of Mind Isn’t Priceless.

Alex Athineos,
Swati Khandeiwai
The Hacker News

 

Hits: 1368
0
HACKERS STEAL FROM BANK ACCOUNTS USING SS7 Attack!!!!

Security researchers have been warning for years about critical security holes in the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks.

Cellular networks, on the other hand, have consistently been ignoring this serious issue, saying that it is a very low risk for most people, as the exploitation of the SS7 flaws requires significant technical and financial investment.

But some unknown hackers have just proved them wrong by recently exploiting the design flaws in the SS7 to drain victims' bank accounts, according to a report published Wednesday by German-based newspaper Süddeutsche Zeitung.

SS7 is a telephony signaling protocol created in the 1980s by telcos and powered more than 800 telecom operators across the world, including AT&T and Verizon, to interconnect and exchange data, like routing calls and texts with one another, enabling roaming, and other services.

Real-World SS7 Attack Scenarios


The global telecom network SS7 is vulnerable to several design flaws that could allow hackers to listen to phone calls and intercept text messages on a potentially massive scale, despite the most advanced encryption used by cellular network operators.

The designing flaws in SS7 have been in circulation since 2014 when a team of researchers at German Security Research Labs alerted the world to it.

So, the privacy concerns regarding the SS7 protocol is not new.

Last year, Karsten Nohl of German Security Research Labs demonstrated the SS7 attack on US Congressman Ted Lieu's phone number (with his permission) at TV program 60 Minutes and successfully intercepted his iPhone, recorded call, and tracked his precise location in real-time just by using his cell phone number and access to an SS7 network.

In a separate demonstration, the researchers from Positive Technologies last year also gave a demonstration on the WhatsApp, Telegram, and Facebook hacks using the same designing flaws in SS7 to bypass two-factor authentication used by the services.

Thieves Using SS7 Flaw to Steal Money From Bank Accounts


Now, Germany's O2 Telefonica has confirmed that the same SS7 weaknesses have recently been exploited by cybercriminals to bypass two-factor authentication (2FA) banks used to prevent unauthorized withdrawals from users bank accounts.

"Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January," an O2 Telefonica representative told Süddeutsche Zeitung. "The attack redirected incoming SMS messages for selected German customers to the attackers."

In short, cyber criminals exploited SS7 flaws to intercept two-factor authentication codes (one-time passcode, or OTP) sent to online banking customers and drained their bank accounts.

Here's How:


The attackers first spammed out traditional bank-fraud trojans to infect account holders' computers and steal passwords used to log into bank accounts, view accounts balance, along with their mobile number.

But what prevented the attackers from making money transfers is the one-time password the bank sent via a text message to its online banking customers in order to authorize the transfer of funds between accounts.

To overcome this issue, the cyber crooks then purchased the access to a fake telecom provider and set-up a redirect for the victim's phone number to a handset controlled by them. Specifically, they used SS7 to redirect the SMSes containing OTPs sent by the bank.

Next, the attackers logged into victims' online bank accounts and transferred money out, because as soon as the authorization codes were sent by the bank, instead of designated account holders, they were routed to numbers controlled by the attackers, who finalized the transaction.

Peace Of Mind Isn’t Priceless.

Alex Athineos,
Swati Khandelwai
The Hacker News

Hits: 1455
0
Intel Server Chipsets Launched Since 2010 Can BE HACKED REMOTELY!

Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability.

Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated my article based on the information provided by him.

A critical vulnerability has been discovered in the remote management features on computers shipped with Intel processors for past seven years (and not decade), which could allow attackers to take control of the computers remotely, affecting all Intel systems, including PC, laptops, and servers, with AMT feature enabled.

As reported earlier, this critical flaw (CVE-2017-5689) is not a remote code execution, rather Malyutin confirmed to The Hacker News that it's a logical vulnerability that also gives remote attackers an opportunity to exploit this bug using additional tactics.

This elevation of privilege bug resides in the Intel Management Engine (ME) technologies such as Active Management Technology (AMT), Small Business Technology (SBT), and Intel Standard Manageability (ISM), according to an advisory published Monday by Intel.

These remote management features allow a systems administrator to remotely manage large fleets of computers over a network (via ports 16992 or 16993) in an organization or an enterprise.

Since these functions are present only in enterprise solutions, and mostly in server chipsets, Intel claims that the vulnerability doesn't affect chips running on Intel-based consumer PCs.

But Malyutin told us that "Intel-based consumer PCs with official support of Intel vPro (and have Intel AMT feature enabled) could also be at risk," and "there is also a chance of attacks performed on Intel systems without official Intel AMT support."


According to the Intel advisory, the vulnerability could be exploited in two ways:

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel AMT and ISM. However, Intel SBT is not vulnerable to this issue.
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel AMT, ISM, and SBT.



How Bad is this Vulnerability


In short, a potential attacker can log into a vulnerable machine's hardware and silently perform malicious activities, like tampering with the machine, installing virtually undetectable malware, using AMT's features.

The PC's operating system never knows what's going around because AMT has direct access to the computer's network hardware. When AMT is enabled, any packet sent to the PC's wired network port will be redirected to the Management Engine and passed on to AMT – the OS never sees those packets.

These insecure management features have been made available in various, but not all, Intel chipsets from almost past seven years, starting from vPro-capable 5-series chipsets.

"Systems affected by this vulnerability are from 2010-2011 (not 2008, as was mentioned in some of the comments) because Intel manageability firmware version 6.0 and above was made not earlier than 2010," Embedi's brief post says. 

"There is also a chance of attacks performed on Intel systems without Intel AMT support."

Fortunately, none of these Management Engine features come enabled by default, and system administrators must first enable the services on their local network. So, basically if you are using a computer with ME features enabled, you are at risk.

Despite using Intel chips, modern Apple Mac computers do not ship with the AMT software and are thus not affected by the flaw.

Affected Firmware Versions & How to Patch


The security flaw affects Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel's AMT, ISM, and SBT platforms. However, versions before 6 or after 11.6 are not impacted.

Intel has rated the vulnerability as highly critical and released new firmware versions, instructions to detect if any workstation runs AMT, ISM, or SBT, a detection guide to check if your system is vulnerable, and a mitigation guide for those organizations that can not immediately install updates.

The chipmaker is recommending vulnerable customers install a firmware patch as soon as possible.

"Fixing this requires a system firmware update in order to provide new ME [management engine] firmware (including an updated copy of the AMT code). Many of the affected machines are no longer receiving firmware updates from their manufacturers, and so will probably never get a fix," CoreOS security engineer Matthew Garrett explained in a blog post. "Anyone who ever enables AMT on one of these devices will be vulnerable." 

"That's ignoring the fact that firmware updates are rarely flagged as security critical (they don't generally come via Windows Update), so even when updates are made available, users probably won't know about them or install them."

Malyutin told The Hacker News that they would release more technical details about this flaw in upcoming days, including different attack vectors for successful exploitation. We will update this article accordingly. Stay Tuned!

Peace Of Mind Isn’t Priceless.

 

Alex Athienos,
Swati Khandelwal,
The Hacker News

Hits: 1278
0
Insecure Apps Open Ports Leaving Millions of Smartphones at RISK OF HACKING!

A team of researchers from the University of Michigan discovered that hundreds of applications in Google Play Store have a security hole that could potentially allow hackers to steal data from and even implant malware on millions of Android smartphones.

The University of Michigan team says that the actual issue lies within apps that create open ports — a known problem with computers — on smartphones.

So, this issue has nothing to do with your device's operating system or the handset; instead, the origin of this so-called backdoor is due to insecure coding practices by various app developers.

The team used its custom tool to scan over 100,000 Android applications and found 410 potentially vulnerable applications — many of which have been downloaded between 10 and 50 Million times and at least one app comes pre-installed on Android smartphones.

Here I need you to stop and first let's understand exactly what ports do and what are the related threats.

Ports can be either physical or electronic in nature. Physical ports are connection points on your smartphones and computers, such as a USB port used to transfer data between devices.

Electronic ports are those invisible doors that an application or a service use to communicate with other devices or services. For example, File Transfer Protocol (FTP) service by default opens port 21 to transfer files, and you need port 80 opened in order to connect to the Internet.

In other words, every application installed on a device opens an unused port (1-to-65535), can be referred as a virtual door, to communicate for the exchange of data between devices, be it a smartphone, server, personal computer, or an Internet-connected smart appliance.

Over the years, more and more applications in the market function over the Internet or network, but at the same time, these applications and ports opened by them can be a weak link in your system, which could allow a hacker to breach or take control of your device without your knowledge.

Peace Of Mind Isn’t Priceless.

Alex Athineos,
Mohit Kumar
The Hacking News

Hits: 1195
0
Hajime Vigilate Botnet Growing Rapidly.  It Hijacks 300,000 IOT Devices Worldwide.

Last week, we reported about a so-called 'vigilante hacker' who hacked into at least 10,000 vulnerable 'Internet of Things' devices, such as home routers and Internet-connected cameras, using a botnet malware in order to supposedly secure them.

Now, that vigilante hacker has already trapped roughly 300,000 devices in an IoT botnet known as Hajime, according to a new report published Tuesday by Kaspersky Lab, and this number will rise with each day that passes by.

The IoT botnet malware was emerged in October 2016, around the same time when the infamous Mirai botnet threatened the Internet last year with record-setting distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn.

Hajime botnet works much like Mirai by spreading itself via unsecured IoT devices that have open Telnet ports and uses default passwords and also uses the same list of username and password combinations that Mirai is programmed to use.

However, the interesting part of Hajime botnet is that, unlike Mirai, once Hajime infects an IoT devices, it secures the devices by blocking access to four ports (23, 7547, 5555, and 5358) known to be the most widely used vectors for infecting IoT devices, making Mirai or other threats out of their bay.

Hajime also uses a decentralized peer-to-peer network (instead of command-and-control server) to issue updates to infected devices, making it more difficult for ISPs and Internet providers to take down the botnet.

One of the most interesting things about Hajime is the botnet also displays a cryptographically signed message every 10 minutes or so on infected device terminals, describing its creators as "just a white hat, securing some systems."

Peace Of Mind Isn’t Priceless.

Alex Athineos,
Swati Khandelwal

Tagged in: IoT Botnet
Hits: 1382
0
2 Million Android Phones HACKED!

It was thought that "only" 600,000 phones got hacked, but it was a mistake.  Android users who have mistakenly downloaded and installed malware on their devices straight from the Google Play Store has reached 2 MILLION!

Dubbed FalseGuide by the Check Point researchers, the malware creates a "silent botnet out of the infected devices" to deliver fraudulent mobile adware and generate ad revenue for cybercriminals.

Nearly 2 Million Android Users Infected!


While initially it was believed that the oldest instance of FalseGuide was uploaded to the Google Play in February and made its way onto over 600,000 devices within two months, further in-depth analysis by researchers revealed more infected apps which date back to November 2016.

Peace Of Mind Isn’t Priceless.

Alex Athineos,
Management

Hits: 1299
0

Posted by on in Binary Protectors News
4 SCARY Hacking Statistics!

Look, I have been talking about this for years.  Lately, people are taking notice.

It is estimated that nearly 30,000 websites are infected with some type of malware every single day.  Some attacks from recent history you may remember is the Target hack, where 70 million people had their information stolen, and also JP Morgan Chase where over 76 million households were affected and 7 million small businesses were compromised.  Many people tend to think that only large companies are targeted by hackers, but that is not the case.  Most of the businesses that are affected by hackers are small businesses and you do not want to be one of them!   Personal blogs, company websites, and large news sites, are just a few examples of the things hackers can target.  Wherever they see an easy target, they will do anything to capitalize on it by spreading malicious software or stealing information.  Some of these statistics will give you an idea about cyber attacks and how many people are affected by it.  

  • 1.  According to Stopthehacker.com “it takes only 10 minutes to crack a lowercase password that is 6 characters long. Add two extra letters and a few uppercase letters and that number jumps to 3 years. Add just one more character and some numbers and symbols and it will take 44,530 years to crack.”
  • 2.  Nearly three quarters, 73 percent, of all Americans have fallen victim to some type of cyber crime.
  • 3.  “In a recent survey it was reported that 90 percent of all businesses suffered some sort of computer hack over the past 12 months and 77 percent of these companies felt that they were successfully attacked several times over the same period of time.”
  • 4.  “Over 27 million Americans have fallen victim to identity theft over the past five years. 9 million of them found their identities stolen in the last year alone.”

Alex Athienos,
M
anagement

Hits: 1759
AVYCon 4 Camera 4MP Bundle with NVR.

AVYCon is an axcellent company providing cameras and NVR's.  This PoE Bundle is excellent with its 4mp dome cameras and NVR.  Excellent features.  THUMBS UP!

Alex Athineos,
Managment

Hits: 1389
0
Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable Windows PC's!!!

Last week, the mysterious hacking group known as Shadow Brokers leaked a set of Windows hacking tools targeting Windows XP, Windows Server 2003, Windows 7 and 8, and Windows 2012, allegedly belonged to the NSA's Equation Group.

What's Worse? Microsoft quickly downplayed the security risks by releasing patches for all exploited vulnerabilities, but there are still risks in the wild with unsupported systems as well as with those who haven't yet installed the patches.

Multiple security researchers have performed mass Internet scans over the past few days and found tens of thousands of Windows computers worldwide infected with DoublePulsar, a suspected NSA spying implant, as a result of a free tool released on GitHub for anyone to use. [CLICK HERE TO DOWNOAD]

Peace Of Mind Isn’t Priceless.

Alex Athineos,
Managment

Hits: 1260
0