Tuesday, 19 December 2017

1.4 Billion Plain Text Passwords leaked

1.4 Billion Plain Text Passwords leaked


A new collective database 41  GB Massive data of 1.4 billion usernames ,email and password combinations -properly sorted and arranged into three level directories.
The links to download are floating in the dark web sites from few days back ,it came into light little that to some one posted on Reddit few days ago from where also one can download a copy and can verify its authenticity.


The last updated data in the data base is in end of November ,as per researches it has been a collection of 252 previous data breaches and credential lists.

The scariest part is none of the passwords is true and as per researchers testing the passwords verified to be true.

This collection consists of 385 million new credential pairs .318 million new users and 147 million passwords collected from previous dumps.


Windows 10 Default Password Manager allows hackers steal passwords


Default Windows 10 Password Manager allows hackers steal passwords  



Running Windows 10, then chances for your machine to contain a Pre-installed software that allows hackers to steal your credentials remotely.


A new feature Content Delivery Manager installs "suggested apps" without user's permission.

Google Project Zero researcher Tavis Ormandy said that he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network.

The vulnerability affects the Keeper browser extensions, which, unless users opt out, are installed alongside the Keeper desktop application. The security hole allows attackers to steal passwords stored by the app if they can convince an authenticated user to access a specially crafted website.


Keeper released a patch within 24 hours of being notified by Ormandy. The fix has been rolled out with version 11.4.4 and it has already been delivered to Edge, Chrome and Firefox users via the browsers’ automatic extension update process. Safari users will need to manually update the extension.


“This potential vulnerability requires a Keeper user to be lured to a malicious website while logged into the browser extension, and then fakes user input by using a clickjacking and/or malicious code injection technique to execute privileged code within the browser extension,”
 Keeper said in a blog post informing customers of the vulnerability and the patch.

Tuesday, 31 January 2017

TRUMP'S INNAGURATION EFFECT:Majority of the CC TV'S have been Hacked in Washington DC

TRUMP'S INNAGURATION EFFECT:Majority of the CC TV'S have been Hacked in Washington DC

Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack.

Any guess, What kind of virus could have hit the storage devices?

Once again, the culprit is Ransomware, which has become a noxious game of Hackers to get paid effortlessly.

Ransomware is an infamous piece of malware that has been known for locking up computer files and then demanding a ransom in Bitcoins in order to help victims unlock their files.

Ransomware Infected 70% Surveillance Cameras in Washington D.C. 

This time the hackers managed to plant ransomware in 123 of its 187 network video recorders, each controlling up to four CCTVs used in public spaces throughout Washington D.C, which eventually left them out from recording anything between 12 and 15 January.

Officials told the Washington Post that the incident forced them to take the storage devices offline, remove the infection and rebooted the systems across the city, but did not fulfill any ransom demands by the hackers.

While the storage devices were successfully put back to rights and the CCTV cameras were back to work, it is still unclear if any valuable data was lost or if the ransomware infection merely crippled the affected computer network devices.


Washington's chief technology officer Archana Vemulapalli said the officials are now investigating the source of hacking, assuring that the incident was limited to the storage devices tied to closed-circuit TV system and did not affect other D.C. government networks.


Rise in Ransomware: Both in Numbers and Sophistication
Ransomware is the hackers sure-shot way to get paid effortlessly. The threat has been around for a few years, but nowadays it has become one of the most used types of hacking methods.

Recently, hundreds of guests of a luxurious hotel in Austria were locked out of their rooms when ransomware malware hit the hotel's IT system, and the hotel paid the attackers to get back the control of their systems.

We saw an enormous rise in Ransomware threats, both in numbers and sophistication. You would be surprised to know about Kill Disk data wiping software that encrypts files and asks for an unusually large ransom of around $218,000 in Bitcoins, but did not provide decryption keeps even after the payment has made.

Another weird ransomware variant was Popcorn Time that was designed to give victims options to either pay a ransom to hackers or infect two more people and have them pay the ransom to get a free decryption key.

Wednesday, 9 November 2016

HOW RS 500 AND RS 1000 NOTES BAN WILL EFFECT COMMON MAN !!



November 8th 2016 will go down in Indian history as a red letter day. It marks the day, Indian economy moved from Black economy to white.

In what will be known as a ground breaking, historical move, On November 8th, Prime Minister Narendra Modi announced the demonetization of Rs 500 and Rs 1000 currency notes.

So what does this mean for the common man?

India had been a cash based economy. Nearly 14 Lakh Crore Rupees is in currency notes - about $220 billion worth, is held in cash notes of Rs 500 & Rs 1000. This implies that the impact to Indian economy will be huge - very huge.

Impact on Common Man

Day-1-10: Near panic in local markets. Number of transactions drop by more than 50%. Today on November 9th, almost all businesses have reported more than 50% drop in transactions. I chatted with a Uber driver and a small coffee shop owner. Both reported the same. Uber driver was willing to give me 10% discount for cash payment in Rs 100 notes vs PayTM!

Common people in cities will rush towards digital payments like PayTM.

Immediate impact: Deep Deflation. The amount of money in circulation will drop dramatically while supply of goods will remain stable - hence prices of goods will drop.

Gold prices, stock prices, commodity prices will drop. People will congratulate government for making this bold move. BJP will win elections in UP and Punjab.

Day-10-50: People who have legally earned cash, will start depositing it in bank. This will help improve bank's Cash Reserve Ratios and increase bank deposits. This will lead to more lending. Increase lending activity will make it easier for legal businesses to raise capital and economy will grow.

People who have earned their money illegally, such as bribes, smuggling, Narcotics etc. will have a big problem on their hands. These people will be afraid to deposit it in a bank. Some of them will find ways to deposit this money into a bank, and will declare it as income and pay taxes on it.

Many of these guys - who had easy money flowing will continue to stay out of legal system and will count on their luck or bad luck and sit on their stash of Rs.500 and Rs.1000 notes. This money will be effectively taken out of circulation and that aids deflation.

Day 50-200


Deflation will ease out, and inflation will return. Inflation will happen slowly because lending activities will not happen overnight and will take time. Lending will broaden money supply, creating demand for raw materials and capital goods. This leads to a steady growth of Indian economy.

Real Estate prices will crash. Builders & developers who were eager to sell for cash can no longer sell. They will be forced to lower the price by 10-20%. Already by 1 PM on November 9th, Share prices of DLF is down 21%!

Real estate developers will have to wait for demand from white economy to pick up. Once the economy picks up and with easy availability of bank loans, real estate prices will come back to pre Nov. 8th levels, and by end of 2017, the robust demand will ensure real estate prices to go up.

Real estate developers will be forced to go with legal transactions and play in white economy.

Big Losers


The biggest losers in this are corrupt government officials & Politicians who are sitting on tonnes of cash. They cannot convert the older de-monitized notes to newer ones to avoid risk of tax investigations, and will be willing to lose their illegal money.

Real Estate businessmen, who cannot convert all their hordes of cash will also be hurt by low demand.

Other illegal business owners: Money lenders, hawala finance transactions. These people will find it difficult to conduct their business in the new system. Particularly when government can track newer Rs 2000 currency notes via RF chips.

Closing Thoughts

This is just my opinion based on my knowledge of economy. I may be wrong in some aspects, but overall I am sure Indian economy will go through a cycle of deflation, followed by robust growth and the some creeping inflation.

Let's wait and see how things pan out!

GOOGLE CHROME BROWSER VULNERABILITY MADE 300,000 ANDROID DEVICES HACKED!!!!

A vulnerability in Chrome for Android is actively being exploited in the wild that allows hackers to quietly download banking trojan apps (.apk) onto victim's’ device without their confirmation.

You might have encountered a pop-up advertisement that appears out of nowhere and surprise you that your mobile device has been infected with a dangerous virus and instructs you to install a security app to remove it immediately.

This malicious advertising web page automatically downloads an Android app installation (.apk) file to your device without requiring any approval.

Citing malware threats on your mobile device, attackers trick you to change your device's settings to allow installation of the third-party apps from stores other than Google Play Store and install the banking trojan app on your device.

Kaspersky researchers Mikhail Kuzin and Nikita Buchka discovered one such widespread malicious advertising campaign across Russian news sites and popular websites.

Since this August, the Trojan has infected over 318,000 Android devices across the world — thanks to Google AdSense advertisements that was being abused to spread malicious mobile banking trojan, dubbed Svpeng.

"When an APK file is broken down into pieces and handed over to the save function via Blob() class, there is no check for the type of the content being saved, so the browser saves the APK file without notifying the user," the duo explains in a blogspot.

Google has acknowledged the issue, blocked the malicious ads and planned to patch it, although it is unclear when the next Android Chrome version will be released.
However, if Google sticks to its six-week release cycle, users can expect an update on 3rd December 2016. So, malicious actors have over three weeks to exploit the flaw.

"[The] next time they (criminals) push their adverts on AdSense they may well choose to attack users in other countries; we have seen similar cases in the past; After all, what could be more convenient than exploiting the most popular advertising platform to download their malicious creations to hundreds of thousands of mobile devices?" the pair say.

Even if the Google patch this issue with its next software update, attackers still have an evergreen technique to trick users into downloading malicious apps by exploiting vulnerabilities in popular websites.

For example, a recently disclosed XSS (Cross-Site Scripting) flaw, discovered by Indian security researcher Jitendra Jaiswal, on WhatsApp's official websites could allow attackers to trick users into downloading malware applications.

So, it is always a good idea to install apps from official Google Play Store as well as not to change default Android settings that prevent the installation of third-party apps.

So, the best recommendation for users is to think twice before installing any app (no matter how legitimate it looks) from untrusted sources or clicking on suspicious-looking links.

Tuesday, 8 November 2016

FACEBOOK BANNED FROM COLLECTING WHATS APP USER DATA IN UK!!!

 FACEBOOK BANNED FROM COLLECTING WHATS APP USER DATA IN UK!!!

In August, Facebook introduced a hugely controversial data plan to start harvesting data from its WhatsApp messaging app from September 25 for delivering more relevant ads on the social network.

Many users were not happy with the move, because there was no real way of opting out from the data sharing – WhatsApp users could only do so within a short period – and even if users did opt out then, some data would still be shared.

Eventually, some countries like Britain stood up and opposed the decision.

The Information Commissioner's Office (ICO) of the United Kingdom has asked Facebook and WhatsApp to better explain the changes to its customers in the U.K. And if they don't, the ICO could hand out a heavy fine.


What's the good news?

In response, the social media giant has agreed to "pause" sharing of data, including their phone numbers, between WhatsApp and Facebook in Britain to target advertisements on its core social network.

"We have now asked Facebook and WhatsApp to sign an undertaking committing to better explaining to customers how their data will be used, and to giving users ongoing control over that information," Elizabeth Denham, the Information Commissioner, wrote in a blogspot.

"I don't think users have been given enough information about what Facebook plans to do with their information, and I don't think WhatsApp has got valid consent from users to share the information.

"When Facebook announced this deal late August, Denham said she would investigate the changes to the Britain's data protection laws, and has now issued an update revealing the social networking giant has agreed to hold off data sharing from UK users.Denham said that its users right to have control over their data and she now wanted Facebook and WhatsApp to let users restrict access to their information beyond the existing 30-day period, and let them completely opt-out of the agreement at any time.

When Facebook acuired whatsapp for $19billion in 2014, users were worried about the company's commitment to protecting its users' privacy. But, WhatsApp reassured them that their privacy would not be compromised in any way.

But after the deal, the WhatsApp users felt betrayed by the company.

After introducing end-to-end encryption, WhatsApp has become one of the most popular secure messaging apps, but this shift in its privacy policy may force some users to switch to other secure apps like Telegram and Signal.

Neither Facebook nor WhatsApp has yet responded to the Information Commissioner's announcement.

Monday, 7 November 2016

DDOS ATTACKS ON WIKILEAKS:US ELECTIONS EFFECT

Wikileaks Gets DDoS after Leaking 8,200 DNC Emails One Day before Elections

With just two days before the presidential election, WikiLeaks late Sunday night published a new trove of emails apparently hacked from the Democratic National Committee (DNC).

The most recent dump of more than 8,000 emails came after the whistleblowing site, on a daily basis over last four weeks, has already leaked over 50,000 emails stolen from the key figure in the DNC – Hillary Clinton's campaign chairman John Podesta.

However, this time, not everything went as planned by WikiLeaks.

WikiLeaks early Monday morning announced on Twitter that shortly after the release of hacked DNC emails the organization was the target of a major Distributed Denial of Service (DDoS) attack.

What's more?

Soon after WikiLeaks reported the DDoS attack on its email publication servers, Twitter also went down, and the outage lasts for at least 30 minutes.

According to a status monitor, the Twitter outage began at around 6.45am GMT and continued for nearly half an hour, though reports suggested that the impact vary from user to user and many users were still experiencing issues in Japan over a couple of hours later.

Here's what WikiLeaks then posted on its Facebook page:

"We are still under a DoS attack on our e-mail publication servers, and it appears that Twitter is down as well, we are unable to confirm if this is an attack on Twitter at this time."


WikiLeaks Down! Twitter Down! Any Connection?



At this moment, there is no connection between both the incidents, although some Twitter users quickly linked the two outages.

"Twitter went down because Wikileaks released #DNCleak2 It has begun! They are trying to suppress the truth from coming out!!!," a Twitter user said.
"So Twitter was down due to the #DNCLeak2 released by @wikileaks - we should be worried, global censorship is heading our way," another user said.

One of the leaked emails saw former Clinton Foundation fundraiser Doug Band slamming Chelsea Clinton for allegedly spending funds from the Clinton Foundation to help pay for her wedding.

Earlier this year, the FBI argued to investigate the Clinton Foundation for potentially giving donors special favors and political access, but just yesterday, the agency cleared Clinton of any criminal wrongdoing after a review of the latest trove of her leaked official emails.