Apple is working on New iPhone and Even It Can not be Hack

1
Apple started working on implementing stronger security measures “even it can’t hack” to achieve un-hackability in its future iPhones.
The Federal Bureau of Investigation (FBI) is deliberately forcing Apple to create a special, backdoored version of iOS that could let them brute force the passcode on Farook’s iPhone without erasing data.
However, the FBI approached the company to unlock the shooter’s iPhone 5C in various ways like:
  • Create a backdoor to shooter’s iPhone.
  • Disable the Auto-destruct feature after numerous tries.
  • Increase the brute force time to try out all combinations.
  • Minimize the time of waiting for a window after each try.

New iPhones will be Unhackable

Apple has taken this sensitive issue on top priority in their stack to solve the privacy and security of public by covering any existing way out (if any).
According to the New York Times, Apple is working on new security measures that would prevent the governments or federal enforcements from using passcode bypassing techniques to access iPhones or any iOS devices in the future.
This breakthrough would ensure that the upcoming Apple products would not be subjected to any susceptibility by any means.
In short, the main highlight of this move is that even Apple could not be able to intercept into their customer data whether it is for criminal identification demand from FBI or any government spying agency like NSA.
In San Bernardino shooter’s case, Apple helped the FBI in every possible way by providing iCloud Backup of Farook and suggesting other alternative ways to view his iPhone data.
But, Apple refused to the FBI Request and Californian Judge demands for the backdoor creation in order to pull out the terrorist data from iPhone 5C.
“The only way we know would be to write a piece of software that we view as sort of the software equivalent of cancer. We think it’s bad news to write. We would never write it. We have never written it,” stated Apple CEO Tim Cook in an interview.
Advertisements

State-sponsored hackers spread backdoors in Middle East

APT28-Russian-hacker-cyber-espionage

Symantec’s threat report revealed that two hacking groups of state-sponsored threats have been using backdoors to spy on targets in Iran and other nations in the Middle East.

The two groups are known as ‘Cadelle’ and ‘Chafer’ and each of them uses their custom-developed backdoors. While Cadelle with its five member team uses backdoor ‘Cadelle’, Chafer’s backdoors are known as ‘Remexi’ and ‘Remexi B’ developed by its ten member team.

Both backdoors are capable enough to open connections and help attackers steal data from infected systems.

Reports by Symantec are of the view that the two groups which are targeting political dissidents from Iran and airports and telecommunications companies from other Middle East countries may be doing so with the intention to keep an eye on the movements of their targets.

Chafer has been using SQL injection attack to compromise servers and drop Backdoor, Remexi  to infect its targets but the technique of Cadelle is not known yet.

After infecting targets, the backdoors can harm hugely. They can be used to gather and steal passwords, intercept document print commands, record audio via infected devices, take screengrabs, record webcam feeds, log keystrokes, log opened applications, and gather system and clipboard information.

First attackers using these backdoors were spotted in 2014 but the clues from each group’s code reveal that they might have used it in 2011.

Indian hackers attack Pakistan websites to pay tribute to people killed in 9/11

image

In order to mark the fourth anniversary of the Mumbai terror attack famous as 9/11, which took place on 26 November, 2008, two Indian hacking groups on Thursday targeted more than 130 governmental and non-governmental websites of Pakistan.

After the cyber-attack, it seems the enmity between Pakistan and India has gone up to the next level. The cyber-attack was not the new case for both of the countries.

A hacker group called Mallu Cyber Soldiers had attacked many Pakistani websites, including official government portals such as pakistan.gov.pk, president.gov.pk and cabinet.gov.pk, as a response to the attack on the Kerala government website on 27 September.

During that attack, those Pakistani hackers had displayed a message, praising Pakistan, along with a picture of a burning Indian National Flag.

A message like “Struck By Faisal 1337. Official Website Government of Kerala Hacked! Pakistan Zindabad. We Are Team Pak Cyber Attacker. Security is just an illusion”, was posted in the website.

Now, the hacking groups were identified as Indian Black Hats (IBH) and Kerala Cyber Warriors (KCW). Both of them said to have attacked the websites in order to pay tribute to the dead people during the Mumbai attack.

“It is cyber pay back for 26/11 Mumbai attack against Pakistan,” a hacker of Kerala Cyber Warriors team told IBTimes India. It just took a day for us to hack all these 125 sites with the background song “Oru Yathramozhiyode from Mohanlal’s Kurukshetra movie. We have access to many Pakistan servers, so the defacing was easy.”

On the same day, another hacking group IBH attacked almost 10 Pakistani websites and other domains.

“Indian Black Hats is a team with members from all over India and it is in cyber space from 2011 with the name Indian Cyber Devils. Now this year the name was changed to the recent one. We have not harmed these websites, but just uploaded a file as a pay back for 26/11 attacks,” one hacker of IBH told IBTimes India.

——–myabhya——–
(Perfect Training Center)

IT management firm LANDESK hacked

image

IT management firm LANDESK, which provides IT and security management services, has alerted its employees of a possible data breach.

The company recently warned its employees in a letter dated 18 November 2015, that hackers have obtained personal information, including names and social security numbers, of some LANDESK employees and former Wavelink employees.

On 25 November 2015, LANDESK stated that “We recently became aware of some unusual activity on our systems and immediately initiated safeguards as a precaution and began an investigation. As part of our ongoing investigation in partnership with a leading computer forensics firm, we recently learned that a small amount of personally identifiable information for a limited number of our employees may have been accessible during the breach. While no data compromises of personally identifiable information are confirmed at this point, we have reached out with information and security resources to individuals who may have been affected. The security of our networks is our top priority and we are acting accordingly. The few employees who may have been affected were notified promptly, and at this point the impact appears to be quite small.”

It was learnt from an unnamed LANDESK employee that the breach was first observed in June 2014 and was discovered when several employees complained about slow Internet speeds. The employee informed that the company has found remnants of text files with lists of source codes, and build servers  that the attackers compiled. He added that the attackers are slowly archiving data from the build and source code servers, uploading it to LANDESK’s web servers, and downloading it.

Claiming the breach as a speculation, LANDESK confirmed that security is and will continue to be a high priority for the company. 

——–myabhya——–
(Perfect Training Center)

Hilton payment system attacked

image

Last time Huge card breach at Hilton Hotel propertiesand then after its payment system attacked. One of the largest US based hotel chain Hilton revealed that hackers had infected some of their point-of-sale computer systems with malware crafted to steal credit card information.

They didn’t disclosed what data was taken, but cautioned everyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and July 27 of this year to check for any irregular activity from their debit or credit cards.

In an online post Hilton said that the Malware that infected system had a potential to retrieve cardholders’ names, account numbers, security codes and expiration dates.

They further wrote that they are investigating the breach with the help of third-party forensics experts, law enforcement and payment card companies.

Starwood hotels, which operate the Sheraton and Westin chains, announced four days before Hilton that hackers had attacked their payment system resulting in leaking of customer credit card data in some of their establishments.

“The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date,” the group said in a statement.

Starwood and Hilton are not the only one whose payment system has been hacked but last month Trump hotels has face the similar incidence of cyber attack.

“We believe that there may have been unauthorised malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels,” Trump Hotel Collection said at a website devoted to details of the incident.

According to Trump hotels, the access could have taken place in between May 19 of last year and June 2 of this year.

Brian Krebs, cyber threat blogger at KrebsonSecurity.com explained the cyber attack on payment systems as “just the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments.”

——–myabhya——–
(Perfect Training Center)

Dell says “sorry” for installing vulnerable digital certificate

image

Dell has apologized as it confirmed via a blog post that a certificate (eDellRoot), installed on its PCs that introduced a security vulnerability.

It is said that the certificate allows attackers to cryptographically impersonate HTTPS-protected websites. However, the company has issued a software tool that removes the transport layer security credential from affected machines.

The certificate will not reinstall itself, once it is properly removed using the recommended Dell process.

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it,” the company said in the blog post.

According to the blog post, Dell’s customers, Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, informed the company about the presence of such certificate on its PC.

Dell has claimed that the certificate was not a malware but was there to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service their customers.

“We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward,” the company added. 

——–myabhya——–
(Perfect Training Center)

Cyber Caliphates hack Twitter accounts of heads of Security Agencies of America

image

A group called ‘cyber caliphates’ setup by British ISIS fighter Junaid Hussain hacked about 54,000 Twitter accounts and posted personal details of heads of America’s security agencies on November 01.

The personal details posted online included passwords and phone numbers of CIA, FBI and NSA heads.

The attack was initiated in retaliation for the drone attack that killed Hussain in August.

Hussain led IS’s computer hacking division and was killed by a US drone in a joint operation with the UK. His widow, mother-of-two Sally Jones who is popularly known as ‘Mrs Terror’ is on a Government list of the most dangerous British recruiters for IS.

Since their leader’s death, Cyber Caliphate, which briefly took control of a Pentagon-owned Twitter account in January, has kept a low online profile.

Experts described it as a worrying escalation of the global cyber war.

The group also tweeted that they had details of members of the Saudi royal family, although this could not be verified.

Having spent several months apparently harvesting sensitive data, the details of the hot shots of security agencies were posted at 9 pm (GMT 1530 hours) on Sunday and till 11 pm (GMT 1730 hours) when Twitter was contacted by a security agency, it had suspended Cyber Caliphate’s account.

Among those affected are mostly believed to have Saudi Arabia orgins but some are feared to be British nationals as well.

It was not immediately clear how the hacked accounts were used. Victims were also unaware they had been hacked.

The incident came after the Government announced that the internet activity of everyone in Britain will have to be stored for a year under new surveillance laws.

 Cyber Caliphate is a group of hackers which is directly linked to ISIS.

In May, the hackers linked to the group who were involved in hijacking of social media accounts belonging to the US CENTCOM published a video threatening crippling cyber attacks against Europe, United States, Europe and Australia. The terrorists claimed to have the necessary cyber capabilities to spy on Western communications.

——–myabhya——–
(Perfect Training Center)

Hackers target ‘Internet of Things’ to launch various attacks

image

Today, most of the insecure embedded devices connected to the Internet like CCTV cameras, routers and often called as Internet of Things (IoT) are being targeted or hacked in any cyber attacks.

Imperiva Incapsula, a security firm, has revealed about a DDoS (distributed denial of service) attack. The attack was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras or closed-circuit television (CCTV) cameras protecting businesses around the world instead of a typical computer botnet.

The researchers from the security firm posted in its blog informing about the attack which peaked at 20,000 requests per second and originated from around 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.

All compromised devices were running embedded Linux with BusyBox—a package of striped-down common Unix utilities bundled into a small executable, designed for systems with limited resources.
“Further investigation of the offending IPs showed that they belonged to CCTV cameras, all accessible via their default login credentials. And that’s not all. Looking through the camera lens we also spotted a familiar sight—a storefront in a mall located not five minutes away from our offices,” they said in the blog post.

The researchers said that they were able to meet with the store owners, showed them how their CCTV cameras were abused to attack our clients and help them clean the malware from the infected camera’s hard drive.

They claim in the blog post that among the 245 million professionally installed surveillance cameras operating around the world. However, there are more than million that were installed by unqualified professionals, with even fewer security precautions.

“Even as we write this article, we are mitigating another IoT DDoS attack, this time from an NAS-based botnet. And yes, you guessed it, those were also compromised by brute-force dictionary attacks,” they added.

So, whether it is a router, a Wi-Fi access point or a CCTV camera, default factory credentials are there only to be changed upon installation. 

——–myabhya——–
(Perfect Training Center)

Kemoge mobile malware infecting more than 20 countries

image

If you are Android user and you have an app
Talking Tom 3, Smart Touch, Privacy Lock then
you should be vary.

FirmEye, a Security and cyber-attack firm tracked down a new mobile malware that is threat in more than 20 countries worldwide.

Kemoge, an Android-affecting malware which you can install via ads, poses a security threat. The
apps are duplicates of software that can be found on the Google Play Store; the key difference is that they attack the user’s device after installation.

On its blog, FireEye says, “The attacker uploads the apps to third-party app stores and promotes the
download links via websites and in-app ads. Some aggressive ad networks gaining root privilege can
also automatically install the samples. On the initial launch, Kemoge collects device information and uploads it to the ad server, then it pervasively
serves ads from the background. Victims see ad banners periodically regardless of the current activity (ads even pop up when the user stays on the Android home screen).”

Your data such as the phone’s IMEI, IMSI, and storage information are then remotely sent to a third-party server.

FireEye said that “Kemoge has self-preservation features, and can uninstall other software including
anti-virus applications. Google has been notified of the threat, and everyone else is advised not to
download dodgy looking things from third-party websites.”

FireEye suggest Android users not to click on the suspicious links from emails/SMS/websites/
advertisements, don’t install apps outside the official app store, Keep Android devices updated to avoid being rooted by public known bugs.

——–myabhya——–
(Perfect Training Center)