Chinese Electronic Cigarette’s Charger Spreading Malware

The electronic cigarette is nowadays easily available at a very affordable price. On eBay, we can get it for around $5. But recently, an IT Security guy has started a thread where he stated that the e-cigarette has compromised the computer of his boss, and this can be considered as the very first side effect of the electronic cigarette.

According to the thread, the malware was hard coded in the charger, giving the IT guys trouble in identifying it. The executive's system was fully protected with up to date antivirus as well as anti-malware. After trying all possible technical way to find the source of the malware, they had to ask the executive if he recently had any change in his life. The executive stated that he started using the e-cigarette which he usually charges from his computer.

And that was the answer they were looking for, the made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system.

To protect you from such risk, disable the data pins on the USB. This will prevent exchange of information.

Source:[Click Here!]

InfoTech 2014 Will Focus On CyberSecurity

The 21st edition of InfoTech will be held from Thursday 27 to Sunday 30 November 2014 at the Swami Vivekananda International Convention Centre, Pailles, Mauritius. Over 100, 000 is expected to visit this event. Tassarajen Pillay Chedumbrum, the actual ICT minister of Mauritius along with members of the National Computer Board stated that this year they will focus on Cyber Security, which is a key element in the field of computer science. They will seize this opportunity to inform the general public about the importance of cyber security.

With recent vulnerabilities discovered in Mauritian government website and having the government lottery website defaced twice, many will want to know what will they be talking about. IT Security professionals of the country will surely seek answers from the National Computer Board which will be present on this occasion.

#OpKKK Launched By Anonymous

After threatening of using lethal force against Ferguson protesters, Anonymous hackers have launched an operation called #opKKK. This was announced through a video which they posted on Youtube. By the time of publishing, the twitter account of Ku Klux Klan(@KuKluxKlanUSA) was already hijacked. And the website kkk.com was unavailable. Find below the video and the transcript.

 
Transcript
Published on Nov 17, 2014
Greetings world, we are Anonymous
KKK it has came to our unfortunate attention that you have been interfering with Anonymous.
We are not attacking you because of what you believe in as we fight for freedom of speech…
We are attacking you because of what you did to our brothers and sisters at the Ferguson protest on the 12th of November.
Due to your actions we have started Operation KKK. The aim of our operation is nothing more than Cyber Warfare. Anything you upload will be taken down, anything you use to promote the KKK will be shut down.
DDos attacks have already been sent and have infiltrated your servers over the past 2 days… d0x's have also been launched on leaders of the KKK. All information retrieved will be given to the public.
You messed with our family and now we will mess with yours…
Let the cyber war begin.
We are legion.
We do not forgive
We do not forget
Ku Klux Klan you should have expect us.
Twitter Account

Trojan SMS App Was On Play Store For More Than A Year

Thai Fun Content, a malicious application pretending to be a downloader for wallpapers, music and videos on Android was recently discovered on Google Play by researchers from Malwarebytes.
The Trojan application requests its victims to send SMS to a premium number in exchange of the downloaded contents. When doing so, the victims actually subscribe to a daily feed. The application was last updated on August 2013 which according to Nathan Collier from Malwarebytes, was most likely the date the application was added to Play Store.

Source: [Malwarebytes Blog]

18 Vulnerabilities Fixed in Flash Player

Adobe has released security updates for flash player for all platforms in which a total of 18 vulnerabilities were addressed. These vulnerabilities could allow attacker to take control of affected system. Adobe is advising all users to update to the latest version.

  • Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223.
  • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.252.
  • Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.418.
  • Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
  • Users of the Adobe AIR desktop runtime should update to version 15.0.0.356.
  • Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.356.
  • Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.356.

Several researchers were credited for discovering these vulnerabilities, namely,

  • Ian Beer of Google Project Zero (CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0589, CVE-2014-0590)
  • bilou working with the Chromium rewards program (CVE-2014-0574)
  • bilou through Verisign’s iDefense Vulnerability Contributor Program (CVE-2014-0588, CVE-2014-8440)
  • Behrang Fouladi and Axel Souchet of Microsoft Vulnerability Research (CVE-2014-8442)
  • Haifei Li of McAfee Labs IPS Team (CVE-2014-0583)
  • Liu Jincheng and Wen Guanxing of Venustech ADLAB (CVE-2014-8438)
  • Nicolas Joly (CVE-2014-0582)
  • Lucas Leong of TrendMicro (CVE-2014-0581)
  • Tavis Ormandy and Chris Evans of Google Project Zero (CVE-2014-0573, CVE-2014-0576)
  • Natalie Silvanovich, working with Google Project Zero (CVE-2014-0577)
  • SuperHei of KnownSec (CVE-2014-8441)
  • Anonymously reported (CVE-2014-8437)

Source:[Adobe]

Maurihackers Celebrating its 3rd Anniversary

Today, 9th November 2014, we are celebrating our 3rd anniversary. On this occasion, we would like to thank all our readers, hackers, news providers and our friends who have been supporting us during these successful years.

We are proud to be the only Mauritian website which provides news relating solely to IT security and hacking. We have been reporting several security issues lately and we promise, we will continue our work for the coming year.


Thanking you all
Maurihackers - Mauritian Hacker Society






The MNIC Website Is No More Available

The Mauritius National Identity Card website which has been online for more than one year is no more available. Any person visiting the website will see the message "This website is no more available." on a white plain webpage. And yet, the domain registration was recently updated, that is, on the 2014-10-28 and that for a period ending 2015-05-08. Visiting the MNIC Facebook official page, we also noticed that it was last updated on the 26th September.
This is the same website which Ish Sookun,the Linux expert reported as vulnerable, where several users' personal information were accessible. Did they abandon the project even if not all Mauritian have given their fingerprints?

We made a mirror of how the website is at the time of publishing in case they change it, http://www.zone-h.org/mirror/id/23217451

Source: [MNIC.MU]

Visitors

Free counters!

Receive all updates via Facebook. Just Click the Like Button Below...

Powered By MauriHackerS

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !