Crashing WhatsApp By sending A Huge Amount of Emojis

Security researcher Indrajeet Bhuyan has discovered another issue in WhatsApp messenger. The first bug was discovered last year where he discovered that by sending text messages of few thousands work, WhatsApp would crash on desktop and Android version whereas on iOS it would freeze for a short time. This bug was later patched by WhatsApp.

This time Mr Bhuyan discovered a flaw which can be used to crash WhatsApp mobile app and whastapp Web ( which is the PC version of the same ).
According to Mr Bhuyan, WhatsApp web allows 65500-6600 characters and after typing around 4200-4400 smiley, the browser starts to slow down. Since the limit of characters allowed is not reached, the attacker can continue inserting. When a user receives the message, it will overflows the buffer and crashes WhatsApp.

POC VIDEO

Cybercriminals Increasingly Targeting Apple Products

In one of its annual threat landscape reports, security firm Symantec stated that there has been a rise in malware targeting Apple operating system, both Mac OS X and iOS. With the increased popularity in recent years, attackers have begun developing more malware to infect Apple products. The threats have not only grown in numbers but have also diversified.
In 2013 Symantec did not detect any new malware targeting iOS but in 2014, three new threats were detected and seven in the first 9 months of 2015. A full list of all the threats targeting iOS and Mac OS can be found in the report below.

Download full report [Here!]

Underwear Thief Used Social Media Location Data To Find Victim's Home


Arturo Galvan, a 44 year old man from Los Angeles, has been using social media websites Instagram to find out where his victims lived, to steal their computer, iPads, panties and bras.

Galvan identified his victims by hanging out on public gathering places in Fullerton and Orange and searched for social media posts where people 'checked in'. He then allegedly searched through the victim's posted pictures through GPS data attached to the digital images and mapped them to find out where they live.

At his place, a garage-full of stolen items consisting of bras, panties and electronic devices were found. He was arrested last week and faces charges of burglary, receiving stolen property, and peeping and prowling. Galvan was released from jail Saturday after posting bail of $200,000.

Readers, do check your social media accounts and apps settings for your privacy.

Read More: [Fullerton Police]

Google Patches 19 Vulnerabilities in Latest Android Update

On Monday Google released its December Nexus Security Bulletin,in which, 19 bugs were addressed. This updates is for builds LMY48Z or later and Android Marshmallow.

The 4 critical vulnerabilities are:
  • Remote Code Execution Vulnerability in Mediaserver(CVE-2015-6616)
  • Remote Code Execution Vulnerability in Skia(CVE-2015-6617)
  • Elevation of Privilege in Kernel(CVE-2015-6619)
  • Remote Code Execution Vulnerabilities in Display Driver(CVE-2015-6633/CVE-2015-6634)

The 12 high vulnerabilities are:
  • Remote Code Execution Vulnerability in Bluetooth(CVE-2015-6618)
  • Elevation of Privilege Vulnerabilities in libstagefright(CVE-2015-6620)
  • Elevation of Privilege Vulnerability in SystemUI(CVE-2015-6621)
  • Elevation of Privilege Vulnerability in Native Frameworks Library(CVE-2015-6622)
  • Elevation of Privilege Vulnerability in Wi-Fi(CVE-2015-6623)
  • Elevation of Privilege Vulnerability in System Server(CVE-2015-6624)
  • Information Disclosure Vulnerabilities in libstagefright(CVE-2015-6626/CVE-2015-6631/CVE-2015-6632)
  • Information Disclosure Vulnerability in Audio(CVE-2015-6627)
  • Information Disclosure Vulnerability in Media Framework(CVE-2015-6628)
  • Information Disclosure Vulnerability in Wi-Fi(CVE-2015-6629)

The two moderate vulnerabilities are:
  • Elevation of Privilege Vulnerability in System Server(CVE-2015-6625)
  • Information Disclosure Vulnerability in SystemUI(CVE-2015-6630)

We advise our readers who are using affected devices to apply the patches as soon as they receive it.

Source:[Click Here!]

Computer Security Day Conference in Mauritius


"Computer Security Day was started in 1988 to help raise awareness of computer related security issues. The goal is to remind people to protect their computers and information. This annual event is held around the world on November 30th."
On this occasion, CERT MU, a branch of the National Computer Board of Mauritius, organised a Conference at Ebene to talk about the latest cyber threats. This conference was organised in collaboration with Symantec, Secure Services (Mauritius) Limited, Valiant Technologies, Fortinet, Oracle, IBM and PriceWaterhouseCoopers. Speakers from Mauritius and abroad were invited to discuss about the current challenges and future opportunities in cyber security. All major IT Companies of the Mauritius were invited to this event and were able to interact with the local and international speakers.

Topics which were covered during the conference,
  • Security Trends in the IoT World by Dr. K. Rama Subramaniam, Director & CEO of Valiant Technologies Group, United Arab Emirates.
  • Security Intelligence to protect against threats by Mr. Shamiel Bhikha, Technical Expert IBM Security Systems, Software Group, South Africa.
  • Breaking the Kill Chain with Advanced Threat Protection by Mr. Brett Bester, Major Account Manager,Fortinet, South Africa.
  • Security in Silicon by Mr. Roshan Gokhool, Systems Territory Manager,ORACLE, Mauritius.

PayPal Phishers Hacked Website Operated By World Bank

Hackers have penetrated a website operated by World Bank Group and were able to host a PayPal phishing site there. By doing so, the fraudulent site was benefiting from a valid Extended Validation SSL certificate.
The phishing website was hosted on Climate-Smart Planning Platform website (climatesmartplanning.org) and seems genuine. Once users were putting their credentials, they were prompted that their user account was unable to load with a button below which asked them to confirm there "informations" in order to access their account.
On the next page, the users were asked to fill a form which included details like, victim's name, date of birth, address and phone number. After submitting, users were prompted to enter their full card number and the CVV number. If the victims selected ‘Verified by Visa or MasterCard SecureCode’ checkbox, they were prompted to enter their 3-D Secure password, allowing the attacker to make online purchase where there are additional security layers.

After submitting all the details, the victim was redirected to the official Paypal website. At the time of publishing, the website was unavailable, with a message “website under maintenance” desiplayed. If you have fallen victim of this phishing attack, we advise you to change your password as soon as possible and to contact your card provider.


Source:[Click Here!]

Anonymous Hackers Declare War On ISIS After Friday Attack (Video)


In a video posted on YouTube, Anonymous hackers have declared war on ISIS. Several small groups of Anonymous around the globe are joining hand to track down ISIS members. They did it in a previous operation where Islamic State's members were tracked, hacked, unmasked and had their Twitter accounts were reported. Below are the videos which Anonymous posted,

English Version

 
Transcript 
Hello citizens of the world.
We are anonymous.
The aftermath of Friday, November 13, 2015.
France is shocked by the events caused by terrorism in the capital.
We first wish to express our sorrow and our solidarity with the victims, the injured, and their families.
To defend our values and our freedom, we're tracking down members of the terrorist group responsible these attacks, we will not give up, we will not forgive, and we'll do all that is necessary to end their actions.
During the attacks of Charlie Hebdo, we had already expressed our determination to neutralize anyone who would attack our freedom.
We'll be doing the same now, because of the recents attacks.
We therefore ask you to gather and to defend these ideals.
Expect a total mobilization on our part.
This violence should not weaken us. It has to give us the strength to come together and fight tirrany and obscurantism together.

We are anonymous.
We are legion.
We do not forgive.
We do not forget.
 French Version

 
Transcript
Anonymous - OpISIS Retribution
Message d'anonymous suite aux Attentats du vendredi 13 novembre a Paris.
join #opiceisis #opParis
Nous sommes anonymous
Au lendemain du Vendredi 13 Novembre 2015, la France se reveille choquée par les événements terroristes ayant frappé sa capitale. Nous tenons tout d'abord à exprimer notre peine et notre solidarité avec les victimes, les blessés, et leurs familles.
Afin de défendre nos valeurs et notre liberté, nous traquerons les membres des groupes terroristes responsable de ces attaques, nous n'abandonnerons pas, nous ne pardonnerons pas et ferons tous ce qui est nécessaire pour mettre fin à leurs agissements. Lors des attentats de Charlie Hebdo, nous avions déja exprimé notre volonté de neutraliser quiconque voudrait s'attaquer à nos libertés fondamentales. Nous réitérons ici cette volonté à la suite de cette tragédie.
Nous faisons donc appel à vous, rassemblez-vous, mobilisez-vous et défendez ces idéaux. Attendez-vous à une mobilisation totale de notre part. Cette violence ne doit pas nous affaiblir, elle doit au contraire nous donner la force de nous rassembler et de nous battre pour lutter ensemble, contre la tyrannie et l'obscurantisme.

We are footballer
We are Musician
We are Anonymous
We do not forget
We do not forgive
we are légion
Expect us.

#op Black October by Anonymous Against Banking Sectors

Anonymous hackers have launched an operation dubbed as Operation Black October against the banking sector. This was announced through a YouTube video published on September 7 2015. By now the video has already been seen 89846 times. According to the video, the main objectives of this operation are to:
  • Take all the money out of bank accounts
  • Stop using credit/debit cards
  • Pay with cash only
  • Spread the campaign

Video

Seven Students Arrested For Hacking School Network


Seven students from Lake Norman High School in Iredell Statesville School System have been charged for hacking into the school's computer network. The incident took place on August 31, one of the students managed to crack the IT administrator's passwords. The student shared his findings with friends and continued to access several computers on the network for the next two days. These computers were operated by both students and teachers.
After discovering what happened, the school personnel notified the authorities. The students were arrested between September 24 and 25 and were charged with a minor misdemeanor for accessing computers without authorization.
The school stated that no grades, scores and information were modified.

Source:[Click Here!]

Beware of KFC Gift Voucher Whatsapp Scam

Recently one of my friends sent me a link on Whatsapp. Asking her what it was, she told me KFC was giving away Rs500 gift vouchers. Who wouldn't like to get such a gift?

Once I clicked on the link, I was directed on a page with the official KFC logo where I was asked to complete a 5 questions survey. Below are the screenshots of each page of the survey.


After completing the survey, I was asked to share this with 10 Whatsapp contacts. They even provided a share button for that and below it, a continue button. Clicking on the continue button, you are asked to provide an email address.  Once you enter your email, you would receive a series of emails containing unknown links to unknown websites.
Cybercriminal behind these types of scams usually earn money for each time a person complete the survey. We advise our readers to ignore the KFC Gift voucher, THIS IS SCAM. Below are  the links where i was directed.

http://monkey.see-monkey-do.com/redirect?target=http%3A%2F%2Fclmbtrk.com%2F%3Fa%3D18374%26c%3D86847%26p%3Dr%26s1%3D%26s2%3DwFDKUNADJ7QPH04NGLH5227A&ts=1442248111633&hash=VHtk6j%2F0GvvI93LRQ3Qz%2FmP7hnurLwHp1DyndQTlmh8%3D&rm=D

http://d.billyaffcontent.com/d/28835593aa4714877?sub=3684275969&sub2=18374
.

Stagefright Vulnerability Exposes 950 Million Android Devices

Mobile security firm Zimperium has identified a series of critical remote code execution vulnerabilities affecting the Android operating system. These vulnerabilities are related to the Android media playback engine Stagefright. The Stagefright vulnerabilities affect 95% of the devices running Android which represents around 950 million devices.

The attack is delivered to the owners of Android devices via simple multimedia text and once it is delivered, hackers are able to write code to the device and steal data from sections which are connected with Stagefright. Attackers can get access to audio, media files or photograph stored on SDcards. Adding to this, hackers can also operate the Android device remotely.

“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep,”

Google has already addressed the Stagefright vulnerabilities within 48 hours after they were notified but the firm believes that most manufacturers haven't yet taken reasonable steps to ensure if customer's data are safeguarded.

Source:[Zimperium Blog]

WordPress Fixes Cross-Site Scripting Vulnerability In Latest Release

WordPress releases a security update on 23rd July 2015 which fixes a cross-site scripting (XSS) vulnerability. Attackers can use this flaw to add JavaScript to affected sites and  use it in all possible way to infect users with malware or steal cookies.

The new release also contains fixes for 20 bugs and can be viewed [Here!]

We advise our readers to update their WordPress website as soon as possible.

Source:[Click Here!]


Mauritian President's Facebook Account Hacked

Mauritian President Ameenah Gurib-Fakim's Facebook account has recently been hacked. According to l'Express newspaper, the president is at the moment in New York and will report this to the cybercrime as soon as she is back to Mauritius. The said account has been deactivated and the cybercrime has already started their investigation.

Source: [L'Express Maurice]

600M+ Samsung Devices Vulnerable To Keyboard Security Risk

Mobile security researcher, Ryan Welton , from NowSecure identified a remote execution vulnerability in SwiftKey. This is a preinstalled Android apps that is found on most Samsung devices.
This vulnerability allows attacker to access sensors on the device, its camera, GPS, microphone, pictures and even text messages. Additionally, it allows attacker to install malicious apps without the user's permission, alter existing apps and listen to incoming and outgoing messages and voice call in real time.
The flaw was discovered last year and Samsung was notified in December 2014. NowSecure also notified CERT who assigned CVE-2015-2865. Google Android security team was also notified. Samsung started providing a patch to mobile network operators in early 2015 and its unknown whether the carriers provided the patch to the devices on their network.
A list of the most probable Samsung devices which may be vulnerable has been listed by NowSecure.

Source:[Click Here!]


LastPass Hacked, Change Your Master Password Now


The password management service LastPass has been hacked and users are advised to change their master passwords as soon as possible.
This was announced on June 15 2015 where they stated that they discovered and blocked the suspicious activity on Friday. LastPass also added that they are confident about their encryption measures,
"We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."

LastPass is also sending emails to all their users to all their users regarding the incident.One good news is that encrypted user data was not stolen and users do not have to change their passwords on sites stored in their LastPass vault.

Source: [Click Here!]


Arcabit Added To VirusTotal Antivirus Engine List

A new virus scanner was recently added on the list of VirusTotal,an online free malware scanner. Arcabit is a Polish antivirus solution that protects users from threats downloaded from the internet and via attachments. It also includes anti-spam, parental control, firewall, registry and system monitoring tools and a scanner for HTTP traffic.

 "Arcabit is a Polish vendor of the antivirus and protection software. Arcabit antivirus engine is the hybrid of two solutions - Bitdefender and its own, constantly developed  engine with rapid response to the new threats. Arcabit uses advanced cloud solutions to identify trends in malware development and to ensure an early response to new threats. The heuristic mechanisms implemented by Arcabit (identified as HEUR.*) offer the efficacy at the level of 99.9% in detecting threats spreading through popular Web channels - www, email etc."

Source: [VirusTotal]

Eruption Studio Mauritius Website Defacement Controversy


Recently, L'express.mu newspaper published about five Mauritian websites which were defaced. Among these, L'express newspaper listed eruption.mu website. Yesterday, 08/06/2015, the management of Eruption Studio published an announcement on their official Facebook fan page,as well as on their official website, stating that their website was never defaced.

We would like to add that, actually, two sub-domains of Eruption Studio's website were in fact defaced. The sub-domains are not accessible anymore but a mirror of how one of the webpage looked at the time of defacement has been provided. It was defaced on 2015-04-24 at 14:43:30.

Our friend, Ish Sookun, the linux expert, first published about the defacement of the Eruption Studio on his personal blog,where he provided a screenshot of http://erp.eruption.mu/postfixadmin at the time of defacement. After conduction a further search, we came across the other sub-domain defaced,which is http://film.eruption.mu/index.html.

L'express Newspaper Article [Click Here!]

Sub-Domains Defaced:
http://film.eruption.mu/index.html
http://erp.eruption.mu/postfixadmin
Mirror of Sub-Domain Defaced:
http://www.zone-h.org/mirror/id/24129221

 

Two Students Hacked School's Computer To Change Grades

Two students of San Dimas High School, California are accused of hacking school's computer network and modifying scores of up to ten students. Among the 'hackers', one is known for previous hacking in return of monetary . Both suspects,18, were arrested on Thursday for unauthorized computer access and fraud. Detail about how the student hacked into the system was now disclosed.

Source:[Click Here]

4 Million US Federal Employees Data Stolen By Hackers

The incident was discovered in April after the US Office of Personnel Management (OPM) implemented several security upgrades to its computer network.
The breach is considered as one of the biggest breach where data of federal employees is involved. The OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to federal personnel. All the impacted individuals will be notified of the incident via email and for those not having any email, it will be via postal mail for a duration starting from June 8 through June 19. Additional security measures were immediately implemented to protect the sensitive information that it manages.
More can be read from source :[Click Here!]

More Than 50 Vulnerabilities Discovered in D-Link NAS and NVR Devices

SEARCH-LAB, a security testing company based in Hungary discovered more than 50 vulnerabilities in network attached storage(NAS) and network video recorder(NVR) from D-Link.
A total of 53 vulnerabilities were identified in the latest firmware. Several of these vulnerabilities can be abused by attackers to execute code and get full control of a device.

The assessment was conducted on the following devices,
  • DNS-320, Revision A: 2.03, 13/05/2013
  • DNS-320L, 1.03b04, 11/11/2013
  • DNS-327L, 1.02, 02/07/2014
  • DNR-326, 1.40b03, 7/19/2013

The vulnerabilities discovered can also affect the following devices,
  • DNS-320B, 1,02b01, 23/04/2014
  • DNS-345, 1.03b06, 30/07/2014
  • DNS-325, 1.05b03, 30/12/2013
  • DNS-322L, 2.00b07

These issues were reported to D-Link, many of which were patched and there are still some which remain unfixed.
It is recommended that users apply patches where available and are recommended not to expose the web interface of the DNS and DNR devices to the internet.

Full specific details can be downloaded [Click Here!]

Source: [SEARCH-LAB]

Dropbox Launches Bug Bounty Program With HackerOne

To better protect user's information, Dropbox has launched its bug bounty program in partnership with HackerOne. Hackers reporting small vulnerabilities will receive $216.

"For now, the Dropbox, Carousel, and Mailbox iOS and Android applications; the Dropbox and Carousel web applications; the Dropbox desktop client as well as the Dropbox Core SDK are eligible for the bounty program. We may also reward for novel or particularly interesting bugs in other Dropbox applications."

There are a series of rules which security researchers will have to follow to be eligible for the rewards.
"You are responsible for complying with any applicable laws, and you should only use your own accounts or test accounts for reporting vulnerabilities.

To promote the discovery and reporting of vulnerabilities and increase user safety, we ask that you:
  •     Share the security issue with us in detail
  •     Give us a reasonable time to respond to the issue before making any information about it public.
  •     Not access or modify user data without permission of the account owner.
  •     Act in good faith not to degrade the performance of our services (including denial of service)."

More can be read from HackerOne Post concerning the program and the rules [Click Here!]
Source:[Dropbox Blog]

45 Security Issues Fixed In Chrome 42

Chrome 42 is available since Tuesday for Windows, Mac and Linux. A total of 45 security flaws were addressed in this version. The security researcher who identified most serious vulnerability, a cross-origin bypass flaw in HTML parser (CVE-2015-1235) was paid $7,500.

List of all vulnerabilities fixed goes as follows,
  • High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
  • Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
  • High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
  • High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
  • Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
  • Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems.
  • High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
  • Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
  • Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
  • Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
  • Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
  • Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).

We advise our readers to update their Chrome to the latest version.

Source:[Google Blog]

22 Vulnerabilities Fixed in Flash Player 17.0.0.169

The new version of Flash Player released fixes 22 vulnerabilities, among which, a memory corruption flaw which is being leveraged in the wild. Mostly all the bugs repaired had memory corruption problems. These bugs, if successfully exploited, could allow attacker to execute codes on affected machines.
The new version of Flash Player released fixes 22 vulnerabilities, among which, a memory corruption flaw. Mostly all the bugs repaired had memory corruption problems. These bugs, if successfully exploited, could allow attacker to execute codes on affected machines.

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-0356).
  • These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
  • These updates resolve double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
  • These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040). 
  • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3044).


We advise our readers to update their Flash Player. The new release is available for all platforms.

Source:[Adobe Security Bulletin]

Hacker Leaks Nude Photos of Kelly Brook

After being victim of the iCloud hacks last year, Kelly Brook has once again been targeted by hackers. 24 private images of the American actress have been leaked online.
Responding to the leaked images last year, the actress tweeted, "The only nude photos you’ll ever see of me are the ones that I "Leak" and the ones that my head are superimposed on!"
She hasn't yet responded to the new leaks.

Source:[Click Here!]

Visitors

Free counters!

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !