Jump to content
Sgcarmart Trusted Brand Showcase - Jack Cars at Katong i12 from 22 to 28 Apr 2024 ×

Cyber threats and Malware are REAL THREATS!

Darthrevan

By Darthrevan,
in Lite & EZ

 Share

Recommended Posts

RadX

RadX

Moderator

eh ello...u zz ah got thread on dis ledy


haiz, after EYS, KBOX...

 

now Mothership.sg website kena taken over :(

 

merged here

↡ Advertisement
Link to post
Share on other sites
RadX

RadX

Moderator

Sorry boss I ran a search and this didnt come out

 

 

no prob///this was a tough one....I'll change the title

Link to post
Share on other sites
zipping

zipping

Supersonic

http://www.hardwarezone.com.sg/tech-news-psa-blueborne-exploit-all-mobile-device-users-need-be-wary-about

 

 

blueborne-hwz.jpg

Researchers from security firm Armis have discovered an attack that uses Bluetooth to hack a wide range of devices on almost every platform. These include Android, Linux, and Windows machines that haven’t applied the patch issued in July.

Dubbed BlueBorne by the researchers, the attack can compromise any device with Bluetooth on without requiring the user to click on any links, connect to any device, or take any action other than to leave Bluetooth on. Apparently the exploit process is very fast too, requiring only 10 seconds to complete. And it works even if your device is already paired to another Bluetooth device.

"Just by having Bluetooth on, we can get malicious code on your device," Nadir Izrael, CTO and cofounder of security firm Armis, told Ars Technica. "BlueBorne abuses the fact that when Bluetooth is on, all of these devices are always listening for connections."

As mentioned above, Microsoft has already issued a patch for the vulnerabilities for Windows machines. According to Ars, a Microsoft representative said Windows Phone was never vulnerable. Google, meanwhile, provided a patch last month to device manufacturers. It plans to make the patch available for users of the Pixel XL and other Google-branded phones, but it may take weeks before over-the-air fixes are available to users. Izrael said he expects Linux to release a fix soon. Apple's iOS prior to version 10 was also vulnerable.

 

Android and Linux based machines most at risk, because the Bluetooth implementations in both operating systems are vulnerable to memory corruption exploits that let a hacker execute virtually any code. The Bluetooth functionality in both OSes also run with high system privileges, so the resulting infection is able to gain access to sensitive system resources and survive multiple reboots.

It doesn’t help that most Linux devices don’t use address space layout randomization to prevent buffer overflow exploits. Android devices do, but a separate vulnerability in the Android Bluetooth implementation leaks information about where key processes are running, which can then be exploited.

Against unpatched Windows machines, Armis researchers were able to intercept network traffic to and from Windows computers and modify that data at will. Meaning, attackers could use BlueBorne to bypass firewalls and gather sensitive data or tamper with it while it’s in transit. The Android implementation is vulnerable to the same attack.

The videos below demonstrate attacks on the various platforms.

 

 

 

 

 

 

Source: Ars TechnicaArmis

 

  • Praise 4
Link to post
Share on other sites
Wt_know

Wt_know

Supersonic
(edited)

anything that is able to connect and transmit data is susceptible to "hacking"

 

the next big thing of hacking is IoT and Cars

Edited by Wt_know
  • Praise 1
Link to post
Share on other sites
Blueray

Blueray

Hypersonic

All coe car :grin:

Some look like CGI car to me actually.

 

Anyway I am a slow adopter of new technologies. Don't even use lam geh. Handsfree still poke in type.

Link to post
Share on other sites
ins1dious

ins1dious

Turbocharged
(edited)

The malware packaged together with CCleaner that was downloaded by ~2.5m customers last month has been widely reported.

 

While the malware at first seemed innocuous... now reports say the initial file was only a 1st stage which packaged a more insidious and persistent backdoor... it's purpose seemed to be to see which domains have downloaded the malware, who has admin rights, etc.

 

Now with the 2nd stage... it looks like the malware has opened a backdoor... and about 40 companies have received further payload from the hackers... and Singtel is one of those companies.

 

Researchers are also saying the file is packing a 3rd stage but that one only writes to memory and not to disk so no effing idea what it does

 

post-46412-0-85609300-1506437668.jpg

post-46412-0-34741000-1506437678.jpg

Edited by ins1dious
  • Praise 2
Link to post
Share on other sites
Pocus

Pocus

Turbocharged
(edited)
While Malware attacks becomes more sophisticated and anti-virus scanner becomes more powerful, cyberattacks are evolving and become harder and harder to detect.
We must also not forget about cyberattacks via "Social Engineering".
 
Think "I kidnapped your son, give me money" but in cyberspace.

Phase 1
HR received a candidate responding to a job offering. He sends an email/register online to apply for the job and attached his resume. HR opens the word document, it's legit and forwards it to another HR in-charge of calling the candidate. unknown to them, a zero-day malware was injected into their laptops. zero-day malware are so new even Anti-Virus and scanner with latest updates cannot detect them.
 
The malware attached itself to memory in disguise of a legit windows process "svchost.exe: DHCP client". No physical trace of the malware can be found. It acts as only a key logger. It logs the keys entered from the laptop by the HR including their IDs and passwords. with these info, the key logger sends disguise packets out to the internet to the hacker to take the next step.
 
Phase 2
2 weeks later, the Hacker found an windows vulnerability in outlook webmail of the same company. This vulnerability is supposed to be fixed from a Microsoft hotfix, but the sys Admin planned it in the next maintenance downtime so it's exposed at the moment.
 
The hacker, with knowledge of the info from phase 1, managed to exploit the vulnerability and login to the outlook account as the HR, with the exploit there is no records of it action. The hacker retrieve an email about a HR system upgrade. The email contain the meeting minutes word document and all the email addresses of colleagues from HR and IT dept.
 
Phase 3
The hacker created a more destructive malware and hid it into the meeting minutes. Making some fake amendments in the document. He sends the email to all the recipent, citing an amendment, and spoofing his own email as a disguise.
 
In Outlook, the sender is Linda Fu<linda (a) abc.com> but he spoof it as Linda Fu<linda (a) achack.com>, he also include Linda Fu in BCC to reduce suspicion. When all the staff open the email, They see the name as Linda Fu. The contents of the email is legit with all correspondence, the attached is legit but hidden with a malware.
 
unknown to all, the doc was opened and the malware starts to spread. This malware exploit some OS vulnerability to send files back to the hacker, whats worst is, a IT dept recipent opened the email while he is linked up one of the servers in the datacenter via remote desktop. The Malware did port scanning and created a new port to allow the hacker to exploit the laptops which in turn can connect to the server, from there it's up to your imagination what damage he can do... (Think HBO hacks and the Sony Entertainment leaks...or something with more monetary loss: Bangladeshi Central 90million Bank Heist)

All this scenario may sound farfetched, but it can happen.
Edited by Pocus
  • Praise 3
Link to post
Share on other sites
Theoldjaffa

Theoldjaffa

Hypersonic

The malware packaged together with CCleaner that was downloaded by ~2.5m customers last month has been widely reported.

 

While the malware at first seemed innocuous... now reports say the initial file was only a 1st stage which packaged a more insidious and persistent backdoor... it's purpose seemed to be to see which domains have downloaded the malware, who has admin rights, etc.

 

Now with the 2nd stage... it looks like the malware has opened a backdoor... and about 40 companies have received further payload from the hackers... and Singtel is one of those companies.

 

Researchers are also saying the file is packing a 3rd stage but that one only writes to memory and not to disk so no effing idea what it does

 

ð¨

You mean ccleaner has malware intentionally included?

 

Damn.. I'm using it now leh.

Link to post
Share on other sites
ins1dious

ins1dious

Turbocharged
(edited)

You mean ccleaner has malware intentionally included?

 

Damn.. I'm using it now leh.

 

Yes... Avast bought the company Piriform that used to make CCleaner about 2 months ago... two weeks after that... an update was pushed using Avast own servers purporting to be an update of CCleaner... and this was downloaded by about 2.5m people.

 

But this turned out to be malware and Avast is saying... you can't just uninstall... no cleaning tool seems to be able to remove it... you have to clean format and install Windows.

 

Only bright spot may be that this only affects the 32-bit version of the CCleaner.

Simi si ccleaner?

 

It's a very nice tool... used to be the 2nd software I'd install (after Chrome

Edited by ins1dious
  • Praise 1
Link to post
Share on other sites
Mustank

Mustank

Hypersonic

Yes... Avast bought the company Piriform that used to make CCleaner about 2 months ago... two weeks after that... an update was pushed using Avast own servers purporting to be an update of CCleaner... and this was downloaded by about 2.5m people.

 

But this turned out to be malware and Avast is saying... you can't just uninstall... no cleaning tool seems to be able to remove it... you have to clean format and install Windows.

 

Only bright spot may be that this only affects the 32-bit version of the CCleaner.

 

 

It's a very nice tool... used to be the 2nd software I'd install (after Chrome ð) when I used to use Windows computers.

 

CCleaner can remove cruft from the registry, fix installers/uninstallers that have corrupted, etc.

I see I see

With ssd, my computer start up so fast that I haven't even sit down, computer ready Liao [crazy]

Link to post
Share on other sites
zipping

zipping

Supersonic

http://www.hardwarezone.com.sg/tech-news-if-you-had-yahoo-account-2013-then-you-ve-been-hacked

 

 

If you had a Yahoo account in 2013 then you’ve been hacked
alvinsoon.jpg By Alvin Soon - on 4 Oct 2017, 11:02am

yahooemail.jpg

Last December, Yahoo announced that it’d found a breach of data in August of 2013 of more than 1 billion user accounts. Today, it’s updated that number to all 3 billion user accounts.

That’s right, if you owned a Yahoo email account in August 2013, consider yourself hacked.

 

Yahoo says that the hack exposed user account information; which means names, email addresses, hashed passwords, birthdays, phone numbers, and unencrypted security questions and answers. Fortunately, the hack did not include passwords in clear text, neither did it include bank or credit card information.

This is the most severe Yahoo breach, but it is not the only one. 500 million accounts were breached in late 2014, and earlier this year, Yahoo warned that some users may have had their accounts hacked as early as 2016.

We have a detailed security guide for what to do if you have a Yahoo account to contain your personal damage. If you have a Yahoo account, we highly recommend you check it out.

 

↡ Advertisement
  • Praise 2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...