Thursday, 25 May 2017

Android warning: Newly-discovered Android exploit" Cloak & Dagger" that can show users a fake screen

The discovery was made by researchers at Georgia Institute of Technology (Georgia Tech), who has tested the vulnerability in closed environments.

How to Avoid that Attack 
The exploit depends primarily on Android’s SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”) to draw interactive elements over real apps.

The first permission, known as "draw on top," is a legitimate overlay feature that allows apps to overlap on a device's screen and top of other apps(Settings>Apps>”Gear symbol”>Special access>Draw over other apps)

1.  New attack found to start with Android users downloading infected apps
2.Hackers overlay screen with false information to gather data without being seen
3.They are able to do this by combining permissions for two certain features 
4.Features involved are very useful in mapping, chat or password manager apps

The two features involved are very useful in mapping, chat or password manager apps, so preventing their misuse will require users to trade convenience for security. 
The attack, dubbed 'Cloak and Dagger', enables cyberthieves to control handsets by overlaying the interface with false information to hide malicious activities being performed underneath

                                                                          @@@Hackerinfoindia@@@

Wednesday, 17 May 2017

North Korea Possibly Behind Ransomware Attacks|| WannaCry


Considered the world’s biggest ransomware attack to date, WannaCry went on rampage over the weekend, hitting targets in 150 countries and infecting over 230,000 computers at its peak. The spread slowed down on Monday, but not before new malware variations emerged.
The ransomware’s weak point was a hardcoded domain used for sandbox evasion, which also served as a kill-switch: once the domain was registered, the malware no longer infected new machines.

"An earlier WannaCry ransomware sample shows code similarities with malware used by a North Korea-linked hacking group responsible for multiple financial and destructive attacks, security researchers say."

Symantec, on the other hand, was also able to pinpoint exactly the Lazarus tools the older WannaCry samples share similarities with. “This SSL implementation uses a specific sequence of 75 ciphers which to date have only been seen across Lazarus tools (including Contopee and Brambul) and WannaCry variants,” the company said.

Last year, Symantec linked the Banswift Trojan that was used in the Bangladesh attack to manipulate SWIFT transactions with early variants of Contopee, which was already known to be used by attackers associated with Lazarus. In their report on Op Blockbuster, BAE Systems also suggested the Bangladesh heist and the 2014 Sony attack were linked.


“Symantec identified the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry. These earlier variants of WannaCry did not have the ability to spread via SMB. The Lazarus tools could potentially have been used as method of propagating WannaCry, but this is unconfirmed,” the security firm continues.

Tuesday, 16 May 2017

How to secure personal PC or Laptop


Problem:Virus, Trojan, Worm                                            
Solution :Use Antivirus (McAFee , Norton , etc)

Problem :Malwares (spyware+ adwares)                            
Solution: Use Anti malware's:                                                                              
1.MalwareBytes' Anti-Malware
2.Adware
3.Combofix
4.Secunia psi

Problem :Remote Hacking                                                
Solution:Use Zone alarm firewall

Problem :Date & Information thief                                    
Solution :Use best crypt software (jetico)

Problem :Email Hacking          
Solution: Use own System and use password manger.

Problem :Password Hacking                                              
Solution: Use password manger and use virtual keyboard

Problem :Untrusted file                                                    
Solution:  First scan online www.virustotal.com

Problem :Sniffing                                                                
Solution:Use anti-arp software for arp and dns spoofing.