•  الآن مع كتابات اجمل التصاميم لكروت العمل ..مجاناً..كن مميز في عملك ...كتابات ديزاين طريقك للنجاح
  •   كن مميز برقي كرت العمل الخاص بك ...أناقة التصميم و روعة الالوان
  •   صمم اعلاناتك بنفسك بدون وسيط او مكتب دعاية واعلان
  •    اشترك في قناة كتابات وتابعنا بكل جديد ومفيد
  • دورة لتعلم الصفوف الافتراضية بلاك بورد من الألف إلى الياء

0 Has TeamViewer Been Hacked?

الأحد، 12 يونيو، 2016 التسميات:


Has TeamViewer Been Hacked?


Over the last month there have been numerous TeamViewer users reporting unauthorized access into their computers that resulted in financial loss and stolen credentials. TeamViewer is a software package used by both personal and enterprise users for remote control, desktop sharing, file transfers and more. TeamViewer also uses end-to-end encryption to prevent a number of different potential attack vectors such as Man in The Middle (MITM) and brute-force attacks.
These reports of drained PayPal accounts and stolen credentials have mainly been found on Reddit, but have also been seen on a number of other sites dating back to May 1, 2016. Most of the attention drawn to TeamViewer came on June 1st at around 1pm EST when TeamViewer sustained a 3-hour long denial of service attack aimed at their DNS infrastructure. It should also be noted that earlier in the day an unknown user had posted TeamViewer’s DNS information on pastebin.
Shortly after the outage, TeamViewer issued a statement about the attack and unauthorized connections:
“TeamViewer experienced a service outage on Wednesday, June 1, 2016. The outage was caused by a denial-of-service attack (DoS) aimed at the TeamViewer DNS-Server infrastructure. TeamViewer immediately responded to fix the issue to bring all services back up.”
At the time of the outage, users began going to Reddit to see if there were any updates or information about the cause. Most users ended up here, where several TeamViewer users shared their stories of compromise and event logs proving their devices were compromised.


User Comments

June 1st 2016 – Reddit – I then checked my logs at C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log and sure enough, it shows someone connected to my computer at 2:58 am, right before the paypal purchases/transfers
May 24th 2016 – Tim Oliver’s Blog – Someone had actually logged into my TeamViewer from Russia, and FOR THE BRIEFEST OF MOMENTS had direct control of my NUC!
May 17th 2016 – Reddit – I opened the TeamViewer .log file and saw two different[1][2] teamviewer ID with two different IP (one from China and the other one from Japan, the one from China belongs to a small company, a China VPS provider (http://runidc.com/) [3], the one from japan seems to be a free Wi-fi Hotspot)
May 1st 2016 – TeamViewer Forums – on May 1st 2016 (at 13:04 GMT+3, Bucharest, Romania) someone hack intro my PC from TeamViewer and stole all my passwords from browsers (IE, Firefox, Chrome, Opera) with a little software fromhttp://www.nirsoft.net/utils/web_browser_password.html called WebBrowserPassView.

Ongoing Campaig

After further research, it was discovered that this has been a persistent problem for the last month. TeamViewer even issued a press release on May 23rd stating that:
TeamViewer is appalled by any criminal activity; however, the source of the problem, according to our research, is careless use, not a potential security breach on TeamViewer’s side. Therefore, TeamViewer underscores the following aspects:
1. Neither was TeamViewer hacked nor is there a security hole
2. TeamViewer is safe to use and has proper security measures in place
3. Our evidence points to careless use as the cause of the reported issue
4. A few easy steps will help prevent potential abuse
Many people have been quick to fault TeamViewer, but are they really at fault? If TeamViewer had been breached, we would be seeing a different set of data points and accounts breached on a much larger scale. This clearly indicated that the issue is client-side, and there are a number of theories to support this idea. The first surrounds the recent database leaks on The Real Deal, a darknet market. Vendor, Peace of Mind has been selling a number of leaked databases with a total of over 100 million credentials. Sites like LinkedIn, Tumblr and Myspace have all been implicated. One of the popular ideas is that the attackers are using leaked credentials to gain access to other digital platforms due to password and username reuse. While this is possible, we have seen other evidence to suggest this is all a result of a malware campaign targeting the client-side application of TeamViewer.

Back Door Team Viewer.49

Recently, it was reported by Dr. Web that BackDoor.TeamViewer.49 was:
“A Trojan for Microsoft Windows that is spread by Trojan.MulDrop6.39120. The Trojan’s main payload is incorporated into the avicap32.dll library. Trojan.MulDrop6.39120 runs TeamViewer that automatically loads the library to the computer’s memory. All lines, imports, and functions of TeamViewer’s process are actively implemented by this malicious library. The most critical parts of the Trojan’s code are encrypted with base64 and RC4.”
TeamViewer also issued a statement about BackDoor.TeamViewer.49, saying:
“The real issue seems to be the installation of a malware program via the installation over a manipulated Adobe Flash player update. With the installation of the malware program, TeamViewer will be installed on the remote side. Resuming, the current situation unfolds as follows: The aforementioned malware is spread via another malware named Trojan.MulDrop6.39120 which is a forged update of Adobe Flash Player.”
“The executable file of Trojan.MulDrop6.39120 installs the player on Windows. Meanwhile, it covertly saves TeamViewer, BackDoor.TeamViewer.49, and a necessary configuration file on the disc. During the installation, a legitimate installer window of Flash Player is displayed. When users install this malicious Flash Player update, they get a legitimate Flash version, but also the Trojan.MulDrop6 Trojan, which secretly installs TeamViewer on the victim’s computer.”
BackDoor.TeamViewer.49 runs parallel with the current attacks, but some things just don’t match up. What has most likely happened is we are currently seeing the introduction of a new exploit kit that is leveraging a vulnerability to gain access to devices with TeamViewer installed on them. Once the attacker gains access to the device, they run a program that retrieves and recovers passwords that are stored in browsers with tools like ChromePass and WebBroswerPassView. Once the attacker has the list of stored passwords, they quickly exfiltrate the file and begin accessing PayPal and Ebay accounts in an attempt to purchase gift cards and other turn-and-burn items that they can quickly resell.


Figure: ChromePass


Figure: WebBrowserPassView



Recommendations


One common thread seen with these attacks is that the attackers are motivated by profit at your expense. They are using very basic attack methods to target low-hanging fruit. TeamViewer has provided these recommendations inside of their press release:
TeamViewer strongly recommends:
• Users should avoid all affiliate or adware bundles: While users may think they are just downloading a harmless program, the software could in fact install something else.
• Users ought to download TeamViewer only through the official TeamViewer channels such as the TeamViewer website https://www.teamviewer.com
• Users should protect any user account – whether it is with TeamViewer or any another supplier – by using unique and secure passwords that are frequently changed.
• Users should ensure they have reliable anti-malware and security solutions in place at all times.
It’s also suggested that every user, no matter what the service you use, create a different password for each account. In addition to this you should also use a strong, complex password and change them often. Never store your passwords in your browser. Users should also use 2-factor authentication when possible. To check to see if your service offers two-factor authentication visithttps://twofactorauth.org/



تابع القراءة

0 Here are the specifc ways the 2016 Republicanl Convetio (RNC) and Democratic National Convention (DNC) will be Cyber-Attacked

التسميات:

Here are the specifc ways the 2016 Republicanl Convetio (RNC) and Democratic National Convention (DNC) will  be Cyber-Attacked





Major Attack Type: Denial of Service Attacks


Denial of Service (DoS) attacks have grown each and every year since 2010. Moreover, the lessons of what are the most successful attacks and the reduction of cost and skill needed to execute these attacks have both dramatically been reduced. Today, for $6 one can rent an Amazon Web Service-based “Booter” to attack any foe at a moment’s notice. In fact, one can enlist the support of hundreds or thousands of infected ‘bots’ including the Internet of Things (IoT) when theoretically almost anything internet-connected can be directed.



As we saw in previous campaigns against elections and political campaigns in the Philippines, Bulgaria, Ukraine, the Russian Federation, and nearly every free election throughout the world, these DoS attacks will be large and focused. In fact, today’s technology allows for supreme bursts and intense focus. I am reminded of the biggest solar power plant on earth that directs the sun’s energy through a massive array of mirrors. These reflect the sun’s energy to a focal point and the rise in heat manages 
to power an electric plant, which boils water to make electricity.




So, in the end, what will these volume attacks look like? Here’s a quick checklist of the techniques which will need to be defended from with volume-based attacks:


Mostly-Networ Based Volume Attacks Along with Some Popular Tools to Generate


CategoryAttack TypeKnown ToolsTargeting
TCP FloodClassic SYN FloodBonesi
Cythosia bot
Dirtjumper
Hping
Metasploit
Nmap
Nping
Pitbullbot
Scapy
T50
TCP/IP Stack,
Stateful devices
3-Way-handshake FloodCurl
Netcat
Nmap
Nping
Nping
Scapy
Telnet
Wget
Zemra bot(port 80)
TCP Out-of-State FloodFIN FloodHping
Nping
Scapy
T50
RST Flood
ACK FloodInternet pipe
TCP/IP Stack
Stateful devices
PUSH Flood
UDP FloodUDP Garbage FloodAnonymousattackerpackage
Bonesi
Cythosia bot
Hping
Loic
Nping
Pitbullbot
Scapy
T50
DNSDNS Query FloodDig
Metasploit
Nslookup
Scapy
DNS Server
DNS Recursive FloodDig
Nslookup
Scapy
DNS Reflective FloodNmap
Nping
Scapy
DNS Servers
Internet pipe
Stateful devices
DNS Garbage FloodDig
Nslookup
Scapy
Internet pipe
Stateful devices
Reflection FloodNTP Reflection FloodNmap
Ntpdc
Scapy
Pipe Saturation
Stateful devices
SMURF attackScapy
Smurf.c
CHARGEN Reflective FloodScapy
SNMP Reflection FloodScapy
Snmpbulkwalk
Packet AnomalyXMAS TreeHping
Nmap
Scapy
T50
TCP/IP stacks
OtherICMP FloodBonesi
Darkness (aka optima)
Hping
Nping
Scapy
Rsmurf6
T50
Servers
Stateful devices
Internet pipe
IGMP FloodHping
T50
Servers
Stateful devices
Internet pipe
Routers
SMTP FloodNetcat
Scapy
Telnet
Wget
SMTP Servers
IP fragmented FloodNmap
Pitbullbot
Scapy
TCP/IP stacks



Application-Layer Cyber Attacks

However, these large volume attacks will not characterize all of the attacks which the RNC and DNC Convention will need to fend off. We know from other major world events such as the World Cup, the Olympics, and SuperBowl that the application-stack will be heinously attacked.
So, application-layer attacks can come in two broad forms – one is against the confidentiality and integrity of the application(s) servicing the convention itself such as the broadcast applications, the websites leveraged to carry and transmit what is being accomplished, and the myriad of IoT being leveraged to bring the convention to the masses. Also, each of these applications can also be DoS-attacked, however many of the techniques are varied from the network level illustrated above.
So, let’s take a look at just a few of the major application level attack techniques which can render an application vulnerable to loss of data, integrity or availability:


Within the Denial-of-Service category itself, application-level threats have a dizzying array of techniques which can render a service or application slow, unresponsive, erratic, or ultimately completely down.
The following is a list of specific attack techniques which have been witnessed at major world events over the past two years:


CategoryAttack TypeKnown ToolsTargeting
HTTPGET /#Refref
Athena
Bonesi
Curl
Cythosia bot
Darkness (aka optima)
Dirtjumper
Dos-pro
Hoic
Hulk
Hydra
Itsoknoproblembro
Loic
Mobile loic
Netcat
Pitbullbot
Scapy
Siege
Wget
Xerxes
Web server
Stateful devices
HTTP Request Flood
Search Engine FloodCurl
Metasploit
Scapy
Siege
Wget
Web server
SQL Server
Large file Download floodCurl
Scapy
Siege
Wget
Web server
Internet pipe
HTTP Garbage FloodCurl
Loic
Scapy
Siege
Wget
Zemra bot
Internet pipe
TCP/IP Stack
Stateful devices
POST FloodAthena
Curl
Scapy
Siege
Wget
Slow HTTP PostAthena
Httpbog
Metasploit
R.u.d.y.
Scapy
Slowhttptest
Web servers
TCP/IP Stack
Stateful devices
Incomplete HTTP RequestAssassindos
Curl
Netcat
Pyloris
Scapy
Slowloris
Telnet
Wget
Apache Web Servers
Head/PUT/Delete FloodCurl
Netcat
Scapy
Telnet
Wget
Web Servers
Apache KillerApache killerApache web servers
HTTPSSSL RenegotiationThc-ssl-dosWeb servers
SSL Terminators
SSL Request FloodDirtjumper
Itsoknoproblembro
Web servers

HeartbleedCheck-ssl-heartbleed.pl
Crowdstrike
Hb-test.py
Metasploit
Nessus
Nmap
TCP attacksTCP Window SizeNping
Scapy
Sockstress
T50
TCP Stack
Connection Flood
Small window stress
Req fin pause stress
Activate reno pressure stress



Who will be attacked? In a nutshell, Sponsors Broadcasters/Service Providers, Law-Enforcement, Contractors and show Organizer


It is one thing to suggest that the technical attacks will be largely in the form illustrated above and either rented via Booter-services or conducted manually through some the popular tools listed above.
However, it’s another item to know who to protect. Attached below are some thoughts on who needs to button-down the hatches:
– Sponsors: Yes, all advertisers and individuals who have paid money or otherwise promoted the show should consider themselves forewarned. We know that from the Olympics and World Cup that show-advertisers – including those who simply advertise during the commercial breaks – will be considered viable targets. Also, groups who have thrown their support behind the convention, such as the National Rifle Association and others, should strengthen their defenses.
– Broadcasters / Service Providers: This is a very broad category and will include news outlets, managed IT service providers, domain name resolution (DNS) services, telecommunication providers and others who enable the transits of the messages
– Contractors: These are widespread and numerous and include everything from the internet Domain Name (DNS) Resolution Services, to transportation, to the HVAC services which are contracted (after all, the HVAC contractor is how the massive Target data breach first occurred)
– Law Enforcement: We know from numerous Group Anonymous attacks throughout the world that the local, state and federal police are not immune to cyber-attacks including personal data leaks and exposures of individual officers. They can also organize a fairly large protest with ease.
– Show Organizers: Perhaps the most obvious, but somehow appears to be among some of the least intellectually protected – this includes all of the individual candidates themselves, the various Republican Party groups from local, state and federal and all Political Action Committees.


The Convetion is a big Wi-Fi station – This infrastructure is Subject to Physical Cyber-Attack!


If you recall, the Super Bowl this past year was held at Levi’s Stadium in the San Jose/San Francisco Greater region. Levi’s Stadium is one of the most technologically advanced stadiums ever built and will be similar to what will need to be accomplished at the RNC and DNC to accomplish the goals of the convention. For example, The RNC will be held at the Quicken Loans Arena in Cleveland. This stadium features 461 antennas, 235 DAS and 230 Wi-Fi access points, that provide access to those attending events inside the stadium. The DAS system is built be Verizon Wireless and provides 4G LTE speeds. The DNC will be held at the Wells Fargo Center in Philadelphia. This stadium features 3501 Wi-Fi access point and 700 Bluetooth beacons. The system is powered by Cisco’s latest generation, Cisco connected stadium solution, that provides users with a 1Gbps connection.
When Levi’s Stadium hosted Super Bowl 50, it brought a new approach to the overall game experience by offering fans network connectivity via Wi-Fi, Bluetooth, and a number of other digital services. We see this also occurring at the conventions and, like the stadiums, the more connected stadiums become, the more risks they create. Such a concentration of mobile users could entice hackers looking to steal data from high-profile celebrities, politicians, and others at the game. It could allow someone to commandeer the stadium’s TV screens. It could allow a hacker to enslave thousands of unsuspecting mobile users with no more than a pocket’s worth of technology.

Summary

We now know through numerous external analysis and documented evidence that the political sector is vulnerable to cyber attacks. How long will it be before the terror strikes will evolve in the political arena, like they did around the world, to the cyber front? Should you have responsibility for any aspect of these areas, please don’t be a bystander and be proactive about on-boarding controls and bringing security to our democratic process. Given the threat landscape evolution and importance of newsroom fidelity and political candidate sanctity, this is an area where, unfortunately, the government’s ability to assist is not yet fully realized and can’t be relied upon. There is no real equivalent to the Secret Service in the digital realm, whose role would be equivalent to the Physical Secret Service in numerous ways.
As cyber attacks against political leaders, institutions, and others grow, the national conventions need to develop their own private “Digital Secret Service” which would stand guard against the hacktivists and others increasingly attacking the fidelity and trustworthiness of our democratic governments.


تابع القراءة

0 How Mark Zuckerberg's Linkedin , Twitter and Pinterest Accounts Were Compromised

التسميات:

How  Mark Zuckerberg's  Linkedin , Twitter and Pinterest Accounts Were Compromised



It didn’t take long for a big name celebrity to be compromised in one of the recent data dumps due to password reuse. I never thought it would be the man that runs the biggest online social network in the world. Mark Zuckerberg had his personal accounts compromised via the LinkedIn leak that was sold on the Darknet marketplace, The Real Deal, by a vendor named Peace of Mind.
Mark Zuckerberg’s information was found in the LinkedIn leak by a group of hackers from Saudi Arabia called OurMine. To make things worse, Zuckerberg’s password was not only weak but it was also reused across a number of platforms. In the end, Mr. Zuckerberg had his Twitter and Pinterest accounts compromised. The password in question was ‘dadada’. Ouch. You would have assumed that someone like Mark Zuckerberg would have been a little more careful when it came to securing his personal accounts. But have no fear Facebook users, even Facebook doesn’t find ‘dadada’ as an acceptable password.


Considering the number of leaks that have occurred over the last few weeks, I figured this would be a good time to revisit password hygiene.
First, when you are creating a new account, try not to use the same username and password over and over again. This is a bad habit. If you use a separate username and password for each account, you will dramatically reduce your risk of having multiple accounts hijacked at once due to credential reuse. Another important thing to consider when creating a secure password is where you will store it. It’s difficult to remember multiple usernames and passwords, so I would suggest using a password manager like 1Password or LastPass to manage all of your accounts. I would also recommend that you change these passwords every 60-90 days.
While browsing, make sure the site is encrypted and look for “HTTPS” before entering your information. Never let your browser store your information. Attackers can use tools like ChromePass and WebBroswerPassView to extract stored data and access your accounts. If your site offers two step authentication (2FA), I suggest that you enable this feature. For a list of services that offer 2FA visit:



Below are a few general guidelines on how to create a secure password. When creating one, aim for a minimum password length of 14 characters.
Passwords should contain all of the following:
• lower case letters (i.e. a-z)
• upper case letters (i.e. A-Z)
• numbers (i.e. 0-9)
• special characters (e.g. )(*&^%$#@!)
Do not:
• use personal information
• use common words found in a dictionary
• use repeating characters
• use default passwords
Exercise caution when using Open Authorization, OAuth, for application logins. Some services require you to log in to their service with a Facebook account, like Tinder, but other services like Feedly give you an option. When given the option, avoid the OAuth login to prevent cross-contamination on multiple accounts.
One of the common arguments I hear from users when I recommend that they change their password habits is their accounts do not contain anything personal, like bank statements or account numbers. For the most part they are correct, but to a hacker there is more to harvest. For example, under Twitter settings you can find the IP login history under the tab “Your Twitter Data”. This information can be leveraged to discover more information about your location. If you have your cell phone number attached to the account, they can also see this and use it against you. Every data point counts for a hacker, and the idea is to prevent them from gathering information about you. You should practice secure password hygiene to prevent the attacker from pivoting to another account.

تابع القراءة
 
كتابات فيسبوكية © 2012 | كتابات ديزاين : للدعاية والاعلان | Development by Ketaabaat Design | Blogger Template by رائد ابوكحيل