More
Home Blog Page 311

Hackers Are Offering $23,000 To Apple Employees For Their Login Details

By
Sabarinath
-

Apple employees are getting big offers from hackers for revealing their login details to break into Apple’s systems. According to someone that works for the company in Ireland said that hackers are willing to pay thousands of euros to Apple employees willing to sell their login details.

Also Read : Newly Discovered iPhone Vulnerability Can Bypass Your Lockscreen Code

LogBook : Hackers Ready to Pay Apple Employees for their Logins

According to Business Insider, someone working for Apple in Ireland said that hackers have offered €20,000 or approximately $23,000, to Apple employees willing to sell their login details.

“You’d be surprised how many people get on to us, just random Apple employees,” the source told Business Insider. “You get emails offering you thousands [of euros] to get a password to get access to Apple.I could sell my Apple ID login information online for €20,000 (£15,000 / $23,000) tomorrow. That’s how much people are trying.”

And another former employee of Apple confirmed that hackers did contact staff, offering them money in exchange for access to login details or other sensitive information.

Also Read : Apple Hit with Lawsuit Over iOS 9 Performance on Older iPhones

And he also said that hackers typically target newer employees.

“They look for someone who has jumped diagonally into a junior managerial position, so not a lifer working their way up, and not a lifer who has been there a long time,” the source told Business Insider.

Apparently, Apple has launched an internal program to combat this problem. The project is called “Grown Your Own” but it’s not immediately clear what exactly the code name refers to.

It’s now unclear what the hackers are after it could be any number of things — like access to individual Apple user accounts, the company’s extremely valuable intellectual property, or internal corporate strategy information, the report notes.

The source said Apple is “very, very careful” in terms of security, adding that it’s exceptionally hard for anyone to gain access to Apple’s offices without authorization.

Even some of Apple’s remote workers in Ireland have difficulty accessing the company’s offices in Cork, where thousands of Apple workers are based, the source said. “You have to have a particular coded badge to get into the building,” they explained.

Also Read : Apple Asks Widow to Get Court Order to Reveal Dead Husband’s Password

Newly Discovered iPhone Vulnerability Can Bypass Your Lockscreen Code

By
Avinash A
-
iPhone Vulnerability Can Bypass Your Lockscreen Code

Locking your iPhone with passcode is the popular choice of most people to keep their iPhone safe from prying eyes. But researchers have  discovered a new iPhone vulnerability that can bypass your lockscreen code in iPhones and iPads running iOS 8 and iOS 9. Now it’s not clear if other devices are affected.

Also Read : Dell Introducing New BIOS Security Tool To Make Its Laptops Harder To Hack

LogBook : iPhone Vulnerability Can Bypass Your Lockscreen Code

The new iPhone vulnerability was discovered by security analyst Benjamin Kunz Mejri, a penetration tester and security analyst for Vulnerability Lab.

This iPhone vulnerability will let hackers to access the data behind your lockscreen password.

Since the flaw not seems to be that much serious because hackers hackers would have to gain physical access to the iPhone or iPad and they would have to be able to manage an unlocked iOS device for a few minutes, which means the target would likely trust the hacker with the smartphone or tablet.

Physical access to the device is required, so the advice is to make sure you do not leave your iPhone or iPad unattended.

Vulnerability Laboratory has issued a security advisory that warns: “An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone 5 & 6 | iPad 2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the Apple iPhone via an application update loop issue. The issue affects the device security when processing to request a local update by an installed mobile iOS web-application”.

It has been assigned a Common Vulnerability Scoring System (CVSS) count of 6.0, as well as a ‘high’ severity rating.

As explained by security expert Graham Cluley, the exploit works by taking advantage of a brief period after rebooting during which passcode authentication is disabled.

Vulnerability Laboratory shares a list of steps (text is produced verbatim with the original typos and grammatical oddities) that allow interested parties to replicate the bug :

Also Read : 86% Of Critical Vulnerabilities Affecting Windows Could Be Avoided By Removing Admin Rights

  1. First fill up about some % of the free memory in the iOS device with random data
  2. Now, you open the app-store choose to update all applications (update all push button)
  3. Switch fast via home button to the slide index and perform iOS update at the same time. Note: The interaction to switch needs to be performed very fast to successfully exploit. In the first load of the update you can still use the home button. Press it go back to index
  4. Now, press the home button again to review the open runnings slides
  5. Switch to the left menu after the last slide which is new and perform to open Siri in the same moment. Now the slide hangs and runs all time in a loop
  6. Turn of via power button on the ipad or iphone ….
  7. Reactivate via power button and like you can see the session still runs in the loop and can be requested without any pass code. Note: Normally the pass code becomes available after the power off button interaction to stand-by mode
  8. Successful reproduce of the local security vulnerability!

Benjamin Kunz Mejri also posted a proof-of-concept video of the attack taking place.

Kunz reported the threat to Apple back in late 2015, but the issue is still present, Security Affairs notes.

Also Read : Software Bug Put Several MediaTek Powered Android Smartphones Vulnerable to Attack

Dell Introducing New BIOS Security Tool To Make Its Laptops Harder To Hack

By
Sabarinath
-
Dell Introducing New BIOS Security Tool

Hacking attacks that comes from bootkit malware is one of the hardest security threat to resolve, for trained professionals. Even wiping your harddrive and reinstalling software will not fix them. And the company Dell just realized it and going to provide an extra a layer of security to its business laptops and PCs by introducing a new BIOS security tool which helps to protect the BIOS from malware.

Also Read : NSA Chief Hacker Explains How To Avoid NSA Spying

LogBook : Dell’s New BIOS Security Tool

Many manufactures are offering  a number of ways to protect the computer BIOS, but all of these protections reside within the computer itself.

Now Dell introducing a new BIOS security tool that will protect the BIOS from attacks by verifying it without relying on the integrity of the PC. So the new Dell BIOS security tool focuses on protecting the boot layer so PC hardware or software don’t malfunction.

It secures the low-level UEFI (Unified Extensible Firmware Interface), which sits in a protected layer above the OS. An attack on this firmware can compromise a system at boot time.

The BIOS verification technology “gives IT the assurance that employees’ systems are secure every time they use the device,” said Brett Hansen, executive director of data security solutions at Dell.

Also Read : Google Has Rewarded Over $6 Million To Security Researchers Since 2010 For Finding Flaws

How New BIOS Security Tool Works

This new tool  makes a copy of the clean UEFI which is kept in the cloud, and compares this snapshot with the machine’s UEFI every time it boots.

If something’s been hacked or messed with, there’ll be a discrepancy between the two which the comparison will flag up.

The user or admin can then be notified of the problem, and the system subsequently reverted to the clean UEFI.

That will still have to be done manually at this point, but in the future Dell aims to automate the entire process.

The system will be optional, and will cost extra for users who decide they’d like this level of protection.

The new functionality is available for commercial PCs with a 6th-generation Intel chip set and a Dell Data Protection | Endpoint Security Suite Enterprise license, which includes Latitude, Dell Precision, OptiPlex, and XPS PCs. The technology would also be available for Dell Venue Pro tablets.

Intel already provides system management tools to protect the boot layer in PCs. System administrators can remotely start a PC, fix the boot layer, and then shut down the PC. HP also includes secure boot tools in its business PCs, though they are designed for individual users.

Also Read : Skype Now Hides IP Address By Default In PC And Mobile

86% Of Critical Vulnerabilities Affecting Windows Could Be Avoided By Removing Admin Rights

By
Sabarinath
-
Critical Vulnerabilities Affecting Windows

According to a report released by a popular security firm says that almost nine-out-of-ten critical vulnerabilities affecting Windows could be mitigated by removing the admin rights. The report takes an in-depth look at the vulnerabilities affecting Windows, Internet Explorer, Office, Windows Server and more.

Also Read : Microsoft Probably has your Disk Encryption Key in its Server, Here’s How to Take it Back

LogBook : Critical Vulnerabilities Affecting Windows Could Be Avoided By Removing Admin Rights

The report, released on Thursday by security firm Avecto said that about 86% of critical vulnerabilities affecting Windows operating system could’ve been stopped at the gate, and prevented from spreading deep into system files by removing admin rights.

Windows admin rights are special privileges given to administrator accounts, which is common among consumer and home PCs.

So Administrator accounts can give users access to everything on the computer. And same privileges to malware that strike on your computer. That means malware or hackers can modify core Windows files, and steal or destroy data.

This is the reason why many companies provide Windows machines with a lower, limited level of access, which reduces the spread of malware or access for hackers.

Also Read : Microsoft Loves Linux : Microsoft Developed A Linux-Based Operating System

The report says that in 2015, 433 vulnerabilities were reported across Windows Vista,
Windows 7, Windows RT, Windows 8 / 8.1 and Windows 10 operating systems compared to 300 in 2014.

The report also takes an in-depth look at the vulnerabilities affecting Internet Explorer, Office, Windows Server and more.

In 2015, a total of 238 vulnerabilities were reported that affected Internet Explorer. And 99.5% of these IE vulnerabilities could be mitigated by the removal of user
admin rights.  Notably, 100% of the vulnerabilities reported in Edge would be mitigated by removing admin rights.

And also 82% of all vulnerabilities affecting Microsoft Office in 2015 could be mitigated by removing admin rights.

429 vulnerabilities were reported in Microsoft Security Bulletins affecting Microsoft Windows Server in 2015, Of the 240 vulnerabilities with a Critical rating in 2015, 85% were found to be mitigated by the removal of admin rights.

According to the repport about 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin right

Avecto said there has been a 52% year on year rise in the volume of vulnerabilities since 2014.

Also Read : Microsoft Published Official Way to Hide Windows 10 Upgrade Prompts in Windows 7 and Windows 8.1

Now WhatsApp Has Over 1 Billion Monthly Active Users

By
Subith
-
WhatsApp Has Over 1 Billion Monthly Active Users

Popular Facebook owned communication platform has passed another significant milestone today.WhatsApp has joined the billion monthly active users club. Now almost one in seven people on Earth use WhatsApp messenger.

Also Read : Do You Want To Speed Up Your Android Smartphone, Then First Uninstall Official Facebook App

LogBook : WhatsApp Hits 1 Billion Monthly Active Users

The Facebook owned messaging service now has over 1 billion monthly active users which translates to one in seven people on Earth.

WhatsApp co-founder and CEO Jan Koum and Facebook CEO Mark Zuckerberg announced the latest milestone via an official post on Facebook.

To mark this occasion, Koum also shared that the service has seen 42 billion messages sent through it daily, 1.6 billion photos shared, 1 billion groups organized through it, and 250 million videos shared.

WhatsApp has grown more than doubled since joining with Facebook. It had only had 450 million monthly active users, but under the leadership of Facebook CEO Mark Zuckerberg, that number has more than doubled.

Also Read : Software Bug Put Several MediaTek Powered Android Smartphones Vulnerable to Attack

First they add voice call feature and recently they’ve dropped the subscription fee and made WhatsApp completely free and their is also rumors about WhatsApp video call feature too.

Just think, if the company hadn’t dropped its $1 annual subscription fee, that’d be a relatively easy billion dollars a year in income.

The company doesn’t have a firm plan yet on how to monetize the service, but it will likely be around customer support, which is very similar to what Facebook has planned for its Messenger service.

By hitting this milestone, WhatsApp joins a growing number of apps that Facebook owns with such an enormous reach.

Facebook official App is already being used by more than 1.5 billion people monthly, and it’s likely that Facebook Messenger will soon be joining the two other services in the billion-user club.

Also Read : Now You Can Run Windows 95 In Your Browser

Now You Can Run Windows 95 In Your Browser

By
Jenna Jose
-
run Windows 95 in your browser

Windows 95 just won’t die. The older it gets, the more versatile it becomes. Last time we heard something strange about Windows 95 was when someone hacked Nintendo 3DS XL to run it. And again now you can run Windows 95 in your browser without using any plugins by following these simple steps.

Also Read : Someone Turn Motorola Lapdock Into A Laptop With Raspberry Pi Zero

LogBook : Run Windows 95 in your Browser

Andrea Faulds, a 19-year-old developer from Scotland, has been able to get run Windows 95 in almost any web browser.

She used used emscripten, an emulator that converts C++ code to JavaScript in real-time. It requires no downloads, plugins, or any special software.

The emulator takes a minute to load up because it have to first download the disk image of 47MB gzipped (131MB uncompressed), so you’ll need to be patient for startup.

To make OS runnning in browser, she installed Windows 95 in DOSBox from a virtualised CD, then packaged up the disk image, along with an AUTOEXEC.BAT file and a custom dosbox.conf using Em-DOSBox.

Also Read : Google Has Rewarded Over $6 Million To Security Researchers Since 2010 For Finding Flaws

The version used Windows 95 OSR2, which had FAT32 and Internet Explorer 3.0.

The emulator isn’t perfect (Internet Explorer crashes inside the emulator, which is to be expected) but it’s an impressive demo, but Fauld’s efforts have to applauded.

Windows 95 was the Microsoft Windows release that introduced such familiar concepts as the Desktop, Start Menu, Taskbar and Notifications Area, which was released in August, 1995.

To access Windows 95 in your browser, just click here.

Also Read : Samsung Begins Mass Producing World’s Fastest 4GB HBM2 DRAM

Software Bug Put Several MediaTek Powered Android Smartphones Vulnerable to Attack

By
Sabarinath
-
MediaTek Powered Android Smartphones Vulnerable

If you own a Android device which is powered by MediaTek chipsets, then your device is vulnerable to cyber attack. Yes recent reports officially confirms that a software bug in MediaTek powered Android smartphones made them vulnerable to attacks.

Also Read : Google Confirms Security Issue in the Mainline Linux Kernel is Not a Major Threat for Android

LogBook : MediaTek Powered Android Devices Vulnerable to Attack

MediaTek has officially confirmed the existence of a software bug that has put several MediaTek powered Android devices at risk.

The vulnerability was originally reported by security researcher Justin Case earlier this month, the bug could potentially allow an attacker to enable root access on a vulnerable device.

Back on January 13th, Case reported to MediaTek the issue at hand. At that time, MediaTek responded that they are working on a patch and expect it to be ready shortly.

Also Read : ISIS Offering $10,000 To Indian Hackers To Steal Government Data

These comments were made over Twitter due to MediaTek’s lack of a security concern email and/or comment form. They’d be following up with their “Product Security Taskforce”, so they said.

Explaining the vulnerability, Case told Gadgets360 that MediaTek software has a “backdoor” that allows a user – or a malicious app – to enable root access. “Root user could do many things, such as access data normally protected from the user/ other apps, or brick the phone, or spy on the user, monitor communications etc,” – Case said

MediaTek explained that the vulnerability stems from a debug feature that the chip-maker said smartphone manufacturers should have disabled before shipping the devices and told that  that the vulnerability exists on devices running Android 4.4 KitKat.

“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.”

“After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.” – MediaTek Spokesperson

The bug is noted to reside in many MediaTek powered Android smartphone but MediaTek declined to specify the smartphone models and the number of handsets that are impacted.

MediaTek says that the patch is on the way, so if you own a MediaTek powered Android smartphone, it would be prudent for you to keep a watch on strange behaviour in your smartphone.

Also Read : NSA Chief Hacker Explains How To Avoid NSA Spying

NSA Chief Hacker Explains How To Avoid NSA Spying

By
Avinash A
-
NSA Chief Hacker Explains How To Avoid NSA Spying

We already discussed about enemies of our internet freedom, there are some top government organisation who are spying our online activity. In that list, I think National Security Agency [NSA] hold top most position for spying our online activity. Recently NSA chief hacker explained how to protect your network from intruders… such as, oh, let’s say the NSA’s Tailored Access Operations Unit.

Also Read : Former Yandex Employee Arrested for Trying to Sell Search Engine Source Code for $25,000

LogBook : NSA Chief Hacker Tip To Avoid NSA Spying

Rob Joyce, the head of the National Security Agency’s Tailored Access Operations unit or let say NSA chief hacker, give some advice to a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems.

NSA’s Tailored Access Operations [TAO]—the government’s top hacking team who identifies, monitors, infiltrates, and gathers intelligence on computer systems being used by entities foreign to the United States. It has been active since at least circa 1998.

Rob Joyce has been working with the NSA for more than 25 years and became head of the TAO division in April 2013.

Register reported  Joyce’s presentation on Wednesday at the Enigma conference, a new security conference in San Francisco, explaining how TAO operates, and advising the attendees on how to prevent state-level actors from infiltrating and exploiting their networks and IT systems.

Also Read : Edward Snowden Doubts Security of Telegram, but Founder Pavel Durov Disagrees

How NSA Gets You ?

NSA tiger teams follow a six-stage process when attempting to crack a target, he explained. These are reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit the data.

He said the goal is to find weak points, whether they be within the network architecture, or in staff who maybe work from home or bring in unauthorized devices. There’s also areas where the target network interconnects with other computer systems, like heating and ventilation controllers, which can be useful for an attack.

Once weak points are identified, intruders who can’t simply use stolen credentials to loot data from a system will plant various malware tools, create “back door” access for themselves, and otherwise establish the presence they need to carry out the rest of the six-stage attack plan.

Joyce noted that malware tools have become difficult to detect, with today’s threats coming from people who know their stolen data begins losing its value the moment they are discovered.

He also pointed out that many of these malware tools are relatively simple pieces of code, because it’s distressingly easy to trick users into downloading and activating them.

Also Read : A Group Of Gamers Recreating Entire GTA 5 In Minecraft

How To Stay From Intruders ?

“If you really want to protect your network you have to know your network, including all the devices and technology in it,” Joyce said. “In many cases we know networks better than the people who designed and run them.”

To protect against this, admins need to lock things down as far as possible; whitelisting apps, locking down permissions, and patching as soon as possible, and use reputation management. If a seemingly legitimate user is displaying abnormal behavior, like accessing network data for the first time, chances are they have been compromised, he said.

Reputation-based tools are particularly useful against malware, Joyce explained. Signature-based antivirus won’t protect you against a unique piece of attack code, but when used in conjunction with reputation databases it can be effective – if code or a domain hasn’t been seen before there’s a high chance it’s dodgy.

Joyce stressed that off-site backups are more important than ever for big networks, because nation-state hackers are sometimes interested in destroying data, not just copying it.

He cited cases where NSA hackers have performed penetration testing, issued a report on vulnerabilities, and then when they go back two years later to test again found the same problems had not been fixed. When the NSA hacking squad comes back, he said, the first thing they do is investigate previously reported flaws and it’s amazing how many remain un-patched even after the earlier warning.

Also Read : Edward Snowden Joined Twitter, Within Hours Got More Followers Than NSA

1...310311312...328Page 311 of 328

© 2025 Copyright - TechLog360