More
Home Blog Page 384

Dell Introducing New BIOS Security Tool To Make Its Laptops Harder To Hack

By
Sabarinath
-
Dell Introducing New BIOS Security Tool

Hacking attacks that comes from bootkit malware is one of the hardest security threat to resolve, for trained professionals. Even wiping your harddrive and reinstalling software will not fix them. And the company Dell just realized it and going to provide an extra a layer of security to its business laptops and PCs by introducing a new BIOS security tool which helps to protect the BIOS from malware.

Also Read : NSA Chief Hacker Explains How To Avoid NSA Spying

LogBook : Dell’s New BIOS Security Tool

Many manufactures are offering  a number of ways to protect the computer BIOS, but all of these protections reside within the computer itself.

Now Dell introducing a new BIOS security tool that will protect the BIOS from attacks by verifying it without relying on the integrity of the PC. So the new Dell BIOS security tool focuses on protecting the boot layer so PC hardware or software don’t malfunction.

It secures the low-level UEFI (Unified Extensible Firmware Interface), which sits in a protected layer above the OS. An attack on this firmware can compromise a system at boot time.

The BIOS verification technology “gives IT the assurance that employees’ systems are secure every time they use the device,” said Brett Hansen, executive director of data security solutions at Dell.

Also Read : Google Has Rewarded Over $6 Million To Security Researchers Since 2010 For Finding Flaws

How New BIOS Security Tool Works

This new tool  makes a copy of the clean UEFI which is kept in the cloud, and compares this snapshot with the machine’s UEFI every time it boots.

If something’s been hacked or messed with, there’ll be a discrepancy between the two which the comparison will flag up.

The user or admin can then be notified of the problem, and the system subsequently reverted to the clean UEFI.

That will still have to be done manually at this point, but in the future Dell aims to automate the entire process.

The system will be optional, and will cost extra for users who decide they’d like this level of protection.

The new functionality is available for commercial PCs with a 6th-generation Intel chip set and a Dell Data Protection | Endpoint Security Suite Enterprise license, which includes Latitude, Dell Precision, OptiPlex, and XPS PCs. The technology would also be available for Dell Venue Pro tablets.

Intel already provides system management tools to protect the boot layer in PCs. System administrators can remotely start a PC, fix the boot layer, and then shut down the PC. HP also includes secure boot tools in its business PCs, though they are designed for individual users.

Also Read : Skype Now Hides IP Address By Default In PC And Mobile

86% Of Critical Vulnerabilities Affecting Windows Could Be Avoided By Removing Admin Rights

By
Sabarinath
-
Critical Vulnerabilities Affecting Windows

According to a report released by a popular security firm says that almost nine-out-of-ten critical vulnerabilities affecting Windows could be mitigated by removing the admin rights. The report takes an in-depth look at the vulnerabilities affecting Windows, Internet Explorer, Office, Windows Server and more.

Also Read : Microsoft Probably has your Disk Encryption Key in its Server, Here’s How to Take it Back

LogBook : Critical Vulnerabilities Affecting Windows Could Be Avoided By Removing Admin Rights

The report, released on Thursday by security firm Avecto said that about 86% of critical vulnerabilities affecting Windows operating system could’ve been stopped at the gate, and prevented from spreading deep into system files by removing admin rights.

Windows admin rights are special privileges given to administrator accounts, which is common among consumer and home PCs.

So Administrator accounts can give users access to everything on the computer. And same privileges to malware that strike on your computer. That means malware or hackers can modify core Windows files, and steal or destroy data.

This is the reason why many companies provide Windows machines with a lower, limited level of access, which reduces the spread of malware or access for hackers.

Also Read : Microsoft Loves Linux : Microsoft Developed A Linux-Based Operating System

The report says that in 2015, 433 vulnerabilities were reported across Windows Vista,
Windows 7, Windows RT, Windows 8 / 8.1 and Windows 10 operating systems compared to 300 in 2014.

The report also takes an in-depth look at the vulnerabilities affecting Internet Explorer, Office, Windows Server and more.

In 2015, a total of 238 vulnerabilities were reported that affected Internet Explorer. And 99.5% of these IE vulnerabilities could be mitigated by the removal of user
admin rights.  Notably, 100% of the vulnerabilities reported in Edge would be mitigated by removing admin rights.

And also 82% of all vulnerabilities affecting Microsoft Office in 2015 could be mitigated by removing admin rights.

429 vulnerabilities were reported in Microsoft Security Bulletins affecting Microsoft Windows Server in 2015, Of the 240 vulnerabilities with a Critical rating in 2015, 85% were found to be mitigated by the removal of admin rights.

According to the repport about 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin right

Avecto said there has been a 52% year on year rise in the volume of vulnerabilities since 2014.

Also Read : Microsoft Published Official Way to Hide Windows 10 Upgrade Prompts in Windows 7 and Windows 8.1

Now WhatsApp Has Over 1 Billion Monthly Active Users

By
Subith
-
WhatsApp Has Over 1 Billion Monthly Active Users

Popular Facebook owned communication platform has passed another significant milestone today.WhatsApp has joined the billion monthly active users club. Now almost one in seven people on Earth use WhatsApp messenger.

Also Read : Do You Want To Speed Up Your Android Smartphone, Then First Uninstall Official Facebook App

LogBook : WhatsApp Hits 1 Billion Monthly Active Users

The Facebook owned messaging service now has over 1 billion monthly active users which translates to one in seven people on Earth.

WhatsApp co-founder and CEO Jan Koum and Facebook CEO Mark Zuckerberg announced the latest milestone via an official post on Facebook.

To mark this occasion, Koum also shared that the service has seen 42 billion messages sent through it daily, 1.6 billion photos shared, 1 billion groups organized through it, and 250 million videos shared.

WhatsApp has grown more than doubled since joining with Facebook. It had only had 450 million monthly active users, but under the leadership of Facebook CEO Mark Zuckerberg, that number has more than doubled.

Also Read : Software Bug Put Several MediaTek Powered Android Smartphones Vulnerable to Attack

First they add voice call feature and recently they’ve dropped the subscription fee and made WhatsApp completely free and their is also rumors about WhatsApp video call feature too.

Just think, if the company hadn’t dropped its $1 annual subscription fee, that’d be a relatively easy billion dollars a year in income.

The company doesn’t have a firm plan yet on how to monetize the service, but it will likely be around customer support, which is very similar to what Facebook has planned for its Messenger service.

By hitting this milestone, WhatsApp joins a growing number of apps that Facebook owns with such an enormous reach.

Facebook official App is already being used by more than 1.5 billion people monthly, and it’s likely that Facebook Messenger will soon be joining the two other services in the billion-user club.

Also Read : Now You Can Run Windows 95 In Your Browser

Now You Can Run Windows 95 In Your Browser

By
Jenna Jose
-
run Windows 95 in your browser

Windows 95 just won’t die. The older it gets, the more versatile it becomes. Last time we heard something strange about Windows 95 was when someone hacked Nintendo 3DS XL to run it. And again now you can run Windows 95 in your browser without using any plugins by following these simple steps.

Also Read : Someone Turn Motorola Lapdock Into A Laptop With Raspberry Pi Zero

LogBook : Run Windows 95 in your Browser

Andrea Faulds, a 19-year-old developer from Scotland, has been able to get run Windows 95 in almost any web browser.

She used used emscripten, an emulator that converts C++ code to JavaScript in real-time. It requires no downloads, plugins, or any special software.

The emulator takes a minute to load up because it have to first download the disk image of 47MB gzipped (131MB uncompressed), so you’ll need to be patient for startup.

To make OS runnning in browser, she installed Windows 95 in DOSBox from a virtualised CD, then packaged up the disk image, along with an AUTOEXEC.BAT file and a custom dosbox.conf using Em-DOSBox.

Also Read : Google Has Rewarded Over $6 Million To Security Researchers Since 2010 For Finding Flaws

The version used Windows 95 OSR2, which had FAT32 and Internet Explorer 3.0.

The emulator isn’t perfect (Internet Explorer crashes inside the emulator, which is to be expected) but it’s an impressive demo, but Fauld’s efforts have to applauded.

Windows 95 was the Microsoft Windows release that introduced such familiar concepts as the Desktop, Start Menu, Taskbar and Notifications Area, which was released in August, 1995.

To access Windows 95 in your browser, just click here.

Also Read : Samsung Begins Mass Producing World’s Fastest 4GB HBM2 DRAM

Software Bug Put Several MediaTek Powered Android Smartphones Vulnerable to Attack

By
Sabarinath
-
MediaTek Powered Android Smartphones Vulnerable

If you own a Android device which is powered by MediaTek chipsets, then your device is vulnerable to cyber attack. Yes recent reports officially confirms that a software bug in MediaTek powered Android smartphones made them vulnerable to attacks.

Also Read : Google Confirms Security Issue in the Mainline Linux Kernel is Not a Major Threat for Android

LogBook : MediaTek Powered Android Devices Vulnerable to Attack

MediaTek has officially confirmed the existence of a software bug that has put several MediaTek powered Android devices at risk.

The vulnerability was originally reported by security researcher Justin Case earlier this month, the bug could potentially allow an attacker to enable root access on a vulnerable device.

Back on January 13th, Case reported to MediaTek the issue at hand. At that time, MediaTek responded that they are working on a patch and expect it to be ready shortly.

Also Read : ISIS Offering $10,000 To Indian Hackers To Steal Government Data

These comments were made over Twitter due to MediaTek’s lack of a security concern email and/or comment form. They’d be following up with their “Product Security Taskforce”, so they said.

Explaining the vulnerability, Case told Gadgets360 that MediaTek software has a “backdoor” that allows a user – or a malicious app – to enable root access. “Root user could do many things, such as access data normally protected from the user/ other apps, or brick the phone, or spy on the user, monitor communications etc,” – Case said

MediaTek explained that the vulnerability stems from a debug feature that the chip-maker said smartphone manufacturers should have disabled before shipping the devices and told that  that the vulnerability exists on devices running Android 4.4 KitKat.

“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.”

“After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.” – MediaTek Spokesperson

The bug is noted to reside in many MediaTek powered Android smartphone but MediaTek declined to specify the smartphone models and the number of handsets that are impacted.

MediaTek says that the patch is on the way, so if you own a MediaTek powered Android smartphone, it would be prudent for you to keep a watch on strange behaviour in your smartphone.

Also Read : NSA Chief Hacker Explains How To Avoid NSA Spying

NSA Chief Hacker Explains How To Avoid NSA Spying

By
Avinash A
-
NSA Chief Hacker Explains How To Avoid NSA Spying

We already discussed about enemies of our internet freedom, there are some top government organisation who are spying our online activity. In that list, I think National Security Agency [NSA] hold top most position for spying our online activity. Recently NSA chief hacker explained how to protect your network from intruders… such as, oh, let’s say the NSA’s Tailored Access Operations Unit.

Also Read : Former Yandex Employee Arrested for Trying to Sell Search Engine Source Code for $25,000

LogBook : NSA Chief Hacker Tip To Avoid NSA Spying

Rob Joyce, the head of the National Security Agency’s Tailored Access Operations unit or let say NSA chief hacker, give some advice to a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems.

NSA’s Tailored Access Operations [TAO]—the government’s top hacking team who identifies, monitors, infiltrates, and gathers intelligence on computer systems being used by entities foreign to the United States. It has been active since at least circa 1998.

Rob Joyce has been working with the NSA for more than 25 years and became head of the TAO division in April 2013.

Register reported  Joyce’s presentation on Wednesday at the Enigma conference, a new security conference in San Francisco, explaining how TAO operates, and advising the attendees on how to prevent state-level actors from infiltrating and exploiting their networks and IT systems.

Also Read : Edward Snowden Doubts Security of Telegram, but Founder Pavel Durov Disagrees

How NSA Gets You ?

NSA tiger teams follow a six-stage process when attempting to crack a target, he explained. These are reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit the data.

He said the goal is to find weak points, whether they be within the network architecture, or in staff who maybe work from home or bring in unauthorized devices. There’s also areas where the target network interconnects with other computer systems, like heating and ventilation controllers, which can be useful for an attack.

Once weak points are identified, intruders who can’t simply use stolen credentials to loot data from a system will plant various malware tools, create “back door” access for themselves, and otherwise establish the presence they need to carry out the rest of the six-stage attack plan.

Joyce noted that malware tools have become difficult to detect, with today’s threats coming from people who know their stolen data begins losing its value the moment they are discovered.

He also pointed out that many of these malware tools are relatively simple pieces of code, because it’s distressingly easy to trick users into downloading and activating them.

Also Read : A Group Of Gamers Recreating Entire GTA 5 In Minecraft

How To Stay From Intruders ?

“If you really want to protect your network you have to know your network, including all the devices and technology in it,” Joyce said. “In many cases we know networks better than the people who designed and run them.”

To protect against this, admins need to lock things down as far as possible; whitelisting apps, locking down permissions, and patching as soon as possible, and use reputation management. If a seemingly legitimate user is displaying abnormal behavior, like accessing network data for the first time, chances are they have been compromised, he said.

Reputation-based tools are particularly useful against malware, Joyce explained. Signature-based antivirus won’t protect you against a unique piece of attack code, but when used in conjunction with reputation databases it can be effective – if code or a domain hasn’t been seen before there’s a high chance it’s dodgy.

Joyce stressed that off-site backups are more important than ever for big networks, because nation-state hackers are sometimes interested in destroying data, not just copying it.

He cited cases where NSA hackers have performed penetration testing, issued a report on vulnerabilities, and then when they go back two years later to test again found the same problems had not been fixed. When the NSA hacking squad comes back, he said, the first thing they do is investigate previously reported flaws and it’s amazing how many remain un-patched even after the earlier warning.

Also Read : Edward Snowden Joined Twitter, Within Hours Got More Followers Than NSA

Google Has Rewarded Over $6 Million To Security Researchers Since 2010 For Finding Flaws

By
Sabarinath
-
Google Has Rewarded Over $6 Million To Security Researchers Since 2010

Google recently announced that it has paid over $6 million to security researchers since launching its bug bounty program in 2010. Google claims that financial rewards help them to make their services, and the web as a whole, safer and more secure.

Also Read : Google Confirms Security Issue in the Mainline Linux Kernel is Not a Major Threat for Android

LogBook : Google Paid Over $6 Million To Security Researchers

Google Vulnerability Reward Program (VRP) has been started from the year 2010.

Since 2010, Google has paid $6 million to security researchers for finding flaws.

In 2015 alone, Google has rewarded more than 300 different security researchers over $2 million for finding more than 750 bugs.

Google Has Rewarded Over $6 Million To Security Researchers

Also Read : A Group Of Gamers Recreating Entire GTA 5 In Minecraft

Security researchers from around the world—Great Britain, Poland, Germany, Romania, Israel, Brazil, United States, China, Russia, India to name a few countries—participated in Google’s bug bounty program in 2015

Google’s security team has expanded the program time and time again to encompass more products and offer more lucrative rewards.

In June 2015, Google launched Android Vulnerability Reward Program, where the company paid more than $200,000 to security researchers for their work, including the company’s largest single payment of $37,500 to an Android security researcher.

Google also began to provide researchers with Vulnerability Research Grants,  lump sums of money that researchers receive before starting their investigations.

The purpose of these grants is to ensure that researchers are rewarded for their hard work, even if they don’t find a vulnerability. Google said they already found positive result from Vulnerability Research Grant program.

Also Read : Google Asked to Remove 558 Million “Pirate” Links from Search Results in 2015

Google said that : “Kamil Histamullin a researcher from Kasan, Russia received a VRP grant early last year. Shortly thereafter, he found an issue in YouTube Creator Studio which would have enabled anyone to delete any video from YouTube by simply changing a parameter from the URL. After the issue was reported, our teams quickly fixed it and the researcher was was rewarded $5,000 in addition to his initial research grant. Kamil detailed his findings on his personal blog in March.”

Google also shared two interesting stories about its bug bounty program in 2015.

  • Tomasz Bojarski, the most prolific researcher of the year, found 70 bugs on Google in 2015. He even found a bug in Google’s vulnerability submission form.
  • Sanmay Ved, a researcher who bought google.com for one minute on Google Domains, received $6,006.13 (“google” spelled-out numerically). Google doubled the amount when Ved donated his reward to charity.

Since these types of bug bounty programs will help to motivate individuals and groups of hackers not only to find flaws, but to disclose them properly, instead of using them maliciously or selling them to parties that will.

Also Read : Researchers from Google Discovered How to Hack a Corporate Network just by Sending an Email

ISIS Offering $10,000 To Indian Hackers To Steal Government Data

By
Jenna Jose
-
ISIS Offering $10,000 To Indian Hackers

Recent reports states that ISIS is now luring Indian hackers with top dollar to hack into government websites and steal sensitive data. Experts believe that many Indian hackers are already picked up the offer because of the attractive salary package.

Also Read : Pictures of Female Facebook Users in India Being Used to Promote Porn Sites

LogBook : ISIS Offers $10,000 To Indian Hackers

It is being reported that ISIS is willing to pay Indian hackers thousands of dollars to hack into government websites and gain access to sensitive documents.

For each successful ‘ job ‘, ISIS is ready to pay $10,000 and more to Indian hackers.

Experts are saying this has been the most anyone has been offered in the hacking community.

The hackers are being asked to create a database of potential Indian candidates from social media sites like Facebook and Twitter.

“There are various underground communities online where hackers interact regularly. Our investigation reveals that for the past six months, lucrative offers for stealing government data came pouring in and hackers were offered a huge sum. Such amount has never been offered to any Indian hackers before. We found that the offers were being made to spread ISIS reach in the country,” said Kislay Choudhary, a cyber crime expert who works with several security agencies. Kislay also added that stealing a government secured data is a part of ISIS’s intelligence gathering exercise.

Also Read : PlayStation 4 Hacked to Run Linux

ISIS supporters are using Facebook and Twitter to propagate its radical ideology and brainwash the youth.

Experts believe that unfortunately many of the hackers have already accepted the offer as over 30,000 have been reportedly in contact with the extremist organisation in India till now.

The recruited hackers are communicating on internet-based services like Skype, Silent Circle, Telegram, and WhatsApp with their Syrian handlers, say experts.

Security agencies say they have initiated counter measures and have taken down ISIS-related content on web and also the Indian government is all set to create a 24/7 war room to monitor social media.

Also Read : Twitter Sued Over ISIS Attacks

1...383384385...401Page 384 of 401

© 2025 Copyright - TechLog360