fbpx

Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains.

Initial attacks using the WordPress REST API flaw were reported on Monday by web security firm Sucuri, who said four group of attackers defaced over 67,000 pages.

The number grew to over 100,000 pages the next day, but according to a report from fellow web security firm WordFence, these numbers have skyrocketed today to over 1.5 million pages, as there are now 20 hacking groups involved in a defacement turf war.

Mass defacements started this week

The vulnerability at the core of these series of attacks is a bug discovered by Sucuri researchers, which the WordPress team fixed with the release of WordPress 4.7.2, on January 26.

According to Sucuri, attackers can craft simple HTTP requests that allow them to bypass authentification systems and edit the titles and content of WordPress pages. This vulnerability only affects sites running on WordPress version 4.7.0 and 4.7.1.

Initially, the vulnerability was deemed of a very high-risk, and the WordPress security team kept it a secret for almost a week, allowing a large number of WordPress site owners to update their CMS without being in peril from impending attacks.

Nonetheless, WordPress and Sucuri experts realized they couldn't keep this a secret, and after a week, both teams revealed to the world that the WordPress 4.7.2 release included a secret fix for the WordPress REST API.

Sucuri's initial fears became reality a few days later, as both Sucuri and WordFence started seeing attacks leveraging the REST API flaw against sites the two were protecting.

Defacement attempts via REST API flaw over time
Defacement attempts via REST API flaw over time (via Sucuri)
 
Defacement attempts via REST API flaw over timeDefacement attempts via REST API flaw over time (via WordFence)

As time passed by, the number of attacks against the REST API flaw grew in numbers, and it became clear for both companies that attackers had discovered how to exploit the flaw on sites that were left without an update, although nobody expected this sharp rise in hacked pages in such a short time.

"This vulnerability has resulted in a kind of feeding frenzy where attackers are competing with each other to deface vulnerable WordPress websites," said Mark Maunder, Wordfence Founder and CEO. "During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor."

Hacking groups engaging in recent WordPress defacementsHacking groups engaging in recent WordPress defacements

In reality, the number of attacks is way higher, if we take into account that not all sites are protected by WordFence and Sucuri firewalls.

WordPress REST API flaw at the heart of recent defacement attacks

According to Maunder, the REST API flaw blew new life into the activity of many defacers, a term used to describe hackers that take over websites and rewrite the content of pages.

Based on Google Trends data that took into consideration the signature (name) of each of these hacking crews, we can see sharp increases in popularity and mentions for various groups, right after Sucuri revealed the REST API flaw in a blog post at the start of February.

WordPress REST API attacks reflected in Google TrendsWordPress REST API attacks reflected in Google Trends (via WordFence)

Most of the defaced sites are easily reachable via a Google query, just by searching the hacking group's name. All defacements are just a simple image or some text, but Sucuri CTO Daniel Cid believes these will change in the future after more capable SEO spamming groups get involved.

Defaced websites indexed by GoogleDefaced websites indexed by Google

At the time of writing, there's a feeding frenzy in regards to defacing unpatched WordPress sites, with many groups rewriting each other's defacement message.

We've seen a similar behavior involving recent database ransom attacks targeting MongoDB servers, where different groups were rewriting each other's ransom notes.

Over the weekend, Google also warned WordPress website owners registered in the Google Search Console. Google attempted to send security alerts to all WordPress 4.7.0 and 4.7.1 website owners, but some emails reached WordPress 4.7.2 owners, some of which misinterpreted the email and panicked, fearing their site might lose search engine ranking.

Author : Catalin Cimpanu

Source : https://www.bleepingcomputer.com/news/security/attacks-on-wordpress-sites-intensify-as-hackers-deface-over-1-5-million-pages/

Categorized in Internet Privacy

By the time the Democratic National Committee had accused Russia of hacking into its emails and passing them to Wikileaks, Arkady Bukh's cybersecurity venture was a little over a year old.

Cybersec, set up in 2015, is a controversial business that uses the services of Russian and Russian-speaking hackers to provide cybersecurity services to companies. Bukh runs the startup from his Manhattan and Brooklyn law offices. He says he has "at least half a dozen" hackers who work for him, half in the U.S. and half in Russia or the former Soviet Union. They are paid on a per-project basis, usually via Bitcoin. 

Bukh said news about the DNC hack was good for business.

Bukh, originally from Baku in the former Soviet Union, is now a naturalized U.S. citizen. He made his name defending many of the Russian hackers who have been charged and found guilty in the U.S.

He has an extensive network of current and former "black hat" hackers -- those who use their extensive computer skills to break into secure networks or websites, often with illegal intent. Launching Cybersec grew out of a desire, Bukh says, to put their formidable skills to use, and to help meet a growing demand among U.S. businesses to protect themselves from the threat of cyberattacks.

It's certainly an unusual business model. Some of the hackers he has brought on as consultants have already served time. Several are wanted by the U.S. government and staying away from countries with extradition treaties. One or two, Bukh says, are still engaged in nefarious hacking activities. A lot of the consulting is done remotely -- over the phone or online. 

cybersecurity startup

Why use Russian hackers?

The simple answer: They're highly skilled. It's partly the education, Bukh says, that sets Russian hackers and those from the former Soviet Union apart.

"This is the culture of the country where math and computer science is a very important part of the college, of the school, and they do invest a lot of money into this effort."

Money also plays a big role. It's not easy to make a good living as a computer analyst in Russia, and hacking -- particularly stealing credit cards numbers -- is lucrative. And Bukh notes, the Russian government rarely prosecutes hackers. In fact, there's a wide consensus among global cybersecurity professionals that the Russian government freely allows Russian criminal hackers to operate as long as they don't attack Russian business and government interests.

One of the part-time consultants, Sergei Pavlovich, is a 33-year-old former credit card hacker. He turned up coatless to meet me in the Moscow snow, and said in return for his expertise, Arkady Bukh advises him on his own business ventures. He wrote a book about his hacking days called "How I stole a million," and has launched an Indiegogo campaign to raise money to have it translated into English. He says he doesn't just advise on the technical methods of credit card hacking, but the social aspects of it too.

He described how the mother's maiden name was often the missing link to getting access to someone's bank account. On occasion, someone with good enough English would call the account holder to try to find it out. Pavlovich served 10 years in jail in his native Belarus and is still wanted by the U.S. government for his involvement in a credit card fraud ring back in 2008.

Another of Bukh's hackers, Vladislav Horohorin, first came into contact with Bukh when he hired him as his defense attorney. Horohorin helps out from his Massachusetts prison cell, where he's serving the last few months of a 3-and-a-half year sentence for stealing $9 million from an Atlanta-based credit card processor. "We just think the way actual attackers might," he told me via email.

It's complicated

The fact that Cybersec shares a space with Arkady Bukh's law offices isn't just to save on overhead. The lawyers are on hand to help iron out any liability issues that come with using consultants who are wanted for crimes or have a criminal record. And Bukh says he is in constant contact with the FBI, who's aware he is working with some people on their wanted list. He would not say which hackers the FBI was pursuing, but said he cooperates if they try to negotiate a surrender with one of his associates.

Cybersec's clients have so far been small and medium-sized businesses, and some wealthy individuals. Large and publicly listed companies have shied away from the legal gray area, Bukh admits.

As for the consultants themselves, it's been easy convincing them to come aboard. It's just another way to make money, Bukh says. "Hackers are usually businessmen."

Author : Clare Sebastian

Source : http://money.cnn.com/2016/12/12/technology/russian-hackers-cybersec.cnnw/index.html

Categorized in Internet Privacy

Malware attacks on smartphones' operating systems have increased with the rise of the number of mobile phone users in India

With the rise in the number of mobile internet users in India, malware attacks on smartphones’ operating systems have increased and mobile applications through which people hack into phones to access personal data show the same trend, a study has found.

The report “Going Cashless and Digital: Top Cyber Threats and Targets for 2017” released on Thursday by BD Software, country partner of Bitdefender — cyber security solutions provider — highlights major trends in the cyber threat landscape in India in 2017.

“Marked with high-profile breaches and the feel of excitement and uncertainty over the country’s move towards digitising all spheres of life and economy, the outgoing 2016 sets high expectations of more advanced, more complicated and possibly more devastating security breaches in the coming year,” said Ajay Khubchandani, IT Security Expert, BD Software, in a statement.

According to the report, cashless transactions through ATMs, Point of Sale terminals, online banking websites and others are also potential targets of the cyber criminals.

The report noted that personal data is likely to draw the attention of cybercriminals in the coming year.

“As India is becoming more and more digital, the personal data of all sorts, from biometrics and family records to bank accounts and social media accounts is in danger,” the report added.

Researchers predicted that connected devices or Internet of Things (IoT) is another target for cyber attacks.

In governments, government agencies and state-affiliated organisations , the scale of data breaches is going to increase further with cross-border tensions continuing in many regions of the world, the report warned.

Author: IANS
Source: http://indianexpress.com/article/technology/tech-news-technology/personal-data-to-draw-attention-of-hackers-in-2017-report-4451436

Categorized in News & Politics

Black and gray hat hackers are what most people consider professional despite the morally disputable nature of their operations.

Most hackers’ skill sets are often put to use against institutions, governmental organizations or the media either for monetary gains or personal interest.

Your TOR usage is being watched

What remains largely unknown is the type of operating systems these hackers prefer to use considering the nature of their work.

What Do Hackers Look For?

Anonymity is, of course, of paramount importance to a black or gray hat hacker.

As such, the type of operating system hackers choose for their exploits will primarily depend on its ability to keep the hackers’ identities well hidden.

The type of features and hacking tools that comes with the operating system is somewhat a secondary consideration, although it is just as important.

Proficient hackers who have no fear about taking unnecessary risks prefer to “hide in plain sight” using a burner laptop and the Microsoft Windows platform.

It is however not a popular choice for most given that it can only be used with Windows-based malware such as Trojan and can only work on the .NET framework and other Windows environments.

Using the burner laptops, these hackers are able to create a bootable ghost OS image that doesn’t lead back to them and copy it to an encrypted storage device, usually an SD card, before destroying the burner laptop completely.

The majority of hackers, however, seem to prefer Linux distros that are tailor-made operating systems designed by security companies to conduct digital forensics, security testing and penetration of their systems.

1 Kali Linux

kali linux

Kali Linux is by far the most popular operating system preferred by hackers, and this is mostly attributed to the versatility of the platform and the features it comes with.

The Debian-derived Linux distro was developed by Devon Kearns and Mati Aharoni of Offensive Security, who rewrote the software’s predecessor, BackTrack. It is maintained and funded by Offensive Security Ltd.

Basically the upgraded version of BackTrack, Kali Linux features a bunch of upgrades including a revamped forensic mode (now in live boot), which makes it easier for Kali users to use their bootable Kali CD or USB drive to apply it for a forensic task.

It is also compatible with some selected Android devices such as via NetHunter, an Open Source Android penetration testing platform that works primarily with Nexus devices and a few Samsung devices.

2. Parrot Security OS

ParrotOS

Popularly known as ParrotSec, this is similarly a Debian-based Linux distro that, in addition to performing penetration tests, has been designed to do Computer Forensics and Vulnerability Assessments and Mitigations.

The GNU/LINUX operating system is said to be a hacker’s favorite.

The system is designed to support hacking, pen-testing and Cloud pen-testing, and cryptography among other tasks.

3. Network Security Toolkit (NST)

Network-Security-Toolkit

Packed with an arsenal of open source network security tools, the Network Security Toolkit is a bootable Fedora-based live CD that is compatible with most x86 platforms.

The bootable OS is primarily designed for network security administrators and is suitable for performing routine diagnostic tasks, although it can also act as a monitoring tool on servers that are hosting virtual machines.

Most of the tasks performed on NST can be accessed via a web interface known as NST WUI. NST resembles Fedora in that it comes with package management capabilities and also is self-maintaining of its repository of additional packages.

4. DEFT Linux

deft-zero

The Digital Evidence and Forensics Toolkit is another open source favorite for many hackers, which is built around the Digital Advanced Response Toolkit (DART) software.

Built from the ground up, the Ubuntu-based operating system comes with a load of computer forensics and incident response tools.

Contained in the License Policy is the detailed process that determines the type of software to be used by default by the install CD.

5. Samurai Web Security Framework

samurai

This is a live Linux environment that comes pre-configured to act like a penetration testing environment.

The Samurai Web Security Framework CD comes with free open source tools that are specifically suited for hackers looking to test, gain access or attack websites.

Limitless Options for the Technologically Savvy

Hackers are not short of options when it comes to operating systems that are tailor-made for a variety of purposes.

Although Linux seems to dominate this market for hackers, there is still some preference for Windows given that most targets run Windows operating systems and as such can only be accessed in Windows-based environments.

Author:  Anonymity

Source:  https://darkwebnews.com/anonymity/operating-systems-real-hackers-use

Categorized in Deep Web

Do you still have a Yahoo Mail account? The tech company made its way onto the scene in 1994 and became a popular search engine and email service. However, it's had a very rough year.

First we learned of a massive data breach that could have impacted billions of users. Then we found out Yahoo was allegedly complying with a government security agency's request to spy on all incoming emails. Now, there is more troubling news coming out about the tech giant.

Security researcher Jouko Pynnonen recently discovered a severe security vulnerability with Yahoo Mail. The flaw would allow an attacker to access the victim's email account.

This was a cross-site scripting (XSS) attack, similar to the one discovered by Pynnonen around the same time last year. Watch this video to see a brief detail of last year's discovery:

Why this flaw is so alarming

What's terrifying about this is the victim wouldn't even need to click on a malicious link to be affected. You only had to view an email sent by the scammer for your Yahoo Mail account to be compromised.

Yahoo filters HTML messages, which is supposed to keep malicious code from making its way into a user's inbox. However, Pynnonen discovered a vulnerability that kept the filters from catching all malicious code. It had to do with different types of attachments that could be added to emails.

The good news is once Pynnonen reported the flaw, Yahoo fixed it. The tech giant also paid him $10,000 for discovering the vulnerability through its Bug Bounty Program.

Even though these flaws have been patched, it's been a rough stretch for Yahoo. If all of these problems worry you, you might want to close your Yahoo accounts. Here are instructions on how to do that:

  • How to close your Yahoo account:
  • Go to the "Terminating your Yahoo account" page.
  • Read the information under "Before continuing, please consider the following information."
  • Confirm your password - if you forgot your password, you can recover it with the Yahoo Sign-in Helper.
  • Click Terminate this Account.

Remember, if you do close your Yahoo account, you will not be able to use services associated with it. So if you decide to keep your account, at the very least make sure you have a strong password. Here are three proven formulas for creating hack-proof passwords.

You can also enable two-step verification, set up a Yahoo Account Key, or use a password manager. It's always better to be safe than sorry!

Author:  Mark Jones

Source:  http://www.komando.com/

Categorized in Internet Privacy

A hacker is a tech-savvy user who manipulates and bypasses computer systems to make them do the unintended. Sometimes this manipulation is noble, with the goal to create something beneficial. Other times, hacking is harsh, and done with the wicked goal to hurt people through identity theft or other harm.

You are likely familiar with the stereotypical 1980's hacker: the evil criminal who is socially isolated. While this stereotype does indeed describe some modern 'black hat' hackers, there exists a subset of hackers who are not criminals. In fact, there are many hackers who use their knowledge for good

Today, 'hacker' is a descriptor that subdivides into 3 categories:

  1. 'Black Hat' Hackers: criminals and wrongdoers.
  2. 'White Hat' Hackers: ethical hackers who work to protect systems and people.
  3. 'Grey Hat' Hackers: dabble in both black hat and white hat tinkering.

1  Classic 'Black Hat' Hackers = Criminals/Lawbreakers

Classic Black Hat Hackers Criminals-Lawbreakers

This is the classic definition of a hacker: a computer user who willfully vandalizes or commits theft on other people's networks

'Black hat' is a stylish way to describe their malicious motivations. Black hats are gifted but unethical computer users who are motivated by feelings of power and petty revenge. They are electronic thugs in every sense of the word, and they share the same personality traits as emotionally-stunted teens who smash bus stop windows for personal satisfaction.

Black hat hackers are renowned for the following common cybercrimes:

  • DDOS (flood) attacks that impair computer networks.
  • Identity theft
  • Vandalism of systems
  • The creation of destructive programs, like worms

2  'White Hat' Ethical Hackers = Network Security Specialists

White Hat Ethical Hackers Network Security Specialists

Different from the classic black hat hackers, white hat hackers are either driven by honorable motivations, or they are mercenaries working on honorable agendas. Also known as 'ethical hackers', white hats are talented computer security users often employed to help protect computer networks.

Some white hats are reformed black hats, like former convicts who take on work as store security guards. While they themselves may have been unethical in the past, their current vocation is considered white hat.

Ethical hackers are motivated by a steady paycheck. It is not surprising to see ethical hackers spending those paychecks on very expensive personal computers in their personal lives, so they can play online games after work. As long as they have a good-paying job to support their personal habits, an ethical hacker is usually not motivated to destroy nor steal from their employer.

Special note: some white hat hackers are 'academic hackers'. These are computer artisans who are less interested in protecting systems, and more interested in creating clever programs and beautiful interfaces. Their motivation is to improve a system through alterations and additions. Academic hackers can be casual hobbyists, or they can be serious computer engineers working on their graduate-level degrees.

3  'Grey Hat Hackers' = Conflicted, Uncertain Which Side of the Law They Stand

Grey Hat Hackers Conflicted Uncertain Which Side of the Law They Stand

Grey hat hackers are often hobbyists with intermediate technical skills. These hobbyists enjoy disassembling and modifying their own computers for hobby pleasure, and they will sometimes dabble in minor white collar crimes like file sharing and cracking software. Indeed, if you are a P2P downloader, you are a type of grey hat hacker.

Grey hat hackers rarely escalate into becoming serious black hat hackers.

4  Subcategories of Hackers: Script Kiddies and Hacktivists

Subcategories of Hackers Script Kiddies and Hacktivists

  • Script Kiddies: this is a stylish name for novice hackers who are unskilled. Script kiddies can be white hat, black hat, or grey hat.
  • Hacktivists: this is the hacker who is also a social activist fighting for a cause. Some people would argue that famous hackers like Lulzsec and Anonymous are hacktivists fighting government corruption and corporate misdeeds. Hacktivists can be white hat, black hat, or grey hat.

5  More About Computer Hackers

More About Computer Hackers

Computer hacking is exaggerated by the media, and very few public narratives give hackers the fair shake that they deserve. While most movies and TV shows of hackers are absurd, you might consider watching Mr. Robot if you want to see what hacktivists do.

Every savvy web user should know about the unsavory people on the Web. Understanding common hacker attacks and scams will help you navigate online intelligently and confidently.

Author:  Paul Gil

Source:  https://www.lifewire.com

Categorized in Internet Privacy
Page 2 of 2

AOFIRS

World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.