Category Archives: Hackers News

Hackers News

Hackers News

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features

Leave a comment
comodo-web-browser-security

Beware Comodo Users!

Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns.
First of all, make sure whether your default browser had been changed to “Chromodo” — a free browser offered by Comodo Antivirus.
If your head nod is “Yes,” then you could be at risk!
Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as ‘Private Internet Browser’ for better security and privacy, automatically overrides system settings to set itself as your ‘Default Browser.’
And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has ‘Same Origin Policy’ (SOP) disabled by default.
Google’s security researcher Tavis Ormandy, recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy.

Ormandy notes that “all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.”

Moreover, this is a total unethical movement to change default browser settings without users’ knowledge.
Same Origin Policy (SOP) is one of the browser security policies that permits scripts running in a web browser to only make requests to pages on the same domain.
If enabled, Same Origin Policy will prevent malicious scripts on one page from obtaining access to sensitive data on another web page.

What If, Same Origin Policy is Disabled

chromodo-browser

To understand this, assume you are logged into Facebook and somehow visits a malicious website in another tab.

With SOP disabled, various malicious script files on that website could take over the control of your Facebook profile, allowing malicious actors to compromise your account with access to your private messages, post status updates, etc.
The same thing Comodo is doing with its users, by default disabling SOP in Chromodo that could allow attackers to:
  • Steal session authentication cookies.
  • Perform malicious actions through script code.
  • Even Replace trusted websites with attacker-created HTML design.

How to Check, If your Browser has SOP Enabled/Disabled

If you are still unsure whether your browser is SOP disabled, then visit this link.
If you are getting a prompt as “Browser appears to be fine,” then you are out of danger.
But, if you are getting a negative approach such as “Your browser is not enforcing the SOP,” you are advised to migrate to other browsers such as Chrome or Firefox for your self-defense against any malicious attack.
Stay Safe! Safe Tuned!

Hackers News

NASA HACKED! AnonSec tried to Crash $222 Million Drone into Pacific Ocean

Leave a comment
nasa-hacked-drone
Once again the Red Alarm had been long wailed in the Security Desk of the National Aeronautics and Space Administration (NASA).
Yes! This time, a serious hacktivism had been triggered by the Hacking group named “AnonSec” who made their presence in the cyber universe by previous NASA Hacks.
The AnonSec Members had allegedly released 276 GB of sensitive data which includes 631 video feeds from the Aircraft & Weather Radars; 2,143 Flight Logs and credentials of 2,414 NASA employees, including e-mail addresses and contact numbers.
The hacking group has released a self-published paper named “Zine” that explains the magnitude of the major network breach that compromised NASA systems and their motives behind the leak.

Here’s How AnonSec Hacked into NASA

The original cyber attack against NASA was not initially planned by AnonSec Members, but the attack went insidious soon after the Gozi Virus Spread that affected millions of systems a year ago.
After purchasing an “initial foothold” in 2013 from a hacker with the knowledge of NASA Servers, AnonSec group of hackers claimed to pentested the NASA network to figure out how many systems are penetrable, the group told InfoWar.
Bruteforcing Admin’s SSH Password only took 0.32 seconds due to the weak password policy, and the group gained further indoor access that allowed it to grab more login information with a hidden packet sniffing tool.
They also claimed to infiltrate successfully into the Goddard Space Flight Center, the Glenn Research Center, and the Dryden Research Center.

Hacker Attempted to Crash $222 Million Drone into the Pacific Ocean

Three NAS Devices (Network Attached Storage) which gathers aircraft flight log backups were also compromised, rapidly opening a new room for the extended hack:
Hacking Global Hawk Drones, specialized in Surveillance Operations.
Hackers have tried to gain the control over the drone by re-routing the flight path (by Man-in-the-Middle or MitM strategy) to crash it in the Pacific Ocean, but…
…the sudden notification of a security glitch in the unusual flight plan made the NASA engineers to take the control manually that saved their $222.7 Million drone from drowning in the ocean.
This hacking attempt had happened due to the trivial routine of drone operators of uploading the drone flight paths for the next fly, soon after a drone session ends.
After this final episode, AnonSec lost their control over the compromised NASA servers and everything was set to normal by NASA engineers as before.
This marked the attack’s magnitude at a steep height by infecting into other pipelines of NASA, leading to this nasty situation.

However, in a statement emailed to Forbes, NASA has denied alleged hacking incident, says leaked information could be part of freely available datasets, and there is no proof that a drone was hijacked.

“Control of our Global Hawk aircraft was not compromised. NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data. NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations.”

Why Did AnonSec Hack into NASA?

If you are going to point your fingers against the AnonSec Hackers, then Wait! Here’s what the group of hackers wants to highlight:

“One of the main purposes of the Operation was to bring awareness to the reality of Chemtrails/CloudSeeding/Geoengineering/Weather Modification, whatever you want to call it, they all represent the same thing.” 

“NASA even has several missions dedicated to studying Aerosols and their affects (sic) on the environment and weather, so we targeted their systems.”

And Here’s What NASA was actually doing:
  • Cloud seeding: A weather alteration method that uses silver iodide to create precipitation in clouds which results to cause more rainfall to fight carbon emission which ultimately manipulates the nature.
  • Geoengineering: Geoengineering aims to tackle climate change by removing CO2 from the air or limiting the sunlight reaching the planet.
Similar projects are running on behalf of the US Government such as Operation Icebridge [OIB], Aerosol-Cloud-Ecosystem (ACE) which are dedicated to climate modeling.
This security breach would be a black label for the Security Advisory Team of NASA and became a warning bell to beef up the security.

Hackers News

Wikileak's Julian Assange Could Be Set Free On Friday by United Nation

Leave a comment
united-nation-wikileaks

The decision of the United Nations investigation into the Julian Assange case is set to be revealed and could order the release of Wikileaks founder on February 5.

BREAKING: UN set to announce decision on #Assange’s release on Friday,“BREAKING: UN set to announce decision on #Assange’s release on Friday,” Wikileaks has tweeted.
Assange has been living in the Ecuadorian embassy in London for over 3 years, after being granted political asylum by the Ecuadorian government of the South American country.
UN Working Group on Arbitrary Detention (WGAD)
Assange has been residing in the embassy since 2012 to avoid extradition:
  • First to Sweden where he is facing sexual assault allegations, which he has always denied.
  • Ultimately to the United States where he could face cyber espionage charges for publishing classified US military and diplomat documents via his website Wikileaks.

The leak of publishing secret documents has amounted to the largest information leak in United States history. The US also launched a criminal case against Assange following the leak.
However, Assange filed a complaint against Sweden and the United Kingdom in September 2014 that has been considered by the UN Working Group on Arbitrary Detention.
The decision on the case will be published on Friday, and if the group concludes that Assange is being illegally detained, the UN is expected to call on the UK and Sweden to release him.

Hackers News

They Named it — Einstein, But $6 Billion Firewall Fails to Detect 94% of Latest Threats

Leave a comment
einstein-cybersecurity-firewall

The US government’s $6 Billion firewall is nothing but a big blunder.

Dubbed EINSTEIN, the nationwide firewall run by the US Department of Homeland Security (DHS) is not as smart as its name suggests.
An audit conducted by the United States Government Accountability Office (GAO) has claimed that the firewall used by US government agencies is failing to fully meet its objectives and leaving the agencies open to zero-day attacks.

EINSTEIN, which is officially known as the US’ National Cybersecurity Protection System (NCPS) and has cost $5.7 Billion to develop, detects only 6 percent of today’s most common security vulnerabilities and failed to detect the rest 94 percent.

How bad is EINSTEIN Firewall in reality?

In a series of tests conducted last year, Einstein only detected 29 out of 489 vulnerabilities across Flash, Office, Java, IE and Acrobat disclosed via CVE reports published in 2014, according to a report [PDF] released by the GAO late last year.
Among the extraordinary pieces of information revealed are the fact that the system is:
  • Unable to monitor web traffic for malicious content.
  • Unable to uncover malware in a system.
  • Unable to monitor cloud services either.
  • Only offers signature-based threat and intrusion detection, rather than monitoring for unusual activity.
Yes, Einstein only carries out signature-based threat and intrusion detection, which means the system acts like a dumb terminal that waits for the command what to find, rather than to search itself for unusual activity.

Einstein Uses Outdated Signatures Database

In fact, more than 65 percent of intrusion detection signatures (digital fingerprints of known viruses and exploit code) are outdated, making Einstein wide open to recently discovered zero-day vulnerabilities.
However, in response to this, DHS told the office Einstein was always meant to be a signature-based detection system only. Here’s what the department told the auditors:

“It is the responsibility of each agency to ensure their networks and information systems are secure while it is the responsibility of DHS to provide a baseline set of protections and government-wide situational awareness, as part of a defense-in-depth information security strategy.”

Einstein is Effectively Blind

If this wasn’t enough to figure out the worth of the $6 Billion firewall, Einstein is effectively Blind.
The Department of Homeland Security (DHS), which is behind the development of Einstein, has not included any feature to measure the system’s own performance, so the system doesn’t even know if it is doing a good job or not.

So, “until its intended capabilities are more fully developed, DHS will be hampered in its abilities to provide effective cybersecurity-related support to federal agencies,” reads the report.

Einstein was actually developed in 2003 to automatically monitor agency network traffic, and later in 2009 expanded to offer signature-based detection as well as malware-blocking abilities.
Most of the 23 agencies are actually required to implement the firewall, but the GAO found that only 5 of them were utilising the system to deal with possible intrusions.
Despite having spent $1.2 Billion in 2014 and $5.7 Billion in total project, Einstein still only monitors certain types of network flaws along with no support for monitoring web traffic or cloud services.

Hackers News

Microsoft Starts automatically Pushing Windows 10 to all Windows 7 and 8.1 Users

Leave a comment
windows-10-upgrade-installation

As warned last year, Microsoft is pushing Windows 10 upgrades onto its user’s PCs much harder by re-categorizing Windows 10 as a “Recommended Update in Windows Update, instead of an “optional update.
Microsoft launched Windows 10 earlier last year and offered the free upgrade for Windows 7 and Windows 8 and 8.1 users. While the company has been successful in getting Windows 10 onto more than 200 Million devices, Microsoft wants to go a lot more aggressive this year.
So, If you have enabled Automatic Windows Update on your Window 7, 8 or 8.1 to install critical updates, like Security Patches, you should watch your steps because…
…From Monday, Windows Update will start upgrading your PC to the newest Windows 10 as a recommended update, Microsoft confirmed.
This means Windows 10 upgrade process will download and start on hundreds of millions of devices automatically.
The move is, of course, the part of Microsoft’s goal to get Windows 10 running on 1 Billion devices within 2-3 years of its actual release.
market-share-windows10
Market Share of Windows 10 is on the rise. It has already grabbed a market share of 11.85% as of January 2016, increasing from 9.96% in December. But, Windows 7 is still running on over 50% of all PCs in the world, so targeting even half of its user base would bring Microsoft very near to its goal.

“As we shared in late October on the Windows Blog, we are committed to making it easy for our Windows 7 and Windows 8.1 customers to upgrade to Windows 10,” a Microsoft spokesperson said. “We updated the update experience today to help our clients, who previously reserved their upgrade, schedule a time for their upgrade to take place.”

This means if the ‘Give me recommended updates the same way I receive important update’ option in Windows Update section is enabled on your PC, the Windows 10 update will not only be downloaded but also, the installation will be started automatically.
windows10-update
You are also required to stay alert because even if you have adopted manual updates you may still end up downloading Windows 10 anyway. As Windows Update is automatically pre-selecting the option for you, without your need to click on the box to get it.
However, the company says that you won’t be forced to upgrade the creepy OS as there will still be a prompt window that will require you to click through and confirm the Windows 10 upgrade after the files have silently been downloaded and unpacked in the background.
Even if the Windows 10 upgrade is accidentally completed, there is still a way to opt out of it. Microsoft is offering a 31 day grace period in which you will be able to revert to your old installation after trying Windows 10 and deciding you not like the operating system.
Though we know this revert will also be an aggressive push by Microsoft.

Hackers News

Google Patches Critical Remotely-exploitable Flaws in Latest Android Update

Leave a comment
update-android-mobile
Google has released the February Security Update for Android that patches multiple security vulnerabilities discovered in the latest version of Android operating system.
In total, there were five “critical” security vulnerabilities fixed in the release along with four “high” severity and one merely “moderate” issues.

Remote Code Execution Flaw in WiFi

A set of two critical vulnerabilities has been found in the Broadcom WiFi driver that could be exploited by attackers to perform Remote Code Execution (RCE) on affected Android devices when connected to the same network as the attacker.
The vulnerabilities (CVE-2016-0801 and CVE-2016-0802) can be exploited by sending specially crafted wireless control message packets that can corrupt kernel memory, potentially leading to remote code execution at the kernel level.

“These vulnerabilities can be triggered when the attacker and the victim are associated with the same network,” reads the advisory. “This issue is rated as a Critical severity due to the possibility of remote code execution in the context of the kernel without requiring user interaction.”

Remote Code Execution Flaw in Mediaserver

Another set of two critical security vulnerabilities were discovered in Mediaserver that was targeted last summer by critical Stagefright vulnerabilities and exploits, allowing anyone to compromise an Android device by sending just a specially crafted MMS message.
The recently discovered flaws (CVE-2016-0803 and CVE-2016-0804) in Mediaserver could enable remote code execution (RCE) on affected Android devices through email, web browsing, or MMS files when processing media files.
Moreover, a separate vulnerability called elevation of privilege (CVE-2016-0810) was also discovered in Mediaserver that could be exploited to gain elevated capabilities, including Signature or SignatureOrSystem permissions privileges, that aren’t accessible to third-party apps.
Two Elevation of Privilege vulnerabilities has also been found in Qualcomm components: the Qualcomm Performance Module (CVE-2016-0805) and the Qualcomm Wi-Fi Driver (CVE-2016-0806). Both the flaws, rated as critical, leveraged an attacker to launch further attacks.
Another critically rated bug (CVE-2016-0807) discovered in the Debuggerd component could open the door to execute arbitrary code within the device’s root level. Debuggerd is a software tool used for debugging and analyzing Android crashes.

Other high severity bugs include:

  • An elevation of privilege vulnerability in the Android Wi-Fi component
  • A denial-of-service vulnerability in the Minikin library
  • An information disclosure bug in libmediaplayerservice
The final set of vulnerabilities is an Elevation of Privilege flaw in Setup Wizard that could allow a hacker to bypass the Factory Reset Protection and gain access to the affected device.
All the Security patches are currently made available for Nexus devices only. Google also shared the patches with carrier and manufacturer partners on January 4, but users of other Android devices should have to wait until their devices receive an update.
Nexus device users are advised to patch the flaws by flashing their devices to this new build immediately. Users can also wait for the OTA (Over-the-Air) update that will be out in the next week or so.

Hackers News

Hacking Smartphones Running on MediaTek Processors

Leave a comment

A dangerous backdoor has been discovered in the MediaTek processor that could be exploited to hack Android devices remotely.

MediaTek is a Taiwan-based hardware company that manufacture hardware chips and processor used in the smartphones and tablets.

The backdoor was discovered by security researcher Justin Case, who already informed MediaTek about the security issue via Twitter, as

Hackers News

Dutch Police Training Eagles to Take Down Rogue Drones

Leave a comment

You may have seen number of viral entertainment videos on the Internet, titled:

Hawk attacks Drone!

Angry Bird takes down Quadcopter,

and the best one…

Eagle attack: Drone Kidnapped by two Eagles,

<!– adsense –>

…showing eagles, not-so-natural predators, attacking and bringing down drones when someone with a camera tries to invade their private airspace.

Inspired from this:

Hackers News

Default Apache Configuration Can Unmask Tor Hidden Services

Leave a comment

Attention Tor Onion Hosters!

A year old loophole in Apache Web Server, uncovered by an unknown Computer Science Student, could potentially unmask the real identity of .onion-domains and servers hidden behind the Tor-network.

Although the loophole was reported on Reddit and to the Tor Project months back, it recently came to the limelight soon after a tweet by Alec Muffet, a well-known

Hackers News

How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds

Leave a comment

Featured Image Only. See Original leaked images below.

In a joint surveillance program, the US intelligence agency NSA (National Security Agency) and the British intelligence agency GCHQ (Government Communications Headquarters) hacked into, decrypted, and tracked live video feeds of Israeli Military Drones and Fighter Jets.

This could be one of the most shocking and embarrassing