Tag Archives: hacking news

Warning! — Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected!

Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image.

Here’s why:

Last night, Some unknown hacker or group of hackers had managed to hack into the

FBI Screwed Up — Police Reset Shooter's Apple ID Passcode that leaves iPhone Data Unrecoverable

Another Surprising Twist in the Apple-FBI Encryption Case: The Apple ID Passcode Changed while the San Bernardino Shooter’s iPhone was in Government Custody.

Yes, the Federal Bureau of Investigation (FBI) has been screwed up and left with no option to retrieve data from iPhone that belonged to San Bernardino shooter Syed Farook.

Apple has finally responded to the Department of Justice (

Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device

Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December.

The FBI knows that it can not bypass the encryption on the iPhone, but it very well knows that Apple can make a way out that could help them try more than 10 PINs on the dead shooter’s iPhone

How Just Opening an MS Word Doc Can Hijack Every File On Your System

If you receive a mail masquerading as a company’s invoice and containing a Microsoft Word file, think twice before clicking on it.

Doing so could cripple your system and could lead to a catastrophic destruction.

Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into

Using SimpliSafe Home Security? — You're Screwed! It's Easy to Hack & Can't be Patched

hacking-smart-home-security

If you are using a SimpliSafe wireless home alarm system to improve your home security smartly, just throw it up and buy a new one. It is useless.

The so-called ‘Smart’ Technology, which is designed to make your Home Safer, is actually opening your house doors for hackers. The latest in this field is SimpliSafe Alarm.
SimpliSafe wireless home alarm systems – used by more than 300,000 customers in the United States – are Hell Easy to Hack, allowing an attacker to easily gain full access to the alarm and disable the security system, facilitating unauthorized intrusions and thefts.
…and the most interesting reality is: You Can Not Patch it!
As the Internet of Things (IoT) is growing at a great pace, it continues to widen the attack surface at the same time.
Just last month, a similar hack was discovered in Ring – a Smart doorbell that connects to the user’s home WiFi network – that allowed researchers to hack WiFi password of the home user.

How to Hack SimpliSafe Alarms?

According to the senior security consultant at IOActive Andrew Zonenberg, who discovered this weakness, anyone with basic hardware and software, between $50 and $250, can harvest alarm’s PIN and turn alarm OFF at a distance of up to 200 yards (30 meters) away.
Since SimpliSafe Alarm uses unencrypted communications over the air, thief loitering near a home with some radio equipment could sniff the unencrypted PIN messages transferred from a keypad to the alarm control box when the house owner deactivates the alarm.
The attacker then records the PIN code on the microcontroller board’s memory (RAM) and later replay this PIN code to disable the compromised alarm and carry out burglaries when the owners are out of their homes.
Moreover, the attacker could also send spoofed sensor readings, like the back door closed, in an attempt to fool alarm into thinking no break-in is happening.

Video Demonstration of the Hack

You can watch the video demonstration that shows the hack in work:

“Unfortunately, there’s no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening,” Zonenberg explains.

Here’s Why Your Smart Alarms are Unpatchable

Besides using the unencrypted channel, SimpliSafe also installs a one-time programmable chip in its wireless home alarm, leaving no option for an over-the-air update.

“Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol,” Zonenberg adds. But, “this isn’t an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable.”

This means there is no patch coming to your SimpliSafe Alarm, leaving you as well as over 300,000 homeowners without a solution other than to stop using SimpliSafe alarms and buy another wireless alarm systems.
Zonenberg said he has already contacted Boston-based smart alarm provider several times since September 2015, but the manufacturer has not yet responded to this issue. So, he finally reported the issue to US-CERT.

Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records

ransomware-medical-record

Ransomware has seriously turned on to a noxious game of Hackers to get paid effortlessly.

Once again the heat was felt by the Los Angeles-based Presbyterian Medical Center when a group of hackers had sealed all its sensitive files and demanded $17,000 USD to regain the access to those compromised data.
The devastation of the compromised files can be pitched as:
  • Compromised emails
  • Lockout Electronic Medical Record System [EMR]
  • Encrypted patient data
  • Unable to carry CT Scans of the admitted patients
  • Ferried risky patients to nearby hospitals
…and much more unexplained outcomes.
The hospital had confirmed that the Ransomware malware had hit its core heart a week before, potentially affecting the situation to grow much worse.

Hospital End up Paying $17,000

As the situation was grown out of wild, the hospital paid 40 Bitcoins (Roughly US $17,000) to the Ransomware Criminals to resume their medical operations after gaining the decryption keys.
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” the hospital CEO Allen Stefanek said in a letter.
All the electronic medical system were restored back soon after unlocking the encrypted file locks.
The Ransomware had stolen the nights of many network administrators, as they would be often blamed to fight up this nasty threat; instead of blaming staffs who click the illegit links in their e-mail.

The FBI Advises Victims to Just Pay the Ransom

Last year, even the FBI advised paying off the Ransom amount to the ransomware criminals as they had not come up with any other alternatives.
Several companies had got webbed in the Ransomware business including a US Police Department that paid US $750 to ransomware criminals three years back.
Criminals often demand the ransom in BTC (their intelligent move) for the surety of not getting caught, as Bitcoin transactions are non-trackable due to its decentralized nature.
So until and unless a permanent solution evolves, users are requested not to click malicious or suspected links sent via an unknown person.
The frequent payment to Ransomware encourages the hackers in the dark to stash the cash and develop a more enticing framework for the next target.
But affecting a medical system is a heinous crime as hospitals are acting as a bridge between life and heaven.

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

glibc-linux-flaw

A highly critical vulnerability has been uncovered in the GNU C Library (glibc), a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them.

Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more.
The vulnerability is similar to the last year’s GHOST vulnerability (CVE-2015-0235) that left countless machines vulnerable to remote code execution (RCE) attacks, representing a major Internet threat.
GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware.
The recent flaw, which is indexed as CVE-2015-7547, is a stack-based buffer overflow vulnerability in glibc’s DNS client-side resolver that is used to translate human-readable domain names, like google.com, into a network IP address.
The buffer overflow flaw is triggered when the getaddrinfo() library function that performs domain-name lookups is in use, allowing hackers to remotely execute malicious code.

How Does the Flaw Work?

The flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program’s memory with code.
This code then compromises the vulnerable application or device and tries to take over the control over the whole system.
It is possible to inject the domain name into server log files, which when resolved will trigger remote code execution. An SSH (Secure Shell) client connecting to a server could also be compromised.
However, an attacker need to bypass several operating system security mechanisms – like ASLR and non-executable stack protection – in order to achieve successful RCE attack.
Alternatively, an attacker on your network could perform man-in-the-middle (MitM) attacks and tamper with DNS replies in a view to monitoring and manipulating (injecting payloads of malicious code) data flowing between a vulnerable device and the Internet.

Affected Software and Devices

All versions of glibc after 2.9 are vulnerable. Therefore, any software or application that connects to things on a network or the Internet and uses glibc is at RISK.
The widely used SSH, sudo, and curl utilities are all known to be affected by the buffer overflow bug, and security researchers warn that the list of other affected applications or code is almost too diverse and numerous to enumerate completely.
The vulnerability could extend to a nearly all the major software, including:
  • Virtually all distributions of Linux.
  • Programming languages such as the Python, PHP, and Ruby on Rails.
  • Many others that use Linux code to lookup the numerical IP address of an Internet domain.
  • Most Bitcoin software is reportedly vulnerable, too.

Who are Not Affected

The good news is users of Google’s Android mobile operating system aren’t vulnerable to this flaw. As the company uses a glibc substitute known as Bionic that is not susceptible, according to a Google representative.
Additionally, a lot of embedded Linux devices, including home routers and various gadgets, are not affected by the bug because these devices use the uclibc library as it is more lightweight than hefty glibc.
The vulnerability was first introduced in May 2008 but was reported to the glibc maintainers July 2015.
The vulnerability was discovered independently by researchers at Google and Red Hat, who found that the vulnerability has likely not been publicly attacked.
The flaw was discovered when one of the Google’s SSH apps experienced a severe error called a segmentation fault each time it attempted to contact to a particular Internet address, Google’s security team reported in a blog post published Monday.

Where glibc went Wrong

Google researchers figured out that the error was due to a buffer overflow bug inside the glibc library that made malicious code execution attacks possible. The researchers then notified glibc maintainers.
Here’s what went wrong, according to the Google engineers:

“glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.”

“Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.”

Proof-of-Concept Exploit Released

Google bod Fermin J. Serna released a Proof-of-Concept (POC) exploit code on Tuesday.
With this POC code, you can verify if you are affected by this critical issue, and verify any mitigations you may wish to enact.

Patch glibc Vulnerability

Google researchers, working with security researchers at Red Hat, have released a patch to fix the programming blunder.
However, it is now up to the community behind the Linux OS and manufacturers, to roll out the patch to their affected software and devices as soon as possible.
For people running servers, fixing the issue will be a simple process of downloading and installing the patch update.
But for other users, patching the problem may not be so easy. The apps compiled with a vulnerable glibc version should be recompiled with an updated version – a process that will take time as users of affected apps have to wait for updates to become available from developers.
Meanwhile, you can help prevent exploitation of the flaw, if you aren’t able to immediately patch your instance of glibc, by limiting all TCP DNS replies to 1024 bytes, and dropping UDP DNS packets larger than 512 bytes.
For more in-depth information on the glibc flaw, you can read Red Hat blog post.

This Android Malware Can Root Your Device And Erase Everything

A new Android malware has been making waves recently that have the capability to gain root access on your smartphone and completely erase your phone’s storage.

Dubbed Mazar BOT, the serious malware program is loaded with so many hidden capabilities that security researchers are calling it a dangerous malware that can turn your smartphone into a zombie inside hacker’s botnet.

Mazar BOT

Nasdaq to Use Bitcoin-style Blockchain to Record Shareholder Votes

The Nasdaq stock exchange and the Republic of Estonia have announced the use of Blockchain-based technology to allow shareholders of companies to e-vote in shareholder meetings even when they’re abroad, according to Nasdaq’s press release.

Global stock market giant is developing an electronic shareholder voting system implemented on the top of Blockchain technology that underpins Bitcoins.