Archive for July 14, 2014

Kronos: A new Banking Trojan for sale in Underground forums

Researchers from Trusteer have discovered a new Banking Trojan dubbed as "Kronos" which is being sold in the Underground forum.

The malware is being sold for $7,000 and the cyber criminals are offering one week test for the price of $1,000 with full access to the command and control server without any limitation.

Similar to other banking Trojans, this new malware also capable of doing form grabbing and HTML Injection.

Kronos has user-mode rootkit(ring3) capabilities that will help this trojan to defend itself from other pieces of malware, will work in both 32bit and 64 bit Operating systems.

It is also designed to evade antivirus software and bypass Sandbox. The malware use encryption to communicate with the C&C server.

Trusteer said it has not yet analyzed the malware sample in order to validate the seller’s claims, all the information provided are based on the advertisement in the underground forum.

Researchers say GameOver malware is back

Last month, DOJ announced that International law enforcement agencies disrupted the Game Over Botnet.   However, Researchers at Sophos say the GameOver malware is back.

Researchers spotted several spam campaign and analyzed a few samples of the new version.

The new version has few modifications.  One of them is removing Necurs rootkit part from the malware.

The second modification is using Domain generation algorithm(DGA) as the primary command and control mechanism instead of Peer-to-Peer protocol.

"We do not know if it is being operated by the same people that were indicted last month, or a subset of them, or indeed a different group altogether that has obtained the Gameover source code." researcher said.

CSPF introduces Free online Ethical Hacking Course

Cyber Security and Privacy Foundation is happy to announce the first free online Ethical Hacking & Cyber Defence Course.

Within first 10 days after the course is launched, we have seen alreay 240 students registered for the online course.  The students registered range from Age group of 20 to 60.

Mr. Gemini Ramamurthy, chairman of CSPF, says we are very happy with overwhelming response from across the Globe for this course.  CSPF will continue to offer more such courses to the Online academy.


White Hat Hacking Course:
https://www.udemy.com/certified-whitehat-hacker-level-1/

Cyber Defence Course:
https://www.udemy.com/cyber-defence-course-cdc/

Hacking Any Facebook Accounts using REST API

Stephen Sclafani , a Security Researcher, has discovered a critical security vulnerability in the Social Networking giant Facebook that allowed him to hack any facebook accounts.

Stephen just need your user ID, he can hack into your account and read private messages, view email addresses, create or delete notes, on top of that he can update status and upload photos and tag you friends,  on behalf you. 

"A misconfigured endpoint allowed legacy REST API calls to be made on behalf of any Facebook user using only their user ID" Stephen explained in his blog.

The Facebook REST API is said to be predecessor of Facebook’s current Graph API.  He managed to send request to server using this API such that it will update status on behalf of victim.


Stephen found this bug in April 23 and reported to Facebook.  After getting notification, Facebook permanently fixed the bug on April 30th. Facebook awarded $20,000 bounty to him for finding and reporting this bug.

FIXED – Checking config for nagios: Configuration validation failed[FAILED]

nagios logo

Checking config for nagios: Configuration validation failed[FAILED]

I got this error when i tried to take a host out of nagios configuration, after simply removing the host conf file , and i knew i have to delete from the services configuration as well but couldn’t find which service the host were added to .

fount this solution , you simply check your conf file with below command to fix the error. very handy

 

nagios -v /etc/nagios/nagios.cfg

 

Found the error

Error: Could not find any host matching ‘stratos.ajayadas.com’ (config file ‘/etc/nagios/services/linux1.cfg’, starting on line 14)
Error: Could not expand hostgroups and/or hosts specified in service (config file ‘/etc/services/linux1.cfg’, starting on line 14)
Error processing object config files!

 

as you know which line the error is , it’s a piece of cake to fix it!…