Archive for June 30, 2018

Malware that hijacks clipboard monitoring over 2.3 million bitcoin addresses


Bleeping Computer today revealed that they discovered a type of “clipboard hijacker” malware that monitors over 2.3 million bitcoin addresses.

A clipboard hijacker malware works by tricking users by switching the bitcoin address from their clipboard to another address that the attacker control. Since bitcoin addresses are long and hard to remember, this method works easily for hackers since users simply copy paste addresses from one application to another when sending cryptocoins.

The malware reportedly comes as a part of the All-Radio 4.27 Portable malware affecting Windows computers and monitors the Windows clipboard for a bitcoin address. Unless the user double-checks the address after pasting it, the bitcoin will go to the attackers’ address.

“While we have covered cryptocurrency clipboard hijackers in the past and they are not new, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses,” their report on the malware read. They also posted a video showing how the malware works: 


Bitcoin users are advised to always double-check the address before making a transaction and to have a trusted antivirus program installed on their device.

More vulnerability hovering around cyberworld


Yet another stunning fact on MS17-010 vulnerability surfaces forcing the cyber security experts to concentrate on the ways and means to counter the threat that deepens on every passing day.

Top researchers claimed to have found out that NSA Cyber weapon DoublePulsar has every possible chance to exploit the Windows embedded devices.
After the Shadow Brokers stood exposed last year, it has come to light that the hackers or attackers used the windows system when the NSA Tool, known as DoublePulsar---provided an exclusive and backdoor entry into it.

That was what the conclusive findings of the research which involved a team of top cyber experts.

 During the research, the experts minutely examined DoublePulsar functioning on an Embedded Windows device. Only then, they got to know all about the DoublePulsar authors who never supported to an embedded device and instead the exploit was meant for Windows OS.

 The cyber security experts checked target here to ascertain the vulnerability and finally, deploying SMBTouch, they jumped into the conclusion that the target was really vulnerable to EternalBlue.

 After installing the backdoor on the target the cyber scientists came to discover that the modules of the MSF exploit authors failed to fix the support for windows embedded version.

 According to researchers, initially they created a DLL to the target host and then injected the DoublePulsar exploit into the embedded system.

The research provided the scientists more facts on how the Windows Embedded devices exploit.

 According to what a researcher engaged in it said, a graphical view was allowed to play a crucial role in it. He said that the experts assumed that as the target machine starts running Windows7, it took the left course.

Then it took the turn to ascertain whether the entire architecture system that kept running was indeed x64 or x86, which one was correct.

 On the contrary, the system keeps taking the right course if the target is far from being Windows 7.

Then in right side, it perform OS checks. The system ends up on an error machine in the absence of any check for the windows embedded.

In fact, the error takes place only for not checking the windows embedded devices as the exploit was found to have been functioning against target.

 Only after these crucial but interesting happenings, the researchers made a slew of modifications in the exploit to counter the threat.

Say bye to remembering passwords


While the smartphone has made many of our work easier, there is also a concern about security. Where, when a hacker breaks into our smartphone and stole our most important information, this fear remains often. To overcome this, the scientists continue to develop a better security system. Many smartphones include facial recognition, fingerprint scans and other biometric systems. However, the trouble with these easy-to-use tools is that once compromised they cannot be reset.

But now, American scientists have developed a security system that will use the smartphone's password as the brain of the user after it's been in the market. Smartphones will be unlocked only by recognizing the brainwaves in response to a series of pictures - an advance that could better protect devices from hackers. According to the scientists at Buffalo University, electroencephalography (EEG) is currently a very easy system, through which the waves of the brain can be recorded.

"You can't grow a new fingerprint or iris if that information is divulged," said Wenyao Xu, an assistant professor at the University at Buffalo (UB) in the US. "That's why we're developing a new type of password - one that measures your brainwaves in response to a series of pictures. Like a password, it's easy to reset; and like a biometric, it's easy to use," said Xu.

The "brain password," which presently would require users to wear a headset, but in the future, it has to be tried to make it even better. It could have implications in banking, law enforcement, airport security and other areas.

"To the best of our knowledge, this is the first in-depth research study on a truly cancelable brain biometric system. We refer to this as 'hard cancellation,' meaning the original brain password can be reset without divulging the user's identity," said Zhanpeng Jin, an associate professor at UB.

Say bye to remembering passwords


While the smartphone has made many of our work easier, there is also a concern about security. Where, when a hacker breaks into our smartphone and stole our most important information, this fear remains often. To overcome this, the scientists continue to develop a better security system. Many smartphones include facial recognition, fingerprint scans and other biometric systems. However, the trouble with these easy-to-use tools is that once compromised they cannot be reset.

But now, American scientists have developed a security system that will use the smartphone's password as the brain of the user after it's been in the market. Smartphones will be unlocked only by recognizing the brainwaves in response to a series of pictures - an advance that could better protect devices from hackers. According to the scientists at Buffalo University, electroencephalography (EEG) is currently a very easy system, through which the waves of the brain can be recorded.

"You can't grow a new fingerprint or iris if that information is divulged," said Wenyao Xu, an assistant professor at the University at Buffalo (UB) in the US. "That's why we're developing a new type of password - one that measures your brainwaves in response to a series of pictures. Like a password, it's easy to reset; and like a biometric, it's easy to use," said Xu.

The "brain password," which presently would require users to wear a headset, but in the future, it has to be tried to make it even better. It could have implications in banking, law enforcement, airport security and other areas.

"To the best of our knowledge, this is the first in-depth research study on a truly cancelable brain biometric system. We refer to this as 'hard cancellation,' meaning the original brain password can be reset without divulging the user's identity," said Zhanpeng Jin, an associate professor at UB.

Every Android device is vulnerable to RAMpage attack since 2012

We have consistently seen various vectors of attack rear their head when it comes to Android smartphones. We’ve seen Shattered Trust, Cloak and Dagger, and Rowhammer, just to name a few. RAMpage is the latest one on the block, and while it is a hardware vulnerability, it doesn’t necessarily need physical access to your device to exploit. How it works is relatively simple.

A group of university researchers have discovered that this vulnerability could theoretically work on any device with LPDDR memory, which includes virtually every smartphone released since 2012, including some Apple devices.

When a CPU reads or writes a row of bits in the RAM module present on the device, the neighbouring rows are slightly affected due to a tiny electric discharge. This isn’t usually a problem as we know RAM does this and that’s why it’s periodically refreshed to make sure nothing goes wrong. But what if we start “hammering” the same “row”? What if we continuously read or write to the same row in order to disrupt neighbouring rows? This can cause a bit-flip in a memory row that we shouldn’t own or have access to at all. That’s what Rowhammer is, and it’s being used as part of a larger vulnerability called RAMpage. The CVE is CVE-2018-9442 and it affects devices shipped with LPDDR2, LPDDR3, or LPDDR4 RAM.

RAMpage can be used to gain root access on a device, but the researchers managed to get it to do a whole lot more as well. It could be used to bypass JavaScript sandboxes and even perform an attack running on another virtual machine on the same computer on x86 devices. ARM-based devices are also vulnerable, and that’s where our Android phones come in. DRAMMER stands for “Deterministic Rowhammer Attacks on Mobile Devices”.

The attack allows a hacker access to the entire operating system. This includes accessing the data stored by other applications, which the Android security model is meant to prevent. An attacker can gain full control of a device allowing them to obtain stored passwords, personal photos, emails, instant messages and even business-critical documents.