Apple iOS 10.3 Fixes Safari Flaw Used in JavaScript-based Ransomware Campaign

If you own an iPhone or iPad, it's possible you could see popup windows in a sort of endless cycle on your Safari browser, revealing your browser has been locked and asking you to pay a fee to unlock it. Just do not pay any ransom.

A new ransomware campaign has been found exploiting a flaw in Apple's iOS Safari browser in order to extort money from users who view pornography content on their phones or attempt to illegally download pirated music or other sensitive content.

However, the good news is that Apple patched the web browser vulnerability on Monday with the release of iOS version 10.3.

The vulnerability resides in the way Safari displayed JavaScript pop-up windows, which allowed ransomware scammers to display an endless loop of pop-up windows, preventing victims to use the browser, researchers from mobile security provider Lookout said in a blog post published on Monday.

The victims eventually would end up on an attacker website that masquerades itself as a legitimate law enforcement site informing victims that they have to pay a fine for viewing illegal content in order to regain access to their browser.

Lookout researchers called the exploit "scareware," as the attack doesn't actually encrypt any data and hold it ransom. Rather the attack just scares victims into paying the ransom fee to unlock the browser.

"The scammers abused the handling of pop-up dialogs in Mobile Safari in such a way that it would lock out a victim from using the browser," Lookout explains.
"The attack would block the use of the Safari browser on iOS until the victim pays the attacker money in the form of an iTunes Gift Card. During the lockout, the attackers displayed threatening messaging in an attempt to scare and coerce victims into paying."

The scammers effectively used fear as a factor to get victims pay the fee before they realized that there was no real risk to their data and it's very easy to overcome this issue.

While overcoming the threat for users is as simple as clearing their browsing history and cache, iOS 10.3 users are no longer at risk of getting trapped in the endless cycle of JavaScript popups.

Lookout researchers shared the cause of this iOS exploit with Apple last month, and the company has promptly patched the issue with the release of iOS 10.3. Now, pop-up windows only take over a tab, instead of the entire app.

Those iOS 10.2 users who are already hit by this ransomware campaign can clear their browsing cache by navigating to Settings → Safari → Clear History and Website Data.

Read More

Hacker Who Used Linux Botnet to Send Millions of Spam Emails Pleads Guilty

A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in illicit profit has finally entered a guilty plea in the United States and is going to face sentencing in August.

Maxim Senakh, 41, of Velikii Novgorod, Russia, pleaded guilty in a US federal court on Tuesday for his role in the development and maintenance of the infamous Linux botnet known as Ebury that siphoned millions of dollars from victims worldwide.

Senakh, who was detained by Finland in August 2015 and extradition to the US in January 2016, admitted to installing Ebury malware on computer servers worldwide, including thousands in the United States.

First spotted in 2011, Ebury is an SSH backdoor Trojan for Linux and Unix-style operating systems, like FreeBSD or Solaris, which infected more than 500,000 computers and 25,000 dedicated servers in a worldwide malware campaign called 'Operation Windigo.'

Ebury backdoor gives attackers full shell control of infected machines remotely even if passwords for affected user accounts are changed on a regular basis.

Ebury botnet network of thousands of compromised Linux systems had the capacity of sending over 35 million spam messages and redirecting more than 500,000 Web visitors to exploit kits every day.

According to the US Department of Justice, Senakh, along with the criminal organization, used Ebury to create and operate a botnet that would "generate and redirect internet traffic in furtherance of various click-fraud and spam e-mail schemes, which fraudulently generated millions of dollars in revenue."

Senakh also admitted to personally profiting from the Ebury botnet. He is scheduled to be sentenced on 3rd August 2017, after pleading guilty to a conspiracy to violate the Computer Fraud and Abuse Act.

Senakh faces up to a combined 30 years in prison.

Ebury first came into the news in 2011 after Donald Ryan Austin, 27, of El Portal, Florida, installed Ebury on multiple servers owned by kernel.org and the Linux Foundation, which is used to maintain and distribute the Linux operating system kernel.

Austin, with no connection to the Ebury criminal organization, was arrested last year in September and charged with four counts of "intentional transmission causing damage to a protected computer."

Read More

Police Arrest Man Potentially Linked to Group Threatening to Wipe Millions Of iPhones

The British authority has reportedly arrested a 20-years-old young man – potentially one of the member of a cyber criminal gang 'Turkish Crime Family' who threatened Apple last week to remotely wipe data from millions of iOS devices unless Apple pays a ransom of $75,000.

The UK's National Crime Agency (NCA) arrested a young man from London on Tuesday on suspicion of "Computer Misuse Act and extortion offences," who according to Motherboard, "may be connected to the ongoing attempted extortion of Apple by a group calling itself the Turkish Crime Family."

Last week, the hacking group claimed to have access to over 300 million iCloud accounts and threatened Apple to remotely wipe data from those millions of Apple devices unless Apple pays it $75,000 in Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards.

Motherboard broke the story after one of the members of Turkish Crime Family shared screenshots of emails between the hacking group and Apple's security team with the publication.

Shortly after the extortion news, Apple released a statement, saying that there have not been any breaches to its servers and databases; instead, the data in possession with hackers appears to be from previously compromised third-party services, such as LinkedIn.

The company also said it is working with law enforcement to identify the criminals.

"Apple is actively monitoring to prevent unauthorised access to user accounts and is working with law enforcement to identify the criminals involved," Apple said in the statement.
"To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication."

Although the NCA has not elaborated further about the arrest except that the man has been bailed pending further inquiries, another member of the same criminal gang confirmed Motherboard via an email that the arrested member hasn't been online after the alleged raid.

Moreover, the group claimed his friend who was at his house during the raid managed to film the incident, though Motherboard, who received a copy of it, has declined to post the video publicly at this time.

Arrest Doesn’t Mean Your iCloud Data is Safe

At this moment, i am not entirely sure that the arrested man is actually linked to the Turkish Crime Family, although the man is suspected of having committed blackmail and unauthorised access of computers with the intent to commit or facilitate the commission of further offences, according to the warrant Motherboard received in an email.

But if he comes out to be the member of the same hacking group, it doesn't mean that Apple extortion threat has gone completely, as other members of the hacking group are still out there with alleged compromised icloud accounts.

It's possible that remaining members of Turkish Crime Family, in panic, go underground without doing anything, but there's still the possibility of them remotely wiping victim's Apple devices and resetting iCloud accounts, if they actually have the capability to do what they claim.

The hacking group has given Apple a deadline until April 7 to pay up the ransom.

So, if you haven't done yet, change your iCloud passwords immediately and enable two-step authentication to add an extra layer of security to your account in order to keep your iCloud account safe from hackers.

Read More

Widespread Email Scam Targets Github Developers with Dimnie Trojan

Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan.

Dubbed Dimnie, the reconnaissance and espionage trojan has the ability to harvest credentials, download sensitive files, take screenshots, log keystrokes on 32-bit and 64-bit architectures, download additional malware on infected systems, and self-destruct when ordered to.

The malware has largely flown under the radar for the past three years – Thanks to its stealthy command and control methods.

The threat was discovered in the mid of January this year when it was targeting multiple owners of Github repositories via phishing emails, but cyber-security firm Palo Alto, who reported the campaign on Tuesday, says the attacks started a few weeks before.

Here's How the Attack Works:

The attack starts by spamming the email inboxes of active GitHub users with booby-trapped job offers. The messages used in this campaign attempt to trick the victims into running an attached malicious .doc file.

The doc file contains embedded macro code, which if allowed, executes a PowerShell command to download and install the Dimnie trojan – malware that can be controlled remotely, enabling attackers to hijack infected PCs and install additional malware.

Dimnie is not new; it first appeared in early 2014, but the use of stealthy command and control (C&C) methods in the new version of the Dimnie malware helped the threat remain unnoticed until this year.

Dimnie's Stealthy Features let it went Undetected for 3 Years

This new iteration has the ability to hide its malicious traffic under fake domains and DNS requests. To camouflage its connection, Dimnie uses HTTP Proxy requests that appear to be sent to Google-owned domains, but it's actually talking to an address controlled by the attackers, which has nothing to do with Google.

For more stealthiness, the malware encrypts all of its modules during transit, and once they are received and decrypted on the targeted computer, they are never written to or executed on its hard drive.

Instead, Dimnie injects them directly into the memory of core Windows processes, which then execute in the OS memory itself, without leaving its traces on the user's disks. This lets Dimnie operators inject their malicious module into the process of any legit application.

"The global reach of the January 2017 campaign which we analyzed in this post is a marked departure from previous Dimnie targeting tactics. Multiple factors have contributed to Dimnie's relatively long-lived existence," Palo researchers concluded. 

"By masking upload and download network traffic as innocuous user activity, Dimnie has taken advantage of defenders’ assumptions about what normal traffic looks like. This blending in tactic, combined with a prior penchant for targeting systems used by Russian speakers, likely allowed Dimnie to remain relatively unknown."

Since the malware hides its communications behind regular traffic and executes in the OS memory, Palo researchers unable to speculate the attackers behind the latest phishing email campaign or their exact motivations to target open-source developers.

However, gaining access to computers belonging to owners of private GitHub repositories gives attackers a way to access the source code of the application they manage for their organizations, which let the attackers gain access to the internal networks of various organizations.

Read More

Fraudsters Using GiftGhostBot Botnet to Steal Gift Card Balances

Gift cards have once again caused quite a headache for retailers, as cyber criminals are using a botnet to break into and steal cash from money-loaded gift cards provided by major retailers around the globe.

Dubbed GiftGhostBot, the new botnet specialized in gift card fraud is an advanced persistent bot (APB) that has been spotted in the wild by cyber security firm Distil Networks.

GiftGhostBot has been seen attacking almost 1,000 websites worldwide and defrauding legitimate consumers of the money loaded on gift cards since Distil detected the attack late last month.

According to the security firm, any website – from luxury retailers, supermarkets to coffee distributors – that allow their customers to buy products with gift cards could be targeted by the botnet.

Operators of the GiftGhostBot botnet launch brute-force attacks against retailer's website to check potential gift card account numbers at a rate of about 1.7 Million numbers per hour, and request the balance for each number.

Once the gift card account number and its balance is correctly matched, the fraudsters automatically get logged into that account without any authentication.

The cyber criminals then record those account numbers to either resell them on the Dark Web or use them to purchase goods.

What's interesting? The beauty of stealing money from gift cards, according to the security firm, is that "it is typically anonymous and untraceable once stolen."

Like any other sophisticated cyberattack, the GiftGhostBots botnets are also being distributed across the global hosting providers, internet service providers, and data centers, executing JavaScript mimicking a regular browser to evade detection.

"Like most sophisticated bot attacks, GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment," said Distil Networks CEO Rami Essaid. "To prevent resources from being drained, individuals and companies must work together to prevent further damage."

Here's How to Protect Yourself:

Since retailers are not exposing consumers' personal information, users are strongly recommended to remain vigilant.

• Check your gift card balances and take a screenshot of the page showing your account balance as proof.
• Don’t forget your gift cards and leave it unused. Treat them like cash and use them to prevent fraud.
• Contact retailers and ask for more information if facing problems with cards.
• Inserting a CAPTCHA can help retailers prevent many bots (while not the sophisticated ones but many).
• Retailers should monitor their web traffic regularly to identify any attack. While sophisticated bots constantly rotate their IP address to evade detection, Distil has provided known IP addresses involved in the attack.
• Retailers can also put rate limits on requests to the check your balance page.

For more technical details on the GiftGhostBot botnet, you can head on to the blog post published by Distil Networks.

Read More

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates

Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation (EV) certificates over the past few years.

The Extended Validation (EV) status of all certificates issued by Symantec-owned certificate authorities will no longer be recognized by the Chrome browser for at least a year until Symantec fixes its certificate issuance processes so that it can be trusted again.

Extended validation certificates are supposed to provide the highest level of trust and authentication, where before issuing a certificate, Certificate Authority must verify the requesting entity's legal existence and identity.

The move came into effect immediately after Ryan Sleevi, a software engineer on the Google Chrome team, made this announcement on Thursday in an online forum.

"This is also coupled with a series of failures following the previous set of misissued certificates from Symantec, causing us to no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years," says Sleevi.

One of the important parts of the SSL ecosystem is Trust, but if CAs will not properly verifying the legal existence and identity before issuing EV certificates for domains, the credibility of those certificates would be compromised.

Google Chrome Team started its investigation on January 19 and found that the certificate issuance policies and practices of Symantec from past several years are dishonest that could threaten the integrity of the TLS system used to authenticate and secure data and connections over the Internet.

Under this move, the Google Chrome team has proposed following steps as punishment:

1. EV certificates issued by Symantec till today will be downgraded to less-secure domain-validated certs, which means Chrome browser will immediately stop displaying the name of the validated domain name holder in the address bar for a period of at least a year.

2. To limit the risk of any further misissuance, all newly-issued certificates must have validity periods of no greater than nine months (effective from Chrome 61 release) to be trusted in Google Chrome.

3. Google proposes an incremental distrust, by gradually reducing the "maximum age" of Symantec certificates over the course of several Chrome releases, requiring them to be reissued and revalidated.

Chrome 59 (Dev, Beta, Stable): 33 months validity (1023 days)
Chrome 60 (Dev, Beta, Stable): 27 months validity (837 days)
Chrome 61 (Dev, Beta, Stable): 21 months validity (651 days)
Chrome 62 (Dev, Beta, Stable): 15 months validity (465 days)
Chrome 63 (Dev, Beta): 9 months validity (279 days)
Chrome 63 (Stable): 15 months validity (465 days)
Chrome 64 (Dev, Beta, Stable): 9 months validity (279 days)

This means, starting with Chrome 64, which is expected to come out in early 2018, the Chrome browser will only trust Symantec certificates issued for nine months (279 days) or less.

Google believes this move will ensure that web developers are aware of the risk of future distrust of Symantec-issued certs, should additional misissuance events occur, while also giving them "the flexibility to continue using such certificates should it be necessary."

Symantec Response – Google's Claims Are "Exaggerated and Misleading"

Symantec has responded and stated that the claim of mis-issuing 30,000 SSL certificates made by Google are "Exaggerated and Misleading".

"We strongly object to the action Google has taken to target Symantec SSL/TLS certificates in the Chrome browser. This action was unexpected, and we believe the blog post was irresponsible."

"While all major CAs have experienced SSL/TLS certificate mis-issuance events, Google has singled out the Symantec Certificate Authority in its proposal even though the mis-issuance event identified in Google’s blog post involved several CAs."

Read More

US Senate Just Voted to Let ISPs Sell Your Web Browsing Data Without Permission

The ISPs can now sell certain sensitive data like your browsing history without permission, thanks to the US Senate.

The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulations passed by the Federal Communication Commission (FCC) last year when it was under Democratic leadership.

In October, the Federal Communications Commission ruled that ISPs would need to get consumers' explicit consent before being allowed to sell their web browsing data to the advertisers or other big data companies.

Before the new rules could take effect on March 2, the President Trump's newly appointed FCC chairman Ajit Pai temporarily put a hold on these new privacy rules.

Ajit Pai argued that the rules, which are regulated by FTC, unfairly favored companies like Google, Twitter, and Facebook, who have the ability to collect more data than ISPs and thus dominate digital advertising.

"All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another," FCC said in a statement. 

"Therefore, he has advocated returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for others in the digital economy."

Pai wanted that the FCC and the FTC should treat all online entities the same way. So those new privacy policies should be scrapped.

If the latest decision gets approval from the House of Representatives and signed by President Trump, this will make it easier for ISPs like Verizon, Comcast, and AT&T, to earn more money by collecting and selling data on what you buy, where you browse, and what you search for your home, all without taking your consent.

Since the Senate used the Congressional Review Act (CRA) to overturn the privacy rules, if the repeal is passed, it would not only roll back the FCC's privacy rules but also prevent the regulatory body from making similar privacy regulations in the future if the.

Not surprisingly, the broadband industry applauded the FCC's move, calling it "a welcome recognition that consumers benefit most when privacy protections are consistently applied throughout the Internet ecosystem."

But, of course, privacy advocates are not at all happy with the voting, arguing that the Senate has put ISPs profits over users’ privacy.

Read More

how to use google drive on pc and android phone 2017

how to use google drive on pc and android phone... by pctricksandcybersecuritytest

Using google Drive isn’t tricky at all. In fact, it’s probably one of the easiest cloud services to start using. So rather than giving you a needlessly long tutorial, above video offers a brief introduction to navigating and using the Drive interface, and also includes a few tips to help you get the most out of the service.

Google Drive is a safe place for all your files and puts them within reach from any smartphone, tablet, or computer. Files in Drive – like your videos, photos, and documents – are backed up safely so you can’t lose them. Once there, you can easily invite others to view, edit, or leave comments on any of your files or folders.
open google drive from http://viid.me/qsN4rw
With google Drive, you can:

- Safely store your files and access them from anywhere.
- Search for files by name and content.
- Easily share files and folders with others.
- Quickly view your content.
- Set access levels for who can view, comment, or edit.
- Quickly access recent files.
- See file details and activity.
- Enable viewing of files offline.
- Use your device camera to scan in paper documents.
- Access pictures and videos from Google Photos.

►google drive features:-

-15GB space: 

Your storage works with Drive, Gmail and Google Photos, so you can store files, save email attachments and back-up photos directly to Drive. You can also purchase a larger cloud storage plan as you need it.

-keep any file:

Photos, videos, presentations, PDFs – even Microsoft Office files. No matter what type of file it is, everything can be stored safely in Drive.

-share how you want:

Files in Drive are private, until you decide to share them. You can quickly invite others to view, comment, and edit any file or folder you choose. It's online collaboration made easy.

-safe and secure:

Your file security is crucial. That’s why every file in Drive stays safe no matter what happens to your smartphone, tablet or computer. Drive is encrypted using SSL, the same security protocol used on Gmail and other Google services.

►Built to work with Google:-

-save gmail attachment:

Hover over an attachment in Gmail and look for the Drive logo. Here, you can save any attachment to your Drive to organize and share them in a single, safe place.

-powerful search:

Drive can recognize objects in your images and text in scanned documents. So you can search a word.

-google photos:

Store your photos in Drive and see them come to life with Google Photos. Get that expertly edited look without the effort, plus animations, movies, and more..

-Chromebook:

Google Drive is built-in to Chromebooks, so your files and photos are automatically backed up. You'll get 100GB of free storage for two years with most new Chromebooks.

►work smarter with apps:-

-google docs,sheets,slides:

Create and collaborate with others. Share documents and files, build out spreadsheets and make a presentation on the fly with our Docs, Sheets and Slides apps.

-google forms:

Google Forms lets you run a survey or quickly create a team roster with a simple online form. Then check out the results, neatly organized in a spreadsheet.

-google drawings:

Lay out diagrams, create flow charts, and then easily add them to other documents or embed them on a website with Google Drawings.

-more google drive apps:

Edit your profile photo, do some landscaping, create a mind map and more. Over 100 Drive apps can help you do more with your stuff. Try them by installing one from the Drive collection in the Chrome Web Store.

►take google drive even further:-

-scan documents:

Scan all your paper documents with Drive for Android. Just snap a photo of documents like receipts, letters and statements – and Drive will store them instantly as PDFs.

-work offline:

Make files available offline so you can view them when your phone or tablet loses service, like on a plane or in a building with a bad connection.

-see old version:

You can look back as far as 30 days on most file types, making it easy to see who has made changes and go back to previous versions. That's file versioning made easy.

Keyboard shortcuts for Google Drive on the web

Below, you'll find a list of keyboard shortcuts for Google Drive on the web.

To display the keyboard shortcut list in Google Drive, press Ctrl + / (Chrome OS, Windows) or ⌘ + / (Mac).

Navigation and views
Go to navigation panel (folders list)	g then n g then f
Go to items view	g then l
Switch between grid and list in items view	v
Go to details pane	g then d
Go to top of application (Google bar)	g then t
Go to download status	g then a
Go to upload status	g then u
Show or hide details pane	d
Show or hide activity pane	i
Select items
Select or deselect item	x
Select next item down	j Down arrow
Select next item up	k Up arrow
Select next item to the left	h Left arrow
Select next item to the right	l Right arrow
Extend selection down	Shift + Down arrow Shift + j
Extend selection up	Shift + Up arrow Shift + k
Extend selection left	Shift + Left arrow
Extend selection right	Shift + Right arrow
Select all visible items	Shift + a
Clear all selections	Shift + n
Move between items
Move down without changing selection	Ctrl + Down arrow (Chrome OS, Windows) ⌘ + Down arrow (Mac)
Move up without changing selection	Ctrl + Up arrow (Chrome OS, Windows) ⌘ + Up arrow (Mac)
Move left without changing selection	Ctrl + Left arrow (Chrome OS, Windows) ⌘ + Left arrow (Mac)
Move right without changing selection	Ctrl + Right arrow (Chrome OS, Windows) ⌘ + Right arrow (Mac)
Take action on selected items
Open selected item	Enter o
Rename selected item	n
Share selected items	. (dot)
Move selected items to new folder	z
Star or unstar selected items	s
Add selected items to an additional folder	Shift + z z then Ctrl (Chrome OS, Windows) z then Alt (Mac)
Remove selected items	# or Alt + Backspace (Chrome OS) # or Delete (Windows) # or Fn + Delete (Mac)
Undo last action	Ctrl + z (Chrome OS, Windows) ⌘ + z (Mac)
Redo last undone action	Ctrl + Shift + z (Chrome OS, Windows) ⌘ + Shift + z (Mac)
Create new items
Document	Shift + t
Presentation	Shift + p
Spreadsheet	Shift + s
Drawing	Shift + d
Folder	Shift + f
Form	Shift + o
Open menus
Create menu	c
More actions menu	a
Current folder actions menu	f
Sort menu	r
Settings menu	t
Application actions
Display keyboard shortcuts list	Shift + / Ctrl + / (Chrome OS, Windows) ⌘ + / (Mac)
Choose next visual density (row height and element spacing)	q then q
Find/find next	Ctrl + f (Chrome OS, Windows) ⌘ + f (Mac)
Print	Ctrl + p (Chrome OS, Windows) ⌘ + p (Mac)
Show last message	m
Search your Drive	/
Preview mode actions
Close	Esc
Play/pause	Space
Zoom in	+ or =
Zoom out	-

Of all the cloud storage and file synchronization services out there, Google Drive is arguably one of the best. The idea behind it is simple: Place any file in Drive and so long as you have Internet access, you’ll be able to view it on any device. Sure, Google isn’t the only company to offer this kind of service — but with its seamless integration with other Google services and a set of dead-simple collaboration tools, Drive easily stands out from the pack.

When Google Drive first launched, it served as a place to store your files in the cloud so that they could be accessed anywhere. As Drive has evolved, it has assimilated the roles of Google Docs and now serves as the hub for all Google document creation and office tools.

Read More