Перейти к содержанию


  • Публикаций

  • Зарегистрирован

  • Посещение


34 Excellent

Информация о GREENDUMP24

  • Звание
    Rank №2
  1. Google Silently Adds 'Panic Detection Mode" to Android 7.1 – How It's Useful How often do you click the 'back' or the ‘Home’ button on your mobile device to exit an application immediately? I believe, several times in a single day because a large number of apps do not have an exit button to directly force-close them instead of going back and back and back until they exit. Sometimes Android users expect the back button to take them back to the back page, but sometimes they really want to exit the app immediately. Often this has severe usability implications when a majority of users are already dealing with their low-performance mobile devices and believe that clicking back button multiple times would kill the app and save memory, but it doesn't. Google has now addressed this issue and silently included a feature within Android 7.1 Nougat that allows users to exit from apps by pressing the 'back' key successively within 0.3 seconds for over four times. Dubbed "Panic Detection Mode," the feature runs in the background of Android operating system and detects panic in situations when a user repeatedly presses the back button on their smartphone to exit an app and allows the operating system to override the application and send the user safely back to the home screen. While Google did not publicly make any announcement about the panic detection mode feature, XDA Developers yesterday unearthed the feature within the source code of Android 7.1 Nougat. Since then a number of media outlets described Android 7.1 Nougat Panic Detection Mode as a security feature that protects Android devices from malicious applications. It has been reported as a new security feature that looks for the number of times a user presses the back button within a certain amount of time and allows users to exit from the apps that go rogue and try to take control of user's device. But the feature seems to be developed by Google engineers keeping usability as a priority, instead of security in mind. Because activating panic detection mode neither automatically detects a malicious app and report back to Google, nor it behaves differently for a legitimate app. However, it can help Android users in some cases to kill rogue app instantly; but again it’s up to users if they are able to identify malicious apps themselves and want to remove them manually. So, this feature is also useful if a malicious application takes control over the display and prevents you from backing out of it. The 'panic detection mode' feature is currently limited to the devices running Android 7.1 Nougat, and not available for all the Android users, XDA Developers pointed out. The feature also needs to be manually enabled by the user. Google fights enough to keep its Android operating system safe and secure, but malware and viruses still make their ways into its platform, especially through malicious apps even on Google's own Play Store. It appears that Google also has plans for wider implementation of the 'panic detection mode' feature in the upcoming version of its Android OS and would most likely make it enabled by default in the future releases. The news provided GREENDUMP24.COM If you liked the NEWS, click + to reputation or thx
  2. Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models. Dubbed BroadPwn, the critical remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices with kernel privileges. "The most severe vulnerability in this [runtime] section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes in the July 2017 Android Security Bulletin.The BroadPwn vulnerability (CVE-2017-3544) has been discovered by Exodus Intelligence researcher Nitay Artenstein, who says the flawed Wi-Fi chipset also impacts Apple iOS devices. Since Artenstein will be presenting his finding at Black Hat 2017 event, details about the BroadPwn bug is scarce at this moment. "The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models to HTC, LG, Nexus and practically the full range of Samsung flagship devices," the abstract for Artenstein's talk says. Besides the fix for the BroadPwn vulnerability, July's Android Security Bulletin includes patches for 10 critical, which are all remote code execution bugs, 94 high and 32 moderate rated vulnerabilities. Two months ago, an over-the-air hijacking vulnerability was discovered in Broadcom WiFi SoC (Software-on-Chip) chips, allowing attackers within the same WiFi network to remotely hack, iPhones, iPads, iPods and Android handsets without any user interaction. At that time, Apple rushed out an emergency iOS patch update to address the serious bug, and Google addressed the flaw in its Android April 2017 security updates. Android Security Bulletin: July 2017 Updates Among the other critical flaws is a long list of vulnerabilities in the Mediaserver process in the Android operating system, which also allows attackers to perform remote code execution on the affected devices. One of the vulnerabilities is an issue with the way the framework handles some specific files. The libhevc library has an input validation vulnerability (CVE-2017-0540), which can be exploited using a crafted file. "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing," the vulnerability description says. "This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process."The over-the-air updates and firmware for Google devices have already been issued by the company for its Pixel and Nexus devices, though rest of Android still need to wait for an update from their OEMs, leaving million of Android devices vulnerable for next few months. The news provided GREENDUMP24.COM If you liked the NEWS, click + to reputation or thx
  3. How Microsoft Cleverly Cracks Down On "Fancy Bear" Hacking Group What could be the best way to take over and disrupt cyber espionage campaigns? Hacking them back? Probably not. At least not when it's Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups. It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by "Fancy Bear" hacking group by using the lawsuit as a tool — the tech company cleverly hijacked some of its servers with the help of law. Microsoft used its legal team last year to sue Fancy Bear in a federal court outside Washington DC, accusing the hacking group of computer intrusion, cybersquatting, and reserving several domain names that violate Microsoft's trademarks, according to a detailed report published by the Daily Beast. Fancy Bear — also known as APT28, Sofacy, Sednit, and Pawn Storm — is a sophisticated hacking group that has been in operation since at least 2007 and has also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election. The hacking group is believed to be associated with the GRU (General Staff Main Intelligence Directorate), Russian secret military intelligence agency, though Microsoft has not mentioned any connection between Fancy Bear and the Russian government in its lawsuit. Instead of registering generic domains for its cyber espionage operations, Fancy Bear often picked domain names that look-alike Microsoft products and services, such as livemicrosoft[.]net and rsshotmail[.]com, in order to carry out its hacking and cyber espionage campaigns. This inadvertently gave Microsoft an opportunity to drag the hacking group with "unknown members" into the court of justice. Microsoft Sinkholed Fancy Bear Domains The purpose of the lawsuit was not to bring the criminal group to the court; instead, Microsoft appealed to the court to gain the ownership of Fancy Bear domains — many of which act as command-and-control servers for various malware distributed by the group. "These servers can be thought of as the spymasters in Russia's cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents," the report reads. Although Microsoft did not get the full-ownership of those domains yet, the judge last year issued a then-sealed order to domain name registrars "compelling them to alter" the DNS of at least 70 Fancy Bear domains and pointing them to Microsoft-controlled servers. Eventually, Microsoft used the lawsuit as a tool to create sinkhole domains, allowing the company's Digital Crimes Unit to actively monitor the malware infrastructures and identify potential victims. "By analyzing the traffic coming to its sinkhole, the company’s security experts have identified 122 new cyber espionage victims, whom it’s been alerting through Internet service providers," the report reads. Microsoft has appealed and is still waiting for a final default judgment against Fancy Bear, for which the hearing has been scheduled on Friday in Virginia court. News provided GREENDUMPS24.COM
  4. Google Chrome Bans Chinese SSL Certificate Authorities WoSign and StartCom As a punishment announced last October, Google will no longer trust SSL/TLS certificate authorities WoSign and its subsidiary StartCom with the launch of Chrome 61 for not maintaining the "high standards expected of CAs." The move came after Google was notified by GitHub's security team on August 17, 2016, that Chinese Certificate Authority WoSign had issued a base certificate for one of GitHub's domains to an unnamed GitHub user without authorization. After this issue had been reported, Google conducted an investigation in public as a collaboration with Mozilla and the security community, which uncovered several other cases of WoSign misissuance of certificates. As a result, the tech giant last year began limiting its trust of certificates backed by WoSign and StartCom to those issued before October 21st, 2016 and has been removing whitelisted hostnames over the course of several Chrome releases since Chrome 56. Now, in a Google Groups post published on Thursday, Chrome security engineer Devon O'Brien said the company would finally remove the whitelist from its upcoming release of Chrome, completely distrusting the existing WoSign and StartCom certificates. "Beginning with Chrome 61, the whitelist will be removed, resulting in full distrust of the existing WoSign and [its subsidiary] StartCom root certificates and all certificates they have issued," says O'Brien. "Based on the Chromium Development Calendar, this change should be visible in the Chrome Dev channel in the coming weeks, the Chrome Beta channel around late July 2017, and will be released to Stable around mid-September 2017."Last year, Apple and Mozilla also stopped trusting WoSign, and StartCom issued certificates for their web browsers due to their number of technical and management failures. "Most seriously, we discovered they were backdating SSL certificates to get around the deadline that CAs stop issuing SHA-1 SSL certificates by January 1, 2016," Kathleen Wilson, the head of Mozilla's trusted root program, said. "Additionally, Mozilla discovered that WoSign had acquired full ownership of another CA called StartCom and failed to disclose this, as required by Mozilla policy."The problems with WoSign certificate service dated back to July 2015 and publicly disclosed last year by British Mozilla programmer Gervase Markham on Mozilla's security policy mailing list. According to Markham, an unnamed researcher accidentally found this security blunder when trying to get a certificate for 'med.ucf.edu' but also applied for 'www.ucf.edu' and WoSign approved it, giving the certificate for the university's primary domain. For testing purpose, the security researcher then used this trick against Github base domains (github.com and github.io), by proving his control over a sub-domain. And guess what? WoSign handed over the certificate for GitHub main domains, as well. Starting from September 2017, visitors to sites using WoSign or StartCom HTTPS certificates would eventually see trust warnings in their web browsers. So, websites that are still relying on certificates issued by WoSign or StartCom are advised to consider replacing their certificates "as a matter of urgency to minimize disruption for Chrome users," O'Brien said. The news provided GREENDUMP24.COM If you liked the NEWS, click + to reputation or thx
  5. Adwind RAT Returns! Cross-Platform Malware Targeting Aerospace Industries Hackers and cyber criminals are becoming dramatically more adept, innovative, and stealthy with each passing day. While other operating systems are more widely in use, cybercriminals have now shifted from traditional activities to more clandestine techniques that come with limitless attack vectors, support for cross platforms and low detection rates. Security researchers have discovered that infamous Adwind, a popular cross-platform Remote Access Trojan written in Java, has re-emerged and currently being used to "target enterprises in the aerospace industry, with Switzerland, Austria, Ukraine, and the US the most affected countries." Adwind — also known as AlienSpy, Frutas, jFrutas, Unrecom, Sockrat, JSocket, and jRat — has been in development since 2013 and is capable of infecting all the major operating systems, including Windows, Mac, Linux, and Android. Adwind has several malicious capabilities including stealing credentials, keylogging, taking pictures or screenshots, data gathering and exfiltrate data. The trojan can even turn infected machines into botnets to abuse them for destructing online services by carrying out DDoS attacks. Researchers from Trend Micro recently noticed a sudden rise in the number of Adwind infections during June 2017 — at least 117,649 instances in the wild, which is 107 percent more than the previous month. According to a blog post published today, the malicious campaign was noticed on two different occasions. First was observed on June 7 and used a link to divert victims to their .NET-written malware equipped with spyware capabilities, while the second wave was noticed on June 14 and used different domains hosting their malware and command-and-control servers. Both waves eventually employed a similar social engineering tactic to trick victims into clicking the malicious links within a spam email that impersonate the chair of the Mediterranean Yacht Broker Association (MYBA) Charter Committee. Once infected, the malware also collects system's fingerprints, along with the list of installed antivirus and firewall applications. "It can also perform reflection, a dynamic code generation in Java. The latter is a particularly useful feature in Java that enables developers/programmers to dynamically inspect, call, and instantiate attributes and classes at runtime. In cybercriminal hands, it can be abused to evade static analysis from traditional antivirus (AV) solutions," the researchers wrote. My advice for users to remain protected from such malware is always to be suspicious of uninvited documents sent over an email and never click on links inside those documents unless verifying the source. Additionally, keep your systems and antivirus products up-to-date in order to protect against any latest threat. The news provided GREENDUMP24.COM If you liked the NEWS, click + to reputation or thx
  6. Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison A 29-year-old Russian-born, Los Angeles resident has been sentenced to over nine years in prison for running botnets of half a million computers and stealing and trafficking tens of thousands of credit card numbers on exclusive Russian-speaking cybercriminal forums. Alexander Tverdokhlebov was arrested in February, pleaded guilty on March 31 to wire fraud and on Monday, a federal court sentenced him to 110 months in prison. According to court documents, Tverdokhlebov was an active member of several highly exclusive Russian-speaking cybercriminal forums largely engaged in money laundering services, selling stolen sensitive data, and malware tools since at least 2008. Tverdokhlebov offered several illegal services on these underground forums, including the exchange of tools, services and stolen personal and financial information. The hacker also operated several botnets – a network of compromised ordinary home and office computers that are controlled by hackers and can be used to steal credit card and other sensitive financial information. At various occasions between 2009 and 2013, Tverdokhlebov claimed on the underground forums that "he possessed 40,000 stolen credit card numbers and could control up to 500,000 infected computers." Tverdokhlebov emigrated from Russia in 2007 and later obtained United States citizenship. He also hired two Russian students studying in the America to cash out funds from a compromised bank account. At the time of his arrest in February, federal authorities seized approximately $5 million in Bitcoin and $272,000 in cash from Tverdokhlebov, while he was trying to steal money from thousands of online US bank accounts. According to the prosecutors, Tverdokhlebov stole sensitive financial information from at least 100 victims, estimating losses totaled between $9.5 Million to $25 Million. "As part of the sentencing, the court also ordered the defendant to serve three years of supervised release following his prison term, with conditions of release that will include monitoring of the defendant's computer use," the Department of Justice said. Most of his family is still based in Russia, and the only significant tie he has in the United States is a relationship with a Russian-born woman based there. Tverdokhlebov also married an American citizen in 2009 but divorced her shortly. News provided GREENDUMP24.COM
  7. Security researchers have discovered several severe zero-day vulnerabilities in the mobile bootloaders from at least four popular device manufacturers that could allow an attacker to gain persistent root access on the device. A team of nine security researchers from the University of California Santa Barbara created a special static binary tool called BootStomp that automatically detects security vulnerabilities in bootloaders. Since bootloaders are usually closed source and hard to reverse-engineer, performing analysis on them is difficult, especially because hardware dependencies hinder dynamic analysis. Therefore, the researchers created BootStomp, which "uses a novel combination of static analysis techniques and underconstrained symbolic execution to build a multi-tag taint analysis capable of identifying bootloader vulnerabilities." The tool helped the researchers discover six previously-unknown critical security bugs across bootloaders from HiSilicon (Huawei), Qualcomm, MediaTek, and NVIDIA, which could be exploited by attackers to unlock device bootloader, install custom malicious ROM and persistent rootkits. Five of the vulnerabilities have already been confirmed by their respective by the chipset vendors. Researchers also found a known bug (CVE-2014-9798) in Qualcomm's bootloaders, which was previously reported in 2014, but still present and usable. In a research paper [PDF], titled "BootStomp: On the Security of Bootloaders in Mobile Devices," presented at the USENIX conference in Vancouver, the researchers explain that some of the discovered flaws even allow an attacker with root privileges on the Android operating system to execute malicious code as part of the bootloader or to perform permanent denial-of-service attacks. According to the researchers, the vulnerabilities impact the ARM's "Trusted Boot" or Android's "Verified Boot" mechanisms that chip-set vendors have implemented to establish a Chain of Trust (CoT), which verifies the integrity of each component the system loads while booting the device. Overview: Discovered Bootloader Vulnerabilities The researchers tested five different bootloader implementations in Huawei P8 ALE-L23 (Huawei / HiSilicon chipset), Nexus 9 (NVIDIA Tegra chipset), Sony Xperia XA (MediaTek chipset) and two versions of the LK-based bootloader, developed by Qualcomm. The researcher discovered five critical vulnerabilities in the Huawei Android bootloader: An arbitrary memory write or denial of service (DoS) issue when parsing Linux Kernel’s DeviceTree (DTB) stored in the boot partition. A heap buffer overflow issue when reading the root-writable oem_info partition. A root user’s ability to write the nve and oem_info partitions, from which configuration data and memory access permissions governing the smartphone's peripherals can be read. A memory corruption issue that could allow an attacker to install a persistent rootkit. An arbitrary memory write bug that lets an attacker run arbitrary code as the bootloader itself. Another flaw was discovered in NVIDIA's hboot, which operates at EL1, meaning that it has equivalent privilege on the hardware as the Linux kernel, which once compromised, can lead to an attacker gaining persistence. The researchers also discovered a known, already patched vulnerability (CVE-2014-9798) in old versions of Qualcomm's bootloader that could be exploited to cause a denial of service situation. The researchers reported all the vulnerabilities to the affected vendors. Huawei confirmed all the five vulnerabilities and NVIDIA is working with the researchers on a fix. The team of researchers has also proposed a series of mitigations to both limit the attack surface of the bootloader as well as enforce various desirable properties aimed at safeguarding the security and privacy of users. DUMPS***...DUMPS+PIN***...CC+CVV***... GREENDUMPS24.COM
  8. Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in "real time" -- that too in mere fractions of a second in some cases. The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone's encryption can be cracked so quickly that attackers can listen in on calls in real time. The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping. Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of 'plaintext' attacks, the Chinese researchers attempted to "reverse the encryption procedure to deduce the encryption-key from the output keystream directly." The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation. "This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher," the research paper reads. "The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s."According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping. The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives. Such attacks could pose a significant threat to satellite phone users' privacy. "Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks," researchers said. "This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication," researchers concluded.The research was carried out by Jiao Hu, Ruilin Li and Chaojing Tang of National University of Defense Technology, Changsha, China. For more details, you can head on to their research paper [PDF], titled "A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones." The news provided GREENDUMP24.COM If you liked the NEWS, click + to reputation or thx
  9. Katyusha Scanner — Telegram-based Fully Automated SQL Injection Tool A new powerful hacking tool recently introduced in an underground forum is making rounds these days, allowing anyone to rapidly conduct website scans for SQL injection flaws on a massive scale — all controlled from a smartphone using the Telegram messaging application. Dubbed Katyusha Scanner, the fully automated powerful SQLi vulnerability scanner was first surfaced in April this year when a Russian-speaking individual published it on a popular hacking forum. Researchers at Recorded Future's Insikt Group threat intelligence division found this tool for sale on an underground hacking forum for just $500. Users can even rent the Katyusha Scanner tool for $200. According to the researchers, Katyusha Scanner is a web-based tool that's a combination of Arachni Scanner and a basic SQL Injection exploitation tool that allows users to automatically identify SQLi vulnerable sites and then exploits it to take over its databases. Arachni is an open source vulnerability scanning tool aimed towards helping users evaluate the security of their web applications. What makes this tool stand out of line is its 'Infrastructure-as-a-Service' model. Remotely Control Hacking Tool Via Telegram Katyusha Scanner is abusing the Telegram messaging application to control its operations, such as sending and receiving commands. The Katyusha Scanner tool is quite easy to setup and use, allowing anyone to conduct large-scale penetration attacks against a large number of targeted websites simultaneously with the mere use of their smartphones. The Pro version of the tool not just identifies vulnerable websites, but also allows hackers to establish a "strong foothold within vulnerable web servers" and automatically extract "privileged information such as login credentials." Once the scan is complete, Katyusha Scanner sends a text message to the criminals with the vulnerable site name, its Alexa web ratings, helping criminals identify popular websites that would likely be more profitable for them to attack, and the number of databases. The criminals, even with no technical knowledge, can download any exfiltrated data available by just clicking on their smartphones to issue commands. Katyusha Scanner also allows for the automatic dumping of databases and can be used on both Linux as well as Windows machines. "The availability of a highly robust and inexpensive tool...Katyusha Scanner to online criminals with limited technical skills will only intensify the compromised data problem experienced by various businesses, highlighting the importance of regular infrastructure security audits," researchers at Recorded Future wrote.Many buyers praised the quality of the tool on the black market site, one of the satisfied customers who got immediate success in obtaining access to eight web servers wrote: "Excellent support! The seller has configured the software for my server, which was failing before, however, right now it flies divinely! I highly recommend the software, and it has found eight SQL vulnerabilities in half a day, great automation of the routine. Very grateful to the seller." Another wrote: "The author has helped with the product setup after the purchase, and (Katyusha) has immediately found SQL vulnerability. Thank you for the great product." Initially, Katyusha Scanner was sold for $500, but due to unexpectedly high demand, a light version of the tool with slightly limited functionality was released on May 10, 2017, at just $250. With the release of the most recent Katyusha 0.8 Pro update at the end of June, the author also made the scanner available for rent at $200 per month for the first time. News provided GREENDUMP24.COM
  10. What if your smartphone starts making calls, sending text messages, and browsing malicious websites on the Internet itself without even asking you? This is no imaginations, as hackers can make this possible using your smartphone's personal assistant like Siri or Google Now. A team of security researchers from China's Zhejiang University have discovered a clever way of activating your voice recognition systems without speaking a word by exploiting a security vulnerability that is apparently common across all major voice assistants. DolphinAttack (Demo): How It Works https://youtu.be/N-j54uo_B0I [video]https://youtu.be/N-j54uo_B0I[/video] Dubbed DolphinAttack, the attack technique works by feeding the AI assistants commands in ultrasonic frequencies, which are too high for humans to hear but are perfectly audible to the microphones on your smart devices. With this technique, cyber criminals can "silently" whisper commands into your smartphones to hijack Siri and Alexa, and could force them to open malicious websites and even your door if you have a smart lock connected. The attack works on every major voice recognition platforms, affecting every mobile platform including iOS and Android. So, whether you own an iPhone, a Nexus, or a Samsung, your device is at risk. The attack takes advantage of the fact that human ears generally can't hear sounds above 20kHz. But the microphone software still detects signals above 20 kHz frequency. So, to demonstrate the DolphinAttack, the team first translated human voice commands into ultrasonic frequencies (over 20 kHz), then simply played them back from a regular smartphone equipped with an amplifier, ultrasonic transducer and battery—which costs less than $3. "DolphinAttack voice commands, though totally inaudible and therefore imperceptible to [a] human, can be received by the audio hardware of devices, and correctly understood by speech recognition systems," the researchers explain in their research paper. DolphinAttack Makes Hacking Siri, Alexa & Google Now Easy Since smartphone allows users to do a broad range of operation via voice commands like dialling a phone number, sending short messages, opening a web page, and setting the phone to the airplane mode, the researchers were able to order an iPhone to dial a specific number. However, according to the researchers, an attacker can send inaudible voice commands to instruct a device to perform several malicious tasks including: Visiting a malicious website—which can launch a drive-by-download attack or exploit the victim's device with 0-day vulnerabilities. Spying—the attacker can instruct the victim's device to initiate outgoing video or phone calls, thereby getting access to the image and sound of device surroundings. Injecting fake information—the attacker can instruct the victim's device to send fake text messages or emails to publish fake online posts or add fake events to a calendar. Denial of Service—the attacker can inject commands to turn on the 'airplane mode,' thereby disconnecting all wireless communications and taking the device offline. Concealing attacks—since the screen display and voice feedback could expose the attacks, the attacker can decrease the odds by dimming the screen and lowering the volume to hide the attack. Typically, the signal sent out by the researchers was between 25 and 39kHz. As for range, the team managed to make the attack work maximum at 175cm, which is certainly practical. What's scary? DolphinAttack works on just about anything including Siri, Google Assistant, Samsung S Voice, Huawei HiVoice, Cortana, and Alexa, on devices such as smartphones, iPads, MacBooks, Amazon Echo and even an Audi Q3—total 16 devices and 7 systems. What's even worse? The inaudible voice commands can be accurately "interpreted by the SR [speech recognition] systems on all the tested hardware" and work even if the attacker has no direct access to your device and you have taken all the necessary security precautions. How to prevent DolphinAttacks? The team goes on to suggest device manufacturers make some hardware alterations to address this vulnerability simply by programming their devices to ignore commands at 20 kHz or any other voice command at inaudible frequencies. "A microphone shall be enhanced and designed to suppress any acoustic signals whose frequencies are in the ultrasound range. For instance, the microphone of iPhone 6 Plus can resist to inaudible voice commands well," the researchers say. For end users, a quick solution to prevent such attacks is turning off voice assistant apps by going into settings, before an official patch lands for your device. How to disable Siri on iPhone, iPad, or iPod touch: Go to your iOS device's Settings → General → Accessibility → Home Button → Siri and then toggle Allow "Hey Siri" to off. How to turn off Cortana: Open Cortana on your Windows PC, select the Notebook icon on the right side, click on Settings and then toggle "Hey Cortana" to off. How to turn off Alexa on Amazon Echo: Simply press the microphone on/off button on the top of the unit. When off, the light will turn red and Echo will stop responding to your wake word until you turn it back on. How to turn off Google Home: To mute Google Home's mics, press and hold its physical mute button located at the back of the unit. The team will present their full research at the ACM Conference on Computer and Communications Security in Dallas, Texas next month.
  11. Nothing is free in this world. If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax. Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack. Now, a Remote Access Trojan (RAT) builder kit that was recently spotted on multiple underground hacking forums for free found containing a backdoored module that aims to provide the kit's authors access to all of the victim's data. Dubbed Cobian RAT, the malware has been in circulation since February of this year and has some similarities with the njRAT and H-Worm family of malware, which has been around since at least 2013. According to ThreatLabZ researchers from Zscaler, who discovered the backdoored nature of the malware kit, the "free malware builder" is likely capable of allowing other wannabe hackers to build their own versions of the Cobian RAT with relative ease. Once the criminals create their own version of malware using this free builder, they can then effectively distribute it via compromised websites or traditional spam campaigns to victims all over the world and is capable of recruiting affected devices into a malicious botnet. The Cobian RAT then steals data on the compromised system, with the capability to log keystrokes, take screenshots, record audio and webcam video, install and uninstall programs, execute shell commands, use dynamic plug-ins, and manage files. Cyber Criminals Want to Hack Wannabe Hackers Now, if you get excited by knowing that all these capabilities offered by the original authors of the malware builder kit are free as they claim, you are mistaken. Unfortunately, the custom RATs created using this free Cobian RAT malware builder kit has a hidden backdoor module, which silently connects to a Pastebin URL that serves as the kit authors' command-and-control (C&C) infrastructure. The backdoor, at any time, can be used by the original authors of the kit to issue commands to all RATs built on the top of their platform, eventually putting both wannabe hackers and compromised systems infected by them at risk. "It is ironic to see that the second level operators, who are using this kit to spread malware and steal from the end user, are getting duped themselves by the original author," Deepen Desai, senior director of security research at Zscaler, wrote in a blog post published Thursday. "The original author is essentially using a crowdsourced model for building a mega Botnet that leverages the second level operators Botnet."The researchers also explain that the original Cobian developer is "relying on second-level operators to build the RAT payload and spread infections." The original author then can take full control of all the compromised systems across all the Cobian RAT botnets, thanks to the backdoor module. They can even remove the second-level operators by changing the C&C server information configured by them. A recently observed unique Cobian RAT payload by the researchers reportedly came from a Pakistan-based defence and telecommunication solution website (that was potentially compromised) and served inside a .zip archive masquerading as an MS Excel spreadsheet. The bottom line: Watch out the free online stuff very carefully before using them. News provided DUMPS***...DUMPS+PIN***...CC+CVV***... ICQ 60332141 GREENDUMP24.COM GREENDUMPS24.COM http://greendznutpkhdi5.onion/ JABBER greendumps24.com@exploit.im
  12. Биометрическая система VOCORD FaceControl авторства российской компании «Вокорд» второй раз признана лучшим решением для дистанционного распознавания лиц во влиятельном глобальном рейтинге MegaFace. По данным рейтинга MegaFace, обновленного в мае 2017 г., точность распознавания алгоритма «Вокорд» достигла рекордных 92,8%. У ближайшего конкурента данный показатель составил почти на 10% меньше (83,3%). Высокого результата удалось добиться за счет дальнейшего совершенствования собственного нейросетевого алгоритма компании. О компании NTechLab Российский стартап NTechLab, запущенный в 2015 г., специализируется на разработке технологии распознавания лиц. В мае 2017 г. года NTechLab привлекла $1,5 млн инвестиций от фонда Impulse VC и группы частных инвесторов, включающей первого заместителя гендиректора Tele2 Александра Провоторова. Исходный алгоритм компании – FaceN, стал основой сервиса по поиску профилей в социальной сети «ВКонтакте» на основе фото FindFace и уже дважды возглавлял мировой конкурс MegaFace. Победивший в рейтинге NIST алгоритм является основой платного коммерческого пакета для разработчиков – платформы FindFace Enterprise Server SDK 2.0. Версия алгоритма 2.0 позволяет распознавать 7 базовых и 50 составных эмоций, определять пол и возраст человека с погрешностью до трех лет, а также производить поиск по базе из порядка 1 млрд фотографий менее чем за полсекунды. Платформа также может управлять системой распознавания лиц через Android-приложение. Подробнее: http://www.cnews.ru/news/top/2017-05...g_ministerstva P/S Их система выиграла тендер и будет установленна на ряде гос учреждений США...Скорость обработк просто шокирует...да еще и из видеопотока выделяет...
  13. интересуют отзывы на омерте. работаете?
  14. умельцы ебай амазон

    братан, майнить уже не выгодно...не трать время и деньги. Сложность растет постоянно, соотв. видеокарты будут приносить меньше денег. И к концу срока окупаемости итоговый результат будет выглядеть хуже по сравнению с вложениями в другие направления. Если конечно ты не собираешься инвестировать 1кк. А судя по виду карт которые хочешь исопльзовать не собираешься. Эти карты УЖЕ к сожалению устарели....