DeathRing: Non-removable Pre-installed Malware@Androids

The smart-phones penetration in our country and for that matter any country has been seeing explosion like never before...from cheap mobiles with luring specs to high end smart-phones by Apple,Samsung,Sony etc.The growing and already a subject matter of concern in IT ie SECURITY is majoring as a serious threat in the mobile world too...like the Microsoft b70 case few years back(click here for details)....As evidenced by the latest pre-loaded malware identified called DeathRing that’s  a Chinese Trojan that is pre-installed on a number of smart-phones most popular in Asian and African countries.

as evidenced by the latest pre-loaded malware Lookout identified called DeathRing.

Read more: DeathRing: Pre-loaded malware hits smartphones for the second time in 2014 (https://blog.lookout.com/?p=15835)

as evidenced by the latest pre-loaded malware Lookout identified called DeathRing.

Read more: DeathRing: Pre-loaded malware hits smartphones for the second time in 2014 (https://blog.lookout.com/?p=15835)

as evidenced by the latest pre-loaded malware Lookout identified called DeathRing.

Read more: DeathRing: Pre-loaded malware hits smartphones for the second time in 2014 (https://blog.lookout.com/?p=15835)

Operation Cleaver : IRAN a greater Cyber Threat then US/China????

1.    There has been a series of decisive and significant reveals in past few weeks in the field of Cyber Security. REGIN, APT28, Wirelurker and now comes another important report by the name of Operation Cleaver. The report is available here.Some time about a year back in September 2013,the ping pong blame of cyber attacks between Iran-US were made public vide US carrying out proven credentials of IRAN being part of attack in their Navy room. A screen shot of a report then is seen below :

 2.    Now, a US cyber security firm Cylance says it has evidence to prove that the same team has infiltrated not just the Navy, but also various top companies across the globe within the past two years. This report sheds light on the efforts of a coordinated and determined group working to undermine the security of at least 50 companies across 15 industries in 16 countries.

3.  Iran till date has never been considered quite as much of a serious cyber threat to the US as China and Russia have been in recent years. This could prove to be a mistake vide proofs given in this report.The report indicates that state sponsored cyber groups in Iran can be just as severe or even way ahead in terms of offered danger to few countries. Few key points of interest are mentioned below :

-  Victims include companies in the oil and gas sector, the energy industry, airports and the transportation sector, government and defence, and the telecommunications and technology industries.

-   Report believes all the revelations are just the tip of the ice berg and damage extends much ahead of contours identified.

-   About 10 of the victims are based in the US and include a major airline, an energy company, a medical university, and an automobile manufacturer.

-   Many of the other firms targeted by the group are based in Middle Eastern countries like Kuwait, the United Arab Emirates, Saudi Arabia, and Qatar. Cylance also found a significant number of victims in Canada, Germany, England, France, India, Israel, Pakistan, and Turkey.

-  Unlike their Russian and Chinese counterparts, which tend to grab IP and financial data where they can, the Iranian group has mostly avoided stealing such data.

-  The group is scoping networks and conducting reconnaissance as if in preparation for a major assault at some point in the future.

-   Technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort.

- 

Harden your LinkedIn Settings : A Necessity Now

Most of us are part of various Social Engineering Sites and keep updating ourselves via status updates, pictures and tweeting small life updates. Related Privacy and Security issues in respect of these social engineering sites available is already a serious concern among users. Additionally for these all social engineering sites/applications whether accessible on a desktop or a mobile, we all are not so serious responding and interacting but that’s the difference when we see viz-a-viz LinkedIn. When it is LinkedIn…we are mostly serious…no jokes, no clips, no tagging, no personal comments, no WOWs…it’s all professional. And when most of us take it seriously, we also feed serious inputs on it. But do we take necessary precautions too?...I have mostly seen a negated curve amongst my friend circle….hardly anyone has spared time to configure LinkedIn Privacy and Security settings. In this post I bring you out basic and necessary configuration steps involved to harden your LinkedIn interface to the world.

Harden your LinkedIn Settings : A Necessity Now from anupriti

Configuring and using OPENVPN in UBUNTU@14.04 LTS

1.  VPN as discussed recently in my post here is on-way becoming a routine necessity for each one of us.In this post I bring you a screen shot and command terminal step by step procedure to configure and use OPENVPN,an open source application vide which a Ubuntu user can tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port and additionally configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients.OpenVPN is the best and most recommended open-source VPN software world-wide. It is the most secure VPN option. You need to download the open-source OpenVPN Client and our configuration and certificate bundle from the links on site shown below (use TCP if you cannot connect to UDP due to network restriction).

Steps involved : 

- Open a sudo terminal

- Install openvpn by typing

sudo apt-get install openvpn

Goto http://www.vpnbook.com/freevpn and Download one of the VPNBook OpenVPN certificate bundles as seen available in the screenshot below :

After downloading either of the above certificates as seen....do extract the contents in one folder and these should look like as seen below :

If there is any issue with the installation part,install the openvpn client by synaptics as shown below :

Once done ...go to the sudo terminal and type the following :

openvpn --config vpnbook-euro1-tcp443.ovpn

As you see the message INITIALIZATION SEQUENCE COMPLETED...u r on with the VPN..

APT 28 :Cyber Espionage and the Russian Government?

Russia may be behind a long-standing, careful campaign designed to steal sensitive data relating to governments, militaries and security firms worldwide.This presentation based on a report made public by FireEye (report here)brings an over view of their opinion.....uploaded here just for general info to understand how its all happening in the dynamic and vibrant world of CYBER ..!!!!

VPN: Graduating to NECESSITY!!!!

1.   Years back in India some where in 1990's...computer was still a rich men's possession...so was the case with plain mobiles graduating further to smart phones..but over the years today both are part of routine possession of every one...PCs/Laptops/Tablets today have entered almost all domains of most of the minutes we spend with our eyes open...whether it is office...studies... entertainment.. personal life... everything...The growing dependence has made new problems too...prime being PRIVACY.The privacy issue has recently taken a more serious note with so many Cyber Espionage operations coming in open...wiki leaks happening...Snowden out in open with his story ...government backed cyber traffic monitoring projects incl few as mentioned below :

    PRISM
    ECHELON
    Carnivore
    DISHFIRE
    STONEGHOST
    Tempora
    Frenchelon
    Stellar Wind
    Fairview
    MYSTIC
    Bullrun
    Upstream
    

2.   The above list is actually endless with specific aims of collecting information in form of call records,location mapping,building profiles....all happening in the name of building Intelligence for the safeguard of respective individual nations.There is no way one naive citizen without a tech background of any country can safeguard himself from all above operations and projects.In recent times.....VPN has been increasingly showcased across various forums and even by the likes of Snowden and Julian Assange who have used it in their routine transactions of email...Skype and messaging someone..

VPN is a network that is constructed by using public wires — usually the Internet — to connect to a private network, such as a company's internal network.  There are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

3.  Now with the growing paranoia and due concern of Cyber Security and Privacy in general public too,the option of VPN has started gaining due focus....with free VPN Services in abundance...like openvpn, freevpn, vpnbook,Shrew Soft, Comodo Unite and the free/basic version of Hamachi etc...the lure is only becoming more tempting. Most people are coming out of the typical mindset of VPN being only a corporate protocol for business travellers and people who work remotely.VPN is thus gradually moving from an option today to a necessity.The good thing is that even the paid VPN services are not so costly to make an impact on pocket.With a VPN configured in ur PC/Laptop...u r rest assured safe from prying eyes of free wifi zones at Coffee shops or places like at airport.

Does VPN imply 100% Safety for the user?

4.   Like all security solutions, even the securest of VPNs can be compromised surprisingly since if the user is keen enough/careless to download malicious files, which is why the onus lies finally with the user habits of surfing safely.A VPN only makes sure that the traffic from user end is encrypted from third party eyes...it does not defy the need for Anti-virus software’s which are primarily responsible for detecting Virus/Malwares etc

REGIN : Groundbreaking MALWARE Threat

An advanced piece of malware, known as ‘Regin’, has been used in systematic spying campaigns against a range of international targets including government agencies and businesses since at least 2008 vide IT security firms Symantec and Kaspersky Lab reports both released on 24th Nov 2014.This ppt brings you an overview of the threat in brief.The piece of malware is unique in the sense that it's structure displays a degree of technical competence rarely seen.Stuxnet looks a decent past....with this complexity

Regin from anupriti

Being PGDIS : Post Graduate Diploma in Information Security@IGNOU

1.   In my endeavour to gain skill sets in Cyber Security,I have been stuffing my profile in past few years with professional Qualifications in the IT security field...though I personally feel simply loading with qualifications is not an authority to you being an expert but what matters more in this field is hands on practical training and knowledge...but still some gut feeling from inside makes me always enroll for some good course in addition to continuous hands on attempts with pracs.So in past as I qualified CCCSP@CDAC,CEH@EC-Council, and few qualifications from ASCL,Alison,Rackspace etc I got myself enrolled for a longer version course(One year)...PGDIS@IGNOU...and passed out last week with 81.13 percentage marks.Here I bring you out basic features of this course...

- Stands for Post Graduate Diploma in Information Security

- This programme emphasizes specifically on the User’s Security Awareness and needs as follows:

    - Securing one’s own desktop.
    - Securing one’s own data.
    - Securing one’s connectivity.
    - Secure browsing. (E-mail, Internet application)
    - Secure Internet transaction.
    - W3C Compliance.
    - Employee perspective of ISO 27000
    - Securing Web servers/ services.
    - Cyber Forensics.
    - Securing in the mobile world
    - Govt. rules in IT Security

- Subjects covered in this course vide two semesters are as seen below :

Click to Enlarge

- Course fee is Rs 9000/- per semester

AMAZING PROMPT STAFF

3.  I would like to bring out another good thing about this course...the staff involved is surprisingly amazing and prompt.I always had this view about IGNOU being a sarkari university with slow staff,slow procedures,slow communications and so on...but the kind of dedicated staff that is available for this course deserves accolades and loads of appreciation...the study center staff with Mr Santosh,Mr Niranjan @ Delhi Center , Dr Anup Girdhar as the conducting instructor and guide for course/project and Ms Urshla Kant,coordinating staff from the Faculty of SOVET......all working together to bring out this relatively good course that involves...contact programmes,theory and practicals....I found it much contentful then CEH,CISSP etc.Wish them al d best....

4.   More details at http://www.ignou.ac.in/upload/Announcement/Programme_Guide_and_Prospectus_PGDIS_ACISE.pdf and http://www.ignou.ac.in/ignou/aboutignou/school/sovet/faculty/detail/Ms_Urshla_Kant-599

WireLurker : First Serious Trouble for APPLE

This post brings out a brief over view of WireLurker,the first of a kind of malware family that has made the Apple to rot...never in the history of unquestionable iOS/Mac devices has such a thing been seen or heard...with such a severe beating...the ppt is based on a report made recently public by Palo Alto Networks®...

Wirelurker from anupriti

Setting up Metasploit on a BackTrack5 R3 VM with SSH connectivity@Putty

1.    Setting this up is a simple thing till the time you know how to do it...here I bring you a step by step thing of how you putty to a Backtrack5 v3 machine installed in a Virtual Box from a Ubuntu host OS....

2.    First thing is configuring a additional network card on the BTR3 machine.Select the virtual machine and click on Settings,then move to Network settings and then in the Network adapter, there will be a pre-installed NAT adapter for internet usage of the host machine.Under Adapter 2 select Host only Adapter.

Adapter 1 Default Configuration

 Adapter 2 to be Configured

Before you get ready to ssh...u need to ensure that ssh service is running in Backtrack...which by default is not...run the terminal commands as seen below in the screen shots...

ifconfig as seen at terminal of the Backtrack R3 machine

 Putty to IP of the Backtrack Machine

Putty successfully asks for login as seen below :

 Login with Backtrack credentials :

Here  above we get the msfconsole...ready to accept the commands....