Test- Run DDos Attacks Against Liberia Cease

Intermittent DDoS attacks powered by the largest of the many Mirai-powered botnets targeting the African nation of Liberia have ceased today.

Researcher Kevin Beaumont who disclosed the attacks on Thursday said also that the domain controlling the attacker’s command and control infrastructure was disabled by registrar eNom; that domain pre-dates the DDoS attacks two weeks ago against Dyn.

While the attacks against Liberia have been shut down, they did this week periodically interrupt Internet service to the country and one mobile service provider told the IDG News Service that the attacks were “killing” its business and revenue.

Beaumont, a security architect with a U.K. company, said that Liberia has one undersea cable servicing Internet connectivity for the entire country. Telecommunications companies and service providers jointly own the cable, which provided the attackers with a single point of failure to focus their attack. Beaumont also said that the botnet was able to generate 500 Gbps of traffic, making it among the largest attacks ever publicly recorded. The researcher, however, believes this was a test of denial-of-service capabilities against a nation.

 

Beaumont also said that the botnet was able to generate 500 Gbps of traffic, making it among the largest attacks ever publicly recorded. The researcher, however, believes this was a test of denial-of-service capabilities against a nation. “The attacks were short in duration, done in different ways against the same targets over a prolonged period, and against a nation which has some interesting characteristics – small, low profile, low percentage of Internet use per head,” Beaumont told Threatpost. Once Beaumont published his report on Thursday, the attackers also pointed their DDoS traffic at a botnet monitoring service called MalwareTech, tracking its activity, and sent veiled threats to Beaumont.

Hackers strike at Vodafone stealing bank details from thousands of customers

Computer hackers are believed to have broken into an external data bank used to store people’s emails, accessing 1,827 accounts before they were cut off.

The mobile phone giant said that the cyber criminals may have accessed customers’ names, mobile numbers, bank sort codes and the last four digits of their bank accounts

The data breach occurred after hackers made an attempt to access customers’ account details between midnight on Wednesday and midday on Thursday.

Vodafone told the National Crime Agency (NCA), Ofcom and the Information Commissioner’s Office about the attack on Friday evening and an investigation into the circumstances has been launched. But the company only informed customers about the breach yesterday

A spokesman said: “This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone.

“Vodafone’s systems were not compromised or breached in any way.”

The mobile phone giant said no credit or debit card details were accessed and the information obtained by the criminals “cannot be used directly to access customers’ bank accounts”.

But it added that it had contacted all high street banks to alert them to the breach. The company also warned customers to be on their guard for “phishing” attempts by the criminals, whereby they will contact those people whose details they have partly acquired in a bid to convince them to hand over their security details.

The spokesman said: “Whilst our security protocols were fundamentally effective, we know that 1,827 customers have had their accounts accessed, potentially giving the criminals involved the customer’s name, their mobile telephone number, their bank sort code, the last 4 digits of their bank account.

“Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.”

The breach comes just over a week since telecoms giant TalkTalk said it had been subjected to a “significant and sustained” attack on its website, which prompted fears that millions of customers may had their bank details stolen.

On Friday, TalkTalk said the cyber attack on its website was “significantly less than originally suspected” with fewer than 21,000 unique bank account numbers and sort codes accessed.

Two teenagers who were arrested over that incident – a 15-year-old boy from County Antrim in Northern Ireland and a boy aged 16 from Feltham in west London – were released on police bail.

Obama Encryption Policy: White House Will Not Force Companies To Decode Encrypted Data

After the revelations that Whistleblower Edward Snowden made about the United States National Security Agency (NSA), the U.S. citizens are in need of more transparent digital security.
The Citizens of the United States have appealed to the Obama Administration through a campaign for rejecting any policy, mandate or law that stands against their security in the cyberspace and adopt strong encryption for them.
The Washington Post reported that the Obama Administration has agreed partially on the encrypted communications issue.
“The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” James B. Comey, FBI Director, said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.
This decision is considered as the Status Quo. It is like a win-win situation to decrease the tension because of the Petition and regard the law enforcement agencies as well as the citizens.
What does the Law Enforcement want?
The Law Enforcement Agencies (LEA) find it difficult to assess the encrypted information that they get from gaining access to the communications of criminals, terrorists and spies.
Even the state and local agencies investigating crimes like child kidnappings and car crashes find it difficult in the digital era with the increase in pieces of evidence that are electronic devices they can’t access without a search warrant.
Further, if the cyber criminal “Pleads the Fifth,” it becomes more challenging for the LEA.
What do the Citizens need?
The Citizens of the United States have stood up for a temporary alliance, where they are petitioning the President for privacy, security, and integrity of their communications and systems.
The campaign initiated by the U.S. citizens requires participation of their fellow citizens by signing the petition on the website Savecrypto.org, and the stats say they need 50,000 more number of participation from the people.
If they reach a majority of 100,000, then they will get a reply from the White House. Also, if they get more than 370,000 votes, it will be the most popular WhiteHouse.gov petition ever.
How Encryption comes into Play?
Companies that provide encryption are the ones that reside in between both the primary entities (LEA and Citizens) because they are ones allowing us to encrypt our information over:
Voice or Text communication
Any electronic Device
In the matter of text, the companies offer encryption in which the only persons who can read that message are the sender and the receiver.
Whereas, in the case of a device, only its owner has the access to the device’s data. However, the companies themselves leave ‘backdoors’ or keys to decrypt that data for the government, even if served with search warrants or intercept orders.
As, decoding the communication is a challenging task for the LEA, certain members of Congress and the FBI want to force these companies to give the government special access to the citizens
data.
And to achieve this they want these companies to:
Build security vulnerabilities
Give them a “golden key” to unlock the citizens encrypted communications.
However, the “security experts agree that it’s not possible to give the government what it wants without creating vulnerabilities that could [even] be exploited by bad actors,” quoted the Savecrypto.org.
It’s like having no meaning of “Encryption” and “Security.”
If this is the way Obama Administration is going to handle the Encryption policy for communications for the citizens, it would be a No-win situation.
The decision was declared at a Cabinet meeting on October 1, 2015, and, as the president has said, the US will “work to ensure that malicious actors can be held to account — without weakening our commitment to strong encryption.”

Incredible! Someone Just Hacked 10,000 Routers to Make them More Secure

Has anyone ever heard about a “Vigilante-style Hacker,” who hacks every possible system to make them more Secure?
No. It’s not funny, neither a movie story:
Reportedly, someone is hacking thousands unprotected Wi-Fi routers everywhere and apparently forcing owners to make them more Secure.
Security firm Symantec has discovered a new malware, dubbed “Linux.Wifatch” a.k.a “Ifwatch,” infected more than 10,000 vulnerable ‘Internet of Things’ devices, and spreading quickly.

However, Linux.Wifatch not only removes malicious backdoor but also encourages users to update their weak passwords.
How Does Linux.Wifatch Work?
Once a device is infected, the Linux.Wifatch malware connects to a peer-to-peer network that is being used to distribute threat updates.
Linux.Wifatch’s code does not deploy any payload for malicious activities, such as to carry out DDoS attacks, rather it detects and remediates the known families of malicious codes present on the compromised devices.
After Installation, whenever ‘Linux.Wifatch’ detects any malicious activity or malware on the vulnerable device; it asks the device owners to:
Change their default password,
Close potentially vulnerable Telnet port immediately
However, the malware does not appear to be used for malicious purposes yet, but researchers have found that the malware contains a number of backdoors that can be used by its developer to carry out malicious tasks remotely.
Linux.Wifatch, written in the Perl programming language, was first discovered in November last year by an independent malware researcher, who calls himself “Loot Myself.”
The researcher shared complete details of the malware in a two-part series on his blog with the same name – “Loot Myself: Malware Analysis and Botnet tracking.”
In 2014, the researcher sensed unwanted activities in his home router and for which he could not find the location as well.
This curiosity made him explore more, and while digging deeper he decoded the roots of the malware- THE SOURCE CODE, written in Perl.
After going through the source code, the researcher points out that the code is not obfuscated; it just uses compression and minification of the source code.
Further, the researcher mentions about an unusual activity:
“To any NSA and FBI agents reading this: please consider whether defending the U.S. Constitution against all enemies, foreign or domestic, requires you to follow Snowden’s example.” he says in the blog post.
How to Secure Your Wireless Router?
Though the risk associated with Linux.Wifatch is low, the security researchers at Symantec are keeping an eye on its activities.
They say with such a “Malware-for-Good,” it apparently creates a ‘Benefit of the Doubt’ as the author’s intentions are unknown.
The case hasn’t closed yet, as Symantec says, “It pays to be suspicious.”
Essential Security Measures
Symantec had previously issued measures to get rid of this Malware. Here below you can read a few important recommendation in short:
Use a Firewall to block all incoming connections
Enforce a password policy
Make sure to offer the lowest level of privileges to programs
Disable AutoPlay
Turn off file sharing if not needed
How to Remove ‘Linux.Wifatch’ Malware?
If you have also detected such activity on your home routers, you can get rid of the risk associated with it by:
Resetting your device; as it will remove the Linux.Wifatch malware
Keeping your device’s software and firmware up to date
Changing any default passwords that may be in use
Resetting your passwords routinely
More Ways to Protect your Network
Further, you can protect your Wireless network by following few measures, that assure your security, like:
Turning on your wireless router’s encryption setting
Turn the Firewall On
Change Default Passwords
Change the default “SSID” (service set identifier) of your devic
Turn Network Name Broadcasting Off
Use the MAC Address Filter

Adobe Releases 23 Security Updates for Flash Player

Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player.
The security fixes for Windows, Linux and Mac users address “critical [flaws] that could potentially allow [attackers] to take control of the affected system,” the company warned in an advisory on Monday.
Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them.
Critical Vulnerabilities
These 18 security vulnerabilities, all deemed highly critical, are as follows:
Type Confusion Vulnerability (CVE-2015-5573)
Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682)
Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678)
Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677)
Stack corruption vulnerabilities (CVE-2015-5567 and CVE-2015-5579)
Stack overflow vulnerability (CVE-2015-5587)
Other Security Fixes
Same-origin-policy bypass bugs (CVE-2015-6679)
Memory leakage security flaw (CVE-2015-5576)
Security bypass flaw that could lead to information disclosure (CVE-2015-5572)
Also, the company also added extra validation checks in Flash’s mitigation system in order to reject malicious content from vulnerable JSONP callback APIs.
Affected Software
According to the security bulletin posted by Adobe Monday morning, the affected products include:
Adobe Flash Player Desktop Runtime and Adobe Flash Player Extended Support Release version 18.0.0.232 and earlier
Adobe Flash Player for Google Chrome version 18.0.0.233 and earlier
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 version 18.0.0.232 and earlier on Windows 10
Adobe Flash Player for IE (Internet Explorer) 10 and 11 version 18.0.0.232 and earlier on Windows 8 and 8.1
Adobe Flash Player for Linux version 18.0.0.199 and earlier
AIR Desktop Runtime version 18.0.0.199 and earlier for Windows as well as Mac
AIR SDK version 18.0.0.180 and AIR SDK & Compiler version 18.0.0.180 and earlier on Windows, Android and iOS
AIR for Android version 18.0.0.143 and earlier
The latest Adobe Flash Player versions are 19.0.0.185 for Windows and Mac, as well as version 11.2.202.521 for Linux.
Users of Chrome and Windows 8 running Internet Explorer will receive the updated version of Flash Player automatically. Users of other browsers can manually download updates from Adobe’s download page.
Users of the Adobe Flash Player Extended Support Release are recommended to update to the latest version 18.0.0.241.

Deleting WhatsApp Messages Before 90 Days Could Land you in Jail

While the Indian people continue to struggle for Net Neutrality, a new problem surrounded them with the release of the latest policy for ‘National Encryption Policy’ by the Indian Government.
If you delete your WhatsApp Messages or Emails that you receive or send before 90 days, it might be a crime and you can End-up In Jail.
If the new National Encryption Policy implements that come up with weird suggestions — one should not delete WhatsApp conversation, Gmail or any email for 90 days, it would be an Internet Disaster.
With the aim to ‘provide confidentiality of information’ and ensure ‘protection of sensitive or proprietary information’, the draft policy, proposed by an so-called ‘expert panel’ from the Department of Electronics and Information Technology (DeitY), requires:
Access to your Private Data
The government wants to have access to all your encrypted information including your personal emails, text and voice messages, and data stored in a private business server.
Not to Delete any WhatsApp Messages or Emails for 90 Days
The Policy will enforce Internet users to save all encrypted communication data in plaintext for at least 90 days, which includes: WhatsApp messages, emails, sensitive banking or e-commerce transactions details.
Share your Encryption Keys with Government
National Encryption Policy also want Indian Internet Users to give up their encryption keys to the Government and Security Agencies.
Foreign Services Providers need to Comply with Indian Government
In India, More than 80% of Internet users are addicted to Non-Indian services like WhatsApp, Facebook, Gmail, Skype, Telegram and thousands more.
But, the National Encryption Policy requires Service Providers located outside India to enter into an agreement with the Indian Government, which says:
“Encryption algorithms and key sizes will be prescribed by the Government,” the policy reads.
You can send your comments to akrishnan@deity.gov.in by October 16, 2015.
The draft National Encryption policy has triggered national outrage among citizens of India that are forced to store their online messages send through WhatsApp, SMS, e-mail or any such service for up to 90 days.

My Government Doesn’t Understand How Encryption and Cyber Security Work

Almost every day or every second day, When I come across various announcements in Newspaper, TV News Channels, and Press releases that…
…Indian Government and related Policy-making organizations are going to set up their so-called “CyberSecurity Task Forces” or drafted a “National Cyber Security Policies,” with an aim to boost cyber security in India…
The first thing that comes to my mind is:
Why Doesn’t my Government Understand How Encryption and Online Cyber Security Works?
Yes, My Government really have no idea, How Encryption relates to users’ Privacy. And… Narendra Modi’s Government has done it again!
With the release of the draft National Encryption Policy, the government wants access to all your messages whether sent over online email services like Gmail or messaging services like WhatsApp, Viber, or Messenger.
The National Encryption Policy (before addendum) required:
Access to your Private Data
To store your digital messages or Emails for 90 Days in Plaintext
Share your Encryption Keys with Government
Foreign Services Providers to Comply with Indian Government
Yes, besides Indian Service Providers, the draft policy forces Service Providers outside of India to sign an agreement under which the Indian government will prescribe the Encryption algorithms and key sizes.
So, DeitY expects thousands of Foreign Service Providers that encrypt its users’ data to put the government backdoors into their secure software — similar to what the NSA did for spying on US citizens.
DeitY believes that this would enhance cyber security in India. Oh! Really? Looks like the experts have got it all wrong.
Policy Triggered National Outrage (Addend Policy)
However, after massive public outcry, the government has withdrawn the draft proposal and issued an addendum to the National Encryption Policy which says:
You will need to keep records of emails from Gmail and other email services, and have to submit them to Security agencies if required.
All Service Providers located within and outside India using Encryption technology for offering any services in India will need to register their services with the Government.
The Mass Use Encryption products, such as social media websites (Twitter and Facebook) and social media applications (WhatsApp, Viber, and Line), would not be regulated by the new National Encryption Policy.
SSL/TLS encryption products being used by Banking, e-commerce websites and Payment gateways will also be exempted.
The proposed National Encryption Policy would apply to everyone including government departments, academic institutions as well as citizens, and for all kind of communications…
…suggesting legal action that also includes Imprisonment, if violated.
Earlier and even the latest version of the ‘National Encryption Policy’ has raised several privacy concerns.
It seems like the Indian government has once again proven itself to be zero in knowledge about the issues related to Privacy and Online Security.
At The Hacker News, our agenda is to educate the world for Cyber Security. However, in the country from…
…where The Hacker News operates, where our own government is releasing such policies in the name of cybersecurity, we feel like a Failure, for which We Really Apologize!
Any updates on the topic will be added to the article to keep you informed.

With Its First Android app, Apple tried to Kill Android Community, But Failed Badly!

Are you a Die Hard Android Fan?
If you are also one of those millions Android fans, for whom the brand has turned into an insane religious devotion, then Apple has something that could give you second thoughts.
Apple is losing control, wants you to ditch your Android!
Few days ago, Apple made its debut on Google Play Store with its First App, called “Move to iOS”, for Android Users.
With its first ever Android app, Apple tried to kill Android Community and fans, But failed badly!
Apple’s new app works as an “Uncalled Assistance” in a manner where you have bought a new iPhone, iPad or iPod Touch and are confused about how to migrate data from your current Android device.
Apple’s ‘Move to iOS’ app is designed to help Android users transfer their content quickly and safely from an Android device to an iOS device.
The Apple App will help you in Migrating Data, like:
Calendars
Camera photos and videos
Contacts
Mail accounts
Message history
Web bookmarks
How does It work?
Now, it is time for the synchronization between the two devices shall begin.
The app will create a private Wi-Fi session from your iOS device and will pick your Android device loaded with Move to iOS app for the transfer of data to start.
Then open ‘Move to Android’ interface on your iOS device and after you Tap start, a 10-digit security code will pop-up which you’ll have to enter on your Android device with ‘Move to iOS’ screen on display.
After this, you can select your content from your Android device that you wish to transfer by tapping Next button and set up your new iOS device.
However, remember one thing, don’t let any distractions like a phone call to occur, because if they do the transfer will stop, and you’ll have to start all over again.
For smooth transfer of data, choose a time when the chances of getting distracted are less.

Apple Boosts iOS 9 Security with improved Two-Factor Authentication

Apple iOS 9, codenamed Monarch, will be available to the world on September 16th.

While most of the upgrades on iOS 9 focus on making devices:
Faster
Smarter
Secure
and more efficient.
Today we are going to discuss the improved Two-Factor Authentication (2FA) pumped within the new iOS operating system.
WHAT’S NEW AND HOW IT WORKS
Apple has strengthened the foundation of iOS 9 and further of your device by modifying the operating system with an improved two-factor authentication built into it.
As the two-factor authentication structure lies within the operating system, this makes the device’s Apple ID even harder to break.
2FA secures your Apple ID by acting as an additional support to protect your data on your device, preventing any intrusion to occur on your device.
Also, when you have more than one devices running Apple’s operating system, 2FA enables sign-in on a new device in a streamlined manner…
…Besides verifying your identity by entering your password Apple will generate a six-digit verification code in the next step that is either displayed on your Apple device through which you are logging in or you can choose to get it through a SMS or via phone call.
Things to pay attention to:
Remember your password and set up a device passcode on all your devices.
Remember to keep your devices secure from any external threat like theft.
Remember to update your trusted devices on time.
All of this makes it easier for you and difficult for the intruder to gain access to your information.
We’ve been saying improved and robust 2FA comes with iOS 9, yes, it has improved and follows a different method of verifying you and building trust.
If you are an iOS user and want to get the know hows about your device’s security follow the Apple support explaining the same.
BENEFITS OF IMPROVED 2FA:
Apple ID is your identity on Apple’s various services including iCloud, Apple Pay and many more.
The enhanced security features built into iOS 9 help you keep your Apple devices as well as Apple ID safe by:
Strengthening the Passcode that protects your devices
Improving Two-Factor Authentication that is built directly into iOS
These features make it harder for hackers, intruders or others to “gain unauthorized access to your Apple ID,” said Apple.
After being victims of attacks in the past like ‘Snappening’ and ‘Fappening’ as well as threats like iOS zero-day exploits are able to capture user’s password can be counted as few examples that support the new two-factor authentication.
Moreover, iOS 9 boasts of various improved features like battery optimization, several built-in apps and enhanced security for all the devices.
Apple also claimed that it is the most intelligent of the lot by providing you Proactive assistance Siri. The all new Proactive feature will offer contextual users suggestions based on their habits, location, or time of day.
As already mentioned, iOS 9 will be available to public from September 16 onwards. The operating system comes as a free update for all the users of iPhone 4s and later, iPod touch 5th generation and above, iPad 2 and above and iPad mini and later.

LockerPin Ransomware Resets PIN and Permanently Locks Your SmartPhones

Your device’s lock screen PIN is believed to keep your phone’s contents safe from others, but sadly not from a new piece of ransomware that is capable of hijacking safety of your Android devices.
A group of security researchers has uncovered what is believed to be the first real example of malware that is capable to reset the PIN code on a device and permanently lock the owner out of their own smartphone or tablet.
This Android PIN-locking ransomware, identified as Android/Lockerpin.A, changes the infected device’s lock screen PIN code and leaves victims with a locked mobile screen, demanding for a $500 (€450) ransom.
Here’s the Kicker:
Since the lock screen PIN is reset randomly, so even paying the ransom amount won’t give you back your device access, because even the attackers don’t know the changed PIN code of your device, security researchers at Bratislava-based antivirus firm ESET warn.
LockerPIN, as dubbed by the researchers, being spread through an adult entertainment apps installed from third-party websites, warez forums, and torrents – outside of the official Google Play Store.
The app in question is Porn Droid, which is the second of its kind observed recently called Adult Player – another porn-themed Android app that takes selfies of its users and include them in its ransom messages.
How LockerPIN Works?
Once installed on the victim’s smartphone, the app first tricks users into granting it device administrator rights. It does so by disguising itself as an “Update patch installation” window.
After gaining admin privileges, the malicious app goes on to change the user’s lock screen PIN code, using a randomly generated number.
This random number is not even sent to the attacker, meaning even after victims pay the ransom; nobody can unlock the device’s screen.
Though the majority of infected devices are detected within the United States, the researchers have spotted the infections worldwide.
How to Get Rid of this LockerPIN Ransomware?
Unfortunately, there is “no effective way” to regain access to infected devices without losing personal data.
Rebooting the device in Safe Mode and uninstalling the offending application or using Android Debug Bridge (ADB) alone won’t solve the issue.
The only way to unlock the device and get rid of LockerPIN ransomware app is to perform a factory reset that would wipe out all the personal data and apps stored on your device.
Ransomware delivering through malicious apps are growing increasingly and becoming more sophisticated with time, and this newly discovered LockerPIN Ransomware proves the theory.
The bottom line:
To avoid falling victims to malicious apps like Porn Droid and Adult Player, the saving grace for users is:
Don’t install apps outside of the Google Play Store.
Don’t grant administrator privileges to apps unless you truly trust them.