• Snapchat Hacker Threatens to Leaked thousands of Nude Celebriti Images

     

    The waves of celebrities nude photos have not yet stopped completely, and a new privacy threat has emerged exposing tens of thousands of private photographs and videos of innocent users are circulating over the Internet.

    The personal image that are believed to be sent through Snapchat — the ephemeral messaging service that allows users to send pictures that should disappear after a few seconds — has been floating on the image based 4chan’s notorious /b/ board since last night. The incident was result of a security breach in an unofficial third-party app for Snapchat.

    Earlier this week, an anonymous 4chan user claimed to have obtained images on Snapchat and then the user warned of releasing thousands of nude videos and images sent using Snapchat soon in an event dubbed ‘The Snappening’.

    Previously, It was believed that the official SnapChat mobile app or its servers had been hacked by the hackers, and the third-party Snapchat client app has been collecting every photo and video file sent through the messaging service for years, giving hackers access to a 13GB private Snapchat files.

    But Snapchat has denied that its service was ever compromised. Earlier today, Snapchat issued a statement about the “Snappening” and blamed its consumers for using unofficial and unauthorized third-party apps.

    “We can confirm that Snapchat’s servers were never breached and were not the source of these leaks,’ a Snapchat representative said in a statement. “Snapchatters were victimised by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.“

    The most worrying part for the users is that Snapchat was right. The personal data is supposed to be obtained from a website called SnapSaved.com — an external app used by a number of Snapchatters in order to save Snapchat photos without the sender knowing — which has been inactive for the past few months and is apparently independent of the official Snapchat service.

    However, Business Insider has pointed to SnapSaved.com, a site which is no longer functional, and the SnapSave app as potential sources of the leak. Meanwhile, an assortment of photos has been traced back to SnapchatLeaked.com — site also posted personal and nude photos of Snapchat users, indicating that the photos could have been circulating for months.

    “The Snappening” is named in reference to the recent celebrity nude photos leak that was called “The Fappening.” The incident comes just weeks after thousands of celebrity nude images were leaked online through 4chan website, following a hack of Apple’s iCloud.

    Snapchat was first hacked in December 2013 when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass The most worrying part for the users is that Snapchat was right. The personal data is supposed to be obtained from a website called SnapSaved.com — an external app used by a number of Snapchatters in order to save Snapchat photos without the sender knowing — which has been inactive for the past few months and is apparently independent of the official Snapchat service.

    However, Business Insider has pointed to SnapSaved.com, a site which is no longer functional, and the SnapSave app as potential sources of the leak. Meanwhile, an assortment of photos has been traced back to SnapchatLeaked.com — site also posted personal and nude photos of Snapchat users, indicating that the photos could have been circulating for months.

    “The Snappening” is named in reference to the recent celebrity nude photos leak that was called “The Fappening.” The incident comes just weeks after thousands of celebrity nude images were leaked online through 4chan website, following a hack of Apple’s iCloud.

    Snapchat was first hacked in December 2013 when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass vulnerabilities were discovered by the researchers at the beginning of this year.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • TripAdvisor’s Viator Hit by Massive 1.4 Million Payment Card Data Breach


    TripAdvisor’s Viator Hit by Massive 1.4 million Payment Card Data Breach

    TripAdvisor has reportedly been hit by a massive data breach at its Online travel booking and review website Viator, that may have exposed payment card details and account credentials of its customers, affecting an estimated 1.4 million of its customers.

    The San Francisco-based Viator, acquired by TripAdvisor – the world’s largest travel site – for £122 million (US$ 200 million) back in July, admitted late on Friday that the intruders have hacked into some of its customers’ payment card accounts and made unauthorized charges.

    The data breach was discovered in the bookings made through Viator’s websites and mobile offerings that could potentially affect payment card data.

    Viator said that the company has hired forensic experts to figure out the extent of the breach. Meanwhile, the company has begun notifying its affected customers about the security breach as said by the travel outfit in a press release.

    “On September 2, we were informed by our payment card service provider that unauthorized charges occurred on a number of our customers’ credit cards,” Viator wrote. “We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.”

    “While our investigation is ongoing, we are in the process of notifying approximately 1.4 million Viator customers, who had some form of information potentially affected by the compromise.”

    During investigation it found that the cybercriminals have broken into its internal databases and accessed the payment card data – including encrypted credit or debit card number, card expiration date, name, billing address and email address – of approximately 880,000 customers, and possibly their Viator account information that includes email address, encrypted password and Viator ‘nickname.’

    Additionally, the intruders may have also accessed the Viator account information, including email addresses and encrypted passwords, of over 560,000 Viator customers.

    According to the company, Debit-card PIN numbers were not included in the breach because Viator does not store them. The travel advisor said that they believe that the CVV number, the security numbers printed on the back of the customer’s credit card, were also not stolen in the breach.

    For those who are affected by the breach in United States, Viator is offering them identity protection and credit card monitoring services for free and and the company is also investigating the possibility of offering similar services to customers outside the country.

    Meanwhile, the company has warned its affected customers to regularly monitor their card activity and report any fraudulent charges to their card company. “Customers will not be responsible for fraudulent charges to their accounts if they are reported in a timely manner,” Viator said.

    Viator also recommends its users to change their password for the site, as well as all other websites that uses the same credentials.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Keylogger Optimized with AutoIT Infected Thousands of Computers

    A new surge of malware has been discovered which goes on to infect hundreds of thousands of computers worldwide and allegedly steals users’ social and banking site credentials.

     

    Few days back, a list of 5 million combinations of Gmail addresses and passwords were leaked online. The search engine giant, Google said that Gmail credentials didn’t come from the security breaches of its system, rather the credentials had been stolen by phishing campaigns and unauthorized access to user accounts.

     

    Just now, we come across another similar incident where cyber criminals are using a malware which has already compromised thousands of Windows users worldwide in an effort to steal their Social Media account, Online account and Banking account Credentials.

     

    A Greek Security Researcher recently discovered a malware sample via a spam campaign (caught in a corporate honeypot), targeting large number of computers users rapidly. He investigated and posted a detailed technical analyses of the malware on his blog.

     

    After reverse engineer the malware sample file, he found that the cybercriminals are using a combination of software AutoIT (Automate day-to-day tasks on computers) and a “commercial” Keylogger named “Limitless Keylogger” to make it FUD i.e. Fully Undetectable from static analysis.

     

    Keylogger is a critical type of software program for cyber criminals, which records every input typed into the keyboard and easily detects passwords for users’ Email accounts, Social Media accounts and Online Bank accounts.

     

    This malicious application captures every keystrokes users press and send them to a specified email address linked to the cyber criminal. More interestingly, the malware uses AutoIT in order to evade detection by Antivirus programs.

     

    Limitless Keylogger Optimized with AutoIT Infected thousands of Computers

     

    The malware distributed in the spam campaign comes as a WinRAR SFX executable file with a custom icon which drops 4 malicious files onto the victim’s computers with hidden and system attributes.

     

    The Malware archive includes:

     

    • AutoIT script ‘update.exe’ of 331MB
    • Python script to “deobfuscate” AutoIT script
    • oziryzkvvcpm.AWX – Settings for AutoIT script
    • sgym.VQA – Another Encrypted malware/Payload Binary
    Initially the obfuscated AutoIT Script is of size 331MB, because it contains lots of garbage content, but after deobfuscate process it becomes only 55kbyte in size with clean malicious code.

     

    Researcher found lot of functions and various functionalities in the malware code those allow the malicious software to protect itself from detection.

     

    On Further reserve engineering, he found that the malware sends the collected keystroke data to the cybercriminal via SMTP email server. So he sniffed the whole conversation of malware SMTP traffic and discovered that the keylogger was sending all keystrokes of the user, screenshots, recovery data (saved passwords from several applications/browsers) to an email ID – “ontherun4sales@yandex.ru”.

     

    He also extracted the hardcoded SMTP email ID username and passwords of the respective Yandex mail address from the malware source code.
    Limitless Keylogger Optimized with AutoIT Infected thousands of Computers
    Researcher told SecNews, “The detection was accomplished in the past few days and found that the malware was being Greek is targeting users (minimum numerical cases).
    Possibly some Indonesian hackers might have used the malicious software available on the Russian hacking forum sites” they said. “and the targets are well known companies from retail industry,oil,airlines etc
    At last, the researcher also disclosed some online FTP servers using Google hacks, where the data has been uploaded by the different variants of the Limitless Logger by various hacking groups.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Cell phone Users can be Secretly tracked Across the globe thanks to SS7 Tracking System

    Since we are living in an era of Mass surveillance conducted by Government as well as private sector industries, and with the boom in surveillance technology, we should be much worried about our privacy.
    According to the companies that create surveillance solutions for law enforcement and intelligence agencies, the surveillance tools are only for governments. But, reality is much more disappointing. These surveillance industries are so poorly regulated and exceedingly secretive that their tools can easily make their way into the hands of repressive organizations.
    Private surveillance vendors sell surveillance tools to governments around the world, that allows cellular networks to collect records about users in an effort to offer substantial cellular service to the agencies. Wherever the user is, it pinpoint the target’s location to keep every track of users who own a cellphone — here or abroad.
    We ourselves give them an open invitation as we all have sensors in our pockets that track our every move wherever we go.
    WHAT WENT WRONG
    The tracking technology takes advantage of the SS7, a global network, which is unfortunately vulnerable.
    SS7 or Signaling System Number 7 is a protocol suite used by most telecommunications operators throughout the world to communicate with one another when directing calls, texts and Internet data. It allows cell phone carriers to collect location information from cell phone towers and share it with each other. A United States carrier will find its customer, no matter if he or she travels to any other country.
    The Washington Post published an awesome article on surveillance technology that can track cell phone users anywhere in the world. Surveillance vendors also now have access to SS7, so that their customers can home in on somebody’ locations as precisely as within a couple of city blocks (or in rural areas, a couple of miles).
    These systems are so effective that it can even detect how fast a person on a city street is walking, or the speed a person’s car is traveling!

    The system was built decades ago, when only a few large carriers controlled the bulk of global phone traffic. Now thousands of companies use SS7 to provide services to billions of phones and other mobile devices, security experts say,” explains the post.

    All of these companies have access to the network and can send queries to other companies on the SS7 system, making the entire network more vulnerable to exploitation. Any one of these companies could share its access with others, including makers of surveillance systems.

    SS7 TRACKING SYSTEM PAIRED UP WITH ‘CATCHERS’
    It is believe that dozens of countries have bought or leased this surveillance technology in the last few years. Having a close look at such tools, it has been discovered that some of the companies that sell SS7 tracking system are advising their customers to pair them with “IMSI catchers” or StingRays.
    StingRays are common surveillance devices that allow law enforcement to mimic a cell phone tower, and track users position who connect to it, and sometimes even intercept calls and Internet traffic, send fake texts, install spyware on a phone, and determine precise locations.

    What’s interesting about this story is not that the cell phone system can track your location worldwide,” said Bruce Schneier, a senior security researcher. “That makes sense; the system has to know where you are. What’s interesting about this story is that anyone can do it.”

    Privacy advocates are not only worried by governments getting their hands on these systems, but also about hackers and criminal gangs using it.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • New file-encrypting ransomware called CryptoGraphic Locker

    A new file-encrypting ransomware was discovered today by BartBlaze called CryptoGraphic Locker. Just like other encrypting ransomware, this infection will scan your your data files and encrypt them so that they are unusable. The infection will then display a ransom note that requires you to purchase the decryption key in order to decrypt your files. The initial cost to purchase the key is .2 BTC, or approximately $100 USD, which makes this one of the cheaper ransoms that we have seen in a long time. Though the ransom starts out small, there is a 24 hour timer built into the application that will increase the ransom amount each time it hits 0.

    Computer Virus Removal in Fort Lauderdale
    Cryptographic Locker

    When you are infected with CryptoGraphic Locker, the application will configure itself to start when you login to Windows. It will then scan your drives for data files and create new encrypted copies using AES encryption and then delete the old ones. These new files will be renamed to have the extension .clf. A list of all encrypted files will be stored in the %Temp%\CryptoLockerFileList.txt file. The data files that CryptoGraphic Locker targets are:

    .odt,.ods,.odp,.odm,.odc,.odb,.doc,.docx,.docm,.wps,.xls,.xlsx,.xlsm,.xlsb,.xlk,.ppt,.pptx,.pptm,.mdb,.accdb,.pst,.dwg,.dxf,.dxg,.wpd,.rtf,.wb2,.mdf,.dbf,.psd,.pdd,.pdf,.eps,.ai,.indd,.cdr,.dng,.3fr,.arw,.srf,.sr2,.mp3,.bay,.crw,.cr2,.dcr,.kdc,.erf,.mef,.mrw,.nef,.nrw,.orf,.raf,.raw,.rwl,.rw2,.r3d,.ptx,.pef,.srw,.x3f,.lnk,.der,.cer,.crt,.pem,.pfx,.p12,.p7b,.p7c,.jpg,.png,.jfif,.jpeg,.gif,.bmp,.exif,.txt

    When the infection has finished encrypting your data it will display a ransom screen that explains how you can pay the ransom and decrypt your files. Unlike other file-encrypting ransomware that have been released lately, instead of using a decryption site, the malware application itself allows you to make payments, receive your decryption keys, enter your key to decrypt files, etc. While the infection is running it will also terminate the following applications if they are started or are running: Process Hacker, MalwareBytes, Spyhunter, Msconfig, Task Manager, Registry Editor, System Restore, or Process Explorer.

    Last, but not least, the infection will also change your Windows desktop background to the background below. Suprisingly, it uses the CryptoLocker name in the wallpaper instead of the CryptoGraphic Locker name that it uses in the application window.

    wallpaper.jpg

    At this time the Command & Control servers are down, so there is no way to pay the ransom. There is, though, some good news for those who are infected. This ransomware does not delete files using a secure deletion method and does not wipe your system restore points. Therefore you can use a file recovery tool to undelete your files or a program like Shadow Explorer to restore your files from Shadow Volume Copies. Information on how to restore your files from Shadow Volume Copies can be found in the CryptoLocker guide.

    Thanks to BartBlaze, Decrypterfixer, and Cody Johnston for providing info on this malware.

    File additions and registry changes are:

    %Temp%\CryptoLockerFileList.txt
    %Temp%\wallpaper.jpg
    <Path to Dropper>\<random.exe
    
    HKCU\Control Panel\Desktop\Wallpaper	"C:\Users\User\AppData\Local\Temp\wallpaper.jpg"(old value="")
    HKCU\Control Panel\Desktop\WallpaperStyle	"1"(old value="10")
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\CLock
    
    

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida
    

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable


  • Rise in Anti-Child Porn Spam Protection Ransomware infections

    This ransomware pretends to be from a legitimate government organization that states that the infected computer is sending out SPAM that contains links to child pornography sites. The ransom program then states that in order protect yourself, and others, it has encrypted your data using Advanced Encryption Standards, or AES, encryption. Just like the Malware Protection and the ACCDFISA Protection Program variants, these files are not actually encrypted but are password protected RAR files.

    sl.png

    ScreenLocker window for ACCDFISA v2.0, There are actually a few different versions of this. ACCDFISA v2.0 HTML file, These can be worded slightly different, and can have different emails to message the virus creator.

    There seems to be either a leak of the ACCDFISA v2.0 source, or the creator is mixing up the layout of Ransom Note, Screen Locker, and even the internal code. So far I have found 3 different version of ACCDFISA v2.0 with different contact emails, Ransom Notes, Code, and what is worse is even the method of delivery. The previous ACCDFISA v2.0 mostly only affected servers with RDP enabled with weak security. But the last 2 victims I have been messaging had neither a server or RDP enabled, and claimed to have gotten it either by email or a malicious or hacked site. This makes this older modified infection another top placer for worst encrypting infections because the key is unrecoverable, Restore Points are wiped, the computer is locked down, services are mangled, free space and deleted files are wiped with SDelete, and of course files are encrypted with WinRar SFX AES exe’s.

    For informational purposes, the 2 virus creator emails I have found with these variants are brhelpinfo@gmail.com and Dextreme88@gmail.com.

    When first run, this program will scan your computer for data files and convert them to password protected RAR .exe files. These password protected data files will be named in a format similar to test.txt(!! to decrypt email id <id> to <Email>@gmail.com !!).exe. It will then use Sysinternal’s SDelete to delete the original files in such a way that they cannot be undeleted using file recovery tools. It will also set a Windows Registry Run entry to start c:\<Random Number>\svchost.exe when your computer starts. This program is launched immediately when you logon and blocks access to your Windows environment. If you boot your computer using SafeMode, Windows Recovery disk, or another offline recovery CD, you can delete or rename the c:\<Random Number>\svchost.exe file in order to regain access to your Windows Desktop. This “lockout” screen will also prompt you to send the hackers the ransom in order to get a passcode for the system lockout screen and for your password protected files.

    This variant took 3 hours to completely finish on my VM. I was able to access the key file, and decrypt nearly all files and back them up before shutdown. So if you are lucky enough to see this happening, you should immediately backup the key file on the desktop / in the ProgramData folder.

    Sadly, just like the past variants, files cannot be decrypted either without the key, or a backup. If you are reading this infection free I have one question, Have you backed up today?. If not, you better get to it as these types of computer infections are on the rise and definitely here to stay!

    The files that this infection creates when it is installed are:

    File List:

    c:\<Random>\svchost.exe – ScreenLocker / Decrypter

    c:\<Random>\howtodecryptaesfiles.htm – RansomNote that all RansomNotes lnk’s point to

    c:\ProgramData\fdst<Random>\lsassw86s.exe Encrypter / Main dropper

    c:\ProgramData\<Random>\<Random>.dll – Different Numbers and Hashes used by the infection / Also where Temp Key is kept, But removed after completion

    c:\ProgramData\<Random>\<Random>.DLLS List of files to be infected by WinRar

    c:\ProgramData\<Random>\svchost.exe – WinRar CUI renamed

    c:\ProgramData\<Random>\svchost.exe – Sdelete Renamed

    c:\ProgramData\svcfnmainstvestvs\stppthmainfv.dll List of Numbers used by the infection

    c:\ProgramData\svtstcrs\stppthmainfv.dll List of Numbers used by the infection

    c:\Windows\System32\backgrounds2.bmp Renamed ScreenLocker / Decrypter, Used to replace the one in ProgramData if deleted

    c:\Windows\System32\lsassw86s.exe Renamed Encrypter / Main dropper, Used to replace the one in ProgramData if deleted

    c:\Windows\System32\scsvserv.exe Used to complete mangle / disable services to further lock down computer

    c:\Windows\System32\lsassvrtdbks.exe Assists with encryption

    c:\Windows\System32\session455.txt Temp Storage used with .BAT file to logoff user account

    c:\Windows\System32\decryptaesfiles.html Used to copy to ProgramData

    c:\Windows\System32\Sdelete.dll Used to copy Sdelete to ProgramData

    c:\Windows\System32\kblockdll.dll Used to Lock desktop

    c:\Windows\System32\btlogoffusrsmtv.bat Used to log user off

    c:\Windows\System32\default2.sfx Used with winrar to encrypt files

    c:\Windows\System32\cfwin32.dll WinRar CUI renamed

    %Desktop%\<Random>.Txt – Also contains Decrypt Key, But removed after completion

    Registry List:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run C:\<Random>\svchost.exe – Launches ScreenLocker

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run C:\<Random>\svchost.exe – Launches ScreenLocker

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run C:\ProgramData\<Random>\svchost.exe – Launches ScreenLocker

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Microsoft throws old versions of Internet Explorer under the bus

    Come 2016, if you’re not up to date you’re on your own – enjoy your security bugs

    Microsoft has confirmed that it’s ending support for old versions of Internet Explorer, and it’s giving you just shy of 18 months to get up to date.

    Roger Capriotti, director of the IE team, blogged on Thursday that beginning on January 12, 2016, only the most recent version of IE on any supported version of Windows will continue to receive technical support and security updates.

    As of today, that means IE9 on Windows Vista SP2 and Windows Server 2008 SP2, IE10 on Windows Server 2012, and IE11 on any later version of Windows (including Windows Server 2012 R2).

    In fact, the only reason IE9 is still being supported on Vista is because no later versions will run on that little-loved OS. IE9 never won high marks from web devs, and Google, for one, has already discontinued support for it in Gmail and Google Apps.

    “For customers not yet running the latest browser available for your operating system, we encourage you to upgrade and stay up-to-date for a faster, more secure browsing experience,” Capriotti wrote.

    Microsoft is a late convert to web-standards religion, having spent the better part of 20 years releasing browsers that rendered sites in ways that were incompatible with rivals like Firefox, Chrome, and Safari.

    These days, the software giant markets standards compliance as a key feature of IE11, and it has even gone as far as to claim it’s had to build workarounds into its browser to support websites that are coded using the competition’s nonstandard features.

    Redmond even seems to want to atone for its own past bad behavior. It’s now encouraging commercial customers who have built their bespoke web apps for older, patently terrible versions of IE to upgrade to IE11 and use its “Enterprise Mode” to maintain backward compatibility with those standards-shirking browsers.

    Enterprise Mode, which Microsoft shipped with the Windows 8.1 Update and as a standalone patch in April, makes IE11 behave like IE8, even going as far as to announce the old version to websites and ActiveX controls that have been hard-coded for specific browser releases.

    Concurrent with its announcement of the end of support for old IE versions, Microsoft said on Thursday that it will continue to support Enterprise Mode through the full lifecycle of whichever OS IE11 is running on – meaning it will be supported on Windows 7 through January 14, 2020, for example.

    As Microsoft points out, however, most consumers won’t have to worry about much of this – at least until their version of Windows reaches the end of its lifecycle – because they get the latest version of IE installed automatically as a function of Windows Automatic Updates.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Secret Government and Law enforcement spyware leaked

     

    Company That Sells 'FinFisher' Spying Software Got Hacked, 40GB Data Leaked
    FinFisher spyware, a spyware application used by government and law enforcement agencies for the purpose of surveillance, appears to have been hacked earlier this week and a string of files has been dumped on the Internet.
    The highly secret surveillance software called “FinFisher” sold by British company Gamma International can secretly monitors computers by turning ON webcams, recording everything the user types with a keylogger, and intercepting Skype calls, copying files, and much more.
    A hacker has claimed on Reddit and Twitter that they’d infiltrated the network of one of the world’s top surveillance & motoring technology company Gamma International, creator of FinFisher spyware, and has exposed 40GB of internal data detailing the operations and effectiveness of the FinFisher suite of surveillance platforms.
    The leaked information was published both on a parody Gamma Group Twitter account (@GammaGroupPR) and Reditt by the hacker that began publishing links to the documents and satirical tweets.
    The leaked files includes client lists, price lists, source code of Web Finfly, details about the effectiveness of Finfisher malware, user and support documentation, a list of classes/tutorials, and much more.
    The Reddit post Gamma International Leaked in self.Anarchism said, “a couple days ago [when] I hacked in and made off with 40GB of data from Gamma’s networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lots of other stuff in that 40GB.”

    The FinFisher files were first leaked on Dropbox as a torrent file and since have been shared across the internet, which means that it is now impossible to stop the information from being leaked.

    One spreadsheet in the dump titled FinFisher Products Extended Antivirus Test dated April this year, details the anti-virus detection rates of the FinFisher spyware which German based Gamma Group sold to governments and law enforcement agencies.

    It shows how FinFisher performed well against 35 top antivirus products. That means FinFisher would probably not be detected by a targeted users’ security systems.


    One more document also dated April this year has been identified that detailed release notes, for version 4.51 of FinSpy, show a series of patches made to the products including patch to ensure rootkit component could avoid Microsoft Security Essentials, that the malware could record dual screen Windows setups, and improved email spying with Mozilla Thunderbird and Apple Mail.


    The file dump also reveals that FinFisher is detected by OS X Skype (a recording prompt appears), so the users of OS X Skype would be alerted to the presence of FinFisher by a notification indicating that a recording module was installed.
    Company That Sells 'FinFisher' Spying Software Got Hacked, 40GB Data Leaked
    FinFisher cannot tap Windows 8 users, so rather the desktop client, the users should opt for the Metro version of Skype.
    The dump also contains a fake Adobe Flash Player updater, a Firefox plugin for RealPlayer and an extensive (though still undetermined) documentation for WhatsApp.

    A price list, which appeared to be a customers’ record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each,” the Reg. reported. “The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform.”

    The leaked documents also included a FinSpy user manual and brochure. This previously kept so-called spying secret is not a secret now and we’ll be going to find a lot more in the upcoming weeks.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Airplanes can be hacked through the Inflight Entertainment system

     

    Airplanes Can be hacked through the onboard entertainment system

    Airplanes can be hacked via Inflight Entertainment system

    Almost a year ago, at the ‘Hack In The Box’ protection peak in Amsterdam, a protection specialist at N.Runs and a professional air travel lead, Hugo Teso presented a business presentation that it’s possible to take control of airplane journey techniques and emails using an Android operating system smart phone and some specific attack code.

    Quite similar to the previous one, a protection specialist statements to have developed a method that can give online scammers access to the satellite tv emails equipment on traveler airplanes through their WiFi and in-flight enjoyment techniques.

    Cyber protection expert Ruben Santamarta, a advisor with online protection firm IOActive, will reveal his analysis and all the technical details this week at a major Las Las vegas cyberpunk meeting, Black Hat meeting, showing How professional airliner satellite tv interaction techniques can also be affected by online hackers, along with the proof of satellite tv emails system weaknesses that questions the factors these techniques are using.

    Santamarta analysis paper named “SATCOM Terminals: Coughing by Air, Sea and Land” describes that delivers, airplane and plants are all at risk of being affected — perhaps with disastrous results.

    We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify or re-route traffic provides an invaluable opportunity to carry out attacks,” Santamarta wrote in his paper.

    Until now, it’s just a declare, but if verified, could immediate a extensive rebuild of airplane protection and other SATCOM devices, and throw evaluation on the way its digital protection have been handled in previous times.

    According to the researcher’s subjective of the discuss published, he will describe how gadgets marketed by the world’s major SATCOM providers contain important protection faults. IOActive also stated to have identified that “100 % of the gadgets could be abused” by an range of strike vectors.

    “In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it.” Santamarta wrote in the description to his talk. He told Reuters, “These devices are wide open. The goal of this talk is to help change that situation.”

    Many of SATCOM providers techniques have hardcoded log-in qualifications — same qualifications used in several techniques — providing online hackers potential to grab qualifications from one program and use them to access other techniques, as a result of it, online hackers can turn off the emails and can intervene with the plane’s routing.

    The specialist found the weaknesses by “reverse engineering” the extremely particular software known as firmware, used to function emails devices made by Cobham Plc, Harris Corp, EchoStar Corp’s Gaines System Systems, Iridium Communications Inc and Asia Stereo Co Ltd.

    Meanwhile, he found a concept that a cyberpunk could make use of a plane’s on board Wi-Fi indication or in-flight enjoyment program to crack into its avionics devices. This could allow them to affect or change the plane’s satellite tv emails, possibly disrupting the aircraft’s routing and protection techniques.

    However, it is really worth noting that just because a security specialist is capable of doing the crack, doesn’t mean online hackers are doing it or can easily execute it, too. Santamarta has also recognized that his hackers showing the concept have been performed in managed test, and he is not sure how realistic the crack would be in real life.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • SandroRAT Mobile Phone Android Malware that Disguises as Kaspersky Mobile Security

    Researchers have warned users of Android devices to avoid app downloads from particularly unauthorized sources, since a new and sophisticated piece of malware is targeting Android users through phishing emails.
    The malware, dubbed SandroRAT, is currently being used by cybercriminals to target Android users in Poland via a widely spread email spam campaign that delivers a new variant of an Android remote access tool (RAT).
    The emails masquerade itself as a bank alert that warns users of the malware infection in their mobile device and offers a fake mobile security solution in order to get rid of the malware infection.
    The mobile security solution poses as a Kaspersky Mobile Security, but in real, it is a version of SandroRAT, a remote access tool devised for Android devices, whose source code has been put on sale on underground Hack Forums since December last year.
    A mobile malware researcher at McAfee, Carlos Castillo, detailed the new variant of Android remote access trojan over the weekend. According to the researcher, the package spread via phishing campaign is capable of executing several malicious commands on the infected devices.
    SandroRAT gives the attacker an unrestricted access to sensitive details such as SMS messages, contact lists, call logs, browser history (including banking credentials), and GPS location data stored in Android devices and store all the data in an “adaptive multi-rate file on the SD card” to later upload them to a remote command and control (C&C) server.

    Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain complete control of a device with a tools like SandroRat,” wrote Carlos Castillo. “This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks.”

    This new version of SandroRAT also has a self-update feature in it and it can install additional malware through user prompts for such actions. The malware gives the attacker full control over the messages, who can intercept, block and steal incoming messages, as well as insert and delete them.
    It also appears that the attacker can send multimedia messages with specific parameters sent by the C&C server and can also record nearby sounds using the device’s mic.
    Castillo also notes that the SandroRAT variant of malware had decryption capabilities for older releases of Whatsapp messaging app. But, the users running the latest version of Whatsapp in their Android devices are not vulnerable because the developers adopted a stronger encryption scheme.

    This decryption routine will not work with WhatsApp chats encrypted by the latest version of the application because the encryption scheme (crypt7) has been updated to make it stronger (using a unique server salt),” Castillo explained. “WhatsApp users should update the app to the latest version,” he advised.

    Users are advised to avoid application downloads from unauthorized sources, particularly when the app download link is send through an email. Good practice is to always prefer downloading apps from the Google Play Store or other trusted sources.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


  • How To Download YouTube Videos FREE – No Program needed

    How To Download YouTube Videos (without IDM or Any Youtube Downloader)

    1. Open Youtube Video you want to Download in your browser. See sample below

    [​IMG]

    2. Type “ss” in before word youtube in the link.“Look at Sample Below

    [​IMG]

    3. After than a new website will opened – https://en.savefrom.net/

    [​IMG]


    4. Now you can download youtube videos.


  • Computers for sale – Laptops for sale – Used Computers – We buy computers

    DELL – HP – COMPAQ – SONY – ACER – TOSHIBA – LENOVO – GATEWAY – ASUS

    COMPUTER SALE AND LAPTOP SALE

    Computer sales in Fort Lauderdale – PC’s for saleUsed Computers fort lauderdale – Refurbished laptops for sale and more.

    Buy and Sale Computers and Laptops

    Are you looking to buy a used computer? Complete Computer Repair Services sells used computer equipment new and used laptops for sale, used desktop PC’s all major brands, and Peripherals. Computer equipment in complete working condition, used computers are sold with a 30 day warranty. We sell used computers to a variety of customers including used computer retail stores, end user customers, and wholesale dealers.

    • Used Dell Desktops
    • Used Dell Laptops
    • Used HP Desktops
    • Used Sony Desktops
    • Used Sony Laptops
    • Used HP Laptops
    • Used IBM Computers
    • Used Acer Computers

    Wholesaler of computers, Importer and exporter of computer equipment. We Buy Used Computers and Sale Used computers– Come see our inventory!

    We buy and sell used computer equipment including:

    For Sale New & Used Computer parts: Monitors, hard drives, Power Chargers, CD and DVD drives, Memory (RAM), Batteries and more

    www.CCREPAIRSERVICES.COM

    Local PC Distributor Tel. 754-234-5598

    FAST SAME DAY COMPUTER REPAIR, VIRUS REMOVAL AND LAPTOP SCREEN REPAIR SERVICE