Jump to content

Search the Community

Showing results for tags 'hacking'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • ChainScriptz
    • News
    • Site Updates
    • Add Links
    • Feedback and Comments
  • Miscellaneous
    • Welcome Intro
    • Jokes
    • Chit Chat
    • Radio Stations
    • Hot Picks
    • Test Forum
  • IRC Help and News
    • Scripting Help
    • IRCd Snippets
    • IRCd Chat
    • Chat Networks
    • Eggdrop
    • Script Reviews
    • mIRC Chat
    • IRC Servers & Rooms
    • mIRC Tutorials
    • IRC Clients
  • Tutorials
    • IRC Network Tutorials
    • IRC Client Tutorials
  • Coding Corner
    • WebSite Corner
  • Archives
    • MSN Chat
    • Defunct Chat Networks
    • Gallery
  • Sparkpea
  • Oasiz Chat
  • Phreik Chat
  • Icons & Toolbars
  • Koach.com
  • MTS Themes
  • MSN Old Scriptz
  • New Downloads
  • Support Files & DLL's
  • Vibe SN
  • Maztal
  • Slovenain Scriptz
  • Italian Scriptz
  • Turkish IRC Scriptz
  • Greek Scriptz
  • Script Support Files & DLL's
  • Groups
  • Security Software - Daily Updates
  • Security Programs - Updates
  • General Software - Updates
  • Other Operating Systems - Updates
  • Social Networks
  • Software Reviews
  • Security News and Alerts
  • Virus, Spyware and Trojan Removal
  • Security Bulletins


  • Info Addons
  • Buzzen
    • Buzzen Addons
    • Buzzen Archives
  • Sparkpea (ircwx)
    • Sparkpea Scripts (ircwx)
    • Sparkpea Connections (ircwx)
  • Scriptz(IRC)
    • Addons
    • War Scriptz
  • International Scripts(IRC)
    • Greek IRC Scriptz
    • Italian Scriptz
    • Slovenain Scriptz
    • Turkish IRC Scriptz
    • Swedish Scripts
    • Russian Scriptz
    • French Scriptz
  • TCN
  • essential chat
  • Net4110
  • Script Support Files & DLL's
  • IRC Administration Resources
  • IRCd's
  • Server Clients
  • Phoenix Chat
  • Scripting Essentials
  • Phreik Chat
    • Addons
    • Games
  • MSN Archive Scripts
    • MSN Addons
  • Sparkpea Scripts
    • Sparkpea Connections
    • Sparkpea Addons
    • Sparkpea Vincula Scripts
    • sparkpea Trivia & Game scripts
  • Tutorials
  • EggDrop
    • Anti-Spam Scripts
    • Info Scripts
  • Dlls


  • Welcome To ChainScriptz Blog
  • chat Networks
  • How is IRC used in the modern world?

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 18 results

  1. Another WordPress plugin has now joined the list of plugins exhibiting threatening security flaws. This time, the vulnerability appeared in the GDPR Cookie Consent plugin and risked the integrity of 700,000 websites. GDPR Cookie Consent Plugin Vulnerability Reportedly, a researcher from NinTechNet, Jerome Bruandet, has discovered a serious vulnerability in the GDPR Cookie Consent plugin. The bug, considering the 700,000+ active installations of the plugin, could have risked thousands of websites. As explained in a blog post, Bruandet, found a critical XSS flaw in the plugin that existed due to lack of capability checks in AJAX endpoint. In turn, it exposed the values autosave_contant_data and save_contentdata, enabling an attacker to conduct malicious activities. Specifically, exploiting save_contentdata could have let an adversary to pull published data offline, or entirely delete it. Whereas, exploiting autosave_contant_data could allow injecting malicious JavaScript codes to the site. Alongside Bruandet, the team Wordfence has also reviewed this vulnerability after they noticed updates in the plugin. The flaw particularly caught their attention after the plugin was closed for review, as stated in their post. They have deemed the bug a critical severity flaw with a CVSS score of 9.0. Patch Rolled Out The researcher Bruandet found the vulnerability and reported it to the plugin developers on January 28, 2020. The bug affected plugin versions until 1.8.2. Consequently, the developers patched the vulnerability with the release of GDPR Cookie Consent v.1.8.3. Since the fix is out, users must ensure they update their plugin to the latest versions to prevent potential exploits. GDPR Cookie Consent is a dedicated WordPress plugin that facilitates site admins in ensuring site compliance with GDPR. Earlier this year, WordFence team also discovered vulnerabilities in other WordPress plugins that also threatened thousands of users. These vulnerable plugins include Code Snippets, WP Time Capsule, and InfiniteWP Client.
  2. Another wave of ransomware attacks are targeting systems with a novel strategy. As discovered by researchers, the new ransomware campaign installs malicious Gigabyte drivers on target devices to evade defense mechanisms. Ransomware Campaign Uses Malicious Gigabyte Drivers Researchers from the Sophos Labs have unveiled an active ransomware campaign exploiting Gigabyte drivers. As shared in their report, the new ransomware attack evades security checks by installing malicious Gigabyte drivers on target systems. The researchers investigated two different ransomware incidents involving Robinhood ransomware. In both cases, the attackers also installed signed drivers on the systems to disable the antivirus solution or any other security program. Digging further revealed that the attackers have exploited a known vulnerability CVE-2018-19320 in the Gigabyte drivers. While the vendors have withdrawn the vulnerable drivers, the drivers still exist. Moreover, the drivers still bear digital signatures from Verisign who have not revoked the certificates. Thus, the attackers continue to exploit the drivers for waging ransomware attacks on high-profile targets. As stated by the researchers, In this attack scenario, the criminals have used the Gigabyte driver as a wedge so they could load a second, unsigned driver into Windows. This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference. The malware places numerous files to the ‘temp’ folder of the target system, which then further execute malicious activities. The table below gives a quick glimpse of these files. Source: Sophos More details about the attack scenario are available in the researchers’ post. Possible Mitigations Earlier, having a robust antimalware solution was considered sufficient for protecting against a malware/ransomware attack. However, now, when more and more ransomware are adopting different tactics to evade security checks, an antivirus no more remains a dependable solution. The same applies to Robinhood ransomware attacks as well. Therefore, Sophos recommends employing multiple measures to ensure security. These include the use of multi-factor authentication, having complex passwords, restricting access of users to critical systems/networks, maintaining up-to-date backups, and limiting RDP. Users must also ensure activating the Tamper Protection feature of their respective security solution to prevent any malware from disabling the endpoint security. Read more here: https://latesthackingnews.com/2020/02/12/new-ransomware-attacks-install-malicious-gigabyte-drivers-to-disable-antivirus/
  3. Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.According to Qualys Research Labs, who discovered this vulnerability, the issue resides in the OpenSMTPD's sender address validation function, called smtp_mailaddr(), which can be exploited to execute arbitrary shell commands with elevated root privileges on a vulnerable server just by sending specially crafted SMTP messages to it. https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html
  4. The Japanese vendor Mitsubishi Electric declared a network hack last week in a press release. As revealed at the time (through the translated version of the press release), their network suffered the attack in June 2019. As a result, their system exposed data to the attackers, including “personal information and corporate confidential information”.  They did specify that the incident did not expose any important data relating to business partners. However, they did not reveal much technical detail about the incident. Then in an updated press release,  they confirmed that the incident occurred due to unauthorized access to their network and may have leaked some “trade secrets”. According to the (translated version of) the press release, some 200 MB of files was exposed that included data such as employment applicant information (1987 people), employee information (4566 people), and data related to retired employees of affiliate companies (1569 people). It also included some corporate data such as “technical material, sales materials, etc.”. Furthermore, they also explained the cause behind the attack, which turned out to be a bug in their antivirus. As stated (translated),Attribution link: https://latesthackingnews.com/2020/01/28/hackers-exploited-trend-micro-antivirus-zero-day-in-mitsubishi-electric-hack/
  5. Reportedly, Mozilla has recently banned a large number of Firefox browser extensions for malicious activity. The tech giant has banned 197 different add-ons in the previous weeks, which were found running malicious code. Among these, around 129 extensions belonged to 2Ring, which Mozilla removed for executing remote code. This is something in contrast to Mozilla’s policy which does not allow downloading dynamic codes from remote servers. For the same reason, Mozilla also banned six extensions belonging to Tamo Junto Caixa, and three other ‘fake premium products’. Similarly, they also banned thirty other add-ons for exhibiting malicious behavior on third-party websites. Other banned extensions include five add-ons for collecting search terms and intercepting searches, and separate batches of two, nine, and three add-ons for using obfuscated codes.Attribution link: https://latesthackingnews.com/2020/01/28/mozilla-bans-197-malicious-firefox-add-ons-amidst-crackdown/
  6. The 33-year-old former Amazon software engineer accused of hacking Capital One made little attempt to hide her attack. In fact, she effectively publicized it. It’s one of many riddles swirling around Paige Thompson, who goes by the online handle “erratic.” Well-known in Seattle’s hacker community, Thompson has lived a life of tumult, with frequent job changes, reported estrangement from family and self-described emotional problems and drug use. more here: https://globalnews.ca/news/5711965/capital-one-hack-paige-thompson/
  7. Researchers from Kaspersky have discovered some old malware active in the wild again. Identified as Faketoken, the old Android banking trojan is now back with more malicious functionality. The malware first emerged several years ago and was among the most widespread banking trojans in 2014. At that time, Faketoken meddled with the device-messaging only once to proceed with fraudulent transactions. However, in 2016, it became more sophisticated in stealing money, as it overlaid apps to steal users’ bank account credentials. At the same time, it also served as ransomware by encrypting the device data.  Whereas, in the following year, it emerged whilst impersonating popular e-wallets and mobile banking apps to bluff users. Hijacking Phone For Sending SMS Elaborating on their findings in a blog post, the researchers stated that their ‘Botnet Attack Tracking’ system recently found at least 5000 devices infected with Faketoken. They found all these devices involved in sending text messages. The researchers considered this behavior ‘unusual’ for a banking trojan. Scratching the surface revealed that the typical banking trojan has now emerged as an even more malicious virus. Faketoken now hijacks the victim devices to send messages to premium rate numbers. Whereas, in case of lack of balance, the attackers behind the malware can top up the victim mobile account through their bank account. Such messages will further cost the victim as the researchers found most messages being sent to foreign numbers. While, for now, it is unclear as to how Faketoken is targeting devices. Nonetheless, the usual precautions, which are avoiding downloads from third-party app stores, avoiding URLs received via SMS messages, reviewing app permissions, and empowering devices with robust mobile antivirus tools can help the Android users stay safe.Attribution link: https://latesthackingnews.com/2020/01/20/android-banking-trojan-faketoken-now-also-messages-premium-rate-phone-numbers/
  8. The security expert Barak Tawily demonstrated that opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a 17-year-old known bug in the browser. The researcher published the details of the attack through TheHackerNews website and demonstrated that his technique works against the latest version of Firefox. “Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.” reported TheHackerNews. The expert was analyzing the implementation of the Same Origin Policy in Firefox when discovered that it is vulnerable to local files theft attack. “Recently, I was performing a research on Same Origin Policy attacks, I managed to realize that the la version of Firefox (currently 67) is vulnerable to local files theft attack (on any supported OS), due to improper implementation of Same Origin Policy for file scheme URIs. Let’s go over the PoC details then I will provide an explanation of why its not patched yet.” wrote the expert. According to Tawily, Firefox didn’t fix the flawed implementation of the Same Origin Policy (SOP) for File URI Scheme over the years. The expert also shared details of its PoC and a video PoC of the attack. Tawily explained how an attacker can easily steal secret SSH keys of Linux victims if they save downloaded files in the user-directory that includes SSH keys in its subfolder. Attacker sends email to victim with attachment file to be downloaded / Victim browse to malicious website and download file The victim opens the HTML malicious file The file loading the containing folder in an iframe (so my file path is file:///home/user/-malicious.html, and the iframe source will be file:///home/user/) The victim thinks he clicks on a button on the malicious HTML, but in fact he is clicking on the malicious file html inside the iframe’s directory listing (using ClickJacking technique, in order to apply the “context switching bug” which allows me access the directory listing of my containing folder) The malicious iframe now have escalated privileges and is be able to read any file on the folder contains the malicious file, (in most cases downloads folder, in my case is file:///home/user/). The malicious file is able to read any file on it’s containing folder (file:///home/user/), such as SSH private key by simply fetching the URL file:///home/user/.ssh/ida_rsa and stealing any file by 1 more fetch request to the attacker’s malicious website with the files’ content. The attacker gains all files in the folder containing the malicious file exploit this vulnerability An attacker could successfully carry out the attack by tricking victims into downloading and opening a malicious HTML file on the Firefox web browser and into clicking on a fake button to trigger the exploit. “Tawily told The Hacker News that all the above-mentioned actions could secretly happen in the background within seconds without the knowledge of victims, as soon as they click the button place carefully on the malicious HTML page.” continues The Hacker News The expert reported the flaw to Mozilla, but the company seems to have no intention to fix the issue soon. “Our implementation of the Same Origin Policy allows every file:// URL to get access to files in the same folder and subfolders.” reads the reply from Mozilla.
  9. A few days ago, Riviera Beach City agreed to pay $600,000 in ransom, now less than a week later, another city in Florida opted to do the same to recover its data after a ransomware attack. The victim is Lake City, Florida, that during an emergency meeting of the city council held on Monday, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000. Lake City is a small city in Florida with a population of 65,000 that was hit by ransomware earlier on June 10. “On Monday June 10th, 2019, the City of Lake City was targeted by a malware attack known as ‘Triple Threat.'” states the press release published by the city. “This ransomware program combines three different methods of attack to target network systems. As a result of this attack, many City systems are currently out of order. City personnel are working diligently to establish alternate methods of providing city services.” The systems were hit by so-called Triple-threat attack, a ransomware attack that involves three different malware. In the past Triple Threat attacks involved the QUERVAR ransomware, the SIREFEF, and ZACCESS.  At the time of writing, all City of Lake City email systems are out of order, such as most land-linephones. Other City networks are currently disabled as precautionary measure and the IT staff as isolated the Public Safety networks. In a few minutes after the initial infection, the ransomware compromised almost all the City computer systems, except the systems operated by the police and fire departments that are hosted on a separate network. Most City departments are operating using Emergency Operations cell phones. The activities of the small city have been blocked for nearly two weeks because of the ransomware attack. Crooks made a request of a ransom a week after the initial infection, they contacted the Lake City’s insurance provider, the League of Cities, which negotiated a payment of 42 bitcoins. The city’s IT staff is now working to restore operations after receiving the key to decrypt its data. In July 2018, another Palm Beach suburb, Palm Springs, decided to pay a ransom, but it was not able to completely recover all its data. In March 2019, computers of Jackson County, Georgia, were infected with ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.
  10. Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Akamai researcher Larry Cashdollar discovered a new piece of the Silex malware that is bricking thousands of IoT devices, over 2,000 devices have been bricked in a few hours and the expert is continuing to see new infections. Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system. The only way to recover infected devices is to manually reinstall the device’s firmware. Silex is not the first IoT malware with this behavior, back in 2017 BrickerBot bricked millions of devices worldwide. According to ZDnet that interviewed the malware’s creator, the attacks are about to intensify in the coming days. “The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later.” reported ZDnet. “Attacks are still ongoing, and according to an interview with the malware’s creator, they are about to intensify in the coming days.” The researcher Ankit Anubhav was also able to trace the attacker and confirmed that the bot was developed to brick the infected IoT devices. Anubhav believes that the Silex malware was developed by a teenager using the online moniker of Light Leafon. The same guy has also created the ITO IoT botnet, According to Cashdollar, the Silex malware uses a list of known default credentials for IoT devices in the attempt to log in and perform malicious actions. The malware writes random data from /dev/random to any mounted storage it finds. “I see in the binary it’s calling fdisk -l which will list all disk partitions,” Cashdollar told ZDNet. “It then writes random data from /dev/random to any partitions it discovers.” The malware also deletes network settings and any other data on the device, then it flushes all iptables entries before halting or rebooting the device. The IoT malware is targeting any Unix-like system with default login credentials, according to Cashdollar it leverages a Bash shell version to target any architecture running a Unix like OS. The malware could brick Linux servers having Telnet ports open that use known credentials. The IP address (185[.]162[.]235[.]56) behind the attacks observed by the experts is hosted on a VPS server owned by novinvps.com, which is operated out of Iran. According to Ankit Anubha who spoke with the author of the malware, the developer has definitively abandoned the HITO botnet for Silex and plans to implement other destructive features (SSH hijacking capability, add exploits into Silex). At the time it is not clear the Light’s motivation for these attacks, let’s hope he will use his talent for legal and good projects.
  11. The US Justice Department just officially charged Wikileaks co-founder Julian Assange, shortly after he was removed from the Ecuador embassy in London and arrested by local police. The charge is "conspiracy to commit computer intrusion" for agreeing to break a password to a classified US government computer. The Justice department also said it was in relation to "Assange's alleged role in one of the largest compromises of classified information in the history of the United States." It's the same allegation that was made in the Chelsea Manning trial in 2013, in which the former US Army private was found guilty of theft and espionage in relation to the release of classified government documents. But now that Assange has had his asylum revoked by the Ecuadorian government and has been arrested, he can finally be extradited to the US to face these charges. More specifically, the Justice Department alleges that Assange conspired to assist Manning in cracking a password that allowed access to US Department of Defense computers that contained classified information. The alleged conspiracy was said to be carried out in March of 2010, a time when Manning was already using her access to download documents and transmit them to WikiLeaks. The DoJ alleges that during their communications, Assange actively encouraged Manning to provide more information, even after she said that there was nothing left to send -- the charge of conspiracy to commit computer intrusion relates to Assange's offer to help break a password to get more classified info. If found guilty, Assange would face up to five years in prison, though the Justice Department notes that actual sentences are often less than the maximum penalty. That said, there could be more charges against Assange coming from the US -- these revealed today are just the basis of the US's extradition request. Before Assange can stand trial in the US, however, he needs to be extradited from the UK, a process that could take months or even years. Even if a UK judge agrees to the US government's request, Assange is likely to appeal that decision through the various layers of the UK court system. Shortly after the US charges were revealed, Assange appeared in a London at the Westminster Magistrates Court. A District Judge quickly found Assange guilty of failing to surrender to police on June 29th, 2012. He was out on bail in August of 2012 when he went into the Ecuadorian embassy in London; he then claimed asylum and lived there until today. His next appearance in UK court is now set for May 2nd (via video link), at which time the US extradition request will be discussed. Source:engadget
  12. Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal.Experts at Bad Packets uncovered a DNS hijacking campaign that has been ongoing for the past three months, attackers are targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials. Bad Packets experts have identified four rogue DNS servers being used by attackers to hijack user traffic. “Over the last three months, our honeypots have detected DNS hijacking attacks targeting various types of consumer routers.” reads the report published by Bad Packets. “All exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). In this campaign, we’ve identified four distinct rogue DNS servers being used to redirect web traffic for malicious purposes.” Experts pointed out that all exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). The first wave of DNS hijacking attacks targeted D-Link DSL modems, including D-Link DSL-2640B, DSL-2740R, DSL-2780B, and DSL-526B. The DNS server used in this attack was hosted by OVH Canada (66[.]70.173.48). The second wave of attacks targeted the same D-Link modems, but attackers used a different rogue DNS server (144[.]217.191.145) hosted by OVH Canada. The fourth DNS hijacking attacks originated from three distinct Google Cloud Platform hosts and involved two rogue DNS servers hosted in Russia by Inoventica Services (195[.]128.126.165 and 195[.]128.124.131). In all the DNS hijacking attacks the operators performed an initial recon scan using Masscan. Attackers check for active hosts on port 81/TCP before launching the DNS hijacking exploits. The campaigns aim at users Gmail, PayPal, Netflix, Uber, attackers also hit several Brazilian banks. , says.  Experts found over 16,500 vulnerable routers potentially exposed to this DNS hijacking campaign. “Establishing a definitive total of vulnerable devices would require us to employ the same tactics used by the threat actors in this campaign. Obviously this won’t be done, however we can catalog how many are exposing at least one service to the public internet via data provided by BinaryEdge” continues Bad Packets. Experts explained that attackers abused Google’s Cloud platform for these attacks because it is easy for everyone with a Google account to access a “Google Cloud Shell.” This service offers users the equivalent of a Linux VPS with root privileges directly in a web browser. Further technical details, including IoCs, are reported in the analysis published by Bad Packets: https://badpackets.net/ongoing-dns-hijacking-campaign-targeting-consumer-routers/
  13. Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.One of the main advantages of WPA3 is that it’s near impossible to crack the password of a network because it implements the Dragonfly handshake, Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network. Security researchers Mathy Vanhoef and Eyal Ronen discovered weaknesses in the early implementation of WPA3-Personal that could be exploited by an attacker within range of a victim to recover WiFi passwords by abusing timing or cache-based side-channel leaks. One of the main advantages of WPA3 is that it’s near impossible to crack the password of a network because it implements the Dragonfly handshake, Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network. Security researchers Mathy Vanhoef and Eyal Ronen discovered weaknesses in the early implementation of WPA3-Personal that could be exploited by an attacker within range of a victim to recover WiFi passwords by abusing timing or cache-based side-channel leaks. An attacker can steal sensitive transmitted information, including credit card numbers, passwords, emails, and chat messages. “Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on.” reads a dedicated website published by the experts that describe the DragonBlood research. The experts provided technical details about two design flaws in  WPA3 that could be exploited to carry out downgrade and side-channel leaks. Devices that support WPA3 must guarantee backward compatibility with WPA2 and this is done supporting a “transitional mode of operation” that could accept connections using both WPA3-SAE (Simultaneous Authentication of Equals (SAE) handshake aka Dragonfly) and WPA2. The security duo demonstrated that the transitional mode is vulnerable to downgrade attacks. An attacker could abuse it to set up a rogue AP that only supports WPA2, forcing the WPA3-certified devices to connect using insecure WPA2’s 4-way handshake. “We present a dictionary attack against WPA3 when it is operating in transition mode. This is accomplished by trying to downgrade clients to WPA2. Although WPA2’s 4-way handshake detects the downgrade and aborts, the frames sent during the partial 4-way handshake provide enough information for a dictionary attack.” reads the DragonBlood research paper. “We also present a downgrade attack against SAE, and discuss implementationspecific downgrade attacks when a client improperly autoconnects to a previously used WPA3-only network.” The attackers need to know the SSID of the WPA3- SAE network to carry out the attack, experts pointed out that a man-in-the-middle position is not needed. Anyway, the attacker must be close to a client to broadcast a WPA2-only network with the given SSID and force the target to connect to our rogue AP using WPA2.  The experts detailed two side-channel attacks against Dragonfly’s password encoding method (Cache-based (CVE-2019-9494) and Timing-based (CVE-2019-9494) attacks) that could be exploited by attackers to perform a password partitioning attack and obtain Wi-Fi password. “The cache-based attack exploits Dragonflys’s hash-to-curve algorithm, and our timing-based attack exploits the hash-to-group algorithm. The information that is leaked in these attacks can be used to perform a password partitioning attack, which is similar to a dictionary attack. The resulting attacks are efficient and low cost.” wrote the experts. “our cache-based attack exploits SAE’s hash-to-curve algorithm. The resulting attacks are efficient and low cost: bruteforcing all 8-character lowercase password requires less than 125$ in Amazon EC2 instances” continues the paper. To carry out the password partitioning attack, the experts need to record several handshakes with different MAC addresses. It is possible to record them by targeting multiple devicess in the same network (e.g. tricking multiple users to download the same malicious application). If the attackers are only able to hit one client, then it is necessary to set up rogue APs with the same SSID but a spoofed MAC address. Experts also demonstrated how to abuse side-channel defenses of SAE (against already-known leaks) to introduce overhead and cause a denial-of-service (DoS) condition. They were also able to bypass SAE’s anti-clogging mechanism that is supposed to prevent DoS attack “An adversary can overload an AP by initiating a large amount of handshakes with a WPA3-enabled Access Point (AP). Although WPA3 contains a defense to prevent such denial-of-service attacks, it can be trivially bypassed.” continues the experts. “By repeatedly initiating handshakes from spoofed MAC addresses, the AP performs many costly password derivation operations (i.e. it performs many executions of the “Hunting and Pecking” algorithm). Depending on the AP under attack, this may consume all resources of the AP.” The experts plan to release the following four separate proof-of-concept tools to test the vulnerabilities they described. Dragondrain—a tool that can test to which extend an Access Point is vulnerable to Dos attacks against WPA3’s Dragonfly handshake.Dragontime—an experimental tool to perform timing attacks against the Dragonfly handshake.Dragonforce—an experimental tool that takes the information to recover from the timing attacks and performs a password partitioning attack.Dragonslayer—a tool that implements attacks against EAP-pwd.The researchers reported their findings to the WiFi Alliance and are working with vendors to address the flaw in existing WPA3-certified devices. Below the press release published by the WiFi Alliance:
  14. A group of hackers is using a previously undocumented backdoor program designed to interact with attackers over Slack. While abusing legitimate services for malware command-and-control purposes is not a new development, this is the first time researchers have seen Slack, a popular enterprise collaboration tool, being used in this way. [ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] The backdoor was detected by security firm Trend Micro in a targeted attack launched from the compromised website of an organization called the Korean American National Coordinating Council that posts articles related to North and South Korean politics. The technique of infecting websites that are of interest to a particular group of individuals or organizations is known as a "watering hole" attack. It's not clear if victims were directed to the website via an email campaign or if attackers just waited for regular visitors, but the site was modified to host an exploit for a remote code execution vulnerability in the Windows VBScript engine. That vulnerability is tracked as CVE-2018-8174 and can be exploited through Internet Explorer. However, the flaw was patched by Microsoft in May 2018, so having an up-to-date operating system would have prevented the attack. https://www.itworld.com/article/3359182/hackers-use-slack-to-hide-malware-communications.html
  15. Experts found an unprotected server exposing online 4 MongoDB databases belonging to the email validation company Verifications.io. A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing: emailrecords = 798,171,891 records emailWithPhone = 4,150,600 records businessLeads = 6,217,358 records Initially, it was discovered only an unprotected database, but the situation is worse than initially thought because cyber security firm Dynarisk announced that there were four databases exposed online. https://securityaffairs.co/wordpress/82195/data-breach/verifications-io-data-leak.html
  16. 'Cryptojacking' is a term used to describe the action of secretly using a computer to mine cryptocurrency. The original form of cryptojacking would involve the victim unknowingly installing software on their computer that would run in the background, solving algorithms. to generate units of a cryptocurrency that would go back into the wallet of a hacker. https://www.itworld.com/article/3359241/httpswwwtechadvisorcoukfeaturesecuritycryptojacking-3693373.html
  17. Petro Poroshenko accused Russia of hacker attacks on the Ukrainian Central Election Commission. According to him, Ukrainian experts on February 24 and 25 recorded a DDoS attack on the Central Election Commission.Poroshenko pointed out that the National Security and Defense Council, the Security Service of Ukraine and the Department of Information Security, together with their American partners, have developed mechanisms to protect the CEC. http://www.ehackingnews.com/2019/03/president-of-ukraine-accused-russia-of.html
  18. Lizard Squad has now become famous for its distributed denial of service or DDoS attacks on popular online gaming services like PlayStation Network and Xbox Live. The most recent attack was over Christmas when both services were knocked down by a couple of days by simply flooding the servers with artificial traffic. That attack may very well have been a marketing ploy for Lizard Squad’s new DDoS tool which for a small price per month lets anyone launch similar attacks themselves. Dubbed LizardStresser, the service is available in various packages, ranging from $6 to $500, depending on the length of attack, and allows you to launch DDoS attacks on any website or internet service of your choice.Budding cyberattackers can choose from eight available packages that start from $5.99 per month, this takes down a website for 100 seconds, to the most expensive package that costs $129.99 per month and promises to take down a site for more than eight hours. The service currently only accepts Bitcoin, although the group says PayPal support is “coming soon.” According to Gizmodo, the payment system doesn’t work with VPNs, making it difficult for potential users to hide their identity and location. Source: HackingNews

Copywrite © 2020 ChainScriptz

  • Create New...