HACKERS ATTACK MANUFACTURING COMPANIES; COSTUMER’S PAYMENT INFORMATION STOLEN

Criminals have stolen data of Titan Manufacturing and Distributing customers for almost a whole year

Malicious hacker groups are attacking manufacturing companies, as reported by cybersecurity specialists from the International Institute of Cyber Security. Recently it has been revealed that hackers attacked the company Titan Manufacturing and Distribution, compromising their computer systems to extract payment card data belonging to many of the company’s customers for almost a year.

Through a statement, the company confirmed that hackers managed to install malware on their systems sometime in the year 2017. Malicious software remained in Titan’s systems between November 23, 2017 and October 25, 2018, according to the company’s statement.

This malware was used by hackers to steal the payment card information used by some unsuspecting users when making purchases at one of the company’s online stores. The software used by the attackers was designed to collect user information, including names, billing address, phones, payment card number, and cards’ expiration date and verification code.

According to experts in cybersecurity, Titan Manufacturing and Distributing does not store this information, but the malware was designed to access the purchasing section and steal the data from the website. All users who have entered their data in the mentioned time interval may have been affected.

“Titan has confirmed thanks to an expert in cybersecurity that its computer systems were compromised by a malware persistent between November 23, 2017 and October 25, 2018,” mentions the security notice that the company sent to its customers.

“Titan Manufacturing and Distributing, Inc. value its customers and recognize the importance of their data security. That is why we are addressing you to inform you that Titan has been the victim of a security incident that could have compromised your information”, adds the security notice.

The company is investigating the incident with the help of a cybersecurity firm. The exact number of affected clients is still unknown, but it is estimated that it is a figure close to 2k users.

As some experts have reported, the malware used in the attack is similar to that used by the Magecart hacker group, with which thousands of websites were attacked last year.

THE GERMANY POLITICIANS’ HACKER IS JUST AN ANGRY 20 YEARS OLD MAN

The suspect claimed to be annoyed by recent statements by some of those involved in leaking information

According to reports of cybersecurity and digital forensics specialists from the International Institute of Cyber Security, a 20-year-old man has confessed to being the author of the cyberattack against over a hundred German politicians, a campaign in which the individual leaked some confidential details of politicians using a Twitter account.

The news has been disseminated a few hours after the investigators of the Federal Police office in Wiesbaden, Germany, raided the house of an individual of 19 years allegedly linked to the alleged hacker.

On 6 January in the afternoon, the German police agency, with the help of cybersecurity experts, registered the suspect’s house as part of an investigation into the case of espionage and leaking of personal data of politicians, journalists and public figures. The suspect would have been temporarily arrested, but released the following day for lack of evidence.

“During the interrogation, the defendant stated that he acted alone in this campaign; so far, there is no evidence to suggest a third party’s involvement. As for his motives, the defendant stated that he carried out these attacks for the inconvenience caused by the public statements made by the persons involved in this unauthorized disclosure,” said the individual.

Preliminary research by German cybersecurity experts concludes that the suspect used a hijacked Twitter account, making his Internet connections using a VPN service to hide his identity. The German police seized the computers and any storage units owned by the suspect for further investigations.

U.S. SENATE INTRODUCES BILL AGAINST CHINESE CYBERTHREATS

Legislators from both political parties presented a bill designed to protect American technological infrastructure

Senators Marco Rubio (Republican Party) and Mark Warner (Democratic Party), members of the U.S. Senate Intelligence Committee, presented the bill for the creation of the Office of Critical Technologies and Security.

According to cybersecurity and digital forensics experts from the International Institute of Cyber Security, the main task of this new office will be “to stop the transfer of critical technology to countries that represent a threat to national security”, as well as to ensure that the U.S. maintains its leadership in technology.

To achieve this, the new office will depend on “coordinated work by the entire government”, based on the activities of the Executive Office of the U.S. presidency, with a director appointed by the President himself.

Although China is not explicitly mentioned in the bill, the main purpose of this office will be to halt the Chinese government’s medium-and long-term plans to consolidate itself as a technological powerhouse, relegating the United States to a secondary role with the help of cyberattack campaigns.

“China continues to conduct coordinated attacks on U.S. intellectual property, its trade organizations and computer networks with full backing from the Chinese Communist Party,” said Senator Rubio recently.

“A coordinated approach is needed to counteract this kind of critical threat and to ensure the protection of technologies developed in the United States. We must do everything we can to avoid the theft of critical developments, as well as avoid the interference in our IT infrastructure”, Rubio added.

For his part, Warner added: “The Chinese government will not hesitate to use all its cyber weapons to overcome the technology developed in the U.S. and establish itself as a higher economic power. We look forward to working with the executive branch to coordinate action protocols and response to these threats.”

For some cybersecurity experts, mitigating these risks will not be an easy task, as two major problems have been identified. First, the growth and sophistication of Chinese government-sponsored hacker groups, who in recent years have deployed attack campaigns with ever-increasing scope and damage capacity.

Second, there is the apparent pressure from the Chinese government that foreign companies operating in China deliver their technology to a Chinese partner. However, according to experts in cybersecurity, this is not obligatory and is carried out less frequently than in the past (the Tesla plant in China, for example, is 100% owned by Tesla) Donald Trump’s administration has resorted to this to justify the trade war between the two countries.

CYBERATTACK AGAINST ETHEREUM CLASSIC CRYPTOCURRENCY, WILL BE REMOVED FROM COINBASE

The incident allowed the attackers to spend the same virtual coin twice

Anybody can’t spend the same cryptocurrency for two different transactions. For example, each transaction made with Bitcoin is registered in a database (named blockchain) to which anyone can access to ensure that there is no fraud; or at least that’s what we thought.

According to cybersecurity and ethical hacking experts from the International Institute of Cyber Security, the cryptocurrency trade platform Coinbase reported that transactions with Ethereum Classic asset would no longer be supported on its platform, as the stock exchange found that Ethereum had been the victim of a cyberattack that allowed a user to spend the same coin twice.

According to reports, this attack was presented thanks to a problem known to the developers of blockchain since the emergence of these virtual assets. The cryptocurrencies are only safe while users are honest in maintaining the blockchain that registers the transactions. Coinbase cybersecurity expert Mark Nesbitt mentioned that this attack (known as the 51% attack) was presented because the attackers took control over the half the processing power of the computers that store the blockchain of Ethereum Classic. This allowed the attackers to create alternative transactions of some currencies, in other words, to spend twice the same coin.

Through Twitter, Ethereum mentioned that they had detected a problem, but did not contemplate that it was a 51% attack nor had evidence to indicate that some currency had been spent twice by the same user. “Coinbase allegedly detected an attack, but did not contact the Ethereum Classic team,” they mentioned.

According to reports of experts on cybersecurity, the currencies that allegedly would have been spent twice were worth about $460k USD. Coinbase believe that the potential to deploy this type of attack is inherent to any cryptocurrency blockchain, so they rule out that Ethereum Classic or any other virtual asset is especially vulnerable to a 51% attack.

TWITTER API REVEALS USER’S LOCATION

Metadata contained in old posts contains precise location coordinates

According to a research carried out by cybersecurity specialists, the location metadata contained in the social network Twitter posts may be useful to infer some private details of users, such as address, workplace and most frequently visited places, as reported by experts from the International Institute of Cyber Security.

Kostas Drakonakis, Panagiotis Ilia and Jason Polakis, a group of Greek researchers on cybersecurity issues, recently published a document entitled ‘Privacy risks in public location metadata’. In this, researchers claim to have shown that location metadata allows inferring sensitive information, which could be used for malicious purposes. “Some authoritarian regimes could pursue campaigns of persecution against activists or opponents”, claimed the investigators.

In 2015, the risks to the privacy of users associated with Twitter location metadata began to be investigated; since then, the social network has given its users greater control over their location data, such as the restriction of access to the precise coordinates. Currently, Twitter is no longer able to access the exact location of the user by default.

“Twitter never attaches the user’s location without their consent. If someone decides to share their location through a tweet, the location is also available through our APIs, but the user’s express consent must be granted”.

However, experts in cybersecurity believe that the implementation of these changes has not sufficiently reduced the privacy risks, as Twitter still has a history of location data through its developer API. For example, mobile Twitter versions released before April 2015 contain the precise GPS coordinates attached to the tweets by default.

“In the sample we analyzed we discovered that tweets with very general location tags (like city name, for example) also contain GPS coordinates as metadata,” Polakis mentioned. “As of April 2015, tweets with this kind of location tag stopped displaying coordinates as metadata, suggesting that this is the date on which the social network began with the implementation of these changes,” the expert added.

Researchers suggest that the Twitter policy that allowed attaching these location metadata represents a serious privacy problem that should be addressed as soon as possible.

“This is an imperceptible privacy violation for users of the social network, as their coordinates are contained as metadata returned by the API invisible on the website or Twitter mobile app. The worst thing is that these metadata are still visible through the API,” the experts mentioned. The treatment of this kind of information is one of the greatest challenges that companies face in the midst of technological age; they are so useful in the orientation of marketing campaigns that companies have not tried to stop this kind of practices, although this could cause inconvenience in the future. For example, in recent days, the Los Angeles prosecutor filed a lawsuit against the IBM meteorological company for allegedly treating the data collected through the Weather Channel application inappropriately.

HUNDREDS OF GERMAN POLITICIANS HACKED; PERSONAL DATA EXPOSED ONLINE

Hundreds of politicians from Germany, including Chancellor Angela Merkel, have seen their personal information leaked online

Twitter has exposed contacts, private chats and financial information belonging to members of all political parties in Germany, with the exception of AFD, an extreme right-wing political organization, according to experts in cybersecurity and digital forensics from the International Institute of Cyber Security. According to the reports, personal information of celebrities and journalists has also been leaked.

The identity of the author or perpetrators of the attack is still unknown. Via Twitter, the perpetrators shared files were they published the compromised information for a whole month.

German Interior Minister Horst Seehofer mentioned that the authorities were working to find the origin of the attack. The minister also pointed out that there is no evidence that Germany’s governmental or parliamentary systems have been compromised.

Cybersecurity experts say that, apparently, information leaking originated in a Twitter account operated from the German city of Hamburg; Germany’s law enforcement agencies are working with Ireland’s data protection commissioner to stop the Internet circulation of this sensitive information. Because the main offices of Twitter Europe are in Dublin, this incident is under the jurisdiction of the Irish regulatory authorities, the experts mentioned.

Cyberattack scope

The German government claims to be unaware of the true scope of this cyberattack, although Katarina Barley, the Minister of Justice, has declared that it is a “serious attack.” “The people behind this incident are trying to harm the trust in our democracy and institutions,” he mentioned. Martina Fietz, a government spokesperson, said that no confidential data were published from the Chancellery. Instead, deputies, MEPs and local Congress legislators have been affected.

Although there is no evidence that highly sensitive or confidential information has been leaked, the German Government considers that the consequences could be considerable due to the large volume of leaked information.

The Twitter account where the leaked information was posted identified by the German government as @ _ 0rbit, was followed by more than 17k people. According to specialists in cybersecurity, the account has already been suspended from the Twitter platform. The leaked information began to be published between December 1st and 28, although the government learned of the incident until last Thursday.

The Minister of the Interior mentioned that, according to the first analyses, data were obtained through the misuse of login information for cloud services, email accounts or social networking platforms.

The German government supports the hypothesis that right-wing groups in Germany or Russia might be behind these attacks. Sven Herpig, a consultant on cybersecurity, believes that Russians are the main suspects because of the method used to deploy the attack, and because Germany will hold state and European Parliament elections this year.

WEATHER CHANNEL & WEATHER APP ARE SELLING USER’S LOCATION DATA

A lawsuit against the app developers was filed in a Los Angeles court by allegedly extracting the location data from the users

Cybersecurity specialists from the International Institute of Cyber Security Report that Mike Feuer, Los Angeles Attorney general, has filed a lawsuit against the Weather Channel app, accusing developers of deceiving users to provide location data that this company sold to third-parties for marketing and other commercial purposes.

In the lawsuit filed with the Los Angeles Superior Court, the prosecutor states that this application, owned by the IBM Weather Company, does not inform users clearly of how their data is shared by the application at the time of collecting their location data.

“When requesting users’ permission to track their location data, the app omits to mention that TWC shares that information with third parties. The company also does not inform that these data will be used for advertising purposes and other commercial purposes not related to the services provided by the app”, is mentioned in the lawsuit. “Instead, the app intentionally misleading suggests that this information will be used for users to receive personalized weather information, such as forecasts and alerts”.

According to cybersecurity experts, the app would have compiled location-to-detail data on its users for years, and Weather Company would have analyzed/transferred this information to third parties for targeted advertising campaigns.

The lawsuit claims that IBM purchased the Weather Company for the purpose of benefiting itself from this collected information. In addition, the company intentionally hides the fact that it shares location data in its privacy policy, assuming that many users are oppose to this use of their personal information.

“The Los Angeles government alleges that TWC puts corporate profits above the privacy of its users, deceiving them to grant this kind of permissions to the app. The prosecution will work to stop this alleged hoax”, the prosecutor said.

This lawsuit was filed after cybersecurity specialists pointed to the way in which apps pose their privacy policies to users. In this case, the lawsuit claims that TWC has managed to convince about 80% of the users to grant such permissions. According to the estimates made by specialists, the company collects over one billion location data each week.

On the other hand, IBM defends the practices of TWC. “Weather Company has always been transparent with the use of user data; we believe that this practice is totally appropriate and we defend it vigorously,” mentions the company’s statement.

At a press conference broadcast via Twitter, Feuer expressed skepticism about IBM’s defense of its subsidiary. “If the company were really transparent, the first thing would be to inform the user that their data will be used for purposes beyond providing the weather forecast”.

Feuer seeks that a fine be applied in accordance with the provisions of the California Unfair Competition Law. This document establishes a penalty of up to $2500 USD for each incident, including double payment if the victim is disabled or an older adult; the prosecutor mentions that it is still premature to think of a figure.

EMERGENCY MESSAGING SYSTEM IS HACKED; CITIZEN’S INFORMATION DATA BREACH

This warning message reached thousands of Australian citizens

Cybersecurity and digital forensics specialists from the International Institute of Cyber Security have reported that a hacker managed to send a message to thousands of people after an emergency text messaging, email and phone calls service in Australia was compromised.

The message, sent from the Early Warning Network (EWN) alert service last Friday, warned users: “The EWN platform has been hacked. Your personal data is unsecured. We’re trying to solve any inconvenience”. In the end, the message included a link to a technical support web page, as well as a support email address.

After conducting the first investigations of the incident, EWN cybersecurity team concluded that a hacker got access to their alert systems, sending the message to the contacts stored in the company’s database. “The message was sent by email, SMS, and through phone calls,” the company’s official statement mentions.

“When detecting the incident, our cybersecurity team quickly identified the attack and managed to shut down our systems, limiting the scope of the attack. For our bad fortune, the attacker managed to access a small sample of our database, so the message was received by thousands of Australian citizens.

In its official statement, Early Warning Network asked affected users to delete any messages of this kind, as well as not to click on the attached links.

Kerry Plowright, the company manager, subsequently stated that, according to EWN internal investigation, the attack was originated in Australia and is related to “some details of compromised logins”. The company’s manager also notes that “this incident did not compromise anyone’s personal information”.

“The goal of the person or persons who sent this message was to damage this company, is a malicious action,” says Plowright.

The company said that its alert system worked regularly during the incident, and joint work has been undertaken with the Australia Cybersecurity Centre and law enforcement agencies.

A couple of months ago some Australia councils (such as Queensland and Gladstone) were severely affected by wildfires, so these communities have used this kind of warning systems to prevent further risks and losses in the event of a natural disaster. Chris Trevor, Gladstone’s mayor, believes the consequences of the cyberattack could be very dangerous. “We are really concerned that residents will stop trusting this early alert service, cancel their subscriptions and no longer use this tool that has helped us save lives”.

DO YOU KNOW, WHAT IS MALVERTISING?

NECUNO: NEW LINUX SMARTPHONE WITH BETTER SECURITY AND PRIVACY

This smartphone can even be purchased without an operating system

Some time ago there began to circulate reports on the plans of Necuno Solutions to launch a smartphone based on GNU/Linux, with special emphasis on users’ privacy. According to cybersecurity specialists from the International Institute of Cyber Security, these plans have finally been realized, as the smartphone has just been released.

Necuno NC_1 is a smartphone developed by an open source company established in Finland, which includes a selection of various Linux-based operating systems.

According to cybersecurity experts, customers can choose between plasma Mobile in Debian, Plasma Mobile in postmarketOS, Maemo Lese, Nemo Mobile and LuneOS. These operating systems are still in development and are intended for the first users of the smartphone. Also, the manufacturer offers the option to buy a Necuno NC_1 without any operating system.

Necunos’s CEO mentions that security-centric mobile devices can be of great use to companies, non-governmental organizations and journalists to mitigate the constant surveillance activity they suffer, thanks to this, they will be able to communicate in hostile environments in the safest possible way.

During the official launch of the smartphone it was remarked that its sale will directly benefit various “communities”, which will help to unify work around the development of this kind of tools. In addition, it is mentioned that some of the sales generated by this device are donated to various non-profit organizations.

According to experts in cybersecurity, this smartphone is the answer to the multiple failures found in conventional smartphones, a measure against surveillance and a way to combat the iOS-Android duopoly, dominant in this market.

Necunos NC_1 is not intended for the mass market, so the manufacturer has not included in its design a slot to insert SIM cards. As for the Internet connection, users of this smartphone can connect via WiFi or Ethernet. In addition, the Necuno website mentions: “You have control of the software running on the NC_1, so Necuno Solutions will not be responsible for any software defect”.

The NC_1 can also be used with a detached developer screen. The price of this smartphone is €1 199 at the time of its launch.

According to experts in cybersecurity, the company also announced the launch of NE_1, the enterprise version of this device, which will include secure communications and a strengthened operating system.

DATA BREACH IN “TOWN OF SALEM” VIDEOGAME AFFECTS OVER 7 MILLION USERS

The game developers have only commented on the incident in a small online forum

Cybersecurity and ethical hacking specialists from the International Institute of Cyber Security reported that “Town of Salem”, a browser-based videogame, was the victim of a data breach in which perpetrators stole personal information of nearly 7.5 million users. BlankMediaGames, developer of the videogame, unveiled the incident through a post on its blog.

The incident was discovered after an anonymous user sent a copy of the stolen information to the DeHashed platform, a commercial data breach indexing service.

DeHashed admins claim that they tried to contact BlankMediaGames for over a week to alert them on the situation, warning that their servers could still remain compromised.

According to experts in cybersecurity, the compromised servers were finally secured during the first days of the year, in addition to the administrators eliminating some backdoors. According to the analysis performed by the DeHashed platform, among the “Town of Salem” user data we can find:

• Usernames
• Email Address
• Passwords
• IP addresses associated with the user
• Activity in the videogame and in the forum
• Videogame purchases (not including payment card information)

Regarding the leaked data, one of BlankMediaGames developers commented: “We want to point out that we do not handle money. A third-party payment processor takes care of that. BlankMediaGames has never seen a single credit card, payment information, etc. We don’t have access to such data”.

DeHashed, a platform similar to the well-known Have I Been Pwned, is also working together with other members of the cybersecurity community. For example, registered users in Have I Been Pwned have received updates on this incident made by DeHashed.

So far, BlankMediaGames has not directly notified users affected by data breach, limiting itself to making a publication in the online game forum. In this post, the company recommends that gamers change the passwords of their accounts; still, some users consider that the company could do better to inform users about the status of their data.

TRIPADVISOR, YELP & KAYAK (TRAVEL APPS) SHARE DETAILS OF YOUR TRIPS WITH FACEBOOK

Users should only open the app for these services so that their information ends up in the hands of the social network

According to reports of cybersecurity experts from the International Institute of Cyber Security, various travel apps, such as TripAdvisor, Skyscanner or Yelp, have shared a large amount of personal information of their users (specifically Android users) with Facebook, regardless of whether customers had a Facebook account or whether it was linked to their accounts in these services.

Privacy International (PI), a UK-based non-profit organization, has reported on this incident: “An example of this is the Kayak app (used for travel search and price comparison). This app sends to Facebook detailed information about the searches that its users carry out, such as flight schedules, departure dates, airports or airlines.”

The NGO has carried out an analysis of the data that these applications have provided to the social network, identifying that much of this information is tied to the category of “personal data” of the European Union’s General Data Protection Regulation (GDPR). PI ensures that these data, albeit indirectly, may be useful for the identification of many of the users of these services.

“Advertisers try to link data about user behavior across different platforms. If all of these data from different sites are combined, you can set up a detailed user profile, including interests, routines, or online activity,” the PI report mentions.

Cybersecurity experts found that services such as TripAdvisor, Skyscanner, Kayak and Yelp sent to Facebook the users’ data at the time of starting the app. Among other data, PI mentions that apps send to Facebook information such as device configuration, location, language and time zone.

According to reports of cybersecurity specialists, both Skyscanner and TripAdvisor assured PI that they were unaware of this fact, thanking the NGO for alerting their teams about these drawbacks. Skyscanner published a statement mentioning that: “Since we received these reports we launched a priority update for our app, so it will stop sending information to Facebook. Also, we will begin an audit in our systems to make the necessary modifications to guarantee the respect to the privacy of our users”.

On the other hand, Facebook keeps generating scandals related to the users’ privacy. Last December, several media reported that the social network shared the private messages of its users with services such as Netflix, Spotify and even a Canadian bank. Also, cybersecurity researchers said that Facebook gave Microsoft, Sony, Amazon, among others, the ability to get the email addresses of their users’ contacts for a long time until 2017, in addition to granting manufacturers like Apple the ability to implement special features on their devices when connected to the Facebook platform.

Some companies consider the way in which Facebook collects information is too aggressive, so it damages the trust that users may have in travel services, purchases, etc.

ANSWERING A SKYPE CALL ALLOWS TAKING CONTROL OF ANY ANDROID SMARTPHONE

It seems that the last Skype update fixed this flaw

Cybersecurity and ethical hacking specialists from the International Institute of Cyber Security reported the finding of a flaw in the Androidversion of Skype, which could be exploited to bypass the access code entry of an Android device to access files, contacts, and even open the device’s browser.

Florian Kunushevci, vulnerability bounty hunter, mentioned that this flaw would allow people in possession of an Android smartphone to receive Skype calls, answer them without the need to unlock the device, and even access photos, search the contacts list, send text messages, and even open the browser if a link to any page is attached. Anyone could exploit this vulnerability, be they family, friends, or strangers. The flaw has already been reported to Microsoft.

Kunushevci, a young researcher from Kosovo, claims to be a common user of Skype for Android. It was during this routine use that he detected an anomalous behavior in the application related to the way in which it accesses the files stored in the smartphone. Noticing this, the investigator decided to start a small ethical hacking project to find out what was happening with the Skype service.

“Recently, while I was using the application, I felt the need to check an option that apparently granted more permits than it should,” said the young cybersecurity expert.

Kunushevci discovered that when a Skype call is answered, the application continues with its normal operation, allowing actions such as access to the phone’s files or search for contacts, regardless of whether the phone was blocked or not when the call was received.

Just like multiple flaws found in the iOS system over the years, this vulnerability is due to a slight oversight in system’s security. In this case, Skype allows users to access other functions by omitting any additional step of identity verification. “I think this vulnerability is rather a design flaw,” the expert mentions.

Before posting any vulnerability report, Kunushevci reported the flaw to Microsoft, waiting for the company to launch an update to correct this bug. According to reports of experts on cybersecurity, this would have been corrected in the Skype update last December 23. The bug affects all versions of Skype for Android, according to Kunushevci. However, the vulnerability’s scope seems to vary depending on the version of the operating system.

Despite being only 19 years old, Kunushevci claims to have several years of experience in researching these issues. As he mentioned, his interest started from the age of 12 when he was looking for solutions for common flaws on his PC. A couple of years later, he was already fully focused in the field of vulnerability research, accessing some bounty programs for his reports.

FAKE ANY WEBSITE IN SECONDS FACEBOOK, SNAPCHAT, INSTAGRAM

DO HACKING WITH SIMPLE PYTHON SCRIPT

Pentesting is all about showing and reporting problems in web/mobile applications. This is the most popular part of cyber security which every researcher/security enthusiast want to do. Because it gives an brief knowledge how to penetrate any web application. Pentesting is done by information gathering. There are many tools/scripts available over the internet which can be used for information gathering. So today we came with another tool written by Joker Security. Tool named as Devploit which is used in information gathering and also another similar all in one tool is Mercury Tool.

Devploit is an very easy to use tool which gives information for your target. You have to just run this script with some of the basic commands of linux. You can gather a lot of information about your target before exploiting. This tool completes the list of various tools like DNS, Whois IP, Geo IP, Subnet Lookup, Port Scanner and many other tools which comes handy in initial phase of penetration testing. Now we will show you features of devploit. For showing you we have install devploit on Kali Linux. There are other Linux distros in which devploit support Ubuntu, Mint and parrot.

• For cloning type git clone https://github.com/joker25000/Devploit.git
• Then type cd Devploit
• Type ls -ltr to check the permissions of the files that are included in devploit directory.

root@kali:/home/iicybersecurity/Downloads/Devploit# ls -ltr
 total 32
 -rw-r--r-- 1 root root 1838 Dec 30 23:32 README.md
 -rw-r--r-- 1 root root 2154 Dec 30 23:32 install
 -rw-r--r-- 1 root root 8469 Dec 30 23:32 Devploit.py
 drwxr-xr-x 2 root root 4096 Dec 30 23:32 Dev
 -rw-r--r-- 1 root root 1990 Dec 30 23:32 update.py
 drwxr-xr-x 5 root root 4096 Dec 30 23:32 modules

• By default devploit installer files does not come with execute permission so for changing permission of the install file type chmod u+x install
• For checking if the permission has changed type ls -ltr. If the permission has changed then install file will turn into green color.

root@kali:/home/iicybersecurity/Downloads/Devploit# chmod u+x install
 root@kali:/home/iicybersecurity/Downloads/Devploit# ls -ltr
 total 32
 -rw-r--r-- 1 root root 1838 Dec 30 23:32 README.md
 -rwxr--r-- 1 root root 2154 Dec 30 23:32 install
 -rw-r--r-- 1 root root 8469 Dec 30 23:32 Devploit.py
 drwxr-xr-x 2 root root 4096 Dec 30 23:32 Dev
 -rw-r--r-- 1 root root 1990 Dec 30 23:32 update.py
 drwxr-xr-x 5 root root 4096 Dec 30 23:32 modules

• Then type python Devploit.py

root@kali:/home/iicybersecurity/Downloads/Devploit# python Devploit.py

               ,
               |'.             , ...  Devploit  -  Information Gathering Tool
               |  '-._        / )
             .'  .._  ',     /_'-,
            '   /  _'.'_\   /._)')
           :   /  '_' '_'  /  _.'
           |E |   |Q| |Q| /   /
          .'  _\  '-' '-'    /
        .'--.(S     ,__` )  /
              '-.     _.'  /
            __.--'----(   /
        _.-'     :   __\ /
       (      __.' :'  :Y
        '.   '._,  :   
          '.     ) :.__:|
            \    \______/
             '._L/_H____]

==[[ .:: Name : Devploit ::.]]==
==[[ .:: Version: 3.6 ::.]]==
==[[ .:: Author : Joker-Security ::.]]==
==[[ .:: Github : http://www.github.com/joker25000 ::.]]==
==[[ .:: Twitter: https://twitter.com/SecurityJoker ::.]]==

This Is Simple Script By : Joker-Security
  Let's Start  --> --> -->

1 }  ==>  DNS Lookup
 2 }  ==>  Whois Lookup
 3 }  ==>  GeoIP Lookup
 4 }  ==>  Subnet Lookup
 5 }  ==>  Port Scanner
 6 }  ==>  Extract Links
 7 }  ==>  Zone Transfer
 8 }  ==>  HTTP Header
 9 }  ==>  Host Finder
 10}  ==>  IP-Locator
 11}  ==>  Traceroute
 12}  ==>  Robots.txt
 13}  ==>  Host DNS Finder
 14}  ==>  Revrse IP Lookup
 15}  ==>  Collection Email
 16}  ==>  Subdomain Finder
 17}  ==>  Install & Update
 18}  ==>  About Me
 00}  ==>  Exit

Enter 00/18 => =>

• Choose any option on which tool you want to use. Then type tool number as shown below.

GETTING DNS OF THE TARGET :-

• Type 1
• Type <Target URL>.
• Type http://www.hackthissite.org

Enter 00/18 => =>  1
 Entre Your Domain :www.hackthissite.org
 www.hackthissite.org.   3599    IN      A       137.74.187.100
 www.hackthissite.org.   3599    IN      A       137.74.187.104
 www.hackthissite.org.   3599    IN      A       137.74.187.103
 www.hackthissite.org.   3599    IN      A       137.74.187.101
 www.hackthissite.org.   3599    IN      A       137.74.187.102
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:101
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:103
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:102
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:104
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:100

• As shown above after scanning using DNS lookup. Dns shows the A and AAA records of the target. This information can be used in other hacking activities.

GETTING WHOIS LOOKUP FOR THE TARGET :-

• Type 2 for whois lookup which tells you the basic information about the target. It shows server, update data, expiry date and many more information which whois provide.
• Then type hack.me

Enter 00/18 => =>  2
 Enter IP Address : hack.me
 Domain Name: HACK.ME
 Registry Domain ID: D108500000000003559-AGRS
 Registrar WHOIS Server: whois.godaddy.com
 Registrar URL: http://www.godaddy.com
 Updated Date: 2018-04-30T15:06:34Z
 Creation Date: 2008-04-29T18:00:32Z
 Registry Expiry Date: 2021-04-29T18:00:32Z
 Registrar Registration Expiration Date:
 Registrar: GoDaddy.com, LLC
 Registrar IANA ID: 146
 Registrar Abuse Contact Email: abuse@godaddy.com
 Registrar Abuse Contact Phone: +1.4806242505
 Reseller:
 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
 Registrant Organization: Domains By Proxy, LLC
 Registrant State/Province: Arizona
 Registrant Country: US
 Name Server: NS5.DNSMADEEASY.COM
 Name Server: NS6.DNSMADEEASY.COM
 Name Server: NS7.DNSMADEEASY.COM
 Name Server: NS4.HACK.ME
 DNSSEC: unsigned
 URL of the ICANN Whois Inaccuracy Complaint Form  https://www.icann.org/wicf/)

 Last update of WHOIS database: 2018-12-31T06:14:27Z <<< 
 
For more information on Whois status codes, please visit https://icann.org/epp 
 
The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

• The above command shows the server of the target. Name server, Domain status. Registrar email ID and phone no.
• The above information can be used in other hacking activities.

GETTING EMAILS OF THE TARGET :-

• Type 15 for collection mails.
• Type hack.me

Enter 00/18 => =>  15
 Entre Your Domain :hack.me
 [>] Initiating 3 intel modules
 [>] Loading Alpha module (1/3)
 [>] Beta module deployed (2/3)
 [>] Gamma module initiated (3/3)

[+] Emails found: 
pixel-1546237263523024-web-@hack.me
pixel-1546237266842168-web-@hack.me 

[+] Hosts found in search engines: 
 -] Resolving hostnames IPs…
 74.50.111.244:me.hack.me 

[+] Virtual hosts: 
 74.50.111.244   hack.me
 74.50.111.244   hack.me

• The above shows the email addresses of the target. The above information can be used in other hacking activities.

GETTING SUBDOMAINS OF THE TARGET :-

• Type 16 for subdomain finder.
• Type hack.me

Enter 00/18 => =>  16
Entre Your Domain :hack.me
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Your Target Choice :hack.me
hacks.me
chop.me
pros.me
pro.me
wifihack.me
hackeie.me
gohack.me
howtohack.me
hackprotect.me
comehackwith.me
intahackgram.me
soyouthinkyoucanhack.me
come-hack-with.me
mindhack.me
datehack.me
luxhack.me
hacksub.me
hacks.org
computing.org
pros.org
hackers.info
hacker.eu
hacks.co
computing.eu
hacks.net
chops.eu
pros.co
hack.es
chop.info
hack.it
chop.co
pros.co.uk
old.co
cut.co
hack.info
hackers.fr
hackers.it
hacker.es
hacker.it
hacks.es
hacks.fr
hacks.nl
chops.nl
computing.ch
chop.nl
old.ch
old.it
old.nl
old.fr
cut.es
cut.nl
chop.club
chops.net
hacks.de
hack.fr
pros.de
old.info
old.at
hackers.es
hackers.ch
hacker.fr
hacks.ch
pros.ch
hackers.club
chops.club
pros.club
cut.club
old.club
pro.guru
old.berlin
hackhashgraph.com
hackers.at
hacks.at
computing.at
hack.xyz
robloxhack.com
hackgems.com
cheathack.com
updatehack.com
hackzone.com
hackroblox.com
hackdeutsch.com
hackguru.com
legendhack.com
instahack.com
hackstore.com
hackarena.com
hackyogi.com
mailhack.com
hackdays.com
hackslash.com
zerohack.com
rankhack.com
moneyhack.com
mindhack.com
antihack.com
hackbart.com
hackteck.com
bedshack.com
payshack.com

• The above list can be used to make an dictionary which can used in dictionary attack or in other hacking activities.

GETTING REVERSE IPS OF THE TARGET :-

• Type 14 for reverse ip lookup.
• Type hack.me

Enter 00/18 => =>  14
Enter IP Address : hack.me
74-50-111-244.static.hvvc.us
hack.me
ns4.hack.me
www.hack.me

• After executing the above command it shows the target another hosted addresses. Reverse lookup helps in finding the phishing pages or in other hacking activities.

The above tool shows many information about the target which can help lots of pentesters or security researchers. According to ethical hacking researcher in international institute of cyber security Devploit comes handy as it consumes lot of time if you compare to other tools. Its an easy tool for gathering information.

ABINE EXPOSES NEARLY 3 MILLION USERS’ INFORMATION

The password manager service exposed the data due to a poorly configured online bucket

Abine, developer of Blur, the password management service, has recently launched a security notice in which it reports that a file containing users’ sensitive data was exposed due to an oversight, report cybersecurity specialists from the International Institute of Cyber Security.

The exposed information would have been identified on September 13th, after Abine found a file with email addresses, information on the IP used by its clients to log into Blur, as well as encrypted information related with users’ passwords. Apparently, this file has been exposed since January 6th, 2018.

The main work of the Blur service is to ensure and enhance the Internet privacy experience of its users, offering password management services, as well as payment card, email addresses, and phone number protection and masking. For its part, Abine is responsible for encrypting passwords, using bcrypt and a single salt for each of its users. These unique features are present in the company’s exposed file, instead of the real passwords, according to experts in cybersecurity.

However, it is known that this user password-related information could help an attacker gain access to any online account protected by these services in the event that the user has linked those services using the same email address. According to the security alert published by Abine, until now there is no evidence that the sensitive data of any user has been compromised.

“We believe that the data of our users remain secured. There is no evidence suggesting that the data stored in Blur (protected payment cards, email and phones) have been compromised,” mentions a post on the Abine blog.

Cybersecurity experts point out that Abine has not provided further details about the incident, such as the exact number of victims or how the bucket was exposed in the first place. Early research suggests that a misconfigured Amazon S3 bucket contained the exposed file, so data from about 2.4 million users would have been exposed during the incident.

This incident represents a hard blow to Abine, because password management services are considered more reliable to manage a large number of access keys to different services without the need to memorize different keys or establish a same password for every platform, running as an additional security layer. As a security measure, the company suggests its users to enable two-factor authentication (2FA) and, if possible, reset all their passwords.

CLOUD SERVICE PROVIDER’S SERVERS INFECTED WITH RANSOMWARE

The cloud computing services company suffered an attack with malicious software known as Ryuk that crippled its activities

During the past Christmas Eve, the cloud service provider Data Resolution suffered a ransomware-based attack that disrupted the proper functioning of its systems, as reported by cybersecurity specialists from the International Institute of Cyber Security.

Data resolution LLC offers software hosting, enterprise continuity systems, cloud computing and data center services for over 30k companies around the world. The incident was revealed by renowned cybersecurity researcher Brian Krebs, who mentioned that the infection could have occurred because of ransomware Ryuk.

Just a few days ago, this ransomware variant infected the systems of some newspapers in the United States, shutting down their printing and generating delays in the distribution of the papers in some areas of the U.S. West Coast.

According to the first investigations, the malicious actors would have seized access keys and logged in during the last Christmas Eve to accede to the networks of the company and to inject the ransomware Ryuk.  It seems that hackers have not committed any data theft of the company, as their only goal was to extort Data Resolution managers to make a payment and recover the encrypted data.

“During the incident, the attackers took control of the company’s data center domain, thanks to what they managed to block any authorized access for a few moments,” said the cybersecurity expert. “The security notice that the company sent to its clients mentions that Data Resolution closed its network to stop the progress of the infection, in addition to be able to begin the process of elimination of the ransomware, restoration of its systems and retrieval of information”.

According to reports from some cybersecurity firms, the ransomware Ryuk is one of the main weapons used by the group of hackers known as APT Lazarus, linked to the North Korean government. Apparently, Ryuk keeps various similarities with the Hermes malware, used by this group of malicious actors.

A ransomware-based attack campaign was recently discovered directed against organizations around the world allegedly linked to North Korea. This campaign seems to be perfectly planned, with cybercriminals aiming at different companies and encrypting hundreds of PCs, storage units and data centers in each infected organization.

Some reports collected even confirm that some companies made significant payments to retrieve their information, transferring figures ranging from 15 to 50 Bitcoin. According to estimates made by the U.S. authorities, this campaign of attacks would have generated gains of up to $640k USD for the attackers.

POCSUITE REMOTE VULNERABILITY TESTER

#CASTHACK – THOUSANDS OF CHROMECAST, GOOGLE HOME AND SMART TVS HACKED

HACKER GROUP LAUNCHES CYBERATTACK CAMPAIGN AGAINST LAWYER FIRMS

Dark Overlord hackers have pledged to leak information related to the 9/11 terrorist attacks in New York

As the world prepared to receive the New Year, the hacker group known as The Dark Overlord made a statement that took the whole cybersecurity community by surprise because, according to specialists from the International Institute of Cyber Security, this group of hackers claims to have stolen a huge amount of data from the legal firm Hiscox Syndicates LTD, a company responsible for the management of insurance policy files related to the attacks of September 11, 2001.

The incident was discovered after a Pastebin ad appeared online; in it, it was mentioned that, in addition to the attack against Hiscox Syndicates, the hackers also attacked the organizations Lloyds of London and Silverstein Properties.

In addition, hackers claim that Hiscox and Lloyds of London “are the largest insurance companies in the world.” After explaining their motives for attacking legal and insurance firms, hackers demanded a ransom payment in Bitcoin and threatened to leak sensitive information related to the 9/11 terrorist attacks if their demands were not fulfilled.

According to specialists in cybersecurity, the stolen data include email addresses, non-disclosure agreements, accountability analysis, litigation strategies, agreements, testimonials, exchanges of information with public officials from all over the world, etc.

According to Pastebin publication of The Dark Overlord, the Hiscox firm was aware of the cyberattack and even made a first payment for the rescue of the information, but failed to comply with the cybercriminals’s demands by notifying the authorities of the incident.

“After a few months we discovered that law enforcement agencies had been involved in this issue thanks to an informant. Even after this violation of our agreement we decided to give the legal firm a second chance to meet our demands. Because they refused to accept this new offer, we decided to act this way”, mentions the post of the hacking organization.

To demonstrate their claims, The Dark Overlord published 16 screenshots showing fragments of internal communication from Hiscox Syndicates, in addition to publishing a download link, which apparently contains 10 GB of encrypted data, whose decryption keys will be published later, according to the group of hackers.

“If you are one of dozens of law firms that participated in the litigation, a politician who was involved in the case, an investment bank, etc., you can contact us through our email to request that you formally withdraw your documents and materials of any possible public disclosure in exchange for a payment,” mentions the Pastebin post.

According to experts in cybersecurity, The Dark Overlord group is a well-known hacking organization identified primarily for its attacks against banks, insurers, cosmetic surgery clinics, companies like Netflix, etc.

In May 2018, law enforcement agencies in Serbia arrested a 38-year-old man, born in Belgrade, pointing him as a suspect of being one of the main members of The Dark Overlord. However, due to this recent attack campaign the specialists deduce that it has not been possible to shut down this organization, showing that The Dark Overlord is still active.