Articles by "security"
Showing posts with label security. Show all posts
Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks
There are 11 misconceptions about hacking that we need to know.

1. Although the word hacking is associated with "unauthorized access", its true meaning is not bad at all. The hack is just computer-related but we can use the word on almost anything in the world. Such as food hacks, dress hacks, lifestyle hacks. Hacking means removing a weak part of a topic or improving it to better understand a topic or make it easier. It can also be used to do so.

2. Hacking is a skill-based topic. You can never explore it unless you have a good knowledge of computers. Although many books or video lessons claim that they can be hackers by taking these lessons, that is a lot wrong. To understand how all these techniques work, you need to know what is and what is in it.

3. Hacking words sounds very bad. It seems these criminals do. But this is wrong. Hacking is the subject of a computer that can be researched as it is read. In large companies, there are a lot of hackers. They help keep the company system active and protect it from other hackers.





4. Hacker doesn't mean anything bad. Hackers are basically divided into two. A black hat is known as Criminal Hacker. They do all kinds of harmful and nasty things. Another White Hat hacker. They are known as Ethical Hackers. Different companies put themselves in charge of their system security. No one else can harm their system.

5. There is no software in the world that can hack a social account direct. Many of your software on the Internet that claims that you can access the account without giving some useful information. It is absolutely wrong. This software contains malware. When you install this software. Then that malware will infiltrate into your PC without your knowledge. This means that if you hack someone's account, your account can be hacked. So stay away from all these.

6. Hollywood movie hacker. Many people who have seen Hollywood hacking movies think hacking is really that way. It's totally wrong. Hacking is a time-consuming and skill dependent job. So the process of showing a movie is wrong in many respects and which is incompatible with reality. They are done with 3D graphics and visual effects. It cannot be done so quickly and easily.

7. Can't access Facebook or other social account or blocked account for any reason. Many people think their account has been hacked. They also post that their account has been hacked. But what exactly is it? Most often it is seen that strangers are blocked by posting a friend request or some obscene account for a few days. It may be difficult to access the account even if it is not opened. There is nothing to say that the account has been hacked.





8. To learn computer hacks, you need to first become proficient in computer matters. I need to know how computers work, ideas about networking, programming languages ​​and web development.

9. A hacker is used in the field of computing for anyone who is very skilled at the computer and who can exploit system or machine vulnerability to develop access or system security.

10. Hacked is not an illegal act. Those who are called Ethical Hackers for developing system security or protecting the system from other hackers. But if you hack into something unintentional or harmful, it's called a non-ethical hacker.

11. "Hacking can never be learned through mobile. Remember that you need a computer to work"
Thanks



Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks
That is how WhatsApp is hacked

People in the cyber world use specialized software to monitor WhatsApp. One such software is called Pegasus. WhatsApp can be monitored using software developed by the NSO group in Israel. Over two dozen academics, lawyers, journalists, and politicians have been monitored using Pegasus software in the last Lok Sabha elections in India. WhatsApp authorities have confirmed the matter.

According to some Indian media, Israeli software was used to monitor WhatsApp information before the last election. NSO Group has developed Pegasus software for cyber espionage or surveillance. However, it is not known exactly how many people are being monitored with this software. WhatsApp notifies users of surveillance on their device.

WhatsApp was contacted by the Times of India but did not give any formal statement on the issue.





Facebook-owned WhatsApp sued the Israeli company in the United States. WhatsApp surveillance information was reported the next day. In the lawsuit, WhatsApp alleges that the Israeli company monitored 7,000 people around the world using Pegasus spyware.

The lawsuit alleges that Facebook seized information about smartphones operating on iOS, Android and Blackberry operating systems with Pegasus software. WhatsApp VoIP stack error code can be deployed remotely on the device.


Pegasus is software developed by NSO Group in Israel


According to a BBC Online report, Fustin Rukundu, who was recently deported to Leeds, England from Rwanda, complained about his WhatsApp hacked. He said he got a call from WhatsApp from a stranger. When he grabs the call, it is left without anyone to speak. Unbeknownst to him, his phone gets hacked and he removes the files. Missed calls started coming from strangers on her phone. He bought a new phone for fear of family safety. A few days later, there were calls from strangers.





Fostin alleges that many other anti-Rwandan governments have received calls from strangers

He got to know. Last May, he learned that WhatsApp had been hacked.

In May this year, WhatsApp admitted to having errors. In August, WhatsApp errors also came up. At that time, the BBC said, what you said or did not write on WhatsApp could show. If wanted, the rogue can change the WhatsApp message using special programs. The WhatsApp platform has recently opened a tool for changing user messages. Experts say that Facebook-owned WhatsApp has a fatal flaw that can be used to change a user's words or words.

Researchers at Checkpoint, a cybersecurity firm, claim that they learned about WhatsApp errors as well as tools or programs for replacing messages sent to WhatsApp. WhatsApp error can be used to spread fake news or cheat.


How does Pegasus come to WhatsApp?

 Experts say that Pegasus can be downloaded even with a little video missed call on WhatsApp. Pegasus installed after the video call can take full control of the entire smartphone, including its contact list. Everything happens without the user being aware of it. From this messaging app, cyber experts can find out information including video calls, messages, and messages.

NSO Group claims that they sell their software only to various government agencies. However, the software is not created or endorsed to monitor human rights activists or journalists.



Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks
Notorious GandCrab Ransomware Returns With A New Name |  GandCrab Ransomware

GandCrab was one of the most popular ransomware families in 2018 and 2019. The ransomware encrypted all the files on the target computer and demanded as much as $2,000 in Bitcoin or Dash for the decryption key. The authors behind GandCrab malware announced in June that they are scrapping the operations of the malware as they have made enough money from it. According to the authors, they earned $2 billion from ransomware payments.

Now, the security researchers at Secureworks Counter Threat Unit have spotted new ransomware that shares the same code as GandCrab and it is seen as an evolved version of Gandcrab.


REvil, which is also known as Sodinokibi, has been linked to GandCrab malware.

Speaking to ZDNet, a security researcher said, “It certainly shares some code overlap with GandCrab and there are even artifacts in there which suggest that it was intended to be an evolution of GandCrab and they decided that GandCrab was ripe for a rebrand and relaunch.”


Why are researchers linking REvil to GandCrab?

Researchers have come up with the following reasons why they believe that GandCrab is resurfacing again in the form of REvil:

String decoding functions of REvil and GandCrab share similarities.
The two ransomware also share the URL binding functionality which produces similar URL patters for control servers and commands
Terms like ‘gcfin’ and ‘gc6’ in the code of REvil suggests a relation between GandCrab and REvil. Researchers believe that ‘gcfin’ stands for ‘GandCrab Final’ and ‘gc6’ denotes GandCrab 6.
Both REvil and GandCrab have whitelisted certain keyboard layouts as a measure to not infect Russian-based hosts.
Despite the similarities in the code, there are some differences as well which suggests that REvil could be the work of another bad actor who might be trying to imitate GandCrab.

While the operators of GandCrab often displayed an amicable relation with security researchers by often mentioning the researchers’ names in their command and control domains, actors behind REvil have a strict business approach.

REvil could be on its way to becoming of the most high profile ransomware. We recommend that users keep their system updated as and when updates arrive to safeguard themselves against cyber attacks.
Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks



How to secure your webcam and prevent webcam hacking


Webcams can be a window for you to see the world, but they also provide criminals a view into your personal life. Here's what you can do to stop being kidnapped.

Webcams are great. They allow us to easily communicate face-to-face with family and friends, even if they are at the other end of the world. They allow journalists to interview people in far-flung corners of the world. They allow entrepreneurs in remote locations to do business with people in large cities around the world.

And so today almost all smartphones, laptops and tablets to notebook PCs, webcams have become standard devices these days. Just about every device we use has a camera.

But have you ever stopped thinking that while you are staring at your screen, someone else on the Internet may be staring at you as well?

In 2014, more than half a million Windows computers were infected with malware, allowing explicit access to users' web cameras and microphones. For reference, it is about one-sixth of the American population.

Webcam hacking is real. Webcam resolutions are getting much better these days, which means that high-quality photos and videos can be used for espionage or exploitation, so I'm here to guide you on how to secure your webcam.







National news periodically has news reports about hackers being tricked by hackers to install webcam spyware.

In 2016, taped photos of Facebook founder Mark Zuckerberg's computer covering a webcam sparked much debate about the safety of personal webcams.

Many webcams on notebook computers have indicator lights that tell you when your camera is actively capturing video. But it may also be possible (on some cameras) to disable this activity light through software hacks or modified configuration settings. So, just because you don't see an activity light does not mean that your webcam is still not capturing video.



Webcam Malware

There have been numerous instances of malware specifically designed to target webcams to allow hackers to secretly view their prey.

The best of these pieces of malware were Blackshades, a remote access Trojan (RAT) that was distributed when victims visited infected websites, opened malicious email attachments, or plugged USB drives into their PCs. This is a malware used against Wolf.

In other functionalities, Blackshades allows a person using it to take full control of an infected user's webcam. This malware infected more than half a million PCs in more than 100 countries around the world, selling for at least $ 40 on the web.

The Blackshades RAT, available for sale on the web for just $ 40, enabled anyone anywhere in the world to become a dangerous cybercriminal who would be able to steal your property and invade your privacy. However, the malware maker was arrested by the FBI.

In 2012, the Electronic Frontier Foundation and Citizen's Lab reported that black shades were being used against opposition forces in Syria, while others bought a hacking tool to get to know people, including a man from Leeds, whom in 2015 A 40-week suspended sentence was given. He used Blackshades against 14 people, 7 of whom he knew personally - using his ex-girlfriend's credit card to pay for it.



Recently Gartner reported on Delilah Malware that specifically targets enterprises and uses webcams to gather evidence from employees and their families, to blackmail them and their companies. Sensitive information can be obtained.



Webcam Streaming Sites

But hacking is not required in many cases to access the webcam. In 2014 the US and UK governments warned that there were several websites that were tracking unsafe webcams around the world.







These sites - which are not hacking anyone's systems - depend on the fact that most webcam, security camera, and IP camera manufacturers leave security settings unchanged when they are installed, and therefore can be monitored is.

The operators of these sites say they only scan for unsecured Internet-connected cameras and post snapshots taken from them on their sites.

How To Secure Webcam and Prevent Webcam Hacking-

So it is clear that there are some significant risks associated with having a webcam in your home or your workplace. Thankfully there are many steps to protect you, your family and your business.



1) The Simple Solution: Cover It Up

Sometimes the simplest solutions are the best. If you want to make sure no one is watching you through your webcam, get some electrical tape and cover it. If you don't want any tape residue on your camera,

Zuckerberg prefers a piece of black electrical tape, while Snowden is seen holding a blanket over his entire laptop to stop spies, but whichever you choose, you should always check that it is on your laptop or desktop computer The camera works by firing the app (or use the Skype test call feature) to see if you have blocked everything using the cover.

One of the problems with using a piece of tape is that should you need to use the camera at any point, the tape may leave a sticky residue on the camera's lens, although rubbing vigorously over this problem Can be solved.

If you don't want to use this solution, but want something more substantial, you can buy physical webcam covers online that come in a variety of shapes, sizes, and colors, some with a sliding door feature. Also occurs.



2) Close your laptop / Turn off your computer

If you use your webcam for Skype chat or video conferencing (or just want to check if your head hair is fine), instead of putting a cover on it, you can just make sure that Your computer is turned off when you are not using it.

Even the best hacker in the world will not be able to see if you are powering your PC down if you are turning off your laptop or if you are not using it.



3) Regularly scan your computer for webcam malware

Hackers are very good at circumventing traditional security measures such as antivirus software and generally spotting webcam focused focus malware is not something these antiviruses do well.

But this does not mean that you should do nothing.

You should use a good antimalware as a second opinion. As their name suggests, they act as a secondary malware detection and removal program, where the primary scanner of an antivirus installed on your PC fails to detect an active malware infection.

Hackers actively perform malware coding to avoid some antivirus software. So it is always a good idea to use antimalware such as Malwarebytes if you have a webcam on your PC or laptop.









4) Change the default admin and password

If you are using a standalone webcam, either with your computer or as a security camera or child monitor, then you need to make sure that you have changed the default settings before you leave the factory Was configured by the manufacturer.

These changes are made by the software that came with your camera.



5) Avoid Opening E-mail Attachments From Unknown Sources

If you get an email from someone you don't know and it has an attachment file in it, think twice before opening it because it may contain a Trojan horse malware file that installs malware related to a webcam on your computer Can do.



6) Avoid Clicking Shortened Links on Social Media Sites

One of the ways of spreading webcam-related malware is through links on social media sites. Malware developers often use services such as TinyURL and Bitly to shorten links and try the correct destination link, which is likely a malware distribution site.



7) Use a Firewall

Another perfect way to protect your webcam is by using a firewall. It is software that provides an additional layer of protection by monitoring incoming and outgoing traffic. This prevents unauthorized access to your device and filters out any traffic to be blocked.

Most firewalls will need to be manually turned on, so you should go into your device settings and make sure it is enabled.



8) Disable Your Webcam

If you are not planning to use your webcam for some time, you can always disable it. While this may not actually stop a determined hacker, it will stop most methods of gaining control, as the malware used will probably not attempt to re-enable the cam or install its drivers.

The easiest way to disable your webcam in Windows Device Manager. Use the built-in search on your desktop to find and launch it.

Device Manager lists each piece of hardware connected to your computer by category. Webcams are usually listed under Cameras, but you will also find them under categories like Imaging Devices.

When you find your camera, right-click it, and select Disable device. Windows will ask you to confirm. You may have to restart your computer for the change to take effect.




Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks
Facebook Listened To Your Voice Messages Without Permission







Mark Zuckerberg-owned Facebook is the newest addition to the list of tech companies who try to invade our privacy and listen to private conversations. The company hired external contractors to listen to our conversations.


Facebook Has Access to Voice Chats

According to a report by Bloomberg, Facebook paid contractors to transcribe users’ voice chats from its services, specifically Facebook Messenger. The voice chats included various conversations between users that were even ‘vulgar’ in nature, meaning a lot of sensitive content was accessed by the company.









People close to the matter have suggested that those who were listening to the audio clips weren’t allowed to know why they were doing so.

Among the various contractors hired to do the job, TaskUs Inc. is one; it has suggested that Facebook never told them the whereabouts of the voice clips, due to which TaskUs’s employees felt they were involved in something unethical.


Facebook Admits 

Facebook has admitted that it hired people to transcribe users’ voice chats to ensure that its AI can understand the messages. However, it stopped doing so a week back, after various other tech companies were found accessing users’ conversations.

Although Facebook has halted its practice of listening to users’ chats, it didn’t tell users that it would access their conversations (at least directly!). Facebook mentions in its data-use policy that it can collect user data, but doesn’t specifically mention voice clips.



A New Member

Facebook is obviously not the only tech company that got hold of user conversations for its own advantage. Quite recently, Apple’s Siri was found recording users’ conversations (even sex chats) to further train the virtual assistant; Amazon’s Alexa and Google Assistant are also part of the list.

Following the revelations, Apple and Google stopped the practice, while Amazon has provided users with the option to opt-out of the process.


My Take

While companies claim to access users’ private conversations just for the sake of analyzing and improving their services, it’s clearly a case of privacy invasion and it’s high time companies stop doing this in the name of enhancing its services for us.

Companies can follow other methods of doing so — may be customized sample audio clips could work in this scenario instead of using actual conversations. I hope these companies take note and avoid trouble for themselves, especially Facebook, which just got fined by the FTC.




Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks
Kaspersky Allowed Tracking Of Millions Of Users By Injecting Unique ID







On Thursday, a German security journalist Ronald Eikenberg reported a flaw in Kaspersky antivirus software that could have leaked data of millions of Kaspersky users.

According to his report, Kaspersky injected a unique identifier into the HTML of every website a user visited. Therefore, making it ridiculously easy for perpetrators to keep track of their victim, regardless of the browser used.

The company later confirmed that their Antivirus product doesn’t interact with TOR browser, so the same isn’t possible on TOR.


The Java Script goes something like,

 “<script type=”text/javascript” src=”https://gc.kis.v2.scr.kaspersky-labs.com/9344FDA7-AFDF-4BA0-A915-4D7EEB9A6615/main.js” charset=”UTF-8″></script>







This is a Universally Unique Identifier (UUID) which Ronald discovered on systems with Kaspersky software. The unique ID (in bold) was present on every website he visited.

The ID popped up in every popular browser such as Firefox, Chrome, Edge, and Opera. “Without exception, even on the website of my bank, a script from Kaspersky was introduced,” he writes.

After reporting the flaw, the company told that the leak was part of all the Kaspersky Antivirus Editions launched in 2016. To put it in simpler words, people using Kaspersky AV 2016 editions for the last four years were vulnerable to leak.

This includes all the consumer versions of the software for Windows (Kaspersky Internet Security, Kaspersky Total Security, and all the free versions). Kaspersky released an update back in June which fixed the flaw. The company also issued an advisory a month later.

Kaspersky later released out a statement thanking Ronald for reporting the error. They also pointed out that a hack is highly unlikely, given the “complexity and low profitability for cybercriminals.



Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks
All-In-One Malware ‘Plurox’ Can Hack Your PC In Three Different Ways





Kaspersky security team has discovered a new strain of malware called Plurox, which packs a cryptominer, backdoor, and worm-like plugins, all into one.

Plurox is a cut above the regular malware. It comes with advanced capabilities that can spread the malware laterally to more systems and mine cryptocurrency using one of its eight different plugins.



This self-spreading virus has a modular structure which facilitates its multi-faceted features such as backdoor trojan and cryptominer.


Modular structure of Plurox

At its core, Plurox contains a primary component that allows Plurox bots (the infected hosts) to communicate with a command and control (C&C) server.

The Kaspersky team says that this component is crucial and the authors of Plurox use it to download and run files on the infected hosts. The downloaded files are called “plugins,” which contain most of the malware’s features.


Motive behind Plurox: Cryptomining

Eight different plugins have been found in Plurox and their sole purpose is cryptocurrency mining. These plugins are based on various hardware configurations for CPU/GPU mining. In addition to this, there’s a UPnP plugin and an SMB plugin.




By monitoring the malware’s activity, the team found two ‘subnets.’ One subnet is dedicated to receiving only mining modules and the other subnet is focused on downloading all modules that are available.

Although the purpose of having two separate communication channels is unclear, it does establish that the primary feature of both subnets is cryptocurrency mining.


Plurox inspired by NSA exploits

The SMB plugin mentioned previously is essentially a repackaged NSA exploit called EternalBlue that was publicly leaked in 2017.

The plugin allows bad actors to scan local networks and spread the malware to vulnerable workstations via the SMB protocol (running the EternalBlue exploit).

But that’s not all. UPnP is actually the sneakiest and most nasty plugin among all. It creates port forwarding rules on the local network of a compromised system and uses it to build backdoors into enterprise networks bypassing firewalls and other security measures in place.

Once again, the inspiration behind the use of the UPNP plugin came from another leaked NSA exploit called EternalSilence. However, instead of using the actual EternalSilence code, they developed their own version.



Security researchers are still trying to figure out how the Plurox crew is spreading the malware to hijack larger networks. For more information on the same, you can refer to Kaspersky’s SecureList blog.