MilkyDoor malware turns Androids into backdoors to attack enterprise networks


Routines and techniques build on those of the malware’s predecessor, DressCode.

A new Android malware family is able to blend in with normal network traffic and avoid detection by encrypting its payloads, in order to access internal networks.

The backdoor, known as MilkyDoor, has so far affected 200 unique Android apps available on the official Google Play Store. Some of those apps boast between 500,000 and one million installs. 

Hundreds of other programs, including books for children and doodle applications, have also suffered infections by MilkyDoor. It appears criminals seized most if not all of these apps, repackaged them with malware, and uploaded them to the Play Store. No doubt they thought these modified versions would still attract large numbers of downloads based upon the popularity of their parent programs.

MilkyDoor malware turns Androids into backdoors to attack enterprise networks

Src & more :https://www.grahamcluley.com/milkydoor-malware-turns-androids-backdoors-attack-enterprise-networks/

Hacked home routers are trying to brute force their way into WordPress websites


Malicious hackers are seizing control of poorly-protected home routers, and commanding them to launch attacks designed to brute force their way into WordPress websites.

Security researchers at Wordfence first determined that something noteworthy was happening when they witnessed an unusual spike in attacks originating from Algeria against its customers’ WordPress websites.

Looking deeper into what was happening, the researchers discovered that the attacks were being launched from more than 10,000 IP addresses. 97% of the attacking IP addresses found in the country were owned by customers of the state-owned telecommunications provider, Telecom Algeria.

Src & full news ; https://www.tripwire.com/state-of-security/featured/hacked-home-routers-trying-brute-force-way-wordpress-websites/

Hacked home routers are trying to brute force their way into WordPress websites

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools


Vulnerable unpatched systems expose exploitable SMB networking to world+dog.

The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told.

On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he’s seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed on them. These hijacked machines can be used to sling malware, spam netizens, launch further attacks on other victims, and so on.

DOUBLEPULSAR is a backdoor used to inject and run malicious code on an infected system, and is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2. That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker. Both DOUBLEPULSAR and ETERNALBLUE are leaked Equation Group tools, now available for any script kiddie or hardened crim to download and wield against vulnerable systems.

Src & full report : theregister.co.uk

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

“Zero Fee” I.T. Workshop Schedule & Platforms, for June 2017 – Pokhara 


#adminhere   #update   #notice  #info   #ZeroFee  #ITworkshop   

“Zero Fee” I.T. Workshop Schedule & Platforms, for June 2017 – Pokhara 
> “Zero Fee I.T. Workshop refers to complete ‘Zero Training Fee’ only for students (School level, College +2 level, Bachelor Level). Not free for Master Level & above Students.
> Workshop runs for 5 days. 2-4 hours per day. 3 days focus on Training. 2 days focus on students’ projects.
> Interested students can fill up the form from May 1, 2017.
> Workshop starts from June, 2017
> I.T. Workshop Platforms given below :
– Ethical Hacking Workshop for Beginners. (1st week)
– Video Editing Workshop for Beginners. (2nd week)

– Photoshop Workshop for Beginners. (3rd week)

> Terms & Condition for joining “Zero Fee” I.T. Workshop 2017 – Pokhara  
– As mentioned above, this is Free only for students who are beginner in this field. (Level is already mentioned). 
– For each of the workshop, students number is limit. Only 20. 
(What if more than 20 students filled form ? Well, in this case, all students must face 20 questions in a paper. Depending upon for which workshop student applied, basic questions will be asked. BASIC. . . Those who will not get seat, can again apply for next session. E.G. Let’s assume You applied for Ethical Hacking Workshop and solved question paper related to it. If you passed, then its ok. But if you couldn’t get seat, then no problem. Because, next month you can again apply for same workshop, different date).

– Student can apply for all platforms mentioned above, and get “Zero Fee” I.T. Workshop.
– Student must bring their own laptop in workshop. We will not provide our system to you. 
– Organizer have rights to Change Date or Schedule or any kind of information and rules related to I.T. Workshop. (We will change it only if we need to. Only in serious case. Changing occurs very rarely) 
– Inform your relatives, friends and circle.
For more detail, call : 9846618997
Vision by : Bijay Acharya

Hackers House, I.T. Solution Pokhara

​अबैध अन्तर्राष्ट्रिय कल बाईबास गर्ने पक्राउ


काठमाडौं, ७ बैशाख
    गोकर्णेश्वर नगरपालिका–५ स्थित श्रीराम पौडेलको घरमा अवैध रुपमा भीओआइपी संचालन गरिरहेको अवस्थामा बारा निजगढ नगरपालिका–५ सडकटोलकी २४ वर्षीया अनुपा खतिवडालाई विभिन्न उपकरणसहित केन्द्रीय अनुसन्धान व्यूरोबाट खटिएको टोलीले बुधबार पक्राउ गरेको छ ।

    उक्त ठाउँबाट ६४ पोर्टको जिएसएम गेटवए डीभाइस १ थान, टिपी लिंकको राउटर १ थान, एचपी कम्पनीको ल्यापटप १ थान, कलर्स मोबाईल १ थान, ८ जिबीको पेनड्राइभ १ थान र सोनी एक्सपेरा मोवाइल १ थान बरामद भएको छ ।

    पक्राउ परेकी खतिवडा उपर दूर संचार ऐन, २०५३ अन्तर्गत जिल्ला अदालत काठमाडौंबाट ५ दिन म्याद लिई अनुसन्धान कार्य भइरहेको छ ।

Src ; Nepal Police. 

Open Source Malware Analysis Platform: FAME


  

FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework. Instead of developing several scripts for different tasks related to malware analysis, develop FAME modules that will be able to collaborate with each other.

FAME was built to facilitate malware analysis by automating as many tasks as possible.  The real work of malware analysis is done by processing modules. FAME will do its best to determine what processing modules should be run during each analysis, and will chain modules’ execution in order to achieve end-to-end analysis.

Each processing module can produce the following analysis elements:

  • Probable Name: this is the malware family. A module should only set the probable name if it has a very high confidence in its diagnostic.
  • Extractions: this is text information that should be the most useful for the analyst. A typical example would be malware’s configuration.
  • Tags: a tag is a computer-friendly piece of information that describes the analysis. Can be seen as a form of signature name.
  • Generated Files: files that were produced by the analysis, such as memory dumps.
  • Support Files: files that can be downloaded by the analyst, such as a sandbox analysis report.
  • Extracted Files: files that deserve an analysis of their own.
  • IOCs: indicators of compromise that could be used to detect this malware.
  • Detailed Results: any kind of information that would be useful to the analyst.

    When analyzing a file, the first step is to determine the file type. FAME will try to determine the file type based on the file extension and python-magic. A FAME-specific file type will then be associated to the file using different indicators (examples: “executable”, “word”, “pdf”, etc.). Then, the analyst has to choose between two types of analysis: Just Do Your Magic (recommended) or Targeted analysis.

Modules

FAME relies on modules to add functionality. Modules are actually Python classes that inherit from the fame.core.module.Module class.

Several kind of modules can be created:

  • ProcessingModule: this is where FAME’s magic is. A ProcessingModule should define some automated analysis that can be performed on some types of files / analysis information.
  • ReportingModule: this kind of module enables reporting options, such as send analysis results by email, or post a Slack notification when the analysis is finished.
  • ThreatIntelligenceModule: this kind of modules acts on IOCs. a ThreatIntelligenceModule has two roles:
    • Enrich the analysis, by adding Threat Intelligence information on IOCs when they are added to the analysis.
    • Enrich the Threat Intelligence Platform with IOCs extracted by FAME.
  • AntivirusModule: modules that act on files, and send them to antivirus vendors.

Download Link & Source : https://n0where.net/open-source-malware-analysis-platform-fame/ 

LinuxKit: A Toolkit for Building Secure, Lean and Portable Linux Subsystems


LinuxKit: A Toolkit for Building Secure, Lean and Portable Linux Subsystems – 

 Last year, one of the most common requests we heard from our users was to bring a Docker-native experience to their platforms. These platforms were many and varied: from cloud platforms such as AWS, Azure, Google Cloud, to server platforms such as Windows Server, desktop platforms that their developers used such as OSX and Windows 10, to mainframes and IoT platforms –  the list went on. 

Src & more on https://blog.docker.com/2017/04/introducing-linuxkit-container-os-toolkit/

​सामाजिक सञ्जाल मार्फत ठगी भएको उजुरी गर्न केन्द्रीय अनुसन्धान व्यूरोको अनुरोध


काठमाडौँ, ६ बैशाख
     विगत केही समय यता फेसबुक लगायतका अन्य सामाजिक संजालहरु मार्फत अपरिचित व्यक्तिहरुले Friend request ( साथी हुन अनुरोध ) पठाई  request accept (अनुरोध स्विकार ) भए पश्चात आत्मियता बढाउदै जाने र सो क्रममा माया प्रेमको नाटक गर्ने, बिदेशमा राम्रो जागिर लगाईदिने भनी प्रलोभन देखाउने चिट्टा वा गोलाप्रथा परेको भनी सन्देश पठाउने, आफन्त तथा साथीभाईको समस्या देखाई पैसा माग्ने, सस्तो वा सहुलियत ऋणको प्रचार गर्ने तथा विभिन्न नेटवर्किङ व्यवसायमा आवद्ध गर्ने, भारत लगायतका अन्य मुलुकका अध्यागमन कार्यालयमा तपाईको पार्शल आएको छ, कर नतिरेको हुँदा पार्शल रोकिएको छ भनी पार्शलको फोटो पठाउने तथा सो बापत कर तिर्नुपर्छ भनी आइएमई मार्फत नेपाल भित्र तथा भारतका विभिन्न आइएमईमा पैसा हाल्न लगाई ठगी गर्ने गिरोह सक्रिय भई ठगी गरिरहेको सूचना उजुरी विभिन्न प्रहरी कार्यालयहरु तथा केन्द्रीय अनुसन्धान व्यूरोमा समेत आइरहेको हुँदा यस्ता किसिमका प्रलोभनमा नपरी ठगी हुनबाट बच्न सम्पूर्ण आम नागरिकमा प्रहरी प्रधान कार्यालय केन्द्रीय अनुसन्धान व्यूरोले हार्दिक अनुरोध गरेको छ ।

    साथै कोही कसैले उल्लेखित प्रलोभन देखाएमा वा कोही उपर शंका लागेमा नजिकको प्रहरी कार्यालय वा केन्द्रीय अनुसन्धान व्यूरोको फोन नम्वर ०१४४११७७६ वा ९८५१२८३१४० मा सम्पर्क गर्नुहुन वा व्यूरोको इमेल ठेगाना cib@nepalpolice.gov.np मा पठाउन समेत अनुरोध गरिएको छ ।

Src :https://m.facebook.com/story.php?story_fbid=1496679713738755&id=390508537689217 (official nepal police page)

“Snapchat users’ detail leaked”, claims Indian Hackers. 


Indian hackers ‘release details of 1.7 million Snapchat users’ after app’s CEO is accused of calling India a poor country


Src : independent.co.uk

​4 more ATM Hackers arrested – Kathmandu, Nepal. ATM Card बाट अनाधिकृत रुपमा रकम भुक्तानी लिने विदेशी नागरिकहरु ४९५ थान ATM Card सहित पक्राउ


Src : Nepal Police. (Also featured image from same page of Nepal Police)

घटनाको छोटकरी विवरण: विशेषगरी काठमाडौंका पर्यटकीय क्षेत्र ठमेल तथा दरबारमार्गमा पूर्वी युरोपेली राष्ट्रका नागरिकहरु नेपालका विभिन्न बैंकका ए.टि.एम. बाट अबैध रुपमा रकम भुक्तानी गरी सो रकम अमेरिकी डलर तथा युरोमा सटही गरी रकमै सहित नेपालबाट बाहिरिन सक्ने भन्ने विश्वस्त सूत्रबाट सुूचना प्राप्त हुन आएकोले त्यस्ता मानिसहरुको निगरानी राखिंदै आएकोमा नेपाल ईन्भेष्टमेण्ट बैंकबाट विदेशी जस्ता देखिने त्यस्ता मानिसहरुको हुलिया सहितको सि.सि.टि.भी. फुटेज समेत केन्द्रीय अनुसन्धान ब्यूरोमा प्राप्त हुन आएकाले शंकास्पद मानिसहरुको खोजतलास गर्ने क्रममा मिति २०७३/१२/२० गते ग्लोबल आई.एम.ई. बैंक, कान्तिपथ शाखाको ए.टि.एम. बाट नीलो टिसर्ट, मास्क लगाएको, अगाडि भिर्ने झोला बोकेको विदेशी नागरिक बाहिरिदै ठमेल संचयकोष, नरसिंहचोक हुँदै का.जि.का.म.न.पा. वडा नं. १७, क्वाबहाल, ठमेल स्थित होटल नेपालय भित्र पसेको देखिएकाले निजलाई पछ्याउँदै निजको बारेमा सो होटलको रिसेप्सनमा गई बुझ्दा रोमानिया समेतको राहदानीधारी निज मोल्दोभियन नागरिक ३२ बर्षीय Iurie Dermenji Pa र सोही होटलमा भित्र पस्दै गरेका अन्य ३ जना मोल्दोभियन नागरिकहरुलाई पक्राउ गरी निजहरु बसोबास गरेको सो होटलको कोठा नं. ३०७ र ४०७ मा खानतलासी गर्दा नेपाली रु. ७,८१,३५० तथा अमेरिकी डलर १,६०५ र युरो २,२४५, विभिन्न ए.टि.एम. कार्डहरु थान ४९५, Card Skimming Device थान-१, ल्यापटप थान-१, ए.टि.एम. बाट रकम निकाल्ने क्रममा खिचिएको सि.सि.टि.भी. फुटेजमा देखिएका टिसर्ट, सर्ट, मास्क, झोला समेत बरामद गरी मोल्दोभाका तपशीलका चारैजना मोल्दोभियन नागरिकहरुलाई कानून बमोजिम पक्राउ गरी बैंकिङ कसूर तथा सजाय ऐन अन्तर्गत अनुसन्धान कार्य भैरहेको ।

पक्राउ परेका मानिसहरु:

१. NICU DEORDIJA PA, AGE-25, PP NO. AA1018367 (MOLDOVA) तथा PP NO. 054334946 (ROMANIA)

२. ALEX भन्ने VASILE FETESCU PA, AGE- 34, PP NO. AA1113676 (MOLDOVA)

३. IURIE DERMENJI PA, AGE- 32, PP NO. B0880204 (MOLDOVA) तथा PP NO. 051707415 (ROMANIA)

४. EUGENIU DEORIJA PA, AGE- 36, PP NO. AA1112951 (MOLDOVA) तथा PP NO. 053173673 (ROMANIA)