Tag Archives: Featured

[In Nepali] Ethical Hacking Video Part 11 : Enumeration Basics


Video Here, ALL Videos in Nepali language.

Ethical Hacking Training, Course – Pokhara, Nepal – CEH


For CEH Course, Ethical Hacking Training, Ethical Hacking Workshop in Pokhara or in other parts of Nepal, Call us : 9846618997

Join july 1-july5, 2016 Ethical hacking workshop in pokhara,nepal.

EHW

[In Nepali] Learn Ethical Hacking – Part 7 – Scanning + NMAP Lab


In this video, I will give some theory of Scanning. After that, I will provide a lab demo on Kali Linux Nmap Command Lines.

Ethical Hacking with Kali Linux [4] – Breaking WPA2 Wireless.


By : Bijay Acharya http://bijayacharya.com/

> > Welcome all, to this series of Kali Linux for Ethical Hacking. This is 4th part, & I’ll explain process of Breaking Wireless WPA2.

# Tools that will be used :

airmon-ng
airodump-ng
aireplay-ng
aircrack

# . . . Let’s Begin,

– Before start, make sure that you have eth0, lo, wlan0 are in action. (go to terminal, & run ifconfig)

– Let’s start to monitor on that wireless interface, run :

READ ALL HERE

Is the art of computer viruses dead?


[Featured]CHFI & Digital Forensics Tutorial [Part 2] – AutoSpy Case & MD5 Calculator (Video)

Stop press! The art of computer viruses may not be dead, after all.

Vancouver-based artist Bratsa Bonifacho says his latest collection of paintings has been inspired by computer malware.

One of Bonifacho’s virus paintings is titled “Horty MyParty is Weird and Coolnow”.

An unusual name, you might think, but it is apparently inspired by a number of viruses from yesteryear including VBS/Horty (which claimed to offer pornographic content of adult film star Jenna Jameson), 2002’s MyParty email worm, and the CoolNow MSN Messenger worm.

MORE

Corrupt call center workers selling your private information for pennies


[Featured] CHFI & Digital Forensics Tutorial [Part 2] – AutoSpy Case & MD5 Calculator (Video)

Thief with secrets image courtesy of ShutterstockAccording to the Daily Mail an undercover investigation in India has uncovered that some call center workers have been selling confidential information on nearly 500,000 Britons.

Undercover reporters from The Sunday Times met with two individuals who claimed to be IT workers who offered to provide them with 45 different types of data gathered from the victims.

Information offered up included names, addresses, phone numbers and credit card details (including CCV/CVV codes and expiration dates).

The reporters allege they could purchase the records for as little as 2 pence apiece ($0.03 USD). One of the IT workersthieves bragged:

"These [pieces of data] are ones that have been sold to somebody already. This is Barclays, this is Halifax, this is Lloyds TSB. We’ve been dealing so long we can tell the bank by just the card number."more

UK student loans targeted by phishers in latest spam campaign


[Featured] CHFI & Digital Forensics Tutorial [Part 1] – Basics & FTK IMAGER Lab

With British students about to start another year at university, the last thing they probably want to hear is that there is a problem with a student loan.

But that’s precisely the camouflage that online scammers are using to steal personal information today.

An email, claiming to come from Directgov UK, tells students that there is a problem with the online account for their student loan, and they need to update their account urgently.

Here’s a typical spammed-out message we’ve seen in our traps:

Student loan phishing attack

Subject:

Student Loan Update.

Message body:

Dear Student Finance Customer.

We at HM Government noticed your Student loan online log in details is incorrect and need to be updated.

DOWNLOAD THE ATTACHMENT TO UPDATE YOUR ACCOUNT NOW

Regards
Inline Verification. Directgov UK.

Attached file:

Student Loan Update.html

Clicking on the HTML attachment is not a good idea, however, as it will urge you to enter your details which are then sent via a website to the phishers.

Student loan phishing attack

Sophos products block the message as spam, and block the webpage that the HTML form is attempting to post the personal information.

Remember to always be suspicious of unsolicited attachments. Also, I would hope that a good student would have noticed the grammatical mistake in the phisher’s email..

 

Canadians increasingly defrauded by fake tech support phone calls


Hand holding a phone

[Featured] CHFI & Digital Forensics Tutorial [Part 1] – Basics & FTK IMAGER Lab

Naked Security has been hearing from our Canadian readers about more fake technical support calls trying to get people to infect themselves with fake anti-virus software, keyloggers and remote control software. That’s right, they are calling people on the telephone and trying to defraud them in numerous ways.

The fraudulent callers represent themselves as being from Microsoft, Telus (one of the traditional Canadian phone companies) and other brands believed to be trusted by the intended victims.

As we have reported previously the calls seem to originate from overseas call centres, but often use caller ID numbers that appear to be local. They likely are taking advantage of extremely cheap Voice Over IP technologies that allow them to purchase local phone numbers.

They falsely claim the user’s computer has been sending error messages to them and that they are calling to help fix their PCs. Their modus operandi varies, although the outcome is always the same: them stealing your money.

They usually offer to assist you through remote control software, often from legitimate vendors like LogMeIn. Once they are able to access your PC they will install fake anti-virus software or other malware and charge you for the privilege. This way they get two bites at the apple… Once for the technical support incident and another when you pay for the rogue security suite.

Telus logoThis has been common enough recently that Telus has posted an advisory on their website. Telus states that they are working with the Royal Canadian Mounted Police to trace the origin of the calls and recommend Telus customers who believe they have been defrauded call 310-2255.

A recent study by Microsoft showed that the average Canadian victim had $1560 USD stolen from their accounts. It is important to apply the same skepticism to incoming phone calls as you would apply to unsolicited emails or strangers ringing your doorbell.

Paul Ducklin and Sean Richmond of Sophos Australia recorded a podcastexplaining these scams and provide advice on how to avoid becoming a victim, I recommend listening to it and sharing it with your friends and family.

 

(05 November 2010, duration 6:15 minutes, size 4.5MBytes)

 

These attacks aren’t just affecting Canadians, we have had reports from Australia, the United Kingdom and the United States as well. Stay vigilant and remember, hanging up isn’t rude when someone is calling to scam you.

Thanks to Savio in SophosLabs Canada and Naked Security reader Lystra for contributing information to this story

The President is finally taking charge? No, a Facebook phishing attack


[Featured] CHFI & Digital Forensics Tutorial [Part 1] – Basics & FTK IMAGER Lab

A warning to all the Facebook users out there – the scammers are after your login details again, this time by spreading a link which purports to be a video of Barack Obama.

The president is finally taking charge on Facebook

The president is finally taking charge!!
[LINK]
Is this really for real?.

The image used in the message looks like a YouTube video thumbnail, but if you click on the link you are redirected multiple times before finally landing on a phoney Facebook login page.

It may look like Facebook, but it’s not the real Facebook. It’s designed to phish your username and password from you.

Facebook usernames and passwords are an increasingly valuable commodity for cybercriminals – once they have those, they’ll be able to log into your account, post messages in your name, spread spam and malware and perhaps raid your profile for personal information that they might be able to use for identity theft.

Worst of all, perhaps, they can pose as you and cause tremendous problems for your friends and family.

So, if you think you might have fallen for a scam like this, change your Facebook password immediately and scan your computer with an up-to-date anti-virus product.

If you’re on Facebook and want to learn more about security threats on the social network and elsewhere on the internet, I’d recommend you join theSophos Facebook page.

US military contractors hacked – possible link with RSA SecurID breach


F-22 Raptor jet fighter

[Featured] CHFI & Digital Forensics Tutorial [Part 1] – Basics & FTK IMAGER Lab

Hackers have broken into the network of Lockheed Martin and several other US military contractors, according to media reports.

Lockheed Martin, has described the attack as “significant and tenacious”.

Blogger Robert Cringely claimed that Lockheed Martin first detected the security breach last weekend (a fact later confirmed by the weapons maker in a press statement). In response to the attack the firm is said to have promptly blocked all remote VPN access to their internal network, and informed over 100,000 users that they would have to change their passwords.

In addition, it’s claimed that all Lockheed personnel with RSA SecurID tokens will be given new tokens.

From the sound of things, Lockheed Martin took swift and sensible action. It was wise of them to take the step of shutting down access to its internal networks as a precaution, once it believed that unauthorised users may have breached its systems.

SecurID tokenThe mention of RSA SecurID tokens, though, is interesting. They’re the devices used by many companies and organisations to provide two factor authentication to allow provide workers with a more secure way of proving they are who they say they are than just providing a username and password.

You may have used something similar when accessing your online bank account – for instance, a keyfob that displays a sequence of numbers that changes every 30 seconds or so.

The reason why this raises eyebrows is that back in March, RSA admitted that it had been hacked, and some of the information stolen was specifically related to RSA’s SecurID two-factor authentication products.

However, RSA has never made public details of precisely what kind of data was stolen – leading to speculation that the security of the widely-used SecurID tokens might have been compromised.

Is it possible that whatever information was stolen from RSA helped the hackers break into Lockheed Martin? If that’s the case, that’s worrying news for businesses around the world.

An unnamed source with direct knowledge of the attacks is said to have confirmed to Reuters that other military contractors have also been compromised.

It’s important to realise that all of these companies are victims of a criminal act – the authorities will no doubt be keen to uncover who is behind these attacks, and where they might have originated from. Only time will tell if those questions are ever answered satisfactorily.

Update: Lockheed Martin has now confirmed the attack, claiming that its “systems remain secure; no customer, program or employee personal data has been compromised.”

Press statement from Lockheed Martin

Here’s the meat of the statement by Lockheed Martin about the hack:

On Saturday, May 21, Lockheed Martin (NYSE: LMT) detected a significant and tenacious attack on its information systems network. The company's information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data. As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised.

Throughout the ongoing investigation, Lockheed Martin has continued to keep the appropriate U.S. government agencies informed of our actions. The team continues to work around the clock to restore employee access to the network, while maintaining the highest level of security.

To counter the constant threats we face from adversaries around the world, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data. Our policies, procedures and vigilance mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security. 

Contact me at : contactme.bijay@gmail.com

https://computeraddicted.wordpress.com

https://www.youtube.com/user/studentvideotutorial