Authors Posts by Ayush Saraswat

Ayush Saraswat

426 POSTS 1 COMMENTS
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

by -
0 91

When Kickass torrents and Torrentz.eu were banned within a span of two weeks, people from all across the globe were sad. It was like we lost a friend we had known for years. We didn’t know what do with our unlimited data plans and fast internet connections at our offices.

Hope never dies. It returns in a new form. Apparently, Torrentz is back but in a different avatar. The meta-data search engine has made a comeback in the form of torrentz2.eu

Here’s the fully functional link to the website.

We were browsing the internet and we stumbled upon this new website. We even tried searching for torrents and it’s largely back online.

Captain Jack Sparrow is happy again.

by -
0 28

Weeks after torrents site Kickass Torrents was shut down following the arrest of alleged founder Artem Vaulin in Poland, another major player Torrentz.eu appears to have shut its portals on Friday, a media report said.

Torrentz.eu, considered the largest torrent meta-search engine, announced “farewell” to its millions of users.

Founded in 2003, Torrentz.eu had millions of visitors per day the site grew out to become one of the most visited torrent sites.

After more than 13 years of service, the popular site announced its farewell just a few hours ago, that too without any warning, Torrent Freak reported.

While the homepage is still active, Torrentz has completely disabled its search functionality and has similarly removed all torrent links. Torrent Freak claims it was contacted by the owner of Torrentz.eu, who “prefers not to comment at the moment.”

“Torrentz was a free, fast and powerful meta-search engine combining results from dozens of search engines,” a text read while searching for content.

The site’s users are no longer able to login either. Instead, they see the following message: “Torrentz will always love you. Farewell.”

Two weeks ago, Artem Vaulin, the alleged 30-year-old Ukrainian owner of Kickass Torrents, was detained in Poland after being charged with a four-count US criminal indictment which was followed by shutdown of the search engine.

Vaulin was charged with money laundering and violations of several copyright laws.

by -
0 50

The website of Aryabhatta College of Delhi University was hacked and anti-Indian slogans posted on the site on Wednesday.

The college website www.aryabhattacollege.ac.in was hacked and messages of ‘Shame of your security’ were posted by the hacker, who identified himself as ‘Mehrab Hassan’.

The hackers defaced the college websites by putting images of a pakistani flag along with slogans like ‘Dont mess with pakistani hackers’ and ‘Shame on your security’ on the site.

The hacker post the following deface page on the hacked website

 

At the time of posting this article the website is still defaced.

What do you do to protect your ‘Privacy’ and keep yourself safe from potential hackers?

Well, Facebook CEO Mark Zuckerberg just need a bit of tape to cover his laptop webcam and mic jack in order to protect his privacy.

Yes, Zuck also does the same as the FBI Director James Comey.

Zuckerberg posted a photo on Tuesday to celebrate Instagram’s 500 Million monthly user milestone, but the picture end up revealing about another security measure he takes to ensure that nobody is spying on him – and it’s surprisingly simple.

Some eagle-eyed observers quickly noticed that the MacBook Pro on Zuckerberg’s desk in the background of the image has the tape covering not only the webcam, but also the laptop’s dual microphones.

While some tried to argue that it was not Zuckerberg’s desk, Gizmodo pointed out that Zuckerberg has posted videos, live streams and images from there before, so it seems like a safe assumption.

So, Zuckerberg joins FBI director James Comey and NSA whistleblower Edward Snowden, who admitted that they tape their webcams.

Although some called this move paranoid, taping up your webcam is a simple and excellent precaution that cost nothing and has appeared many times in the past.

Keeping aside the controversies over Zuck’s move, tapping your laptop’s webcam is a good take away for you to adopt, because we know the ability of spy agencies, including the FBI and NSA (National Security Agency), to turn on webcam to spy on targets.

Edward Snowden leaks revealed Optic Nerve – the NSA’s project to capture webcam images every five minutes from random Yahoo users. In just 6 months, 1.8 Million users’ images were captured and stored on the government servers in 2008.

However, putting a tape over your webcam would not stop hackers or government spying agencies from recording your voice, but, at least, this would prevent them watching or capturing your live visual feeds.

by -
0 23

The main website used by passengers all over the country to book train tickets has not been hacked, top officers told NDTV today, conceding that data of customers may, however, have been sold.

The website of the Indian Railway Catering and Tourism Corporation (IRCTC), a subsidiary firm of the Indian Railways, sees hundreds of thousands of transactions every day – including at least five lakh ticket sales for train journeys – making it one of the biggest e-commerce destinations in the country. It tweeted NDTV’s Hindi news channel, NDTV India, to say that it’s looking into whether data was sold.

The railways site has three crore active and registered users, which means information like their bank accounts and credit cards can theoretically be exploited. However, a statement from the IRCTC said sensitive data including passwords is encrypted and there is no indication of “breach of security in any of the databases of the e-ticketing system”.

Officials also said the website is functioning properly, with passengers being able to book tickets online.

Yesterday, the Cyber Cell of the Mumbai police informed the Railways that a large volume of data from its website was stolen.

“We asked the Cyber Cell to provide us with the data that they claim belongs from our website. Once we have the data, proper verification would be conducted,” Mr Dutta said, adding that a committee with six members is looking into the scandal.

Source : NDTV India

by -
0 33

FRANKFURT – Hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded in Russia’s criminal underworld, a security expert told Reuters.

The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.
It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.

Holden was previously instrumental in uncovering some of the world’s biggest known data breaches, affecting tens of millions of users at Adobe Systems, JPMorgan and Target and exposing them to subsequent cyber crimes.
The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totalling 1.17 billion records.

After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts – a big chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers.

“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” said Holden, the former chief security officer at U.S. brokerage R.W. Baird. “These credentials can be abused multiple times,” he said.
LESS THAN $1

Mysteriously, the hacker asked just 50 roubles – less than $1 – for the entire trove, but gave up the dataset after Hold researchers agreed to post favourable comments about him in hacker forums, Holden said. He said his company’s policy is to refuse to pay for stolen data.

Such large-scale data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft or reputational damage across the web.

Hackers know users cling to favourite passwords, resisting admonitions to change credentials regularly and make them more complex. It’s why attackers reuse old passwords found on one account to try to break into other accounts of the same user.

After being informed of the potential breach of email credentials, Mail.ru spokeswoman Madina Tayupova told Reuters: “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.

“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords which match existing emails.

A Microsoft spokesman said stolen online credentials was an unfortunate reality. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.

Yahoo and Google did not respond to requests for comment.

Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden.

Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies, he said.

Stolen online account credentials are to blame for 22 percent of big data breaches, according to a recent survey of 325 computer professionals by the Cloud Security Alliance.

In 2014, Holden, a Ukrainian-American who specialises in Eastern European cyber crime threats, uncovered a cache of 1.2 billion unique credentials that marked the world’s biggest-ever recovery of stolen accounts.

His firm studies cyber threats playing out in the forums and chatrooms that make up the criminal underground, speaking to hackers in their native languages while developing profiles of individual criminals.

Holden said efforts to identify the hacker spreading the current trove of data or the source or sources of the stolen accounts would have exposed the investigative methods of his researchers. Because the hacker vacuumed up data from many sources, researchers have dubbed him “The Collector”.

Ten days ago, Milwaukee-based Hold Security began informing organisations affected by the latest data breaches. The company’s policy is to return data it recovers at little or no cost to firms found to have been breached.

“This is stolen data, which is not ours to sell,” said Holden.

by -
0 20

Ransomware has become an albatross around the neck, targeting businesses, hospitals, and personal computers worldwide and extorting Millions of Dollars.

Typical Ransomware targets victim’s computer encrypts files on it, and then demands a ransom — typically about $500 in Bitcoin — in exchange for a key that will decrypt the files.

Guess what could be the next target of ransomware malware?

Everything that is connected to the Internet.

There is a huge range of potential targets, from the pacemaker to cars to Internet of the Things, that may provide an opportunity for cybercriminals to launch ransomware attacks.

Recently, the American public utility Lansing Board of Water & Light (BWL) has announced that the company has become a victim of Ransomware attack that knocked the utility’s internal computer systems offline.

The attack took place earlier this week when one of the company’s employees opened a malicious email attachment.

Once clicked, the malware installed on the computer and quickly began encrypting the organization’s files, according to the Lansing State Journal.

BWL quickly decided to shut down its networks and suspend some services, including accounting and email service for its about 250 employees, in order to prevent further damages. Power and water shut-offs by BWL was also suspended.Though the ransomware type is still unknown, the utility is currently working with the Federal Bureau of Investigation (FBI) and local law enforcement authorities to investigate the incident.

The company assured its 96,000 customers that no personal information related to its customers or employees has been compromised by the ransomware intrusion into the corporate computer network.

However, it is not yet clear whether the utility paid the Ransom in exchange of its data. The company said law enforcement has limited it from discussing the issue in public, at least for now.

Do you own a custom domain or a blog under the wordpress.com domain name?
If yes, then there is good news for you.
WordPress is bringing free HTTPS to every blog and website that belongs to them in an effort to make the Web more secure.
WordPress – free, open source and the most popular a content management system (CMS) system on the Web – is being used by over a quarter of all websites across the world, and this new move represents a massive shift over to a more secure Internet
WordPress announced on Friday that it has partnered with the Electronic Frontier Foundation’s “Let’s Encrypt” project, allowing it to provide reliable and free HTTPS support for all of its customers that use custom domains for their WordPress.com blogs.
Now every website hosted on wordpress.com has an SSL certificate and will display a green lock in the address bar.
“For you, the users, that means you’ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to unencrypted web traffic (HTTP) at every opportunity,” WordPress said in its blog post.
HTTPS has already been available for all sub-domains registered on wordpress.com, but with the latest update, the company will soon offer free SSL certs for its custom domains that just use the WordPress backend.
In short, users with custom domains (https://abcdomain.com) will now receive a free SSL certificate issued by Let’s Encrypt and on behalf of WordPress, and have it automatically deployed on their servers with minimal effort.
Until now, switching web server from HTTP to HTTPS is something of a hassle and expense for website operators and notoriously hard to install and maintain it.
However, with the launch of Let’s Encrypt, it is now easier for anyone to obtain Free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates for his/her web servers and set up HTTPS websites in a few simple steps.
Now WordPress is also taking advantage of this free, open source initiative for its websites.
So you might have a question in your mind:
What do I need to do to activate HTTPS on my WordPress blog?
You do not need to worry about this at all. WordPress.com is activating HTTPS on all of its millions websites without having you to do anything.
Let’s Encrypt is trusted and recognized by all major browsers, including Google’s Chrome, Mozilla’s Firefox and Microsoft’s Internet Explorer, so you need not worry about its authenticity.

by -
0 27

SAN FRANCISCO – Records for more than 1.5 million customers of the computer security wing of Verizon, Verizon Enterprise Solutions, appeared for sale earlier this week.

This Verizon unit aids large corporations when they’ve been the victims of a hack. Now the company itself has been breached.

According to Brian Krebs, a respected computer security writer, the entire database was offered up for $100,000 on a “closely guarded underground cybercrime forum,” or in increments of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site.

In an emailed statement, the company said, “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.”

The company noted that no data about consumer customers was involved.

In an irony not lost on the computer security community, Verizon Enterprise Solutions each year writes one of the most widely-read annual data breach investigation reports.

The attack “shows that even those that report security vulnerabilities are susceptible to exploits,” said Brad Bussie, director of product management for STEALTHbits Technologies.

“With 99 percent of the Fortune 500 using Verizon Enterprise Solutions, the compromise of 1.5 million customers’ contact details could have a huge payday for hackers. Stealing contact information doesn’t have the immediate payoff of a credit card number, but in the long term can be extremely lucrative if leveraged correctly,” said Vishal Gupta, CEO of the security company Seclore.

While the breach only included basic contact information about Verizon Enterprise Solutions customers, it’s of concern because of whose those customers were, said Dodi Glenn, vice president of cyber security at PC Pitstop.

“A lot of Fortune 500 companies use Verizon Enterprise Solutions — makes you wonder if some of those who purchased the data may have plans to use the information to start phishing attacks, since it contains information from companies with lots of money,” he said.

by -
0 30

BENGALURU: E-commerce major Flipkart has lodged a police complaint that its CEO Binny Bansal’s official email account was hacked and two mails were sent from it to the company’s CFO asking for transfer of $80,000.

Cybercrime police describe it as a case of email spoofing, wherein messages are sent from forged addresses.Investigators have found the emails were shot off from Hong Kong and Canada using a server in Russia, sources in the CID said.

The emails, carrying the same message, were sent to Sanjay Baweja, CFO of Flipkart, at 11.33am on March 1. Surprised by the nature of the emails and their timing, Baweja cross-checked with Bansal, only to find out that they were a fraud.

SN Shivagangaiah, an employee with Flipkart, filed a complaint on Bansal’s behalf with the CID’s Cyber crime cell on Wednesday. The hackers seem to have used an advanced virus to hack into the email account. Both emails were sent at the same time using a server in Russia,” CID sources said.

Updated News :

Flipkart on Saturday clarified that Flipkart’s CEO Binny Bansal’s official email account was not hacked and that a case of ’email spoofing’ (which involves the use of a forged email header to make it look legitimate) has been filed with the police.

“We would like to clarify it is not a case of hacking. Flipkart’s corporate email system leverages the highest standards of security including but not limited to two-factor authentication. We have filed a case of email spoofing which involves use of a forged email header to make it look like a legitimate email. This case of email spoofing was immediately detected and a report was filed with the police,” a Flipkart spokesperson

SOCIAL CONNECTIONS

1,074FansLike
10Subscribers+1
1,000FollowersFollow
542FollowersFollow