Category Archives: Cyber Security

Google Chrome Bugs : Users at risk of hijacking computer-Google releases patch

Google Chrome Bugs found – Update immediately!

Google Chrome bugs were found on the most popular browser- Google Chrome. The company has released a security patch. Until most users update to the new stable version, the company will not disclosed what the problem was.

Use the Google Chrome web browser, update it immediately. If you do not update it as soon as possible, you may have problems in the very near future. Actually, Google has released a high level security patch for Chrome Windows, Mac and Linux computers.

The company has issued this security patch regarding the security issues. Chrome has some flaws, due to which attackers can hijack target computers.

This issue has been found by Google Project Zero’s security researcher in Google Chrome web browser. According to the report, this flaw of Chrome has been detected on October 19, 2020 and now this flaw is being made public after the update.

It is important to note that after finding any flaw according to the rules, the researchers do not make it public until the company fixes it. Because in such a situation, anyone can take advantage of this flaw and harm the users.

This issue also includes zero-day vulnerability. Zero-Day (0-day) is a kind of flaw which is found in software or hardware. It is also called Zero Day because it is not fully known about what kind of problem it is.

Also Read : New Meow attack that Destroys unsecured Database of MongoDB

Until the company finds out about this flaw and does not fix it, it is zero day. Later it is called one-day.

Ben Hawks of Google Project Zero has described and warned about this problem of Google Chrome on Twitter. However, he has not told what that problem was.

Google chrome bugs : FIXES & SOLUTIONS

However, the update for Chrome 86.0.4240.111 has arrived and it is a high level security patch which means you should update it immediately.

According to Google’s official blog, this staple update will be released to everyone in a day or two. You should also check it in your computer. If an update has arrived, update it.

When this update arrives in everyone’s computers, then it will be clear what was the problem in Google Chrome web browser. Total five security fixes have been given in this update.

The company has clearly said that this bug details will not be disclosed until more users update their Chrome with this fix.

Worth Reading : Bluetooth Attacks – How to Secure Mobile Devices against Bluetooth BIAS attacks

Bluetooth Attacks – How to Secure Mobile Devices against Bluetooth BIAS attacks

.

  • Attacker gains access to target device over Bluetooth connection
  • Devices not updated after December 2019 are vulnerable
  • Turn OFF your phone’s Bluetooth

Bluetooth Definition

What is Bluetooth?
Bluetooth is a wireless technology that powers wireless communication. It connects your phone to other electronic devices through Internet of Things (IoT). A Bluetooth connection involves connection between a host and a client device.

The term “Bluetooth” is coined after the Viking king, Harald Bluetooth Gormsson. This is due to his work to unite different 10th-century European factions.

Bluetooth is simple & productive in file sharing, but has major security risks. While most of the bugs have been fixed a decade ago, some still remain.

Even the new smartphones have yet-undiscovered problems.

Bluetooth Impersonation AttackS or BIAS

What is BIAS?
Bluetooth Impersonation AttackS (BIAS) is a vulnerability in which the attacker impersonates the secret key or address and connect to a Bluetooth device without any authentication.

BIAS vulnerability is usually found in the Bluetooth Classic devices.

These follows the Bluetooth Basic Rate Extended Data Rate (BR/EDR) wireless technology. This technology is the standard for a wireless personal area network (PAN).

Bluetooth Impersonation AttackS comes into picture while configuring Bluetooth Devices for the first time.

When two devices are paired for the first time, a key or address is generated. This secret key works as Authentication and allows Bluetooth connections between the two devices to be seamless.

The Bluetooth Standard provides security features to protect against any eavesdropping, manipulation of information, malicious file download etc.

Despite these security features, a BIAS attack can impersonate the key or address, and connect to a device without the need of authentication.

Since it appears as if it had been previously paired, it do not require further cross check. This makes the devices prone to eavesdropping and Data manipulation.

In addition, the researchers Daniele Antonioli, Kasper Rasmussen, and Nils Ole Tippenhauer have noted that the attack is standard compliant.

This means that any standard-compliant Bluetooth devices are vulnerable to this attack.

Bluetooth vulnerability

Is Bluetooth technology vulnerable?
“Bluetooth technology is dying out”, the narration comes out more often. But this is far from the truth.

There are billions of devices in the world that use the Bluetooth technology. Big Data, Hadoop, Cloud Technologies etc have helped technogiants modernize their offerings.

Though WiFi is gradually replacing Bluetooth to transfer files, people still use Bluetooth with their headsets, speakers, and other devices.

Since Bluetooth allows an automatic wireless connection, it leaves data vulnerable to interception. Connecting devices over Bluetooth encourages High Security Risks.

The research team discovered a critical bug in Android’s Bluetooth implementation. The Bug allowed remote code execution without User interaction.

The testing included smartphones from manufacturers like Apple, Google, Nokia, Samsung; laptops from HP, Apple MacBook; headphones from Philips.

Researchers tried a BIAS attack on 31 Bluetooth devices with 28 unique Bluetooth chips from Intel, Apple, Qualcomm, Samsung, Cypress, CSR, Broadcom, and others.

All the sample devices were vulnerable to the BIAS attack.

Who could hack your phone?

  • Government spies
  • Politician
  • National Security agencies
  • Business rivals
  • Spouse
  • Employer

Bluetooth Guidelines by SIG

What are the major Guidelines by SIG to prevent Bluetooth attacks?
The researchers found the vulnerability in December 2019.

They informed the Bluetooth Special Interest Group (Bluetooth SIG).

SIG is the standards organization that oversees Bluetooth protocols.

According to Special Interest Group – “a Bluetooth bug puts User’s phone prone to high end security risks. Any Bluetooth standard compliant devices have this vulnerability”.

Bluetooth SIG directed the manufacturers to fix the Bugs. SIG recommended that users get the latest updates for their devices.

In light of these directions, Google rolled out an update to the bug.

Worth Reading : Titan Pay: SBI, Titan launch India’s first contactless payment watch-Here is how to use it

Common Bluetooth Security Problems

(01). Blueborne

Blueborne is a data vector that invades users’ devices via Bluetooth. It can infect Android, iOS, Windows, Linux devices.

The Palo Alto-based cybersecurity firm Armis confirms that the Blueborne is spread through the air.

It can recognize the vulnerabilities in the system and use them against the target device.

Blueborne targets the weakest spot. Blueborne can penetrate into computers, smartphones, tablets, televisions, remote controls etc.

What makes Blueborne Dangerous?

The Dangerous conern about Blueborne is that the two devices does not require to be paired together to launch an assault.

Attackers can even target the devices that are not in Discovery mode.

New machine learning tools have helped them learn to penetrate security more easily than ever.

They are then able to take complete control over the device and access any data stored within.

(02). Bluejacking

The bluejacking refers to sending a message to a nearby Bluetooth user.

Bluejacking messages includes text, images, sounds etc.

If targeted, your smartphone then adds the sender to the address book as a contact.

The hacker can use this position to send harmful messages that open automatically on your screen.

Bluejacking is relatively harmless but is vey annoying. It causes some confusions when users start receiving messages.

(03). Bluebugging

Bluebugging attacks allow a Hacker to take full accessibility and control of the target mobile phone.

This is possible when its Bluetooth is in Turn On mode.

This attack takes over control of mobile phone to make calls, send texts, read messages.

Attackers use a variety of data mining tools to make this possible. These messages encourage the recipient to take some action. This leads to further data exploitation.

What makes Bluebugging Dangerous?

The main Dangerous concern about Bluebugging is that the real owner of the device doesn’t even know that their number is being used to send those texts.

The real owner cannot even warn the recipient to ignore the content they receive.

(04). Bluesnarfing

Bluesnarfing refers to the stealing of data through unauthorized access via Bluetooth.

Combining the methods of Bluebugging and Bluesnarfing are a deadly combination to enter a user’s device via Bluetooth.

Bluesnarfing Attackers can steal data such as call information, text messages, email, passwords, contacts etc.

Attackers use tools like obexftp, hcitool etc.

Bluetooth attacks : Signs your phone may have been hacked

How we can say my Bluetooth device is under attack?

(01). Draining battery life

A smartphone that has been compromised starts to deplete phone’s lifespan drastically.

This is because the Spy App uses phone resources to scan the device. It then, transmits the information back to the Hacker’s server.

(02). High data usage

When your device is under attack, Spy Apps running in the background, sends information back to the Hacker’s server.

This process requires internet connection and data usage.

If your device is under attack, you get high data bill.

(03). Sluggish performance

A device under attack starts to overload the phone’s resources.

It leads to two applications clashing, over phone’s resources usage.

Frequent freezing, certain applications crashing are the signs of your device being hacked.

Sometimes it happens, despite our efforts to close, some applications runs continuously, beware your device may be under attack.

(04). High phone bills

The attacker can use your phone to contact someone, you don’t even know. Make sure to analyse your phone bill, for any costs you don’t recognize.

(05). Pop-up Alerts

A constant pop-up alerts could indicate that your phone has been infected with some Adware.

Adware is a form of malware that forces devices to view certain specific pages that drive revenue through clicks.

Many pop-ups are phishing links that attempt to get users to type-in sensitive information.

It may also encourage to download more malwares into your system.

(06). Unusual Account Activity

If your phone is under attack, hacker have access to phone’s accounts. These accounts may include your social media Login credentials, email etc.

Now, one may guess, upto what extent Hacker can exploit your confidential information. In this case, you could be at risk for identity fraud.

So, it’s a good idea to frequently change your passwords, something hard to guess.

Also Read : 235 Million TikTok, Instagram And YouTube User Profiles Data Leak

SOLUTION

How to Reduce Bluetooth Security Risks?

(a).Turn Off Bluetooth when Not in Use
When a device is in Visible or Discovery mode for a longer time, it has higher chances of Bluetooth Security risks.
Make sure to turn off Bluetooth, when not in use. It helps to minimize the risk of an attack.

(b). Regular Update
Updates carry important bug fixes and solutions. Regular device update can prevent security risks.

Use the latest version of Bluetooth and make sure the Operating System is up to date.

(c). Use a VPN
A Virtual Private Network or simply VPN, helps to encrypt your data and secure the device. A VPN increases the security levels of your device.

A VPN allows to browse the internet anonymously, thus prevents the attacker of getting your phone’s access.

Select a VPN that offers a strong encryption protocol with plenty of server locations.

(d). Trusted Pairing
When using Bluetooth, only pair your phone with devices that you are familiar with.

Make sure the other device is also using the latest version of Bluetooth updates. It will reduce the risk of data interception and security risks.

BONUS TIPS

What are the major steps to prevent devices from Bluetooth attack?
Tips to secure your mobile devices from Bluetooth attacks or BIAS attacks.

  1. Threat : Bluetooth Discovery Mode
    While pairing two devices, Bluetooth uses MAC addresses for first time configuration. This is done under Discovery Mode. This is the interval for a possible attack by a potential Hacker.
    Attackers can eavesdrop on your conversations, by exploiting these vulnerabilities.

Solution : Switch Off Bluetooth when not in use.
Use Hidden mode as much possible.
When you enable Bluetooth, make sure it is in Hidden mode. This does not disconnect your Bluetooth devices. The Hidden mode prevents Bluetooth devices from recognizing your device. This prevents possible Bluetooth attacks.

  1. Threat : Eavesdropping
    Eavesdropping should not be a problem in any communication. However, older Bluetooth devices face the threat of unpatched security holes. The device becomes a medium of transmitting everything it hears to an attacker.

Bluetooth Encryption helps to Stop criminals listening in to your phone calls.

Solution : Ban devices that use Bluetooth 1.x, 2.0, 4.0-LE.
Use latest Bluetooth versions.

  1. Threat : Software vulnerabilities
    Software installed in Bluetooth devices are security vulnerable.

In 2011, Reasearchers demonstrated that it’s easy for attackers to discover new Bluetooth devices, with some security loop holes. Potential impacts could include data stealing, huge ransom demands etc.

Solution : Switch off Bluetooth when not in use

  1. Threat : Bluetooth range
    Harald “Bluetooth” Gormsson designed Bluetooth for Personal Area Network. PAN ensures devices that are away from Bluetooth Range, should not be accessible via Bluetooth. A typical Bluetooth has a range of around 10 feets.

However, Attackers use directional, high-gain antennas to communicate over much greater distances successfully.
Security researcher Joshua Wright demonstrated the use of Directional, High-Gain Antenna to hack a Bluetooth device in a Starbucks from across the street.

Solution : Switch off Bluetooth when not in use

  1. Threat : Denial of Service
    Attackers can crash your devices with some malicious files or malwares. This makes your device un-responsive to your command. Draining battery quickly is also a sign of some malware attacks.

Solution : Switch off Bluetooth when not in use.

  1. Threat : Bluetooth headsets / car kits
    Some popular Bluetooth headsets have several serious flaws. Attackers can eavesdrop on your phone calls, chats, video calls etc by exploiting possible vulnerabilities.

Solution : Change the default PIN code to something hard to guess.
Switch off your Bluetooth when not in use.

Must Read : New Meow attack that Destroys unsecured Database of MongoDB

CONCLUSION

Although there are improvements in Bluetooth devices.

The companies are eager to fix Bluetooth related bugs. It includes steps such as using PIN codes or passwords, its still important to ensure that Discovery mode is disabled after pairing them.

With Discovery mode disabled, the device doesn’t broadcast information regarding MAC address of your phone.

When Discovery mode is disabled, devices add encryption to the communication process. This encryption ensures a secured connection.

Mobile devices has several security risks that need to be fixed. Bluetooth security is often under-rated. Ensure mobile device security as part of cybersecurity protection.

The best protection against bluetooth attacks is to keep Bluetooth devices Turn off.

What is a Bluborne attack?

Blueborne is a data vector that invades users’ devices via Bluetooth. It can infect Android, iOS, Windows, Linux devices. It can recognize the vulnerabilities in the system and use them against the target device. Blueborne can penetrate into computers, smartphones, tablets, televisions, remote controls etc.

How can I tell if my phone has been hacked?

6 Easy Signs your phone may have been hacked
(01). Draining battery life
(02). High data usage
(03). Sluggish performance
(04). High phone bills
(05). Pop-up Alerts
(06). Unusual Account Activity

Who could hack your phone?

Government spies
Politician
National Security agencies
Business rivals
Spouse
Employer

How to Reduce Bluetooth Security Risks?

4 Easy tips to kick-off any hacker from hacking your Bluetooth device-
(a).Turn Off Bluetooth when Not in Use
(b). Regular Update
(c). Use a VPN
(d). Trusted Pairing

New Meow attack that Destroys unsecured Database of MongoDB

  • Meow Attacks MongoDB and Elasticsearch
  • Meow Attack wiped data of 4000+ Databases

What is a Meow bot?

Meow bot is a type of cyber attack, to destroy those databases that leave themselves open. Meow bot appears to crash those databases that are exposed online without any security access controls. It is termed as Meow because it is an automated attack script that overwrites the database indexes, with some random numerical strings. In every indexes, it appends the term “meow” in the last. This process effectively wipes the data from the database, like in the case of Elasticsearch and MongoDB databases.

Meow attack wiped MongoDB ElasticSearch Databases

Databases being “meowed” is a new threat to the technical geeks. It has only been spotted by researchers in the recent days. A simple search by Shodan on the IoT search engine initially found hundreds of databases affected by that attack. Shodan is quite popular with the Security Researchers. Recently, Meow Cyber Attack has wiped data of more than 4000 Databases. Such attacks force the researchers into a race to locate the exposing databases into safe zone. Researchers report them safely before they get hit with meow attacks.

One of the first instances of a widely publicized Meow attack is a VPN provider’s Elasticsearch databases that reported to have left a database of logs exposed. However, the owner didn’t receive a well-intended email the second time. They were then meowed, deleting almost all records. He was among seven others whose databases was Meowed.
Security analyst, Bob Diachenko, quotes “It is quite fast”. Bob says this meow attack can search and destroy new clusters “pretty effectively.”

Also Read : 235 Million TikTok, Instagram And YouTube User Profiles Data Leak

Meow Cyber Attack wiped data of 4000+ Databases

Meow attack tends to exist solely to delete those “unsecured databases” which are accessible to the public. Elasticsearch and MongoDB databases was a prime target against Meow hacking attacks. Both these Databases are accessible to the common mass. Further devastating point is that both these databases are not fully protected. The Meow attack removed all records from these two databases. There is no notification or any Ransom demands from the attacker side. They just leave a meow signature in the server log data. Experts says databases that do not have secured firewall and open to the public, are prone to frequent meow attacks. The devices that do not have SSL communications encrypted, are an easy prey to these attacks.

In the last of July, 2020, BleepingComputer saw that ‘meow’ attacks primarily affected 1800 databases. Elasticsearch databases (1,395), followed by MongoDB (383), and Redis (54) were the major Meowed databses. ElasticSearch and MongoDB are over 97 percent of them. presently, at the time of writing this article, Meow Cyber Attack wiped data of 4000+ Databases.

Meow Bot – An Automated Attack Script

Cyber threat Specialist at Security Discover, Bob Chiachenko has acknowledged that the Elasticsearch hacking attack happened on July 20, 2020. He also says that there were no demands for any ransom or any alerts from the attacker side. It was an attack scheduled specifically for deleting all the records. Normally the hacking attacks are automatic. A bot script targets a site by looking for known vulnerabilities, including unsecured ports and insecure files. The procedure for unlocked cars is similar to a criminal walking down a street testing door handles. The meow attack is an automatic attack bot script on databases, too.

ProtonVPN Clearly Detected Meow Attacks

Someone posted screenshots of a MongoDB database assault to a log file on Twitter. This showed the attacks were going through a VPN IP address on that server to mask the true origin of the attack. ProtonVPN Virtual Private Network ( VPN) replied via Twitter by promising to monitor the behavior and block malicious users who breach its terms and conditions.

Worth Reading : Bluetooth Attacks – How to Secure Mobile Devices against Bluetooth BIAS attacks

Eight effective ways to secure databases like MongoDB and Elasticsearch

  • Identify critical data: Analyze and determine which information is essential to secure. It is a must step to understand the logic and architecture of the database. This makes it easier to decide where and how sensitive data will be storing.
  • Encrypt information (TLS/SSL): If the sensitive and confidential data is detected, use robust algorithms to encrypt such data. Configure TLS/SSL to encryption communication between all database components and connected applications.
  • Control Access: Limit network Exposure. Allow Access to only whitelisted IP Addresses which requires access to the database.
  • Enable RBAC: Setup Role-Based Access Control for each user/application. The more permissions and rights we limit, the better way, we can protect the Databases. Review users access and rotate their Password/Keys periodically.
  • Anonymization : Produce a duplicate version of the original data, while retaining the same structure as the original. This is known as Anonymization. This method helps to change the confidential data in such a way that it remains secure.
  • Monitor Database activity: Database activity monitoring (DAM) Softwares will be used to monitor data actively. Having a full transaction history helps to understand the trends of data access and alteration. Thus prevent leakage of information, monitor fraudulent changes, and detect suspicious activity in real-time.
  • Database UpDate: Regular updates to the latest version, reduces the risk of Cyber attacks.
  • External scanning systems : set up external scanning systems to track exposed databases on a regular basis.

Conclusion

Attacks on unsecured public databases are frequent. In the case of meow, the malware deleted the Database indexes and inserted some random strings followed by the word “meow”.
Continuous attacks on Tech-Giant data assets show that Enterprises need to become more aware to protect sensitive databases. Database minds need to protect the data and records stored on their public Databases. They need to restrict the unauthorised users access, specially, over unsecured public cloud storage servers.

Also Read : Titan Pay: SBI, Titan launch India’s first contactless payment watch-Here is how to use it

235 Million TikTok, Instagram And YouTube User Profiles Data Leak

  • Profiles Put On Sale On Dark Web: Report
  • Currently 15 billion stolen logins from 100,000 breaches out on Dark Web:Audit

235 Million ByteDance’s TikTok, Facebook’s Instagram And Google’s YouTube User Profiles Exposed In Massive Data Leak

San Francisco : The Forbes reports, The data was spread across several datasets. Forbes says, while quoting the security researchers, the most significant Datasets were the two coming in at just under 100 million ID profiles. It contained the User profile records apparently stolen from Instagram.
The third-largest is a dataset of some 42 million TikTok users. It is known that the short video messaging app TikTok is owned & controlled by China’s ByteDance.
The next is followed by nearly 4 million Google’s YouTube user profiles, put to sell on Dark web. The rest of the data belongs to the Facebook’s Instagram user.
User data are spread in multiple Datasets. The Datasets includes telephone number, email address, profile name, full real name, profile photo, account details, number of followers and likes etc.

“The information will probably be the most valuable to spammers and cybercriminals running phishing campaigns,” said Paul Bischoff, Editor at Comparitech.

The “unsecured database” problem

Unsecured databases are rapidly becoming such a huge data protection problem that it’s thought a vigilante security researcher is behind the spate of “Meow” attacks. These attacks have overwritten the indexes of thousands of such databases, making it unsecured for any User. On August 1, the Comparitech researchers discovers, “unsecured database” are leaving the personal profile data of nearly 235 million Instagram, TikTok and YouTube users up for grabs. The Comparitech Researchers was led by Bob Diachenko.
In June 2018, Facebook spokesperson was quoted saying , ‘Stealing people’s information from Instagram is a clear violation of our policies. We blocked Deep Social’s access to our platform in June 2018 and sent them a legal notice.” Moreover, Deep Social were banned by both Facebook and Instagram in 2018 after rushing users’ profile data.

Earlier this month, a hacker group known as ShinyHunters broke into 18 companies. They scrapped the data of 386 million user records. According to Bleeping Computer, ShinyHunters began uploading the databases to a forum where anyone can download them for free.

Also Read : Bluetooth Attacks – How to Secure Mobile Devices against Bluetooth BIAS attacks