Connect with us

Uncategorized

White Hat Hacker Saved Uber From Login Bypass Exploit

As it turns out, no company is safe from exploits or vulnerabilities. Not even Uber, who paid a researcher US$10,000, to not reveal his login bypass exploit. Such a vulnerability could effectively cripple the service if the information got into the wrong hands.

Uber Was Vulnerable To Dangerous Exploit

TheMerkle_Uber Login Bypass Exploit

The security vulnerability would have had some nasty effects on the eBitsnetwork. Bypassing the login form would let attacks access specific “.uber.com” websites, which could affect the company’s internal network.  Nipping the potential flaws in the bud at an early stage is always the best strategy for a company.

Luckily for Uber, a white hat security researcher disclosed the bug to the company. If it had been a black hat hacker, the vulnerability would not have been reported, and there is no telling as to what would have happened. The researcher was paid a US$10,000 bounty for discovering this bug, which is the highest bounty Uber has ever paid out since launching the program earlier this year.

What this vulnerability does exactly, is letting attackers bypass the system used for Uber employee authentication. Additionally, it would have been possible to compromise the company’s internal network which is hosted on Atlassian’s Confluence software. Bypassing this login would allow an attacker to access the Uber Newsroom, which is running on WordPress.

OneLogin is the company responsible for authenticating users on the WordPress backend. However, it is possible to enter any username or wanted role, as the plugin will create a new user if the username does not exist yet. If an attacker can guess the right role name – such as “Administrator – it is possible to create a new account and wreak all kinds of havoc.

Compromising Uber’s internal network is a more serious concern, though. Attacks would have been able to achieve remote code execution, as they can inject Javascript from the NewsRoom directly. Luckily, the company fixed all issues within 36 hours after finding out about what was going on.

Source: Threatpost

Images credit 1,2

If you liked this article follow us on Twitter eBits and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

Advertisement
Comments

Uncategorized

SpriteCoin Infects Cryptocurrency Users’ Computers with Ransomware

Cryptocurrency users have become a favorite target of cybercriminals over the past few years. With the value of all these currencies increasing exponentially, it is evident that criminal entities want their share of the cake. As a result, we have seen an influx of new malware-laden applications and tools, all of which are designed to obtain Bitcoin or altcoins. In the case of SpriteCoin, a wallet application is actually a delivery platform for a new type of ransomware.

Beware of the Fake SpriteCoin Application

In the wide world of useless altcoins, a name like SpriteCoin doesn’t stand out as potentially malicious. Most people would assume it to be a fake currency riding the coattails of the Sprite brand. That is not the case, yet this doesn’t mean people should automatically trust SpriteCoin. This name pertains to a project which is allegedly a cryptocurrency, although there hasn’t been much evidence of the creation or existence of such an altcoin.

Furthermore, the wallet application associated with SpriteCoin is something people need to steer away from. It seems there is a lot more to this software package than meets the eye, and not in a good way. Anyone who downloads and installs the SpriteCoin wallet on his or her machine will subsequently get infected by a new type of ransomware. If there is one thing the world needs less of, it’s new forms of ransomware.

It seems the eBitsin question is something which researchers had not come across previously. Although few specifics are known at this point, we do know the malware is rather persistent. Additionally, it seems to demand payment in Monero, rather than Bitcoin or another cryptocurrency. Given the private and anonymous nature of Monero, this development is not surprising in the slightest. Paying a ransom demand is never the answer when malware like this one infects one’s computer, though.

Indeed, those victims who do decide to pay this ransom will get in even more trouble. It seems the completed payment serves as an invitation for the malware developers to infect one’s computer with other ransomware, malware, keyloggers, and so on. There’s good reason as to why people should never pay a ransom demand, and this variant clearly shows why that is the case. It is very likely that this is a new method of attack currently being explored by cybercriminals.

For the time being, there is no way to get rid of the ransomware installed by SpriteCoin. Since researchers don’t have a solution ready at this point, cryptocurrency enthusiasts need to conduct their own due diligence first and foremost. There’s no reason to get involved with anything known as SpriteCoin, as the project seems to be utterly fake. For cybercriminals, however, this may quickly become a new revenue stream if attempts like these prove to be successful. 

It is evident that ransomware will not disappear anytime soon, as it is far too lucrative for cybercriminals at present. If they continue to link their ransomware distribution to the creation of alleged cryptocurrencies, things will take a turn for the worse. It is time that people start educating themselves on who they can trust and which projects are utterly fake. Stay away from SpriteCoin and any software associated with that name.

Continue Reading

Uncategorized

DressCode Android Botnet Remains Active 16 Months After Its Discovery

Botnets have proven to be a major pain in the rear for both security researchers and consumers. DressCode, one of the oldest Android botnets in existence, is still operational 16 months after it was initially discovered. This is a very real problem, as the malware opens a direct connection to infected phones. It is unclear why this solution still thrives in 2018, especially considering that most of the infected Google Play apps were removed over a year ago.

DressCode Botnet is Still a Problem

In the world of internet security, there are still plenty of things which need to change sooner rather than later. One of the main priorities is finding a way to eliminate botnets once and for all. The concept of a eBitsis nothing new, as a large number of enslaved computers have become gateways for criminal activity ever since the Internet gained mainstream traction. Most victims don’t even know they are part of a botnet, let alone what they can do about it.

Android users may recall a botnet known as DressCode. It was first discovered back in 2016. At that time, the botnet mainly infected Android phones with a listening port which could be used to steal sensitive information. The malware was mainly distributed through Google Play apps, and over 400 such applications were promptly removed. One would expect that to have been the final straw for the DressCode botnet, but the reality is very different, unfortunately.

Indeed, recent evidence shows the DressCode botnet is still active in 2018. In fact, it seems to have grown in popularity and scale, which is extremely worrying. A total of four million Android devices may have become part of this growing botnet, mainly smartphones. It is certainly possible that Android tablets are also a part of this network, although we will need further research before drawing any conclusions on this front.

DressCode’s method of attack hasn’t changed in those 16 months either. The malware still creates open ports on infected devices, creating a direct connection between the attackers and their victims. As a result, the assailants can infiltrate home and company networks to steal sensitive information. Additionally, this is not a vulnerability which only the developers of DressCode can take advantage of. The unencrypted interface used to connect to infected Android devices can be used by anyone else who knows where to look.

While some people may think their firewall will be able to halt such infiltration attempts, that is not the case. That’s because the DressCode botnet bypasses any and all firewalls found in home and SMB routers alike. Once the connection between the server and a victim is open, anyone with control over the server can tunnel through the mobile device. It is unclear what the full consequences of such connections may be, but rest assured hackers will do their best to wreak as much havoc as possible.

For the time being, it is unclear how DressCode is being used exactly or who is making use of it these days. Knowing that this botnet is still active and growing in size since its initial discovery is by far one of the biggest security scares of 2018. It seems impossible to take down this botnet altogether, as the central server and two of its public APIs are still active. Whether or not that situation will change remains to be determined. We can only hope security researchers can put an end to DressCode sooner rather than later.

Continue Reading

Uncategorized

Dark Caracal Malware Is a Threat to All Mobile Device Users

The electronic devices we use on a daily basis are very prone to hacks, theft, and other software-related issues. One particular security bug uncovered by the Electronic Frontier Foundation has researchers greatly concerned. A new type of malware designed to look like popular social messaging applications has already stolen gigabytes worth of data. This puts smartphones and some tablets at risk, but finding a solution to this threat may prove far more difficult than anyone would like.

Lebanese Malware has Researchers Concerned

Any type of tool that is designed to steal sensitive information is of great concern to security researchers. That’s especially true when that software seemingly targets mobile device users, including lawyers, activists, journalists, and even military personnel. Any specific information obtained from any of these sources could be worth a lot of money to the right buyer. Stealing that information using malware that poses as either WhatsApp or eBitsis a smart idea on the part of criminals, but a big problem for consumers all over the world.

The eBitsin question is mainly targeted at Android device users. Considering that Android is the world’s largest mobile OS, such a targeted campaign is anything but surprising. It seems the malware is known as Dark Caracal, and it appears to mimic the functionality of popular messaging applications. In the background, however, the malware steals one’s data, including call records, documents, audio recordings, and photos.

So far, Dark Caracal has made an impact in the US, Germany, France, Canada, and Lebanon. Do not underestimate the size of this threat, as researchers have discovered it to be a large-scale global campaign. Since mobile devices have become so commonplace, it is only normal that criminals will use sophisticated tools to target these devices. Mobile is now a primary target for criminals, which is a trend everyone should genuinely be worried about.

The security researchers also discovered that this particular malware may have been designed by Lebanese criminals. It is unclear if the Lebanese government has any relation to this project, but for now, nothing seems to indicate that is the case. The applications containing this malware were not found in or downloaded from the Google Play Store either. Instead, they were spread via third-party download sites and “ripped” apk files shared on social media as well as phpBB messaging boards.

Additionally, it seems Dark Caracal is not a new type of malware. A very similar variant was discovered in 2012, but tracking the progress this malware has made ever since has proven to be virtually impossible. There are so many espionage campaigns originating from the same domain names, this particular mobile malware dropped off the researchers’ radar entirely. This is a very worrisome trend, especially considering that these applications can be distributed on a global scale without too many repercussions.

For the time being, we will have to wait and see if the Lebanese government was indeed involved in this malware’s development. The obtained data could certainly give them a lot of information they wouldn’t be privy to otherwise. The targets are not picked randomly, though, which does indicate that a nation-state may be involved. Always download official applications from the Google Play Store and do not bother grabbing APK files from the internet.

Continue Reading
Advertisement

Lastest News

Blockchain24 hours ago

NASA, ESA Considering Innovative Applications of Blockchain Technology

NASA and other space agencies, such as the European Space Agency (ESA), are considering potential applications of blockchain technology to...

Startups1 day ago

SegWit is Coming to Coinbase and Bitfinex’s Bitcoin Exchanges

Today, two of the world’s largest cryptocurrency investment platforms, Coinbase and Bitfinex, both announced that they were adopting support for...

Startups1 day ago

Kavita Gupta on Lubin, Buterin and Entrepreneurship in the Blockchain Space

When ConsenSys, a Brooklyn, New York–based firm that builds decentralized applications and blockchain ecosystem tools on Ethereum, launched a $50...

ICO1 day ago

ICO list – Top 5 ICOs to invest in February

While the general conversation around ICOs in 2018 is about the rising number of calls for regulations against, the number...

ICO1 day ago

Vitalik Buterin proposes ICO 2.0

According to ethereum’s creator, Vitalik Buterin, investors deserve more control over ICOs.  Vitalik is one of pioneer’s of the crypto...

Regulation2 days ago

Wyoming House Unanimously Approves Two Pro-Blockchain Bills

In a watershed moment for United States blockchain and cryptocurrency law, Wyoming’s House of Representatives unanimously voted “aye” to pass...

Regulation2 days ago

Korean Regulator Tips Cryptocurrency Prospects Back Toward “Normalization”

On February 20, 2018, investors saw signs of yet another directional shift in South Korea’s regulatory stance on cryptocurrencies. According...

Regulation2 days ago

Government of Spain Considers Blockchain-Friendly Regulations

The government of Spain is preparing blockchain-friendly legislation including possible tax breaks to attract companies in the emerging blockchain technology...

Mining2 days ago

HashChain Technology Acquires Blockchain Company NODE40

HashChain Technology Inc. (HashChain) has acquired the blockchain technology company NODE40 for $8 million USD and 3,144,134 common shares of...

Blockchain2 days ago

FUSION wants to bring cryptocurrencies together

The cryptocurrency market is enormous. With a total market cap of more than $476 billion and thousands of currencies, there’s...



Trending