By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Millions of home Wi-Fi networks could be easily hacked, even when the network is protected by a strong password, thanks to a flaw in Chrome-based browsers. Researchers at cybersecurity and penetration testing consultancy SureCloud have uncovered a weakness in the way Google Chrome and Opera browsers, among others, handle saved passwords and how those saved passwords are used to interact with home Wi-Fi routers over unencrypted connections. By design, Chrome-based browsers offer to save Wi-Fi router administration page credentials and re-enter them automatically for users' convenience. As most home routers do not use encrypted communications for management tasks, the researchers were able to exploit this automatic credential re-entering to both steal the router login credentials and use them to capture the Wi-Fi network password (PSK) with only a single click required by the user for the attack to succeed. The weakness applies to any browser based on the Chromium open source project, such as Google Chrome, Opera, Slimjet, Torch, and others. Any router that has an administration portal delivered over cleartext HTTP by default (or enabled) would be affected by this issue, which makes router and device updates impractical. The issue was responsibly disclosed to Google's Chromium project (which develops the code for Chrome and other browsers) on March 2nd, 2018. Chromium responded the same day, saying that the browser feature was ‘working as designed’ and it does not plan to update the feature. More details are posted on OUR FORUM.

A security researcher has found a method that can be used to easily identify the public IP addresses of misconfigured dark web servers. While some feel that this researcher is attacking Tor or other similar networks, in reality, he is exposing the pitfalls of not knowing how to properly configure a hidden service. One of the main purposes of setting up a dark website on Tor is to make it difficult to identify the owner of the site. In order to properly anonymize a dark website, though, the administrator must configure the web server properly so that it is only listening on localhost ( and not on an IP address that is publicly exposed to the Internet. Yonathan Klijnsma, a threat researcher lead for RiskIQ, has discovered that there are many Tor sites that utilize SSL certificates and also misconfigure a hidden service so that it is accessible via the Internet. As RiskIQ crawls the web and associates any SSL certificate it discovers to it's hosted IP address, it was easy for Klijnsma to map a misconfigured hidden Tor service with its corresponding public IP address. "The way these guys are messing up is that they have their local Apache or Nginx server listening on any (* or IP address, which means Tor connections will work obviously, but also external connections will as well," Klijnsma told BleepingComputer. "This is especially true if they don't use a firewall. These servers should be configured to only listen on" When asked how often he sees misconfigured servers that expose their public IP address, he told us that it is quite common. "Continuously. I'm not even kidding. Some don't listen on http/http, so I don't know what they are, but they have onion addresses and live on both clear and dark web. Get better informed by visiting and joining OUR FORUM.

Account information belonging to 569,703 players of the Mortal Online massively multiplayer online role-playing game (MMORPG) has been sold online several times since it was leaked as a result of a data breach. On June 17, an unauthorized third party accessed a server holding shop and forum databases, and pilfered the data. The developers made the announcement four days after they learned about the breach, following an investigation that found evidence of an intrusion. "We do not store any credit card information on our servers so that information is still completely safe," the developers informed. What the intruder(s) managed to get, though, were more than half a million usernames, and passwords that appear to have been saved as MD5 hashes. MD5 is a hashing function that is currently used mostly as a checksum to verify data integrity against non-intentional corruption. It is susceptible to collision attacks that take seconds to find with low computing power. The MD5 hash algorithm was declared "not safe" by its own creator in 2012 after research showed how susceptible it was to brute-force attacks. The Mortal Online database has been added recently to Troy Hunt's Have I Been Pwned collection, provided by Adam Davies, data analyst and security researcher. Users whose data has been exposed online can use Hunt's website to check whether their usernames have been compromised in breaches. We have more posted on OUR FORUM.

A global network of intelligence agencies wants easier access to your private and encrypted messages. In a barely veiled warning to tech companies, it has promised to make things tough for those that don’t comply. After a meeting on Australia’s Gold Coast last week, ministers for the intelligence agencies of the US, UK, Canada, Australia, and New Zealand – known as the ‘Five Eyes’ – have shared their vision for worldwide snooping in a joint statement. In the official communique, the ministers outline the importance of reading private messages in the fight against terrorism and crime, citing “the urgent need for law enforcement to gain targeted access to data.” The spy chiefs paid lip service to the importance of encryption for privacy purposes, but went on in another statement to call for increased powers to access private data. Cracking your files, they argue, is no more sinister than a patrol cop searching your vehicle or house. “Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute,” they said. Recognizing that some encrypted data can be nearly impossible to crack, the agency chiefs called on tech companies to turn over the keys voluntarily. read more on our Forum

Despite Google's defenses for protecting Android's official marketplace, cybercriminals still manage to sneak in a banking Trojan, or two, or three, security researchers have discovered. Recently, security researchers from different security companies based in Europe disclosed on Twitter that they found several banking Trojans in Google Play. Lukas Stefanko of ESET antivirus vendor found three such malicious apps posing as astrology software that offered the horoscope. What they really divined, though, was theft of SMS and call logs, sending text messages in the victim’s name, downloading and installing apps without user approval, and stealing banking credentials. Before tweeting his findings, Stefanko reported the offensive entries to Google, who booted them from the store; but by the time of the removal, one of them had been downloaded more than 1,000 times, and over 500 users had added the other two to their Android devices. One of the malicious apps, which Stefanko noticed in its code that had been named Herobot, displayed a fake warning saying that it was incompatible and has been removed as a result. The malware remained on the device and acted in the background, requesting banking targets based on the apps present on the device. The malware researcher said that the command and control (C2) server was still alive when he tweeted about it. An important aspect is that all three Trojans discovered by Stefanko enjoyed a low detection rate. At the time of writing, the malware piece with the highest detection rate on VirusTotal was recognized by 12 out of 60 antivirus products; for the least detected one, only six saw its true colors. Complete details can be found on OUR FORUM.

Fraudulent tech-support services that buy online advertising space have grown in sophistication to a level that Google cannot distinguish them from legitimate providers. Operators of tech-support scams often operate just like a legitimate business to avoid detection and to ensure their success for a longer time. Sometimes even employees are unaware of the illegal activity. Over the past few years, scammers have begun to promote their activity through search ads, claiming to be an authorized service center for products from popular companies such as Apple, Microsoft or Dell. Playing on the user's trust in the results and ads provided by Google, most of the times the scammers just have to wait for the victim to call. The tactic is powerful because the potential victims are the ones placing the call, so they have already shown some trust in the service. Tech-support scammers have become more proficient at what they do. Apart from creating websites that instill trust, they also try to obtain as much information as possible about the victim or their machine, to help them make the deceit more difficult to spot. Symantec published at the beginning of August a report on how fraudulent tech-support activity has started to integrate call optimization, a service that allows them to dynamically insert phone numbers in web pages. There is more to this post on OUR FORUM.