Google tests NSA proof encryption to protect its users data on Google Drive.

Google is exploring ways to encrypt files stored in Google Drive to prevent the the U.S. government and
other authorities from demanding access to user data, according to a CNET report.
Encryption has been a popular word since former NSA contractor Edward Snowden leaked documents revealing an NSA program called PRISM that collects user data from major Internet companies, including Google.

Many companies use SSL and HTTPS to securely transmit data from a users computer to the destination servers.This protects the data from anyone listening in on the transmission, a procedure called a man-in-the-middle attack.Currently, when you upload or download something from Google Drive the transmission is in encrypted form,but Google is storing that data in an unencrypted manner.

According to CNET's report, Google is experimenting with

World's largest collaborative phone directory compromised.

True Caller,a popular app built by a Swedish company and world's largest collaborative phone directory compromised by Syrian Electronic Army.The hacker group claimed on its Twitter accounts and its website,that it has managed to get access into the databases containing a hundred of millions of phone numbers and its owners in addition of millions of Facebook/Twitter/Linkedin/Gmail accounts.

Syrian Electronic Army have also posted screenshots of the website's WordPress dashboard and database.

According to the hackers about 560 GB of data was downloaded from Truecaller servers.

In another tweet they have also leaked the login credentials for the site's database.

TrueCaller confirmed the security breach in their official blog. However, they denied the hacker's claim that they had access to the social network's access codes.

PayPal denies to pay Bug Bounty reward to teenager.

A 17-year-old German student contends PayPal has denied him a reward for finding a vulnerability in its website.Robert Kugler said he notified PayPal of the vulnerability on May 19. He said he was informed by email that because he is under 18 years old, he did not qualify for its Bug Bounty Program.

Many companies such as Google and Facebook have reward programs. The programs are intended to create an incentive for website users to report problems and create fixes before hackers can take advantage.
Google pays from $100 up to $20,000 depending on the severity of the issue and Facebook pays a minimum of $500 for qualifying bugs. Neither company has age restrictions listed on their websites.

Australia's top spy agency headquarters blueprints stolen by Chinese hackers.

Australian Broadcasting Corp. television reported that the plans for the 630 million Australian dollar ($608 million) Australian Security Intelligence Organization building in Canberra had been stolen through a cyberattack on a building contractor.
Australian officials refused to confirm or deny whether Chinese hackers had stolen the blueprints of a new spy agency headquarters as a news report claims.
According to ABC's Four corners the blueprints setting out the building's cable layouts and security systems had been illegally accessed by a server in China.
Under this hacking operations the Prime Minster's Office, the Defence Ministry and the Department of Foreign Affairs had been breached.

iPhone has most vulnerabilities, so why is Android the most attacked?

The biggest story in malware right now is mobile malware. The shift from traditional mobile phones that simply made phone calls to smartphones containing gigabytes of data has made the
pocket-sized computers a prime target for attackers.
There was a 32 percent increase in the number of documented vulnerabilities for mobile operating systems and, not surprisingly, a 58 percent increase in mobile malware and
Android smartphones and tablets are the hottest targets. 
       Virtually all mobile malware samples detected are intended for Android, ranging from malware that sends out SMS messages, or fraudulent SMS payments, mobile botnets, spyware, and Trojans that can capture or destroy data from Android devices.
      There has been biggest spike in malware samples detected in four years, and the growing threat faced by mobile devices—particularly Android mobile devices.

Nmap ("Network Mapper")

Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Features

• Host discovery - Identify hosts on a network.
• Port scanning - Enumerate the open ports on one or more target hosts.
• Version detection - Interrogate network services listening on remote devices to determine the application name and version number.
• OS detection - Remotely determine the operating system and some hardware characteristics of network devices.
• Scriptable interaction with the target - Using Nmap Scripting Engine and the Lua language, customized queries can be made.
• Reverse DNS lookup.
• Find device type information.
• Retrieve MAC addresses and many more.

Download:-Nmap download

Topera- The IPv6 port scanner invisible to Snort IDS.

Topera is a brand new TCP port scanner under IPv6, with the particularity that these scans are not detected by Snort. Snort is the most known IDS/IPS and is widely used in many different critical environments. Some commercial tools (Juniper or Checkpoint ones) use it as detection engine also. Mocking snort detection capabilities could suppose a high risk in some cases.
 Fixed some bugs: - Get local IPv6 address - Get local ethernet interface - sniffer packet counter - Some minor fixes. 
You can see an example of execution of Topera in link below demo  video.
Download Topera IPv6 port scanner.

Android app SwiftKey Keyboard turned into a Keylogger app.

One of the best 3rd party Android Mobile Keyboard called 'SwiftKey' turned into a Keylogger Trojan by an Android developer to show the possible security threat of downloading pirated cracked apps from non-official App Stores and websites , "anyone pirating Swiftkey is taking a serious risk" developer said.

 He demonstrated how to inject a Keylogger snippets of code into a legitimate Android Keyboard application that infected a mobile device with Trojan, connected with a remote server and transmitted data from the device inducing your all key logs.

Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK." he explained.

He developed a keylogger from SwiftKey(APK Download), a malicious Java program designed to collect and send all key logs to a remote server (Check Keylogs) Along with the host IP address. He explained the complete code also on his blog.

Android malware is growing at a far more rapid pace than for other mobile platforms. For a Cyber Criminals, it is not important to develop their own malware program from scratch, Reversing ready-mate apps and inserting malware code can easily make their job more easy.

 Be careful from where you are downloading apps and think about the permissions and consider what the app is asking to do, and

Skype Malware that turns computers into Bitcoin miners.

Increasingly  desperate  to  cash  in  on  the  sky-rocketing  price  of  Bitcoin  these days,  gangs  of  cybercriminals  have  designed  a  new  malware  that’s  infecting computers  via  Skype in an attempt to build a botnet massive enough to start mining the virtual currency.

Researchers from Kaspersky Lab have discovered a new spam message campaign being transmitted via Skype contains malware capable of using an infected computer to mine for Bitcoins. The malware, identified as Trojan.Win32.Jorik.IRCbot.xkt.
According to Kaspersky Lab,  the average click rate for the rogue URL is high, at over 2,000 clicks per hour, and the creators of this malware had used it to seize control of hundreds of computers in Russia, Germany, Ukraine, Poland, Spain and other countries.

The malware spreads itself by infecting the Skype VoIP program, using the age old

AirDroid security flaw allows hackers to perform Dos attack from your Android device.

AirDroid, a free app which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network, has a dangerous cross-site scripting (XSS) vulnerability which allow hackers  to perform Dos attack from your Android device.

Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.

According to the Department of Homeland Security’s  Vulnerability Notes Database ,

Evernote account used as Command-and-Control Server by Hackers.

Cyber criminals are using popular note-taking app Evernote as Command-and-Control Server to give commands to the malware installed on infected PCs using botnets.

TrendMicro uncovered a malware detected as “BKDR_VERNOT.A” tried to communicate with Command-and-Control Server using Evernote.

Malware delivered via an executable file that installs the malware as a dynamic-link library. The installer then ties the DLL into a legitimate running process, hiding it from casual detection. Once installed, BKDR_VERNOT.A can perform several backdoor commands such as downloading, executing, and renaming files. It then gathers information from the infected system, including details about its OS, timezone, user name, computer name, registered owner and organization.

NinjaWPass - Protect WordPress against keyloggers and stolen passwords

NinjaWPass is a free WordPress plugin written to protect your blog administration console. It makes it basically impossible for a hacker who stole your password to log in to your console.

The way it works is simple but very efficient :
All you need to do is to define a second password (AKA the NinjaWPass password) from 10 to 30 characters.
At the WordPress login prompt, besides your current password, you will be asked to enter 3 randomly chosen characters from your NinjaWPass password. Whether your computer is infected by a keylogger or someone is spying over your shoulder, this protection will keep them away. 

Additionally, the plugin offers the possibility to receive an alert by email whenever someone logs into your WordPress admin interface.

Download NinjaWPass

Server Shield v1.1.5 - Protect your Linux machine in 1 minute

Server Shield is a lightweight method of protecting and hardening your Linux server. It is easy to install, hard to mess up, and makes your server instantly and effortlessly resistant to many basic and advanced attacks.

All IP addresses will be automatically detected and used for the firewall configuration. Automatic security updates are enabled by default.

No maintenance required— just set it and forget it!

Features

• Firewall Hardening
• TCP Hardening
• Data Leakage Protection
• ICMP/Ping Flood Protection
• Rootkit Protection
• DoS Protection
• Spoof Protection
• Bogus TCP Protection
• SYN Flood Protection
• FTP/SSH Bruteforce Protection
• Automatic Security Updates
• DNS Amplification Protection

ExploitShield Browser Edition - Forget about browser vulnerabilities.

 

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising your  computers.

Hacking Google users with Google's GooPass phishing attack

Google Drive is the new home for Google Docs, that users can access everywhere for Storing files safely. In a recent demonstration hacker successfully performed an attack on Google Docs to trick users to grab their Facebook, Gmail, Yahoo credentials with Credit Card Information.

Security researcher Christy Philip Mathew came up with combination of Clickjacking and CSRF vulnerabilities in Google's Docs that can allow a hacker to create a document in victim's Drive for further phishing attack.

For those who are not aware about Clickjacking, It is a technique where an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

He explain how this technique can be executed to pwn a Google user to steal victim's

Kali Linux :- The most advanced penetration testing distribution ever.

Great news for Hackers and Backtrack Linux fans! The most awaited penetration testing Linux distribution has been released called 'Kali Linux' or 'Backrack 6', from the creators of BackTrack itself.Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution.
 Within five days after its initial release, the Kali team reported over 90,000 downloads and had already added more documentation and even an early bugfix.

So the first big change was platform — from Ubuntu to Debian. Debian-compliant packages

#OpIsrael :-Anonymous launches massive cyber assault on Israel cyberspace

 

A cyber attack campaign, #OpIsrael by hacking group Anonymous, targeting Israeli websites caused massive disruption to government, academic and private sites Sunday. Israeli media said small business had been targeted. Some homepage messages were replaced with anti-Israel slogans.

Anonymous threatened to disrupt and erase Israel from cyberspace in protest over its mistreatment of Palestinians. In response to the eight day assault that killed 133 Palestinians, Anonymous defaced thousands of Israeli sites and provided information for Gazans facing Internet and communications blackouts. 

Over 60 million hacking attempts were reportedly made. Most of the attacks have had

'Scribd' The world's largest online library, has been hacked.

Scribd ,the world's largest online library, has been hacked in a recent attack and hacker potentially able to compromise general user information, which includes usernames, emails, and encrypted passwords of partial database. "Even though this information was accessed, the passwords stored by Scribd are encrypted, we believe that the passwords of less than 1 percent of our users were potentially compromised by this attack," the company stated.

 They emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password. "Earlier this week,

IOS vulnerability in Configuration Profiles pose malware threat.

Israeli mobile security start-up Skycure has exposed a vulnerability that could allow hackers to control and spy on iPhones. A major security vulnerability for iOS configuration profiles  pose malware threat.

The vulnerability affects a file known as mobileconf files, which are used by cell phone carriers to configure system-level settings. These can include Wi-Fi, VPN, email, and APN settings. Apple used to use them to deliver patches, and carriers sometimes use them to distribute updates.

The below demo shows that how sensitive information, including the victim’s exact