Android app SwiftKey Keyboard turned into a Keylogger app.

One of the best 3rd party Android Mobile Keyboard called 'SwiftKey' turned into a Keylogger Trojan by an Android developer to show the possible security threat of downloading pirated cracked apps from non-official App Stores and websites , "anyone pirating Swiftkey is taking a serious risk" developer said.

 He demonstrated how to inject a Keylogger snippets of code into a legitimate Android Keyboard application that infected a mobile device with Trojan, connected with a remote server and transmitted data from the device inducing your all key logs.

Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK." he explained.

He developed a keylogger from SwiftKey(APK Download), a malicious Java program designed to collect and send all key logs to a remote server (Check Keylogs) Along with the host IP address. He explained the complete code also on his blog.

Android malware is growing at a far more rapid pace than for other mobile platforms. For a Cyber Criminals, it is not important to develop their own malware program from scratch, Reversing ready-mate apps and inserting malware code can easily make their job more easy.

 Be careful from where you are downloading apps and think about the permissions and consider what the app is asking to do, and

Skype Malware that turns computers into Bitcoin miners.

Increasingly  desperate  to  cash  in  on  the  sky-rocketing  price  of  Bitcoin  these days,  gangs  of  cybercriminals  have  designed  a  new  malware  that’s  infecting computers  via  Skype in an attempt to build a botnet massive enough to start mining the virtual currency.

Researchers from Kaspersky Lab have discovered a new spam message campaign being transmitted via Skype contains malware capable of using an infected computer to mine for Bitcoins. The malware, identified as Trojan.Win32.Jorik.IRCbot.xkt.
According to Kaspersky Lab,  the average click rate for the rogue URL is high, at over 2,000 clicks per hour, and the creators of this malware had used it to seize control of hundreds of computers in Russia, Germany, Ukraine, Poland, Spain and other countries.

The malware spreads itself by infecting the Skype VoIP program, using the age old

AirDroid security flaw allows hackers to perform Dos attack from your Android device.

AirDroid, a free app which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network, has a dangerous cross-site scripting (XSS) vulnerability which allow hackers  to perform Dos attack from your Android device.

Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.

According to the Department of Homeland Security’s  Vulnerability Notes Database ,

Evernote account used as Command-and-Control Server by Hackers.

Cyber criminals are using popular note-taking app Evernote as Command-and-Control Server to give commands to the malware installed on infected PCs using botnets.

TrendMicro uncovered a malware detected as “BKDR_VERNOT.A” tried to communicate with Command-and-Control Server using Evernote.

Malware delivered via an executable file that installs the malware as a dynamic-link library. The installer then ties the DLL into a legitimate running process, hiding it from casual detection. Once installed, BKDR_VERNOT.A can perform several backdoor commands such as downloading, executing, and renaming files. It then gathers information from the infected system, including details about its OS, timezone, user name, computer name, registered owner and organization.

NinjaWPass - Protect WordPress against keyloggers and stolen passwords

NinjaWPass is a free WordPress plugin written to protect your blog administration console. It makes it basically impossible for a hacker who stole your password to log in to your console.

The way it works is simple but very efficient :
All you need to do is to define a second password (AKA the NinjaWPass password) from 10 to 30 characters.
At the WordPress login prompt, besides your current password, you will be asked to enter 3 randomly chosen characters from your NinjaWPass password. Whether your computer is infected by a keylogger or someone is spying over your shoulder, this protection will keep them away. 

Additionally, the plugin offers the possibility to receive an alert by email whenever someone logs into your WordPress admin interface.

Download NinjaWPass

Server Shield v1.1.5 - Protect your Linux machine in 1 minute

Server Shield is a lightweight method of protecting and hardening your Linux server. It is easy to install, hard to mess up, and makes your server instantly and effortlessly resistant to many basic and advanced attacks.

All IP addresses will be automatically detected and used for the firewall configuration. Automatic security updates are enabled by default.

No maintenance required— just set it and forget it!

Features

• Firewall Hardening
• TCP Hardening
• Data Leakage Protection
• ICMP/Ping Flood Protection
• Rootkit Protection
• DoS Protection
• Spoof Protection
• Bogus TCP Protection
• SYN Flood Protection
• FTP/SSH Bruteforce Protection
• Automatic Security Updates
• DNS Amplification Protection

ExploitShield Browser Edition - Forget about browser vulnerabilities.

 

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising your  computers.

Hacking Google users with Google's GooPass phishing attack

Google Drive is the new home for Google Docs, that users can access everywhere for Storing files safely. In a recent demonstration hacker successfully performed an attack on Google Docs to trick users to grab their Facebook, Gmail, Yahoo credentials with Credit Card Information.

Security researcher Christy Philip Mathew came up with combination of Clickjacking and CSRF vulnerabilities in Google's Docs that can allow a hacker to create a document in victim's Drive for further phishing attack.

For those who are not aware about Clickjacking, It is a technique where an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

He explain how this technique can be executed to pwn a Google user to steal victim's

Kali Linux :- The most advanced penetration testing distribution ever.

Great news for Hackers and Backtrack Linux fans! The most awaited penetration testing Linux distribution has been released called 'Kali Linux' or 'Backrack 6', from the creators of BackTrack itself.Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution.
 Within five days after its initial release, the Kali team reported over 90,000 downloads and had already added more documentation and even an early bugfix.

So the first big change was platform — from Ubuntu to Debian. Debian-compliant packages

#OpIsrael :-Anonymous launches massive cyber assault on Israel cyberspace

 

A cyber attack campaign, #OpIsrael by hacking group Anonymous, targeting Israeli websites caused massive disruption to government, academic and private sites Sunday. Israeli media said small business had been targeted. Some homepage messages were replaced with anti-Israel slogans.

Anonymous threatened to disrupt and erase Israel from cyberspace in protest over its mistreatment of Palestinians. In response to the eight day assault that killed 133 Palestinians, Anonymous defaced thousands of Israeli sites and provided information for Gazans facing Internet and communications blackouts. 

Over 60 million hacking attempts were reportedly made. Most of the attacks have had

'Scribd' The world's largest online library, has been hacked.

Scribd ,the world's largest online library, has been hacked in a recent attack and hacker potentially able to compromise general user information, which includes usernames, emails, and encrypted passwords of partial database. "Even though this information was accessed, the passwords stored by Scribd are encrypted, we believe that the passwords of less than 1 percent of our users were potentially compromised by this attack," the company stated.

 They emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password. "Earlier this week,

IOS vulnerability in Configuration Profiles pose malware threat.

Israeli mobile security start-up Skycure has exposed a vulnerability that could allow hackers to control and spy on iPhones. A major security vulnerability for iOS configuration profiles  pose malware threat.

The vulnerability affects a file known as mobileconf files, which are used by cell phone carriers to configure system-level settings. These can include Wi-Fi, VPN, email, and APN settings. Apple used to use them to deliver patches, and carriers sometimes use them to distribute updates.

The below demo shows that how sensitive information, including the victim’s exact