Facebook Bomb using VB-script

Script :



' InputBoxes

Message = InputBox("What Is The Message?","WhatsApp DDos")

MsgBox "VBScript Written By Priyank Gada"

T = InputBox("How Many Times Needs It To Be Send?","WhatsApp DDos")

If MsgBox("You've Filled It In Correctely", 1024 + vbSystemModal, "WhatsApp DDos") = vbOk Then



' Go To WhatsApp

Set WshShell = WScript.CreateObject("WScript.Shell")

Return = WshShell.Run("https://www.facebook.com/messages", 1)



' Loading Time



If MsgBox("Search for the name and click on message section?" & vbNewLine & vbNewLine & "Press No To Cancel", vbYesNo + vbQuestion + vbSystemModal, "WhatsApp DDos") = vbYes Then



' The Loop For The Messages

For i = 0 to T

WScript.Sleep 5

WshShell.SendKeys Message

WScript.Sleep 5

WshShell.SendKeys "{ENTER}"

Next



' End Of The Script

WScript.Sleep 3000

MsgBox "Please Visit www.youtube.com/c/priyankgada"

Set WshShell = WScript.CreateObject("WScript.Shell")

Return = WshShell.Run("http://www.youtube.com/priyankgada", 1)





' Canceled Script

Else

MsgBox "Process Has Been Canceled", vbSystemModal, "DDos Canceled"

End If

Else

End If

Read more

by Malik korrich ~ mercredi 7 septembre 2016 0 commentaires

Whatsapp Bomb using VB-Script

Today , we are going to learn how to bomb messages on web whatsapp using VB-Script.




Explanation of the script.

' InputBoxes
This section is the data input. Here we are taking inputs from the user . Contact stores the name of the contact. Message stores the message , T stores the times.


' Go To WhatsApp
This section redirects the user to web whatsapp.

' Loading Time
This section will wait for you to load whatsapp web.

' Go To The WhatsApp Search Bar
This section will press tab key and pass the pointer from URL address bar to Whatsapp message bar.

' Go To The Contacts Chat
This section will type the contact name in the search bar.

' The Loop For The Messages
This section will type message and press enter till the amount of times we need to spam the message. ( T ).

' End Of The Script
This the popup that the script is completed

' Canceled Script
This section will popup the cancellation of the script.

Read more

by Malik korrich ~ 0 commentaires

Credit Card 101 - Part 1

Hello guys , we are back with another awesome article. In this series of articles ( credit card 101 ) we are going to learn about various credit cards , how credit cards work , how to hack credit cards and most important how to secure your personal credit card. So to start with credit card hacking we must first understand how credit cards are designed and how they work.

Credit Card Numbers :

So lets consider a random credit card for example ( This is not my credit card ).

4485 3151 5882 2849

Now the credit card number is divided into various parts which help the payment gateway to charge the original consumer of the credit card. 

1. The first number (4) is the MII

2. The next 5-6 numbers are the issuer ID

3. The next numbers leaving the last number are the user ID

4. The last number is the check number also known as check algorithm number.

What is MII ?

MII basically stands for major industry identifier . This is a constant number that is given to the consumer according to the needs of the consumer . For example in most cases a consumer uses his/ her credit card numbers for online transactions. This is the reasons most credit card numbers start from 4 and 5 which means banking and financial industry . This digit can range from 0 to 9. We will provide more information in the bottom of the article .

What is Issuer ID ?

The issuer ID basically stands for the card provider i.e. visa , mastercard , etc. For example if the digit is 4xxxx then it is a VISA card and the length of the card is 16. We have provided more information about in the bottom of the article.

What is User ID ?

This number is basically the Identity of the user and the bank to which the card was issued . It depends on the users account number and other details . This number can be reused if a particular card holder stops using the service.

What is check number ?

A check number is used to ensure the validity of the card. It is the last digit of the credit card. Credit cards follow luhn check algorithm.

Luhn's Credit Card Algorithm :

Original Number : 4485 3151 5882 2849

1. From the back , double every alternate number.

What we get : 8  (16)  6  (10)  (10)  (16)  4  8

2. If the doubled numbers are double-digit numbers then add them.

What we get  : 8   7   6   1   1   7   4   8

3. Write the alternate numbers that we deleted in the first step.

8475   6111   1872   4889

4. Add the new credit card number that we get.

8+4+7+5+6+1+1+1+1+8+7+2+4+8+8+9=80

5. If sum is a multiple of 10 then the credit card number is valid.

Since 80 is the multiple of 10 . We can conclude that 4485 3151 5882 2849 can be a valid credit card number.

MII / Digit Value Category

0 = other industry assignments 
1 = Airlines industry assignments.
2 = Airlines and other industry assignments
3 = Travel and entertainment 
4 = Banking and financial 
5 = Banking and financial 
6 = Merchandising and Banking 
7 = Petroleum 
8 = Telecommunications and other industry assignments 
9 = National assignment

Issuer ID                                  Card Number

• Diner's Club/Carte Blanche   300xxx-305xxx, 36xxxx, 38xxxx
• American Express                   34xxxx, 37xxxx                   
• VISA                                        4xxxxx                               
• Mastercard                              51xxxx-55xxxx
• Discover                                  6011xx     

Download PDF of this article

DownloadMP4 Video of this article

Check Latest Article

Check Next Article ( will be updated soon )

More :

You can access full course free on the following platforms :

www.ehacking.net

www.priyankgada.blogspot.com

www.youtube.com/c/priyankgada

www.facebook.com/webmaster.pg

www.twitter.com/group_flexi

Please note all the content is copyright (c) material of Priyank Gada. Using this without permissions should be prohibited .

Read more

by Malik korrich ~ dimanche 4 septembre 2016 0 commentaires

How to Protect your Data in the Era of Ransomware

The era of ransomware is upon us. Organizations, small businesses and individuals have been affected by dangerous ransomware attacks in past years. Ransom, that refers to some kind of payment that is demanded in exchange for the release of someone or something that has been taken, is a yet effective ploy that has been used by criminals for many years. Locky, a new variant of ransomware, encrypts files of cybernauts and adds a .locky file extension to them, leaving them unaccessible until the ransom is paid. Actively spreading since February 2016, this infection has been the most threatening this year.

Data is the most valuable thing for any individual or organization, so it is understandable that many business owners are rightfully concerned about the rising threat of ransomware. The most important aspects to consider are the steps that common users and professionals should take to protect organization and personal data from these ransomware attacks.

'No malware is pleasant, but there is something truly awful about ransomware. Paying the ransom is not just a declaration of defeat, but also a confession that preventative measures weren't taken. Cybersecurity awareness, a robust email security solution, internet monitoring software, and protecting your endpoints will go a long way to better prevent ransomware,' says Sergio Galindo, President and COO of GFI Software, a company creating solutions that allow companies to protect from various cyber threats.

Over the last few years, several software companies have released solutions which can protect your organization from ransomware threats such as Locky. These solutions bring the protection against malicious email attacks and ensure that every employee’s web browsing and downloading is secure.

The solutions provided by GFI Software are not only limited to organizations, individual users and small businesses can also use the software. GFI WebMonitor can allow you to monitor and control your web activity along with management of internet usage of your employees, so that no unsafe websites can be accessed from your corporate network. GFI MailEssentials will help you and your organization to fight against ransomware attacks coming through emails. The solution enables effective spam filtering and blocks emails containing malwares like Locky.

Organizations need to reshape their cyber security policies, if they want to stay ahead of new ransomware threats. Deploying the necessary security solutions with immediate effect is the only way to secure the precious data of an organization.

I partnered with the brand to write this article but every word is mine

Read more

by Malik korrich ~ mercredi 20 juillet 2016 0 commentaires

Hack Your Website First Before Hackers Do. Beat Them at Their Game

In recent years, website and web application release cycles have become increasingly short. Initially, these short release cycles were a result of companies attempting to remain competitive — offering more feature-rich applications and responding to consumers demands more quickly.

As a result, end-users have largely been conditioned to expect a continual flow of updates and new releases — companies have gone so far as to publish software development roadmaps so their customers can be kept apprised of what to expect in the immediate and near-term releases.

While short release cycles and frequent updates are often seen as a positive, there is also a dark side that needs to be considered. One of the first causalities in the “race to release” is web application security. In an attempt to launch websites and ship web applications as efficiently as possible, security has become an afterthought.

Despite the risks associated with a potential security breach (something we covered in this post), web application security often takes a backseat to revenue, profit and customer satisfaction. Given that a 100% secure web application is an impossibility, that might seem like a reasonable approach. After all, security is rarely considered an issue until it’s too late.

One potential solution to this problem is to spend time looking at your website or web application from the perspective of a hacker — in essence, figure out how to hack your website before someone else does.

The Hacker’s Mentality: Why And How?

There is a saying (concept) that floats around web application security circles called “Hack Your Website First”. The idea behind this saying is one which promotes a more proactive approach to security. As we mentioned in the opening paragraphs, web application security is often an afterthought — that is, until an application is hacked. Of course, by then it’s usually too late. The damage has been done.

“Hack your website first” seeks to develop the mindset in which developers and security professionals actively seek out potential vulnerabilities in web applications the same ways that a hacker would. It’s an approach that makes a lot of sense — if you can learn to think like the enemy, you stand a much greater chance of defeating them.

Ask yourself: How would your overall security posture improve if you were to take a day or two away from the development process and look for ways to hack your website or web application?

Think Like a Hacker

Often, two of the most significant obstacles when it comes to managing web application security is understanding:

1.    Which are the primary vulnerabilities that hackers are looking to exploit?

2.    What tools and techniques are they using to not only find but exploit those vulnerabilities?

Understanding which vulnerabilities are most commonly exploited is the first step in learning to think like a hacker. The most commonly exploited vulnerabilities are those of the technical variety. For example, cross-site scripting (XSS), SQL Injection and command injection.

Obviously, logical vulnerabilities should also be an important consideration. But in reality, they are often less susceptible to attack simply because they are more time intensive to exploit and require a greater level of expertise.

If you are someone who finds analogies to be useful, look at securing technical vulnerabilities as the equivalent of locking all the doors and windows on the ground floor of your house before going to bed. Logical vulnerabilities, on the other hand, are more in line with a burglar setting up a step-ladder, climbing on the roof of your home and looking for an open skylight. It’s possible but less likely to happen. You can read the differences between technical and logical web applicationvulnerabilities for more detailed information.

Act Like a Hacker

Hackers are people too. That means that they have all the traits and tendencies of developers and programmers. If there is an easier or more proficient way of completing a task, they’ll take advantage of it.

While you may be inclined to think that hackers spend hours on end searching for vulnerabilities but they’re smarter than that. More often than not, hackers are using automated tools and scripts to find and exploit vulnerabilities. Tools like sqlmap, sqlninja, Canvas, BruteXSS and Core Impact are often used in the process of identifying and exploiting vulnerabilities. These tools reduce the amount of time and effort that hackers need to expend and vastly increase their reach.

If you think that your web application is unlikely to be a target of hacking, think again. The target itself is rarely relevant. Hackers are looking for access to your server resources and bandwidth. If you pay for it, hackers are happy to take it from you.

If you’re going to put forth an honest attempt to hack your websites or web applications, you’ll need to employ tools and techniques that are similar to the hackers. Using an automated web scanner is one of the best (and easiest) ways to scan one or even hundreds of websites and web applications.

Using the right tools also means that once a vulnerability is identified, the process of remediation should be largely automated. Flagging the vulnerability, assigning it to a developer for patching, re-testing and reporting can all be automated by a capable web application vulnerability scanner.

Know Thy Enemy (Hackers)

In The Art of War, Sun Tzu stated that “If you know the enemy and know yourself, you need not fear the result of a hundred battles”.

By learning to hack your website or web application first, you'll develop an intimate knowledge of the tools, vulnerabilities and exploits that are often used by hackers.

Staying ahead of hackers and eliminating all web vulnerabilitiesbefore they can be exploited can prove to be a challenging task. To a large extent, one of the most effective ways of reducing potential attack vectors is by being proactive - Think and act like a hacker to beat them at their own game.

Read more

by Malik korrich ~ lundi 11 juillet 2016 0 commentaires

All about IMEI

What is IMEI ?

IMEI is the short term for International Mobile Equipment Identity . It is a unique 15 digit number which is unique for all devices which use cellular devices. This helps us to identify each device differently. We can use this number to block a mobile phone being used by another person if it is lost or stolen . Whenever anyone inserts SIM card ( or turns his cellular device on ) his IMSI number gets registered with his IMEI number.

How to Find IMEI Number ?

You can find IMEI number of your phone by simply pressing *#06# on your keypad . If you have a dual SIM device then 2 IMEI numbers will be displayed.

How to trace IMEI ?

As we saw in this article , whenever you turn your cellular device on , IMSI number of SIM card and IMEI number of the device is maintained by Cellular companies . This helps legal authorities , law enforcement and police departments to trace a phone. They can find the IMSI number of SIM from IMEI thus providing them with all SIM cards used by that device as well as IMEI number used by a particular phone but in any case they have to inform cellular departments to keep a track on a particular IMEI number for new IMSI number of new SIM cards inserted .

What are Non-Traceable Cellular Devices ?

There are devices which do not have IMEI numbers and which don't use SIM cards for connecting with the network providers. This devices use satellite and are known as satellite phones. But even this devices are traceable with high end equipment's.

Database / NVRam File ?

Android device store IMEI and other network information in a file called NVRam file . This contains all details provided by the manufacture and lets the user connect to cellular towers. Unfortunately this file is locked by manufacturer. But this file can be modified while flashing software on the phone ( permanently changing IMEI is possible ) . NVRam files are inside the database file of the phone software which is used while flashing . You can use the database file provided with the stock ROM ( Stock rom is the official flashing software provided by the manufacturer ) of the device .

How to change IMEI ?

Yes ! It is possible to change IMEI number while flashing stock rom ( this is how manufacturers write IMEI numbers in first place .) . You can find one article on How to change IMEI with video tutorials over here.

Read more

by Malik korrich ~ samedi 11 juin 2016 0 commentaires

How to protect your confidentiality and prevent data leakage

In this modern era the data security is a big issue every organization is facing. As the time passes the security threats of every organization are increasing. Many businesses suffered huge financial losses because of the leakage of their confidential data in the past few years.

Even the world’s most powerful government officials aren’t safe from these modern day security threats. Hillary Clinton a candidate for next presidential election in the United States suffered from data leakage; when her emails were compromised.

During the past 12 months some of the world’s biggest organizations and governments like Anthem, My Space, Syrian Government, and Philippines Commission of Elections were targeted. Sometimes it’s the attacks like these where your hands are tied and you can’t do anything to prevent them.

However, there are many other ways which leads towards the accidental data leakage of your organization. Researchers have seen Emails as one of the biggest source of data leakage in this modern era. As emails took over postal mails as the primary medium of communication between organizations; the security risk has been rapidly increased ever since.

Confidentiality of a business is something you can’t take risks upon. Historically, we have seen once business confidentiality and its client’s database is leaked; the only thing that follows it is huge financial losses. It doesn’t matter if you are a Lawyer, Health care institute, Bank or some multinational chain – Risk of your data leakage through emails are always on the high side if proper measures aren’t in place.

SafeSend is one of the most trusted software for securing your data from accidental leakage. World’s top most organizations like Samsung, Allianz, EPSON has already put in place security measures, which will prevent any accidental data leakage of their business activities. Those businesses that aren’t considering accidental data leakage a security threat are sitting on a time bomb and waiting for it to explode. All it takes is a common mistake by your employee to leak organizations confidential data and sometimes it can be on purpose if your employee is disgruntled on something.

Making a security move in this era of cyber security can only increase the satisfaction level of your clients. After all everyone wants to know, how secure they are while connected with your business. Safesend will be the perfect solution to increase your organization’s security measures along with the level of satisfaction of your top clients. We always suggest our readers and followers the best possible cyber security solutions available in the industry. SafeSend have a proven record and with most of its business activities are in U.S and Britain - It’s the market leaders in preventing accidental data leakage.

I partnered with the brand to write this article but every word is mine

Read more

by Malik korrich ~ jeudi 9 juin 2016 0 commentaires

The outcome of the Notorious Teamviewer hack

Over the past few months, the users of teamviewer, a remote access service have been discussing their experience of being ransacked by attackers, who somehow gained access to their accounts. In many of the cases, online thefts reportedly drained user’s PayPal and other bank accounts. No one knows the exact number of accounts being hacked yet, but there’s no denying that the Teamviewer is breached.


For more than a month, many social media sites and blogs have received such numerous reports. Many often claimed that the intrusions are the reason for this failure, which has an effect on many others.

The attacker did transactions and shopped online using user’s PayPal and bank details, many caught this and rolled back the transactions but many left helpless. Nick Bradley the Security Researcher at IBM reported his experience, "In the middle of my gaming session, I lose control of my mouse and the Teamviewer window pops up in the bottom right corner of my screen, As soon as I realize what is happening, I kill the application. Then it dawns on me: I have other machines running Team Viewer!"

He continued:

“I run downstairs where another computer is still up and running. Lo and behold, the Teamviewer window shows up. Before I am able to kill it, the attacker opens a browser window and attempts to go to a new web page. As soon as I reach the machine, I revoke control and close the app. I immediately go to the Team Viewer website and changed my password while also enabling two-factor authentication. Lucky for me, those were the only two machines that were still powered on with Team Viewer installed. Also lucky for me is the fact that I was there when it occurred. Had I not been there to thwart the attack, who knows what would have been accomplished. Instead of discussing how I almost got hacked, I’d be talking about the serious implications of my personal data leak.”

The threat is that if personal data or bank transaction is performed without being noticed then who is responsible for their losses. That made the users of Teamviewer insecure and creates a bad impression on them.






 


These statements made Teamviewer to announce two measures to introduce in response to the huge number of reported hijacking. The first measure “Trusted Devices”, ensure that the account holder must explicitly confirm that the new device is trusted before access is granted to existing accounts for the first time.

The second measure is “Data Integrity” which provides automatic examine that detects when an account goes hacked. "The system determines continuously if your Teamviewer account shows unusual behavior (e.g. access from a new location) that might suggest it has been compromised," said Axel Schmidt the spokesperson of Team Viewer.

Read more

by Malik korrich ~ mardi 7 juin 2016 0 commentaires

How to automatically get rid of Startseite24.net redirect virus

Ce résumé n'est pas disponible. Veuillez cliquer ici pour afficher l'article.

Read more

by Malik korrich ~ samedi 9 avril 2016 0 commentaires

How to automatically remove YesSearches adware from Windows

Advertising Supported Software generally known as adware is a software application; which advertise banners of brands (mostly Adult sites) while a program is running. Adware are criticized all over the world by security personals because of the fact that, it tracks it tracks your personal/system information  and redirect it to a third party without your authorization and approval. Third party uses this accumulated information for marketing purposes.

What is YesSearches.com?

YesSearches is a suspicious web search engine that often comes bundled with freeware, malicious software and rogue programs. Once it is added to your browser, it will replace the existing homepage without your consent. 

When a user looks at YesSearches it seems like a harmless search engine, but a search engine which forwards your information like recently searched sites is not something you can count on. Removing YesSearches from your browser is a headache and many users have to read blogs or watch tutorials to manually remove it. Many users fail to remove the YesSearches adware even after extensive research on the internet; which can be a very frustrating thing.

Now SureShotSoftware.com has provided an automatic solution so, you don't have to go through the pain of reading blogs or watching tutorials. This will empower common users to get rid of this adware and secure your personal information without doing any extensive research. Automatic solution not only saves your precious time but also completely removes it.

How to automatically remove YesSearches from your Windows:

The advantage of automatic security suite is it not only get rid of this adware but also scans scans the entire system and detects all potential fragments of the virus, so user is only few clicks away from a complete fix. 

1. Download and install recommended malware security suite.
2. Select Start Computer Scan feature and wait until the utility comes up with the scan report. Proceed by clicking on the Fix Threats button, which will trigger a thorough removal process to address all the malware issues compromising your computer and your privacy.

Read more

by Malik korrich ~ vendredi 8 avril 2016 0 commentaires

Cerber Ransomware: How to DECRYPT your encrypted data

It's not wrong if you label 2016 as the year of ransomware. The ransomware attacks are the dark side of modern technology revolution. Many first world countries like U.S and Canada has issued their citizens alerts about possible ransomware attacks this year. But, the question remains what necessary steps should be taken to address these ransomware attacks.

One of the most favorite and threatening ransomware of attackers now a days is "Cerber", which already has a long list of victims who paid ransoms to reclaim their data. Recently a security firm "Malwarebytes Lab" published a report about Cerber ransomware which revealed that; the ransomware doesn't load if it detects that the victim is from the certain blacklisted country or contains specific languages, file names or directories.

The security firm also disclosed that attackers are demanding 1 bitcoin worth $414, to release the encrypted files or data from the victim's machine. Many first world county citizens has already paid huge sums of money to retrieve their valuable data, while others are thinking about paying these criminals what they are demanding.

How Cerber is encrypting the users data: 

When first run, Cerber will check to see if the victim is from a particular country. If the computer appears to be from any of the following countries, it will terminate itself and not encrypt the computer.

Once it located the country; Cerber will install itself in the %AppData%\{2ED2A2FE-872C-D4A0-17AC-E301404F1CBA}\ folder and name itself after a random Windows executable. For example, when we performed our analysis of the ransomware it named itself autochk.exe. 

Cerber will then configure itself itself to start automatically when you login to windows, execute as your screensaver when your computer is idle, and set a task to execute itself once every minute. In this phase, when the ransomware is executed it will show a fake system alert and begin a restart process. Until this restart is allowed to occur, it will continue to display fake system alerts.

Those who are victimized by Cerber ransomware; MySpyBot.com has developed a automated solution which can help you to recover your data without paying criminals a single penny.

Remove CERBER Ransomware in 2 simple steps: 

Spybot's process of automated removal of Cerber ransomware consists of 2 simple steps. It doesn't require the user to have an in-depth knowledge of IT. 

Step 1:  Download and install the anti malware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button

Step 2: Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed. 

Read more

by Malik korrich ~ jeudi 7 avril 2016 0 commentaires

Locky Ransomware: Most Destructive Ransomware of 2016

On February 16th 2016 the Infosec community has discovered that a new ransomware dubbed as "Locky" is quickly spreading and many have already been victimized by this newest ransomware. It is believed that the developers Locky ransomware are the one who created "Dridex" a financial Trojan. There are many similarities between those two especially the identical spam campaigns used to spread the Locky and Dridex.

Locky Ransomware was first discovered by a Symantec researcher who disclosed that; Locky ransomware has been aggressively pushed by the criminals through hefty spam campaigns and compromised websites. If you receive a spam email and have a feel like someone is tricking you in opening the attached file (like invoice), don't open it.

This ransomware encodes the data file on computers of the victims with the “.locky” extension. The ransom is being demanded varies from 0.5-1 Bitcoins. Just like the other variant of ransomware Locky also makes use of a powerful encryption. Because of strong encryption Locky makes  the data of any victim inaccessible, if victim doesn't have a backup. 

Locky has created an enormous impact this year, leaving its victims all over the world. From the start of this year the average number of victims of Locky ransomware are around 15,000 to 20,000/ week.The astonishing thing is that so far there isn't any significant development on how to stop this Locky ransomware infection. 

Locky makes use of rich features which comprises of custom encrypted communication, domain generation algorithm, RSA-2048+AES-128 file encryption, and BitCoin/TOR payment. This ransomware is skilled at encoding files of 160 file kinds which include source codes, databases, and disks.

How to protect yourself from Locky Ransomware

NabzSoftware.com a dedicated name in the industry has now provided a solution which addresses this destructive ransomware. It's a very simple two step process  which can secure you from Locky Ransomware attack. 

Step 1: Download and install .locky file virus removal software. Having launched the solution, hit Start Computer Scan button

Step 2: The tool will come up with scan results, reporting the detected malware. Select the Fix Threats option to remove all the infections that were found. This will lead to complete extermination of the virus under consideration.

Nabzsoftware also provides the victims of Locky ransomware a way to get their encrypted data back. So victims who are thinking about paying the criminals, Don't do it! NabzSoftware's automatic file recovery software is the perfect solution to get your precious data back.  

Read more

by Malik korrich ~ mercredi 6 avril 2016 0 commentaires

First world countries are the primary target of Ransomwares

This year security researchers has discovered an immense increase in Ransomware attacks on businesses (regardless of their sizes) in Britain, USA, Canada, Australia and many other European nations. In Britain the number of ransomware attacks in first three months has been doubled when you compare it from last year. According to a research by cyber security firm Trend Micro, “January and February 2016’s combined figure is more than triple the infection count for the whole of the first quarter of 2015”.

Almost every developed nation around the world are facing a severe ransomware threat in 2016. In the first three months, the increase in ransomware attacks are so threatening that U.S and Canadian governments has issued alerts to their citizens about these ransomware attacks. Both countries issued these warnings after the researchers predicted the ransomware crisis will worsen as the year passes; because only few businesses have taken proper steps towards securing themselves from ransomware attacks.

Due to the lack of security measures U.S hospitals are the latest sector of America which fell victim to these ransomware attacks. A recent study revealed this week that around 52 percent of U.S hospitals were infected with malicious software's according to a study by The Health Information Trust Alliance. It further said that U.S hospitals should brace for a rise in ransomware attacks. The non – profit healthcare organization further added that; these ransomware attacks are going to be so devastating that U.S hospitals will have to accept attackers demands in order to regain access of their computer networks.

After the latest attack on MedStar Georgetown University Hospital this week, the FBI has provided the citizens some cyber safety tips. MedStar has suffered a devastating malware attack this Monday which has taken down the hospitals information technology systems. MedStar officials hasn’t yet confirmed weather the attack is an example of ransomware, but the patients data of has been compromised. The computer systems of MedStar’s 10 hospitals hasn’t yet restored to 100 percent after the devastating malware attack.

Jeffrey Coburn FBI Cyberdivison unit chief told; “In one case, a Los Angeles hospital paid $17,000. The FBItells users not to pay the ransoms.” Jeffrey Cobrun further added; “When you pay ransoms, you are continuing their business model. You are encouraging them to do this fraud.”

Fox IT a malware research firm discovered a ransomware family (Cryptowall, CryptoLocker, TorrentLocker) last year, whose members has generated some huge incomes. The attacks of these three malwares has happened in similar patterns and have affected mostly first world countries; mainly through exploit kits and fake emails posing as official organizations.

Security researchers are creating the solutions to remove ransomwares malware, and to some extent they seems successful, but this success will not last longer because of the social engineering techniques adopted by the hackers.

Read more

by Malik korrich ~ dimanche 3 avril 2016 0 commentaires

Free Cyber Security Training Course

The exponential growth in Cybercrime has created an emergency situation, the infosec community has also realized that we don't have enough workforce to work and counter the increasing hacking attacks. People from every corner of the world has started to learn the cyber security principles and ethical hacking techniques, EH Academy also took an initiative by introducing a pentest training program for everyone and for free.

The free cyber security and ethical hacking training is the course that teaches the principle of penetration testing, attacking methodologies and techniques. The aim of this course is to prepare beginners to conduct the penetration testing. This is an idea course for beginners to learn the practice and be ready to learn some advance techniques in future.

This course goes from basic to advance where you will get a chance to learn:

• Information gathering
• Scanning enumeration & footprinting
• Open source intelligence gathering
• Utilizing opensource tools to find the information
• System hacking
• Proxy server and chaining
• Keyloggers, Trojan and other viruses
• Networking sniffing and session hijacking
• SQL Injection and cross site scripting
• Buffer overflow and exploit writing
• Reverse engineering
• Cryptography
• And more…

Enroll Now today!

Read more

by Malik korrich ~ mardi 2 février 2016 0 commentaires

The Cyber Security Training Giveaways

Let’s make the start of this year more exciting by sharing the cybersec training courses. EH Academy announces the biggest giveaways of the year, Guess what? For now, you can get 5 most important and essential infosec training courses by just participating in a short contest. Isn’t it worth giving a shot?

The summary of the contest:

Contest end date:	Jan 30, 2016
Number of winners:	5
Number of courses each winner will get:	5
Value:	$700

 

How to win?

Earn points by sharing the contest using your unique URL. The more points you get, the more likely it is that you'll get your hands on some amazing tech-courses!

Steps:



So what are you waiting for, get sharing and increase your chances to win! Don’t forget to enter your personal details; otherwise we won’t be able to contact you. The winner will be announced on Feb 1, 2016 and will be notified via email.

Happy learning!

Read more

by Malik korrich ~ mardi 5 janvier 2016 0 commentaires

Top 10 most Devastating Hacking Attacks of 2015

As the countdown to the New Year has begun the world gets ready to say its goodbyes to 2015. We roll back the clocks and look into this year’s most devastating hacking attacks, which resulted in huge financial losses and data theft. Data breaches have put many organizations out of business and many others are facing millions of dollar in fines from lawsuits from their customers. Last year, hackers accessed more than one billion personal records, most of which include personal information such as social security numbers, banking codes, home addresses, emails, etc. 

An upsetting thing is year after year the number of such attacks are increasing.According to a surveyby Global State of Information in Cybersecurity, this year, 38% more security incidents were detected than last year. The shortage of certified cyber security professionals is a big reason why these attacks are on the rise. Most of the organizations have no idea what policies should be followed to tackle these threats. 

Here we bring you some of the list of 10 most destructive hacking attacks the world have seen in 2015. We rate these attacks according to their severity and how much organization suffered after its aftermath. Check out our Top 10 List:

1.     Talk Talk

This is one of the most devastating hacking attack in British history, with more than 157,000 customers records stolen by the hackers. The records include personal details such as bank account numbers, sort codes, credit and debit card numbers. This attack on Talk Talk website happened on 21st of October and it is believed that teenagers are behind this devastating attack. The company suffered £35 Million in losses as the result of malicious users exploiting a SQL Injection vulnerability. 

2.     Ashley Madison

Another big story of the year is the Ashely Madison Hack. An online dating site with a motto “Life is Short. Have an affair” has seen the identities and passwords of its 11 million users stolen. The CEO of the company had to step down as the result of this much hyped hack attack, which was the most talked about thing this summer. The Ashley Madison parent company faces a law suite of $760M as a result of this data breach. Many customers of Ashley Madison received an email from spammers demanding ransoms, else their information will be leaked online. 

3.     CIA Director Hacked

The personal email account of John Brennan, the director of CIA was also hacked. The FBI and Secret service treated this as a very sensitive hacking incident because of the nature of the account and to whom it was associated with. The person who claimed the responsibility of this hack on CNN is an American but has yet to be arrested by the FBI. 

4.     Anthem Health Insurance

The second biggest health insurance company in the United States also fell victim to cyber criminals this year. The hack has affected more than 70 million Anthem customers. The hackers stole names, date of births and social security numbers. The company assured its customers that their financial details such as bank accounts and credit card numbers have not been compromised. 

5.     Vodafone

Telecom giant Vodafone was also the target of cyber criminals this year. According to a statement released by the company in October a group of hackers managed to gain access to sensitive information of about 1,827 Vodafone customers. The stolen email addresses and passwords have been sold on dark web. It seems that the bank account details of the customers were leaked as well. This news came to light just after the hack of Talk Talk, which has raised many concerns about the security of the British telecom and broadband operators. 

6.     Carphone Warehouse

The biggest UK phone retailer has also been targeted by cyber criminals this year. In August Cardphone Warehouse were hacked and hackers managed to access the personal records of around 2.4 million customers. The company faced a lot of criticism from its customers for keeping the news secret for 48 hours. The stocks of the company have been crashed when the news of hack hits the media. 

7.     LoopPay Samsung

Just after a month Samsung bought its payment system company for $250M, LoopPay was hacked. The group behind this hack is Chinese dubbed as 'Codoso Group' or 'Sunshock Group’, and for the 5 months no one in the company had any idea that they were hacked. The company said that no user data has been lost, despite the fact that it took them 5 months to notice that they were hacked.

8.     JP Morgan, Chase and Brokerages

One of the biggest financial hacking incident in US history, which started back in 2012 and was up and running until mid of 2015.  A total number of 9 large financial institutions were targeted in the United States, during this time. Hackers manage to access information of more than 100 million customer’s and affected 80 million households. The three hackers behind this big hack were arrested and were trialed in US Court in New York. This hacking incident is dubbed by many as the “the largest theft of user data from a U.S. financial institution in history."

9.     US Army Official Website

Just hours after US President Obama called for new cyber security laws in a summit held in Germany, the official website of the US Army was taken down by Syrian hackers.  Syrian Electronic Army were the group who claimed the responsibility of the attack as per their official twitter account. In this case, this was just a defacement and no data was stolen because the website did not contain sensitive.  

10.Hilton Worldwide

Most probably the most famous hotel chain, with over 4,112 hotels in around 91 countries, Hilton has also been a victim of cyber-criminal attacks this year. The credit cards information of many Hilton customers were stolen. Hackers sold the credit card details and stolen information of Hilton customers on the Darkweb, which resulted in many of its customers being victims of credit card frauds.

Most of the above mentioned hack attack could have been easily avoided should the organizations have taken web application security more seriously. In all of the above cases hackers have exploited some of the most common vulnerabilities such as SQLinjection, which could be automatically found with an automated web vulnerability scanner such as Netsparker. Don’t let your business become a statistic. Scan your websites and find vulnerabilities before hackers do.

 

Read more

by Malik korrich ~ jeudi 17 décembre 2015 0 commentaires