Hackers and hacks News

The GreyKey Is An Expensive Device That Can Crack Any iPhone

A security company named Grayshift has created a device that hacks any iPhone device on the market. It comes with two lightning cables, permitting the users to unlock two Apple devices in the same time. The device has the dimensions of a mini pc and is highly portable.

Depending on the password complexity, the cracking takes from a few hours to a few weeks time. After it is cracked, the passcode is displayed on the iPhone screen.

After the iPhone is cracked, the data is copied on the GreyKey and it can be accessed on a web interface.

The GreyKey costs $15.000 and permits the hacking of 300 devices with an internet connection, but for $30.000, you will benefit of unlimited attempts and offline support also.

Grayshift announcement:

“The offline model does require token-based two-factor authentication as a replacement for geofencing for ensuring security. However, as people often write passwords on stickies and put them on their monitors, it’s probably too much to hope that the token will be kept in a separate location when the GrayKey is not being used. Most likely, it will be stored nearby for easy access,”

While this device could be very useful to the authorities, it can be used for illegal activities on the wrong hands. For now, we don’t actually know what happens with the cracked phone, if it remains jailbreaked or if it can be accessed remotely.

The GreyKey Is An Expensive Device That Can Crack Any iPhone

For more information, read this article from the Malwarebytes blog.

Editorials and informational articles Hackers and hacks Security solutions and antivirus software Tutorials and how to guides

4 things to do to keep your business safe from WannaCry-like internet infections

The WannaCry cyber attack has created a lot of panic, due to the fact that it has infected computers from over 120 countries, being the largest ransomware infection in history.

As I work for an outsourcing IT company, I have noticed that people got very worried that such an attack can destroy their businesses and started to buy backup solutions and to invest more in computer security.

In this article I will give you 4 tips that will save your business from a future WannaCry-like computer virus infections.

Backup the fileserver, user data and the operating system:

The easiest way to backup user files is to create a special folder for each user on the fileserver and to back it up constatly, along with the entire server backup. This way, everything placed by the users in their folders are backed up.

From my experience, it is better to backup a single computer or server from the network, instead of backing up files from all the computers on the network. Without a good network infrastructure, this would make the network unresponsive.

In addition to this, another good habbit is to create full system backups of all the computers on the network, making an bootable image of the fresh operating system, with all the drivers installed, all the license keys added and drivers installed. This way, the reinstall process gets done very quick.

Another good habbit is to have a 2 TB or bigger external hard drive and to use it to perform offline backups for the server, when the automatic one fails.

Antivirus solutions and anti-ransomware software:

While there are a lot of free decent antivirus software, this is not enough in the business environment. We recommend that you buy an endpoint security antivirus, in order to benefit from extra security modules such as email scanning, certificate scanning, port blocking et cetera.

Despite the fact that we like using ESET EndPoint Security, Kaspersky, Bitdefender and Symantec have good security solutions as well.

Added to this, we recommend using an anti-ransomware software, such as CryptoGuard or RansomFree Cyberreason, which are two pieces of free software that close the encryption process, when the ransomware starts it.

For extra security, or for the paranoid users, we recommend Zemana, a secundary antimalware software that can run along other antivirus software, famous for its anti-ransomware protection.

Keep your operating systems up to date:

A good security practice is to use supported operating systems, like Windows 7, Windows 8.1 or Windows 10. While Windows Updates may make the system a bit unresponsive, it is a necessary evil, let’s say.

A good practice is to update the operating system daily, at the end of the working hours.

User training:

Yet another important thing to do is to train the users how to spot malicious emails, ignore the attachments and delete them. In most of the cases, the strange emails are either infected or phishing emails.

I know it’s difficult to keep the network and computers safe, but it’s even more difficult to recover the encrypted data.

Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware spreading stopped – Thanks to Microsoft and MalwareTech security firm

As a reminder, WannaCry Ransomware is a ransomware malware created to use some exploits harvested from NSA hack. The infection spread in over 70 countries.

Microsoft has patched this issue, so the users that run supported Windows versions, Windows 7, Windows 8.1 and Windows 10, are safe if they have all the system updates installed and Windows Defender enables.

But despite this, Microsoft has published an emergency update for all the Windows systems (except Vista), in order to block the WannaCry ransomware, flagged by Microsoft Ransom:Win32/WannaCrypt .

Download the update patch matching your operating system and architecture:

All you have to do in order to patch your system is to download the update and install.

On top of Microsoft’s work to update and secure operating systems which reached EOL (end of life), a cybersecurity researcher from MalwareTech handle has managed to stop the WannaCry infection from spreading.

The researcher has studied the code and found a kill switch, hardcoded by the creator of the code in case he wanted to stop it from spreading. The malware was designed to stop if it got response from an internet domain, so the MalwareTech company registered that domain since the attacker did not bother to buy that domain.

According to Bitdefender, the malware spread in 104 countries, infected 180.000 devices, and only 102 victims decided to pay the $300 Bitcoin ransom.

As a piece of advice, as I said in the previous article, you should download the right patch for your operating system, keep Windows Defender active and do not open malicious mails.

WannaCry Ransomware spreading stopped


Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware infection is the largest in history

Recently, the British National Health System (NHS) has become the victim of WannaCry ransomware (also known as WCry or WanaCryptor), a very lethal computer virus that encrypts all the data from the infected computers. While the first infected systems were in UK, the virus has spread in other countries as well.

The attack took place on Friday (yesterday) and affected 74 countries (including UK, US, China, Russia, Spain, Italy and Taiwan), including 16 NHS trusts in UK, being the biggest in the history.

The WannaCry ransomware is based on an exploit harvested from the EternalBlue tool used for hacking by NSA and leaked a few months ago by the hacker group Shadow Brokers. Once a computer is hacked, it explores a vulnerability in the SMB file sharing. The most vulnerable computers are the ones with older operating systems and since the encryption is done with RSA-2048, the files cannot be decrypted without the hacker’s key.

The problem is that a lot of computers from public institutions still use Windows XP, a system which is very vulnerable to hackers, since it does not receive any more updates.

The losses were bigger than financial, this causing surgeons to cancel operations, because everybody was locked out of the system. For more information, see this Liliputing article.

The good thing in this is that Microsoft has released an update patch for all the supported Windows systems – Windows 7, 8.1 and 10 and the May 2017 updates should keep the users safe from this, if they have Windows Defender enabled with up to date signature database.

Final words:

If you keep your Windows system up to date with the latest updates and keep Windows Defender updated and enabled, you are safe from this ransomware malware.

Unfortunately, this happened because government agencies like NSA or CIA keep vulnerabilities unknown for their own benefit.

Hackers and hacks

Hackers can crack PIN codes by using the smartphone’s motion sensors

The researchers from Newcastle University have discovered that hackers can use the smartphone motion sensors to infer security PINs.

A regular smartphone has a lot of sensors, including: GPS, camera, microphone, fingerprint reader, accelerometer, gyroscope, light sensors, magnetometers, barometers, proximity sensors, thermometers and air humidity sensors, so a malicious software or website can collect a lot of personal data by reading the output of these sensors.

In this case, the motion and rotation sensors could be used to reveal touch actions, permitting skilled hackers to bypass PIN security.

The researchers used 10 smartphone users and asked them to enter 50 four-digit PINS five times on each website. In the first attempt, the network guessed 70% of the correct PINS, while in the fifth try they bypassed the PINs with 100% success rate.

The math tells us that there are 10.000 combinations that can be set with four-digit PINs, so there are 2% chances of guessing the PIN from the first attempt.

This being said, a hacker that installed a rogue app on the smartphone or lured the user to an infected website that runs JavaScript malicious code in the tab where the PIN is inserted. Many PIN codes are made of common sequences like 1234, 0000, 1000 or birth dates, so they can be bypassed by guessing.

The way the users holds the phone, scrolls and taps on it generates data that can used to crack PINs.

A security measure would be to add permissions on sensor actions, so that the users can manually deny infected apps or sites to use those sensors. It is a good habit to change the PINs regularly and study application permissions before installations.

For more information, see this post on one of the Sophos websites.

Hackers can crack PIN codes by using the smartphone's motion sensors

Hackers and hacks

Meet the rensenware ransomware – a ransomware that asks the users to play a game to unlock their data

The guys from the Malware Hunter Team have discovered the rensenware ransomware, a different type of malware, one that requires the victims to play a game and get a top score in order to get their files back.

It encrypts the documents, music files, pictures and personal user files but it does not ask the users to pay a bitcoin ransomware. Instead, the virus forces them to play a difficult game. The users have to reach the 0.2 billion score in LUNATIC level of TH12 – Undefined Fantastic Object and this may be a difficult mission for those who do not have gaming capabilities.

After the hacker (Tvple Eraser) created the rensenware ransomware he has also released an apology on Twitter, because he felt bad about it. The hacker has created an decryption tool and removed the rensenWare code from Github, in order to help the victims recover their data without having to win the game.

The hacker’s decrypting tool tricks the game’s memory directly, getting around the malware’s encryption without playing the game.

As a replacement for the initial ransomware, the hacker has uploaded the code without the encrypting part, as a joke.

For more information, see this article from If you want to be in touch with our other ransomware and related articles, follow the ransomware tag.

Hackers and hacks

Hacker drained $800.000 from two Russian banks by using fileless malware

As you may know, fileless malware uses legitimate tools on ATM machines, permitting hackers to install viruses on the RAM memory, which disappear after the first reboot. These non-malware attacks permit the users to gain access on existing software, initiate allowed protocols without downloading any malicious file.

Recently, Kaspersky’s Sergey Golavanov discovered that two Russian banks were targeted by such an attack, the hackers stealing $800.000 in a single night.

The ATMs did not have any malware installed on them and the CCTV cameras have recorded the hacker leaving with stacks of bills, as if it was normal. In less than 20 minutes, the hacker took $100.000 worth of cash. The only clue left behind was a log file, which included one line in English: “Take the money.”

This type of attack gets more and more frequent, according to Kaspersky, fileless attacks have targeted more than 140 backs in Europe, United States and elsewhere, but the full details of the technique are not yet known.

Hackers and hacks

The Russians have created an Android ransomware that does not do anything in the first four hours

Some researchers from Zscaler ThreatLabZ have discovered a new type of ransomware for Android inside OK (Odnoklassniki), a Russian entertainment social network application.

The clean application has between 50 and 100 million downloads from the Google Play Store, but the infected one is available via third party application stores.

The virus stays quiet for four hours, permitting the user to perform his regular activity on the phone, unlike other ransomware variants that encrypt the data right after the infection. After the four hour interval, the application asks for administrative rights, changes the unlock password, locks the screen and sets the lock-screen password expiration. If the user taps cancel, the administrative prompt reappears quickly and does not permit the user to take any other action on the phone.

The ransom is only 500 rubles, the equivalent of $9.

The researchers have managed to discover that the ransomware does not sent the user’s data to a server and is incapable of unlocking the user’s phone. So, if the victim pays the ransom, the virus will stop operating, but the user will not be able to access his data anymore.

Due to the fact that the ransomware malware does not take any action in the four hours, the antivirus software cannot detect it, so it can be easily injected in the Google Play Store Apps.

A piece of advice: Do not install apps from unknown sources and disable the unknown sources installation feature from the phone’s settings.

If however you get infected with this, you need to boot into Safe Mode, remove the device admin privilege of the ransomware app, remove the app itself and reboot your device back in regular mode.

For more information, see this VirusGuides article.

Hackers and hacks News

StoneDrill Malware destroys the data on the infected computers

Kaspersky Lab has recently discovered StoneDrill, a new type of malware that destroys all the files on the infected computer for good. The malware features anti-detection techniques and espionage tools and has infected computers in the Middle East and Europe.

It is similar to Shamoon, which wiped clean about 35.000 computers in an oil and gas company in the Middle East, back in 2012, and left 10% of the world’s oil at risk.

Shamoon 2.0 has reappeared in 2016 and StoneDrill is very similar to it, but has extra features. The virus infects th computer, injects itself into the memory process of the default browser, fools the security solutions present with two anti-emulation techniques and after it has successfully disguised, it start destroying files.

Kaspersky Lab also found a StoneDrill backdoor, used for espionage purposes. For now, the security researchers did not discover how the malware spread.

The best way to protect against all sorts of attacks is to use security software, strong password rules and be paranoid enough to think that your security will be breached and implement a backup solution, so that everything destroyed or infected can be successfully restored.

For more information, see this article from Kaspersky’s website.

StoneDrill Malware destroys the data on the infected computers

Hackers and hacks News

1Password offers a 100.000$ bounty to the hackers that can crack their password vault

As you may know, a bug bounty program is a deal offered by websites to individuals who report bugs and discover exploits and vulnerabilities in their sites. If the hackers manage to penetrate the systems, they get rewarded. So far, Facebook, Yahoo, Google, Reddit, Square and Microsoft have successfully implemented such programs.

AgileBits, the team behind 1Password has invited the hackers to hack their password security system, for a 100.000$ bounty. At first, the prize was 25.000$, but it has been raised four times since than.

In order to get the money, the hackers need to demonstrate they can crack the 1Password password vault. The company even offers details about the existent problems, so that the hackers have a starting point.

If you are interested in such programs and have the skills needed, you can search for ‘jobs’ on these two platforms:

We will keep you informed whether someone manages to get the big prize or not. For more information, see this article from BetaNews.