Categories
Entradas Seguridad

This is how the IP of a WhatsApp user could be disclosed with a simple link

The IP of a WhatsApp user, exposed

Is about Rahul Kankrale, a web security researcher. In your profile Twitter has shown its discovery and how the IP can be disclosed simply with the preview when sharing a link on WhatsApp.

To do this simply use a PHP code. With this, it manages to reveal the IP of WhatsApp users, as well as the version of the application and save this data on a server. The steps to follow, as indicated in Medium, are the following:

Step 1

The first step to carry out this action is create a PHP file and a log file on a server. Add the following code for the meta description:

echo $ _SERVER[REMOTE_ADDR]; $ line = date (‘Ymd H: i: s’). »- $ _SERVER[REMOTE_ADDR]»; Echo $ line;

file_put_contents (‘visitors.log’, $ line. PHP_EOL, FILE_APPEND);?> »/>

Step 2

Once this is done, the next thing we have to do is save this PHP file.

Step 3

Later we open WhatsApp Y we write the link which leads to this PHP file that we have created. Once the preview of the link is generated, we can see how the IP appears, the capture, and at the same time writes it in the file that we have hosted on our server.

In this server log the date and time appear, as well as the user’s IP address. If we test it several times, we can see how they are added to this file. Both the time and the IP coincide exactly the same in the preview of the link and in the record created on the server.

In Youtube We can see a video where the discoverer of this failure explains step by step how it works. Here are a couple of screenshots.

From WhatsApp they have reported that, at least for now, they are not going to solve this bug.

Problems for “safe” applications

Now, can we do something users to avoid this problem and that our IP leaks? A good solution is to use a VPN. In this way, when navigating, we will be hiding our real IP address. In a previous article we mentioned some of the best options we can find.

It seems that in recent times there have been several cases of reliable applications, but with security or privacy failures. We recently published an article where we explained the flaw that a 17-year-old student had found in the Signal messaging program, known for being one of the best preserves the privacy of users. Now we must add the disclosure of the IP of a WhatsApp user through the method that we have explained.

Categories
Entradas Seguridad

AVG Free Antivirus 2017 is now officially available

The vast majority have already known each other since the public beta was launched several weeks ago. It must be said that there are no significant changes, and that the developer company has focused above all on fine-tuning the behavior, focusing above all on optimizing the use of hardware resources. But it is not the only novelty when it comes to software products, since AVG Internet Security and AVG TuneUp have accompanied this antivirus.

Regarding the news, it was already advanced that AVG products would adopt existing technologies in Avast ones. The first novelty of this style has been the engine, as well as an interface that has also inherited characteristics from its brothers. From the hand of these other minor functions have come, but for many they can mean the difference between a good product or not.

The most important novelty confirmed by those responsible for its development is undoubtedly the improvement of the detection of threats in real time.

AVG Free Antivirus 2017 and other changes introduced

As you can imagine, the changes are mainly oriented to the presence of Avast when developing the tool.

But a decision that has undoubtedly not been liked is the possibility of installing a toolbar by default in the browser and modifying the search engine and the main page. Obviously this can be chosen or not during the installation process, however, we must pay attention to the process, since we can install it accidentally and ignore the option that appears marked by default.

Download the security tool for free

It must be said that together with the tool it has been included AVG Zen, something that for many is not very useful and for the moment it seems that there is no obvious way to install antivirus software without this application.

AVG Identity Protection has also undergone changes and has been rebranded as Analyzer Software

Mixed opinions among users and experts

The truth is that the arrival of this new product on the market has not aroused special interest at the moment. Some have even wanted to value some aspects. Without going any further, the first to be evaluated was the arrival of Avast. In the case of the antivirus engine, it is believed to be positive. This is quickly diluted by the other aspects: the installation of a taskbar or modification of the web browser or the inclusion of software that does not have much value.

At the moment it could be said that an approved scraping, saving the furniture that is a free tool.

Do you think AVG products have improved with the arrival of Avast?

Categories
Entradas Seguridad

Pirated versions of Mortal Combat X and GTA V hide malware

Two long-awaited PC titles have been released this week: Mortal Combat X and GTA V. The expectation of these games makes users search for them on the net and without checking their integrity, they download and install them on their systems, not knowing that with this they are also installing Trojans, exploits or back doors that hackers have included with the game .

The technique used by hackers to distribute this type of malware is known as “social engineering” and it is based on tricking the user with certain content, being more likely to end up infected the greater the desire to obtain said content.

Pirated versions of Mortal Combat X do a “fatality” to users

As we can read in We Live SecuritySecurity experts have found several fake copies of Mortal Combat X circulating on the net that include a dangerous banking Trojan along with the alleged activator. This banking Trojan is none other than Zeus.

The specific variant (detected by Eset as Win32 / Zbot) has been designed to steal passwords and bank details from victims’ systems, as well as include them in a botnet that can be used at any time to carry out different computer attacks over the Internet against certain targets.

It is clear that Zeus is still a fully functional and growing zombie computer network. Despite the attempts of different security companies, this malware continues to be undoubtedly one of the most dangerous in recent years and, if no solution is found, the botnet will continue to grow.

GTA V, another expected and dangerous title hacked with malware

The GTA V version is also one of the most anticipated by millions of users. On its first day, more than a million copies have been sold through Steam alone, so the number of users looking for the pirated version can be even higher.

In the absence of a functional activator, hackers (mainly of Chinese and Russian origin) have already distributed false versions of these supposed activators that, far from allowing us to play the expected title, install different Trojans and pieces of malware on our systems that, to save us a few euros in the original game, it can be very expensive.

How to protect ourselves from these threats

These two cases are not the only ones. Some years ago some pirated versions of Crysis 3 with malware reached thousands of users in the first days.

The first and fundamental thing is to obtain the games by legal means. Either in a physical store or through platforms such as Steam, we can be sure that the copy that we install on our system will be totally legal and safe, free of any malware or threat that hackers may have distributed over the Internet. .

Likewise, we must have antivirus software installed and updated on our system that allows us to detect in real time if we download or execute any threat, thus blocking its installation and being able to remove our computer from the control of hackers.

Have you encountered malicious software in the past when downloading pirated games from the Internet?

Categories
Entradas Seguridad

Keys to maintain security and privacy when browsing

The keys to maintaining security and privacy

Correct configuration in social networks

Have you correctly configured social networks? This is one of the keys to browsing safely and privately. The use of these platforms is widespread in all areas. However, we do not always have it configured correctly. Sometimes we give more data than we want or we should.

It is convenient to take a look at the privacy parameters that we can configure in services like Facebook or Twitter. For example, who can see our photos or who can access personal data. Even directly skip this data.

Check if your data has been stolen

Sometimes it may happen that our data has been stolen. Either due to a phishing attack, or due to an oversight or that someone has directly found out our keys. This can bring negative consequences for our safety.

In a previous article we explained how to know if our email account had been sold. However, we can also apply this to social networks. It is convenient to find out if someone has accessed our accounts.

Use of security software

Do you use security programs and tools? This is vital to keep our equipment running smoothly. There are many options, both free and paid. It is the way we deal with malware.

It is important to always have a good antivirus whatever the operating system we use. There are none that are 100% safe, so it is convenient not to take risks.

Keeping equipment updated

Do you keep your equipment updated? Another key to maintaining safety when browsing. Sometimes vulnerabilities may arise that put our systems at risk. These bugs are resolved by patches released by the manufacturers themselves.

It is important that our systems always have the latest version installed, but it must also be applied to the different programs we have.

Public network precautions

We are used to meeting open networks almost anywhere. However, are they always safe? The answer is no. We cannot fully trust a network that we find in an airport or shopping center, for example. Cybercriminals sometimes use these open Wi-Fi networks as bait.

Therefore, extreme precautions must be taken in this type of network. Never open sensitive accounts or send data that could compromise our privacy. You always have to browse HTTPS pages and, if necessary, use a VPN.

The importance of the browser in security

On the other hand, our browser protects us when browsing. There are indicators that most modern browsers have that make us see if we are browsing safely or not. One of them, precisely, is what we have just commented on HTTPS.

Also, this is mainly recommended when we use a computer that is not ours, we can access in private mode. In this way our data is not saved and we run less risk of, for example, forgetting to close our social networks.

Our browser is a main piece when it comes to securing connections. It is especially convenient to keep it updated. We can also install security extensions that protect us.

Categories
Noticias Seguridad

Changing passwords periodically is not always a good thing

Changing passwords on a regular basis results in a waste of time, and if it is not done well, we worsen security. In case you don’t know, a strong password or password must contain the following elements:

  1. Capital letters.
  2. Lowercase.
  3. Numbers.
  4. Symbols such as @, &, or $.
  5. The recommended length would be a minimum of 12 characters.

In RedesZone we have a complete tutorial of the recommendations for creating strong passwords, with tips and why it is necessary to mix different characters in a password.

Positive aspects of changing passwords periodically

Changing passwords periodically is a good idea because it makes it difficult for someone to obtain our password by brute force or dictionary, since, before it can be cracked, we will have already changed it and you will not be able to do anything to enter with our credentials.

A periodic password change means that in the event that they steal our email password or any other service, they could never log into their account and have access to our data, because during the time it takes to crack the password, we already we will have changed it. The same could happen with social media accounts and bank accounts.

We must bear in mind that the less time between password changes, the probability that a cybercriminal will crack the password is lower, since they will have less time to discover our password and use it for their own benefit.

Drawbacks of changing passwords regularly

Password changes are something that we should take seriously, however, that does not mean that changing passwords is an additional effort for people quite important. The problem is that people have limited time and memory, which means that changing passwords periodically involves a significant effort, especially the latter, remembering the last password.

In an ideal world where we had a perfect memory and time to design our password there would be no problems. One of the biggest security issues is human error, and if you change your password often, you’ll be more likely to use weak passwords to make them easier to remember. Therefore, if we are forced to change it periodically, it will be more difficult to remember and create good passwords. For this reason, it is not surprising that users who are forced to change them end up adding a number to their password, such as “password1” and then “password2”.

Another issue to keep in mind is that the problem is compounded by making so many changes. The reason is none other than that we have to handle many passwords. In that sense, to alleviate the problem we recommend using a password manager like KeePass, Passwarden or any other.

The problem that we acquire when changing passwords periodically is that we will end up using the weakest ones, and probably, we will reuse the same key in different accounts, so we will be even more vulnerable for reusing the passwords in different services. In this regard, it is much more important to use strong and unique passwords everywhere than to change the password regularly.

This is how cybercriminals act when they obtain a key

By changing passwords periodically, if done right, you improve security, but the problem is that, if done wrong, you can make security worse.

Another important issue is when our password falls into the wrong hands. In that case the Cybercriminals try to take advantage of it as soon as possible. For example, if in a phishing attack they obtain the password from your email, they will try to make the most of it, and will try to reset the passwords of other accounts with it. Thus, for example, they could gain access to your Facebook account to send spam or scam your acquaintances.

In summary, even if you had changed your password the day before, being victims of a phishing attack where you enter your current password, this measure will be of little use. Therefore, for certain types of attacks the change is not so beneficial.

When should we change passwords?

In the event that we have had to share, out of necessity, the key of an account of any kind such as Netflix or Amazon Prime, the change may be beneficial, immediately or when the agreed time for using an account expires. streaming is convenient to change it. In this way we avoid spying on our data, or services that are ours are used without permission.

It should also be noted that password changes can be positive for some jobs. In this sense, IT administrators should not force workers to change passwords, unless there is a good reason. In this case, it is best to use a password manager to avoid using an increasingly weak password. Therefore, do not forget that regular and indiscriminate password changes can in the long run be a problem.

As we have seen, periodically changing passwords is not always good advice. In addition, in case our password is stolen, if we have activated the Google two-factor authentication, Facebook etc. they will not be able to access our account. Therefore, for accounts that support this two-step verification, it can be very beneficial for our security to have it activated.

Categories
Seguridad Tutoriales

what is it and what is it used to create different VLANs

The network segmentation It should not imply the simple division of a network into small or medium networks, but it should also meet the need to respond to the needs of the organization that depends on the network to operate. It has to do with the “main questions” in English, which we translate into Spanish as follows:

  • Where). It refers to the establishment of network segment points and the logic used to apply the segmentation of the organization’s technological assets.
  • How (How). It has to do with the implementation of business goals with quite refined access controls, simply with the maintenance of trust – in the what and in the who – continuous and adaptive to different circumstances.
  • What what). Strengthen access controls by enforcing advanced, high-performance security measures across the network.

Of course, all these essential questions will be answered based on the context of the networks that we manage, are working. The way you apply segmentation processes can vary greatly. For example, micro-segmentation. Which can be applied according to the processes that are executed, applications used, the existing endpoints and other criteria that can be considered.

What is network segmentation?

It is a process that is responsible for dividing the network into small networks. Its purpose is to improve the performance of the network, and, above all, its security conditions. Segmentation works by controlling traffic in all parts of the network, you can choose to stop all traffic in one part that wants to reach another. Or, you can limit the flow that occurs on the network by type of traffic, origin, destination and many other options. Any of these filters that you apply to the network are part of what are called “segmentation policies.”

Some traditional segmentation technologies that can be mentioned to the network equipment configurations for internal firewalls, Access Control Lists (ACLs) and well-known VLANs (or Virtual Local Area Networks). The main disadvantage of these technologies is that at first they can be difficult to implement, so the cost of doing so is high, but absolutely necessary today.

On the other hand, today we have software-defined technologies. They greatly simplify network segmentation by grouping and tagging all types of network traffic. These tags that are generated force the application of the segmentation policies directly on the network equipment involved. The best thing about these technologies is that there is practically no complexity unlike traditional technologies.

As we discussed earlier, VLAN targeting is one of the most popular ways to segment. How does it work? Creating a collection of isolated networks, each with its own broadcast domain within a data network. One of the things that network segmentation within a VLAN allows is to block access to it by cybercriminals who want to carry out attacks of all kinds. Ultimately, there are several security risks that can be mitigated. These are some:

  • Reduction of packet-sniffing, which is usually used to capture traffic at the Ethernet frame level, in order to have sensitive information from users.
  • Access to servers and services only and exclusively to authorized personnel.

Segmentation is considered as a set of ports, each of which can accept a variety of devices. These ports, which each represent a segment of the VLAN, do not have any functionality until a device has the appropriate permissions to access it, thanks to the segmentation processes. When a device wants to access one of these ports, it is identified by data such as the MAC address, source IP, destination IP, and much more.

Automating network segmentation: is it really possible?

It is even possible to venture with automations. Which are already a reality in the world of computer networks. For example, once a device has managed to authenticate itself to access the network, it can have a network segment assignment based on the type of device that is and the roles that the associated user has. Furthermore, considering the segment to which it belongs, specific security policies and measures also begin to be applied automatically. This ensures that communication between devices / users within the same segment and outside of it, is secure. So too, the transactions that take place.

The wide profit margin is not something to ignore. Not only is the security and integrity of the devices and users improved, but the main risks are also truly mitigated, compliance standards are reached according to the organization and better yet, the desired operational efficiency is achieved.

However, all the benefits and advantages that we can cite thanks to network segmentation will not be achievable. More than anything, if greater efforts are not made in relation to the performance of the network and associated processes. Tech giants like Google, Apple, and Amazon have the kind of hardware that could handle such demanding processes as the one that calls for highly efficient network segmentation. It must have a new generation of processors that can truly adapt to the demands of these times, in addition to the ability to maintain always consistent security standards and firm security policies regardless of the platform used.

What new solutions will appear? Let there be no doubt that we wait for them, since the networks do not stop growing. Consequently, network segmentation becomes more and more necessary if we want to avoid major security problems. Unfortunately, these problems are no longer small at all.

Categories
Noticias Seguridad

How they can hack a SIM card

Methods to hack a SIM card

If we talk about the different types of attacks on the network, malware that can affect our systems and tricks that hackers use to steal information, all of them have increased in recent years on mobile devices. It is logical. Every time we use them for more functions. A few years ago they were basically used to call or send SMS. Today we can surf, use social networks, very varied applications and always have a connection.

This makes cybercriminals set their sights here. They carry out different attacks to steal data and information from mobile phones. And yes, they also have methods to hack a sim card.

Simjacker

One of the attack methods that could hack our SIM card is called Simjacker. This is a complex attack and is carried out by sending spyware-like code via SMS.

Basically, the objective is for the victim to open that message and the attackers use the code they send to spy. They can monitor through calls, messages or track the location.

To exploit the vulnerability They use software that is part of the SIM application (STK). This is something that many telephone operators have on their cards. Therefore it does not affect all companies.

This tool has a browser with which the user can access the Internet. It is a basic browser that simply allows you to perform simple actions such as opening your email.

This browser is practically never used. Everyone has another option on their mobile, such as Google Chrome or Mozilla Firefox. The problem is that this simple browser is still installed and makes it possible to be a vulnerability and carry out Simjacker attacks, as we have mentioned.

Although Simjacker attacks have been carried out on many users, the truth is that the Spaniards today should not worry excessively about this problem. It is something that has been more present in regions such as Asia or Eastern Europe. They have even used this method from some governments to control their citizens.

Swapping

Another method to hack SIM cards is known as Swapping. This time they are not based on technical vulnerabilities, but rather on human error. They use the social engineering for it.

What the attacker does is call the operator of the victim and go through her. They will say they have lost the card and will ask for a new replacement. They may say that they are going to change devices and that they need a new one that fits.

From that moment, in case they manage to deceive the operator, they will have the total control of our number. That means they could receive code messages to access accounts, for example. Logically, the other SIM card will be deactivated and the victim would lose control.

Categories
Entradas Seguridad

Google backtracks and removes Chromium code that was spying on users

From Google they always sought to defend this function, however, the statements justifying the existence of this code such as feedback to improve the product did not convince the users and now they have been forced to eliminate the function, or at least for now.

The problem is that Chromium did not have this function, but it was later when the browser independently proceeded to install this add-on, which was an extension of the functions of “Ok Google”.

At first it was thought that after being tested in Chromium the function would make the leap to Chrome, but this has not been the case, and for several months the function has been present in both browsers.

The webcam could have been the object of espionage in the Chromium case

While the microphone is confirmed, there are some users who manifest anomalous behavior with the webcam integrated in their laptop, activating when accessing certain web pages. Obviously this does not imply that the extension commissioned by the browser also carried out the spying of this hardware resource, since said page could have some exploit to control the camera or cybercriminals could make use of one of the many vulnerabilities that have been detected in Adobe Flash Player and control it.

Obviously the easiest in this situation is to blame those from Mountain View but from the outset it seems unlikely that Google is behind what these users have commented, although we cannot rule it out either.

The problem is not with the installation of this software and the subsequent consequences, but with how it was installed, that is, without the consent of the users.

Source | MalwareTips

Categories
Noticias Seguridad

Why Cloud Backups Will Be More Important

Future of cloud backup

The growth of cloud use it was already being quite interesting in the last few years. However, the Covid-19 pandemic has made it grow even more. The need for remote workers to have everything available anywhere, to be able to access company data without having to be physically present, has meant that more and more people use this type of service.

Now the content that we store in the cloud can be critical. We are talking about personal files that we may need at any time, vital documents for a company, work in progress by a group … In the event that there is a problem, that information is lost, it can be very serious in certain circumstances.

Hence it is vital to create cloud backups. Make sure that in case of loss, in case of suffering a cyber attack or having a problem with the platform, our files, works or information that we have, will not run any risk. This, of course, is going to be even more important in the future, as more users and organizations use these services.

The problem of confusing cloud storage with backup

There is a very present problem and it is that many users confuse storage in the cloud with backup or backup copies. They believe that by saving their files in the cloud they are already safe and protected from possible problems.

Computer security experts indicate that there is a Overconfidence in this type of service. Users do not always take into account possible human errors, cyber attacks, updates that may erase data by mistake or, ultimately, any problem that exposes our data.

We can say, therefore, that there is always the risk that these data, which are secure on paper, may be affected by problems that compromise their security. Vital information could be lost if we don’t create backups properly.

Third party backup solutions

One of the topics that will be more present the more we use this type of services are the third party backup solutions. They provide us with an easy way to manage all content and thus protect data in the cloud. Basically avoid focusing everything on a single platform that may suffer a failure, and create backups in other services as a backup.

However, it is essential to correctly choose which third-party solution we are going to hire to create these cloud backups. Ultimately we are putting our trust there.

Cloud security experts agree that we are moving toward greater decentralization of data. Businesses are increasingly beginning to rethink their approach to the cloud, with growing concerns about data loss. This makes us move towards a greater control of the backups of the cloud and not so much of the storage itself.

Ultimately, cloud backups are going to be increasingly important. The increased use of this type of service will bring important changes for both private users and companies. We leave you an article with the best storage services in the cloud.

Categories
Entradas Seguridad

ImageShack service and a Symantec server are hacked

Yesterday night was quite eventful. Previous days it had already been announced by Anonymous that a series of acts would be carried out against important companies and services that use the internet. However, and as it had already happened on other occasions, it was not thought that the situation would go to such an extreme.

Although at the moment there is some confusion regarding the authorship of the hacks that the security company has suffered Symantec (not the first time) e ImageShack, if it has been confirmed that Anonymous was the one who carried out the hack also close to 28.00 PayPal service accounts.

Without a doubt, we are in the period of more activity that hackers have shown and that can be remembered during the last years.

Regarding the Symantec hackTo say that about 1,000 files containing confidential information of researchers who work for the company have been published. Among this information, you can find personal data of the researchers as well as the different ways to contact them.

Although it is not the first time that this company has suffered a hack, it has not been the most serious this time when compared to the ImageShack service hack.

Lots of information exposed

And it is that the image hosting service has been the one that has won “the award” on this occasion. The hacker who has claimed responsibility for this hack has indicated that it has relied on a java vulnerability (specifically the zero-day one) to be able to access all the content on the server.

This hack has resulted in the theft of user passwords, images, portal administrator configurations and other files that were on the hacked server.

Paypal has also been hacked

As we indicated at the beginning, of these hacks that we have talked about, it is not known for sure if they have been members of Anonymous those who have been in charge of carrying them out. What you do know is that Anonoymus was the one who hacked into accounts of the payment service PayPal. specifically, there have been more than 28,000 accounts those that have been affected.

In the file that has been uploaded by hackers, you can find user names, email addresses, user passwords not yet decrypted and phone number.

Although from PayPal they affirm that there is no evidence that such a security problem has existed, the sure thing is that this data has had to appear from somewhere.

Will the wave of hacks continue?

Articles of interest:

Source | The Hacker News