Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back

Thanx To THN

The infamous hacking collective Shadow Brokers – the one who leaked the Windows SMB exploit in public that led to last weekend's WannaCrypt menace – are back, this time, to cause more damage.

In typically broken English, the Shadow Brokers published a fresh statement (with full of frustration) a few hours ago, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017.

However, this time the Shadow Brokers leaks will not be available for everybody, as the hacking collective said:

"TheShadowBrokers is launching new monthly subscription model. Is being like [the] wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month."

 To some extent, this is good news, but it is terrible news too. Good because now all these upcoming alleged unpatched vulnerabilities will be patched after being disclosed and terrible because the group will sell new zero-day exploits and hacking tools to private members with paid monthly subscription, instead of telling them to Microsoft.


Apparently, other hackers, criminal gangs, state-sponsored hackers, maybe some journalists and people from tech companies, would naturally join Shadow Brokers' membership.

Get Ready for the 'Wine of Month Club'

So, anyone buying the membership of the "wine of month club" would be able to get exclusive access to the upcoming leaks, which the Shadow Brokers claims would include:

• Exploits for web browsers, routers, and smartphones.
• Exploits for operating systems, including Windows 10.
• Compromised data from banks and Swift providers.
• Stolen network information from Russian, Chinese, Iranian, and North Korean nuclear missile programs.

The claims made by the group remain unverified at the time of writing, but since the Shadow Brokers' previously released data dump turned out to be legitimate, the group's statement should be taken seriously, at least now, when we know the EternalBlue exploit and DoublePulsar backdoor developed by the NSA and released by the Shadow Brokers last month was used by WannaCry to cause chaos worldwide.

Before publicly dumping these exploits in April, the Shadow Brokers put an auction of cyber weapons stolen from NSA’s elite hacking team called Equation Group for 1 Million Bitcoin.

After failed auction, the hacking group even put up those hacking tools and exploits for direct sale on an underground site, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000).

After failure from all sides, the group started leaking those hacking exploits. Last month, the Shadow Brokers released a Microsoft Windows SMB exploit that was used by the WannaCry ransomware, which infected 200,000 machines in 150 countries within just 48 hours.

While talking about the WannaCry ties with North Korean state-sponsored hacking group Lazarus Group, the group said:

"The Oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry. Nukes and cyber attacks, America has to go to war, no other choices!"

Shadow Brokers Lashed out on US Government and Tech Companies

In its recent post, the Shadow Brokers criticized both the US government and tech companies, such as Microsoft, for not cracking down on the exploits when they had the chance, months before their release.

The hacking group said the US government is paying tech companies not to patch zero-days in their products, claiming that it has spies inside Microsoft among other US tech firms.

The Shadow Brokers even accused Google Project Zero team, saying:

"TheShadowBrokers is thinking Google Project Zero is having some former TheEquationGroup member. Project Zero recently releasing "Wormable Zero-Day" Microsoft patching in record time, knowing it was coming? Coincidence?"

Who knows if these accusation made by the Shadow Brokers group are true or not, but the world should be well prepared for another WannaCry-like massive destroyer.

Read More

Opera Reborn: अब सीधे इस्तेमाल कर सकेंगे वाट्सऐप, फेसबुक मैसेंजर😱

डेस्कटॉप ब्राउजर की बात हो तो क्रोम और मोजिला के सामने फिलहाल ओपेरा ब्राउजर भले ही कम लोगों की पसंद है लेकिन अब लगता है कि इस ब्राउसर ने इनसे टक्कर के लिए कमर कस ली है.

ओपेरा ने अपने डेस्कटॉप ब्राउजर में अपडेट किया है. इस अपडेट में कई दिलचस्प फीचर्स हैं. अब इस आप ओपेरा में कई तरह के मैसेजिंग और सोशल प्लेटफॉर्म सीधे एक्सेस कर सकते हैं.

ओपेरा ने अपने ब्राउजर में एक मेसेजिंग साइडबार जोड़ा है. इस साइजबार के जरिए लोग सीधे अपने वाट्सऐप, फेसबुक मैसेंजर और टेलिग्राफ अकाउंट कर पहुंच सकेंगे. इस तरह आप ब्राउजिंग करते हुए सीधे चैटिंग या मैसेजिंग कर सकेंगे.

आप इस टैब को अपने हिसाब से सेट कर सकते हैं. शॉर्टकट बना सकते हैं ताकि आसानी से पसंदीदा सर्विस को एक्सेस किया जा सके.

इस अपडेट के बाद अब ओपेरा ब्राउजर में यूज किए गए चैट्स के दौरान किसी फोटो को सीधे ड्रैग कर भेज सकते हैं. नए आइकन, एनिमेशन, कलर

ओपेरा ने इस साइडबार के अलावा अपने यूजर इंटरफेस में भी बड़े बदलाव किए हैं. इस नए डिजाइन में एनिमेटेड आइकन, रंगबिरंगे थीम और एक डार्क मोड भी दिया गया है. सिक्योरिटी और प्राइवेसी के लिए इसमें फीचर्स ऐड किए गए हैं.
ओपेरा ने इस बदलाव को Reborn का नाम दिया है.

Read More

World's Slimmest Phone ? 😱 Padiye Kya Hai Features ? (Hindi)

Motorola

हाल ही में मोबाइल फ़ोंस बनाने वाली कंपनी मोटोरोला ने दुनिया का सबसे पतला फोन मोटो जेड लांच कर दिया है।

इसमें एक से बढ़कर एक अच्छे फीचर्स हैं जैसे लेज़र फोकस कैमरा और टर्बो चार्जिंग जिसकी सहायता से मात्र 15 मिनट के चार्ज करने से 7 घंटे मोबाइल चल सकती हैं इसका साइज 5.5 इंच फुल HD डिस्प्ले है इसकी रैम 4GB जोकि एक स्मार्टफोन को बेहतर स्पीड और सुपरफास्ट वर्क करने की क्षमता रखता है।

और इसकी इंटरनल मेमोरी की बात ही अलग है इसमें इतना स्टोरेज कर सकते हैं कहा जाए तो बिना SD कार्ड लगाकर आपका काम चल सकता है। इंटरनल मेमोरी 64जीबी है, इसके स्क्रीन में गोरिल्ला ग्लास भी लगा है जिसके कारण आपका मोबाइल अचानक गिर भी जाए तो इसकी इन में कोई प्रॉब्लम या खरोच नहीं आए आएगी इसकी एक और खासियत यह भी है कि इसमें प्राइमरी कैमरा 13 मेगापिक्सल का है जिसमें एलईडी फ्लैश और लेजर automatic focus की सुविधा है जिससे आपको बेहतर फोटो एडिट डीएसएलआर की तरह फोटोग्राफी कर सकते हैं । सेकंडरी कैमरा 5 मेगापिक्सल का है led फ्लैश के साथ जो कि एक मोबाइल के लिए बेहतर है। और इस में Android वर्जन 6.0.1 मार्शमैलो है । और मोटो जेड (moto z) की पूरी जानकारी आप मोटोरोला डॉट इन में जाकर देख सकते हैं।
अगर जानकारी आपको अच्छी लगी हो तो पोस्ट को लाइक करें और हमें फॉलो करना ना भूले जिससे कि हम और भी अच्छे न्यूज़ आपके लिए लाते रहे और आप सभी को खबर होते रहे ...

Read More

Many Apps Using Ultrasonic Signals to Silently Track Android Users

Thnx To THN

Your smartphone may have some apps that are continuously listening inaudible, high-frequency ultrasonic sounds from your surroundings and they know where you go, what you like and dislike — all without your knowledge.

Ultrasonic Cross-Device Tracking is a new technology that some marketers and advertising companies are currently using to track users across multiple devices and have access to more information than ever before for ad targeting.

For example, retail stores you visit, a commercial on TV or an advertisement on a web page can emit a unique "ultrasonic audio beacon" that can be picked up by your device’s mobile application containing a receiver.

This information helps advertisers to create your personalized profile and collect your interests by figuring out that both devices probably belongs to you, allowing them to target you with interest-based advertisements.

More & More Apps Have Started Using Ultrasonic Tracking Technology

In fact, while presenting research last week at the IEEE European Symposium on Security and Privacy, security researchers said they discovered 234 Android applications that ask permission to access your smartphone’s microphone to incorporate a particular type ultrasonic beacon to track consumers.
Moreover, the researchers found that 4 of the 35 retail stores they visited in Germany have ultrasonic beacons installed at the entrance.

According to investigators, SilverPush, Lisnr, and Shopkick are three SDKs that use ultrasonic beacons to send messages to the mobile device. While SilverPush allows developers to track users across multiple devices, Lisnr and Shopkick perform location tracking.

The researchers analyzed millions of Android apps and discovered few that were using the Shopkick and Lisnr SDKs, but there were much more that were using the SilverPush SDK.

Serious Privacy Concerns

Although cross-device user tracking technologies are currently being used for the legitimate purposes, it has already raised some serious privacy concerns.

Since an app requires no mobile data nor Wi-Fi connection, but only microphone access to listen to beacons, tracking works even when you have disconnected your phone from the Internet.

In fact, a team of researchers last year demonstrated that how ultrasonic sounds emitted by ads on a web page accessed through Tor can be used to deanonymize Tor users by making nearby phones or computers send identification information, such as location and IP, back to advertisers.

"The case of SilverPush emphasizes that the step between spying and legitimately tracking is rather small. SilverPush and Lisnr share essential similarities in their communication protocol and signal processing. While the user is aware of Lisnr location tracking, SilverPush does not reveal the application names with the tracking functionality," research paper reads.

In 2014, Snowden revelations disclosed that how spying agencies were tracking of This incident could also be another great example, showcasing how intelligence agency could use this ultrasonic cross-device tracking technology to track your movements across the country.

How can You Protect Yourself?

Since you can not stop ultrasonic beacons from emitting sound frequencies around you, the best way to reduce the chance of your smartphone listening for beacons and feed data to a third party is to simply restrict unnecessary permissions you have granted to the apps installed on your device.

In other words, use your common sense.

For example, Skype wants microphone access? Fair enough, as it is necessary for Skype to work as intended. But what about if an app for beauty or clothing store wants microphone access? No way.

To revoke such unnecessary app permissions, some Android phone manufacturers, like One Plus provide a feature called Privacy Guard that allowed its users to block unnecessary app permissions of certain apps on a smartphone that do not have anything to do with the primary function of the apps.

Navigate to Settings → Personal → Privacy → Privacy Guard. Now select any from the list of apps and edit unnecessary permissions you have granted it.

A similar feature has been included in Android 7. Navigate to Settings → Apps → App Permissions. Now edit the privileges you’ve granted each app.

For iOS 10 users: Go to Settings → Privacy → Microphone to see which apps have requested access to it, and which apps you have granted it to.

Read More

Beware! Don't Click that Google Docs Link You Just Received in Your Mail Otherwise Account Will Be Hacked

Thanx To THN

Did someone just share a random Google Doc with you?

First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it's from someone you know.

 people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] "has shared a document on Google Docs with you."
Once you clicked the link, you will be redirected to a page which says, "Google Docs would like to read, send and delete emails, as well access to your contacts," asking your permission to "allow" access.

If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password.

Beware! New GoogleDocs Phishing Email Scam Spreading Across the World — Here's Everything You Need to Know

CLICK TO TWEET

But How? The "Google Docs" app that requests permissions to access your account is fake and malicious, which is created and controlled by the attacker.

You should know that the real Google Docs invitation links do not require your permission to access your Gmail account.

Anything Linked to Compromised Gmail Accounts is at Risk

Once the app controlled by the attacker receives permissions to manage your email, it automatically sends same Google Docs phishing email to everyone on your contact list on your behalf.

Since your personal and business email accounts are commonly being used as the recovery email for many online accounts, there are possibilities that hackers could potentially get control over those online accounts, including Apple, Facebook, and Twitter.

In short, anything linked to a compromised Gmail account is potentially at risk and even if you enabled two factor authentication, it would not prevent hackers to access your data.

Meanwhile, Google has also started blacklisting malicious apps being used in the active phishing campaign.

"We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail," Google tweeted.

This Google Docs phishing scheme is spreading incredibly quickly, hitting employees at multiple organizations and media outlets that use Google for email, as well as thousands of individual Gmail users who are reporting the same scam at the same time.

If by anyhow you have clicked on the phishing link and granted permissions, you can remove permissions for the fraudulent "Google Docs" app from your Google account. Here’s how you can remove permissions:

1. Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
2. Go to Security and Connected Apps.
3. Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs.

Stay tuned to our Facebook Page for more updates ! Stay Safe!

Update: Google Docs Phishing Scam Hits Nearly One Million Users

Google said that the last night's Google Docs phishing campaign affected "fewer than 0.1%" of Gmail users, which means nearly one million people were affected by it, handing over their email access to attackers.

Read More

Hacker leaks Unreleased TV Series Of Netflix Because They Refuse To Pay Ransom

Thnx To THN

After releasing 10 back-to-back episodes of the Season 5 premiere of Netflix's "Orange Is the New Black," a hacking group calling itself The Dark Overlord is threatening to leak a trove of other unreleased TV shows and movies.

The Dark Overlord (TDO) posted links to the first 10 episodes of the upcoming season of "Orange Is the New Black" show to a piracy website after Larson Studios and Netflix failed to fulfill the group's ransom demand.

According to Netflix's website, the season 5 of "Orange Is the New Black" show is scheduled to debut June 9 and supposed to run 13 episodes. But TDO claimed that only the first 10 episodes were available at the time the group gained access to the show.

On Saturday, the group headed on to Twitter and posted links to a Pastebin page, GitHub profile, and the Pirate Bay torrent site sharing Episode 1 of "Orange Is The New Black" season 5 show.

At the time of writing, the Pastebin (web archive) and GitHub links went down, but the Pirate Bay torrent file remained up, and users have downloaded and shared its content.

10 out of 13 "Orange Is The New Black" Season 5 Episodes Leaked Online

Following the release of Episode 1, TDO posted links to Pastebin and a second torrent file, hosted on The Pirate Bay, which includes episodes 2 through 10 of the season 5 of "Orange Is The New Black."

According to the Pastebin post, the group released 10 episodes of the show because Netflix didn't pay a ransom demand.

Here's what the TDO's statement posted on Pastebin (web archive) stated:

"It didn't have to be this way, Netflix. You're going to lose a lot more money in all of this than what our modest offer was. We're quite ashamed to breathe the same air as you. We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves. And to the others: there's still time to save yourselves. Our offer(s) are still on the table - for now."

In an interview with the DataBreaches.net, the hacking group revealed it managed to steal "hundreds of GBs [gigabytes] of unreleased and non-public media" from the servers of Larson Studios, an ADR (additional dialogue recorded) studio based in Hollywood in late 2016.

The Dark Overlord Demanded 50 BTC

While the group did not reveal its attack method nor how much ransom it demanded, according to a copy of a contract allegedly signed between TDO and Larson, the hacking group asked for 50 BTC ($70,422) by January 31.
But after the studio stopped responding to the group's email requests in January, TDO turned to Netflix, which also did not pay the ransom either, eventually forcing the group to release the first 10 episodes of season 5 of "Orange Is The New Black" after two months.

Netflix said in a statement that it was "aware of the situation. A production vendor used by several major TV studios had its security compromised, and the appropriate law enforcement authorities are involved."

The Dark Overlord Threatens to Leak More Shows to the Internet

After releasing all the 10 episode of the unreleased show, TDO threatened to leak other unreleased shows and movies from several other studios in its possession.

The Dark Overlord tweeted: "Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we're all going to have. We're not playing games anymore."

The hacking group provided a list of unreleased shows and movies (some are released on their scheduled date) it stole from different studios, which includes:

• A Midsummers Nightmare – TV Movie
• Bill Nye Saves The World – TV Series
• Breakthrough – TV Series
• Brockmire – TV Series
• Bunkd – TV Series
• Celebrity Apprentice (The Apprentice) – TV Series
• Food Fact or Fiction – TV Series
• Hopefuls – TV Series
• Hum – Short
• It's Always Sunny in Philadelphia – TV Series
• Jason Alexander Project – TV Series
• Liza Koshy Special – YoutubeRed
• Lucha Underground – TV Series
• Lucky Roll – TV Series
• Making History ) – TV Series
• Man Seeking Woman – TV Series
• Max and Shred – TV Series
• Mega Park – TV Series
• NCIS Los Angeles – TV Series
• New Girl – TV Series
• Orange Is The New Black – TV Series
• Portlandia – TV Series
• Steve Harveys Funderdome – TV Series
• Story of God with Morgan Freeman – TV Series
• Superhuman – TV Series
• The Arrangement – TV Series
• The Catch – TV Series
• The Middle – TV Series
• The Stanley Dynamic – TV Series
• The Thundermans – TV Series
• Undeniable with Joe Buck – TV Series
• X Company – TV Series
• Above Suspicion – Film
• Handsome – Film
• Rebel In The Rye – Film
• Win It All – Film
• XXX Return of Xander Cage – Film

The Dark Overlord is a known hacking group that was responsible for cyber attacks on Gorilla Glue and Little Red Door, an Indiana Cancer Services agency. The group also put 655,000 healthcare records lifted from 3 separate data breaches up for sale on the dark web.

Read More