Beware! Hackers are using Facebook Messenger to Spread Locky Ransomware

Have you came across any Facebook Message with an image file of .SVG file format ? If not then you are lucky and if you received it then avoid clicking it.

If clicked, the file would eventually infect your PC with the nasty Locky Ransomware, a family of malware. In a short period of time, Locky has become one of the favorite ransomware tools of spammers. It usually spreads via spam emails with a disguised downloader.

This attack was first discovered by malware researcher Bart Blaze. Surprisingly, the malware manages to bypass Facebook’s file extension filter.

But Why SVG File Format ?

The answer is simple. SVG files have the ability to contain embedded content such as javascript which can be opened in the browser directly.

So hackers have added a JavaScript code inside the image file which redirects you to a malicious website mimicking YouTube.Then the site push a popup, asking you to download and install a certain codec extension in Google Chrome in order to view the video. The malicious extension used two names, Ubo and One.

Once installed, the extension gives the attackers ability to alter your data regarding websites they visit, as well as takes advantage of browser's access to your Facebook account in order to secretly message all your Facebook friends with the same SVG image file.

The worst thing here is that according to a malware researcher, the SVG file redirects to a malicious website which downloads a copy of Locky ransomeware on the victim's PC.
In case if you dont know what is a ransomeware. A  Ransomware is actually a  type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a good amount of money is paid to the attacker.

Locky ransomware is one of the most popular ransomware that locks all files on a victim's computer with RSA-2048 and AES-1024 encryption algorithms and unlocks them until the ransom is paid to attackers.

Remove the malicious extension immediately

If you are one of those who have already  installed one of the two malicious extensions, you can remove it by doing the following.

To remove the extension, just go to Menu → More Tools → Extensions and check for the extension and remove it.

Internet Safety program by Google and DSCI in Guwahati

Few days back I got invited by Google and Data Security Council of India for their Internet safety program which they organized in Radisson Blu, guwahati. It was first of a kind event here in Guwahati. Data Security Council of India (DSCI) is a not-for-profit organization set up by NASSCOM and is focused exclusively on data security, cyber security and privacy protection. 

There has been increasing attention to the MSME sector in the ‘Make-In-India’ initiative. There are 51 million SMEs in India. However, only 5 to 6 % of them are online. The country is witnessing a serious attempt to bring them online. It has been estimated that by 2017, 20 million of them would be online. Apart from online presence, these companies will be spending on IT products that include mobility, social media and cloud in order to increase their customer reach, manage customer relationships better, and ensure efficiency in operations. This drive to digitization is not immune from cyber security threats. Without due consideration to cyber security, the momentum of online and digitization would face serious hindrances. DSCI in partnership with Google India, hence, conceived a focused ‘Internet Safety Program’ for Micro, Small and Medium Enterprises (MSMEs).

Many people from both government sector and business sector were present in the event. The event started with the welcome Speech by Mr. Rahul Sharma, Senior Consultant DSCI where he discussed why cyber security is important for preople and companies.

Shri Mukesh Sahay, IPS DGP, Assam Police was the chief guest of the event. He discussed various cyber security threads that the state are facing and how police and government is taking steps in solving these issue. He also shared few case studies and how they face various challenges.

Mr. Abhas Tripathi, Strategist - Google India did a session on Internet Safety. He shoed how various organizations suffer when they are hacked and he also demonstrated how google is helping organizations to stay protected. we had a great question and answer session with him. where developers and startup founders clear their doubts regarding various security and development related queries.

Dr. K.K Dwivedi, IAS, IT Commissioner & secretary, Assam gave a talk on various steps that the govt is taking in the field of security in the region. He discussed few of his own experiences and also discussed various steps that the government is looking to.

We had a session on the topic Development in the field of Internet safety & cyber security. There were 4 panelist :

1. Mr. Diganta Barman, Senior technical Director ,NIC
2. Mr. Indrajeet Bhuyan ( Me )
3. Dr. Ferdous Ahmed, Asst. Professor, IIIT Guwahati
4. Mr. Nirmal Baishya, Addl. SP, CID

It was a very informative session. Mr. Diganta Barman talked about how NIC is trying to secure government sites and challenges that they face. I mainly spoke about the Barriers in Developments in the field of Cyber Security.

Most of the IT companies of the Assam and northeast like Zaloni, Zantrik etc, and technical institutes were present.Few people from NASSCOM including east region head Nirupam Chaudhuri was also present there. Also , I got a job Offer By NASSCOM.

It was a great learning experience. These days most of the cyber attacks are done mostly on tier 2,3 cities as here the people are not aware of the issue and they dont know how to  protect themselves  from these attacks. 

I believe it is a good step by Google and DSCI that they did not neglect the Northeaster part of the country. I hope many more such events take place in future too.

NoobSecToolkit V3 – A Security Students Playground

It is important to learn how to do things manually but tools saves our time. NoobSecToolkit is a Python Based Tool kit that brings together powerful security and anonymity tools and scripts with predefined security configurations and modifications. Making it very simple for students to get started with offensive security!

This third release of the Toolkit comes included with the following options:

Toolkit Options:

  • (sqli)SQL Injector
  • (vulscan) Vulnerability Scanner
  • (dinfo) Gather Basic Domain Info
  • (apf) Admin Page Finder
  • (discover) Information Harvester
  • (hashtype) Identify Hash Type
  • (hexconv) Hex encoder and decoder!
  • (converters) Web Converters
  • (dping) DOS/Ping Target For 1,000 Seconds
  • (stegattack) Steghide Dictionary Attacker
  • (steghide) Install, Learn and Use Steghide
  • (uihanalysis) Intrusion Analysis (URL,IP,HASH)
  • *Options For Deploying an SSH Backdoor (COMING SOON)
  • (osint) aids in the process of information gathering
  • (toolbox) Extra Set of Tools
This tool kit also have various Security options.

Security Options:

  • (macspoof) Spoof Mac Address
  • (itor) install Tor
  • (stor) Start Tor
  • (tors) Check Tor Status
  • (vpn) VPN Launcher (COMING SOON)
  • (encdns) Encrypt DNS
  • (quit) – (home) – (clear)-(update)

The Kit  Features scripts for all sorts of tasks including:
  • Vulnerability Scanner
  • Sql Injector
  • Domain Info
  • DNS Encryption
  • Admin Page Finder
  • VPN Downloader (Provider is DOWN) Tor Installer
  •  Mac Address Spoofing

 Install Instructions

The installation process is very easy and straight forward. You need to do the following to install it.

(1) CTRL + ALT + T (Open Terminal)
(2) git clone
(3) cd NoobSecToolkit/NoobSec-Toolkit/
(4) python

How to Figure Out If You’re a Workaholic - by Wrike project management tools

Working hard at your job is important. Except when you feel compelled to do it all the time, to the detriment of your personal life and relationships. Then it becomes workaholism, which is an actual addiction and compulsive behavior. Here is a quick quiz to find out if you are on the road to becoming a workaholic.

Infographic brought to you by Wrike student collaboration tools

How to Figure Out If You’re a Workaholic - by Wrike project management tools

9 Coolest Hidden Firefox Settings You Should Know

Firefox is highly attractive and easily customizable browser. It provides you excellent security and privacy. It also offers plenty of settings that provide you most beautiful customized experience. You must be aware of all the general settings that you can simply access in the settings menu. But, there are also many advanced settings which you can locate on specific web pages which use the “about” protocol. Here is a list of 9 advanced hidden Firefox settings that will be very useful to you

1.    Perform DNS Lookup

In-house DNS lookup – finding the IP address of a domain – can easily be performed in Firefox. You have to simply type “about: networking” in the URL bar and then press enter. The next page will appear on your screen. On this page, there will be a sidebar menu. The last option of the sidebar menu will be “DNS lookup”; click this option. There would appear a search bar and you need to enter Domain name and then press resolve; all the IP addresses will appear on the screen.

2.    Block Auto-Refresh

There are many addresses that come with Refresh HTTP headers that keep on refreshing the pages at regular intervals. If you want to stop pages being refreshed automatically, you can go to “about: prefrences#advanced”. Here you will see the main tab “General” and in its subcategory, that is “Accessibility”, check the box “warn me when websites try to redirect or reload the page”.

3.    Search as You Type

Sometimes people have some vague idea of what they are searching so in that case they certainly need some suggestions and threads. In Firefox you can press “Ctrl+F” which will open an in-page search box, and it will help you search a thread.

If you are tired of pressing key combos all the time and want your search engine to start searching as you start typing, all you have to do is go to address “about: prefrences#advanced” and access the subcategory “Accessibility” in the “General” menu. Here, check the box “search for text when I start typing”. From now onwards, whenever you will type, the Firefox will keep on searching automatically.

4.    Assigning a Different Function to Backspace Key

If you are afraid that your friend or anybody else who is likely to use your computer will access all your history by pressing Backspace key. You can change the functions of Backspace key, like when assigned, the Backspace key will scroll up the page and by pressing Shift + Backspace, it will scroll down the page. It is also possible that you give Backspace no function at all.

Simply go the address “about: config” and type “browser.backspace_action” in the search menu. The following page will show the default value of the browser setting which is 0. Double-click on it and change it to 1 for scrolling action and 2 for removing all the actions.

5.    Move Around With Cursor Keys

If you want to read a long article or a story online and you want to use the cursor for in-text navigation, you can do it in Firefox. Just go to page “about: preferences#advanced” and go to “Accessibility” option and check “always use the cursor keys to navigate within pages. Apart from default arrow cursor, a blinking text cursor will also appear on the wall which you can control with the help of arrow keys.

6.    Paste on Middle Click

If you remain busy all day long doing work on your computer which involves some copy-pasting on web pages, and you are tired of just clicking again and again to paste, you can get maximum benefit from this feature. If your mouse has a middle button, you can assign it to paste text from your clipboard to the web pages.

Go to page “about: config” and search “middlemouse.paste”. The default value will appear as false; to change it simply double-click on it and change the option from false to true.

7.    Change Default Colors

You can change the background, text, and color of different links in your Firefox browser. Simply go to the address “about:prefrences#content” and then select the “color” option in the main category of “Fonts and Colors”. Here you can choose the color of your own choice.

8.    Filter Awesome Bar Links

Whenever you start typing in the URL bar, Firefox gives you suggestions. These suggestions are based on your current history of webpages. You can filter these suggestions by typing some special characters into the location bar before you start typing the address. Here is a list of these special characters

# – Match page title
@ – Match URL
* – Match only to links in bookmarks
^ – Match only to links in history
+ – Match only to links that are tagged
% – Match only to links that are open currently
9.    Auto-Export Bookmarks in HTML

If you want Firefox to save automatically all the bookmarks in HTML format, making a list of links, then go to address “about: config”, and type “browser.bookmark.autoExportHTML” and then by double clicking change the false value to true.

After resetting your browser, you will find a file named “bookmarks.html” in your profile folder with all the links in it. From now on whenever you exit the browser, your bookmark list will be updated automatically. It is also possible that instead of restarting Firefox, you will have to restart your whole system for the changed effects.

This guest post is written by Lisa Myers, who works at Rebateszone. She is a software engineer by profession.

Anatomy of a Tech Startup Team - by Wrike project management tools

Anatomy of a Tech Startup Team - by Wrike project management tools
When it comes time to scale your technology startup, things need to happen fast so you can keep up with growing customer demand. But which roles are essential for a small startup to scale successfully? Use this chart to know what positions to hire for and which responsibilities they should cover.

Infographic brought to you by Wrike remote collaboration tools

Anatomy of a Tech Startup Team - by Wrike project management tools