Popular restaurant search company Zomato Hacked, 17 Million Accounts Sold on Dark Web



From the last few years, dark web is getting popular for selling illegal stuff like  drugs, weapons, databases, fake documents etc. Recently, HackRead found out a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace.



The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here’s a screenshot of the sample data publicly shared by “nclay.”

Folks at Hackread tested the sample data on Zomato's login page and found that each and every account mentioned in the list exists on Zomato.




“The data was stolen this month and this year, May 2017,” hacker told HackRead.

Zomato do have a HackerOne page where hackers can report flaws but hackers who report vulnerabilities only receive Hall of Fame recognition or a certificate of acknowledgment. Personally speaking, I don't have a good experience reporting flaws in Zomato. I reported them a flaw last year and now its been more than 1 year but they did not reply me about it.


What can you do if you have an account in Zomato


  • If you have an account in zomato then you should change your password.
  • Also Do not use same password for online accounts, else if one of the account gets compromised hackers can get into other accounts as well.
  • Use a password manager

WannaSmile - A simple tool to protect yourself from WannaCry Ransomware



WannaCry Ransomware is spreading like wild fire. It uses vulnerability in Microsoft's SMB ( which is turned on by default ).

Here is a detailed article about the Ransomware :  How to protect yourself from WannaCry Ransomware 

On 13th may 2017 , security researcher going with the handle @malwaretech and Darien Huss found a 'kill-switch' which paused the ransomware. Basically the ransomware opens a unregistered domain and if fail to open then the system is infected. So @malwaretech registered the domain which stopped the ransomware.

Soon Cyber criminals around the world DDOSed it to take it down so that the ransomware can continue affecting.

Also the 'kill-switch' won't work if :
  • System is not connected to internet
  • If the 'kill-switch' domain is down
  • If it is blocked by the isp or firewall


The solution

WannaSmile is a simple program created by me and my friend Hrishikesh Barman.

Here is the link to the Repo : WannaSmile 

WannaSmile obtained the
100% Clean Softpedia Award



It can do the following :
  • It will disable SMB in your system ( which is enabled by default )
  • ( OnlineFix ) It will edit your host file and add google's IP to the 'kill-switch' ( which means even if the site goes down you wont be affected )
  • ( OfflineFix ) It will create a lightweight local web server and add localhost to 'Kill-switch'

Offline fix for WannaCry


Runs a local server and localhost to the wannaCry kill-switch by appending hosts file. This is done so that when the ransomware tried to connect to the website it does not fail which will eventually stop the ransomware.

Instructions

1. Install the wannaSmile service by running the setup.exe from this release. (Download the wannasmile.zip file)

2. After Installing you need to start the service once and then it will do the rest automatically

To do that

  • Open start menu
  • Search services
  • Open the Services desktop app (a gear icon)
  • Inside Services search for WannaSmile (The list is alphabatical)
  • right click on WannaSmile and click start 
The service will be running and the wanna cry IPs will be blocked along with the SMBs

    WannaSmile - OnlineFix 

    How to run


    You directly run the .exe file and it will do the magic. ( Run as Administrator ). If you don't trust our .exe file then you yourself can compile and run it.

    Tip

    •     Use the OnlineFix if you are always connected to the internet
    •     Use the OfflineFix if you are not connected to the internet.

    Note : For a permanent fix, PLEASE UPDATE YOUR WINDOWS ASAP TO PATCH (MS17-010)

    Media Coverage 

    1. The hacker news
    2. The Economic Times

    Got featured by The Economic Times newspaper in all the 24 editions

    3. Softpedia

    Link : WannaSmile Protects Windows Users Against WannaCry



    How to protect yourself from WannaCry Ransomware




    Yesterday, a massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe. It is believed to be the biggest ransomware attack that the cyber community have ever seen. It has already infected over 75,000 PCs in 99 countries including United States, Russia, Germany, Turkey, Italy, Philippines and Vietnam, India in less than 24 hours.

    The ransomware, called "WannaCry," is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven't updated their systems are at risk.

    Countries infected with the ransomware


    According to a report, the ransomware attack has shut down work at 16 hospitals across the UK after doctors got blocked from accessing patient files. Another report says, 85% of computers at the Spanish telecom firm, Telefonica, has get infected with this malware.

    Once infected with the WannaCry ransomware, victims are asked to pay up to $300 in order to remove the infection from their PCs; otherwise, their PCs render unusable, and their files remain locked.

    "Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."

    Got scared already? Don't want to be a victim of WannaCry Ransomware?



    Here are some easy steps to protect your machine and secure your files from falling hostage to online scammers.


    1. Patch you operating system


    First of all, if you haven't patched your Windows machines and servers against EternalBlue exploit (MS17-010), do it right now. Following the installation, make sure to reboot the system.

    In general, patching your system and installing regular Microsoft updates should secure an average PC user from unwanted vulnerabilities.

    2. Beware of emails


    Just as with many other ransomware, it can penetrate the system not only through a Windows vulnerability, but also through the “spray-‘n’-pray” phishing attack, which involves spamming users with emails that carry a malicious attachment. The attackers can also lure a victim to click on a URL where malware will be ready to crawl into your machine.

    3. Backup your files


    It is highly advised, in order to protect yourself from being held hostage to data thieves, to create secure backups of important data on a regular basis. Simply backing up is not enough though, as physically disconnecting the storage device is required to avoid it being infected with ransomware as well. Cloud storage is another option to use, but it makes your data vulnerable to all other kinds of attacks.

    4. Get an Anti virus


    Install an anti virus if you don't have it already. Also make sure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely.



    Programming languages that you should learn to be a Hacker



    I often get this question. Many people ask me what are the programming languages that are needed to be a hacker. Well, to be a hacker you should know many programming languages and skills since the various applications and websites which you’ll exploit are programmed in different programming languages.

    A hacker is a person who finds the vulnerabilities in a computer program or a computer network and then exploits them by using one of these programming languages to write an exploit that addresses a particular vulnerability

    Here follow three hacking domains and the languages you must learn to master them.

    1. Web Hacking :


    Web hacking is one of the most popular domains in the hacking world. To do web hacking you need to understand the languages that are used to code a website like; JavaScript, HTML, PHP & MySQL.

    The majority of websites are built by using these languages. 

    So for this domain you’ll need to learn:

        HTML.
        JavaScript
        PHP
        SQL

    2. Operating Systems Hacking & Exploits Writing :


    An exploit is a piece of software code written to take advantage of bugs (exploiting a vulnerability); it’s an application or software.

    Exploits consist of a payload and a piece of code to inject the payload into a vulnerable application. The main purpose is to get access to the system in order to control it.

    So for this domain you’ll need to learn:

        C.
        C++.
        Python.
        Perl.
        Ruby.

    3. Reverse Engineering :-


    Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. The practice, taken from older industries, is now frequently used on computer hardware and software.

    Software reverse engineering (as black-hat hackers and crackers do) involves reversing a program’s machine code back into the source code that it was written in using programming language statements.

    For this domain you need to learn:
        C.
        C++.
        C#.
        VB.
        Python.
        Perl.
        Ruby.
        JavaScript.
        PHP.
        Java.
        Delphi.
        ObjectiveC.
        ErLang.
        Go Lang.
        SQL

     So these are the programming languages that are used by hackers for various purposes. If you are beginners then you should first start with Web Hacking as it is easy to start with and you get a good platform to try out your skills.

    Beware of the big Google Docs scam - How to protect yourself



    Did someone share  a google docs with you ? If yes then you may well be one of the millions of internet users who became a victim of this scam campaign.

    In the last few days a lot of people are getting emails from people they know with a regular invitation to view a Google document  which says that the person [sender] "has shared a document on Google Docs with you."  It might even appear to have been sent from one of your known friends, family members, or colleagues – lulling you into a false sense of security.



    Once you clicked the link, you will be redirected to a page which says, "Google Docs would like to read, send and delete emails, as well access to your contacts," asking your permission to "allow" access.

    Now here is the catch. It’s a fake app that is named Google Docs, but it’s actually a guy named Eugene Pupov trying to trick you. Click the blue “Google Docs” link to get more info on the app:

    Since the app will allow access to “manage your contacts” and “read, send, delete, and manage email”, it gives the attacker full access to your Inbox. It also allows the attacker to propagate the scam by sending the same email to all of your contacts.

    In short, anything linked to a compromised Gmail account is potentially at risk and even if you enabled two factor authentication, it would not prevent hackers to access your data.

    What to do if you've already fallen victim

    If you have fallen victim of this scam then you need to remove permissions given to the app. 

     

    • Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
    • Go to Security and Connected Apps.
    • Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs  




    Hackers Can Figure Out Your Phone's Password by the Way You Tilt the Device



    We often hear news about hackers bypassing phone locks, guessing passwords etc but can you imagine that hackers can now figure out your phone's password by the way you tilt the device with an accuracy of 70% in first attempt. Shocked right ?

    According to a team of cyber researchers from the British Newcastle University, it's quite easy to steal a four-digit PIN by analyzing the way you tilt your phone and the way it moves as you type.

    As they were testing things out to prove this theory, they were able to crack four-digit PINs on the first guess 70% of the time. Even better, or worse, depending how you look at it, 100% of all PINs were guessed by the fifth attempt.

    "Most smart phones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer. But because mobile apps and websites don't need to ask permission to access most of them, malicious programs can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords," explains Dr. Maryam Mehrnezhad, the lead author of the paper.



    More worryingly on some browsers it is found that if you open a page on your phone or tablet which hosts one of these malicious codes and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter.

    The vulnerabilities have been shared with tech companies and browser makers. Apple and Firefox have already issued patches for this issue, while Google is looking for a fix.