Category Archives: Cyber Criminals

Security flaw in Intel’s AMT lets attackers hack laptops in seconds: Cyber security firm


An attacker can reboot the target’s machine and enter the boot menu. (File Photo)

Finnish cyber security company F-Secure has claimed

Read more at: http://indianexpress.com/article/technology/tech-news-technology/security-flaw-in-intels-amt-lets-attackers-hack-laptops-in-seconds-cyber-security-firm-5025341/

Security flaw in Intel’s AMT lets attackers hack laptops in seconds

Finnish cyber security company F-Secure has claimed it has found a security flaw in Intel’s Active Management Technology (AMT) which can allow a hacker to compromise a work laptop within seconds. AMT is Intel’s proprietary solution for remote access monitoring and maintenance of corporate-grade personal computers, created to allow IT departments or managed service providers to better control their device fleets.

The company said that in July 2017 Harry Sintonen, one of F-Secure’s Senior Security Consultants, discovered unsafe and misleading default behaviour within Intel’s AMT. “AMT is no stranger to security weaknesses, with many other researchers finding multiple flaws within the system, but Sintonen’s discovery surprised even him,” the company said in a blog post.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” Sintonen

Read more at: http://www.bgr.in/news/security-flaw-in-intels-amt-lets-attackers-hack-laptops-in-seconds/

Police arrest cyber criminal in Bihar

Police arrested a cyber criminal from Pathra village under Manjha police station area in this district today. Police said here that the cyber criminal identified as Jafar Ali was arrested from his hideout after his father Sheikh Hasan Mullah, who was also detained revealed involvement of his son in the cyber crime. Sources said that Jafar and his six associates transferred money from accounts of bank customers into their own accounts by asking them to disclose their account numbers and PIN codes. They used to cheat bank customers in the garb of a bank manager. A massive manhunt is on to nab other cyber criminals.UNI XC DH BM

— (UNI) — C-1-1-DL0214-1209511.Xml

Read more at: https://news.webindia123.com/news/Articles/India/20180114/3252092.html

Gone in 30 seconds: New Intel AMT exploit is scarier than you can …

Intel had a pretty rough start to 2018 with a slew of security flaws in Intel CPUs rearing their ugly heads. After the whole Meltdown and Spectre debacle, there’s apparently another bitter pill to swallow. F-Secure’s Senior Security Consultant, Harry Sintonen, has discovered a potential security flaw in Intel’s Active Management Technology (AMT) that allows hackers in physical proximity of a laptop to take control full control of the system and gain remote access, all under a minute.

F-Secure says the issue so severe that even the best protections, including BIOS passwords, will fail if the hacker knows his stuff. It is sort of surprising, given that the system cannot be accessed if the hacker cannot get past the BIOS password screen. However, by selecting the Management Engine BIOS Extension (MEBx) at boot, the hacker just simply login using the default ‘admin’ password. It is common that users tend

Read more at: https://www.notebookcheck.net/Gone-in-30-seconds-New-Intel-AMT-exploit-is-scarier-than-you-can-ever-fathom.278216.0.html

Gone in 30 seconds: New Intel AMT exploit is scarier than you can ever fathom

Intel had a pretty rough start to 2018 with a slew of security flaws in Intel CPUs rearing their ugly heads. After the whole Meltdown and Spectre debacle, there’s apparently another bitter pill to swallow. F-Secure’s Senior Security Consultant, Harry Sintonen, has discovered a potential security flaw in Intel’s Active Management Technology (AMT) that allows hackers in physical proximity of a laptop to take control full control of the system and gain remote access, all under a minute.

F-Secure says the issue so severe that even the best protections, including BIOS passwords, will fail if the hacker knows his stuff. It is sort of surprising, given that the system cannot be accessed if the hacker cannot get past the BIOS password screen. However, by selecting the Management Engine BIOS Extension (MEBx) at boot, the hacker just simply login using the default ‘admin’ password. It is common that users tend

Read more at: https://www.notebookcheck.net/Gone-in-30-seconds-New-Intel-AMT-exploit-is-scarier-than-you-can-ever-fathom.278216.0.html

Mail spoofing – Trickery by deception – E

Mail spoofing – Trickery by deception

Varun Kapoor *

Spoofing is an English word that means – “being something or someone and projecting as something or someone else”. An unsuspecting customer from State Bank of India gets an email from the official id of the bank and it is addressed to him by name and even his account number is mentioned in the mail.

The customer feels that the mail is genuine as it fulfills all the requirements of one. It asks the customer to go to his account and say – “cancel a transaction that he may not have done”.

The customer has been also provided a link in the mail to direst him to his account. He clicks the link goes to the site fills in his account details and password and cancels the transaction. He has fallen prey one of the

Read more at: http://e-pao.net/epSubPageSelector.asp?src=Mail_spoofing_Trickery_by_deception_By_Varun_Kapoor&ch=education&sub1=GNU_Open_Source_LINUX

Researcher Exploits Intel Remote Management Security In 30 Seconds But It’s Not What You Think

The big news in security (or lack thereof) recently has been the Meltdown and Spectre issues that have plagued Intel, AMD, and Apple. Those aren’t the only security issues that computer users are facing. Security research firm F-Secure has found a new security flaw that it says affects Intel Active Management Technology or AMT. AMT is an Intel proprietary solution that allows remote access or monitoring and management of personal computers in a corporate setting.

8th Gen Intel Core S series Chip8th Gen Intel Core S series Chip

The tech was meant to allow IT departments in these large organizations or managed service providers to control fleets of computers. F-Secure Senior Security Consultant Harry Sintonen found a flaw in AMT in July of 2017 (it has only now been disclosed) that surprised him. He said, “The attack is almost deceptively simple to

Read more at: https://hothardware.com/news/researcher-exploits-intel-remote-management-security

Intel AMT security flaw lets attackers easily bypass laptop passwords

Intel is having a rough start to the year. Following the Meltdown and Spectre fiasco that is ongoing, F-Secure is piling on more bad news, saying Intel’s Active Management Technology (AMT) gives attackers an easily exploitable backdoor into potentially millions of laptops.

AMT is Intel’s proprietary solution to allow IT admins remote access monitoring and maintenance of corporate-grade systems. It is commonly found on business laptops, particularly those with Intel vPro processors. AMT has had its share of security issues in the past, but this new one is arguably the most concerning issue yet.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” said Harry Sintonen, senior security consultant at F-Secure.

It doesn’t take long to exploit the vulnerability, which is

Read more at: http://www.pcgamer.com/intel-amt-security-flaw-lets-attackers-easily-bypass-laptop-passwords/

Social Engineering Attack – Breach of Trust

There is an alarming increase in cases of unknown individuals winning the trust of unsuspecting victims in the virtual world and then misusing this trust to commit crimes on the victims. This is the world of the social engineering attack. It starts with information collection regarding a targeted individual.

 

A college girl in Gujarat was asked her mobile number by a co-student. She refused but the co-student coolly replied that he will get it. Next day he had her name, her fathers’ name, her address and her phone number!! How did he get it? By uploading her “Scooty” number on the RTO site of Gujarat.

 

An Income Tax Department site of the Government of India called “e-filling” is another such target. A cyber criminal provides the surname of a person and his date of birth – he can get the PAN card number of a targeted individual. Using this number and a

Read more at: http://morungexpress.com/social-engineering-attack-breach-trust/

Social Engineering Attack – Breach of Trust

There is an alarming increase in cases of unknown individuals winning the trust of unsuspecting victims in the virtual world and then misusing this trust to commit crimes on the victims. This is the world of the social engineering attack. It starts with information collection regarding a targeted individual.

 

A college girl in Gujarat was asked her mobile number by a co-student. She refused but the co-student coolly replied that he will get it. Next day he had her name, her fathers’ name, her address and her phone number!! How did he get it? By uploading her “Scooty” number on the RTO site of Gujarat.

 

An Income Tax Department site of the Government of India called “e-filling” is another such target. A cyber criminal provides the surname of a person and his date of birth – he can get the PAN card number of a targeted individual. Using this number and a

Read more at: http://morungexpress.com/social-engineering-attack-breach-trust/