PayPal Users alert ! ‘Payment Made Without Permission’

What happens is that in order to respond toPayPal’s request for information, user are asked to click a login link to access their PayPal Resolution Centre within 24 hours. But, the email is not genuinely from PayPal but in fact is a phishing scam intended to steal users’ personal and financial informationWhat happens is that in order to respond toPayPal’s request for information, user are asked to click a login link to access their PayPal Resolution Centre within 24 hours. But, the email is not genuinely from PayPal but in fact is a phishing scam intended to steal users’ personal and financial information.

Another PayPal Phishing scam! There’s an email claiming that PayPal is considering a payment reversal. Allegedly, a payment was made without the account holder’s consent that seems like a transaction error.

If you click the ‘Resolution Center’ link, you will be redirected to a dummy website faking a PayPal login page. After you ‘login’ on the phony site, you will be shown a ‘Dispute Resolution’ form that demands your name and contact details, credit card numbers, and other ID information.

Upon clicking the ‘Submit’ button on the fake form, the user then receives a message stating that the issue has now been fixed. In the meantime all of the user’s personal information can easily be retrieved by cyber criminals and misused to hijack your PayPal account and commit fraudulent PayPal and credit card transactions and identity theft.

Be warned and always remember that PayPal will never send you an uncalled-for email demanding that you click a login link to deal with a supposed account issue. And, authentic PayPal addresses will always address you directly by your user name. They will never use nonspecific greeting such as ‘Dear Customer’. Nor will they use your email address in place of your name as has been done in this case. Because PayPal, through principal, conducts almost all of its business via email and the web, PayPal customers are a leading target for phishing scammers.

It is safe and advisable to login your PayPal account by entering the web address into your browser’s address bar or via an official PayPal app. The PayPal website has a verified green signature as shown in the screenshot below: 

The PayPal website has information about phishing and how to report scam emails.

Appin Ara

How to Share Sensitive Files Instantly and Securely...

Last night, I have to communicate with my friend overseas in Dubai. We both were aware that our email communications were being monitored. So, we both were forced to install and use a fully-fledged encrypted email system. Although it appeared to be very secure, it was quite cumbersome to handle.

If you are ever faced with the same situation, I am here to introduce you a very simple and easy-to-use approach to encrypt your files and send them to the person you want to communicate with.

Here’s the Kicker:

You don’t even need to install any software or sign up to any website in order to use the file encryption service.

So, what do I have today in my box?

"Otr.to" — an open-source peer-to-peer browser-based messaging application that offers secure communication by making use of "Off-the-Record" (OTR) Messaging, a cryptographic protocol for encrypting instant messaging applications.

We first introduced you Otr.to two months ago. At that time, it included two services:

·         Secure Peer-to-Peer Chat

·         Self Destructing Message

However, the developers have added a new feature called Secure File Sharing, that helps users to share files encrypted with AES256 algorithm with anyone they want to communicate.

Secure File Sharing feature "using Javascript with AES256 algorithm. Secret Key (password) will never transmitted to the server and the server will store only encrypted data" website mentioned.

HOW TO USE

In order to get started with Otr.to’s Secure File Sharing, you don’t need to register an account or install any application on your desktop. All you need to do is, follow some simple steps given below:

1.    Open any web browser from any platform

2.    Visit https://Otr.to website and go to Secure File Sharing option

3.    Upload a file and get a link to it

4.    Share that link and encrypted password with your friend you want to communicate

5.    When our friend will download the file once, it will automatically self-destruct.

Otr.to is absolutely free and anonymous, which means it doesn’t reveal anybody’s identity to public. Also, Otr.to doesn’t save the keys (password) on its server, as everything it stores on the server is in encrypted form only.

This is something we really need in today’s fast life. Otr.to could prove to be a great tool for a variety of people, including journalists, businesses and whistle blowers who want to keep their communications instant, private and secure, as it’s not complex like other file and messages encryption software available in the market.

Appin, Ara

Nearly 95% of SAP Systems Vulnerable to Hackers

More than 95 percent of enterprise SAP installations exposed to high-severity vulnerabilities that could allow attackers to hijack a company's business data and processes, new research claims entirely. According to a new assessment released by SAP (short for Systems, Applications & Products) solutions provider Onapsis, the majority of cyber attacks against SAP applications in the enterprise are:

·         Pivots - Pivoting from a low to high integrity systems in order to execute remote function modules.

·         Database Warehousing - Exploiting flaws in the SAP RFC Gateway to execute admin privilege commands in order to obtain or modify information in SAP databases.

·         Portal Attacks - Creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and other internal systems.

More than 250,000 SAP business customers worldwide, including 98 percent of the 100 most valued brands, are vulnerable for an average of 18 months period from when vulnerabilities surfaced.

"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team," Onapsis chief executive Mariano Nunez says. "The truth is that most patches applied are not security-related, are late or introduce further operational risk."

According to the research, SAP released 391 security patches last year and almost half of them were ranked as high priority.

The Attack Vectors:

Exploiting the vulnerabilities in SAP could result in sufficiently compromised business SAP systems, putting intellectual property, customer and supplier data, financial, credit card as well as database warehouse information at risk of getting stolen by hackers.

SAP HANA, according to Nunez, is responsible for a 450 percent increase in the number of new security patches.

"This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches," Nunez says. "With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise."

To prevent from hack:

Keep your SAP applications as secure as possible and in order to do that…

·         Businesses and companies should stay up-to-date with SAP Security Notes.

·         Continually monitor your networks for security and compliance issues.

·         Have both cyber security protection and risk management policies in the first place.

Appin Ara

Apple Watch got hacked to run a web browser on OS

 This OS hack is made public by comex a community developer and jail breaker. He has posted a video showing a small watch displaying google home page. He has managed to get through google homepage and able to display it on watch screen which has got tiny display.

Apple watch does not have a safari browser app.

The video posted by comex has performed scrolling around and browsing basic web pages on watch’s display. Moreover this video depicted that one can run any arbitrary code on watch and it is very much possible.

The initial steps of running an arbitrary code starts with jailbreak of Apple Watch though Comex has not provided any details of the hack but it is assumed to be true for Apple watch case.

This video has shown similar UI as of IOS , features like copy/Define Context Menu makes it amusing when you look and see underlying software stack that powers the watch. this watch is OS 1,0 which is actually a version of IOS 8.2. this runs om customer front end layer to display the device specific user interface. It is called Carousel.

To prove his point Comex has also shown the watch with IOS dictionary view which is again compressed to fit 1.5 inch screen. Meanwhile Apple has announced a native SDK in the works and will give wings to the idea of developing apps that run such codes on the OS itself.

Hackers might have fiddled around with Apple watch, but it has given more possible opportunity areas to Apple.

Apple also told about the native third party apps coming and grabbing market share this year at WWDC, which takes place from June 8^th to June 12^th.

ऑस्ट्रेलिया की खुफिया एजेंसी ने साइबर हमले की चेतावनी दी

सिडनी: एक ऑस्ट्रेलियाई खुफिया एजेंसी ने आगाह किया है कि ब्रिस्बेन में आयोजित होने वाले जी-20 शिखर सम्मेलन को साइबर अपराधी अपना निशाना बना सकते हैं और उनमें राज्य-समर्थित हैकर, कारोबारी जासूस या ऐक्टिविस्ट हो सकते हैं।

विश्व नेता 15-16 नवंबर को जी-20 शिखर सम्मेलन के लिए क्वीन्सलैंड की राजधानी ब्रिस्बेन जाने की तैयारी कर रहे हैं, खबर है कि ऑस्ट्रेलियन सिग्नल्स डाइरेक्टरेट (एएसडी) उद्योगों को खतरे की जानकारी दे रहा है।

एएसडी ने अपनी साइबर-सुरक्षा हिदायत में कहा, राज्य प्रायोजित या अन्य विदेशी दुश्मनों, साइबर-अपराधियों और मुद्दों से प्रेरित समूहों की ओर से जी-20 जैसे बड़े कार्यक्रमों को निशाना बनाने की वास्तविक और स्थायी खतरा है।

ऑस्ट्रेलियाई खुफिया एजेंसी ने बताया कि कंप्यूटर नेटवर्कों को संक्रमित करने और सूचना पाने की कोशिश की गई और इसके लिए 2012 और 2013 में आयोजित शिखर सम्मेलन से संबंधित प्रतीत होने वाले संक्रमित ईमेल ऑस्ट्रेलिया सरकार की एजेंसियों के पास भेजे गए।

इस बीच, सीआरईएसटी ऑस्ट्रेलिया ने कहा कि हैकरों की मंशा अलग-अलग हो सकती है। सीआरईएसटी ऑस्ट्रेलिया व्यक्तियों और कारोबारों को साइबर एवं सूचना सुरक्षा प्रदान करती है।

Appin Ara

How To Enable Guest Mode On Android

Android 5.0 Lollipop lets you quickly switch to a separate guest profile. This guest user will not contain your personal data like apps, contacts, messages, google account and few more.

Using this guest account, users can only access or sync their photos, contacts and other stuffs from their Google account or even download and install apps or games from Google Play Store.

However, the user no need to re-download the app on the guest account if that app is already downloaded and installed by the main user’s account.

How To Enable Guest Mode On Android

§  Swipe down from the top of the screen to view the notification bar. Then click two times on the user icon in the top right corner.

§  Choose “Add Guest” and wait for some time while the things getting loaded.

§  Now your Android Mobile will switch to guest mode.

Once the work is done on the guest mode you can switch back to the main user by following the given steps below –

§  Once again swipe down from the top of the screen to view the notification bar. Then click two times on the user icon in the top right corner.

§  Choose the user you wish to switch back to your main user’s account.

How to Remove Guest User On Android

§  Swipe down from the top of the screen to view the notification bar. Then click two times on the user icon in the top right corner.

§  Choose “Remove Guest” and wait for some time (This will permanently removes the guest user account along with the users data including download pictures, files , apps, games and contacts)

In certain smart phones you can access guest mode by going into Settings > General > Privacy > Guest Mode.

Appin, Ara

New Chrome Extension of “Google Password Alert” is Bypassed by Hacker!!!

Within 24 hours of Google has launched new “Phishing alert extension Password Alert”, one security researcher able to bypass this feature using some deadly easy exploits.

On last Wednesday, the giant search engine chrome launched the new Password Alert Extension for alerting the users that, whenever they enter the Google password accidentally on any sincerely crafted phishing site, it aimed to hijack users’ account.

Paul Moore , the security expert easily has circumvented technology by using just 7 lines of very simple code of JavaScript, which kills the phishing alerts very early of their starting to appear, the defeating new Password Alert chrome extension of Google.

Google has shortly fixed this issue and have released new update extension of password Alert which blocked Moore’s exploit. But, Moore discovered the other way for blocking new version Password Alert also.

The initial proof of the concept was exploited by Moore based on simple JavaScript code which looks for a instances to warn screen in every 5 milliseconds and very simply removes the detected anything. Normally, the warn screen still on there.

Appin, Ara