Career Technology Cyber Security INDIA

1. First of all, you need to understand what is Bug Bounty and why it is done? A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those about exploits and vulnerabilities. 2.Some Books online books for Bug Bounty!!! There are some books for Web application penetration testing methodology and hunting the web. Through this, you learn the basics and essentials of penetration testing and bug hunting. The Web Application Hacker’s Handbook OWASP Testing Guide Highly suggested by Bugcrowd’s Jason Haddix Penetration Testing The Hacker Playbook 2: Practical Guide to Penetration Testing The Tangled Web: A Guide to Securing Web Applications Jhaddix Bug Hunting Methodology The Hacker Playbook-3 Ethical Hacking and Penetration Guide Web Penetration Testing with Kali Linux Here are some mobile application for Bug Hunting The Mobile Applicatio

The case took place in Florida between the husband and wife. There was fight The man is 43-year old Adam Crespo. The woman was 32-year old Sylia Galva Crespo. The man in Florida has a spat with his wife after a night out at home. The couple argues and fight and she is somehow "speared to the chest" during the altercation. dies after heavily bleeding from the wound. The man is charged with second-degree murder but denies having killed her. There was no one else who saw or heard the whole thing while it happened. Or there was? There was someone, or rather something that may have heard it. We are talking about the Amazon Echo devices in the house which the police think may have listened to parts of an altercation that may give a clue to the cause of the woman's death. he died from a fatal wound to the chest by a spear at home in Hallandale Beach, Florida in July. As per a report by the Sun-Sentinel, the police think that the Amazon Echo smart devices may have re

A piece of good news for hackers to test their skills in the hacking world legally and win prizes by government  The Tamil Nadu police have turned to teenagers to take on cybercriminals . Around 200 college students and young professionals will take part in a hackathon at the state police headquarters on Saturday and the best among them will get to assist the cops. There’s prize money too for the winners. The first prize comes with RS 50,000 the two-second prize are worth RS 25,000 each and the three third prizes Rs 10,000 each. State police chief J K Tripathy will hand over cyber-volunteer badges to the winners in various categories. The badges will give them access to the Rs 3.24 crore Cyber Arangam that the government has set up at IIT-M’s research park. This facility, modeled on the Kerala police’s cyber-dome in Thiruvananthapuram, is to be the nerve center of the police’s cyber-dome in Thiruvananthapuram, is to be the nerve centre of the police’s operations to root out c

SDKs are known as a software development toolki t. SDK is a software library that app developers embed in their code to automate certain operations, spare themselves from writing that specific code by hand and losing precious time. SDKs are very popular in the modern app development ecosystem, but using an SDK also implies surrendering some of your app's control to a third-party entity. Two third-party software development kits (SDKs) integrated by hundreds of thousands of Android apps have been caught holding unauthorized access to user's data associated with their connected social media accounts. The two big social media platform i.e Twitter and Facebook disclose and released a statement revealing that an SDK from another company, Mobiburn have some malicious activity that might have exposed its users connected with certain Android apps to data collection firms. TWITTER On Monday, November 25, Twitter disclosed that they've received a report about an SDK

After the cyberattack on Kudankulam NPCIL India informed Russia about this attack Russia. Deputy Chief of Mission of the Russian Embassy Roman Babushkin has said Nuclear Power Corporation of India Limited has informed Russian authorities that the plant is safe and additional steps have been taken to enhance its security further. India and Russia have stepped up their cybersecurity cooperation in the backdrop of cyber-attack on the Kudankulam nuclear power plant built by global nuclear major Rosatom. The two sides have a vibrant cybersecurity partnership. On the BRICS summit in Brasilia , Babushkin said ways to deal with the challenge of terrorism will be a focus area, and referred to setting up of a number of working groups to deal with terror financing and transnational crimes. He also said that issues like the situation in Kashmir and Xinjiang in China are unlikely to figure in the deliberations at the summit. Babushkin said Moscow has been focusing on ensuring that

NPCIL accepts a Cyberattack on Kudankulam Cybercriminals targetted the Nuclear Power Corporation of India Ltd (NPCIL). The NPCIL on Wednesday accepted a cyberattack on its system after issuing a denial on it a day ago. A statement issued by NPCIL on Wednesday in which they said. "Identification of malware in the NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019,". " The matter was immediately investigated by DAE (Department of Atomic Energy) specialists. The investigation revealed that the infected PC belonged to a user who was connected to the internet-connected network for administrative purposes. This is isolated from the critical internal network ," it said adding the networks are being monitored continuously. The statement said that the plant systems were not affected by the malware. On Tuesday, the company had denied cyber attack on its Kudankulam Nuclear Power Plant, one of the county

PROBELY--> Probely continuously scans for vulnerabilities in your Web Applications. It allows its customers to manage the life cycle of vulnerabilities and provides them with some guidance on how to fix them.   OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison A Russian hacker who created and used Neverquest banking malware to steal money from victims' bank accounts has finally been sentenced to 4 years in prison by the United States District Court for the Southern District of New York. Stanislav Vitaliyevich Lisov , 34, was arrested by Spanish authorities at Barcelona–El Prat Airport in January 2017 on the request of the FBI and extradited to the United States in 2018. Earlier this year, Lisov pleaded guilty to one count of conspiracy to commit computer hacking, involving attempts to steal at least $4.4 million from hundreds of victims using the NeverQuest banking trojan. Just like any other sophisticated banking Trojan , NeverQuest , aka Vawtrak or Snifula, has also been designed to let attackers remotely control infected computers and steal a wide range of sensitive information. Besides stealing login information for banking or other financial

The Twitter account of Arron Banks, the founder of the pro-Brexit campaign Leave.EU has been hacked. A hacker hacked the Twitter account of Arron Banks, chairman of the pro-Brexit UK political campaign organization Leave.EU, and leaked his private message history online earlier this week. The BBC yesterday reported that the culprit had access to thousands of private messages that had been sent and received by Banks over several years. The Guardian reported that the attack involved illegal access to Banks’s email address, and quoted a Leave.EU spokesman as saying that a SIM swap also took place. “ Twitter was notified 12 hours ago, and despite repeated requests, they have taken no action to deactivate the account or remove the illegal data downloads, ” Banks continued. “ Despite the obvious lack of security at Twitter related to personal data, they have deliberately chosen to leave personal data in the public domain .” Last night, the hacked account posted a string of num

IRONWASP-->   IronWASP is an open-source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware Attackers hacked the official Monero project to spread cryptocurrency stealing malware instead of the legitimate Monero downloads. A cyberattack was confirmed by the website officials of the Monero cryptocurrency project on Monday, wherein attackers covertly replaced legitimate—and downloadable—Linux and Windows binaries with their malicious versions. A supply chain cyber-attack came in light after a Monero user spotted a mismatch in the cryptographic hash for binaries he downloaded from the official site. It didn't match the hashes provided by the software developers. A Monero user on Reddit claimed to have lost funds worth $7000 after installing the malicious Linux binary Following an immediate investigation, the Monero team said that its website, GetMonero.com, was indeed compromised. How it works? The malware gets triggered when a user opens or creates a new wallet. It is programmed to a

SPT V0.6.0--> SPT is a simple concept with powerful possibilities. It is what its name implies: a simple phishing toolkit.  OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

News Bugs Lets Android Apps Access Camera without Permission An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos — even when they don't have specific device permissions to do so. The malicious app designed by the researchers was able to perform a long list of malicious tasks, including: Making the camera app on the victim's phone to take photos and record videos and then upload (retrieve) it to the C&C server. Pulling GPS metadata embedded into photos and videos stored on the phone to locate the user. Waiting for a voice call and automatically recording audio from both sides of the conversation and video from the victim's side. Operating in stealth mode while taking photos and recording videos, so no camera shutter sounds for alerting the user. Google confirmed and addressed the vulnerabi

FATRAT-- > FatRat is an easy-to-use Exploitation Tool that can help you to generate backdoors and post-exploitation attacks like browser attack DLL files. This tool compiles malware with popular payloads and then the compiled malware can be executed on Windows, Linux, Mac OS X, and Android. OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

1 BILLON PHONES COULD BE HACKED WITH SINGLE TEXT MESSAGE A major security vulnerability in the Android operating system has left a billion phones vulnerable to getting hacked , by a plain and simple text message. Researchers at cybersecurity firm Check Point identified the bug in Android-based phones, revealing that it only takes a single SMS text message to gain full access to a person’s emails. Around 2.5 billion devices around the world use Google-owned Android, which is the world’s most popular operating system. Any security issues, therefore, can have widespread consequences for users. The hack works by making use of a technique that mobile network operators use to update new phones joining their network, known as an OMA CP message. This would allow cybercriminals to view a person’s web history and read their emails . “ When the user receives an OMA CP message , they have no way to discern whether it is from a trusted source , ” said Mr. Makkaveev. “By clicking ‘acce

ZARP--> Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices WhatsApp says the specially crafted MP4 file can trigger the remote code execution ( RCE ) and denial of service ( DoS ) cyber attack. WhatsApp has flagged another critical security risk for its millions of users on ios, Android and Windows platforms. The latest security exploit involves malicious MP4 video files which could allow hackers to execute snooping attacks. WhatsApp says these ‘specially crafted MP4 file’ can trigger the remote code execution ( RCE ) and denial of service ( DoS ) cyber attack. The vulnerability — tracked as CVE-2019-11931 — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously cr

FIREMASTER-->  Firemaster is the Firefox master password recovery tool. If you have forgotten the master password, then using FireMaster you can find out the master password and get back your lost signon information. It uses various methods such as a dictionary, hybrid and brute force techniques to recover the master password from the firefox key database file. OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

Groups of hackers targeting businesses for financially motivated cyber Attacks  Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany , Italy , and the United States in an attempt to infect them with backdoor , banking Trojan , or ransomware malware . According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations. In almost all spear-phishing email campaigns researchers observed between October 16 and November 12 this year, the attackers used malicious Word document attachments as an initial vector to compromise the device. Once opened, the malicious document executes a macro script to run malicious PowerShell commands, which then eventually downloads and installs one of the f

PASSGEN -->   Passgen is a simple Python WPA2 Password Generator, which is an alternative for the random character generator Crunch which attempts to solve cracking WPA/WPA2 keys by randomizing the output as opposed to generating a list like so (aaaaaa,aaaaab,aaaaac etc). OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

Facebook Bug Secretly Switches iPhone Camera On Without User’s Permission. Apple iPhone users are being warned about a Facebook issue that apparently allows the app to activate your camera as you scroll your feed.  Facebook says the strange behavior is caused by a bug that was added to the code by accident and that there is no indication that photos or videos are being sent to its servers. The company claims an update has already been submitted to Apple that should remove it. The issue, discovered by web designer Joshua Maddox , who tweeted a video of himself tapping on a photo in Facebook on iOS, then pulling it to the side ever so slightly to reveal his phone’s camera in the background, instead of the app. Maddux and TNW both suggest that the issue could be tied to a specific version of iOS 13.2.2, as they were not able to replicate it in other places, though at least one other user claimed they could detect it on iOS 12.4.1. Facebook VP Guy Rosen tweeted that Fa

MONGOAUDIT -->   Mongoaudit is a CLI tool for MongoDB auditing of servers, detecting poor security settings and performing automated penetration testing.  OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

Authorities don’t seem to understand the real threat from cyber-operations. It is now evident that both the Kudankulam Nuclear Power Plant    ( KNPP ) and the Indian Space Research Organisation ( ISRO ), were the target of a cyber-attack.  The nuclear power plant’s administrative network was breached in the attack but did not cause any critical damage.  KKNPP   plant officials had initially denied suffering an attack and officially stated that KKNPP “and other Indian Nuclear Power Plants Control Systems are stand-alone and not connected to outside cyber networks and the Internet. Any Cyberattack on the Nuclear Power Plant Control System is not possible.”  So what really happened at Kudankulam? Here’s what you need to know. 1. The nuclear power plant and the cyberattack The KKNPP is the biggest nuclear power plant in India, equipped with two Russian-designed and supplied VVER pressurized water reactors with a capacity of 1,000 megawatts each. Accord

NESSUS -->   Using this tool one can scan almost every type of vulnerability including remote access, flaw detection, misconfiguration alert, denial of service against TCP/IP stack, preparation of PCI DSS audits, malware detection, sensitive data searches, etc OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/

Telangana Man Purportedly Hacked Lady's Facebook, Approached Companions For Cash Telangana's Rachakonda Digital Wrongdoing Police captured a 24-year-old techie for purportedly signing into a lady's online life account in an unapproved way and attempting to remove cash from her companions on the appearance of taking care of medicinal tabs. The accused has been identified as Bathula Venkateswarlu , a resident of Jillelaguda, Balapur Mandal. According to the police , the woman, hailing from Sarooranagar filed a complaint and stated that since September 2019 she was unable to log into her Facebook account. The woman came to know about this through one of her Facebook companions , whom she knew personally. In her complaint, she had alleged that somebody tried to extract money from her on-line associates on the pretext of her clinical medicine. "During the investigation process, it was revealed that Bathula Venkateswarlu is a B.Tech graduate

GHOSTPHISER --->  GHOST PHISHER is a wireless security auditing and phishing tool written using the Python Qt GUI library, the program can emulate access points and deploy. OUR COURSES: ETHICAL HACKING PENETRATION TESTING BUG BOUNTY FORENSIC INVESTIGATION CYBR CRIME INVESTIGATION ISO 27001 LA/LI CONTACT US FOR MORE DETAILS: PHONE:   + 91 8446503791 / +91 9004527361 For detail, courses visit our website:   https://careertechnology.co.in/