Top 5 Free Tools For Scanning Your Website Against Malware

Comodo’s Web Inspector

Comodo utilizes its sophisticated Web Inspector tool to scan your site for the various types of malware and other threats. Though available free, the tool perfectly justifies its name as it is loaded with the in-depth capabilities to inspect various present and possible vulnerabilities that can put your website at risk.

Web Inspector not only guarantees accurate online scanning for various types of malware but also furnishes the comprehensive report on phishing worms and other threats. That’s not all. Taking its capabilities further the tool also allows you to remove the malware and repair the hacked website by using malware removal and hacking repair features of the tool.

Various types of threats that you can scan with the help of a web inspector include Malware downloads, blacklisting, Worms, phishing, Trojans, and Heuristic Viruses.

Quttera

If you need an end to end scanning for your CMS based website then Quttera could be the ideal choice for you. It is fully capable of offering the uniform meticulous performance on a number of popular as well as new CMS platforms. If your site has already been targeted by the malware then too this tool can help your site by using its disinfectant capabilities.

One more USP of the tool is that it also helps you with its detailed report including the comprehensive list of elements. It includes but not limited to:
Malicious files details
Identified external links
Clean file details
Blacklisting reporting
Suspicious files.
Quterra works on a number of CMS like Joomla, WordPress, Drupal, SharePoint, and Bulletin.

Sucuri

Sucuri is another major name in the list that offers extensive malware scanning and removal facilities to the website owners without charging them. It is the premium quality of its malware features that make it a strong contender on this list. Whether you are running an e-commerce site on Magento or own a Wordpress blog, the Sucuri can be the best option for you to perform a free malware scanning test without compromising on the quality. After a thorough scanning, the Sucuri releases a detailed yet simple to understand report that includes injected spam reports, defacement's (change in the website’s external features), Malware presence etc.

MalCare

If you are looking for a free yet reliable tool that can scan your website and offer an excellent, multifaceted scanning evaluating the diverse aspects of your site, then MalCare can be the best option for you. The tool’s capability can be estimated by the fact that as many as 20,000+ sites rely on MalCare to detect and uproot the malware. It is also loaded with required stamina to clean up the infected site with just a single click. To be precise as many as 100 different signals are used to detect various types of malware with varying degrees of complexity.

Siteguarding

Siteguarding not only guards your site against any present or possible threats but also helps you scan various types of domain malware and website blacklisting instances. The tools work equally fine for various types of platforms including the popular CMS as Wordpress and Drupal. The premium features and capabilities of site guarding tools allow it to offer expert scanning and removal services.

The tool is loaded with advanced qualities to scan your website for the presence and possibility of domain malware, blacklisting incidence or website defacement. Along with alarming you about the presence of harmful malware on your site the tool also empowers you with efficient and sharp features for eradicating the same. The tool’s capabilities are further multiplied by the high-grade site antivirus and a competent website firewall that safeguard your site against any possible intrusion in the future. The tool allows you to perform deep scanning of each page of your website and offers individual security solutions for the same. Thus we can say that it is the best solution for the websites that are looking for tailor-made security solutions for different pages of their site. The tool outpaces its closest competitors on several key aspects, for example, its smart features allow the tool to identify the new threats, vulnerabilities, and potential malware and immediately release a competent antivirus for the new threats and worms thanks to its dynamic capabilities.

LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files

A spam campaign pushing the info-stealing LokiBot trojan leverages a novel technique to avoid detection. According to researchers, the spam messages include malicious .zipx attachment hidden inside a .PNG file that can slip past some email security gateways.

According to Trustwave SpiderLabs, that first spotted the .PNG/LokiBot messages, the spam campaigns delivering the trojan have been limited in scope, so far. “This represents an extension to the existing ways LokiBot is delivered via email,” said Phil Hay, senior research manager at Trustwave.

LokiBot is a prolific trojan designed to covertly siphon information from compromised endpoints. The malware is known for being simple and effective and for its adoption of diverse attachment types. The malware is a commodity in underground markets, with versions selling for as little as $300.

Trustwave researchers said the spam message delivering the payload LokiBot has three distinct characteristics. First, the attachment used in the spam campaign has a .zipx extension, meaning it is a compressed archive. These types of compressed files are notorious for harboring malware and are flagged by email security gateways as dangerous.

In an attempt to avoid detection, hackers behind the malspam trick email security gateway scanners by obfuscating the archive, using the file signature of a .PNG (portable network graphics) format. Attackers use the .PNG file structure, complete with a .PNG “header” and “IEND”. That way when the malicious file (RFQ -5600005870.zipx) is scanned it is identified as a .PNG image, even though it has a .zipx extension. The actual archive code – harboring LokiBot – is appended to the end of the .PNG file signature.
Click Attachment Launch LokiBot

As slick as the obfuscation is, getting infected takes effort.

To get infected a victim must first click on the message attachment (RFQ -5600005870.zipx). Doing so might, or might not, launch the right archive decompressor application – depending on client side applications installed on targeted computers. According to researchers, the WinRAR utility is one of the only file decompressing utilities that reliably open and decompress this .zipx archive. Other utilities, such as 7-Zip and WinZip, fail to open the specific file – likely because of the extraneous data packed inside the file signature.

Now, after the 500 KB .zipx archive is extracted by WinRAR to a 13.5 MB payload, the user must double-click the unpacked RFQ -5600005870.exe file.

“This first stage function [of the .exe] is to decrypt the main payload into the memory and execute it using a common technique called Process Hollowing, where a new process is created in a suspended state, its memory is unmapped and the malicious code replaces it,” researchers wrote.

Post-Exploitation

The Lokibot command-and-control tools are written in the PHP (Hypertext Preprocessor) programing language and almost always uses the file name “fre.php”, researchers said. “So, fre.php could be blocked at the gateway,” they said. The bot control panel source has been leaked to GitHub and uses the same fre.php file name, they added.

Trustwave said the malspam samples it found were blocked at its email gateway. “Two of the multiple layers had detected it as either spam or potentially malicious. But I can’t speak for other gateways,” Hay said.

“The wider point is that, because it is hidden in a real PNG file, it may not be recognized as a Zip archive, and therefore gateways may simply ignore it,” according to researchers.

Insecure UC Browser 'Feature' Lets Hackers Hijack Android Phones Remotely

Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately.

Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices.

Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than 500 million users worldwide.

According to a new report published today by Dr. Web firm, since at least 2016, UC Browser for Android has a "hidden" feature that allows the company to anytime download new libraries and modules from its servers and install them on users' mobile devices.

Pushing Malicious UC Browser Plug-ins Using MiTM Attack

What's worrisome? It turns out that the reported feature downloads new plugins from the company server over insecure HTTP protocol instead of encrypted HTTPS protocol, thus allowing remote attackers to perform man-in-the-middle (MiTM) attacks and push malicious modules to targeted devices.

"Since UC Browser works with unsigned plug-ins, it will launch malicious modules without any verification," the researchers say.

"Thus, to perform an MITM attack, cybercriminals will only need to hook the server response from http://puds.ucweb.com/upgrade/index.xhtml?dataver=pb, replace the link to the downloadable plug-in and the values of attributes to be verified, i.e., MD5 of the archive, its size, and the plug-in size. As a result, the browser will access a malicious server to download and launch a Trojan module."

In a PoC video shared by Dr. Web, researchers demonstrated how they were able to replace a plugin to view PDF documents with a malicious code using an MiTM attack, forcing the UC Browser into compiling a new text message, instead of opening the file.

"Thus, MITM attacks can help cybercriminals use UC Browser to spread malicious plug-ins that perform a wide variety of actions," researchers explain.

"For example, they can display phishing messages to steal usernames, passwords, bank card details, and other personal data. Additionally, trojan modules will be able to access protected browser files and steal passwords stored in the program directory."

UC Browser Violates Google Play Store Policies
Since the ability allows UCWeb to download and execute arbitrary code on users’ devices without reinstalling a full new version of UC Browser app, it also violates the Play Store policy by bypassing Google servers.

"This violates Google's rules for software distributed in its app store. The current policy states that applications downloaded from Google Play cannot change their own code or download any software components from third-party sources," the researchers say.

"These rules were applied to prevent the distribution of modular trojans that download and launch malicious plugins."
This dangerous feature has been found in both UC Browser as well as UC Browser Mini, with all version affected including the latest version of the browsers released to this date.

Dr. Web responsibly reported their findings to the developer of both UC Browser and UC Browser Mini, but they refused even to provide a comment on the matter. It then reported the issue to Google.

At the time of writing, UC Browser and UC Browser Mini are "still available and can download new components, bypassing Google Play servers," researchers say.

Such a feature can be abused in supply chain attack scenarios where company's server get compromised, allowing attackers to push malicious updates to a large number of users at once—just like we recently saw in ASUS supply chain attack that compromised over 1 million computers.

So, users are left with just one choice to make... get rid of it until the company patches the issue.

Update: A spokesperson for UCWeb provides The Hacker News a statement saying, "As per concerns raised by Dr Web, UC has updated the UC Browser app on Google Play. UC is an International company and stands by its commitment to create a product that helps millions of users access benefits of mobile internet."

Source:TheHackerNews

Unpatched Flaw in Xiaomi's Built-in Browser App Lets Hackers Spoof URLs

EXCLUSIVE — Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices.

That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a researcher told The Hacker News.

The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan, is a browser address bar spoofing issue that originates because of a logical flaw in the browser's interface, allowing a malicious website to control URLs displayed in the address bar.

According to the advisory, affected browsers are not properly handling the "q" query parameter in the URLs, thus fail to display the portion of an https URL before the ?q= substring in the address bar.

Since the address bar of a web browser is the most reliable and essential security indicator, the flaw can be used to easily trick Xiaomi users into thinking they are visiting a trusted website when actually being served with a phishing or malicious content, as shown in the video demonstration below.

The phishing attacks today are more sophisticated and increasingly more difficult to spot, and this URL spoofing vulnerability takes it to another level, allowing one to bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a site is fake.

"Android users are highly advised to use modern web browsers that are not affected by this vulnerability, such as Chrome or Firefox."
Source:TheHackerNews

The Best 5 IT Certifications to Pursue a Career in Cyber Security

As the IT sector is booming, cyber threats are also increasing in numbers. The demand of cyber security professionals has increased with the rise in cyber-attacks. Companies are looking for individuals with abilities to block known cyber-attacks and mitigate zero day vulnerabilities. Certifications are one way to prove the skills required in the highly challenging cyber security field. Organizations like EC-Council, ISACA, (ISC)2, GIAC, CompTIA, and SANS offer a variety of cyber-security certifications that can lead individuals to a dream cyber-security job. Following are some of the top level cyber-security certifications that one must consider while pursuing career in cyber-security field.

Certified Ethical Hacker (CEH)

CEH is a vendor neutral certification offered by EC-Council. The certification suits mostly to the individuals who want to build a career in the penetration testing field. CEH certification requires decent network security knowledge to pass the CEH exam. The certification covers more than 270 attacks technologies. An individual must have at least two years of working experience in the information security related field to take the CEH exam. CEH (Practical) is an alternate certification option for those who can’t take CEH certification exam because of no prior working experience in the field.

Licensed Penetration Tester (Master) | LPT (Master)

LPT (Master) is another EC-Council’s certification designed for experienced cyber-security engineers, consultants, and penetration testers with vast knowledge of cyber-security concepts. Individuals having Certified Ethical Hacker (CEH) and EC-Council Certified Security Analyst (ECSA) program knowledge can take the LPT (Master) exam. Only individuals with deep cyber-security knowledge and expertise in ethical hacking lifecycle are considered the best candidates for LPT (Master) certification exam.

Certified Information Security Manager (CISM)

CISM certification is offered by Information Systems Audit and Control Association (ISACA). The certification is designed for the experienced individuals managing enterprise level applications and developing information security systems. Professionals with at least five years of working experience in the information security field are eligible to take the CISM exam.

Certified Information Systems Security Professional (CISSP)

CISSP certification is offered by Information Systems Security Certification Consortium (ISC)2. This certification is designed for the IT professionals (decision makers) who want to prove their experience and expertise in managing and developing organizational level standards, procedures, and policies. Individuals having minimum of five years working experience in at least two Common Body of Knowledge (CBK) domains is eligible for the CISSP certification. (ISC)2 has eight CBK domains namely Security and Risk Management, Identity and Access Management, Asset Security, Software Development Security, Security Assessment and Testing, Communications and Network Security, Security Architecture and Engineering, and Security Operations. Professionals having four years of working experience with a college degree or proven credentials are also eligible for the CISSP exam.

GIAC Security Essentials (GSEC)

GSEC is an entry level certification offered by Global Information Assurance Certification (GIAC) entity. GSEC certification is designed for individuals who possess information security knowledge as well as technical expertise to handle the basic security tasks. GSEC certification proves the knowledge and skills of the certification holders in various cyber-security disciplines including access control and password management, active defense, contingency plan, cryptography, incidents security and response, IT risk management, Windows security, Linux security, network security, networking and protocols, security policies, threat hunting, and wireless network security. There is no prerequisite to take the GSEC exam.

Hi, I am

Ravinder Zangra

ABOUT ME

Ravinder Zangra

My Professional Skills

Achievements

Member of UG community

Founder of Hashmode

Created 70+ unique designs

14+ Websites launched

Director at Appuxey Technologies

100+ Handshakes

Portfolio