Airzero Sec

We Do Not Give Up ! Trust US !

  • Compromise in Business Email

We've all heard that malicious actors are actively using e-mail scams to defraud government agencies, small and large businesses, and their victims. Most corporate financial transactions are now digital, which has resulted in an increase in financial crime, primarily due to cyber fraud.

The term "Company Email Compromise" refers to a variety of malicious activities, but all types of BEC have one thing in common: they require access to or impersonation of a business email account.

What Exactly Is BEC?

Business Email Compromise (BEC) is a type of targeted scam in which an attacker impersonates a corporate executive or high-level employee in order to rob the company or its partners or obtain sensitive data. The goal of a BEC scam is to persuade the target to give the attacker money or sensitive information while they believe they are conducting a legitimate business transaction.

Attackers accomplish this by using various deception techniques to persuade users to hand over money or personal information.

How Does a BEC Scam Operate?

BEC fraud, like other social engineering schemes, relies on the human element to be successful.

This implies that in this situation, the fundamental human desire to be a social creature will be exploited.

Because of their natural desire to help and prove their worth, people are more likely to be victims of BEC assaults. The need to respond quickly to a request from your boss takes precedence over the need to double-check whether the request is correct in the first place.

Most BEC attacks consist of three primary steps:

  • Research

BEC scams, also known as "man-in-the-email" attacks, start with extensive research, with the attacker scouring publicly available information about the organization, such as websites, press releases, and social media posts.

  • Planning

After spending time researching his targets, the attacker will devise a few scam scenarios that may be successful.

The attacker will either try to gain access to or spoof the email accounts of the company's most powerful people. You could become a victim by simply changing one digit or one letter in the domain name when creating an email address with a spoofed domain.

  • Attack

Depending on how thorough the opponent is, the BEC assault can occur in a single email or across an entire thread. To gain the victim's trust, this communication typically employs persuasion, urgency, and authority. The attacker will then instruct the victim to send money or provide sensitive information.

Types of BEC Attacks

  • The Fake Invoice Scam

This type of scam frequently targets businesses that work with international suppliers. The attackers pose as suppliers, seeking money transfers to a fraudulent account.

  • CEOs who commit fraud

After gathering the necessary information, the attackers will impersonate the company's CEO or another high-ranking official and send an email to finance personnel requesting money transfers to a bank account controlled by them.

  • An Email Account Compromise (EAC)

A senior executive's or employee's email account is compromised and used to solicit invoice payments from suppliers listed in their email contacts. The funds are then transferred to bogus bank accounts.

Prevent Business Email Compromise

  • Educate your employees

Access to adequate cyber-security training for employees is a critical step that a company must take to protect itself from BEC. Employees should be made aware of the risks and consequences of these attacks, as well as how to spot a scam and respond appropriately in the event of one.

BEC attacks are successful not because they are technologically advanced, but because they take advantage of human weaknesses such as a reaction to authority, scheduling, or even exhaustion.

Clear communication of responsibilities and objectives, as well as adequate guidance in the use of IT and accounting controls, can help to mitigate these risks. Cyber-security threats come in all shapes and sizes, so it's critical to detect, report, and respond to them correctly. Even though it may appear obvious, human error is to blame for 95 percent of successful cyber-attacks. Managers should keep in mind that hackers do not simply break into IT departments by brute force, they look for flaws. As a result, cyber-security skills and expertise are required for every position in the company. Making cyber security a shared responsibility is critical, so include management and IT in your education programme, hold monthly cyber security sessions, and, of course, set specific rules for email, internet surfing, social media, and mobile devices. While there is no foolproof method for protecting your company, educating your employees on security risks and best practices for online behaviour and privacy will significantly reduce the risk of a BEC scam.

  • Encourage employees to object to any suspicious requests.

Because employees have a tendency to rush through activity or a reaction, teaching them to double-check before completing a task may reduce the risk of a cyber-attack. Consider an email from a company's senior executive in which a large sum of money is urgently demanded. Employees must understand that delaying payment is preferable to be scammed, and they must make every effort to ensure that the request they received is legitimate. Employees have a tendency to rush through activity or a reaction, so teaching them to double-check before finishing a task may reduce the risk of a cyber-attack.

BEC assaults, unfortunately, are here to stay due to their surface-level nature. To stay ahead of the growing threat of Business Email Compromise, organizations and employees must alter their mindsets, practices, and security solutions. If you have any doubts concerning the above issue, please contact us. Please do not hesitate to get in touch with us. Your security partner will be Airzero Sec.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

A group of researchers from French, Israeli, and Australian universities investigated the possibility of creating unique fingerprints from people's GPUs and using them for persistent web tracking.

The findings of their large-scale experiment, which involved 2,550 devices with 1,605 different CPU configurations, show that their technique, dubbed 'DrawnApart,' can increase the median tracking duration by 67 percent when compared to current state-of-the-art methods.

This is a serious issue for user privacy, which is currently protected by laws focusing on obtaining consent to activate website cookies.

Because of these laws, unscrupulous websites have begun to collect additional potential fingerprinting elements such as hardware configuration, operating system, timezones, screen resolution, language, fonts, and so on.

This unethical approach is still limited because these elements change frequently, and even when they are stable, they can only assign users to broad categories rather than creating a unique fingerprint.

Identical GPUs are being fingerprinted.

With the help of WebGL, the researchers considered the possibility of creating unique fingerprints based on the GPU (graphics processing unit) of the tracked systems (Web Graphics Library).

WebGL is a cross-platform API for rendering 3D graphics in browsers that are supported by all modern browsers. The DrawnApart tracking system can use this library to count the number and speed of execution units in the GPU, measure the time required to complete vertex renders, handle stall functions, and more.

To overcome the challenge of having random execution units handle the computations, DrawnApart uses short GLSL programmes executed by the target GPU as part of the vertex shader. As a result, workload distribution is predictable and standardized. The team created an on-screen measurement method that performs a small number of computationally intensive operations, as well as an off-screen measurement method that puts the GPU through a longer and less intensive test. This process generates traces made up of 176 measurements taken from 16 points, which are then used to create a fingerprint. Even when evaluating the individual raw traces visually, differences and distinct timing variations between devices can be observed.

The researchers also experimented with swapping out other hardware components on the machines to see if the traces could still be distinguished, and discovered that the fingerprints were solely dependent on the GPU.

Even if a set of integrated circuits is manufactured in the same way, has the same nominal computational power, a number of processing units, and exact same cores and architecture, each circuit is slightly different due to normal manufacturing variability.

In normal day-to-day operations, these distinctions are indistinguishable, but they can be useful in the context of a sophisticated tracking system like DrawnApart, which is specifically designed to trigger functional aspects that highlight them.

Implications and considerations

When DrawnApart is combined with cutting-edge tracking algorithms, the median tracking duration of a targeted user increases by 67%.

As shown in the diagram below, the standalone tracking algorithm can achieve an average tracking time of 17.5 days, but with GPU fingerprinting, this can be extended to 28 days.

Based on the testing conditions, the GPU operational temperature range is between 26.4 °C and 37 °C, with no voltage variations. Workload variations, GPU payloads from other web browser tabs, system restarts, and other runtime changes have no effect on DrawnApart. The next-generation GPU APIs that are currently in development, most notably WebGPU, include computing shaders in addition to the existing graphics pipeline. As a result, the upcoming API may introduce even more ways to fingerprint internet users, as well as much faster and more accurate methods. When the researchers tested compute shaders in the now-defunct WebGL 2.0, they discovered that DrawnApart achieved 98 percent classification accuracy in only 150 milliseconds, much faster than the 8 seconds required to collect fingerprinting data via the WebGL API.

"We believe that once the WebGPU API is widely available, a similar method can be developed. Before enabling accelerated compute APIs globally, the effects on user privacy should be considered "finalizes the research paper Attribute value changes, parallel execution prevention, script blocking, API blocking, and time measurement prevention are all potential countermeasures to this fingerprinting method.

Khronos Group, the developer of the WebGL API, has received the researchers' disclosure and formed a technical study group to discuss potential solutions with browser vendors and other stakeholders. If you have any doubts about the aforementioned issue, please contact us. Please do not hesitate to get in touch with us. Your digital partner will be Airzero Sec.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

A previously unknown firmware implant used in a targeted espionage campaign to maintain stealthy persistence has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41).

The rootkit, codenamed MoonBounce by Kaspersky, was described as the "most advanced UEFI firmware implant discovered in the wild to date," with the implant's "purpose being to facilitate the deployment of user-mode malware that stages performance of further payloads downloaded from the internet."

Firmware-based rootkits, once uncommon in the threat landscape, are quickly becoming lucrative tools for sophisticated actors seeking to establish a long-term foothold in a way that is not only difficult to detect but also difficult to remove. MoonBounce is worrisome for a variety of reasons. Unlike FinFisher and ESPecter, which target the EFI System Partition (ESP), the newly discovered rootkit, along with LoJax and MosaicRegressor, targets the SPI flash, a non-volatile storage device external to the hard drive.

By embedding such persistent bootkit malware within the flash storage soldered to a computer's motherboard, the mechanism renders it impossible to remove via hard drive replacement and even resistant to re-installation of the operating system.

According to the Russian cybersecurity firm, the presence of the firmware rootkit was discovered in a single incident last year, indicating the highly targeted nature of the attack. However, the precise mechanism by which the UEFI firmware was infected is unknown.

The fact that an existing firmware component was tampered with to alter its behaviour — rather than adding a new driver to the image — adds to its stealthiness, with the goal of diverting the execution flow of the boot sequence to a malicious attack sequence that injects the user-mode malware during system startup, which then connects to a hardcoded remote server to retrieve the next-stage payload.

"The infection chain itself goes no traces on the hard drive, as its components operate in memory only, enabling a fileless attack with a small footprint," the researchers explained, adding that they discovered other non-UEFI implants in the targeted network communicating with the same infrastructure that hosted the staging payload.

Among the components deployed across multiple network nodes are a backdoor known as ScrambleCross (aka Crosswalk) and a number of post-exploitation malware implants such as Microcin and Mimikat ssp, indicating that the attackers moved laterally after gaining initial access in order to exfiltrate data from specific machines.

In an independent analysis, cybersecurity firm Binary discovered that the MoonBounce UEFI component was created in 2014 for target hardware related to an MSI system and that the malware could have been delivered to the compromised machine via physical access or software modifications caused by a lack of adequate SPI protections.

To counteract such firmware-level modifications, it is recommended that the UEFI firmware be updated on a regular basis, as well as that security features such as Boot Guard, Secure Boot, and Trust Platform Modules be enabled (TPM). "MoonBounce describes a certain change in this group of threats by offering a more detailed attack discharge in comparison to its ancestors, as well as a higher level of technical competence by its authors, who demonstrate a thorough understanding of the finer details involved in the UEFI boot process," the researchers wrote. If you have any questions and concerns about the above topic, please contact Airzero sec through the given Email.

Email:[email protected]

Researchers have discovered two serious security holes in the Control Web Panel that might be used as part of an attack chain to execute pre-authenticated remote code on affected servers.

The vulnerability, identified as CVE-2021-45467, is a file inclusion vulnerability that occurs when a web application is tricked into exposing or running arbitrary files on the webserver.

Control Web Panel, formerly CentOS Web Panel, is a free and open-source Linux control panel software used to set up web hosting environments.

According to Octagon Networks' Paulos Yibelo, who discovered and reported the flaws, the problem arises when two of the application's unauthenticated PHP pages — "/user/login.php" and "/user/index.php" — fail to sufficiently validate a way to a script file.

This means that all an attacker needs to do to exploit the vulnerability is change the include statement, which is used to include the content of one PHP file into another PHP file, to infiltrate malicious code from a sheltered resource and gain code execution.

While the application had protection in place to flag tries to switch to a parent directory as a "hacking attempt," it did nothing to avert the PHP interpreter from receiving a specially formulated string such as ".$00." and actually performing a full bypass.

This not only permits a bad actor to gain entry to restricted API endpoints but it can also be combined with an arbitrary file write vulnerability (CVE-2021-45466) to gain full remote code execution on the server, as shown below —

  • Send a file inclusion payload powered by null bytes to include the malicious API key.
  • To register to a file, utilize the API key (CVE-2021-45466)
  • Include the file we just constructed in (CVE-2021-45467)

If you have any concerns about Critical flaws in the Control Web Panel, please contact us. Please contact Airzero sec if you have any questions or concerns.

Email:[email protected]

In yet another software supply chain attack, dozens of WordPress themes and plugins hosted on a creator website were backdoored with hostile code in the foremost half of September 2021 with the intention of infecting additional sites.

The backdoor gave the attackers full administrative control over websites that used AccessPress Themes' 40 themes and 53 plugins, a Nepal-based company with over 360,000 active website installations.

"The infected extensions contained a dropper for a web shell, giving the attackers full access to the infected sites," security researchers from JetPack, a WordPress plugin suite developer, wrote in a report published this week. "The same extensions worked fine when downloaded or installed from the WordPress[.]org directory."

The vulnerability has been identified as CVE-2021-24867. In a separate analysis, website security platform Sucuri found that some of the infected websites discovered using this backdoor had spam payloads dating back almost three years, implying that the actors after the process were trading entrances to the places to operators of other spam campaigns.

Early this month, cybersecurity firm eSentire revealed how compromised WordPress websites belonging to legitimate businesses are used as a hotbed for malware delivery, serving an implant called GootLoader to easy users exploring for postnuptial or intellectual property agreements on search engines like Google.

Site owners who installed the plugins directly from AccessPress Themes' website are advised to upgrade to a safe version as soon as possible or replace it with the latest version from WordPress[.]org. Furthermore, it necessitates the deployment of a clean version of WordPress in order to undo the changes made during the backdoor installation.

The findings coincide with the disclosure by WordPress security company Wordfence of a now-patched cross-site scripting (XSS) vulnerability affecting a plugin called "WordPress Email Template Designer – WP HTML Mail" that is installed on over 20,000 websites.

The bug, identified as CVE-2022-0218, was rated 8.3 on the CVSS vulnerability scoring system and was addressed as part of updates released on January 13, 2022. (version 3.1).

"This flaw permitted an unauthenticated detractor to infiltrate negative JavaScript that would accomplish whenever a site manager accessed the template editor," explained Chloe Chamberland. "This vulnerability also allows them to modify the email template to include arbitrary data that could be used to launch a phishing attack against anyone who received emails from the compromised site."

According to data released this month by Risk Based Security, a whopping 2,240 security flaws were discovered and reported in third-party WordPress plugins by the end of 2021, a 142 percent increase from the previous year, when nearly 1,000 vulnerabilities were disclosed. A total of 10,359 WordPress plugin vulnerabilities have been discovered to date. If you have any reservations regarding the subject. Please do not hesitate to get in touch with us. Your digital partner will be Airzero Sec.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

A tool for simulating OWASP API Top 10 vulnerabilities and observing their behavior has been released to the open-source community.

The vAPI, or 'Vulnerable Adversely Programmed Interface,' is a vulnerability exercise and test platform designed to help users learn about API security.

API security has emerged as a critical area of concern in recent years. APIs are now widely used to manage services and data transfers, and a single broken endpoint can result in data breaches or enterprise network compromises.

According to Gartner, API attacks will become the most common attack vector for enterprise web applications this year.

Vulnerable APIs

vAPI is an open-source PHP-based interface developed by Tushar Kulkarni, a security engineer at Holm Security, and is available on GitHub. It can be used as a self-hosted API via PHP, MySQL, and PostMan, or as a Docker image. Kulkarni stated during the platform's introduction at Black Hat Europe 2021 Arsenal that vAPI could be useful to new penetration testers in acclimating them to how different API bugs are classified, as well as for developers, as the platform allows them to see examples of vulnerable code – as well as consider potential mitigations.

The Laravel PHP framework and MySQL are at the heart of the platform's technology stack. Although Postman collection and Environment are used to store API calls, this will eventually change due to migration to an OpenAPI. A manipulator-in-the-middle (MitM) proxy, such as Burp Suite or ZAP, can be used for testing, though the developer does not consider it strictly necessary. "Some API vulnerabilities, such as credential stuffing, may require you to run as an intruder or a ZAP script to solve the challenge," Kulkarni explained.

OWASP API Top 10

In 2019, the Open Web Application Security Project (OWASP) Foundation published its first API Security Top 10 list, which documents the most common API-related causes of security incidents, reflecting the growing importance of API security.

vAPI is currently based on the API categorizations found in the OWASP API Security Top 10.

The following causes are documented in OWASP's 2019 list:

  • API1:2019 Faulty Object Level Authorization: exposed endpoints handling object identifiers
  • API2:2019 Faulty User Authentication: failures to manage authentication correctly
  • API3:2019 Excessive Data Exposure: Object property exposures are included.
  • API4:2019 Lack of Resources and Rate Limiting: There are no limits on resource sizes or numbers, potentially degrading performance and allowing brute-force attacks.
  • API5:2019 Failed Function Level Authorization: Inadequate Access Control Management
  • API6:2019 Mass Assignment: Filter failures that enable malicious object modification
  • API7:2019 Security Misconfiguration: Default configurations, errors, and cross-origin resource sharing permissive
  • Injection flaws in API8:2019 include SQL, NoSQL, and command injection flaws.
  • API9:2019 Inadequate Asset Management
  • API10:2019: Inadequate Logging and Monitoring

The platform is now open to the public and free to use. The vAPI roadmap includes the development of a dashboard to track user progress through the API challenges, and Kulkarni hopes that in the long run, the platform will become an "open-source playground" for users to submit their own API security challenges and scenarios. If you have any doubts about the aforementioned topic, please contact us. Please do not hesitate to get in touch with us. Your digital partner will be Airzero sec.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Authorities in Russia have apprehended 14 alleged members of the notorious REvil ransomware gang. The Russian Federal Security Service (FSB) oversaw the crackdown operation announced on Friday (January 14), based on information provided to them by US law enforcement regarding ransomware attacks on western companies. According to an FSB statement (Google-translated from the Russian language original) on the case, the suspects were later charged with "illegal circulation of means of payment." This would imply that the individuals are facing money laundering and fraud charges rather than computer intrusion charges, though there is still some ambiguity in the case. "It's unclear whether the developers or lower-level criminals were arrested," Group-IB, a threat intelligence firm, told The Daily Swig.

The FSB went on to say that "as a result of the joint actions of the FSB and the Russian Ministry of Internal Affairs, the organized criminal community ceased.” Although details are sketchy, indications suggest that Russian authorities have apprehended a number of alleged underlings rather than bosses and masterminds in a large ransomware-as-a-service criminal conspiracy.

The FSB has made available edited video highlights of its raids.

Resident REvil

REvil (also known as 'Sodinokibi') confirmed victims include global money exchange Travelex, IT services firm Kaseya, and JBS, one of the world's largest meat suppliers.

In October 2021, US authorities successfully breached and disrupted REvil's infrastructure.

The latest law enforcement action, which could be even more serious, comes on the heels of a November 2021 indictment of two men charged with using REvil ransomware in cyber-attacks against Kaseya and others.

This action entails the arrest of named (different) suspects in Poland and Romania.

‘Constant pressure’

Ransomware is still a major threat, but REvil has been largely dormant since last October, long before the latest arrests. Despite this, threat intelligence experts questioned by The Daily Swig said the threat could reappear under a different guise, so confident statements that the risk has been neutralized are, at best, premature. "REvil dropped off the radar in October as a result of constant law enforcement pressure." "The group's infrastructure has remained inactive since then," said Group-IB. "However, as we've seen with other ransomware gangs, shutdowns do not always mean the end of malicious activity." There are many RaaS [Ransomware-as-a-Service] programmes at the moment, with Group-IB analysts identifying at least 21 new affiliate programmes in the latest Hi-Tech Crime Trends report between H2 2020 and H1 2021."

Furthermore, ransomware gangs frequently relaunch their operations under new names. Such rebranding has occurred with DoppelPaymer and Avaddon. In addition, in August, we revealed the similarities between DarkSide and its apparent successor, BlackMatter."If you have any questions about the preceding topic. Please do not hesitate to contact us. Your digital partner will be Airzero Sec.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Box has moved to patch a flaw in its SMS-based two-factor authentication (MFA), just weeks after its temporary one-time password (TOTP)-based MFA was discovered to be vulnerable as well.

Varonis Threat Labs detailed how the technique could allow an attacker to use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone in a technical blog post. "Once known, the vulnerability is extremely easy for an unsophisticated attacker to exploit," says Or Emanuel, head of Varonis Threat Labs.

SMS-based 2FA

Box, like many other applications, allows users who do not have Single Sign-On (SSO) to use a one-time passcode sent via SMS as a second authentication step.

When a user enters a username and password into Box's login form, Box stores a session cookie and redirects the user to enter either a temporary one-time password for use with an authenticator app or an SMS code to gain access to their Box.com account.

If the user does not go to the SMS verification form, no SMS message is sent, but a session cookie is generated – and a malicious actor.

Once the cookie is generated, the attacker can abandon the SMS-based MFA process and instead initiate the TOTP-based process by using the session cookie to post a factor ID and to the TOTP verification endpoint, they must send a code from their own Box account and authenticator app.

Box failed to validate whether the victim was enrolled in TOTP verification or that the authenticator app used belonged to the user who was logging in.

Coordinated disclosure

According to Emanuel, the disclosure was made through HackerOne, and Box responded quickly.

The report comes on the heels of Varonis' late-year discovery that Box's TOTP-based MFA was also vulnerable to exploitation.

To log in, users must first enter their email address and password, followed by a one-time password generated by their authenticator app. Varonis discovered, however, that the user did not have to be fully authenticated in order to remove a TOTP device from a user's account.

The researchers were able to successfully unenroll a user from MFA after providing a username and password but before providing the second factor as a result of this. They could then log in without using MFA and gain full access to the user's Box account.

According to Emanuel, the team is currently testing other MFA implementations. "We believe it is extremely widespread because there are countless SaaS applications, the majority of which have their own MFA implementation." "The more we look, the more flaws we discover," he claims.

"There are numerous failure points, not just the vendor's MFA code." SMS messages, for example, can be intercepted in a variety of ways, including SIM jacking and port-out fraud. Authenticator apps may contain flaws. There are also backdoors into SaaS apps that completely bypass the login process, such as session hijacking."

If you have any questions about this issue, please contact us via the email address provided. Your security partner will be Airzero sec.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Introduction

With the demand for next-generation financial technology newly increasing, there have been functional analyses on blockchain for the safe use of electronic cash by sharing solely between counterparts and without the involvement of third parties. A blockchain is a public ledger for commerce and it prevents hacking during trades involving virtual cash. As a kind of distributed database and a data form list that constantly grows, it is planned to undermine arbitrary tampering by the operator of dispersed peers. Trade records are encrypted according to a rule and used in computers that operate the blockchain software. Using blockchain can supply higher protection reached to storing all data in the main database. In the data storage and control aspect, injury from attacks on a database can be controlled. Moreover, since the blockchain has an exposure point, it can provide clarity in data when used in a space demanding the disclosure of data. Due to such powers, it can be used in different places including the economic sector and the Internet of Things domain and its applications are predicted to grow. The blockchain completes a trade record through the work authentication technique when someone who lends electronic cash forms a league by connecting the trades over the network. The hash value is then caused by confirming it and joining the last block. This block is sometimes updated and remembered on the electronic cash transaction parties to communicate the most delinquent transaction detail block. This approach delivers protection for the transaction of electronic cash and permits the use of a dedicated mechanism. Cloud computing has been used in many IT conditions due to its efficiency and availability. Moreover, cloud security and solitude issues have been examined in terms of critical security elements: confidentiality, integrity, authentication, access control, and so on.

In this study, we aspire to explore the description and base technology of blockchain and survey the direction of investigations to date to discuss places to be studied, considering cloud computing domains. In addition, we examine the reviews for blockchain protection and security solutions in components. This study of blockchain technology surveys the blockchain by studying generic technology and research directions and discusses the explanation for using bitcoin safely as well as future study areas. The outcomes of this study can act as important base data in examining blockchain and will aid in comprehending the known safety problems thus far. We can foster the growth of prospective blockchain technology by comprehending the trend of blockchain protection. The rest of this analysis is arranged as follows. later, we discuss related works including the fundamental idea of blockchain and bitcoin as a use case. Later explains a precise discussion and survey on the security cares for blockchain including the settlement of blockchain, the security of transactions, the protection of wallets, and the security of software. Later we discuss blockchain protection case studies—authentication, security happenings, and 51% attack—and enhance the blockchain.

Related Works

In this section, we examine the fundamental concept of blockchain and the current research. We also study the exact use of blockchain in bitcoin.

Blockchain

A blockchain is a technology that permits all associates to maintain a ledger including all transaction data and to update their ledgers to maintain integrity when there is a new transaction. Since the promotion of the Internet and encryption technology has created it feasible for all components to confirm the trustworthiness of a transaction, the single point of failure emerging from the dependence on an authorized third party has been translated.

Bitcoin

Bitcoin is the digital currency presented by Satoshi Nakamoto in 2009 to authorize transactions between peers without central control or a server to give and manage the currency. Bitcoins are sold with the P2P-based dispersed databases established on public-key cryptology. Bitcoin is one of the first performances of cryptocurrency in 1998. The bitcoin trade announcement is revealed over the network such that all peers can prove it and so money distribution is limited. The peers experiencing in the network have the same blockchain and the transaction data are held in blocks in the same way as the distributed storage of transaction data Although there are many dangers concerned in electronic transactions, bitcoin can be technically executed to cope with them. For example, an individual attempting to cause a falsified ticket record from another individual statement to his or her own account can be secured by securing it with the sender’s personal key. If numerous parties plan to use a bitcoin at the same time, the chain that loses in the match between peers will be destroyed.

Consideration for Blockchain Security: Challenges

Blockchain technology has been executed or learned as cyber money and is really used. Note, however, that extra security problems arising in blockchain contracts, transactions, wallets, and software have been reported. This report checks the signals of security problems presented to date and the security level of the current blockchain. We believe this shot is very important as the results can act as base data for planning future blockchain technology and improving security.

Settlement of Blockchain

Although there should only be one blockchain since it is the sequential connection of developed blocks, a blockchain may be divided into two because the two most offender blocks can be generated temporarily if two distinct peers increase in mining the solution for creating the block at the same time. In such a matter, the block that is not set as the belated block by the majority of peers in the bitcoin web to restart mining will become meaningless. In other words, bitcoin will keep the bulk of peers who have 50% or more mining ability. Therefore, if an assailant has 51% mining ability, a “51% Attack”, wherein the attacker has control of the blockchain and she can include falsified transactions, can be a problem.

Security of Transaction

Since the script used in inputs and outputs is a programming language with flexibility, other transaction forms can be made using such a bitcoin contract is a form of using bitcoin for the existing authentication and economic service. Widely used form problems making the contract using the script that has a considerable-signature procedure called multisig. Although the scripts are utilized to translate a wide range of bitcoin problems, the case of the improperly configured transactions has also increased as the complexity of the script increases. A bitcoin using an improperly configured locking writing is pitched since nobody can use it as the unlocking script cannot be created. To this end, there are studies that offer examples of bitcoin contract-type trades to confirm the accuracy of a script used in a transaction.

Security of Wallet

The bitcoin address is worth a public key encoded with a group of public and private keys. Therefore, the locking writing of a bitcoin transaction with an oration as work can be unlocked with a script that has the agreement signed with the public key of the speech and the personal key. The bitcoin wallet accounts report such as the private key of the analysis to be used for unlocking script. It suggests that failure of data in the wallet reveals a loss of bitcoin since the data is required for using the bitcoin. Therefore, the bitcoin wallet has evolved the primary subject of bitcoin aggression through hacking.

Security of Software

The bug of the software used in bitcoin can be needed. Although the official Bitcoin Developer Documentation site clearly explains all bitcoin operations, the bitcoin core software is always useful as the connection since the complicated methods of the early bitcoin invention have been established through the software managed by Satoshi Nakamoto. Nonetheless, even the bitcoin core software, which must be more reliable than anything, is not Positive from the issue of software malfunction such as bugs. The most superior software bug is the CVE-2010-5139 vulnerability that appeared in August. Due to the bug yielded by integer overflow, an invalid transaction wherein 0.5 bitcoin was introduced as 184 trillion bitcoin was formed in a normal block, and the matter was not settled until 8 h later. Moreover, there was a bug where a union processed in version 0.8 was not processed in version 0.7 as the database was changed from BerkeleyDB to LevelDB since the bitcoin performance of the bitcoin core was elevated from 0.7 to 0.8. It caused the peers of version 0.7 and equivalents of version 0.8 to have additional blockchains for 6 h. Both of these problems are cases showing that the widespread belief in the safety of bitcoin trades of a block is having significant depth after some time and can be threatened by a software bug.

Blockchain Security Case Studies

The demand for the security of bitcoins established on the blockchain has grown since hacking cases were reported. Mt. Gox, a bitcoin interaction established in Tokyo reported losses of USD 8.75 million due to hacking in June 2011, and bitcoin wallet assistance InstaWallet reported losses of USD 4.6 million due to hacking in April 2013. In November of the same year, anonymous marketplace Sheep Marketplace was compelled to shut down after someone stole USD 100 million worth of bitcoins. Mt. Gox, which had already mourned losses due to hacking, again conveyed losses of USD 470 million due to hacking in February 2014 and subsequently pointed for bankruptcy. The problems persisted, with the Hong Kong-based bitcoin exchange Bitfinex reporting failures of USD 65 million due to hacking in August 2016. These problems have introduced awareness of the necessity for protection. There have been studies on the safety of blockchain to overcome such safety problems and many reports have been published. In particular, since blockchain is the generic technology of cyber money, the impairments can be deep in cases of misuse and tries to steal cyber money occur repeatedly. Therefore, it seems very influential to comprehend the attack cases known so far and to have out inquiries to draw up countermeasures.

Authentication

An essential part of blockchain security is security connected to the personal key used in encryption. An attacker takes out different attempts to access a user’s personal key held in the user’s computer or a smartphone in order to hack the bitcoin. The assailant will install malware on the computer or smartphone to leak the user’s private key and use it to hack the bitcoin. Some studies have suggested a hardware token for the support of a transaction to cover the personal key. Other studies indicated strengthened authentication standards for the storage unit including the bitcoin. Two-factor authentication is supposed to be the greatest method for supporting authentication.

Security Incidents

With more people using bitcoins, chances of malware and malicious codes targeting bitcoins have also been live reported. Malware can hack bitcoins by contaminating computers. To translate such a situation, a PC security key must be established to catch malicious code. One recently found negative code looted game reports and can be used for stealing the bitcoin accounts. With more bitcoins being utilized for the cash trade of online game items, safety steps to cope with it are required. The Distributed Denial of Service spell floods the targeted server with superfluous demands to overload the system and control the condition of normal service to other users. Thus, it can control the users of blockchain from obtaining assistance. DDoS attacks contain the bandwidth-consuming attack that surpasses the bandwidth of all systems using the same network and the PPS-consuming attack that causes inner system failure or the denial of assistance to other servers in the same network. The http-flooding attack transfers a large number of http packets to a targeted server to cause the rejection of the service. Since the bitcoin service must be always provided to the users, countermeasures to DDoS attacks are needed

51% Attack

In bitcoin conditions, a 51% attack alters and manufactures 51% of the registers simultaneously. Thus, it is a very hard attack to blend. The assailant must have 51% or more calculating ability of all users, deliberately cause two branches, and place the targeted branch as the fair blockchain. To solve the issue, an intermediate confirmation process must be delivered to stop such tampering a race attack causes hundreds of trades and transmits them to numerous users when a fair transaction is sent. Since many users are possible to think the shared transaction to be legitimate, failures can be supported if 51% of users modify the ledger. In a Finney attack, an attacker causes a block having altered data and brings out the attack with it. Such aggression can be stopped when the attack mark sets the trade-in standby mode until block confirmation.

Improved Blockchain

Since the current payment system is very difficult and transaction facilitators are spread, the points targeted by security attacks are growing. A user planning to trade money will pay an annual membership fee to obtain a card and use it to buy goods or use services. The customer’s bank and the merchant’s bank interact with each other to recompense the fee and a shop planning to use the card accepts it from a bank and uses it for the acquisition of goods and services. A simplification of transactions is needed since more people use smartphones to purchase goods or services.

Secure Blockchain Solutions in Cloud Computing

If the user details are disclosed in the cloud computing environment, monetary and psychological Injuries can occur due to the leak of users’ sensitive data. The security of the protection and transmitting data, such as confidentiality and probity, in the cloud computing environment, is particularly studied. However, analyses on privacy protection and obscurity are not sufficient. Blockchain is a usual technology for providing anonymity. If connected with the cloud computing environment, blockchain can be elevated to a convenient service that equips stronger security. User anonymity can be provided if the blockchain method is used when saving user data in the cloud computing environment. An electronic wallet is installed when using blockchain technology. If the electronic wallet is not correctly deleted, the user data can be left behind. The remaining user data can be used to think about the user information. To crack this problem, we propose a solution that installs and deletes the electronic wallet securely.

The blockchain is used to remove the data of the user who uses cloud computing. The electronic wallet is securely released by transmitting the finished message. The leak of user data can be controlled only when the electronic wallet is fully removed. Even though many existing studies have been conducted on the blockchain protocol, a process for removing the electronic wallet ultimately is given to provide user anonymity and privacy protection. We reached the process with existing studies in terms of confidentiality, integrity, anonymity, privacy protection, and residual data protection. Confidentiality statements if the data is leaked to unauthorized peers, whereas goodness checks if the data used in transactions are limited or falsified without sanction during transfer or hold. Anonymity must ensure that the peer implicated in a transaction is not identifiable. Privacy guard protects the personal statement of peers experienced in the transaction, whereas residual transmission protection checks the safe expulsion of user data at the time of trade stop and program removal.

Conclusion

A blockchain has eliminated the need for a server, eliminating the need for a central authority, and has accelerated transactions by participants collectively storing transaction records and, finally, approving transactions using P2P network technology. The blockchain has a distributed structure and makes use of the peer network as well as the computing resources of peers. To increase the security of blockchain, technical measures such as proof of labour and proof of stack are enforced. Despite the fact that the security of the blockchain is constantly being improved, issues have continued to be rumoured, and there are active security studies. An aggressor makes numerous attempts to gain access to a user's private key stored on the user's computer or a smartphone in order to hack the bitcoin. There are studies on using a secure token or securely storing it to protect the private key. Throughout this study, we will refer to blockchain technology and connected devices and examined the trend of studies thus far to discuss additional areas to be studied Several current issues must be addressed before using blockchain in a cloud computing environment. Even now, blockchain raises several issues, such as the security of transactions, wallets, and packages, and numerous studies are being conducted to address these issues. When utilizing blockchain in a cloud computing setting, the obscurity of user data should be ensured, and the user data should be completely deleted once the service is removed. If the user data is not deleted but instead remains, the user data is frequently guessed from the remaining data. As a result, this study mentioned the security strategy of presenting a technique of secure blockchain use and removal protocol. Given the environment in which a massive amount of data is transmitted, it appears that studies on potency, in addition to security, are required.

If you have any doubt about the topic. Don’t hesitate to contact us Airzero sec will be your digital partner.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Malware can infect your Android phone in the same way that it can infect your computer. It slows down your system and causes glitches that make it difficult to use your phone. To protect your phone and yourself, you must act quickly. There are steps you can take to remove malware and protect your phone in the future, whether you downloaded an infected app or visited a corrupted website.

How to Get Rid of Malware and Viruses?

The initial step is to locate the malware on your phone. We'll show you how to do it, and then we'll give you some protection options, as well as antivirus apps you can use to restore your phone's health and keep it safe in the future.

Step 1: Turn off the computer until you have determined the specifics.

Once you've determined that your phone has been infected with malware, hold the power button down and turn the phone off completely. It will not prevent the malware from causing damage, but it will prevent the problem from worsening and may halt ongoing malware attempts to access nearby networks.

Shutting down also gives you time to reflect and conduct research. Do you know which infected app installed malware on your device? Do you know what other software it may have downloaded without your permission? If not, switch to a different computer and look up your symptoms (along with any new apps you tried out) to narrow down the problem. You can't remove an app if you can't find it at the source of the problem.

Step 2: While working, switch to safe/emergency mode. When you restart your device and attempt to isolate the problematic app, go into safe mode first. This will help to limit the amount of damage the infected app can cause.

Step 3: To enter safe mode on most Android devices, hold down the power button for a few seconds while the device is turned on, then tap and hold the Power off option.

Step 4: This should bring up a few power options, including a Reboot to safe mode option.

Select this mode and wait for your phone to reboot before proceeding. If you can't find a safe mode, use aeroplane mode to disconnect your device from all networks. That option is usually at the top of your notifications shade.

Note: If you can't figure out what's causing your malware problem after downloading a security app, don't tinker. Consult a professional to determine whether you should wipe your phone. This is a good strategy if ransomware, which is becoming more common, takes control of your phone and prevents you from doing anything.

Step 5: Navigate to Settings and locate the app.

On your Android device, go to Settings. Settings are typically represented by a gear-shaped icon, but this varies depending on your themes and arrangement: If you're having trouble finding it, look for it.

Step 6: In Settings, scroll down to the Apps section and click it. Look for a list of all your current apps — you may need to select App Manager to see the entire list.

Step 7: Once there, scroll down until you find the infected app that is causing your issues.

Step 8: Select the app, and you should be able to uninstall, force close, or force stop it (often, you cannot uninstall core apps, only disable them, but these apps are unlikely to be the problem).

Step 9: Select Uninstall to delete the infected app and anything else suspicious, and your Android device should remove the app in question. It's also a good idea to go through your app list and uninstall any suspicious downloads — if you haven't looked through this list before, you might be surprised at some of the strange things your device has on it.

What should you do if you are unable to uninstall the app?

In some cases, you will be unable to uninstall the problematic app. In fact, the option to delete may not exist at all. Instead, you'll see Disable on the menu, and that'll be the end of it. An app with superpowers (and potentially dangerous malware or ransomware) can gain access to your administrator settings. The app may have granted itself administrative privileges in order to protect itself from deletion.

Step 1: Simply return to the original Settings menu and scroll down to Lock Screen and Security (or a similar corresponding section).

Step 2: In the Security menu, look for a tab labeled Phone (Device) Administrators. Keep in mind that depending on the hierarchy of your security menu, you may need to go to Other security settings first. You should be able to find the setting that allows the malware to camp out in Phone Administrators.

Step 3: After that, all you have to do is tweak the settings and you can finally delete the app.

Get some Malware Protection

It's a good idea to give each Android device plenty of security and malware protection, and it's especially important to install antivirus software if you've had bad luck with questionable apps in the past. After you have manually deleted the app that is causing you problems, you will need to increase the overall security of your phone.

Fortunately, there are plenty of security apps available. Rather than downloading multiple apps that only do one or two things, look for a security app that has all of the features you need in one. A good security app will be able to delete junk or spam files, scan for viruses, and keep your data safe. Some apps have options to automatically delete any questionable software.

We recommend Safe Security, AVG Antivirus, or Avast Antivirus, all of which can be downloaded from the Google Play Store. In addition, we have a comprehensive guide to Android security and antivirus recommendations. You'll notice that your device performs better overall once you've downloaded proper malware protection.

Remember to always keep your software up to date with the latest version. Your devices should do this automatically, but you can manually check for updates on a regular basis. Your phone will be far more vulnerable to attack if you do not perform regular software updates. If you have any doubt about the topic. Please contact us. Airzero sec will be your security partner.

Email:[email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/