Tecomex Forensics Ltd

15/03/2024

Fellow compatriots, join the SANS organisation online for free Cybersecurity training and many more! Good luck.

Learn the benefits of joining the SANS cybersecurity community online.

15/03/2024

Assalamu Alaikum matasanmu masu sha'wan koyon sana'an Cybersecurity, Digital Forensics da Cryptography. Barkanku da zuwa wannan dandalin. Insha Allah zan dinga posting abubuwa da zasu amfaneku matuka a wannan dandalin. Allah Ubangiji Ka datanmana. Amin.

23/10/2023

Hello everyone following this page. I am delighted to announce that we will soon be back. We will be posting issues relating to Cybersecurity, Digital Forensics, Artificial Intelligence, and much more. We will also be posting training and job opportunities in these areas of human endeavour. Watch the space!

16/09/2022

30 Search Engines for Cybersecurity Researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarefare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.
13. FullHunt—Search and discovery attack surfaces.
14. AlienVault—Extensive threat intelligence feed.
12. ONYPHE—Collects cyber-threat intelligence data.
15. Grep App—Search across a half million git repos.
17. URL Scan—Free service to scan and analyse websites.
18. Vulners—Search vulnerabilities in a large database.
19. WayBackMachine—View content from deleted websites.
16. Shodan—Search for devices connected to the internet.
21. Netlas—Search and monitor internet connected assets.
22. CRT sh—Search for certs that have been logged by CT.
20. Wigle—Database of wireless networks, with statistics.
23. PublicWWW—Marketing and affiliate marketing research.
24. Binary Edge—Scans the internet for threat intelligence.
25. GreyNoise—Search for devices connected to the internet.
26. Hunter—Search for email addresses belonging to a website.
27. Censys—Assessing attack surface for internet connected devices.
28. IntelligenceX—Search Tor, I2P, data leaks, domains, and emails.
29. Packet Storm Security—Browse latest vulnerabilities and exploits.
30. SearchCode—Search 75 billion lines of code from 40 million projects.

Thank you for reading.

Credit: Ibrahim Amin.

20/02/2019

Kali Linux 2019.1 has just been released. Grab your free copy.

Wohooo! Great news for hackers and pe*******on testers. Kali Linux 2019.1 Released — Operating System For Hackers

16/02/2019

Yes, Tecomex Forensics Ltd provides Cryptology and Cybersecurity services to Jaguar Land Rover. We are proud of our partnership and achievements at JLR.

18/11/2018

Technology is the foundation of society, but also a serves as a way for terrorists to communicate, coordinate attacks, recruit members and spread propaganda. Here are 6 ways that digital intelligence can work against terrorism to fight for a safer world.

Although technology is the foundation of modern society, terrorists exploit it to communicate, coordinate attacks, recruit members and spread propaganda using multiple platforms and channels. So, what does this all mean for law enforcement? What you’ll learn: How terrorists are creating a digital ...

02/02/2018

CHINA BUGGED AFRICAN UNION HQ, AS AU OFFICIALS ARE ALSO TARGETED BY BRITISH INTELLIGENCE

The US$200 million African Union headquarters was fully funded and built by China and opened to great fanfare in 2012. It was seen as a symbol of Beijing’s thrust for influence in Africa, and access to the continent’s natural resources.

China also built and paid for the African Union’s computer network – but inserted a backdoor hole, allowing it access to the continental organisation’s confidential information.

In January 2017, the information technology unit at the African Union’s headquarters in Addis Ababa noticed something strange, according to a stunning investigation in French newspaper Le Monde.

Every night, between midnight and 2am, there was a strange peak in data usage – even though the building was almost entirely empty. Upon further investigation, the technicians noticed something even stranger. That data – which included confidential information – was being sent to servers based in Shanghai.

“According to several sources within the institution, all sensitive content could be spied on by China,” wrote Le Monde. “It’s a spectacular leak of data, spread from January 2012 to January 2017.”

The Chinese mission to the AU did not respond to Le Monde’s request for comment.

Once the problem was discovered, African Union officials acted quickly to fix it. The organisation acquired its own servers, and began encrypting its communications. In July 2017, a team of experts from Algeria – a country with a notoriously efficient intelligence community – along with cybersecurity experts from Ethiopia combed the building from top to bottom, looking for hidden microphones and other potential weaknesses.

China would not be the first supposedly friendly superpower to spy on the African Union. A separate investigation in December 2016, conducted by Le Monde and The Intercept, revealed that African Union officials were targeted for surveillance by British intelligence.

Source: The Nigeria News Network.

29/12/2017

WHY I WILL BE OFF FACEBOOK FOR A COUPLE OF WEEKS

Fellow compatriots, I write to advise that I will be on and off Facebook for the next couple of week, to concentrate on my company's Cybersecurity project at the University of Wales, Trinity Saint David (UWTSD) in Swansea.

It can be recalled that our company, Tecomex Forensics Ltd, has been invited to setup a Cybersecurity centre at UWTSD. We have been working on this project for the last 15 months and have now reached a critical stage.

We will keep our eyes and ears on political developments in our fatherland. If there is any serious matter that crops up, which needs CUPS urgent intervention, I promise you we will be there.

Accept my sincere apology for not being able to respond to all of your messages in my inbox. I appreciate your love, respect, and appreciation of the work that we do at CUPS. This is why I will do my best to attend to all of these messages when I come back.

Finally, we solicit your prayers for the success of the UWTSD Cybersecurity project. Thanks and God bless you all. Amen.

Dr. Idris Ahmed.
CUPS.
29/12/2017.

22/08/2017

This is how Internet of things can become perilous if deployed without proper security at the point of implementation.

Your Computer, Smartphone and Other Smart Devices Can Be Hacked to Track Your Body Movements And Activities Remotely

03/08/2017

HACKERS HAVE DEVELOPED A DANGEROUS ANDROID KEYLOGGER THAT STEALS EVERYTHING FROM YOUR MOBILE BANKING

Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They have now shifted from traditional to more clandestine techniques that come with limitless attack vectors and are harder to detect.

Security researchers have discovered that one of the most dangerous Android banking Trojan families has now been modified to add a keylogger to its recent strain, giving attackers yet another way to steal victims sensitive data.

Kaspersky Lab's Senior malware analyst Roman Unuchek spotted a new variant of the well-known Android banking Trojan, dubbed Svpeng, in the mid of last month with a new keylogger feature, which takes advantage of Android's Accessibility Services.

Trojan Exploits 'Accessibility Services' to Add Keylogger

Yes, the keylogger added in the new version of Svpeng takes advantage of Accessibility Services — an Android feature that provides users alternative ways to interact with their smartphone devices.

This change makes the Svpeng Trojan able not only to steal entered text from other apps installed on the device and log all keystrokes, but also to grant itself more permissions and rights to prevent victims from uninstalling the Trojan.

In November last year, the Svpeng banking trojan infected over 318,000 Android devices across the world over the span of only two months with the help of Google AdSense advertisements that was abused to spread the malicious banking Trojan.

Over a month ago, researchers also discovered another attack taking advantage of Android's Accessibility Services, called Cloak and Dagger attack, which allows hackers to silently take full control of the infected devices and steal private data.

If You Are Russian, You Are Safe!

Although the new variant of the Svpeng malware is not yet widely deployed, the malware has already hit users in 23 countries over the course of a week, which include Russia, Germany, Turkey, Poland, and France.

But what's worth noticing is that, even though most infected users are from Russia, the new variant of Svpeng Trojan doesn't perform malicious actions on those devices.

According to Unuchek, after infecting the device, the Trojan first checks the device's language. If the language is Russian, the malware prevents further malicious tasks—this suggests the criminal group behind this malware is Russian, who are avoiding to violate Russian laws by hacking locals.

How 'Svpeng' Trojan Steals Your Money

Unuchek says the latest version of Svpeng he spotted in July was being distributed through malicious websites that disguised as a fake Flash Player.

Once installed, as I have mentioned above, the malware first checks for the device language and, if the language is not Russian, asks the device to use Accessibility Services, which opens the infected device to a number of dangerous attacks.

With having access to Accessibility Services, the Trojan grants itself device administrator rights, displays an overlay on the top of legitimate apps, installs itself as a default SMS app, and grants itself some dynamic permissions, such as the ability to make calls, send and receive SMS, and read contacts.

Additionally, using its newly-gained administrative capabilities, the Trojan can block every attempt of victims to remove device administrator rights—thereby preventing the uninstallation of the malware.

Using accessibility services, Svpeng gains access to the inner working of other apps on the device, allowing the Trojan to steal text entered on other apps and take screenshots every time the victim presses a button on the keyboard, and other available data.

"Some apps, mainly banking ones, do not allow screenshots to be taken when they are on top. In such cases, the Trojan has another option to steal data – it draws its phishing window over the attacked app," Unuchek says.

"It is interesting that, in order to find out which app is on top, it uses accessibility services too."

All the stolen information is then uploaded to the attackers' command and control (C&C) server. As part of his research, Unuchek said he managed to intercept an encrypted configuration file from the malware's C&C server.

Decrypting the file helped him find out some of the websites and apps that Svpeng targets, as well as help him obtain a URL with phishing pages for both the PayPal and eBay mobile apps, along with links for banking apps from the United Kingdom, Germany, Turkey, Australia, France, Poland, and Singapore.

Besides URLs, the file also allows the malware to receive various commands from the C&C server, which includes sending SMS, collecting information such as contacts, installed apps and call logs, opening the malicious link, gathering all SMS from the device, and stealing incoming SMS.

Lukas Stefanko, malware researcher at ESET, has shared a video (given below) with The Hacker News, demonstrating the working of this malware.

The Evolution of 'Svpeng' Android Banking Malware

Researchers at Kaspersky Lab initially discovered the Svpeng Android banking malware trojan back in 2013, with primary capability—Phishing.

Back in 2014, the malware was then modified to add a ransomware component that locked victim's device (by FBI because they visited sites containing po*******hy) and demanded $500 from users.

The malware was among the first to begin attacking SMS banking, use phishing web pages to overlay other apps in an effort to steal banking credentials and to block devices and demand money.

In 2016, cyber criminals were actively distributing Svpeng via Google AdSense using a vulnerability in the Chrome web browser, and now abusing Accessibility Services, which possibly makes Svpeng the most dangerous mobile banking malware family to date that can steal almost anything—from your Facebook credentials to your credit cards and bank accounts.

How to Protect Your Smartphone From Hackers

With just Accessibility Services, this banking Trojan gains all necessary permissions and rights to steal lots of data from the infected devices.

The malicious techniques of the Svpeng malware even work on fully-updated Android devices with the latest Android version and all security updates installed, so it is little users can do in order to protect themselves.

There are standard protection measures you need to follow to remain unaffected:

1. Always stick to trusted sources, like Google Play Store and the Apple App Store, but only from trusted and verified developers.

2. Most importantly, verify app permissions before installing apps. If any app is asking more than what it is meant for, just do not install it.

3. Do not download apps from third party sources, as most often such malware spreads via untrusted third-parties.

4. Avoid unknown and unsecured Wi-Fi hotspots and Keep your Wi-Fi turned OFF when not in use.

5. Never click on links provided in an SMS, MMS or email. Even if the email looks legit, go directly to the website of origin and verify any possible updates.

6. Install a good antivirus app that can detect and block such malware before it can infect your device, and always keep the app up-to-date.

Source: The Hacker News.