Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Malware Report
Android Malware Information Security Malware in Google Play Malware Report

Android SMS malware hosted on Google Play infects 1.2 Million users


Experts often suggest to download android apps only from Google Play to avoid malware infection.  But, it doesn't mean that we can trust all of the apps hosted on Google.  

Security researchers from Panda security has found more than five malicious apps being hosted on Google play.

The apps in question appear to be targeting users in Spain.  Name of the apps are in Spanish: “Peinados Fáciles” (Easy Hairdos), “Dietas para Reducir el Abdomen” (Abs Diets), “Rutinas Ejercicios para el Gym” (Workout Routines) and “Cupcakes Recetas” (Cupcake Recipes).

The apps obtain phone number of the infected device from WhatsApp and uses it to sign the victim up to a premium rated SMS subscription services.

Researchers say that each of these apps have been downloaded by between 50k and 100k users. It means that between 300k and 1.2 Million users might have affected this malware.

“The truth is that fraudsters are making insane amounts of money from these premium services. A conservative estimate of, let’s say, €20 paid by each user would result in a huge sum of 6 to 24 million euros stolen from victims”, said Luis Corrons, Technical Director of PandaLabs.
Read more »
Syrian Electronic Army
Featured Social Engineering Attack Syrian Electronic Army

Syrian Electronic Army hacks Forbes website and twitter accounts

Forbes, american business magazine, is appeared to be the latest victim of the Syrian Electronic Army.  The group has managed to post articles entitled "hacked by syrian electronic army".

The group is experts in phishing attack -targeting employees of the organization with a fake emails.  We believe hackers used the same method for compromising Forbes' employees also.

It appears they have gained admin access to the wordpress panel that allowed them to post stories.

The group appears to have compromised one twitter account of forbes (@forbestech) and two twitter accounts(@thealexknapp, @samsharf) belong to their employees.  At the time of writing, Samantha sharf account still shows the hackers tweet.

The hackers said the reason for hacking forbes is because the publication posted  many articles against syrian electronic army, with muchnhate for syria.

Read more »
Web Application Vulnerability
DDOS Attacks Tomcat Vulnerability Vulnerability Web Application Vulnerability

CVE-2014-0050: Apache Tomcat vulnerable to Denial of service attack

If you are a developer, you should always be careful when writing loops especially an endless loops [ for(;;) or while(true) ] which are coded to be stopped by an 'if' statement.

Security researchers from TrustWave have explained how an endless 'for' loop resulted in a denial of service vulnerability that could allow attackers to launch DOS attacks against websites hosted on Apache Tomcat servers.

The vulnerability(CVE-2014-0050) is located in Apache Commons FileUpload file.  The 'for' loop in the file is coded in such a way that it will be stopped by raising an exception or by returning a value. 

An attacker can send a malformed 'Content-type' header for a multipart request which could result in an infinite loop.

Multipart is often used in HTTP request for uploading files.  Values in the multipart requests are separated by a magic line called "boundary".  Boundary is a random string which will be defined in the 'content-type' header.

By sending a boundary value longer than 4091 characters and 'body' longer than 4096 characters, the 'for' loop won't be stopped by both 'if' statement.

TrustWave researchers managed to send four times a request containing more than 4091 characters in the boundary field that forces vulnerable tomcat server into an infinite loop.  As a result, the tomcat server will end up in consuming all available CPU resources until it is stopped.
Read more »
Spear Phishing attacks
Breaking News Data Breach Social Engineering Attack Spear Phishing attacks

Target data breach started with a Spear phishing attack targeting HVAC firm

A latest information on Target data breach published by security blogger Brian Krebs shows the power of Social Engineering attacks. 

It appears everything began from a spear phishing attack in which employees of HVAC company Fazio Mechanical Services targeted with an email containing a piece of malware.

Sources have told Krebs that the malware used in the attack is Citadel- a notorious banking trojan capable of stealing login credentials and other information.  However, Krebs isn't able to confirm the information.

The reason why the company didn't get chance to identify the malware is because it is using a free version of Malwarebytes Anti-malware to protect is internal systems.

Malwarebytes is one of good tool capable of scanning and removing threats from infected machines.  However, unlike the Pro version(just $25), it doesn't offer any real-time protection.

Furthermore, the free version is meant for individuals not for companies, also the license for free version prohibits corporate use. 
Read more »
Malware Report
Bitcoin malware Breaking News CoinThief malware Hacking News Malware Report

Bitcoin stealing Mac malware found to be hosted on Download.com and MacUpdate.com

Image Credits: ThreatPost.
Another variant of the recently discovered Mac Trojan "OSX/CoinThief" is found to be hosted on two popular download websites Download.com and MacUpdate.com.

CoinThief malware is designed to steal Bitcoins login credentials from victim as well as Mac's username and UUID(unique identifier), also collects information about the list of Bitcoin related apps installed on the system.

Few days back, SecureMac spotted this Trojan is being hosted under the name of "Stealthbit" on GitHub and downloaded by hundreds of users.  One user from reddit also pointed out the similarity between an one year old fake bitcoin related app "BitVanity" and stealthbit.

Now, experts at SecureMac have spotted one more variant being hosted under the name of "Bitcoin Ticker TTM" and "Litecoin Ticker" on popular download sites.  These app names appear to have been taken from legitimate apps in the Mac app store.

This version also installs fake browser extension called as Pop-up Blocker in Chrome, safari and firefox.  The malicious extension attempts to sniff on the web traffic to steal  bitcoin login credentials.  It will communicate with the background process and send collected data to a remote server.

SecureMac has explained how to check whether malware is installed on your system and how to remove this CoinThief malware.

The developer of legitimate Bitcoin Ticker TTM app said he has no connection with download.com & Macupdate.com and recommends users to download the app from Mac app store.
Read more »
DDOS Attacks
Anonymous hacktivists DDOS Attacks

Anonymous hacktivists launch DDOS attack against GCHQ website


It seems like Anonymous hackers have launched a Distributed denial of service(ddos) attack against GCHQ website.

The attack just came after Edward Snowden leaked a document which revealed that British Spy Agency (GCHQ) carried out ddos attacks to disrupt the anonymous hacktivists' communication channel.

Some anonymous hacktivists also claimed to have successfully disrupted the website of GCHQ.  Netcraft confirmed that gchq.gov.uk today has experienced 'noticeable performance issues'.  Netcraft says the attack could be originated from Romania.

"Curiously, a much larger amount of downtime has been observed from Netcraft's Romanian performance monitor since the leaked slides were made public."Netcraft post reads.

"That could indicate much more extreme DDoS mitigation techniques are being applied to these requests, and this in turn suggests that if an attack is occurring, perhaps Romania is one of the countries from which the attacks are being launched."
Read more »
NTP based DDOS attack
DDOS Attacks Featured hacker news NTP based DDOS attack

400Gbps NTP-based DDOS attack hits CloudFlare - largest DDOS attack in History

Until a week ago, it was believed that Distributed denial-of-service(DDOS) attack against Spamhaus is the largest one in the history.  Now, an even bigger DDOS attack has been recorded by the Content delivery Network CloudFlare.

Matthew Prince, CloudFlare CEO, said in twitter that very big NTP reflection attack was hitting them and appears to be bigger than the Spamhaus attack from last year.

According to Matthew, the attack reached 400Gbps which is 100Gbps higher than the ddos attack targeting Spamhaus. 

CloudFlare said all websites have returned to production.

Founder of a French hosting firm OVH also said their network received more than 350Gbps traffic, but it is not clear whether it is related or not.

Last month, CloudFlare also wrote an article detailing about the Network Time protocol(NTP) based DDOS attacks that caused trouble for some gaming web sites and service providers.

NTP protocol is UDP-based protocol runs on port 123 which is used by Internet connected computers to set clocks accurately.  A system will synchronize with the server and receives the current time.

Experts says this protocol is prone to amplification attacks because it will response to the packets with spoofed source IP address "and because at least one of its built in commands will send a long reply to a short request. That makes it ideal as a DDoS tool."

List of open NTP servers on the Internet allows attackers to launch Denial of attack against any target network. 
Read more »
Hacking News
Breaking News Defaced Website defacement Hacking News

Las Vegas Sands casino websites hacked and defaced by Anti WMD Team

Las Vegas Sands Corp which is said to be the world largest casino operator, has been targeted by hackers.  Websites of Sands casino and its subsidiaries have been defaced.

The sites home page modified with the world map marking the location of sands casinos with flickering flame.

"Damn A, Don't  let your tongue cut your throat "the defacement message reads. "Encouraging the use of weapons of Mass destruction, Under Any condition , is a Crime"

The defacement also contained personal information of Sands employees including e-mail id, social security numbers and other information.

The sign left in the defacement suggest it is done by a hacker group identified as "Anti WMD team".  However, we are not able to find any history about this group.

List of affected websites are: Sands official website (sands.com), Venetian (www.venetian.com), Palazzo (palazzo.com), Sands Bethlehem (pasands.com), Marina Bay Sands (www.marinabaysands.com), Venetian Macao (venetianmacao.com), Sands Macao (sandsmacao.com) and Holiday Inn Macao Cotai Central (sandscotaicentral.com).

All of the affected websites are currently showing "Undergoing Maintenance" message.

Sands Spokesperson told Associate Press that the company is working with law enforcement to find out the hacker behind this security breach.  The company couldn't say whether customers' card data had been compromised.
Read more »
Hacking News
Credit Card hack Hacking News

Paypal President David Marcus credit card gets hacked

David Marcus, Paypal president is to be the latest person to fall victim to credit card fraud.

Marcus said on Monday that his Credit card data were compromised. The cybercriminals made several fraudulent transactions using the obtained information.

Marcus points out that his card using EMV technology which is being touted as a more secure system than magnetic stripe.  But that didn't stop the cybercriminals.

It seems like he did not want to waste this opportunity, he used this incident to promote his company's security benefits.  He said this breach would not have happened, if the merchant accepted Paypal. 

"Obfuscating card data online, on mobile, and now more and more offline remains one of PayPal's strongest value props." he said in twitter.

Paypal is claimed to be more secure and doesn't share card data or bank account details with merchant.  But, we reported that a hacker reportedly manipulate a paypal employee to get the last four digits of a card.
Read more »
Point of Sale malware
Featured JackPos Malware Malware Report Point of Sale malware

JackPos, a new Point of Sale malware stole thousands of Credit card data

Cyber criminals keep targeting Point of Sale(POS) with malware in an effort to steal credit card data.  A new malware targeting POS have been uncovered security researchers.

According to the cyber intelligence firm IntelCrawler, the new POS malware dubbed as "JackPos" which is being distributed through drive-by download attack disguise itself as Java Standard Edition binary, replaces the legitimate Java Update Scheduler file in the infected system. 

The loaders used in the "Drive-by" download attack has been written in obfuscated and compiled AutoIt Script.  Researcher says it is a technique to avoid AV detection and unpack additional malicious codes that will receive instructions from C&C server.

"The Cybercriminals have used some sophisticated scanning, loading, and propagating techniques to attack these vectors to look to get into the merchants system through external perimeters and then move to card processing areas, which were possibly not separated in compliance with PCI polices."IntelCrawler said.


At least 4,000 credit card data appeared to be stolen from several countries.  The list of target countries including Canada, Brazil, India, France, Spain, United states, Argentina, Korea and others.

According to Globe and Mail, more than 400 card data have been stolen from Bangalore City, India. 3,000 cards' data stolen from Sao Paulo, Brazil.  700 cards data from Canada, 230 cards data from Madrid have also been compromised.
Read more »
Malware Report
Banking Trojans Breaking News Corkow Malware Report

Corkow, a Banking Trojan which has interest in Bitcoins and Android developers

Security researchers at ESET have found that the infection ratio of the lesser-known Russian Banking Trojan "Corkow" is increasing.

According to WeLiveSecurity, the Corkow trojan allows attackers to use different plug-in to improve the capabilities.

Like other trojans, it is capable of logging keystrokes, grab screen shots, web injection and form-grabbing to trick victims into handing over their financial data to cyber criminals.

In addition to the usual banking trojan features, it also allows attackers to remotely access the trojan and installs Pony- universal password stealer.

The malware also capable of collecting browser history, list of applications installed and processes running on the infected machine.

It appears the malware has interest on websites and softwares related to Bitcoins and systems belong to Android developers who publish apps in Google Play.

Once a system is infected, the malware's payload will be encrypted using volume serial number of C drive and behaves innocuously, if it is being executed in a separate computer from the one it initially infected in an attempt to make the malware analysis difficult.

ESET is about to release more detailed technical examination of this malware next week.
Read more »
Subscribe to: Comments (Atom)