Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Malware Report
Android Malware Breaking News Malware Report

Android malware steals money from QIWI Wallets

Cyber criminals are continually finding new ways to earn money using infected devices.  We aware of SMS Trojans that earn money by sending out premium-rated messages from the infected android devices.

Experts at Kaspersky have recently spotted a new Android Trojan that not only send SMSs to premium-rate numbers but also steals money from QIWI electronic wallet.

Visa QIWI Wallet is electronic payment service can be used to pay for goods and services around the world, receive payments, and transfer money.

Once installed on a device, the malware, dubbed as 'Waller', attempts to communicate with Command and control (C& C) server located at playerhome.info and awaits further commands.

Malware is capable of checking the balance of infected phone by sending SMS to mobile network operator and intercepts the reply, send SMS, open web pages, download and install other malware.  It is also capable of updating itself and send SMS to victim's contact list.

This trojan also checks the balance in the QIWI Wallet by sending an SMS to 7494.  The response messages is intercepted by the trojan and forwarded to the cyber criminals.  If there is money in the Wallet, the malware will send message to 7494 with attacker's wallet number and the amount to be transferred.

The Trojan is being distributed via SMS spam and cybercriminal's site disguising as various applications.
Read more »
surveillance
Information Security Security News surveillance

Yahoo revamps security to protect users' data from NSA


Yahoo says they have introduced few improvements in encrypting the users' data in an attempt to prevent cyber attacks and Government surveillance.

Alex Stamos, who recently joined Yahoo as Chief Information Security Officer, said that traffic moving from one Yahoo's data center to another is fully encrypted as of March 31.

The move came after whistleblower Edward Snowden leaked documents that alleged that traffic from Google and Yahoo data centers were being intercepted by NSA.

Yahoo has enabled encryption of mail between its servers and other mail providers.  Search requests made from Yahoo homepage are also now automatically being encrypted. 

Yahoo is promising to release a new, encrypted, version of Yahoo messenger within next few months.

"In addition to moving all of our properties to encryption by default, we will be implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months. This isn’t a project where we’ll ever check a box and be 'finished.' " Stamos wrote in the blog post.

"Our fight to protect our users and their data is an on-going and critical effort. We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy."he added.
Read more »
Security Breach
Data Breach Featured Security Breach

Spec's breach affects 550,000 customers

Texas liquor store Spec's says it experienced a cyber attack on its network  that exposed personal and financial information of more than a half million customers.

The company issued a statement saying the breach affects fewer than 5% of its total transactions.  Those who shopped at one of the 34 their affected stores were affected by this breach.

According to the statement, the attack began on October 31,2012 and may have continued through March 20 of this year.

The exposed information includes names, credit/debit card number, expiration date and card security code or check information including Bank account number, bank routing number, birth dates, driver's license number.

Spec's spokeswoman Jenifer Sarver told the Houston Chronicle that the breach affected "an estimated fewer than 550,000" customers and Spec's employees.

Spec's says it's working with United States Secret service in ongoing criminal investigation to arrest the attackers and taking steps to prevent future attacks.
Read more »
Security News
IT Security News Security News

Fake Google apps found in Windows Phone store


Both android iOS have official apps from Google,  but Windows phone users are not blessed with the Google Apps.  But, they have one official Google search app for windows phone.

Recently some of Google apps including Google Hangouts, Google voice, Google + , Google maps and Gmail were placed in the Windows phone store with the price tag of $1.99.

While the legitimate Google search app for Windows has been published with developer name as 'Google Inc', all of these apps were published by "Google, Inc".

The clear intention here is to fool the windows phone users into believe these are official apps from Google.  These fake apps were first spotted by WinBeta.

Microsoft has removed these apps from its store, after The Next Web contacted the Microsoft about the issue.

“We removed a series of apps for violating our policies concerning the use of misleading information,” a Microsoft spokesperson told TNW. "The apps attempted to misrepresent the identity of the publisher."
Read more »
Virtual Currency
Litecoin Malware Report Virtual Currency

Malware uses Your Phone to generate virtual currency for cybercriminals


Is your android mobile phone often overheating or the battery draining faster than normal? There are chances that your mobile phone is infected with a malware that will use your phone to generate money for cyber criminals.

Researchers at Lookout have spotted a new piece of malware targeting android devices on some spanish forums that distributes pirated software.

This malware, referred as 'CoinKrypt', is not designed to steal any information from the infected devices.  However, that doesn't mean that it is not harmful.  It will use the maximum computation power of your device to generate virtual currencies.

It will result in the infected device getting overheated and will affect the battery life.

The malware appears to be targeting only newer virtual currencies such as Litecoin, Dogecoin, Casinocoin.  Since, one will need high computing power to generate the popular and most valuable virtual currency 'Bitcoin', the cyber criminals didn't include the bitcoin mining process in this malware.

At this time, it is almost one million times easier to mine Litecoin than Bitcoin and over 3.5 million times easier to mine Dogecoin. Even though these newer coins are not as valuable as Bitcoins(1BTC is around $650, 1LTC is reaching $20), cyber criminals are probably hoping that one day they will reach high value like Bitcoins.
Read more »
zero Day vulnerability
Exploits Featured Vulnerability zero Day vulnerability

Opening an email containing RTF in Outlook hands your computer to hackers

How many of you are using Microsoft Outlook in your office? Previewing or opening an email containing .RTF file in Microsoft Outlook will open a backdoor for remote hackers to access your machine.

Microsoft warned today that attackers are exploiting a new zero-day vulnerability in Microsoft Word that allows them to run arbitrary code in the vulnerable system.

"The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word" Security advisory reads. "or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer."

The vulnerability affects Microsoft word 2003, 2007,2010,2013, word viewer and Microsoft Office for Mac 2011.  Advisory states that the exploits it has seen so far have targeted Microsoft word 2010 users.

Microsoft is in the process of creating patch for this security flaw.  In the meantime, they have released a temporary Fix it solution which prevents opening of RTF files in Microsoft word.

Other suggestion to prevent yourself from being victim are 'configuring the outlook to read email messages in plain text format', 'using Enhanced Mitigation Experience Toolkit(EMET)'.
Read more »
Syrian Electronic Army
Featured hacker news Syrian Electronic Army

Syrian Electronic Army gather evidence that Microsoft selling your information to FBI

A document recently leaked by Syrian Electronic Army shows that Microsoft is charging FBI secret division to legally view customer information.  The documents are said to have been taken from Microsoft.

Syrian Electronic Army(SEA) is known for hacking social media accounts and websites of top organizations including Microsoft, CNN, Daily dot and more. 

SEA allowed the Daily Dot to analyze the documents before they published in full.

The document is said to be containing emails and invoices between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU).

The documents shows that Microsoft charged FBI $145,100 in December 2012, broken down to $100 per request for information.  But in 2013, Microsoft allegedly doubled the amount, charged FBI $200 per request for a total of $352,200.  For the recent invoice(Nov 2013), they charged $281,000.

The information provided to FBI including Live email ID, PUID, name, address, country, IP address, Date of Registration and few other details.

Here is the screenshot of documents:





Read more »
IT Security
Information Security IT Security

Cyber Defence Course Level 1 in Anna University, Chennai

Most of us from beginners to advanced users use mobile phone/laptops/desktops. We don’t know to secure our machines/phones from hackers, viruses, spies who want to get our information. Here is a short course on securing your computer. mobile phones and laptops from most advanced cyber espionage guys.

Who should learn this:

a. Corporate users – Marketing, sales, CEO, CFO’s who are targeted by corporate espionage

b. Women & Children who want to secure their phones, emails, social media.

c. Lawyers , Doctors who may be targeted to get information on their clientele.

d. Common Man – Anyone who uses computers from young to old for securing their own machines/laptops to protect their loved ones.

e. College Students

Content:

Computer:

  • Security in general.
  • Online security and safe browsing practices.
  • Using live CD for banking.
  • Social Media privacy settings (FB, Twitter, Gmail , 2 factor auth)
  • What can malware do ?
  • Firewall.
  • Check for malware without AV (find undetectable virus).
  • Removing malware manually.
  • Checking USB for malware also disabling autorun.inf type virus.
  • Anti Keylogger.
  • Sandbox.
  • Recover Files.
  • Secure Wipe Files.
  • Encrypt files.
  • Encrypted Email
  • Encrypted Chat

Phone:

Secure Chat, Phone, Messaging on windows, android & others.


Certificate:

Cyber Security & Privacy Foundation will give certificate.

Register here

 Venue:
Anna University, Chennai
Read more »
Breaking News
Android Malware Android Vulnerability Breaking News

Pileup flaw: Android updates can be exploited by malware to gain permissions

Upgrading an operating system patches the security holes in the previous versions.  However, researchers found a bug in upgrading process of Android itself, which can be exploited by malicious apps.

A team of researchers from Indiana University and Microsoft have published a paper explains a new critical security bugs which are referred as "Pileup flaws".  The vulnerability exists in Package Management Service (PMS) of Android.

When a user upgrades android to the latest version, a malicious app with few or no permission in the old version can exploit this vulnerability to update itself with new set of permissions.

An attacker can exploit this vulnerability to steal sensitive information from the compromised device, change security configurations and also prevent installation of critical system services.

Researchers say they have confirmed the presence of security hole on all official android versions as well as 3,000 customized android versions.

Researchers also have developed a new service called 'SecUp' which is capable of detecting the malicious apps designed to exploit PileUp vulnerabilities.
Read more »
ZeuS
Malware Report ZeuS

Variant of Zbot makes money for cybercriminals via pay-per-click ads


Zeus(ZBot) is the notorious trojan known for stealing login credentials associated with online banking, continues to evolve.

A new variant spotted by TrendMicro security researchers is doing totally different task than other variants.  This variant displays websites containing advertisements..

Every time user try do something on the infected machine, these websites will get occupied on the entire screen preventing user from accessing other windows or files.

Even though victim can access the desktop by pressing the 'show desktop' shortcut(win+d),  but the websites still being displayed in the background.

"It should be noted that the sites being displayed are all legitimate–running from gaming sites, ticketing sites, music sites to search engines." researcher said.

"Users can actually navigate these displayed sites. One curious feature of this malware is that it also performs various mouse movements and scrolling when the mouse is idle."

Interestingly, this variant doesn't include a module to steal banking credentials.  However, it achieves the main goal of stealing credentials - making money for cyber criminals.
Read more »
Website Hacked
Breaking News Website Hacked

EA Games website hacked to host Apple phishing page

A webserver belonging to the EA Games has been compromised by cybercriminals and it is now hosting a phishing page attempting to steal Apple IDs.

According to Netcraft report, hackers managed to break into the sub-domain by exploiting vulnerabilities in the outdated version of web calendar application.

The Web Calendar version 1.2.0 has a critical vulnerability that allows attacker to run arbitrary code.

The phishing page tricks users into handing over their login credentials for the Apple website.  After entering the Apple ID and password, it will display second form which asks to victim to enter card details, name, birth date, phone number and few other details.  Like the usual phishing pages, once victim submit the details, he will be redirected to legitimate apple site.

Netcraft says the hacker might also have gained access to the internal servers and other information.

"In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server." The blog post reads.
Read more »
Subscribe to: Comments (Atom)