Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Spam Report
Phishing scam Spam Report

Employee email accounts of Children's National Health System targeted with Phishing emails


Children's National became a victim of a cyber-attack, after its employees responded to phishing emails by hackers believing they were legitimate.

The issue came to light on December 26 last year and Children's National believes that any potential unauthorized access of its employees email accounts could have taken place between July 26 and December 26 last year.

Children's National has come out to say that Patient History Information of various patients in the affected email accounts has been put at risk, and although it has not received any information regarding the misuse of this information, affected people are being informed to stay on the lookout for discrepancies in their insurance statement.

On learning of the incident, Children's National immediately secured the emails accounts of the affected employees and began an investigation into the matter. They hired an external forensics firm to carry out their investigation into the matter.

They implemented new safety features and reviewed its systems to upgrade the security of their network. They have also setup a dedicated call centre with a helpline number for getting in touch with the affected patients.
Read more »
Hacking News
Data Breach Hacking News

Data breach of Advantage Dental


An intruder had accessed internal membership information of more than 151,000 patients of an Advantage Dental, a Redmond-based provider that serves low-income patients at more than 30 clinics in Oregon, in late February, announced on Monday.

According to the Advantage Dental, there is unauthorized access to patients’ names, social security numbers, home addresses, phone numbers, and dates of birth, but treatment details, payment or other financial data were not accessed.

A malware obtained a username and password of Advantage employee’s computer that allows access to the membership database, which is separate from the database that contains financial and treatment information.

An intruder accessed the information continuously for three days from 23 Feb to 26 Feb. Internal IT specialists of Advantage Dental terminated the illegal access immediately upon discovery. Computers equipped with anti-virus software fails to detect new variations of a virus.

No patients have complained about the data being used for criminal activity. Advantage has made necessary security changes in all its clinics, and headquarters in Redmond to avoid further data breach.
Read more »
Yahoo
Dangers of default password email security Featured Information Security News Yahoo

Yahoo to the rescue of forgetful users with "on-demand password"

Passwords are not meant to be remembered. It is meant to be generated fresh, every time you forget it.

This is what Yahoo seems to think as the company just introduced an on-demand password system.

The system works like this: After signing into the Yahoo account one has to select Account security from the account information page and opt-in for “On-demand passwords”. Then one has to enter the phone number where Yahoo sends the verification code and after entering this code one never has to worry about memorizing passwords ever again.

It can be argued that the move away from default passwords is welcome as password theft is very common now a days but some feel that the privacy is being sacrificed because anybody with access to the phone for even a few seconds has the potential to read through all your communication.

But the fact remains that peril of default passwords had been dealt well with the two step authentication process; whereby if one logs in from a new device, in addition to the password one is asked for a code that has been sent to the associated mobile number. A move to completely eliminated the first step seems to be inclining towards laxer cyber-security norms.

At a time when Google tries to put one in panic mode by notifying what happens if you forget your password and repeated reports of security breaches makes one paranoid, the move from Yahoo to eliminate passwords has invited mixed reactions.

Presently, it is available only to US users.

While the effort is in the right direction to deal with password security issues by closely connecting the virtual and real identities, the approach adapted seems to be fallacious.
Read more »
SMS Trojans
Android Malware CAPTCHA Security SMS Trojans

Trojan bypasses captcha to dupe users

A new malware targeting android users have been identified which has the power to bypass user verifications to subscribe people into premium services.
The malware, identified as Trojan-SMS.AndroidOS.Podec can bypass captcha verification or advice of charge (this notifies users regarding charges and seeks payment authorization) and send messages to premium numbers or subscribe users to premium rate services.
The captcha recognition part is what makes this Trojan so devious, the malware communicates with an image to text translation provider called Antigate where a human translates the image for the captcha to text and relays it. The text is then inserted into the actions field, the verification thus happens without user consent and can be exploited to extort money regularly in a covert fashion. The users would have a hard time pointing the source for deduction in accounts.
Till now, it has been circulating in Russia and its neighbouring countries with the infection originating from servers of popular Russian networking site VKontakte or domains with imposing names like Apk-downlad3.ru, minergamevip.com, etc.
The malware is mostly spread through a number of groups on the social networks, all of which makes posts or give links providing cracked versions of popular android games. These groups are similarly managed with the same administrator.
The usage of keywords in descriptions of the groups, hosting of  fake sites all which are based on one idea places the group or sites at top of search results, indicating involvement of black SEO specialists.
Kaspersky Lab's analysts analysed the Trojan which in one case was masquerading as 'Minecraft Pocket Edition'. It operates on the notion that the users are guided by the lightness of the app to download it.
On launch, the application asks for administrator privileges, which if granted makes it impossible to be deleted by the user or a security solution. If the user rejects the request, the Trojan is repeated till privilege is granted. After receiving administrator privileges, the legitimate mine craft is downloaded. After installation the Trojan removes its own shortcuts, replaces it with the Minecraft shortcut and erases traces from the device administrator list. If somehow the users try to delete it, the mobile shuts down or screen locks or shows other erratic behaviour. The Trojan has the further potential to exploit super-user privileges, which some users might have.
Analysis of the malware shows diligent effort on the part of the cybercriminals. They have introduced garbage classes and obfuscation into the code and have also used an expensive legitimate code protector to make the access to the source code difficult. Moreover, while communicating for instructions the Trojan uses an adaptive list of control and command domains, thus even if one domain is blocked under suspicion others can be used. 
It is suspected that the Trojan is undergoing further development with newer capabilities being added.
In light of such circumstances as a user it is best to be wary of free services, avoiding suspicious links and downloading only from official sources like Google Playstore.
(For more information visit SecureList.)
Read more »
Security Breach
Credit Card hack Data Breach Security Breach

Credit Card breach at Zoup puts NEXTEP in a soup


Eating out at Zoup? Be careful while using the credit card.
Thousands may be affected by a credit card breach that originated at the popular point-of-sale vendor NEXTEP systems which serves Zoup, and many other restaurants, corporate cafeterias, casinos, airports.

The incident came to light after  sources in the financial institutions  noted that all the cards which have recently showed fraudulent activity have been used at any of the 75  Zoup outlets across northern half of the United States and Canada. Zoup, one of Nextep’s biggest customers uses Nextep’s services at all outlets.

On being contacted by KrebsonSecurity, Zoup CEO Eric Ersher referred the calls to Nextep who admitted the breach. Nextep President Tommy Woycik  however added that he believed not all customers were impacted by the breach.

The pattern of breach is similar to the ones at other fast food chains —  Dairy Queen and Jimmy Johns, reported last year. In all such cases, malware is injected at the point of sale systems, which is designed to steal data encoded onto the magnetic strip at the back of credit and debit cards. The stolen data is then used to create counterfeit cards, which are then typically used to make purchases at big-box retailers. Such stolen cards are of considerable value at the underground cybercrime stores, and each card is sold for anywhere between $20 and  $100.

It is not clear how the nextep breach occurred but if previous examples are studied, the cause might be traced to stolen credentials which were then used to remotely administer malware into the system.

Effects of breach at point of sale vendors are huge. Last year, breach at the POS vendor Signature Systems Inc affected Jimmy John sandwich shops and at least 100 other restaurants. Earlier this year, Advanced Restaurant Management Applications (ARMA) suffered from a similar breach that affected many of its client restaurants.

Historically, food institutions have been prone to these attacks.While attacks at chain restaurants can be well  detected owing to pattern originating from the  huge data collated, the magnitude of the breach also increases owing to the number of outlets it affects.

KrebsOnSecurity is currently tracking down the commonalities between the POS breaches across the country.
Read more »
Torrent
Breaking News malware Torrent

Crypto currency miner ‘quietly’ bundled with μTorrent, users cry foul


Are you in a hurry to install the newest version of μTorrent? Be careful of what you hit agree to.

Users of μTorrent are fuming after it came to notice that the newest version of the popular file sharing app (version 3.4.2) is coming covertly bundled with Epic Scale which uses a portion of the CPU cycles to mine crypto-currency Litecoin. One Litecoin is worth $1.89.

The complaints in the forum imply that the users had 
no indication of the software being installed, and the reactions ranged from discontent to outraged “good bye μtorrent”.

Users are furious that the processing power of their computers are being utilized without their knowledge.
Bit Torrent has released an official statement that 

Epic Scale is not installed without the consumer’s permission. They further added that like other software companies, they have partner packages in the install path which are strictly optional.
Epic Scale which euphemistically proclaims “Your computer has the power to change the world” denied allegations of the sly installations and said it is included in Bit Torrent clients.
It's website explains,
Epic Scale uses your computer’s idle time to do genomics research, protein folding, image rendering, cryptocurrency mining, and more, then we give a majority of the profits to charities like Watsi (life-changing surgeries), and Immunity Project (HIV vaccine). We do not spy on your browsing behavior or scan your files or anything like that.”

Epic Scale's CEO,Tim Olson stated that they will shift from mining Litecoin to working for full time science research projects.

Philanthropic initiatives aside, the troubling fact remains that it is flagged as a risk and blocked by trackers and firewall. It is difficult to uninstall according to users; in addition to the Removal via Add/Remove Programs, all residual files in the program drive has to be removed manually. Epic  Scale however maintains that it is not a spyware.
It is to be noted that since BitTorrent varies the bundled partner software for each download, not all users will get Epic Scale.
The furore on the forum, prompted Epic Scale to damage control mode. The site has been updated with clear instructions on how to uninstall the code, and the company has promised to display clearer opting out options in the future.
For those who are having troubles uninstalling, can visit Epic Scale's uninstall instructions, or email its support address for help in removing the software.
Read more »
Vulnerability
Information Security News SSL Vulnerability

Web users exposed to "FREAK" attack

SSL/TLS breached

Newly discovered security vulnerability in the SSL/TLS protocol, dubbed as “FREAK” poses potential risks for millions of people surfing the web on Apple, Google and Microsoft browsers.

A whole range of browsers including Internet Explorer, chrome for Mac OS and Android , Apple browsers and about 12% of popular websites like  Bloomberg.com, kohls.com, mit.edu have been found to be vulnerable.

The flaw would allow a “man in the middle” attack which can downgrade security of connections between vulnerable clients/servers by tricking them into using low strength “export grade RSA” , thus rendering TLS security useless.

This 512 bit export grade mode of cryptography can then be easily cracked to compromise the privacy of users, by stealing passwords and other personal information. Larger attacks on the Web sites could be launched as well.

Computing power worth 100 dollars and seven hours is all that is required for a skilled code breaker to crack it.

The flaw was exposed by a team of researchers at INRIA and Microsoft Research who named it as “FREAK” for Factoring attack on RSA-EXPORT Keys.

The “export grade” RSA ciphers resulted from the 1980s policy of the US government which required US software makers to use weaker security in encryption programs which were shipped to other countries. It was meant to facilitate internet eavesdropping for intelligence agencies to monitor foreign traffic. These restrictions were lifted in the late 1990s, but the weaker encryption got wired into widely used software that percolated throughout the world and back into US.

Christopher Soghoian, principal technologist for the American Civil Liberties Union said, “You cannot have a secure and an insecure mode at the same time… What we’ve seen is that those flaws will ultimately impact all users.”

This reveals that a weaker crypto-policy ultimately exposes all parties to hackers and serves a strong argument against the recent requests of the US and European politicians to enable new set of backdoors in established systems.

Apple said its fix for both mobiles and computers will be available next week and Google said it has provided an update to device makers and wireless carriers.

For web server providers , the way ahead entails disabling support for all export cipher and known insecure ciphers.

A full list of vulnerable sites is available here.
Read more »
Data Breach
Breaking News Data Breach

National Grocers investigate unauthorized access to customer payment information


The latest retailer to be hit with a data breach incident in the United States is National Grocers after sources in the financial industry confirmed to KrebsonSecurity that they had identified a pattern of fraud on debit and credit cards of customers who buy their groceries at the 93 various outlets, across 15 states, of the organic and natural grocery chain.

According to US investigative reporter, Brian Kerbs, the Point of Sale Systems (POS) were breached by the hackers at various outlets sometime in December, 2014. This was possible because of the company's weak security if its database
s.

The company said in its response that it was looking into 'a potential data security incident involving an unauthorized intrusion targeting limited customer payment card data.' The company has also not received any information of misuse of the data that has been put at risk, by and individual or financial institution. In wake of the event, the grocery chain has decide to speed up plans to install to Point of Sale systems that provide end-to-end encryption to add more layers of security to their network.


“These upgrades provide multiple layers of protection for cardholder data. The company is in the process of installing this new system at all 93 Natural Grocers stores in 15 states. The company takes data security very seriously and is committed to protecting its customers’ information. This is all the information the company is able to provide at this time, as the investigation into the incident is ongoing," the company's emailed statement concluded.

Many big retailers in the US such as Home Depot, Supervalu, Neiman Marcus and Target have been hit by hackers in recent times. The new POS systems conduct a transaction through the more secure Europay, MasterCard and Visa (EMV) standard, which is the latest technique being used to safeguard against card fraud at POS systems.

In October 2014, Obama signed an executive order for a speedier adoption of the EMV standards across USA. The federal government has been tasked with the charge of leading by example in securing customer transactions and sensitive data, throughout the whole of United States.
Read more »
Malware Report
Android Malware Malware Report

Gift from Amazon, beware it can be Malware


In recent times, if you received this message, "Hey [NAME], I am sending you $200 Amazon Gift Card You can Claim it here", on your phone, if yes, then you have became the victim of one of the single largest messaging-initiated mobile malware, as discovered by AdaptiveMobile.

This malware access all your contacts  on the phone and sends a spam message to each of them with the URL that promises an Amazon gift card if you install an APK file hosted on the page.

Thousands of people around the world have installed this malware and been a victim, alone in North America, there is around 4K devices that are infected  by this malware. According to VirusTotal, none of the Anti Virus engines detect this malware, but can be easily removed by using standard Android app uninstall utilities.

The shortened URL account of this malicious URL was actually connected to a FB account, which seems to be owned by a real person. It seems that this spam campaign is not new for the owner of the profile. Previous WhatsApp spam can be related to this, as there was a link which redirects users to a scam page, which shows close link between the author of both the spams.

AdaptiveMobile is the  mobile security protecting  company, that protects all services on both fixed and mobile networks through in-network and cloud solutions.
Read more »
Security Breach
Hacking News Security Breach

Limited portion of ASML's IT System hacked


An unnamed hacker broke into a limited portion of an  IT system of a semiconductor supplier company called ASML on Sunday. In their initial investigation, ASML revealed that only a limited amount of data has been accessed.

According to  ASML, there has not been any evidence of  valuable files, both  from their or customers and suppliers side, has been compromised. Their IT staff quickly got to know about the break-in the IT system and took immediate step.

ASML is a multinational Dutch company, with its presence  felt in more than 16 countries in over 70 different locations. They make photolithography machines for the production of integrated circuits such as CPUs and memory chips, that improve the quality of life.

In recent times, many large companies have been targeted by hackers, but they  are constantly working to improve their defenses against hacking attempts and their detection capabilities.

ASML is listed in Euronext Amsterdam and NASDAQ under the symbol ASML.

Read more »
Security News
Security Breach Security News

Uber files John Doe lawsuit in response to nine month-old data breach


Uber has filed a John Doe lawsuit in the district court of Northern California as part of its investigation regarding a data breach of one its driver’s database.

Last year in on September 17th, Uber discovered that one of its databases had been accessed using a login key that was posted on a post on Github.  The key was used to access Uber's internal database which houses information about 50,000 drivers.

Uber has begun reaching out to drivers whose information was stored in the breached database. The company has also provided a one year free membership of Experian’s ProtectMyID Alert to drivers whose information has been stolen.

Uber has also subpoenaed Github to share the IP addresses of anyone who visited a particular gist post (the login key used to access the database was posted there) between March and September 2014.

Uber shared the information about the breach through a post on its blog, on which it mentioned that the breach of data had occurred sometime around 12th May, last year. The files that were stolen from the database contained names and driving license numbers of its drivers, past and present. According to Uber, no case of misuse of any stolen data has been reported.

Questions have risen after the post was published on Uber's blog as to why the company did not come forward with the information earlier, and why were driver partners whose information was stolen and put at risk, not informed about the incident earlier?
Read more »
Subscribe to: Comments (Atom)