Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Featured
Data Breach Featured

HSBC Finance confirms data breach of mortgaged customers


In a breach notification letter sent to the New Hampshire Attorney General, HSBC Finance Corporation has revealed that sensitive mortgage information of customers of a number of its subsidiaries has been potentially compromised.

The company says that personal information of 685 New Hampshire residents, about mortgage accounts, such as customers’ names, Social Security numbers, account numbers and possibly telephone numbers, were “inadvertently made accessible via the Internet.”

HSBC said that the notice was sent by HSBC Finance Corporation on behalf of its subsidiaries regarding a breach that it learned about on March 27th.

Its subsidiaries include Beneficial Financial I Inc., Beneficial Consumer Discount Company, Beneficial Homeowner Service Corporation, Beneficial Maine, Inc., Beneficial Massachusetts, Inc., Beneficial New Hampshire, Inc., Household Finance Corporation II, Household Finance Corporation of Alabama, Household Financial Center, Inc., and Household Realty Corporation.

HSBC said that it takes the issue seriously, and deeply regrets it happening. “We are conducting a thorough review of the potentially affected records and have implemented additional security measures designed to prevent a recurrence of such an incident,” it said. “We have ensured that the information is no longer accessible publicly. The company has notified law enforcement and the credit reporting agencies of the incident, and no delay in advising you has been caused by law enforcement notification.”


HSBC said it has ensured that the information is no longer publicly available. It began notifying affected customers on April 9 by letter and it's offered customers a free one-year subscription to Identity Guard, a credit monitoring and identity theft protection service.
Read more »
IronWASP
CSPF Cyber Security IronWASP

CSPF donates one lakh rupees to IronWASP project


Cyber Security & Privacy Foundation (CSPF), a non-profit organisation which provides solution to tackle cyber security and privacy issues, has donated Rs.1,000,00 to Iron Web application Advanced Security testing Platform (IronWASP) project, Asia's largest open source security project.

"We will use the donation to support the further development of the project," said Lavakumar Kuppan, the founder of IronWASP.

"It is really encouraging. We are not only getting funds but also feedbacks and comments which mean a lot to us."

According to Lavakumar, IronWASP’s main objective is to make web security easy and accessible to everyone. It is a scanner which automatically discovers security problems in web applications.

Though it is designed for security testers, others like admins, developers and QA testers can also use the software by following the video tutorials available on the project website. Almost anyone can download IronWASP and use it is for free.

"We are regularly adding new features to IronWASP" said Lavakumar. "We recently added Dynamic JavaScript vulnerability analysis capability, a feature that is unique to IronWASP. More additions are planned for future versions to make it more effective and help create a safer internet."
Read more »
Hackers Arrested
Hackers Arrested

Russian police arrest suspects behind Nazi-loving Android malware

A Nazi-themed malware control panel- The Spveng Gang (pc- www.forbes.com)
A 25-year-old has been arrested by The Russian Ministry Of Internal Affairs for creating a particularly harmful strain of Android-money stealing malware ‘Spveng’, which had infected around 350,000 google devices last year. The officers have also arrested four other individuals of the cybercriminal gang, who are reportedly fond of Nazi iconography.

This particular campaign was a huge concern for the Russian Police as it robbed at least 50million rubles ($930,000) from innocent citizens and the country’s largest bank Sberbank picked up on attacks in 2013 prior to becoming an ally in the investigation. However, in the US, UK and Europe, Android users were also attacked by Svpeng.

According to reports, the existence of the Svpeng was first brought to light in July 2013 by Kaspersky Lab, whose products detect the threat as Trojan-SMS.AndroidOS.Svpeng.

According to Group-IB, the Russian cybercriminals first started stealing money from their victims’ accounts by using SMS banking. The malware intercepted all SMS messages on the infected phone and then used SMS banking to send commands for money transfers. The malware intercepted the payment confirmation codes to ensure that the transfer could be completed without raising suspicion.

For distribution of this malware, a fake link of Adobe Flash Player was sent via SMS texts. The link would allow downloading of the Trojan and scan for particular American banking apps such as those of Wells Fargo, Citi Amex, Chase and Bank of America but there is no proof about the purpose of the app after performing scanning.               
Read more »
Security Breach
Breaking News Security Breach

White lodging confirms second data breach at 10 hotels

White Lodging Services Corporation (WLSC), an independent company which manages more than 160 hotels in 21 states of America, has confirmed a second data breach on its credit card systems at 10 locations.

In a press release issued on April 8, the WLSC said that the suspected breach of point-of-sale systems at food and beverage outlets, such as restaurants and lounges, from July 3, 2014 to February 6, 2015 at 10 hotels.

While it is believed that some of the breached locations were the last year’s breached locations only, the Indiana-based company clarified that the second was a separate breach.

According to KrebsOnSecurity news report published on April 15, in February 2015 it reported for the second time within a year that multiple financial institutions were complaining about the fraud on customer’s credit and debit cards that were all recently used at a string of hotel properties run by the WLSC.

However, the company said it had no evidence of a new breach at that time, but last week only, it confirmed the suspected breach of point-of-sale systems at 10 locations.

Banking sources back in February 2015 said that the credit cards compromised in this most recent incident looked like they were stolen from many of the same WLSC locations implicated in the 2014 breach, including hotels in Austin, Texas, Bedford Park, Ill., Denver, Indianapolis, and Louisville, Kentucky.

“After suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security and managed services,” said (in the press release) Dave Sibley, Chief Executive Officer (CEO) of the WLSC.

“However, these security measures failed to stop the malware occurrence on point-of-sale systems at those 10 hotels. We will continue our investigation as it is necessary to protect the personal information entrusted to us by our valuable guests. We deeply regret and apologize for this situation,” he added.

According the WLSC, the stolen data includes names printed on customers’ credit or debit cards, credit or debit card numbers, and the security code and card expiration dates.

The company is offering a year’s worth of credit protection services for customers impacted by the breach, from Experian.
Read more »
Information Security News
Hackers Arrested Information Security News

Colombian hacker gets 10 years in jail for spying



A Colombian court sentenced hacker Andres Sepúlveda to 10 years in prison after he admitted to various crimes, including spying on the government’s peace talks with the Revolutionary Armed Forces of Colombia (FARC). He admitted to spying on representatives of both the government and the FARC guerilla during peace negotiations.

The Internet pirate was arrested in May 2014 after being traced to secret offices that hacked confidential information and messages, including one whose objective was to sabotage the peace process.
 
According to the sentence handed down by the 22nd Presiding Court of Bogota, he was judged guilty of five crimes including, espionage, illegal wire-tapping, malicious use of software, breaching communications, and unauthorized access to classified information. He must also pay a fine of his current monthly minimum salaries as part of the agreement.
Sepulveda intercepted the communications of top-ranking FARC Commander Rodrigo “Timochenko” Londono and former Senator Piedad Cordooba.

According to the investigation, then-presidential candidate Óscar Iván Zuluaga hired Sepúlveda to carry out a smear campaign against President Juan Manuel Santos during the 2014 presidential campaign. The hacker told authorities that former President Álvaro Uribe was aware of his operations, and that Zuluaga paid him to undermine the peace process.

Sepúlveda has accepted the prosecution's offer of a reduced penalty in exchange for his cooperation. He cut a deal with the prosecutors in February that limited his prison term to 10 years in exchange for providing information that could help Colombian authorities.
Read more »
Security Breach
Breaking News Security Breach

Database hacked at Biggby Coffee, personal information of customers at risk


Security breach at Biggby Coffee has potentially exposed personal information of some of its customers and job applicants.

Biggby Coffee, a leading coffee franchise business based out of Michigan stores information like customer or applicant’s name, date of birth, email address, address, telephone number, Social Security number, driver's license record, employment history.

However the company maintains that no sensitive data like financial information has been leaked, only details like name, contact details and employment history might have been subjected to the breach.

A spokeswoman for the company added that less than 20 % of Biggby's customer data was affected and only information submitted via the website had been compromised. Also, the information accessed had nothing to do with the cash registers or point of sale systems in the stores,

The attack on the company's systems was discovered on the last week of March, when its web developer and hosting company Traction revealed that a criminal has forced its way into the system and accessed the consumer database.

The data breach has been reported to the police and FBI.
Read more »
Information Security News
Information Security News

Bulgarian hacker who hacked Bill Gate’s account undergoes legal proceeding

Photo Courtesy: GMA News
A Bulgarian man, who was arrested for withdrawing money with the fake ATM cards including the account of the Microsoft co-founder Bill Gates during a sting operation in Quezon City, faced legal proceedings on Friday, authorities said.

The sting operation was jointly launched by Presidential Anti-Organized Crime Commission (PAOCC) and PNP Criminal Investigation and Detection Group's (CIDG) Anti-Fraud.

While addressing the medias on Friday, Police Supt. Milo Bella Pagtalunan, chief of the CIDG Anti-Fraud and Commercial Crime Unit (CCU), said Konstantin Simeonov Kavrakov, who was arrested on Thursday while he was withdrawing money using different fake bank cards at the ATM booth of the PS Bank branch along Quezon Avenue, was charged for violating the Access Device Regulations Act (ADRA) for using and producing fake access devices.  

Kavrakov was arrested in Paraguay back in 2011 for hacking bank accounts and commercial fraud, he added.

According to the PAOCC, they are investigating on how Kavrakov got released in Paraguay. They are also checking the date he landed in Philippines.

According to the executive director of the PAOCC Reginald Villasanta, seven assorted credit cards credit cards including a Citi Visa, Standard Chartered MasterCard, Citibank MasterCard, Citi MasterCard, Citibank Visa, East-west Bank Vice and a blank Gold card, nine ATM receipts, a mobile phone, and a bag containing cash amounting to P76,570 have been recovered. He is currently detained at the office of the CIDG's Anti-Fraud and the CCU.
Read more »
IT Security News
IT Security IT Security News

AT & T fined $25 million over customer data thefts

(photo courtesy- www.bbc.com)

The Federal Communications Commission (FCC) has fined AT & T Inc with $25 million over data breaches at call centers in Mexico, Colombia and The Philippines. The FCC said that at least two employees confessed stealing of private information belonging to thousands of US customers which included their names, full and partial social security numbers and account-related data, known as customer proprietary network information (CPNI).

According to a senior FCC official, the details of about 280,000 people were taken during the data breaches. These series of data thefts took place in 2013 and 2014. The data was used by call center employees to request handset-unlock codes for AT&T phones and shared with third parties involved in trafficking stolen cell phones.

After this incident, AT&T has informed with all the affected customers and it has also terminated its business deal with the companies that operated the call centers where the data was stolen.

The company also quoted that it has changed its policies and strengthened operations to ensure that a similar data breach doesn’t occur.

The investigations began by the FCC in Mexico, last May, after it was given information about data going missing.

The $25 million fine is the highest that the FCC has ever issued for data security and privacy violations.  
Read more »
Spear Phishing attacks
Banking Trojans malware Social Engineering Attack Spear Phishing attacks

The Dyre Wolf of cyber street is after your money


The Dyre malware affecting the corporate banking sector has successfully stolen upwards of million dollars from unsuspecting companies since its inception in mid-2014, according to IBM's Security Intelligence report.

In a span of seven months the global infection rate has shot up from 500 to more than 4000 with North America being the most affected region.

While such a threat is not new to the banking sector what sets Dyre apart is its wealth of features that combines Spear phishing, malware (initial infection via Upatre), social engineering, complex process injections, the Deep Web and even Distributed Denial of Service (DDoS) alongside the constant updates that makes its detection tough.

The malware works in multiple steps.

Spear phishing: An organization  is as strong as its weakest link. Dyre uses this adage to the full as it targets employees of an organization with mails that contains the malware delivered in a zip file. Unsuspecting employees might download the zip file having a scr or an exe file which is actually the  malware known as Upatre (pronounced like “up a tree”), which begins the initial infection of the target machine.

First Stage Malware: Upatre then establishes contact with the Control and Command servers and downloads and installs Dyre to the system and deletes itself.

Second Stage Malware: Dyre establishes persistence in the system and connects to nodes at Invisible Internet Project that would enable it to communicate information without revealing destination or content.It also sends emails to victim's contact list aiming to increase its list of potential victims.It then hooks to the victim's browsers to intercept log in credentials by routing them to fake pages when the victim tries to visit web sites of the targeted bank.

Advanced Social Engineering: Social engineering is the alarming aspect of Dyre Wolf campaign. In addition to providing fake pages to extract log in data from individuals, it can at times display a message to the consumer asking them to call the bank at a specified number. Dyre wolf operators at the other end of the line act professionally and extract information under the guise of verification. This is done to circumvent bank's two stage authentication processes.

Wire Transfer and DDoS: After obtaining credentials, they log into the accounts and request for wire transfer of large sums. The money is moved from account to account quickly to make tracing and reversal impossible. Following this the affected consumer faces DDoS from the bank pages which hinders detection and investigation.

Dyre is operated by a highly organized and well funded group of cyber criminals in Eastern Europe.

The only way to prevent this seems to be to avoid the first infection of the system arising from a vulnerable employee. Employees need to be trained well on regarding such malwares, spear-phishing campaigns. Other preventive measures include stripping executables from email attachments, preventing installation from temp folders, using updated anti-virus, two factor authentications etc.
Read more »
IT Security
IT Security

Minnesota family discovers breach of their nanny cam stream

An unnamed family living in Rochester, Minnesota discovered that the nanny cam they were using to keep an eye on their baby had been hacked, and the footage was being streamed online to a private channel. The incident was brought to light by KTTC, NBC's local network.

The family said that they kept seeing random things that were happening in their child's room. The parents of the child would be able to hear music coming from the camera, but as soon as they stepped in the room, the sound would stop coming.

After investigasting into the matter, the family found a URL attached with the IP address of the device. Upon following the URL, the family discovered a website displaying feeds from various hacked nanny cams. The hackers are not only able to see the feeds, but they can also physically control the device.

This is not the first time that a vulnerability has been found in Foscam's system. The company has its set of guidelines for implementing security measures and asks users to change the default password.
Read more »
Hacking News
Hacking News

Pro-ISIS hackers targeting vulnerable WordPress websites, FBI warns

The Federal Bureau of Investigation (FBI) has issued a public service announcement concerning the continuous WordPress website attacks, which are being carried out by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS) through a vulnerability in the WordPress content management system.

According to the researchers, an attacker could install malicious software; manipulate data; or create new accounts with full user privileges by  exploiting the vulnerabilities resulting in an attacker gaining unauthorized access, injecting scripts, bypassing security restrictions, and stealing cookies from computer systems or network servers.

The attackers didn’t targeted Web sites by name or business type. They used common WordPress plug-in vulnerabilities, which can be easily exploited by common hacking tools.

These are the following steps recommended by FBI, if your web
site has been targeted.

1)Review and follow WordPress guidelines:
 http://codex.wordpress.org/Hardening_WordPress

2)Identify WordPress vulnerabilities using free available tools such as
 http://www.securityfocus.com/bid
 http://cve.mitre.org/index.html
  https://www.us-cert.gov/

3)Update WordPress by patching vulnerable plugins:
  https://wordpress.org/plugins/tags/patch

4)Run all software as a non-privileged user, without administrative privileges, to diminish the effects of a successful attack

5)Confirm that the operating system and all applications are running the most updated versions
Read more »
Subscribe to: Comments (Atom)