Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

IT Security News
IT Security News

One click scammers targeting people in Hong Kong

People running one click scams on the internet have seem to taken it one step further by creating new malware in Chinese.

Recently, one click scammers have begun targeting people in Hong Kong by using pop-up windows and registration pages that have been written in Chinese and ask for payment in Hong Kong dollars. In the last month alone, Symantec has blocked more than 8,000 such attempts.

Such scams have been primarily running on adult websites and download malicious software to a users computer.

Such scams primarily were run in Japan but hackers have come into new territory by learning Chinese.
Read more »
Malware Report
Malware Report

'Rombertik' malware which destroys the system if detected

Researchers have discovered a new malware ‘Rombertik’ which destroys the system if it realizes that it is being analyzed.

"Security researchers are constantly looking for ways to better detect and evade each other. As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples,” Ben Baker and Alex Chiu from Cisco Systems' Talos Group wrote in a blog post.

“Better static, dynamic, and automated analysis tools have made it more difficult for attackers to remain undetected. As a result, attackers have been forced to find methods to evade these tools and complicate both static and dynamic analysis,” the blog post added.

Similar to Dyre, Romberik, which has multiple layers of obfuscation and anti-analysis functions, is a complex malware which can be hooked into the user’s browser to read credentials and other sensitive information for ex-filtration.

However, Dyre targets banking information unlike Rombertik which collects information from all websites in an indiscriminate manner.

Researchers said Romberik arrives on any computer through a phishing campaign or through an email attachment. It tries to check to see if it is running within a sandbox. After that, it decrypts itself and launches on the user’s computer. Once this process gets completed, a second copy of itself launches and is overwritten with the spying functionality.

Before Rombertik begins spying on the system, it does a final check to see if it is running in the system’s memory.

It destroys the computer’s master boot record, leaving the system inoperable. If it cannot destroy then it targets all files in the user’s home folder, by encrypting each one with random RC4 keys. It contains plenty of dummy code, which include 75 images and 8,000 functions which is to hide the malware’s functionality.

If the malware is not detected, it checks the browser activities, reading credentials and private information, before sending its findings back to the attacker’s server.


The researchers said that in order to prevent ones’ computer from Rombertik, people have to follow security basics like up-to-date security software, ignore attachments from unknown senders and solid security policies for businesses will all help avoid the malware.
Read more »
Hackers Arrested
Cyber Crime Hackers Arrested

Two men, who developed Photobucket hacking software, charged with conspiracy and fraud

Two men were arrested on April 8 in the charge of conspiracy and fraud after breaching computer services of Colorado-based Photobucket, a company that runs an image and video hosting website, according to a statement by U.S Department of Justice (DoJ).

Brandon Bourret (39), from Colorado Springs, and Athanasios Andrianakis (26), from Sunnyvale, California, were arrested at their homes for hacking the system and sold passwords and access to private information on a photo-sharing website.

U.S. Attorney John Walsh for the District of Colorado (DoC) and Thomas Ravenelle, special agent in-charge for the Denver Division of the Federal Bureau of Investigations (FBI) announced that the two persons developed and sold a software application that allowed users to get through the privacy settings on Photobucket, which has more than 100 million registered users.

According to the statement, application users could secretly access and copy password-protected information and images without any permission from Photobucket's users.

“It is not safe to hide behind your computer, breach corporate servers and line your own pockets by victimizing those who have a right to protect privacy on the internet,” said U.S. Attorney Walsh in the statement.  The U.S. Attorney’s Office is keenly focused on prosecuting those people for their theft -- and for the wanton harm they do to innocent internet users.”      

“Unauthorized access into a secure computer system is a serious federal crime,” said Ravenelle in the statement.  The arrest of Brandon Bourret and his co-conspirator reflects the FBI’s commitment to investigate those who undertake activities such as this with the intent to harm a company and its customers.”

According to the statement, Bourret and Andrianakis both face one count of conspiracy, which carries a penalty of up to five years in federal prison and a fine of up to $250,000. They also face one count of computer fraud, which carries the same maximum penalty and less than five years in federal prison.

Similarly, they face two counts of access device fraud, which carries a fine of up to $250,000 and not more than ten years in federal prison, per count.

In addition, the U.S. Attorney’s Office and the FBI appreciated Photobucket for its cooperation from the inception of the investigation and thanked for its continued assistance as both the investigation and prosecution moves forward.


This case is being prosecuted by Assistant U.S. Attorney David Tonini. 
Read more »

US beauty products chain Sally Beauty investigates a possible data breach

US-based cosmetics and beauty retailer ‘Sally Beauty Holdings Inc.’ confirmed a possible data breach for the second time in a year, as it investigates reports of “unusual activity involving payment cards” in some of its stores.

After the reports, the Denton-based company said in a statement that it has been working with law enforcement and its credit card processor to ensure that the customers are protected from a possible data breach. It has also launched a comprehensive inquiry along with a forensic expert to gather data about this incident.

“Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers,” the statement reads.

The company reported its first violation of data in March when about 25,000 customers were affected. It was found that hackers had broken into Sally Beauty’s network and stolen at least 282,000 cards from the retailer.
The advertisement run by thieves who stole the Sally Beauty card data. (pic courtesy- Google images)

Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers. The banks then wanted to find out whether all of the cards they bought had been used at the same merchant over the same time period. Each bank reported that all the cards had been used at Sally Beauty locations across the United States.
(picture courtesy- Google images)


Meanwhile, Edelman is aiding the beauty products chain as David Chamberlin, executive VP for Edelman in Dallas heading its data security and privacy group, leads the SBH account.


With revenues of $3.8 Billion annually, Sally Beauty distributes beauty products through 4,900 stores in more than a dozen countries including the United States, The United Kingdom, Brazil, Peru, Chile, Colombia, Belgium, France and Canada.
Read more »
IT Security News
IT Security IT Security News

Cisco fixes remote code flaw in its UCS Central software

Cisco System Inc, an American multinational corporation,  has released an advisory to address remote code execution vulnerability in its Unified Computing System (UCS) Central software, a networking giant which integrates processing, networking and storage into one system.


The company said that it could exploit by remote attackers to execute arbitrary commands on affected systems.

“Successful exploitation of the vulnerability may permit unauthenticated access to sensitive information, allow arbitrary command execution on the Cisco UCS Central operating system or impact the availability of the affected device,” Cisco wrote in its advisory on May 6.

“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device," said the advisory. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.”

According to the advisory, the vulnerability was caused by the improper input validation (CVE-2015-0701) which allows an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system with root privileges.

However, the company has failed to validate user input via its web framework, exposing the platform to remote attack in versions 1.2.

The company added that it is not aware of any public exploits as it hasn’t found any evidence to prove it.

The advisory said that the users can fix the vulnerability by updating the software which is provided by Cisco.

The company has urged its users to update to UCS Central software version 1.3. It has assigned the vulnerability its highest severity score of 10.

Earlier, Cisco released security updates for several of its products. Like Cisco Adaptive Security Appliance (ASA), Cisco Small Business SPA300 and SPA500 series IP phones, and IOS software.
Read more »
Data Breach
Data Breach

Data breach in casino's point of sale system


Possible data security breach in the FireKeepers Casino Hotel’s casino point of sale system, reports Battle Creek Enquirer.

The casino got to know about the security breach, after they received ‘a couples of calls’ from guests showing concern about their bank or credit card statements. Reacting immediately to the incidence, they started investigating into the matter.
There is no confirmation on exactly when the calls started and the number of people affected by this data breach.

Independent forensic team has been called to analyze the casino’s systems.
Vice President of Marketing Jim Wise, said that “FireKeepers has proactively replaced its point of sale equipment with equipment that is not tied to the casino’s systems. We've made the system safe by going to a new system. There’s not yet a timetable for the completion of the investigation.”

Read more »
Wordpress Security
Vulnerability Wordpress Security

Update your Wordpress, Prevent Your website from Being Hacked

WordPress has come up with its 4.2.2 version in order to increase its users security. It has also urged people to update their sites immediately.

Samuel Sidler, researcher at WordPress.org, wrote that the new version is aimed to address two security issues.

The first one is the Genericons icon font package, used in themes and plugins, which contained an HTML file vulnerable to a cross-site scripting attack. 

On May 7 all affected themes and plugins including twenty fifteen default theme have been updated by the WordPress security team after a DOM-based Cross-Site Scripting (XSS) vulnerability was discovered.

Security researchers from Sucuri warned that the vulnerability is being exploited in the wild days before disclosure.

Robert Abela of Netsparker reported that in a bid to protect other Genericons usage, WordPress 4.2.2 scans the wp-content directory for this HTML file and removes it.

Secondly, WordPress versions 4.2 and previous versions are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. So, WordPress 4.2.2 includes a comprehensive fix for this issue according to a separate report by Rice Adu and Tong Shi.

WordPress 4.2.2 also contains fixes for 13 bugs from 4.2.

People just have to download WordPress 4.2.2 or venture over to Dashboard. Then click “Update Now” button. 

Sites that support automatic background updates have begun to update to WordPress 4.2.2.
Read more »
Vulnerability
Featured Vulnerability

Major vulnerability in medical equipment poses security risk


The Internet enabled PCA3 drug infusion pump manufactured by Hospira suffers from authorization vulnerabilities that can allow unauthenticated users to remotely access and modify pump configurations, drug libraries and software updates.

The Hospira Life care infusion pump, version 5.0 and prior runs "SW ver 412". It does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23. By attaching any device to the pump via Ethernet, one can easily extract the wireless encryption keys stored in plain text on the device and thus gain access to the keys Life critical network.

The attacker can then impact the pump configurations or medical libraries by conducting firmware updates, command execution, and drug library updates.  However, Hospira maintained that the Operation of the Life Care PCA Infusion pump required the physical presence of a clinician to manually program the dosage into the pump for administration.

Even if credentials are implemented on the Telnet port there are still web services which allow a remote attacker to carry out the remote modifications. Even if that was made secure there are additional services like FTP that are open with hard coded accounts. 

Billy Rios, the independent researcher who discovered these vulnerabilities has been co-ordinating with Hospira since May 2014. A new version has been developed by Hospira which mitigates these vulnerabilities and is under U.S. Food and Drug Administration (FDA) review.

In defense, ICS-CERT  has advised organizations to ensure closure of unused ports, use of VPN, detaching of the pump from insecure networks and use of good design practices with network segmentation.

Impact of the vulnerability varies depending on each organization, so individual organizations need to evaluate and secure themselves based on their operational environment.
Read more »
Botnets
Botnets

27 year old Female hacker Arrested by ITCU

Recently, a 27 year old Female hacker was arrested by the Integrated Techological Crime Unit (ITCU) from her residence in Saint-Alphonse-de-Rodriguez. The ITCU believes that this individual is the origin of a botnet.

The female was using a Remote Administration Tool that would remotely takeover the computers infected with the botnet virus and spy on their using the webcam. She also communicated with some of her victims through their speakers.

The hacker also posted a video on youtube of herself hacking into others computers and trying to scare them.

Users have been requested by many to take necessary precautions so that they don't become victim of such attacks.
Read more »
Hacking News
Breaking News Hacking News

EllisLab urges its users to change their password after hack

EllisLab, a software development company, has urged all its users to change their password after hackers managed to gain unauthorized access to its servers on March 24 this year.

According to the company’s statement, in a bid to be safe from the hackers who might have stolen its members’, who are registered at EllisLab, personal information, it has asked people to change their EllisLab.com password.

The company said that the new users can also remove their account from the site. It is must, if anyone has sent his/her password via plaintext email instead of using the company’s secure form.

As the company form encrypts the passwords and removes them after 30 days, it is believed that those encrypted passwords would only be available to the hackers if anyone submitted it after February 24, 2015.

Similarly, if people have used their EllisLab.com’s password on other sites, they should change those too.

The company asked people to change the passwords periodically, and enable two-factor authentication whenever available. It also recommends tools which simplify the creation and use of unique passwords.

It is said that the hackers used a Super Admin’s stolen password to log in to the company’s site. The hacker then uploaded a common PHP backdoor script (a WSO Web Shell variant) that allowed them to control the company’s server. 

The company wrote that the Nexcess hosting prevented the "privilege escalation" attempt.  After getting alerts about the malicious activity, the unauthorized access had been shut down at the firewall level.

The company also thanks the Nexcess for their alertness and speed on their blog post.
Then the officials started dissecting the server logs to retrace hacker’s steps and learn how they got the access. They wrote that they had gone through all their files to remove what they added. 

The attackers had access to the server for three hours. Although the evidence does not show any stealing the database, the company prefers to be cautious and assume the hackers had access to everything.
Read more »
Security Breach
Security Breach

Hard Rock Hotel & Casino reports possible card breach

Hard Rock Hotel Las Vegas has issued a statement on May 1 in which they disclosed a security incident which may have affected the customer’s credit card information.

It said that the incident allowed hackers to access to information about credit or debit cards used at certain Hard Rock Hotel & Casino Las Vegas retail and service locations. 

The information affected the names, card numbers, and CVV codes. However, it does not have access to the PIN numbers or other sensitive customer information.

According to the statement, the incident was happened to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.

The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.

The hotel urged its customer to review their credit and debit card statements and report, if they notice any suspicious activity at their bank accounts.

It also informed that the customers are not responsible for unauthorised charges that are reported in a timely manner.
They wrote that in order to protect their customer’s identity, they have now engaged Experian®, the largest credit bureau in the US, which will offer the customers complimentary Fraud Resolution and identity protection for one year.

They said that Fraud Resolution assistance is available anytime however, customers are requested to activate the fraud detection tools, which is available through ProtectMyID® Elite. It provides superior identity protection and resolution of identity theft.


In order to activate ProtectMyID® , the customers have to request for an activation code through an email to hardrockhotel@protectmyid.com. Once they receive the code, they have to activate ProtectMyID® Elite at www.protectmyid.com/protect.
Read more »
Subscribe to: Comments (Atom)