Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Data Breach
Data Breach

Pharmacy chain Fred's Inc. probes security breach

Fred’s Inc., a US-based discount retailer and pharmacy chain, has probed a possible security breach.

With multiple breaches being identified by KrebsOnSecurity on various stores across the country, it was detected by them that Fred’s Inc., had a credit card violation from the malware installed directly on the company's point-of-sale systems.

 Cybersecurity journalist Brian Krebs confirmed that Fred’s is the latest victim of the breach and issued the following statement:

“ Fred’s Inc. recently became aware of a potential data security incident and immediately launched an internal investigation to determine the scope of the issue. We retained Mandiant, a leading independent forensics firm, to examine our data security systems.

We want to assure our customers that protecting their information is one of our top priorities and we are taking this potential incident very seriously. Until this investigation is completed, it will be difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.”

This is the only information available and Fred’s have hired investigators to look into the matter. But Kreb’s sources have said that “the pattern of fraudulent charges traced back to Fred’s stores across the company’s footprint in the Midwest and south, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas.”

Fred’s Inc., has around 650 stores in more than a dozen states in the United States.
Read more »
Vulnerability report
Android Vulnerability Vulnerability Vulnerability report

Researcher discloses a flaw in Samsung Keyboard leaves 600m Android devices vulnerable to hacking attack

A flaw has been disclosed by a security researcher in Samsung's Android, including the recently released Galaxy S6, keyboard installed on over 600 million Samsung mobile device users that could allow hackers to take full control over the smartphones or tablet.

Ryan Welton, a mobile security researcher at NowSecure, who discovered the vulnerability, wrote in the blog, “A remote attacker capable of controlling a user’s network traffic can manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target’s phone. The Swift keyboard comes pre-installed on Samsung devices and cannot be disabled or uninstalled. Even when it is not used as the default keyboard, it can still be exploited.”

Researcher said that the vulnerability was discovered last year. Samsung was notified in December 2014. However, Samsung asked NowSecure not to disclose the flaw until it could fix the problem.

NowSecure also notified CERT who assigned CVE-2015-2865, and also informed the Google Android security team.

 The researcher pointed out the flaw could attacker to do:

-         - Access sensors and resources like GPS, camera and microphone.
-         -  Secretly install malicious app(s) without the user knowing.
-          - Tamper with how other apps work or how the phone works.
-          - Eavesdrop on incoming/outgoing messages or voice calls.
-          - Attempt to access sensitive personal data like pictures and text messages.

According to the researcher, the defected keyboard application can’t be uninstalled. Similarly, it is not easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update.

“However, in order to reduce the risk, avoid insecure Wi-Fi networks, use a different mobile device and contact your carrier for patch information and timing,” the researcher added.
Read more »
Cyber Blackmail
Cyber Blackmail

Fake Facebook account behind suicide of a schoolboy

A 17-year-old from Co Tyrone took his own life on Friday, after being “tricked and deceived” by a fake Facebook account holder.

According to the  Principal Stephen Magennis of a St Joseph's Primary School, Galbally, schoolboy Ronan Hughes was “tricked and deceived” by a Facebook account set up internationally.

In a letter to pupils Magennis said “A fake Facebook account had been set up in a foreign country, to trick Ronan into thinking he was interacting with people from here.”

The teenager used to gave up his spare time at St Joseph's Grammar school, where he assist three pupils in a 'Reading Support Program.'

Writing to his parents, Mr Magennis said: "Ronan was the victim of ruthless, faceless people, intent on first befriending him and luring him into giving personal information and then sharing images that were used to threaten him in an attempt to extort money.”

Mr Magennis said that the tragic death of Ronan is a reminder and a warning to all parents that our children must be vigilant, and very careful when using the internet. We need to be protective of them and proactive to give them the ability to make informed decisions

Mr Magennis added: "We must not be complacent nor naive as parents. We need to advise our children about staying safe online and monitor what they are doing, saying, writing and sharing online.

Parish priest Fr Benny Fee said: "Ronan did not take his own life but his life was taken from him, and somewhere in the world, maybe far, far away from Clonoe, is a man, a woman or a gang who are guilty of a heinous crime.”

Superintendent Baird said: “If anyone has experienced anything of a similar nature or has received any inappropriate images or links, it is important that they contact Police or tell a trusted adult. By doing this you will be helping prevent further such incidents. You will not get into trouble.
Read more »
Hackers Arrested
Cyber Crime Report Hackers Arrested

Group of cyber-criminals bases in different countries nabbed in joint international operation


A group of 49 cyber-criminals located in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia were nabbed by the authorities in a joint international investigation.

From a total of 58 properties, authorities recovered and seized laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank account documents.

The operation was headed by Europol's European Cybercrime Centre (EC3) and Eurojust, and was assisted by the Italian Polizia di Stato (Postal and Communications Police), the Spanish National Police, the Polish Police Central Bureau of Investigation, and supported by UK law enforcement bodies.

The arrested members are suspected of financial fraud to the tune of 6 million Euros. The group targeted medium and large European companies through malware and social engineering techniques.

The joint operation was coordinated from Europol's headquarters in The Hague.
Read more »
Cyber Security News
Cyber Security News

US Government is moving to HTTPS everywhere

The US government has shown its mandate on backing HTTPS across its Federal websites and web services, as it will make the access safer for anyone using the government sites.

The White House Office of Management and Budget (OMB) issued the HTTPS-Only Standard directive as the unencrypted TTP connections create vulnerability and expose potentially sensitive information about users of unencrypted federal websites and services.

The acronym HTTPS stands for Hypertext Transfer Protocol Secure and it is being used by many commercial organizations to protect visitors to their websites and services which can include data like browser identity, website content, search terms, and other user-submitted information. 

OMB received many comments and suggestions from web browsers, Internet-related organizations and concerned people related to its proposal for the implementation of HTTPS-Only Standard. For the conversion to HTTPS, assistance at https://https.cio.gov is available. And a dashboard has been created to keep a track of the process.

"Per the issuance of this memorandum, all publicly accessible federal websites must meet the HTTPS-Only Standard by 31 December 2016”, said Tony Scott, US Chief information Officer in a White House blog post.

He also added that HTTPS only assures the reliability of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked, or to keep a check from revealing the user information during the normal operation of a web service.

“An HTTPS-Only standard, however, will eliminate inconsistent, subjective decision-making regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide.”, Scott summed up in the White House blog post.
Read more »
Hacking News
Breaking News Hacking News

LastPass network hacked, is your Password safe?


LastPass, a password manager that saves its users passwords and gives them secure access to them from every computer and mobile devices, has detected an intrusion on its network.

According to the official statement, information including users' email addresses, password remainders, server per user salts, and authentication hashes were compromised.

“In our investigation, we have found no evidence that encrypted user vault data was taken, nor were that LastPass users’ accounts accessed. "  the statement reads.

He added, “We are confident that our encryption measures are sufficient to protect the vast majority of users. It strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”

In order to secure its data, the company is taking additional measures. It has asked all the users who are logging in from a new device or IP address first verify their account by email, unless they have multifactor authentication enabled.

According to the notice, emails have been sent to all users regarding the security incident.

“We are working to notify users as fast as possible,” Siegrist said.

Moreover, the company will also be prompting users to update their master password.

“However, if you have reused your master password on any other website, you should replace the passwords on those other websites,” he said.

Though the passwords stored in the vault is not said to be compromised, it is better to change those passwords also- Don't give a chance to hackers.  
Read more »
Cyberbullying
Cyber Crime Cyberbullying

Think before you share your photos via Internet, someone can misuse them

Sometimes, we, especially teenagers, are so much in ‘love’ that they do not even hesitate to share their personal photos and details with our ‘loved ones’ via Internet. That time, they are not aware of the consequences that they are going to face in future.

A recent case might be an eyeopener to all of those teenagers where a man tried to blackmail a teenage girl in Auckland by threatening to post her naked photos images and videos, which were obtained during their online relationship, to the web.

Martin Cocker, executive director at Netsafe, told New Zealand Herald that while cases of teenagers sharing images unwisely was not uncommon, the lengths the perpetrator was going to were very aggressive.

"The man is a very determined character. The majority wouldn't continue to harass and attack any party they can find in the way that he has."

According to the NHerald, the relationship between the girl and the man began through Online gaming. The girl shared her explicit images, and then Skype calls where she undressed in front of a camera.

"I am always concerned they are going to feel like they are the first person who has ever been in this situation and feel isolated. That's not the case. Cases of sexual exploitation were a growing challenge,” he said.

The man stole her information by hacking her family's home computers and then launched a denial-of-service attack on the servers of her high school. Then, he uploaded the explicit images and videos of the girl to pornography websites and on her school's Facebook page with links to the sites.

"He is trying to punish the child or the family. It's a jilted relationship. He wants revenge," the school principal told New Zealand Herald. We just want the whole of New Zealand to realize that this is serious and scary and we need to do something about it."

A police spokesman said that the National Cyber Crime Centre was investigating the unauthorized access and postings on the website and social media pages of the school. The investigation was in its early stages. There were a number of technical matters relating to the inquiry.
Read more »
Cyber Crime
Cyber Crime

Cyber Criminals stole Rs. 7 Lakh from Delhi's CP store

As cyber security experts say, banks websites, mobile apps are on the hackers’ hit list. Two recent net-banking fraud cases have shown how the hacking attack has been increasing in India-based banks’ websites, mobile applications and online services.

Recently, hackers transferred the money Rs. 7 lakh from the account of a retail outlet in Connaught Place to accounts which belong to Salman Khurshid and Rebecca Estees. Similarly, in the other incident, the salary accounts of more than 23 employees of software major, Infosys, in several cities across the country were hacked and money siphoned off.

According to the both of the organizations, many of their customers had complained about the online fraud.

In the first case,  victim, Archna Haksar,  whose account has been hacked and money transferred to accounts, received four missed calls from a number (971100****) after which her SIM was deactivated. When she activated her SIM again, she received the messages informing her about the transactions from her account.

It is believed that the hacker first hacked her SIM to get into her net banking account and created two beneficiaries to transfer the money.

In another case with Infosys, the every salary accounts have shown that several online transactions that were fraudulent and in most cases police refused to entertain complaints.

“Most of the employees who faced the problem were recruited in the August, 2011 batch of the company’s Hyderabad office to be later deputed to other places,” an employee told The Hindu. "While in some cases the fraudulent transactions took place in close succession, in a span of a few minutes, in other cases money was drained out over 24 hours. In my case, the first transaction took place in the third week of May and I reported the same. My account was drained of cash within the next 24 hours.”

Both of the cases of bank fraud were done through online transactions. And fraud cases are increasing.
Read more »
Malware Report
Android Malware Banking Trojans Malware Report

Dangerous Android malware steals money from Your Bank


Researchers from Doctor web security have identified a banking trojan called Android.BankBot.65.origin which has been specially created for Android devices.

Cyber criminals are adding the malicious code with the legitimate online banking applications and planting them in various third-party android markets and other websites.

"Due to the fact that a compromised application looks and operates as a legitimate one, potential victims are very likely to install it on their mobile devices."  After that the Trojan starts accessing the system information and do nasty stuff.

After the installation of malicious software Android.BankBot.65.origin generates special kind of configuration file containing operating parameters for the Trojan. The trojan usually receive commands from host server and then exploit all the device vulnerability causing cyber criminals to steal money by intercepting and modifying SMS.

It may intercept incoming SMS messages and send texts to numbers listed by cyber criminals. It can add various texts to the list of incoming SMS messages. Using these methods, cyber criminals steal money from users' bank accounts by sending messages to transfer money from the victim's account to the account of cyber criminals or by intercepting messages containing verification codes or by implementing other fraudulent methods .

Messages like “pre-approved Credit card asking personal information” are example of fraudulent schemes which may lead user to fall into trap and they may share their banking credentials which leads to online banking stealing . And Thus its important to download mobile banking applications from authentic sources only .
Read more »
Hacking News
Data Breach Hacking News

Algonquin College server hacked but no information stolen

The information of more than a thousand former students was put at risk when somebody hacked the servers of Algonquin College in Ottawa.

According to college authorities, 1,225 students in the Bachelor of Information Technology and Bachelor of Science in Nursing programs are affected by the data breach.

The college immediately shut down the servers as soon as it became aware about the hack and claims that no data was transferred or taken from the servers.

A cyber team is determining how the attack could have happened and has said that it has found many more intruders in the system.

The college is covering the expenses for credit monitoring services for all those whose information was put at risk due to the hack.
Read more »
Spam Report
Facebook Scams Spam Report

Acai Berry Diet Facebook spam attack: Don't buy, don't try, don't reply, says expert


Most of the Facebook users would have noticed various websites promoting Acai Berry diet products. Sometimes, even our friends recommend Acai Berry advertisements on Facebook. However, think twice before you click on those links. If you do, you end on some diet supplement scam page.

In the Acai Berry scam, we can only see two successive postings on our Facebook Timeline without our permission. Like:

“Successfully results in this particular health solution.”

Then, here comes a follow-up post as if anyone has forgot

“The link, hehe.. http://goo.gl/xxxxxx.”

Paul Ducklin, a computer security expert, wrote on Naked Security's blog post “You'd be right to be suspicious, at least if you know your friend is competent in English, because some of the phrases stretch the limits of comprehensibility. However, we're guessing that there are two postings in order to add some kind of human-sounding realism.”

He added that it was understandable that automated bogus messages wouldn't forget the link in the first place. And secondly, humans would rush to correct their error with comments saying "hehe."

The expert said that short links like: goo.gl URLs have been used in the campaign and seem to have redirected to URLs.

For example: [hexdigits].my.test/[letters]/image_[hexdigits].jpeg

“If you click through to the buy page and check the very limited disclaimers and FAQs there, you'll find that the product only helps you to lose weight if you combine it with a diet specifically designed to make you lose weight. So, assuming that you spot the scam for what it is before you fill in your credit card number on the buy page, and bail out, you should be OK,” he added.

“Don't buy, don't try, don't reply,” he wrote.

He suggested that if anyone gets to know about he/she has been posting ‘out-of-character posts’ without his/her approval, please check the following:

•             Is your computer patched and up-to-date?
•             Is your anti-virus up-to-date and running properly?
•             Has someone else been logging into your accounts?
•             Did you use the same password on multiple sites?
•             Have you authorized any apps to access your social media accounts?   
Read more »
Subscribe to: Comments (Atom)