Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Malware Report
Android Malware Malware Report

‘Android games on Google Play steal Facebook credentials,’ say researchers


This may come as a shock to many of the game lovers that Cowboy Adventure, a popular Android game on Google Play store, because researchers, from ESET, have revealed that the game has compromised the Facebook login credentials of over a million users who downloaded that Android game.

According to a post by the researcher on July 9, the Cowboy Adventure app on the Google Play store was able to steal personal information of the users.

With 500,000 – 1,000,000 installs, the developer of the Cowboy Adventure app also used it as a tool to harvest Facebook credentials.

However, the Google has taken down both of the apps from their app store and also warns against their installation on Android devices.

“It was one of two games spotted by ESET malware researchers that contained this malicious functionality, the other one being Jump Chess,” according to a report on Welivesecurity.

The report said that unlike some other Android malware, these apps did contain legitimate functionality (they actually were real games) in addition to the fraud. The problem lies in the fact that when the app is launched, a fake Facebook login window is displayed to the user. If victims fell for the scam, their Facebook credentials would be sent to the attackers’ server.

It is said that the latest version of the app at the time Google took it down from their official market last week was 1.3. This trojanized game had been available for download from Google Play since at least April 16, 2015, when the app was updated.

“We are not sure how many users had their Facebook credentials compromised,” the report read.

 “Our analysis of these malicious games has shown that the applications were written in C# using the Mono Framework. The phishing code is located inside TinkerAccountLibrary.dll. The app communicates with its C&C server through HTTPS and the address to which to send the harvested credentials (also known as the ‘drop zone’) is loaded from the server dynamically,” the report read.

The researchers have said always download apps from the official Google Play store than from alternative app stores or other unknown sources and always check the ratings and user comments.  

“Even though Google Play is not 100% malware free, they do have strong security mechanisms to keep trojans out,” the researchers added.
Read more »
IT Security
IT Security

Graham Central Station compromised with Empolyees' personal documents

4 Investigates found a pile of records wound up in three giant dumpsters at Graham Central Station  in Albuquerque.The records includes social security number, date of birth and driver’s license number.

According to the tipster, “Driving down the alley, I noticed all the trash cans were full of boxes with what looked like files kind of spilling out the top of them.”

The 4 Investigates team collected the records and  attempted to contact every one of the former employees listed. There’s assurance that if the records had already been compromised or not, but investigative team alerted every one about the possible risk.

The blame game has started. Graham Central Station’s president, based in Texas, Roger Gearhart, refused to answer questions, but sent a statement through his attorney, "Graham Central Station was upset to learn that its landlord... recently discarded dozens of its personnel files into a public dumpster. Ross Plaza One evicted Graham Central Station from its building and offices in November 2014 and changed the locks, which prevented Graham Central Station from accessing its records for a period of months. Although Ross Plaza One assured Graham Central Station that its records would be destroyed, that apparently did not happen."

However, emails from the landlord’s attorney offer a different perspective. The final letter from the landlord to Graham Central Station, which went unanswered, was: “I would like to confirm that Graham is aware that we intend to destroy and dispose of all the boxes…”

Those people who worked at Graham Central Station, need not to worry as  their records are now in safe hands. 

Graham Central Station was famous for having more than one club under one roof, but after eleven years in business, the club was closed down.
Read more »
Vulnerability
Vulnerability

Update Your Flash Player or Remove from Plugins

(PC- Google images)
Adobe has issued another update for Flash Player to patch a critical vulnerability which has been revealed in documents disclosed from the spyware maker Hacking Team.

The Adobe Flash update patches 36-CVE listed flaws including the Hacking Team’s CVE-2015-5119 bug in which a malicious flash file, can run malware on a user’s computer. The other 35 security flaws allow hackers to create remote-coded execution attacks on vulnerable computers.

Users of Windows, Linux, and OS X were advised to updated to the latest version of Adobe Flash. The update is considered essential for both OS X and Windows users.

The alternative to this is uninstalling Adobe Flash or disabling the plugin. You can also set your web browser to run Flash files only if you right-click on them and select “run this plugin.”

“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These update address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published”, Adobe quoted in its security Bulletin.

Adobe’s Security Bulletin https://helpx.adobe.com/security/products/flash-player/apsb15-16.html#table gives the security updates for the Adobe Flash Player.
Read more »
IT Security News
IT Security News

Splunk buys Caspida for $190M

Splunk announced on July 9 that it had purchased Caspida, a Palo Alto startup that uses machine learning techniques to help identify cyber-security threats from inside and outside the company, for $190 million.

“Under the terms of the agreement, Splunk has acquired all of the outstanding stock of Caspida for an aggregate purchase price of approximately $190 million, including approximately $127 million in cash and $63 million in restricted Splunk securities,” the Splunk posted on its blog.

Haiyan Song, SVP of security markets at Splunk said it helped both companies to deal with the onslaught of machine data coming from IT systems using data science techniques and automation to make sense of it. Part of that is a growing security business, which accounted for a third of the company revenue in its most recent quarter.

“With Caspida, Splunk accelerates its focus on solving advanced threats - both external and from insiders - by shining a light on those who are wrongfully using valid credentials to freely and unpredictably exploit systems they have accessed. By addressing the entire lifecycle of known and unknown advanced threats, and by providing a platform to detect, respond to, and automate actions, Splunk has further reinforced its position as the security nerve center,” he added.

It is said that Splunk is adding a new tool to its security arsenal to beef up the ability to locate threats using the machine learning techniques that Caspida has developed.

“Like everyone, Splunk has watched the growing number of breaches over the last year, and its customers have been asking for better security detection tools to help battle these threats, many of which use with compromised credentials. This kind of attack is difficult to detect with conventional security techniques looking for signatures or rules. If someone comes in through the front door using valid credentials, there are no rules or patterns. They look like a valid user,” Song explained.

According to the blog post, the 35 Caspida employees will join Splunk immediately.

Caspida, which was launched in 2014, came out with its first product at the end of last year.

“We founded Caspida with a vision of applying data science to help solve the most pressing cybersecurity challenges - advanced threats and insider threats,” said Muddu Sudhakar, CEO of Caspida.

“By analyzing machine data and using data science to detect meaningful anomalous behavior of users, devices and entities, Caspida has solved a problem that previously required significant manpower and expensive, do-it-yourself toolsets. We are very excited to join the Splunk family and deliver new detection capabilities to customers,” he explained.
Read more »
Data Breach
Data Breach

Hershey to provide card monitoring service, after a data breach


Hershey, which operates The Hotel Hershey, Hersheypark Entertainment complex and other facilities, is providing a year of card monitoring service to those guests whose financial information may have exposed to its Pennsylvania hotels, amusement park and other venues.  

According to a news report published on Action News, the company is working with a security firm to resolve the issue.

The company said that those cards used at its properties within Feb. 14 to June 2 may have been compromised. It did not find evidence that information was removed from its system.

However, some of its guests have reported unauthorized charges on cards used at its properties.

The company said that a malicious program was installed in its payment system that extracted payment card data, including a cardholder's name, card number and expiration date.
Read more »
Hacking News
Database hacked Hacking News

Edinburgh Council cyber attack, details of more than 13,000 stolen

For the second time in five years, Edinburgh City Council has been hacked again. More than 13,000 email addresses were stolen from the counsel’s database after a “malicious cyber attack” on 26 June.

A spokesman of the council said, “This was a malicious cyber attack on the council’s website which is hosted in a UK data centre. It was dealt with swiftly and at no point were any council services affected.”

“We want to reassure the public the ongoing security of our website is critically important,” he added.

According to a news report published on Edinburgh Evening News, cyber security experts have warned local authorities “don’t stand a chance” against hackers.

“The attack is believed to have taken place on Friday, June 26, with council officials alerted by its data centre provider. No details have been released regarding the source of the attack, which targeted 
the council’s website service provider,” the report read.

The Information Commissioner has been informed of the incident, as has the UK government’s computer emergency response team, which monitors incidents of hacking against the public sector.

The council is now contacting 13,134 individuals who have had their details stolen. Similarly, the city’s director of corporate governance, Alastair Maclean, has been asking them to change any passwords used to access the council’s website.

Napier University cyber security expert Professor Bill Buchanan warned that hackers would be likely to try to use the data in “phishing” scams, which attempt to con victims out of sensitive information like bank details and passwords using bogus e-mails.

“Data like this is worth a lot. It is really quite sloppy to lose that information. Without a doubt, in this case, the intruders could link e-mails to the council in some way. A targeted phishing e-mail could say, in regards to a parking ticket, ‘You contacted us in May, please could you click on this link and give your details. G-mail addresses in particular are quite sensitive because they tend to be the core of your online identity. If an intruder can get into that address, they can access every single account,” Buchanan added.

In December 2011, the personal information of people who had contacted the council’s debt advice service was taken, with potential victims advised to check bank and credit card statements.
Read more »
Hacking News
Data Breach Hacking News

Detroit Zoo victim of a data breach


Service Systems Associates,  third-party operator of the  Detroit Zoo was recently the victim of a data security breach.

The credit and debit card information’s were used for purchases at the zoo’s gift shops over a three-month period.

Patricia Janeway, zoo spokeswoman said that “In addition to credit and debit card numbers, the cyber hackers reportedly gained access to card holders’ names, card expiration dates and three-digit CVV security codes.”

After SSA learned of the data breach, they  installed a separate credit card processing system at its retail outlets.

In preliminary forensic  investigation it was revealed that there was a malicious software,  in SSA’s software.

“We are obviously concerned that the vendor’s system was compromised,” said Gerry VanAcker, chief operating officer of the zoo. “Transactions made since June 26 are not affected by the previous break and it is safe to use a credit or debit card at SSA’s retail locations.”

“The zoo’s IT systems -- including those used for ticket and membership sales -- were not affected by the data breach and are secure,” Janeway said.

Up-to-date information has been provided by the vendor at www.detroitzoo.org/Plan/shopping-in-the-zoo.

For additional information visit www.kmssa.com/creditcardbreach/
Read more »
Security News
Avast IT Security News Security News

Avast announced the acquisition of Mobile Virtualization Company ‘Remotium”


Avast Software, maker of the most trusted mobile and PC security products in the world, on July 8 announced the acquisition of Remotium, a leader in virtual enterprise mobility which technology enables enterprises to extend access securely, simply, and cost-effectively to business-critical applications in a bring-your-own-device (BYOD) environment.

According to a press statement posted by the company, the acquisition of the Silicon-Valley-based start-up will allow Avast to expand its offering of mobile security applications to the enterprise space.

The entire Remotium team has joined the global organization of more than 600 Avast employees.

Like Avast, Remotium, which won "Most Innovative Company" at RSA Conference 2013, solves the challenges of delivering corporate applications to employees’ mobile devices by creating a smooth user experience, while assuring data security and compliance.

The company said that its product, Virtual Mobile Platform (VMP), which enables access to enterprise applications from any mobile or desktop device, allows users to work from anywhere in the office, remotely from their home office or while on business trips.

It is said that the users can connect to their VMP from any device they are using smartphones, tablets, and desktops in order to get access to their corporate tools, apps and data.

Vince Steckler, CEO at Avast, said that the Remotium‘s mobile solutions address the needs of modern enterprises.

"As more and more companies support BYOD policies, the question of how to implement these policies efficiently and securely is top of mind for everyone. With Remotium’s technology, 
companies have visibility and security needed to ensure data integrity and corporate compliance. At the same time, users enjoy increased privacy, as well as apps that look and feel consistent across mobile and desktop platforms. We are pleased to add the Remotium staff to our team together we will further accelerate Remotium’s growth and expand its capabilities across enterprise mobility platforms," he added.

Stephanie Fohn, CEO at Remotium, said, "The Remotium team and I are very excited about joining Avast Software. Avast has a long history in creating innovative, best-in-class security for personal and commercial use. We look forward to extending our technology leadership position and continuing to deliver groundbreaking enterprise mobility solutions to meet the needs of the enterprise.” 
Read more »
IT Security
Cyber Security awareness Cyber Security News IT Security

SEBI comes up with cyber security policy for stock exchanges, depositories and clearing corporations

Securities and Exchange Board of India (SEBI), which established in 1988 to regulate the securities market in India, asked stock exchanges, depositories and clearing corporations to put in place a system that would prevent systems, networks and databases from cyber attacks and improve its resilience.

According to a report published on LiveMint, the SEBI said these Market Infrastructure Institutions (MIIs) need to have a robust cyber security framework to provide essential facilities and perform systemically critical functions of trading, clearing and settlement in securities market.

“As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, the MII should formulate a comprehensive cyber security and cyber resilience policy document to put in place such a framework,” the SEBI said.

It is said that the SEBI also asked the MII to restrict access controls in the time of necessary.
As per which no one will have any intrinsic right to access confidential data, applications, system resources or facilities.

The SEBI has asked it to deploy additional controls and security measures to supervise staff with elevated system access entitlements.

According to the news report, the SEBI Chairman UK Sinha said that attackers are attacking in a more sophisticated manner.  

“We are worried over state-sponsored cyber attacks. There are worries that the vulnerability in markets are increasing. We need to create a framework for future plan of action on securities market resilience,” he added.

The exchanges and other the MIIs would also have to submit quarterly reports to the SEBI, containing information on cyber attacks and threats experienced by them and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs, vulnerabilities and threats that may be useful for other the MIIs.

Along with this, the MIIs have to share the useful details among themselves in masked and anonymous manner using a mechanism to be specified by the regulator from time to time, to identify critical assets based on their sensitivity and criticality for business operations, services and data management.

Likewise, it should maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

The SEBI asked market stakeholders to establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment and also to restrict physical access to the critical systems to minimum. 
Read more »
Hackers News
Breaking News Hackers News

Housing.com hacked within days of CEO's ouster

Within days of its CEO Rahul Yadav’s exit from the company, the website of Housing.com has been hacked.

The homepage of the website shows a cryptic message, which seems as a call for its co-founder.

The defaced Housing.com home page showed the message: “Yes! We will solve the real estate, but 10X better with The Chief Architect.” The Chief architect here, refers to Yadav who was sacked by the Board of Directors, blaming him for his unfavourable behaviour.

(pc- google images)


The page of the website was filled with the following messages.

Yadav has however denied that he by any means is behind the hacking incident. He denied his involvement on his facebook page by saying that, “I would have DESIGNED it better. ‪#‎NotInvolved ‪#‎LoveYouTechTeam".

J Prasanna, director, Cyber Security and Privacy Foundation, a non-profit organization in Bangalore said that, Housing should get a thorough technical assessment of the website. He added that in a live portal, there are more chances of compromising a lot of data of the consumers.

"In this case, the hackers decided to publish the hacking. What if the hackers don't publish this and the data is sold to competitors or rogue elements? These guys did for publicity, but not everyone would do it for fun.", Time of India quoted Prasanna as saying.

Housing.com’s board released announced Yadav’s release on the 1st of July. The board released a statement that day indicating his ouster from the online realty company.

The press release said, “The board believes his behaviour is not befitting of a CEO and is detrimental to the company, known for its innovative approach to product development, market expansion and brand building.” Yadav, the release said, would “no longer be an employee of Housing and be associated with the company in any manner, going forward”.
Read more »
Data Breach
Data Breach

Harvard network systems breached last month

Network systems at Harvard's Faculty of Arts and Sciences and Central Administration were breached last month, according to a security report on the Harvard website.

Harvard is working with an external security investigator to figure out who breached their network, and why?

In the meantime, they have said that as of now, no data is at risk, but still recommend that users take a few precautions.

Harvard has asked members of Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study and Central Administration t change the password of their Harvard accounts.

They have also asked members of Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health to change their email passwords.
Read more »
Subscribe to: Comments (Atom)