Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Tech-giant Microsoft steps in to combat terrorism



(pc-google images)

Tech-giant Microsoft has now braced itself to tackle the never-ending global issue of terrorism. With the internet proving to be a major conduit for terrorist groups to spread violence, Microsoft has reacted to this matter of concern.

In a blog post, Microsoft explained that its services are meant to empower people and not contribute to terrible acts. The company stressed on promoting values such as privacy, freedom of expression and the right to access information.

"Terrorism is one of the truly urgent issues of our time," said Microsoft. "We are committed to doing our part to help address the use of technology to promote it or to recruit to its causes."

“We are amending our terms of use – which already prohibit hate speech and advocacy of violence against others – to specifically prohibit the posting of terrorist content on our hosted consumer services,” the company said.

“There is no silver bullet that will stop terrorist use of the Internet,” Microsoft's vice president Steven Crown told a special Security Council debate on counter-terrorism.

Microsoft will continue using its notice and takedown process for removing prohibited content. Microsoft said it would remove links to terrorist-related content from Bing search results when the takedown would be required of search providers under local law.

"We will remove links to terrorist-related content from Bing only when that takedown is required of search providers under local law," said Microsoft.

The company also has plans to work with non-governmental organisations to offer alternative narratives in its search results.

Microsoft is one of the last major tech companies to issue anti terrorism policies .Twitter, Facebook and others in recent months have taken steps to crack down on the use of their sites for terrorist activity, hateful speech or content promoting violence.



Read more »

Now, Microsoft says goodbye to common passwords



(pc-google images)

After the LinkedIn debacle, Microsoft says it will stop users from choosing easily guessable passwords in a bid to prevent a repeat of the former’s recently resurfaced fiasco. 

Microsoft’s Alex Simons said that his firm will try to avoid the same thing happening to it by preventing users from making lazy choices in passwords. 

(pc-google images)
Following last week's leak of 117 Million LinkedIn customer email credentials, Microsoft has detailed how it's using the leaked list and others like it to prevent Microsoft Account users from picking passwords that appear frequently in stolen data.

Microsoft will soon launch a new Azure Active Directory (AD) feature that will let admins stop users from picking easily-guessed passwords. Microsoft will roll out the feature to over 10 million Azure AD tenants in coming months. 

IT admins will have the ability to lock down corporate email accounts automatically if the username and password for those accounts match credentials in a newly-leaked list.

Microsoft runs the list of compromised credentials through a system that compares hashes of the passwords with those stored with live accounts. If it identifies an at-risk account, Microsoft locks it and prompts the user to verify their identity and reset their password. This capability will be available with Azure AD users.

Andrew Tang, service director of security at MTI said that there is very little risk with the initiative.
“We are trusting Microsoft to store and secure that password, as it will need to be check every time it's used.  Like all other systems, it's just an algorithm to check how the password is structured.”







Read more »

1.4 billion yen stolen in japan atm heist

In Japan an international credit card fraud has come to light in which about 1.44 billion yen or more than $13 million was illegally withdrawn with forged credit cards from 1,400 automated teller machines in convenience stores around the country.

The cash was withdrawn within a space of 5 am to 8 am by more than 100 burglars on May 15. The time chosen avoided immediate detection of criminals.

The thieves apparently went to ATMs like those found in 7-11s across Japan and swiped 1,600 counterfeit South African credit cards, created using information from cards issued by South Africa's Standard Bank. Since the money machines would only let them take about $900 at a time, the hackers made thousands of withdrawal.

Suspecting the involvement of international criminal organization, the police are planning to cooperate with overseas investigative organizations.

According to Reuters Africa, Standard Bank is estimating its total losses at 300 million rand ($19 million). The bank said none of its customers will suffer the losses from the international fraud scheme.

The ATMs are in Tokyo, Kanagawa, Aichi, Osaka, Fukuoka and other prefectures.

Police intend to identify the suspects by analyzing the images recorded by security cameras. They also plan to examine how the credit card data was leaked, in cooperation with the South African authorities via Interpol.

The fraud came to light following a report from a bank that installed some of the ATMs.

The heist comes as credit card networks like Visa and MasterCard are trying to move world markets toward uniform acceptance of chip-based cards, which are considered less vulnerable to fraud than magnetic stripe cards.
Read more »

TeslaCrypt releases master key as it shuts down

TeslaCrypt has shut down and the security researchers of ransomware have created a tool that can decrypt files affected by recent versions of the malicious program.
Over the past few weeks, an analyst for ESET had noticed that the developers of TeslaCrypt have been slowly closing their doors, while their previous distributors have been switching over to distributing the CryptXXX ransomware. 
When the ESET researcher used the support chat on the Tesla payment site to ask if they would release the master TeslaCrypt decryption key. To his surprise and pleasure, they agreed to do so and posted it on their now defunct payment site with an apology for their acts.
“Project closed, master key for decrypt XXX…XXX, we are sorry.”
It is hard to believe that the crooks really were sorry, but it seems that the master was genuine. The decision appears to kill off the net menace.
TeslaCrypt, which first appeared in early 2015 often targeted gamers, landed on systems through malicious downloads; web domains which load exploit kits and phishing campaigns. As ransomware, TeslaCrypt infected systems and encrypted user files, sticking up a landing page and removing access to the PC until a ransom is paid, usually in virtual currency Bitcoin.
What made TeslaCrypt a particularly severe case is that the developers behind the malware were very active, and researchers found it difficult to crack the software before new, even more sophisticated versions were released into the wild.
The program had some moderate success in the beginning, earning its creators $76,522 in less than two months. However, in April 2015, researchers from Cisco Systems discovered a flaw in the ransomware program that allowed them to create a decryption tool for some of its variants.
The number of TeslaCrypt attacks spiked in December and starting with version 3.0.1 of the program, which appeared in March, all encryption flaws were fixed and the existing decryption tools were rendered ineffective. That lasted until Wednesday.
A TeslaCrypt expert has been able to use the master key to update the TeslaDecoder decryption software to unlock all versions of the ransomware which are encrypting files with the .xxx, .ttt, .micro, .mp3 or extensionless files without giving into the malware's demands for payment.
With the release of the master decryption key for TeslaCrypt, victims can now download TeslaDecoder to decrypt files encrypted by TeslaCrypt.
Each computer, or more commonly each file, uses a unique, randomly chosen key that is never saved on disk, so it can’t be recovered directly.
Instead, the file encyption key is then itself encrypted using a public key for which only the crooks have the corresponding private key.
It is all-but-unheard-of for ransomware authors to release a master key capable of decrypting all infected files.



Read more »

Adobe Patches Flash Zero-day Vulnerability



(PC-GOOGLE IMAGES)
Adobe has released a patch to fix several security-related problems with its Adobe Flash Player. Adobe released its monthly security patch that included fixes for 25 security issues, including the zero-day. It has updated Flash Player for Windows, Mac and Linux to address the vulnerabilities.


The company made an announcement to draw attention to the zero-day exploit (CVE-2016-4117) discovered by security researcher Genwei Jiang from FireEye.


While Adobe’s pre-notification advisory only mentioned CVE-2016-4117, an advisory published by Microsoft for Flash library updates for Internet Explorer and Edge showed that a total of 25 flaws would be fixed.

Adobe has also released updates for Reader, Acrobat and Cold Fusion to fix nearly 100 vulnerabilities.


Last month, Adobe had pre-announced and patched a similar Flash zero-day that allowed attackers to deliver the Cerber and Locky ransomware families.


Updates for Flash running on Windows, Mac and Linux have been released and are available for download. The latest Adobe Flash Player version numbers are 21.0.0.242 for Windows and Mac, and 11.2.202.621 for Linux distros.
Read more »

FBI, India and Iphone Hacking

There have been talks that India and FBI should join hands for important investigations where hacking of iphones is involved  as India can easily jailbreak into Iphones and can decrypt all the encrypted data.  

According to Indian government , they have been actively working to keep its electronic devices and forensic tools up to date. According to New Indian Express, Ravi Shankar Prasad, India's Communications minister said that "A tool for mobile forensics has been developed, which handles smart phones including Apple phones" 

But it has not been specified that which version of IOS are susceptible to India's forensic tools. There have been tug of war between Apple and FBI over encryption and privacy. 

FBI obtained a court order demanding Apple create a version of iOS that didn't include the safeguards preventing brute force attacks on lockscreen passcodes. Apple resisted and said the government didn't have the authority to force companies to make tools that defeated their product's security features.

In one of the cases, FBI agents were trying to get access of Iphone 5C of a San Bernardino mass shooter Syed Farook who was killed in police shootout and  only he had the passcode for his phone. Later on, FBI found the third party for hacking into his phone and dropped that case . 

According to FBI, there should be easy access to encrypted data and private data, else criminals and terrorists can go "dark", while technology companies deny to grant access to private data and secured features as it can be exploited by others and it will not be in sync with consumers interests.

Both Indian govt and FBI believes in easy access of  encrypted data and security, but Indian govt is not in favour of backdoor practices to access privacy , while FBI is pushing hard for backdoors, so currently it seems that both can't team up together after all. 
Read more »

Hackers infiltrate another SWIFT bank

Cyber hackers infiltrated an unnamed bank on Thursday (May 12) using malware to target a PDF reader which allowed them to transfer money and tamper with bank documents, global bank transfer co-operative SWIFT said.

SWIFT is a Belgium-based society for Worldwide Interbank Financial Telecommunication. More than 11,000 global banks securely transfer billions of dollars every year through the society.

SWIFT spokeswoman, Natasha de Teran said that one of its members was attacked by cybercriminals in a similar way that led to February’s $81 million cyber heist at the Bangladesh central bank.

It was not immediately clear how much money, if any, was stolen in the second attack.

Though Teran declined to reveal the name of the bank, but a UK-based security firm, BAE Systems, said in a blog post that it believes the second victim is a commercial bank in Vietnam.

BAE isn't directly involved in the investigation, but analysed malware samples uploaded to public repositories from locations in both Bangladesh and Vietnam and found a match. BAE said details in the code from the Bangladesh and Vietnam hacks also match a third breach, the devastating 2014 attack on Sony Pictures, which US officials attributed to North Korea. BAE said the match indicates that the same hackers may be behind all three attacks

Confirmation of a second attack on a bank will likely increase scrutiny on the security of a network that is a linchpin of the global financial system.

SWIFT said in a statement that the attackers exhibited a "deep and sophisticated knowledge of specific operational controls" at targeted banks and may have been aided by "malicious insiders or cyber attacks, or a combination of both."

SWIFT said that hackers managed to steal enough information from a member bank that allowed them to transfer funds via SWIFT's network because the transaction would have looked legitimate and had the right credentials.

SWIFT has acknowledged that the scheme involved altering SWIFT software to hide evidence of frauulent transfers, but that the messaging system it controls was not compromised.

SWIFT's network is believed to be among the most secure ways in the world of transferring money, but two major breaches in the span of as many months is a concerning development for the people who run the communications network that underpins the world's financial system.

In its warning, Swift said customers using PDF reader applications to check confirmation messages should take particular care.

The attempted theft of almost $1 billion has prompted central banks around the globe to review defenses against hackers, along with calls by US government officials to beef up security.


Read more »

Fast-food Chain Wendy's Admits POS Security Breach




North American fast-food chain chain Wendy’s confirmed that a recent data breach has hit around 300 of the burger chain’s 5,500 franchised stores, or about five per cent of all its restaurants in North America.

Wendy’s issued the confirmation, five months after reports of a possible data breach. In January, reports about a possible point-of-sale (POS) data breach at an undisclosed number of locations affiliated with the Wendy's and its chain of quick-serve restaurants. On May 11, in its fiscal 2016 first-quarter financial report, the company officially confirmed that some of its locations were the victim of a POS data breach.

In its press release, Wendy's noted that the Aloha point of sale system installed in all company-operated restaurants and most franchise-operated restaurants was not impacted by the malicious activity.

"The company has worked aggressively with its investigator to identify the source of the malware and quantify the extent of the malicious cyber-attacks, and has disabled and eradicated the malware in affected restaurants," Wendy's stated. "The Company continues to work through a defined process with the payment card brands, its investigator and federal law enforcement authorities to complete the investigation."

Tod Beardsley, security research manager at cybersecurity specialist Rapid 7, believes the breach illustrates a number of recurring themes with point-of-sale system-based financial crime. “The length of time the compromise went undetected, then unmitigated, is troubling news for any retailer that depends on a third-party POS vendor for security.”
Read more »
Subscribe to: Comments (Atom)