Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Compromised LinkedIn accounts used to send phishing links

Phishing continues to be a criminals’ favourite for harvesting user credentials with more or less sophisticated social engineering tricks.

Recently, LinkedIn and Wells Fargo have found themselves once again at the center of a cyber issue. The hackers are using compromised LinkedIn user accounts to send phishing InMails posing as a Wells Fargo document, to their contacts via private message but also to external members via email, in an attempt to steal credentials and personal information.

The campaign was first spotted by security researchers at cybersecurity firm Malwarebytes. Malwarebytes Senior Researcher Jerome Segura wrote in a blog that the current crop of phishing attacks use trusted accounts that were hacked, including Premium membership accounts that have the ability to contact other LinkedIn users (even if they aren’t a direct contact) via the InMail feature. The fraudulent message includes a reference to a shared document.

Like most phishing scams, the initial contact appears innocuous. Segura said the target receives an InMail stating:

I have just shared a document with you using GoogleDoc Drive

Most appear as if the LinkedIn user is sharing a Google Drive file with the victim and contain a malicious link, obscured by a URL shortener to hide its true destination. The link then redirects to a phishing site for Gmail and other email providers which require potential victims to log in. Those who proceed will have their username, password, and phone number stolen but won’t realize they were duped right away. Indeed, this phishing scam ends on a tricky note with a decoy document on wealth management from Wells Fargo.

URL shorteners are a well-known vehicle for spreading malware and phishing scams but they are also used for legitimate purposes, especially on social media where long URLs tend to be too cumbersome. In this attack, the perpetrators are abusing both ow.ly and a free hosting provider (gdk.mx) to redirect to the phishing page, itself hosted on a hacked website.
Read more »

Bangalore’s power discom website hacked

The website of power discom Bangalore Electricity Supply Company (Bescom) was hacked on Monday around 8.30pm. As a result, customers were unable to pay their bills or browse through the website-www.bescom.org-as they were redirected initially to a webpage advertising a lottery and then to a YouTube video discussing bitcoins.

Bescom confirmed that the website was hacked and that the technical team was trying to know the reason behind it.

A consumer stated told ‘The Hindu’ that the website was resolved around 10am.

The website is managed by Pyrumas, a technical solutions provider. On Tuesday evening, the website for Pyrumas was flagged by Google as containing malware and some sections of the website were advertising web domains for sale.

“We’ve asked the company to give us a report listing how this happened,” P. Rajendra Cholan, managing director, Bescom told The Hindu.

The official added that the payments section of the website redirects to another portal and a payment gateway which are unlikely to be affected by the hack.
Read more »

Equifax blames flaw in Apache Struts software for the data breach

Equifax, the credit scoring company that suffered a data breach that impacted as many as 143 million Americans, has blamed Apache Struts’s software flaw in its online databases as the real cause of its security breach.

Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java.

Jeffrey Meuler, an analyst at Robert W. Baird & Co., was told by the company that the breach had compromised the name, social security number, birthdate, and home address of its customers, which has prompted at least three congressional committees to consider probing the incident.

Jeff Williams, cofounder and CTO at Contrast Security, wrote in a blog post that two Struts flaws “jump out as possibilities” – CVE-2017-5638, an expression language vulnerability that was disclosed in March, and CVE-2017-9085, a single HTTP request containing an unsafe serialized object that was disclosed in September. The former “is far more likely, but the second is a very remote possibility” because the earlier flaw is “easier to exploit and much better known. It also fits the timeline better, since it was released months before Equifax was attacked in July,” Williams wrote. To exploit the latter flaw, attackers would have had to have had it before its public release.

However, “for either vulnerability, the process is basically the same. The attacker sends a specific HTTP request containing some special syntax. In one case, an OGNL expression. In the other, a serialized object,” he said in comments emailed to SC Media. “The Equifax Struts application would receive this request, and get tricked into executing operating system commands.”

The report noted that the Struts open source software system is used by approximately 65 percent of Fortune 100 companies, including Lockheed Martin, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot and Showtime.

Equifax appears to be utterly and completely clueless about their own technology. Equifax's own data breach detector isn't just useless, it's untrustworthy.
Read more »

Two Russian Hackers Stole 250,000 Rupees from ATMs

Two hackers from the Mari El(capital city of Yoshkar-Ola, Russia) will be convicted on burglary charges. According to the Prosecutor's Office of Republic, the 25-year-old and 30-year-old youth used a malicious program to hack ATMs.

In may 2017, the accused came to Ufa to steal money from ATMs. During the night they connected to the convenience ATM, hacked it and took out 224,000 rubles (250,000 rupees).

When the accused tried to repeat their act on another ATM, they were caught by police. Bank employees noticed suspicious individuals on the online security cameras and called the police.

The criminal case will be instituted in the Ufa court.

- Christina
 
Read more »

Norway back to Manual Counting in Parliamentary elections

Polls for the Parliament elections in Norway held on Monday,the results of the polls are expected after Tuesday . Amidst all the hacking threats internationally , the Norwegian government decided to counter check poll results manually along with the computer.

The Police Security Service (PST) and the Norwegian National Security Authority (NSM) along  with the Directorate of Elections made risk analysis, According to the reports from that assessment there were no alleged hacking attempts to the election systems,however considering hacking threats across both domestically and internationally, the Norwegian government decided to go for old paper counting method.

Norway is the second country in Europe to go back to old manual counting, Netherland was the first
country in Europe  to go back to manual counting back in March after security experts and hackers
claimed Dutch electoral security systems to be weak.One hacker claimed iPad security to be better than the Dutch electoral system.

Minister of Local Government and modernization, Jan Tore Sanner, said that the security measures for the computer systems will be improved. "Security and trust are vital to the conduct of elections. We shall not be naive, nor allow for any uncertainty around the security of Norwegian elections. The voters will rest assured that the election results are accurate. After new threat assessments undertaken in collaboration with the NSM and PST, we have decided to initiate additional security measures" , says Sanner.

This year various institutions in Norway,including Foreign Ministry,Police Security, parliament members from the Labour party, have been targeted by the hackers.The hacking attempt was traced to a Russian  Security service FSB  named by  Cozy bear. The accused group was linked with the hacking of US election campaign.

Along with national parliament elections, Norway also held elections to the Sámi parliament on Monday. Almost 17,000 people were supposed to vote for the Sami parliament.









  


Read more »

Hackers warn of flaws in German election software

A trio from Chaos Computer Club, a German collective of hackers and security researchers has warned that software used to record and transmit voting tallies in many German states has "serious flaws" and is vulnerable to external attack just three weeks before voters cast their ballots in federal elections. Germany is scheduled to hold federal elections on September 24.

Hackers fear as Russian intervention appears to be exaggerated.

IT specialists Thorsten Schröder, Linus Neumann and Martin Tschirsich analyzed the software PC-Wahl created by vote iT, a German company that claims the organizational software is used in "all the large German states for local district elections, state elections, Bundestag elections, European elections, and referendums." This program is used for recording, counting, displaying, and analyzing votes in German elections. The hackers found they could corrupt the updates from the server controlling that software to re-tabulate votes at will, with potentially disastrous consequences for the country's parliamentary election. The CCC says that VOTE-IT, the company behind the software, privately fixed the security flaws the group exposed while publicly refusing to acknowledge the vulnerabilities.

Hackers from the Chaos Computer Club published an analysis of the PC-Wahl software package on Thursday (September 7) in which they reported finding a "host of problems and security holes" that even a moderately skilled hacker -- let alone a state-sponsored team -- could exploit.

"The analysis showed a number of security problems and multiple practicable attack scenarios. Some of these scenarios allow for the changing of vote totals across electoral district and state boundaries," a CCC statement said.

The trio of analysts came to the conclusion that while the final election results could not be changed – since they are checked by hand – the on-the-night preliminary results that politicians first react to and are used in the media could easily be altered, potentially creating massive uncertainty in the country.
Read more »

FSB may be responsible for cyberattacks response system

A document issued on the Russian legal information website on Friday stated that the Russian Federal Security Service (FSB) may expand its authority in the state system of detection and management of cyberattacks.

In the draft, a proposal has been put forth to amend the president’s decree on establishment of the state system of detection, prevention and elimination of consequences of cyberattacks on Russian digital resources. The President’s decree was announced on January 15, 2013. The amendments if accepted will entrust the FSB with ensuring the maintenance of this system.

The document stated that the FSB should “organize and carry out work on ensuring operation of the state system and control it.”

President Vladimir Putin signed a package of government bills in July to protect the critical information infrastructure against cyberattacks into law. Legally the critical infrastructure includes government digital systems and telecommunication networks, nuclear and aerospace industries, among other areas.

According to the bill, creating malware and causing damage to critical infrastructure may be punishable by up to 10 years of imprisonment. The law will be enforced on January 1, 2018.
Read more »

28M accounts of Latin American social media website hacked


A Reddit-like social media website in Latin America,  Taringa ha suffered a massive data breach which affected more than 28 million registered account users.

A data breach notification website,  LeakBase was the first one to get their hands on the database. And after scanning the database, it was revealed that total 28,722,877 records were stolen from the site which includes usernames, email addresses, and their passwords hashed with MD5 algorithm.  

Hackers were able to hack 100% records from the site. But it is still unclear how LeakBae got to hold on the database, and who was behind it. 

Taringa has confirmed about the data breach in their security notice. According to them, it happened on 1st August, but hackers were not able to access phone numbers and Bitcoin wallets addresses.

“We suffered an external attack that compromised the security of our databases and the code of Taringa,” the notice said.

The users are now being advised to change their passwords. 
Read more »

The Russian Ministry of Internal Affairs detained a Hacker group who stole money through phishing

Official Representative of Russian MIA Irina Volk said that the investigators received information about unknown persons, who were creating phishing websites - completely copying the appearance of popular payment systems and air ticket services.

Hackers used phishing websites to steal money from Bank accounts and from online wallet of the citizens.

According to the MIA, phishing websites allowed hackers to obtain payment details of large number of victims nationwide and to make unauthorized money transfer to pre-arranged Bank accounts.

The leader of the group was detained in Kazan(largest city of the Republic of Tatarstan, Russia.). In particular, he bought the credit card, which were used for the withdrawal of the stolen money. Another hacker created software codes and scripts, made server administration and maintained work of phishing websites. He was detained in the Krasnodar region.

During the searches, computers with the software tools, which were used to carry out criminal activities, and Bank cards were found and seized. Criminal proceedings were instituted under article 272 ("Illegal access to computer information") and 158 ("Theft") of the Criminal code of the Russian Federation. Detainees were arrested by a court decision and made a confession statements.

- Christina


Read more »

Equifax Hackers hacks Personal details of 143 million users

Equifax Inc, a credit card monitoring company, said on Thursday that personal details of more than 143 million U.S. consumers were compromised by hackers in mid-May and July.

The data obtained by the hackers include — Social Security numbers, birthdates, address histories, legal names, and in some cases, driver’s license numbers were exposed.  About 209,000 US consumers credit card numbers were also accessed.

The shares of the company fell nearly 19 percent after investors reacted to possible exposure of sensitive data of nearly half of the U.S. population.

“This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do,” said the company’s chairman and CEO Richard Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

Equifax said information of some UK and Canadian residents was also gained in the hack.
The Federal Bureau of Investigation is investigating the hack.

An analyst with CreditCards.com, Matt Schultz said, "The credit freeze is the nuclear option of credit protection. But in the wake of a breach this big, it's worth considering."

Read more »

Coinbase exchange is the new target of TrickBot banking trojan

In the world of malicious software, banking Trojans are nothing new. In fact, this type of malware has been around for as long as most people can remember. What is rather peculiar is how the TrickBot banking Trojan no longer just targets banking portals, but also the Coinbase exchange.

According to a recent version spotted in a distribution campaign by cybersecurity firm Forcepoint on August 29, the TrickBot banking trojan has added support for stealing funds stored in Coinbase.com accounts, the currency exchange site that operates exchanges between Bitcoin, Litecoin, and Ethereum to name a few. Though it seemingly cannot bypass 2FA on its own.

That is pretty disconcerting news for Bitcoin users who rely on this platform. It also shows cryptocurrency is attracting more interest from cybercriminals than ever before. Users of this exchange platform need to be extra wary when dealing with new types of software and conduct regular malware scans to keep their information safe.

The cybersecurity firm has also pointed out that they have captured, “8,600 related emails...with the UK, Canada, and France as the top three targets.”

The TrickBot banking trojan appeared in the autumn of 2016 and most experts believe it was developed by some of the developers who worked on the now defunct Dyre banking trojan, some of whose operators were arrested in late 2015 in Russia.

The involvement of malware coders with serious expertise was obvious from the beginning, as TrickBot was a well put together malware strain that featured many advanced features right from the get-go.

Every single time this malware makes headlines, it is because the project becomes even more versatile than it was before.

Following the analysis of said 8600 emails, Forcepoint noted an addition to their list of targets: Coinbase.com., is now a principal objective for the malware.
Read more »
Subscribe to: Comments (Atom)