Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Malware Hits CCleaner Security App


A popular cleanup tool CCleaner, file clean-up software run by an anti-virus company Avast,  for 32-bit Windows machines has been hit by a nasty malware, which might affect more than 130 million users.

The users are advised to update their software immediately after researchers discovered criminal hackers had installed a backdoor in the tool, in order to dodge being the victim of the malware.

The malware has affected the regular and cloud-based versions of CCleaner. The infected application allows you to download other malware like ransomware or keyloggers.

Security researchers at Cisco Talos were the first one who spotted the malicious code on September 13 after CCleaner 5.33 caused Talos systems to trigger its malware protection systems, "the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers."

According to the researchers, it has 2 billion downloads and every week they are getting 5 million extra, making the threat more severe than thought.

Talos’ researchers published a blog post in which they compared this malware with NotPetya ransomware that caused havoc around the world in June this year.

Piriform—CCleaner's UK-based developer, which was acquired by Avast in July, has sought to ease concerns of the users. Paul Yung, vice president of Piriform, wrote a post: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.

"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.

"Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."

Yung explains:

‘’At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it. The investigation is still ongoing ...

Again, we would like to apologize for any inconvenience this incident could have caused to our clients; we are taking detailed steps internally so that this does not happen again, and to ensure your security while using any of our Piriform products. Users of our cloud version have received an automated update. For all other users, if you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher, the latest version is available for download here.”

Updated versions of CCleaner and CCleaner Cloud have been released; users are advised to download the latest version of CCleaner.  
Read more »

Xafecopy Trojan Steals Money From Your Phone!

(pc-Google Images)
Cyber security firm Kaspersky’s report suggests that a new malware Xafecopy Trojan has been detected in India which steals money through victims' mobile phones.

The trojan enters the mobile through apps such as BatteryLife, without affecting the functioning of the mobile phone. The trojan secretly loads malicious code onto the device.

After the codes being loaded, the trojan gets activated and begins opening web pages using the Wireless Application Protocol (WAP) billing – a form of mobile payment – which adds cost directly to the phone user’s post-paid bill. The process also does not require user to register a debit or credit card or set up a username and password. The malware uses technology to bypass 'captcha' systems designed to protect users by confirming the action is being performed by a human.

Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico.
Read more »

How To Protect Your Phone From Xafecopy Trojan

(pc-Google Images)
The latest in the series of ransomware and malware attacks is the Xafecopy trojan, which steals money from your infected mobile phone as reported by a Russian based internet security firm Kaspersky.

Kaspersky Lab experts have uncovered this mobile malware, which targets the WAP billing payment method, stealing money from victims' mobile accounts without their knowledge.

The Xafecopy Trojan is categorised as a malware because it gets side loaded along with other useful apps and then loads malicious code onto the device. Once the app is activated, the Xafecopy malware keeps tabs on webpages via Wireless Application Protocol (WAP) billing — a form of mobile payment that charges fees directly to the user's mobile phone bill — thereby siphoning money without ever getting noticed by the victim. Because the malware works through WAP billing it requires a mobile data connection to operate and, therefore, the Trojan malware automatically disables the wireless connection.

If you notice that your smartphone turns off the wireless connection randomly, there is a need to get your phone checked.

How to protect devices from Xafecopy and other malwares 

• Prohibit the installation of apps from unknown sources. This type of Trojan can be distributed through advertisements, and with this prohibition in place, you simply will not be allowed to install them.
• Make sure to use premium Antivirus software, which also provide malware protection and internet security
• Most of the telecom operators provide the option to disable WAP billing from the backend. Get the service suspended by getting in touch with a telecom operator.
Read more »

Eugene Kaspersky accepts invitation to testify to US Congress

Eugene Kaspersky, co-founder and CEO of Russian security firm Kaspersky Lab, accepted an invitation to testify U.S lawmarkers.

ABC News reported that "Kaspersky Lab" is under close scrutiny for supposed links with the Russian intelligence services.

The Kremlin considered that  the decision regarding "Kaspersky Lab" is politicized. The Press-Secretary of the President, Dmitry Peskov, explained this Company is entirely commercial, it has commercial services, and commercial services are superior competitiveness in the world.
He added that Russia will do everything possible to protect the interests of Russian companies abroad.

The Chairman of the State Duma Committee on Information Policy, Information Technologies and Communications, Leonid Levin, noted that the deletion of "Kaspersky Lab" from the GSA can be seen as new sanctions against Russian companies working abroad.  According to him, the obstacles in the distributing of modern technologies prevent the establishment of trust relationships between countries.

Later "Kaspersky lab" offered to provide information about the company's development to the American authorities, but they did not respond. Soon the Department of Homeland Security said that they concerned about requirements under Russian law, that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The Press Service of "Kaspersky Lab" answered that the US DHS did not correct understand statement about the Russian Legislation, because the information, which comes from clients "Kaspersky Lab", is protected.

The Russian Embassy in the United States regretted the latest events on its website. According to the Russian Diplomatic Mission, the decision of the US Authorities is distracting from working together to address priorities, for example, terrorism.

According to the Press Service of "Kaspersky Lab", the Company will certainly provide all the information to confirm, that the US decision has no REASON.

- Christina
Read more »

Equifax Security Breach: Top Officials steps down



Equifax, a credit rating, and reporting firm have revealed that their two-high ranking executives David Webb and Susan Mauldin announced their retirement from leadership roles after the company suffered a massive data breach which impacted up to 143 million Americans.

According to the Equifax, the security team of the company observed suspicious traffic for the first time on July 29, and then on the next day, they discovered more suspicious activity.

The security team immediately blocked the servers running the US online dispute portal web application.

The hackers were able to access names, Social Security numbers, birth dates, addresses and some driver’s license numbers.

Equifax’s president, Patricio Remon, said: “We apologize for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes.”

Equifax sends alert to its customer after the Information Commissioner’s Office (ICO) ordered them to send alert to all British customers that hackers had exploited a website application to access its files.

The ICO’s spokesman said: “It is always a company’s responsibility to identify UK victims and take steps to reduce any harm to consumers.

“The Information Commissioner’s Office has been pressing the firm to establish the scale of any impact on UK citizens and have also been engaging with relevant US and UK agencies about the nature of the data breach.

“It can take some time to understand the true impact of incidents like this, and we continue to investigate.

“Members of the public should remain vigilant of any unsolicited emails, texts or calls, even if it appears to be from a company they are familiar with.

“We also advise that people review their financial statements regularly for any unfamiliar activity.

“If any financial details appear to have been compromised, victims should immediately notify their bank or card company. If anyone thinks they may have been a victim of a cybercrime they should contact Action Fraud.”

Equifax’s Chief Information Officer David Webb will be replaced by Mark Rohrwasser, head of International IT operations.

While, Chief Security Officer Susan Mauldin will be replaced by Russ Ayres, ex-Vice President in the IT organization.


Read more »

Lithuania is scared of Russia, because their trains are equipped with Russian computer system GLONASS

It turned out that the information about concrete locomotive: cargo, location, speedy, can see not only employees of the State Enterprise Lietuvos geležinkeliai, but also the Russian service.

Some of the important Lithuanian state institutions and strategic enterprises are still using "unsafe Russian computer hardware". It allows you to hack the system and manage it.

Politicians pay attention to the fact that the Lietuvos geležinkeliai is already for five years using a security system of Izhevsk Radio Factory, belonging to the Russian military complex. It has been implemented even in the new locomotive, made in Germany. Its basis is the Russian satellite navigation system GLONASS, which allows Russia to provides the coordinates of any military transport.

However, technologies with "unsafe Russian hardware" is already changing to new "clean", but to complete the work need a couple more years.

Member of National Security and Defence Committee of the Parliament, Laurynas Camunas, said that, theoretically, Russian services can stop the train even at a distance. It can lead to many problems.. Railways are very important in any military operation. So, he hopes that Government will solve this problem as soon as possible, and in the future theoretical possibilities to control such processes will not exist.

The Ministry of Defence plans in September to run cybersecurity test. The experts appreciate not only the safety of Railways, but also the safety systems and other strategic Enterprises and Institutions. Vice-Minister of Defense Edvinas Cerza confirmed that major incidents had been not recorded, although there have been attempts to hack the system.

The names of the strategic Enterprise and Institutions still use "unsafe Russian computer hardware" are unknown.

- Christina
Read more »

Beware of vulnerabilities found in bluetooth

Researchers have discovered a way to take control of your android phones,laptops , smart home devices or Iphones through bluetooth
connection. Millions of devices currently in use across the world are under hacking threat due to this bluetooth vulnerability.

Bluetooth allow devices to connect wirelessly over short distances, this vulnerability could be used by hackers to take control of devices
and extract data from the connected device. because bluetooth technology is enabled in most of the modern devices ,all the brands
including Apple, Microsoft and Samsung are under threat and irrespective of the operating system used in the device the attack can be
carried out. This takes almost all modern devices under serious threat.

According to the researchers at the Security research firm Armis, The researchers managed to hack Samsung galaxy phones, Google
Pixel smartphone,Samsung tablets,car audio systems and LG Sports watch using bluetooth hack.

"The BlueBorne attack concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air," One of the researchers at Armis said.

According to the Armis researchers, the problem has been traced to billions of Android,Samsung, Microsoft, Linux devices and Any  iPhones and iPapds that are not updated to iOS10 or later are also under threat.

The attack allows hackers to steal data and take control over the camera of the device remotely from a very short distance.The attack remains undetected by most security methods , thus making the  attack more dangerous. "Unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file," Armis said. "No action by the user is necessary to enable the attack."

According to the Armis, Microsoft, Linux and Google have released patches that fixes the problem while Samsung, the leading producer of smartphones did not respond regarding the security update
The attack allows hackers to steal data and take control over the camera of the device remotely from a very short distance.The attack remains
undetected by most security methods , thus making the  attack more dangerous. "Unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file,"
Armis said. "No action by the user is necessary to enable the attack."

According to the Armis, Microsoft, Linux and Google have released patches that fixes the problelm while Samsung, the leading producer of smartphones did not respoond regarding the security update
Read more »

Mass mining in the Russian Federation: a cyber terrorist trained before the presidential elections

Many Russian State buildings received anonymous bomb messages. So, mass evacuation from the buildings of schools, universities, cinemas, railway stations and shopping centers taken place in large cities of Russian Federation.

First mass evacuations began in Perm. The anti-terrorist Commission of the region said that the leaders of the banned terrorist organization "Islamic state" reported on the implementation of terrorist acts. The city administration canceled lessons in all schools and institutions.


In Yekaterinburg during the night Attackers sent messages about bombs in three buildings: in the shopping center "Greenwich", bus terminal and business center "Marshal". The identity of the telephone terrorist is still establishing.


In Surgut the major FSB inspection of cars taken place in different parts of the city. The resident of the city made post in social network that police stopped everyone, blocked the road. There were a lot of men in camouflage with guns and helmets.

In the press-service of FSB said that anti-terrorist exercises has taken place in region.

In Vladivostok, in Yuzhno-Sakhalinsk citizens were evacuated from shopping centres and bus stations. In Magadan after the terrorist call the citizens were evacuated from the two cinemas, several universities, schools and market.
In Stavropol similar messages were received throughout the day. According to prosecutors, police received 42 bomb messages.

The Procurator General instituted criminal proceedings. Telephone terrorist faces up to three years imprisonment.

The information security specialist, Andrey Masalovich, said that such attacks will only increase. The main year for cyber-terrorists will be 2018, when the election will be held.

Andrey is sure that the motive of recent attack seemed be political.

"We see the result of a coordinated, socially-oriented political force. I think that it is not of Russian origin. But, maybe, it is of Russian origin, but purchased", - said the information security specialist.

According to experts, Government should not relax. In the pre-election year, and especially in 2018 such attacks will only increase.

- Christina
Read more »

Russian hacker was forcibly kept in Czech asylum

According to the lawyer representing the interests of the cybercriminal, in the asylum of the Czech Republic the Russian hacker was forcibly kept. According to hacker Evgenii Nikulin, he was not aggressive, but a few days he was tied to the bed.

Nikulin emphasized that in asylum he was not only forcibly kept for no reason, but also doctors gave him some medicines and made injections.The lawyer has already started to collect relevant documentation from the asylum. It's interesting that Russian hacker had no previous mental health problems.

It turned out that the Czech special services with the FBI detained Russian hacker, who is suspected of illegal activities with some American companies. Moreover, in Russia Nikulin was accused of stealing money from e-wallets. More than 100 thousand rubles (111 000 rupees) were stolen from e-wallets.

Nikulin and his lawyer described this situation as violation of human rights, because there was no reason to kept Nikulin in asylum. However, the investigation is continuing.. The intelligence agencies also tried to get a hacker to confess interference in the US elections..

- Christina
Read more »

North Korea is interested in Bitcoins

North Korean hackers have increased the attacks on cryptocurrency exchanges of South Korea. Recently, they have breached an English-language bitcoin news website and collected bitcoin ransom payments from global victims of the malware WannaCry. 

According to a report from cybersecurity firm FireEye, within past six months, they have tracked at least five attacks on bitcoin exchanges or individual bitcoin wallets. Most of the targets were South Korea-based exchange Yapizon.

"Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds," FireEye wrote on their blog.

In June, South Korea’s top crypto exchange Bithumb was hacked, While earlier this month only, the country’s top Ethereum exchange is said to have lost over $1 million via a breach.

"Add to that the ties between North Korean operators and a watering hole compromise of a bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner, and we begin to see a picture of North Korean interest in cryptocurrencies, an asset class in which bitcoin alone has increased over 400% since the beginning of this year," FireEye report.

There has been an exponential increase in the bitcoin, it touched to $5,000 per coin this month, and Ethereum, which has gone from $8 per coin in January to around $300 today. 

“It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential,” FireEye concluded.
Read more »

Android Malware outbreaks affected 21.1 million users

A team of researchers from Check Point has claimed that they have found one of the biggest malware which could have infected more than 21.1 million victims.  

The team named this malware as ExpensiveWall after it’s quality of hiding inside wallpaper apps. The researchers had warned that the malware sent fraudulent premium SMS messages and charged for fake services.

According to the data from Google Play, ExpensiveWall infected at least 50 apps, which together were downloaded between 1 million and 4.2 million times.

Daniel Padon, a mobile researcher at Check Point told Forbes, “ExpensiveWall was probably second only to Judy, though he couldn't put an estimate on how much the criminals made in the latest explosion in SMS fraud.”

Google hadn't responded to a request for comment by Forbes.

The team of researchers told Google about the malware findings on August 7. While, Google immediately removed incriminating apps, and in response to this the hackers uploaded another sample to Google Play that infected at least 5,000 devices.

ExpensiveWall also stores the data about the infected device, including location and IP address. The hackers could force users to click on online advertisements, another money-making scheme to obtains the maximum profit out of it. 
Read more »
Subscribe to: Comments (Atom)