Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Banking malware develop profit-sharing partnership

Banking malware vendors used to compete for victims by seeking out and deleting the competitor’s malware if it was found to be already installed on the victim’s system. However, now the groups behind IcedID and Trickbot malware which is the latest version of the “Dyre” banking malware are playing nice with each other, says Flashpoint.

Malware creators are collaborating and developing the software in such a way that will allow them to share profits from a successful attack on the victim. Researchers first spotted the IcedID malware in November 2017.

Flashpoint says it has evidence suggesting the operators of the Trickbot and IcedID botnets have gotten into some kind of a profit-sharing arrangement in which they are using each other's malware and infrastructure to cash out victim bank accounts.

A team from IBM’s X-Force Research have published a report claiming to have spotted a new banking malware spreading via spam campaigns. The computers that are compromised will have been infected with an Emotet downloader which will then grab the IcedID from the attackers’ domain.

Such partnerships are extremely rare in the cybercrime world where rival groups are more likely to rip each other's malware out of victim systems than collaborate on a malicious campaign. For enterprises, the trend could spell new trouble.

Most of the researchers thought that Emotet was compromised by the operators of the “Dridex’ banking trojan. IcedID is used to maintain persistence within the infected machines.

“This collaboration indicates that sophisticated botnet malware operators will … team up to defeat anti-fraud measures in place when [a] reasonable profit-sharing agreement can be reached amongst various groups,” says Vitali Kremez, director of research at Flashpoint.

IcedID and TrickBot use token grabbers, redirection attacks and web injections to steal banking credentials when a user logs into their bank account. The malware attempts to become deeply integrated into the victim’s system trying to ensure it becomes near impossible to remove.
Read more »
DDOS Attacks
bitcoin exchange cryptocurrency DDOS Attacks

Major cryptocurrency exchange Bitfinex hit by cyber attack, pauses trading


The fourth biggest cryptocurrency exchange in the world, Bitfinex, shut down briefly on Tuesday morning after a DDoS (distributed denial-of-service) attack on its trading platform.

It started in the morning when the company paused operations for an “unplanned maintenance”, assuring users that all funds were safe, after which they went back live in a couple of hours.


Two hours later, trading was once again down and the exchange tweeted that its platform was “under extreme load”.


While the first outage was caused due to an issue with one of their infrastructure providers, according to the company, the second outage followed soon after and was claimed to have been caused by a DDoS attack, causing an “extreme load on the servers”.

“We are adjusting the DDoS protection measures to fend off the attack and be able to relaunch. Currently we are running tests to make sure we can safely restart operations,” the company reported on its website after the attack.

According to data from CoinDesk, Bitcoin prices fell almost 2 percent after the attack, hitting a low of $7,373.47 a coin at one point.

According to a report by CNBC, a Bitfinex spokesperson said, "The attack only impacted trading operations, and user accounts and their associated funds/account balances were not at risk at any point during the attack.”

Read more »

Facebook Gave Device-Makers Access To Users' Data






The world’s most dominant social media website, Facebook has again come in limelight over its  deals between Facebook and device makers that allowed about 60 device makers to access personal information of users and their friends

Over the last decade, long before Facebook apps were popular,  the company had data-sharing partnerships with at least 60 device makers — including Apple, Amazon, BlackBerry, Microsoft, and Samsung.

According to Facebook officials, the company had a partnership with device manufacturers since 2007 to ensure that its services were not restricted to only users on desktop, but to everyone who uses the internet:  mobile phones, smart TVs, game consoles and other devices.

Initially, phones did not have full-fledged Facebook apps, so Facebook allowed phone manufacturers to integrate some elements of the social network — “like” buttons, photo sharing, friends lists — into their devices.

"Partners could not integrate the user's Facebook features with their devices without the user's permission," Ime Archibong, Facebook's Vice President of Product Partnerships, said in a statement.

"So companies like Facebook, Google, Twitter and YouTube had to work directly with an operating system and device manufacturers to get their products into people's hands," Archibong said.

"This took a lot of time -- and Facebook was not able to get to everyone. To bridge this gap, we built a set of device-integrated APIs that allowed companies to recreate Facebook-like experiences for their individual devices or operating systems," Archibong added.

However, Facebook refuted the claims of  The New York Times, said that there is no information of any kind of abuse by the partners.

"We are not aware of any abuse by these companies," Archibong said.

Moreover, Facebook said that it had already ended 22 of the device partnerships.

"Now that iOS and Android are so popular, fewer people rely on these APIs to create bespoke Facebook experiences. It's why we announced in April that we're winding down access to them. We've already ended 22 of these partnerships," Archibong said.


Read more »

Remote code execution vulnerability discovered in Windows JScript

New Zero-day Remote code execution vulnerability has been discovered in Microsoft Windows JScript that allows an attacker to run the arbitrary code on vulnerable installations of Microsoft Windows. The vulnerability allows remote attackers to execute malicious code on users’ PCs.

Responsible for discovering this bug is Dmitri Kaslov of Telspace Systems, who passed it along to Trend Micro's Zero-Day Initiative (ZDI), a project that intermediates the vulnerability disclosure process between independent researchers and larger companies.

Remote code execution is the ability an attacker has to access someone else’s computing device and make changes, no matter where the device is geographically located.

ZDI experts reported the issue to Microsoft back in January, but Microsoft has yet to release a patch for this vulnerability. Yesterday, ZDI published a summary containing light technical details about the bug.

JScript has a built-in error object that provides error information when an error occurs. The error object provides two useful properties: name and message.

This RCE flaw discovered in the handling of Error objects in JScript and the attacker can perform the specific actions in a script.

Because the vulnerability affects the JScript component (Microsoft custom implementation of JavaScript), the only condition is that the attacker must trick the user into accessing a malicious web page, or download and open a malicious JS file on the system (typically executed via the Windows Script Host —wscript.exe).

According to ZDI, specific action leads to an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

"The specific flaw exists within the handling of Error objects in JScript," ZDI experts explained. "By performing actions in [Jscript], an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process."
Read more »
Personal Security Breach
cybercriminals Personal Security Breach

Hackers Target Travel Firm to Plunder Hundreds of Thousands from Clients




The Cyber criminals have now targeted a travel firm Booking.com in an offer to plunder hundreds and thousands of pounds from clients.

The clients were sent WhatsApp and text messages asserting a security break that implied that they needed to change their password.

Be that as it may, the link gave the attackers access to the bookings and they at that point, sent follow-up messages requesting full installment for holidays ahead of time with false bank details provided.

David Watts, the Marketing manager of Newcastle, got a WhatsApp message but realized it as a trick. He stated: "It looked exceptionally reasonable and I can now believe how people fell for it."

These seemed bona fide as they incorporated personal information of individuals  including their names, addresses, telephone numbers, dates and booking prices as well as reference numbers.




Read more »

Hackers rob co-operative bank of Rs 95 lakh

A private co-operative bank has alleged that tech-savvy criminals hacked into its official email ID and syphoned off Rs 95 lakh in two transactions on May 28 and 29 from their account at IDBI Bank.

The co-operative bank, Sri Sudha Co-Operative Bank Ltd, recently, through it email ID to IDBI Bank, had mandated the transfer of Rs 1 crore. But unknown persons hacked the email, altered the mandate in their favour and initiated RTGS for Rs 50 lakh to BOI, Noida branch, in the name of 'Khan Enterprises'. A similar transaction was made for Rs 45 lakh to Kotak Mahindra Bank, Gurgaon Branch in the name of 'Riya Enterprises', police said.

Cybercrime police of the Criminal Investigation Department have filed a case against unknown persons based on a complaint filed by T L Hanumantharaya, CEO of the bank. Police said the bank maintained a current account at IDBI Bank's JP Nagar branch and communicated with its banker through email ID sudhabank@vsnl.net for online transactions.

Cops said they will crack the case soon by tracking the beneficiary accounts.
Read more »

Google mechanism for safety of smartphones











A new effective mechanism will make it quite difficult for the hackers to target the Pixel smartphones these days.

 Days are not far when the repeated attempts to update the firmware of a Pixel smartphone would be a daunting task without an access to the user’s password.
The US based information technology titan, of late, claimed to have put in place the firmware integrity protection system, first of its kind, to Pixel 2 smartphones to hold the hackers at bay who keep often tampering the smartphones.

This, it is precisely, a new mechanism to ensure the security of the smartphones.

 The cyber security experts say the new system would not allow any malicious insider to operate from any part of the device, since the hardware components along with other key parts would remain safe and any attempt to update these would require the password and the hackers have no easy access to it.

 The data stored in the hardware components of the device, beyond doubt, would be safe and secured like never before leaving little space for the hackers to strike.

 Moreover, the hardware which would keep running in a specified system of security would protect the user’s password where nobody can take resort to a guessing game to procure the password as the mechanism would constantly verify it, which would ensure its safety and security.

 Another system is in place to protect the firmware of a smartphone which is simply a code and once it us signed, no hacker can replace it even after repeated attempts with the help of a new one.

 Now no attacker has any key mechanism to put afresh a password to bypass the one belonging to the user.

 More fresh mechanism is in the offing to counter the security threat of the smartphones.

 Google, which developed the mechanism wants to ensure that the password of a smartphone remains safe at any cost.

 With this new Firmware Integrity Protection System to Pixel Smartphones, the hackers won't be able either to compromise the digital signature or to procure the user’s password.

 Experts say one of the duo might be compromised. But nobody can have the access to the both at the same time.
Read more »
Sigrun
Ransomware Russian Hackers Sigrun

Author of Sigrun Ransomware helps Russian victims for free, charges other countries

The author of Sigrun ransomware is offering to decrypt computers of victims from Russia and some former USSR countries for free, while asking for payment in Bitcoin or Dash to citizens of other countries.

The ransomware already tries to avoid attacking computers of Russians by checking the keyboard layout of the computer. If it detects a Russian layout, it deletes itself and does not encrypt the computer. However, the ransomware has no provision for those computers who do not use a Russian layout, so some people from former USSR countries who choose not to use that layout can still be affected.

This is a common practice amongst Russian hackers and malware developers, who try to prevent from infecting Russian victims as they are concerned that the authorities will apprehend them, unlike when they are attacking victims from other countries.

This instance was first reported by Twitter user and security researcher Alex Svirid.


Another malware researcher, S!Ri, replied to the tweet with two pictures from ransomware victims of another attack.


Russian victim

U.S. victim

According to the Bleeping Computer, the ransomware author has added the Ukranian layout as well to be avoided during encryption.

"Ukranian users don't use Russian layout because of political reasons. So we decided to help them if they was infected," the author told them via email. "We have already added avoiding Ukrainian layout like was in Sage ransomware before."

They also reportedly said that they are not from former USSR republics, but rather added the condition “because of his Belarus partners”.

Read more »

Visa apologises to customers after massive network crash






Millions of Visa card users across Europe and the UK  were unable to process any transactions due to a nationwide outage in the Visa network.

Things got out of control when some of the customers of MasterCard and American Express card were not able to make payment after transactions were rerouted through Visa’s IT network.


“This incident is preventing some Visa transactions in Europe being processed,” the statement said. “We are investigating the cause and working as quickly as possible to resolve the situation."


But, the company restored its payment system within five hours after the complaint. However,  executives have ruled out any kind of "malicious"  activity behind the failure of the payment system.

In a statement, Visa said: "The issue was the result of a hardware failure within one of our European systems and is not associated with any unauthorized access or cyber attack.

"Visa Europe’s payment system is now operating at full capacity, and Visa account holders can now use Visa for any of their purchases and at ATMs, as they normally would."


Chief executive officer of Visa, said: "We apologize to all of our partners and Visa account holders for any inconvenience this may have caused."


Read more »

Patanjali’s messaging app is a security disaster



Yoga guru turned businessman Baba Ramdev has launched a messaging app, "Kimbho", to challenge the monopoly of most popular messaging app WhatsApp.

Patanjali Yogpeeth's spokesperson SK Tijarawala tweeted, "Now Bharat will speak. After launching sim cards, Ramdev has launched a new messaging application called Kimbho. Now WhatsApp will be given a competition. Our own #SwadeshiMessagingplatform. Download it directly from Google Play store."

On the first day itself, the app faced serious criticism and controversies as it was taken o from the Google Play Store due to allegations of security flaws by some of the users who downloaded the app.

According to the company, the app was uploaded for a single day on a "trial basis" and would be formally launched later, but the company's website has a different story to tell, it states that it was “facing extremely high traffic” and was “upgrading” its servers.

Patanjali spokesperson S K Tijarawala tweeted that the app was only uploaded for a single day on "trial" basis and would be back with a formal launch soon. However, a few hours earlier, a message on the app’s website had said that it was “facing extremely high traffic” and was “upgrading” its servers.

“ #Patanjali ne #Kimbho app matr ek din ke liye Play Store par trial par daala tha. Matr teen ghante mein hi 1.5 lakh log ise download karne lage. Hum is bhaari va utsahjanak response ke prati aabhaari hain (Patanjali put up the Kimbho app on the Play Store only for a day on trial. In just three hours, 1.5 lakh people downloaded it. We are grateful for this enthusiastic response),” Tijarawala tweeted.


Kimbho is a Sanskrit word,  which means ‘how are you’ or ‘what’s up’.

The app was backlashed by a French hacker Elliot Alderson, who had earlier raised concern over  Aadhar security, called the messaging app a “joke.”

"This @KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app. #Kimbho," Alderson tweeted.

Alderson added that the Android version of the app was a security disaster, and he can access the messages of all the users.



Read more »
Intel
Core i7-8086K processor Intel

Leak Reveals Surprise 5GHz Intel Core i7-8086K Anniversary Processor


Intel was going to release one of its fastest ever processors on the occasion of the 40th anniversary of its 8086 processor but the circumstances changed so much that the surprise super-fast processor - the Core i7-8086K processor that had  been rumoured for a couple of months, had been revealed by online retailer listings gathered by Videocardz.

On the 30th of May, retailers were found online that were advertising the special processor with a speeds of 4 GHz and 5 GHz.

The core and thread count and indeed the L3 cache amount of 12MB matche that of Intel's existing Core i7-8700K, which has a maximum speed of 4.7GHz.


While the product listing at Merlion has been taken down, the product page was still available at Connection.com as of the morning of 31st of May and had just recently been taken down. The Connection.com page had listed the CPU as having a manufacturer part number of BX80684I78086K.

While the 8086 processor was released in 1978 and lead to the highly successful x86 architecture, it's not the first time that Intel has launched an anniversary edition CPU either.

The 5 GHz edition was currently being priced at $489.83 on Connection.com, which is approximately $140 more than then Intel Core i7-8700K, which has base speed of 3.70 GHz and can be pushed up to 4.70 GHz.



Although it is not known for sure when these CPUs will be available but according to the original image at VideoCardz it appears that they are slated to be available for order starting on June 8th 2018 and shipping on June 12th 2018.




Read more »
Subscribe to: Comments (Atom)