Watch Out for These Serious Mac Attacks

Apple’s esteemed line of Mac devices are about to go through troubled times with the emergence of new age advanced bugs and glaring loopholes in Apple’s operating system. Security researchers had unearthed a new kind of vulnerability in the Mac devices, which allows the hackers install devious ad-wares like VSearch without even requiring the password. VSearch is a notorious malware, which infects the Mac devices with numerous pop-up ads and redirects the users to different search engine whenever they try to use Google.

VSearch bug reported earlier by vigilant security researcher

A German security researcher named Stefan Esser had made this bug public earlier this week. It should be noted that the generally accepted protocol is to inform Apple about the new bug discoveries not to disclose it to the public and cause a furor. Some of the hackers had already taken advantage of this bug found by the German researcher. They had actively used this newfound vulnerability to attack Macs devices as said by a security company named MalwareBytes in their blogpost.

How this bug works and how it can be neutralized?

This bug is designed to effectively take advantage of the Mac OS X 10.10 (Yosemite) features that determines which programs are allowed to make changes on the computer without the need of password. Yosemite makes a list of those programs and keeps it hidden in a file named Sudoers. However, this bug allows the malware to get listed in the Sudoers file which simply means that the malware gets the capability to install any in any part of the OS without users approval via password.

Esser had provided a fix to solve this malware issue. It should also be noted that next patch for the Yosemite will include the bug fix because even Apple about this vulnerability for a while.

Another deadly bug, which take over the control of Mac device

Another group of security researchers had found a more threatening bug, which has the ability to take permanent control of the Mac device. Users can effectively get rid of most vicious malwares by reinstalling the operating system but this new vulnerability in Mac devices turn the game away from the users. Using this particular vulnerability hacker can easily install the malware directly in the computer’s firmware, which is responsible for booting up the computer.

A team of researchers had developed this worm and named it Thunderstrike 2 which can easily take the advantage of this security flaw in Mac deices.

This worm can be installed on the computer just like any other malware where people happen to click on wrong links or fails to the ploy of phishing scam. Once installed this malware takes a nastier turn and keeps looking for the devices connected to Mac in order to load them with worm. Other users when uses the same infected Ethernet adapter happens to get their Mac devices infected too. This bug has not been fixed till now by the Apple.

Privacy Analysis Shows Battery status API as Tracking Tool

Most of the Smartphone nowadays contain a feature which is essential to their usage i.e. battery status. A HTML 5 coded Battery analysis API is found to have major flaws in it which is leaving the privacy vulnerable. The flaws in the battery status API are extremely threatening and need to be resolved at the earliest.

The flaw mainly resides in the battery status API of most of the Smartphone. The set of protocols set in HTML5, which is the current language of the internet. This API unknowingly provides a web browser like Google Chrome and Firefox regarding the sensitive information of the Smartphone. Later on, this API also helps in activating a power saving mode which helps the Smartphone users in making more out of their devices.

How severe is the flaw?

Battery Status API has the capability to extract and pull several pieces of information related to the device’s battery, which includes the battery level, charging times along with discharging time. When this data is combined together it helps in creating a digital fingerprint of the device and it can be used by the potential attackers for tracking the activities of the users on the internet.

Recent studies on battery status

A recent study was conducted by the four researchers from France and Belgium on the battery status API. The research paper has been titled “The leaking battery: A privacy analysis of the HTML5 Battery Status API”. The researchers have concluded that the Battery Status API can serve as a potential tracking identifier when it is used in the hands of the notorious trackers.

The study had showed that HTML5 Battery Status API secretly enables the websites to access the battery state on any device ranging from the mobile device to laptops. Most of this information related to battery is extracted from the devices without the knowledge of the users. This API is extremely dangerous to the protection of the privacy, as no permission is required by the API to send out the details.

This study had even showed that when this API is implemented by Firefox Browser it happens to enable the fingerprinting and tracking of devices in short time intervals. Same results were found by the researchers on other popular web browsers like Chrome and Opera. The only web browser which possesses strong measures of defense against fingerprinting by the Battery Status API is Tor Browser. This particular web browser simply initiates a procedure, which completely disables the API and stops it any fingerprinting attempts.

Private browsing can’t stop Battery Status API

Most of the people nowadays use private browsing in order to maintain their privacy online but Battery Status API can still allow the attackers to track the online activities through battery data. A script used by the Battery Status API can help in tracking the people who had already deleted their browsing data. This script even reinstates the identifier such as cookies without the knowledge of the users. This study is conducted with the hope of identifying the glaring loopholes and flaws in the Battery API and to draw people attention towards its effects.

United Hackers Given Million Free Flight Miles

United Continental Holdings, a US airline has rewarded the two hackers under their bug bounty program because they have spotted security holes in the company website and they disclose the security flaw privately rather than sharing it online.

As a part of reward hackers have received the maximum reward of a million miles on flight, which is worth of hundreds free domestic flights and it is for two people. According to tech experts, its big and very good step in the domain of online security. In conversation with Reuters United Continental Holdings confirmed that they have paid the reward of one millions mile to each hacker, but they didn’t respond on the tweets of individuals which is saying that they have been also paid the small cash reward. This Chicago based carrier is hoping that its bug bounty program will help the company to uncover the cyber risks in the area of airline web security. With the help of bug bounty program web researchers solved the problem before hackers can exploit them and due to that the cost is much less than hiring outside consultancies.

However; all the three major competitors of United have declined any comment on the bug bounty programs and fourth was not available for commenting. Whereas; Trade group Airlines stated that in US all the air carriers should conduct these kinds of tests to make sure that system is secure. United adopted this strategy in the month of May when due to technology glitches they have grounded its fleet more than two times. In one incident company locked its airline reservations system and prevents customers from checking in, however; due to other zapped functionality of the software this air carrier dispatches its entire flight plan. According to spokesperson of United, “We believe that with the help of this program we will continue to provide best, secure and most excellent service”.

Jordan Wiens, who is working on the cyber vulnerabilities, tweeted that last month he received a reward of 1 million miles from United for exposing a security flaw which can allow hackers to control the website of airline. The more he added in an interview that there are not many companies in industry which are doing bug bounty programs, however; according to Wiens it’s normal for big companies such as; United to offer bug bounty program for their websites. Beyond the bug bounty program, United stated that its perfect test system which internally engages the cybersecurity firms to keep its website and online security secure.

According to Dr Jessica Barker, who is security consultant, “Schemes which are rewarding the hackers are perfect way to find and disclose the online security problems in right way and it help us to make the internet safe for all of us”. The more he added that bug bounty programs are common for tech companies because they understand online security and due to certain benefits now other industries are catching them.

Internet Addresses Have Officially Run Out

Top Level Exhaustion ….. IPv4 Addresses Allocated for Special Use

When the internet was first developed, it was presumed that around 4 billion unique number combination would be adequate. However, it did not turn out the way it was predicted when tech pioneer Ken Olsen had stated in 1977 that `there is no reason anyone would want a computer in their home’.

With the internet it gave rise to more usage with users getting tech savvy and getting connected to the internet world. Each node of Internet Protocol – IP network like computer, router or a network printer has been assigned an IP address which is used in locating and identifying the node in communication with several other nodes on the internet. An IP address space is handled by the Internet Assigned Numbers Authority – IANA, globally, as well as by the five regional Internet registries – RIR, that are responsible in their respective territories for tasks to end users and local internet registries like internet service providers.

 Top level exhaustion took place on 31, January’2011. From the five RIRs, three have exhausted allocation of the blocks and have not reserved for IPv6 transition which took place on 15th April 2011 for Asia Pacific, while on 14th September 2012 for Europe and for Latin America and the Caribbean on 10th June 2014.Internet Protocol version 4 offers 4,294,967,296, addresses though large blocks of IPv4 addresses have been allocated for special uses and are not provided for public allocation.

ARIN unable to Fulfil Allocation of Large IPv4 Address Block

As per Gartner researchers, he states that there would be around 25 billion internet connected devices by 2020 which is more than six times to what the developers had planned when the net went live in 1983. Vint Cerf, the internet founding father clarifies that they were aware of this coming up and had been reading about the drying blocks of IPv4 addresses and for the first time North America has been out of the new IPv4 addresses.

Presently, Caribbean Islands, Canada, North Atlantic and US will be receiving the waiting list from the American Registry for Internet Numbers and has been cautioned that it will be unable to fulfill the allocation of a large IPv4 address block since the address pool has been drying and because of this the ARIN for the first time will be changing its policies on allocation. Though the infrastructure running the internet was made with space for 4 billion addresses, which had seemed a lot at that point of time, however with provision of too many devices coming up, the IPv4 protocol seems to be running out of space.

Initiated IPv4 Unmet Request Policy

American Registry for Internet Numbers, - ARIN, has now initiated its IPv4 Unmet Request Policy and till now, organizations in the ARIN area were in a position of getting IPv4 addressed whenever needed. However, recently, ARIN is now not in a position of fulfilling the requests resulting in ISP which come to ARIN for IPv4 address space are faced with three choices namely-

• They could take a smaller block, presently ARIN does have a limited supply of blocks of 512 and 256 addresses
• They could go on the wait list with the hope that a block of desired size would be available sometime in the near future.
• They could buy addresses from an organization which may tend to have more than their requirement.

Experts have advised those running websites to use the spacious IPv6 specification, though moving could be expensive as well as time consuming. However, most of the large websites had already gone ahead and done so while several smaller ones could be left without much space to continue working. The IP address version which are now running out are utilised by computers in identifying themselves to each other in order to get connected. The old IP addresses comprised of four numbers with dots between them.

IPv6 Picking up Pace

Although being limited to four numbers meant that only 4 billion addresses were available and there are many more devices intending to get connected to the internet. IPv6 is picking up the pace and ARIN has been encouraging organizations in considering using IPv4 addresses.

Supply of IPv6 addresses is enough and is not likely to run out in future. By adopting a much more complex address, IPv6 would be increasing the minimum amount and it has space for 340 undecillion addresses or 340 followed by 36 zeroes, which is adequate for each atom on Earth to be accommodated with one. Those businesses who have not switched so far could move towards the new specification - IPv6.

Being expensive, companies could move towards hardware which would be compatible with IPv6. Should they decide to move over they could end up buying the limited and probably expensive IPv4 addresses that may be left. If users do not move over to the new system, they would not be able to get on the net since they will not have addresses to use and the internet would stop growing at that point. Experts had warned earlier that there were only 3.4 million addresses left in North America and that they would be running out in summer.

Hackers Unearth Major Security Flaw That Affects Adobe Flash Player

A major gaping hole is found in the popular Adobe Flash Player software used for watching videos online on a global scale. This flaw allows the attackers to take control of user’s system once they visit any malicious website.

Hackers Team which is known to create surveillance software for governmental agencies had stumbled upon this flaw when 400 GB of data was stolen from it over the weekend. Adobe had cleared all the speculations surrounding the emergence of this serious flaw and it had promised to make a fix available to all the users by Wednesday.

All You Need To Know About The Flaw In Flash Player

This serious flaw is present in the Adobe Flash Player 18.0.0.194 and its earlier versions, which were released for all the major OS like Windows, Mac and Linux. Adobe stresses on the fact that this flaw can be used to cause a sudden crash and act as a backdoor for the attackers to take control of affected system.

Hacking Team had described this bug as a fascinating bug, which had come to light in as many as four years of successful running of Flash player. The severity of this flaw is extremely high and some of the hackers are already utilizing it for a long time to create undue nuisance for the users with affected systems. The internal documents also stress on the point that it can be used as a weapon on mass scale to cause considerable loss of information and high-jacking of systems on a larger scale. Until a fix or security update is provided by the Adobe it will be wise to disable the Flash Player completely in the browsers to avoid further damages.

Hacking Teams Cautions Windows Users

The data released by the Hacking Team also reveals about vulnerability in the Adobe font drivers in Windows. The flaw in Flash Player has high severity rate in both 32 and 64 bits versions of Windows OS ranging from the order XP to latest 8.1. Windows computer is at greater risk of losing control to the hackers with the presence of this flaw. For successful taking control a hacker will have to rely on other vulnerability of font driver. Microsoft is quick to give heed on this situation and they are actively working on bringing a security fix for its users.

Hackers Are Already Exploiting This Flaw

Hackers Team got a wind of this flaw after a mysterious hacker going by the name PhineasFisher started exploiting this flaw. He had already created immense troubles for many companies being serviced by Hackers Team which includes even some governmental institutions.

The detailed report furnished by Hackers Team states that its RCS surveillance software possess capabilities for monitoring activities on Skype, Gmail, Facebook and Outlook.com along with cryptocurrencies transactions. This can be helpful for companies and its clients in keeping a keen eye upon its employees. However European parliament is seriously debating upon the legitimacy of any such software being used by a governmental organization to snoop upon its citizens.

Google’s Security News: Malware’s Down, and You’re Heeding More of Its Warnings

According to the Google’s security product manager, the company defines their success in simple term- invisibility. As per Stephan Somogyi they are targeting as the main outcome when we encountered a blank browser window appearing in front of him. He was able to give some insight on the status of the online security, during the Google’s I/O conference at the half-hour presentation called the Second annual Google Security update at I/O.

Phishing and Malware Sites: 

He gave some more details on the Safe Browsing service of the company. He calls them as a collection of systems that have the ability to hunt down the badness all across the net. It has the ability to protect the visitors who are searching the web using the Google search site or even Chrome, Safari as well as Firefox. This indicates the total reach to the audience amounting to 1.1 billion people.

According to the reports released by the company, they have located that the Malware is becoming is not a huge problem anymore. But they have also found that phishing sites that are able to fool the customers into entering their details like password and more financial details are increasing in numbers.

During the last week of Mat, they were able to detect nearly 14,977 malware sites and nearly 33,571 phishing sites using the safe browsing. The Malware has shown a big drop and Phishing has shown a bigger increase. Somogyi has given all the credit to the enhanced security in all their operating system in every device. Due to this the Malware authors are now more concentrating on the phishing sites and targeting the software’s.

The much needed push for encryption: 

Google has been among the first companies who were advocating the use of encryption to avoid people from snooping on users online. The acceleration to this push came in the form of the revelations made by Edward Snowden, who confirmed that NSA has been eavesdropping on their traffic from quite some time. He further expressed his anger pertaining to the effort that is being put forth by Google to get other emails providers to try and adapt the TLS, which is the Transport Layer security encryption. Through this all the third party companies care unable to reading the messages when they are transit.

The company is hoping to reach to larger companies that work in sending email and find out the reasons why they are unable to implement TLS. But from the perspective of the company, they do not want to resort to public shaming.

They are not ready to disclose the names of the company who have still not followed or implemented TLS. Compared to TLS, Google has been able to attain much more success in terms of encouraging different websites to implement HTTPS encryption to completely secure the user visit to websites. The company is making all effort to ensure that the users feel completely safe when spending their time online.

Year-Old Android Security Flaw Puts Millions at Risk

When it comes to Android phones, nearly fifty percent are still prone to security bug which provokes the attackers to either replace or modify these apps by using malware without the knowledge of the users. The same information was reported by the researchers at Palo Alto Networks.

Even though the security flaw was discovered a year back, the Android 4.3 distributed by some of the vendors are still vulnerable to the flaws. Vendors have already been altered by the Palo Alto Networks research team about the potential flaw and its vulnerability which includes Amazon, Google and Samsung handsets. Nearly 89% of the Android devices were prone to the exploit when it was first discovered in Jan 2014. As if now Android 4.4 has managed to get a fix to this flaw through proper upgrading.

Malware distribution with Arbitrary Permissions: 

Phones which are still running on older Android versions are still at risk. According to the security researchers they were able to duplicate the attack on the Samsung’s Galaxy S4 phones and calling this as the Android installer hijacking. According to the researchers from the Palo Alto Networks, they have ensured that an app has been available on Google Play that will help the people to scan their phones to check out for potential risk and vulnerability. The team has ensured that this app is on open source and the code is available on a GitHub repository.

Companies who are concerned can take actions to mitigate these risks. Researchers state that companies should withhold permissions from new apps that seek access to their log-cat making space for potential exploitation. Companies can stop further risk by avoiding employees from using any kind of rooted devices.

Even though exploit does not rely on any kind of rooted devices for causing any harm they make these devices more susceptible. The exploit is based on the susceptibility in the Android OS which makes the hijackers to take over the Android APK installation process. They can spread the malware with illogical permissions.

Application developers need to be beware: 

These vulnerabilities can be used in different ways by an attacker. Simple example is the prompting of a person to install an application that is false but might seem legitimate. The main reason being the app does not require any special kind of permissions.

Whenever a user downloads an app from a third part app store, it opens up the chances of attackers to use malware while the permission screen is still being displayed. Application developers are required to get cautious about these attacks. Since mobile ads and apps do not rely on Google play making to save apps in an unprotected storage.

This will allow the attackers to replace the current apps with malware. There are instances where in the first app might be prompted to advertise about another app in itself. When the user will try to download the second app, the first app will modify itself and potentially open up the space for malware attacks.

CAPTCHAs May Do More Harm Than Good

If you have been presented with the choice- CAPTCHAs or Password, I am pretty sure passwords will take the cake and emerge as winners as the most preferred choice of internet users. CAPTCHA also known as the “Completely Automated Public Turing Test to Tell Computers and Humans Apart” was created with the aim of foiling bots from their attempts of creating mass accounts on the websites.

After account creation, these can potentially lead to the exploitation of the accounts for malicious works like spewing spam by some of the online lowlifes. But the recent technological advancements also highlighted that the highly acclaimed use of letters for differentiating between human and machines might have become old school.

According to the study conducted by Distil Networks, whenever a user visiting a website is offered with a CAPTCHA, statistics indicates that nearly 12% of these visitors tend to discontinue with the main purpose of visiting these websites.

The study also suggested that when it comes to mobile users, nearly 27% of them abandon their task when they are presented with CAPTCHAs. As per Rami Essaid, Distil CEO and co-founder, if these CAPTCHAs are creating problem when carrying out any transactions then eventually it will lead to loss of money or even the user for the website.

Evolution of the Bots: 

According to Distil the idea behind the study was initiated by their customers. One their customer was looking into the fraud problem when they identified that using their CAPTCHA decreases the conversion by nearly 20%.

The results indicated that the people are starting to get too much annoyed by the CAPTCHAs online that they prefer to abandon the websites rather than carrying out the specific transactions. Essaid highlighted that there is a wide gap between mobile and desktop abandonment and this is mainly attributed to usage. He further added that these CAPTCHAs were meant for desktops and there is nothing which has been fully formed.

The purpose of blocking the bots itself has created a problem. Bots have now evolved and able to solve CAPTCHAs which might have been difficult in the past.

Bad certification: 

A rogue certification being used for spoofing the company’s live services was already issued by Microsoft. Even though this certificate cannot be used for issuing or impersonate another domain or sign code but it can certainly be used for spoofing content, phishing and middle attacks.

According to Kevin Bocek, vice president for security strategy, cybercriminals are increasing using certificates as their main targets. Fraudulent tricks are being used for acquiring these certificates. With nearly 200 public Certificate Authorities being trusted around the world, it is easy to get hands on a valid certificate. Even though Microsoft has been taking stern action against these but the solution is only applicable to their products.

Freak: 

Freak was another vulnerability that was discovered earlier this month. Through this an attacker can stop using the128-bit encryption by forcing SSL and then start using 40-bit encryption, which is easily crack able. Even though initial studies highlighted the impact of Freak on the browser communication but the latest studies highlights its significant impact on mobile apps as well.

Gamers Targeted By Ransomware Virus

A computer virus has been targeting the gamers around the world. The virus has the ability to stop the gamers from playing out their favourite games unless they are ready to pay a ransom for the same. Once a machine gets infected by the virus, this cruel program has the ability to seek out the saved games and other important files on the user’s computer and go ahead with encrypting the data. Reports suggest that in order for a user or the gamer’s to unlock any of their encrypted files, they will have to be ready to pay nearly $500 (£340) in Bitcoins. This malware has the ability to target nearly 40 separate games which include World of Warcraft, Call of Duty, World of Tanks, and Minecraft.

Dark world of the web and cash: 

This malicious program is very much similar to that off the widely distributed Cryptolocker Ransomware. It is the same Cryptolocker Ransomware which has been able to target thousands of people around the world in the last few years. However post the analysis of this malicious program called as Teslacrypt, it was revealed that it bears no resemblance or code share with Cryptolocker. Reports suggest that this program seems to have been created by a totally different cybercrime group.

According to the Vadim Kotov, a researcher from the security firm Bromium, the malicious file was targeting people by means of a website which has been already compromised by the creators. This site consists of a Wordpress blog that is unintentionally hosting a file that is making use of drawbacks in the Flash for infecting the potential visitors.

What happens when a machine gets infected? 

According to Kotov, post the infection of the machine, this malware has the ability to check out nearly 185 different file extensions in the user’s system. This malware, particularly looks out for files which are linked with popular video games and online services. These games need not belong to the top listing games on the web. He further added that the Teslacrypt malware, has the ability to store the files of the gamers which includes their maps, profiles, and saved games. He also added that gamers will only end up being disappointed if they try to uninstall any game downloaded through any online service. He further added that it is not possible for the user to restore any of their required data post re-installing the game file as well.

So what happens next? 

Once the user’s files have been targeted and encrypted by this malware, they will get a pop up message indicating that they have been targeted and they have only a few days to make the payment in order to retrieve their data. Reports suggest that the victim might end up paying between $500 to $1,000 Bitcoms in PaypalMy Cash payment cards. The Teslacrypt virus directs the potential victims to send their payment details to a designated address on the Tor anonymous browsing network. Although there are works in progress to crack the encryption system of the virus, user can resort to backups of the files in the meantime.

Hacker Ring Stole $1B from Banks in 30 Countries, Says Report

Again a hacker group has stolen more than $1 billion from different banks in all over the world and till now it is one of the biggest banking breaches, as per the reports of cyber-security firm.

According to Kaspersky Lab, which is one of the Russian security companies, “One of the hackers ring is active from last quarter of 2013 and they have infiltrated more than 100 different banks in 30 countries, including four banks in Canada.

They are using phishing schemes and other techniques to gain access banks computer and after that they lurk form one month to two month, to learn the banks' systems and in taking the screen shots or video of employees using their computers, the report says. As soon hackers become familiar with the banks' operations than they use their knowledge to steal money without raising any kind of suspicious activity, by setting up their fake accounts and transferring a lot of cash into them or programming ATMs to dispense money at their choice of time and more, according to Kaspersky.

This report was prepared to present in a security conference at Cancun, Mexico, but it was first reported by The New York Times.

It seems that hackers limit their theft $10 million before moving to another bank and this is why their fraud was not detected earlier, Vicente Diaz, Principal security researcher of Kaspersky said to The Associated Press in a telephone interview. These attacks were unusual because this time hackers target the banks rather than targeting any individual customers.

It seems that their goal is financial gain rather than espionage, Diaz said. This time hackers are not interested in any kind of personal information, they are only interested in financial gain. These hackers are flexible and quite aggressive as well because they have special tool for doing whatever they want to do. The most targeted countries are the U.S., Germany, Russia, Ukraine and China as attackers are expanding throughout Asia, Africa, the Middle East and Europe, Kaspersky says.

One of the bank lost more than $7.3 million through ATM fraud, whereas; in another case one of the financial institution lost $10 million because attackers exploit the bank’s online banking platform. Till now the name of banks are not clear and still Kaspersky is working with law-enforcement agencies to investigate these attacks.

These days, White House is putting a lot of focus on cyber-security due to many data breaches in national security agencies and companies, which are ranging from mass retailers to financial institutions such as; Home Depot and Target to Sony Pictures Entertainment and other insurance companies.

Now U.S. administration wants Congress to replace the all existing patchwork of national and state laws by giving a 30 days’ notice to companies that consumer’s personal information has been compromised. “As a officials at this point of time we cannot disclose the actions of individuals, but we believe that our officials are taking an appropriate actions to prevent these attacks and minimize any effects on customers”, one of the national security agency of U.S. said in a statement.

FBI: Email Scam Nets $214 Million in 14 Months

If you will check the spam folder in your e-mail account than you will know that why these e-mails known as spam’s and why your e-mail service provider is dropping these e-mails in spam folder, but in present you can easily find few fraud e-mails (e-mails which make fake promises) in inbox folder. Recently, the nonprofit National White Collar Crime Center and the Internet Crime Complaint Center with a joint effort of FBI release a report on the basis of calculation from Oct 1, 2013 to Dec 1, 2014.

In e-mail scams fake invoices delivered to different business that deals with international suppliers, asking for the payment of millions of dollars by wire transfer. According to recent reports of research team, “The victims love to use wire transfer payments method for money transaction to foreign banks, which can be transferred many times, but they tend to disperse faster”. Most of the American and Asian banks, which are located in Hong Kong or China, are the most preferred commonly reported last destination for more than 80 per cent fraudulent transfers.

Data in reports: 

As per the reports of National White Collar Crime Center and the Internet Crime Complaint Center in an association of FBI, “All of the scams has claimed more than 1,198 US victims and 928 victims in other countries has witness the these kinds of scams and U.S. firms have lost more than $179 million in total. According to FBI, “We believe that the number of victims and the total loss in dollar will continue to increase”.

In general if you will analyze your spam folder, so over there you will find few of the e-mails are promising or taking about reward, job of senior level in premium companies, lucky draw and more. Some of us are lucky because we know that these e-mails are fraud whereas; some of us believe in those e-mails and start to follow their instructions.

In other version of scheme, some of the businesses which work on international level of with international clients and suppliers are contacted through fax, phone, email or post asking for payments. These e-mails are spoofed and they seems like genuine and authentic as they are coming from reliable or legitimate supplier and fax or phone requests also appears authentic and genuine. Whereas; in other version e-mail accounts of high level management executives compromised form criminals for requesting a wire transfer through fake promises regarding to business opportunity and they include the instructions to reply or send funds on urgent basis.

However; the third version of fraud schemes involves the hacking of an employee's e-mail account, which sends the duplicate or fake invoices to suppliers or vendors.

According to task force of FBI, “Now it’s time when vulnerable businesses should avoid using free e-mails for executives or official accounts and they should exercise caution for posting the company information on social media or on public websites. You can also include additional security steps like; or digital signatures and two-step verification process.

The Real Cybercrime Geography

According to cyber experts, the recent cyber attack on Sony Pictures was due to digital infiltration of North Korea. In digital world things change very rapidly and due to that spin doctors of North Korea stated in quick response that they didn’t hack the server of Sony Pictures and some of cybercrime experts from U.S. also telling the same that North Korean propagandists can be right. As per the evidence, which represented by FBI, it’s clear that incriminate hackers were working for the government organizations, communist, but still U.S experts stated that these proof are not just enough to blame Pyongyang.


According to Sam Glines, CEO of Norse (a cyber security firm), “According to data collection which was based on forensic evidence, it’s clear that North Korea is not accountable for any type of hacking activity or on initiating the attack on Sony Pictures”. All the hackers must be busy because thousands of information gathered from Sony Picture’s servers, which they released after few hours. All the leaked information was related to cast salaries, film’s budget, taxes of actors and actresses with little known fact that Kevin Federline act for a cameo appearance in $5,000. We all know that country North Korea is still on war with America, but America was never on the radar for computer attacks. So, who was responsible for cyber attack on Sony Picture’s? India? Russia? or Iran and Iraq? In future the answer can be the surprise.

According to Symantec there are 20 countries in world that can responsible for cyber attacks and the list was generated on following factors; malicious code rank, malicious computer activity, phishing, spam zombies rank, attack origin and bot rank. The top five countries according to survey were the U.S.A., China, Germany, Britain and Brazil, whereas; the in the list bottom three are Argentina, Australia and Israel, however; South Korea came in at No. 14, Russia at No. 12, and the fact is that North Korea didn’t make it to enter into top 20.

If you will say just gather 10 American computer experts on coffee table and soon the talk will turn into hacking and cybercrime, but it’s not true, however the Russians have been active in cybercrime and cyber-hacking from past few decades as they are also playing the vital role in cybercriminal world. In present if you own money, and want to hack into PC or mobile, so all you need to place an order or buy a program for a cyberattack to get someone’s personal information or swipe financial or banking information. IN western firms the online banking fraud and credit card information theft is normal, now the main question is “If the Russians are so good, so why they just landed up on rank at No. 12?

Hacker Clones a Politician’s Fingerprint Using Normal, Long-Distance Public Photos

Something of this magnitude can’t expected to have happened in past couple of years but now, according to a member of the Chaos Computer Club, which is a European hacker association (on the similar lines of Cult of the Dead Cow in the united states of America) it is possible.

They have successfully shown that it is quite possible to clone or reproduce anyone’s fingerprints. This clone can be used to break into anyone’s system, which is protected by the biometric fingerprint scanners. They just need the photo of someone’s fingers. According to the club, they do not need any close up photos; any photos with the celebrity waving the hands even from a far distance will do the trick.

Considering this case, the CCC was able to get their hands on the fingerprint of Germany’s defense minister Ursula von der Leyen through a photo, which was taken during a press conference. This could easily be considered as a security breach if the German government uses biometric access control systems.

The findings: 

The findings were presented by Jan “Starbug” Krissler, the hacker at the Chaos communication congress. He was able to recreate the thumbprint of the minister by using a photo of the minister, which was taken at the press conference, and some other photos, which have take the picture of her thumb from multiple angles. He used one of the commercially available software called Verifinger Software.

Jan created a real world dummy by using this thumbprint. He started by printing it on a mask and then exposing the same to create a negative print on a substrate. Then he filled the negative with wood clue and created a new positive fingerprint. In case of testing, this technique can pose serious threat to Apple’s TouchID sensor and just in case the minister has Apple iphone then the company can seriously get her into trouble. By this, the company is hoping that the German government is not relying on fingerprints to control their military systems.

What is the drawback? 

With the digital fingerprint readers becoming very common now and it is being on laptops to high-end expensive smartphones. The biggest problem with fingerprints is that they can give false positive, negative and even multiple readings of the same print and give out different results. Even though fingerprints are the best means of identification, still security and forensic communities are looking forwards towards more techniques that are reliable.

DNA sequencing is being considered a one of the best means of forensic identification, and vein matching and gait analysis are best options for control access. This technique is called living biometrics and as the name suggest it is only valid until the person is alive. This technique is already in use in Poland and Japan at some of their ATM’s.

If you are among the people who are using fingerprints for access control, it might be a good time to switch over to something more reliable.



 

Sony Malware May Be Linked To Other Damaging Attacks

Identification of Technical Evidence at Sony Corp’s Hollywood Studio

Researchers of Cyber security have identified what according to them is technical evidence linking massive breach at Sony Corp’s Hollywood studio with the attacks in South Korea and the Middle East. Kaspersky Lab, a Moscow based security software maker stated that it has uncovered evidence that all the three campaigns could have been launched by one group or it could have been facilitated by an individual organisation who are well versed in working with destructive malware.

Cyber attackers had damaged thousands of computers at Saudi Arabia’s national oil company as well as Qatar’s RasGas with virus known as Shamoon in 2012, which is one of the most destructive campaigns till date and Iran has been blamed by the U.S. officials.

A year ago, over 30,000 PCs were affected at South Korean banks as well as broadcasting companies by similar attack that cyber security researchers were of the belief that it was launched from North Korea. Kurt Baumgartner, Kaspersky researcher informed Reuters that there are `unusually striking similarities’ which are related to the malicious software and techniques in both the campaigns and the Sony attack on Nov. 24 in which a malware was dubbed `Destover’, was used.

Perpetrator Access to Confidential Information 

The attack had crippled the computer systems giving the perpetrator access to confidential employee information which also included the executive salaries. The attack is said to have used a so called wiper virus which can erase data and has the capabilities of bringing down networks with thousands of computers thereby preventing companies in conducting their business.Similarities were described by Baumgartner in depth in a technical blog which was published recently on Kaspersky’s website.

He stated in an interview that `it could be a single actor or it could be that there are trainers or individuals who float across groups’. According to him he states that the evidence indicate that the hackers from North Korea were the cause of the attack on Sony though it is unclear whether they work directly for the government.

Several of the cyber security researchers are not in agreement with Kaspersky’s interpretation of the technical evidence. Symantec Corp. a California based company had stated in a blog post that it also sees similarities between the attacks against Sony and the Shamoon campaign and attributes it to being copied stating that there does not seem to be any evidence that the same group is behind both attacks.

Critical Infrastructure At Risk

Chertoff co-founder and executive chairman of The Chertoff Group, which is a global security consultancy based in Washington commented in an interview that `either for political or economic reasons at some point, sophisticated actors are going to be more willing to use destructive malware.

He adds further that Sony attack shows that critical infrastructure is at risk and the potential for cyber weapons to be deployed continues to increase. Cyber security companies fear for more destructive attacks in the forthcoming months.

Chief executive officer, Ron Gula, for Tenable Network Security Inc., which is based in Columbia, Maryland comments, `if attacks like those against Sony continue against other U.S. companies, 2015 could be a year of disrupted services’.

Researcher Put Their Focus on the Masque Attack on OS X/iOS

According to the reports released to public by the researchers working at FireEye on 17 November, Mac OS X and iOS operating systems have threat from Masque Attack, which has already come into existence. This report was published within a gap of a week post the discovery of WireLurker by the Palo Alto Networks.

What is Masque Attack? 

Masque attack can easily utilize a drawback in the operating system of Apple, which allows the user to replace one app by another app, as long as both these apps are using the same bundle identifier. One of the threatening issues is that through this attack, all the preinstalled apps on the operating systems (example Mobile Safari) can be easily replaced.

The duplicate apps will be able to track the local data of the original apps, which includes the login details like user id and password. Through this attack, an attacker can easily login into anyone’s account and make transactions from their bank accounts.

These attacks become more easy, has the iOS usually does not put in force certificate matching for apps that come with the same bundle identifier. FireEye researchers were able to verify and identify the vulnerability on both regular iOS and jailbroken. The regular iOS includes iOS 7.1.1, iOS 7.1.2, iOS 8.0, iOS 8.1, and iOS 8.1.1 beta. Attackers can influence the vulnerability through USB ports and even wireless networks.

According to the blog post of FireEye researchers Tao Wei, Hui Xue and Yulong Zhang, Apple is unable to prevent such attacks due to the existing standard interfaces and protections. They are requesting the Company to develop interfaces that are more powerful and give it to professional security vendors.

This way these vendors will be able to protect their enterprise users from all these advanced attacks. This attack will prompt the users to download malicious apps with new names like for example, the new angry bird.

The users of these operating systems are more susceptible to these attacks when they download any app from third party source or by ignoring the un-trusted app message popping on their phones. Users, who have set the Gatekeeping feature on “Anywhere”, actually nullify their protection.

As per FireEye's researchers, WireLurker utilizes very limited form of the attack when hitting the iOS through USB ports.

According to director of software engineering at Arxan, Joe Abbey, WireLurker will be able to deliver the workload only if the user has installed any un-trusted app on MAC, on the other hand for the Masque attack to occur, the user must have downloaded enterprise-provisioning profile.

Companies who have the BYOD policies are more susceptible to Masque attack. According to Abbey, it is recommended that the owners of BYOD policies disable the provisioning profiles, till Apple comes out with a solution.

Masque attacks and WireLurker are additional examples of highly sophisticated and automated attacks, which are growly rapidly. These attacks highlights that we are in serious need of automotive proactive protection and prevention methods.

Researchers Identified Sophisticated Chinese Cyber Espionage Team

Collaboration between various security firms has thwarted one of the biggest and most sophisticated cyber espionage crew called the Axiom which is thought to be linked to China. This Axiom Threat Actor Group mostly targeted NGO and pro-democratic along with other individuals who are perceived as potential threat to China.

The Axiom Group

The group mostly targets pro-democratic NGOs in Asia along with industrial espionage by targeting organizations with influential energy policy and environmental policies. Also on the list is IT giants, chip makers, telecom companies and infrastructure providers.

The group mostly used phishing attack and malwares to get the job done. The typical attack seems more like a state-sponsored attack yet again. Their prime is the Hikit tool linked to an attack referred to as Deputy-dog attack, which famously used an IE zero day bug to attack Asian firms mostly.

The group seems to work relatively quietly and is thought to be more heavily funded than say APT1 crew (Shanghai based and PLA affiliated). According to Novetta, the group is active for 6 years, is highly disciplined and is well-resourced. The suspect that Chinese government is related is most certainly true.

The Collaboration and Solution

The attacks performed did not go unnoticed however and sooner rather than later, security firms started collaborating to bring it down. The coalition among the partner is led by Novetta along with Bit9, Cisco, F-Secure, ThreatTrack Security, iSIGHT Partners, Microsoft, FireEye, Tenable, ThreatConnect, Volexity and other unnamed partners. Via Microsoft’s coordinated malware removal campaign, the coalition took its first public action called operation SMN.

Over 43k machines with Axiom tool installations have been removed from machines. Among them 180 were clear examples of Hikit – the last stage persistent and data exfiltration tool that is the peak of the Axiom victim’s lifecycle. This was perhaps the first of its kind from security firms to fight off potentially deadly state-sponsored threats to the whole world.

The Diplomacy 

China has clearly denied any involvement in Axiom. According to Chinese Embassy spokesman, such events and allegations judging from the past are fictitious and China has itself been on the wrong end of cyber espionage according to revelations by Snowden.

With 2 weeks to go before President Barrack Obama gives Beijing a visit, cyber security will be a high priority agenda to discuss. Washington has previously tried hard enough to pressurize China over issues of possible state-sponsored cyber warfare against the US but has failed to sustain it after the Snowden revelations.

Novetta however hopes that the example set by the coalition will be followed in future to fight cyber terrorism. However, it will be very stupid to think that Axiom is gone for good. The operation was more of a remediation than knock-out blow and chances are that Axiom will be back soon though with probably different tools and strategies this time around.

The group has amassed lots of technical data regarding the threat and its workings which will help in future in fighting against such groups.

1.2 Billion Passwords Snipped: Secure Your Online Account with a Strong Password

Technology represents a new identity with the extensive improvement and thus you can easily acknowledge the optimistic features helping you to set up a new identity online. However, along with the advanced attributes also you may be the victim of a negative impact such as hacking. Nowadays it appears as one of the biggest concerns that you need to take care of maintaining a suitable profile online. Manifold users complain that they have been hacked and the passwords are stolen, which lead to lose the confidential and important data.

The newspapers and the online news channels reveal the entire fact specifying the dark side of technology. According to the authenticated information, a particular Russian group hacked about 1.2 billion passwords from nearly 500 accounts. Therefore, all the users using the accounts faced serious problems recovering the entire set of data.

How to maintain the privacy of your account? 

From the above fact, it emerges as the essential feature to sustain a suitable privacy that blocks the hackers stealing your password. You need to set a password that is really difficult to retrieve. The passwords accumulating the common characters or figures can be easily tracked by the hackers that may be threatening for your account.

Incorporate other security features such as the secret questions that protect your account from the unauthorized access. So, all your information remains safe and you would not have to worry regarding the spamming activities. Furthermore, nowadays the webmail providers and the other social sites are implementing multiple security attributes to safeguard their users from the unruly bustles. Follow the regular news and other technical periodicals that depict useful information helping you to know how you can incorporate more safety measures to your account. Hence, you can prevent the leaking out of the data that may bring a tragic episode in your life.

Cyber Security to safeguard the Online Users

Furthermore, the administration employs a specific cyber security feature that protects the privacy of the users and thus you can carry out the online activities without any worry. The entire society is therefore convinced that they attain the ultimate safety over the web that leads to the flawless execution of the operations. Browse the various online sites that consist of other information revealing the particular facets for the cyber security. Acknowledge certain software and other equipment installing which you can increase the safety of your account online.

Eliminate the Negative Technical Brunt

Once, you are able to put a complete barrier to the hackers and other unqualified persons entering your personal account the overall theft will decrease to the large extent. It comes out as a significant feature that is really useful to affix a strict blockade to your top secret data. Employ the feasible security measures and ensure the effective account free from the spamming activities that destroy your useful information. Make sure that you are on the safe hands protecting your account from every type of unscrupulous bustle. Finally, you are able to set up a complete well-organized online account that achieves the ultimate safety.

Why Internet Security is Important to Small Businesses

Online security isn’t just important to businesses – it’s important to every user of the Internet. We all have something to lose when we’re online; we are all vulnerable. As an individual, knowing that your emails have been hacked is enough of a breach of privacy, let alone if you’re a business which has a lot more to lose.
Whether we like it or not, the increasing dominance of the Internet has brought with it a rise in hackers and cybercrime. The best way in which we can deal with the prevalence is by ensuring that we’re safe and secure, at home and at work.

Small businesses are becoming increasingly targeted. According to a part one of an infographic, targeted attacks on small businesses have risen by 13% between 2011 and 2012. The Symantec infographic, found in two parts, exposes some web threat trends that may be of interest to you and your business and may help you to understand the importance of internet security for small businesses.
The fact of the matter is, cybercrime can happen to anyone. Small businesses may not think that they’re vulnerable but the infographic shows that they are. It’s important the business owners don’t become complacent with an “it won’t happen to me” attitude. If suitable security measures are in place and updated regularly, the chance of a malicious attack is substantially smaller. Protecting yourself online isn’t just a technical measure though; it’s also down to you and the policies you implement so that every employee knows how to be as secure as possible while online.

Something as easy to install as reliable anti-virus software can help to maintain a high level of security for your business network. This sort of software is well worth the investment and, on the grand scale of things, is inexpensive too. Once it’s installed, it will help to spot any malicious activity, by warning you before opening attachments that it may deem suspicious, and also scanning the websites you visit and flagging up any that are vulnerable or are potential phishing sites.

As a business, your efforts shouldn’t stop at your online activity. You should also ensure that your business network is protected, too. Most small businesses that use more than one computer are connected to a network which can be targeted by unscrupulous third parties. According to the infographic mentioned, the vast majority of security breaches came from outside business networks, meaning that strong user passwords, wireless passwords and private SSIDs are essential.

By implementing some simple measures, your business will be as safe as possible and should, hopefully, be able to avoid any prolific security attack. Unfortunately, nothing you do will make you completely invincible, but ensuring that some element of protection is in place will mean that chances of your business being caught out are much less.

Your employees need to understand the importance of online security so that they don’t unwittingly cause your business to be victimised. Appropriate training and business policies should be put into place so that every working day can run smoothly.

Being aware of online security issues is the first step towards protecting yourself from cybercrime. Educate yourself and your staff to minimise the risk to your business.

by Roxanne