SpyEye Poses Risk To Banking Defenses

Financial institutions are facing more trouble from SpyEye, a piece of malicious software that steals money from customers online bank accounts, according to new research from security vendor Trusteer.

SpyEye is a dastardly piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.

In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.

Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.

SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying to mimic — albeit in an automated way — how a real person would navigate a website.

Read More…..

Hackers Creating Networking Website

Anonymous, which has taken credit for several high-profile cyber attacks in recent months, plans to launch what it says will be a new social networking site called AnonPlus.

The group’s move was apparently spurred by Google’s decision to shut down Anonymous’ Google+ account for community standard violations, a report by Mashable says.

For the moment, at least, AnonPlus appears to be little more than a single, somewhat poorly formatted page explaining what the site will be about.

“This lil info dump of a site is here simply to dispence (sic) info, soon the actual site will go up and you can begin to interact with it,” a message on the site notes.

“This project is not overnight and will take many of those out there who simply want a better internet,” the message noted. “We will not be stopped by those looking to troll or those willing to stop the spreading of the truth.”

The message doesn’t mention Google shutting down Anonymous’ Google+ account, but it does promise members that with AnonPlus there would be no fear of “censorship”, “blackout” or “holding back.”

Read More…

“TDL-4″ Botnet Is Practically Indestructible

A new and improved botnet that has infected more than four million computers is “practically indestructible,” software security experts say.

“TDL-4,” the name for both the bot Trojan that infects PCs and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said and others agree.

“I wouldn’t say it’s perfectly indestructible, but it is pretty much indestructible,” said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. “It does a very good job of maintaining itself.”

Golovanov and Stewart based their assessments on a variety of TDL-4′s traits, all which make it an extremely tough character to detect, delete, suppress or eradicate.

Because TDL-4 installs its rootkit on the Master Boot Record (MBR), it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

Further,what makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

“The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky, ”The TDL guys are doing their utmost not to become the next gang to lose their botnet.”

Read more….

Citigroup Hackers Pocketed $2.7 million

Citigroup suffered about $2.7 million in losses after cybercriminals uncovered a way to lift credit card numbers from its website and make fraudulent transactions.

Citi acknowledged the breach earlier this month, saying hackers had gained accessed to more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn’t breach Citi’s main credit card processing system, but were reportedly able to obtain the numbers, along with the customers’ names and contact information, by logging into the Citi Account Online website and guessing account numbers.

Until now, it wasn’t revealed if any fraud had occurred as a result of the theft. But Citi confirmed Friday that there were losses of $2.7 million from about 3,400 accounts.

The bank has said its customers will not be liable for the fraudalent transactions and losses as a result of them.

Read More….

More Citigroup Accounts Compromised Than Stated

Citigroup was apparently hit harder by a cyber-attack in May than what was originally reported; which is now 360,000 of its customers. Unfortunately, this number is double the number that Citigroup initially stated.

Citigroup is one of the biggest banks in the US and ranks number 3 overall. The breach occurred on May 10^th and was confirmed by Citigroup on June 8th^th. That said, around 360,080 North American Citigroup credit card accounts were impacted by the breach, Citigroup stated; which is around 1 per cent of their North American card customer’s base.

Read More….

Acer Is The Latest Victim Of Computer Hacking

Taiwanese PC manufacturer Acer is investigating a cyber hacker attack that stole customer data from its Packard Bell division in Europe, the company said.

Acer said the security breach was limited to customers’ names, addresses, phone numbers, emails, and system serial numbers. No credit card data was stolen, it said. Acer provided no other details about the breach, and said the investigation was ongoing.

News of the breach was reported several days ago, after a hacker group called Pakistan Cyber Army claimed to have stolen the personal data of about 40,000 people from an Acer server in Europe. Acer did not comment on the attack at the time.

The Hacker News had published screen shots of the personal data and some of the source code that was stolen in the security breach. It also said that the Pakistan Cyber Army would issue a press release detailing more about their motives. But so far, no new information has surfaced from the hacking group.

Read More….

RSA To Replace SecureID Tokens

In an acknowledgement of the severity of its recent systems breach, RSA Security said Monday that it will replace SecureID tokens for any customer that asks.

Customers have been left to ponder whether or not to trust RSA’s security tokens since March, when the company confirmed that it had been hacked and issued a vague warning to its customers. Then, two weeks ago, government contractor Lockheed Martin was reportedly forced to pull access to its virtual private network after hackers compromised the SecureID technology.

In a letter sent to customers Monday, RSA confirmed that the Lockheed Martin incident was related to SecureID. Information “taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin,” RSA Executive Chairman Art Coviello stated in the letter.

Coviello said the company remains “highly confident in the RSA SecureID product,” but acknowledged that the recent Lockheed Martin attack and general concerns over hacking, “may reduce some customers’ overall risk tolerance.”

Read More…..

Microsoft’s IE Latest Flaw: ‘Cookiejacking’

A technology security researcher has discovered a flaw in Microsoft Corp’s widely used Internet Explorer browser that he said may allow hackers to steal credentials to access FaceBook, Twitter and other websites.

He coined the technique as ”cookiejacking.”

“Any website. Any cookie. Limit is just your imagination,” said Rosario Valotta, an independent Internet security researcher based in Italy.

Hackers can exploit the flaw to access a data file stored inside the browser known as a “cookie,” which holds the login name and password to a web account, Valotta wrote.

Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique “cookiejacking.”

The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.

To take advantage of this flaw, the hacker must first persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.

That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to “undress” a photo of an attractive woman.

“I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server,” he said. “And I’ve only got 150 friends.”

Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.

“Given the level of required user interaction, this issue is not one we consider high risk,” said Microsoft spokesman Jerry Bryant.

Read More….

Adobe Flash Exploited

Hackers have found a way to exploit  Adobe Flash Player by using a zero-day vulnerability by using Microsoft Excel documents that was confirmed by Adobe yesterday. Adobe representatives that they will not be able to patch Flash until next week. Therefore, if you use Flash you are on your own until next week.  Read More….

Hackers Go After WordPress

« Previous Page — Next Page »