‘Stegano’ Malvertising Exposes Millions To Hacking
December 13, 2016 by admin
Filed under Around The Net
Comments Off on ‘Stegano’ Malvertising Exposes Millions To Hacking
Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.
The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.
The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.
The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.
Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.
Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.
The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.
ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.
Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html
Swift To Focus More On Security
June 6, 2016 by admin
Filed under Around The Net
Comments Off on Swift To Focus More On Security
The SWIFT secure messaging service that underpins international banking announced that it will launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT)’s chief executive, Gottfried Leibbrandt, told a financial services conference in Brussels that SWIFT will launch a five-point plan later this week.
Banks send payment instructions to one another via SWIFT messages. In February, thieves hacked into the SWIFT system of the Bangladesh central bank, sending messages to the Federal Reserve Bank of New York allowing them to steal $81 million.
The attack follows a similar but little-noticed theft from Banco del Austro in Ecuador last year that netted thieves more than $12 million, and a previously undisclosed attack on Vietnam’s Tien Phong Bank that was not successful.
The crimes have dented the banking industry’s faith in SWIFT, a Belgium-based co-operative owned by its users.
The Bangladesh Bank hack was a “watershed event for the banking industry”, Leibbrandt said.
“There will be a before and an after Bangladesh. The Bangladesh fraud is not an isolated incident … this is a big deal. And it gets to the heart of banking.”
SWIFT wants banks to “drastically” improve information sharing, to toughen up security procedures around SWIFT and to increase their use of software that could spot fraudulent payments.
SWIFT will also provide tighter guidelines that auditors and regulators can use to assess whether banks’ SWIFT security procedures are good enough.
Leibbrandt again defended SWIFT’s role, saying the hacks happened primarily because of failures at users. “Many of the less protected banks are in countries were skills are really scarce,” he said, pointing the finger at providers of services to banks.
“We will have to create an ecosystem of providers and partners, for example by introducing certification requirements for third-party providers,” he said.
Courtesy-http://www.thegurureview.net/uncategorized/swift-to-implement-new-security-program-after-recent-hacking.html
Phishing Apps Plague Google Play
Google’s attempts to safeguard the Android app store — Google Play — are far from perfect, with malicious apps routinely slipping through its review process. Such was the case for multiple phishing applications this year that posed as client apps for popular online payment services.
Researchers from security firm PhishLabs claim that they’ve found 11 such applications since the beginning of 2016 hosted on Google Play, most of them created by the same group of attackers.
The apps are simple, yet effective. They load Web pages containing log-in forms that look like the target companies’ websites. These pages are loaded from domain names registered by the attackers, but because they are loaded inside the apps, users don’t see their actual location.
In some cases attackers registered domain names that are similar to those of the impersonated online payment services, PhishLab Security Threat Analyst Joshua Shilko said in a blog post.
More recently, attackers used domain names similar to those of cryptocurrency companies, suggesting that the cryptocurrency industry is also targeted.
PhishLabs did not name the exact payment card companies and online payment services whose users were targeted by these fake apps. However, most of those companies provide links to their official mobile applications on their websites and users should always use those links instead of manually searching for them on the Play store.
“In one case, a targeted company explicitly states on their website that no mobile application exists for their company and that users should be wary of any mobile application using their brand,” Shilko said.
The danger is that if phishers manage to routinely bypass Google’s review process and upload such apps to the Google Play store, their attacks might extend to other industries in the future.
Another problem is that even when these apps are detected by third-parties and reported, it can take several days for Google to remove them from the app store, leaving a sufficiently large window of opportunity for attackers. It’s not clear how attackers promote these fake apps or if they rely only on users finding them themselves, but in general phishing attacks are most effective during the first several hours after they’re launched.
Source- http://www.thegurureview.net/mobile-category/phishing-apps-continue-to-play-google-play.html
Microsoft Surprises And Goes Ubuntu
Microsoft has announced a partnership with Canonical which means it is possible to install Canonical’s Ubuntu on Windows 10.
The software is available to all through the Developer Mode on Windows Settings and it is not a virtual machine. Microsoft will allow native ELF binaries, written for Linux, to run under Windows through a translation layer. It is a bit like the WINE project, which runs native Windows binaries on Linux.
Normally you have to recompile Linux software under Cygwin, or run a Linux virtual machine to get it to run in Windows.
Microsoft claims the new feature offers a considerable advantage in performance and storage space. It also includes the bulk of Ubuntu’s packages, installed via the apt package manager directly from Canonical’s own repositories.
The big question is why. Redmond does not appear to be targeting the server market with this launch but desktop and laptop users. It appears to be mainly of use to developers, who need access to Linux software but for whatever reason wish to keep Windows 10 as their main OS.
Canonical’s Dustin Kirkland said the Windows Subsystem for Linux nearly has equivalent performance to running the software natively under Linux. The only downside is the software is free, but not open source.
General release is scheduled for later this year as part of the Windows 10 Anniversary Update, which will also include support for running Windows Universal Apps on the Xbox One, turning any Xbox One into a development system, the ability to disable V-sync for games installed through the Windows software storefront, ad-blocking support by default in Microsoft Edge, and improved stylus support.
Courtesy-Fud
Microsoft Goes Quantum Computing
Software giant Microsoft is focusing a lot of its R&D money on quantum computing.
Peter Lee, the corporate vice president of Microsoft Research said that Quantum computing is “stupendously exciting right now.”
Apparently it is Microsoft Research’s largest area of investment and Lee is pretty certain it is on the verge of some major scientific achievements.
“There’s just hope and optimism those scientific achievements will lead to practical outcomes. It’s hard to know when and where,” Lee said.
This is the first we have heard about Redmond’s quantum ambitions for a while. In 2014 the company revealed its “Station Q” group located on the University of California, Santa Barbara, campus, which has focused on quantum computing since its establishment a decade ago.
We sort of assumed that Microsoft would not get much work done on Quantum states because faced with a choice most cats would rather die in a box rather than listen to Steve Ballmer. But we guess with a more cat friendly CEO it is moving ahead.
Lee said that he has explained quantum computing research to Microsoft chief executive Satya Nadella by comparing it with speech processing. In that field, Microsoft researchers worked “so hard for a decade with no practical improvement,” he said. Then deep learning brought about considerable leaps forward in speech recognition and Microsoft was in on the ground floor.
“With quantum, we’ve made just gigantic advancements making semiconductor interfacing, allowing semiconductor materials to operate as though they were superconducting. What that means is the possibility of semiconductors that can operate at extremely high clock rates with very, very little or no heat dissipation. It’s just really spectacular.”
Courtesy-Fud
Pawn Storm Hacking Develops New Tools For Cyberespionage
Comments Off on Pawn Storm Hacking Develops New Tools For Cyberespionage
A Russian cyberespionage group known as Pawn Storm has made use of new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.
Since August, the group has been engaged in an attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.
During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.
The Kaspersky Lab researchers believe that this module’s goal is to defeat so-called network air gaps, network segments where sensitive data is stored and which are not connected to the Internet to limit their risk of compromise.
However, it’s fairly common for employees in organizations that use such network isolation policies to move data from air-gapped computers to their workstations using USB thumb drives.
Pawn Storm joins other sophisticated cyberespionage groups, like Equation and Flame, that are known to have used malware designed to defeat network air gaps.
“Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena,” the Kaspersky researchers said in a blog post. “This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day.”
Source- http://www.thegurureview.net/aroundnet-category/pawn-storm-hacking-group-develops-new-tools-for-cyberespionage.html
Amazon Finally Goes Two-Factor
Amazon is making it a little, or a lot, harder for miscreants to make off with user accounts by adding two-factor authentication.
It has taken Amazon some time to fall into line on this. Two-factor authentication has become increasingly popular and common in the past couple of years, and it is perhaps overdue for a firm that deals so heavily in trade.
Amazon is treating it like it’s new, and is offering to hold punters’ hands as they embrace the security provision.
“Amazon Two-Step Verification adds an additional layer of security to your account. Instead of simply entering your password, Two-Step Verification requires you to enter a unique security code in addition to your password during sign in,” the firm said.
The way that the code is served depends on the user, who can choose to get the extra prompt in one of three ways. They may not appeal to those who do not like to over-share, but they will require a personal phone number.
As is frequently the case, Amazon will offer to send supplementary log-in information to a phone via text message or voice call, and even through a special authenticating app.
It’s an option, and you do not have to enable it. Amazon said that users could select trusted sign-on computers that spare them from the mobile phone contact.
“Afterward, that computer or device will only ask for your password when you sign in,” explained the Amazon introduction, helpfully.
There are a number of other outfits that offer the two-factor system and you might be advised to take their trade and do your business through them. Apple, Microsoft, Google, Twitter, Dropbox, Facebook and many others offer the feature.
A website called TwoFactorAuth will let you check your standing and the position of your providers.
Source- http://www.thegurureview.net/technology-2/amazon-finally-goes-two-factor.html
Dyreza Trojan Targeting Windows 10
An infectious banking trojan has been updated so that it supports financial mayhem on the freshly baked Windows 10 operating system and supporting Microsoft Edge browser.
Microsoft reckons that Windows 10 is installed on over 100 million machines, and this suggests prime picking for people who deploy banking trojans, not to mention the fact that most people will still be getting used to the software and its services and features.
The newest edition to the Windows 10 spectrum is a variant of the Zeus banking malware known as Dyreza. It is related to Dyre, a threat that we reported on earlier this year.
The warning at the time was that as many as one in 20 online banking users could be exposed to the threat, and things look as bad this time around. Heimdal Security said in a blog post that the malware has been strengthened in scale and capability.
“The info-stealer malware now includes support for Windows 10. This new variant can also hook to Microsoft Edge to collect data and then send it to malicious servers,” said the post.
“Moreover, the new Dyreza variant kills a series of processes linked to endpoint security software in order to make its infiltration in the system faster and more effective.”
The threat already has a footprint, and the people behind it have increased it. Heimdal said that, once Dyreza is done with your bank account, it will move you into position on a botnet. The firm estimates that this botnet is currently 80,000-strong.
“By adding support for Windows 10, the Dyreza malware creators have cleared their way to growing the number of infected PCs in their botnet. This financial trojan doesn’t only drain the infected computers of valuable data, it binds them into botnets,” said Heimdal.
Source- http://www.thegurureview.net/computing-category/dyreza-trojan-appears-to-be-targeting-windows-10.html
Confusion Continues To Reign With U.S. Chip & PIN
November 11, 2015 by admin
Filed under Around The Net
Comments Off on Confusion Continues To Reign With U.S. Chip & PIN
Several large U.S. retailers are ramping up efforts to use personal identification numbers, or PINs, with new credit cards embedded with computer chips in a bid to prevent counterfeit card fraud.
But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.
A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.
But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.
Broadly, U.S. banks are unprepared or resisting the change.
The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.
But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.
“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.
Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.
“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”
But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.
EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.
Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.
“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.
Courtesy-http://www.thegurureview.net/aroundnet-category/confusion-continues-to-reign-with-u-s-chip-pin.html
Is The Shifu Trojan Wreaking Havoc In Japan?
Comments Off on Is The Shifu Trojan Wreaking Havoc In Japan?
Security research has found a banking trojan called Shifu that is going after Japanese financial firms in a big way.
Shifu is described as “masterful” by IBM X-Force, and is named after the Japanese word for thief, according to the firm. It is also the Chinese word for skilled person, or tutor.
X-Force said in a blog post that the malware has been active since the early summer, and comprises a number of known tools like Dyre, Zeus and Dridex. It has been put together by people who know what they are doing, and sounds like a significant problem for the 20 institutions it is targeting.
“The Shifu trojan may be a new beast, but its inner workings are not entirely unfamiliar. The malware relies on a few tried-and-true trojan mechanisms from other infamous crimeware codes,” said the IBM researchers.
“It appears that Shifu’s internal makeup was composed by savvy developers who are quite familiar with other banking malware, dressing Shifu with selected features from the more nefarious of the bunch.”
The Shifu package offers a range of attack features as well as clean-up tools to cover its tracks. It reads like a Now that’s what I call … recent attacks compilation CD, and has some oldies but baddies.
“Shifu wipes the local System Restore point on infected machines in a similar way to the Conficker worm, which was popular in 2009,” added the firm as one example.
The package can wreak havoc on companies and their users. If we had a bucket of damp sand we would pour it all over Shifu and stamp on it.
“This trojan steals a large variety of information that victims use for authentication purposes. For example, it keylogs passwords, grabs credentials that users key into HTTP form data, steals private certificates and scrapes external authentication tokens used by some banking applications,” said IBM.
“These elements enable Shifu’s operators to use confidential user credentials and take over bank accounts held with a large variety of financial service providers.
“Shifu’s developers could be Russian speakers or native to countries in the former Soviet Union. It is also possible that the actual authors are obfuscating their true origin, throwing researchers off by implicating an allegedly common source of cybercrime.”
Source-http://www.thegurureview.net/computing-category/is-the-shifu-trojan-wreaking-havoc-in-japan.html