personal information from Vermont state employees and other U.S. residents was sentenced . Tuesday in Rutland federal court to time served , or 14 months in jail . Osariemen Isibor , 32 , pleaded guilty in U.S. District Court in March to conspiracy to commit wire fraud . Another man , Eneye Dania , 31 , also pleaded guilty in March to being part of the same conspiracy . Last week , Dania was sentenced to serve 17 months in jail . Dania has been held in jail for about 14 months . While Isibor 's prison sentence on the charge is complete and Dania 's will be soon , neither is expected to be released . Instead , both are expected to be turned over to the custody of Immigration and Customs Enforcement before being deported to Nigeria . According to court records , the goal of the conspiracy was “ foolingAttack.PhishingUnited States residents … into sending the logon information they used to accessAttack.Databreachtheir IRS form W-2 data from their employer 's website to another website designed to look likeAttack.Phishingtheir employer 's human resources page but actually operated by the conspiracy to collect this data ” . Once people entered their information into the fake website , the conspirators attempted to trickAttack.Phishingthe IRS into sending tax refunds to the conspirators , but prosecutors said fraud detection controls put in place by the IRS “ caused most , if not all , such fraudulent tax returns to be rejected ” .
A hacker allegedly used a vulnerability in MySQL to stealAttack.Databreach6.5 million emails and poorly encrypted passwords from Dueling Network , a card game in the style of Yu-Gi-Oh , announced Motherboard . The website ’ s forum has been kept online , although Dueling Network was shut down in 2016 following a cease-and-desist order . The request was made by a law firm on behalf of the animation company holding the rights to Yu-Gi-Oh . “ Only our forum site was still up as a way for our users to communicate with each other ( login used DN [ Dueling Network ] credentials ) , ” an administrator wrote in an email to Motherboard . “ Now that is down and warns users to change passwords on any other sites they may have used the same password on. ” The passwords were hashed with the MD5 algorithm , known to have extensive vulnerabilities that allow hackers to getAttack.Databreachplaintext passwords . A company administrator said not all stolen emails and passwords are associated with individual players , as some accounts appear to be duplicates .
'Cloud Hopper ' campaign by sophisticated APT10 hacking group uses advanced phishingAttack.Phishingand customised malware to conduct espionage . A Chinese hacking group with advanced cyber-espionage capabilities has been targeting managed IT services providers across the globe in a campaign to stealAttack.Databreachsensitive data . The cybercriminal gang is using sophisticated phishing attacksAttack.Phishingand customised malware in order to infect victims ' machines and then gain access to IT providers and their customer networks . Dubbed Operation Cloud Hopper , the cyber-espionage campaign has been uncovered by security researchers at PwC , BAE Systems , and the UK 's National Cyber Security Centre . The researchers say the campaign is `` highly likely '' to be the work of the China-based APT10 hacking group . The group has been focusing on espionage since 2009 and has evolved from targeting US defence firms as well as the technology and telecommunications sectors to targeting organisations in multiple industries across the globe . The group was behind the Poison Ivy malware family and has evolved its operations to include using custom tools capable of compromisingAttack.Databreachhigh volumes of data from organisations and their customers , and stealthily moving it around the world . It 's because of the sophisticated nature of the campaign that PwC 's Operation Cloud Hopper report describes how APT10 `` almost certainly benefits from significant staffing and logistical resources , which have increased over the last three years '' . The group 's work shifted significantly during 2016 , as it started to focus on managed service providers , following the significant enhancements to its operations . The move enabled APT10 to exfiltrateAttack.Databreachdata from multiple victims around the world as part of a large scale campaign . Managed service providers ( MSPs ) represent a particularly lucrative target for attackers , because as well as having accessAttack.Databreachto their clients ' networks , they also store significant quantities of customer data , which can provide useful information or be sold for profit . Researchers note that the spear phishing campaignAttack.Phishingundertaken by APT10 indicates that the group conducts significant research on targets , in order to have the best chance of trickingAttack.Phishingthem into opening malicious documents attached to specially crafted emails . Once the hacking group has infiltrated a network , it conducts reconnaissance to ensure legitimate credentials have been gainedAttack.Databreach, before deploying tools such as mimikatz or PwDump to stealAttack.Databreachadditional credentials , administration credentials , and data from infected MSPs . The shared nature of MSP infrastructure enables APT10 's success , allowing the hackers to stealthily move between the networks of MSPs and clients -- hence the name Cloud Hopper . Using this approach , the group has been able to target organisations in the US , Canada , the UK , France , Switzerland , Scandinavia , South Africa , India , and Australia . `` The indirect approach of this attack highlights the need for organisations to have a comprehensive view of the threats they 're exposed to -- including those of their supply chain , '' Kris McConkey , partner , cyber threat detection and response at PwC , said . `` This is a global campaign with the potential to affect a wide range of countries , so organisations around the world should work with their security teams and providers to check networks for the key warning signs of compromise and ensure they respond and protect themselves accordingly . '' The National Cyber Security Centre has issued guidelines following the global targeting of enterprises via managed service providers , and notes how the activity detected `` likely represents only a small proportion of the total malicious activity '' .
'Cloud Hopper ' campaign by sophisticated APT10 hacking group uses advanced phishingAttack.Phishingand customised malware to conduct espionage . A Chinese hacking group with advanced cyber-espionage capabilities has been targeting managed IT services providers across the globe in a campaign to stealAttack.Databreachsensitive data . The cybercriminal gang is using sophisticated phishing attacksAttack.Phishingand customised malware in order to infect victims ' machines and then gain access to IT providers and their customer networks . Dubbed Operation Cloud Hopper , the cyber-espionage campaign has been uncovered by security researchers at PwC , BAE Systems , and the UK 's National Cyber Security Centre . The researchers say the campaign is `` highly likely '' to be the work of the China-based APT10 hacking group . The group has been focusing on espionage since 2009 and has evolved from targeting US defence firms as well as the technology and telecommunications sectors to targeting organisations in multiple industries across the globe . The group was behind the Poison Ivy malware family and has evolved its operations to include using custom tools capable of compromisingAttack.Databreachhigh volumes of data from organisations and their customers , and stealthily moving it around the world . It 's because of the sophisticated nature of the campaign that PwC 's Operation Cloud Hopper report describes how APT10 `` almost certainly benefits from significant staffing and logistical resources , which have increased over the last three years '' . The group 's work shifted significantly during 2016 , as it started to focus on managed service providers , following the significant enhancements to its operations . The move enabled APT10 to exfiltrateAttack.Databreachdata from multiple victims around the world as part of a large scale campaign . Managed service providers ( MSPs ) represent a particularly lucrative target for attackers , because as well as having accessAttack.Databreachto their clients ' networks , they also store significant quantities of customer data , which can provide useful information or be sold for profit . Researchers note that the spear phishing campaignAttack.Phishingundertaken by APT10 indicates that the group conducts significant research on targets , in order to have the best chance of trickingAttack.Phishingthem into opening malicious documents attached to specially crafted emails . Once the hacking group has infiltrated a network , it conducts reconnaissance to ensure legitimate credentials have been gainedAttack.Databreach, before deploying tools such as mimikatz or PwDump to stealAttack.Databreachadditional credentials , administration credentials , and data from infected MSPs . The shared nature of MSP infrastructure enables APT10 's success , allowing the hackers to stealthily move between the networks of MSPs and clients -- hence the name Cloud Hopper . Using this approach , the group has been able to target organisations in the US , Canada , the UK , France , Switzerland , Scandinavia , South Africa , India , and Australia . `` The indirect approach of this attack highlights the need for organisations to have a comprehensive view of the threats they 're exposed to -- including those of their supply chain , '' Kris McConkey , partner , cyber threat detection and response at PwC , said . `` This is a global campaign with the potential to affect a wide range of countries , so organisations around the world should work with their security teams and providers to check networks for the key warning signs of compromise and ensure they respond and protect themselves accordingly . '' The National Cyber Security Centre has issued guidelines following the global targeting of enterprises via managed service providers , and notes how the activity detected `` likely represents only a small proportion of the total malicious activity '' .
The Intercontinental Hotels Group data breachAttack.Databreachpreviously announced in February as affecting 12 hotels in the chain has proven to have been far more extensive than was first thought . Last week the group announced that the breachAttack.Databreachaffected guests that used their credit cards to pay at franchisee hotels across the United States and in Puerto Rico between September 29 , 2016 and December 29 , 2016 . According to the chain ’ s website , the Intercontinental Hotels Group data breachAttack.Databreachpotentially affected guests who stayed at its Holiday Inn , Holiday Inn Express , Crowne Plaza , Staybridge Suites , Candlewood Suites , Hotel Indigo , and InterContinental Hotels . The full list of hotels that have potentially been affected by the malware incident has been listed on the IHG website . In total , 1,184 of the group ’ s hotels have potentially been affected . The Intercontinental Hotels Group data breachAttack.Databreachinvolved malware that had been downloaded onto its systems , which was capable of monitoring payment card systems and exfiltratingAttack.Databreachpayment card data . It does not appear that any other information other than card details and cardholders ’ names were stolenAttack.Databreachby the attackers . The hotel group does not believe the data breachAttack.Databreachextended past December 29 , 2016 , although that can not be entirely ruled out as it took until February/March for all of the affected hotels to be investigated and for confirmation to be received that the malware had been removed . Prior to the malware being installed , IHG had started installing the OHG Secure Payment Solution ( SPS ) , which provides point to point encryption to prevent incidents such as this from resulting in the theft of clients ’ data . Had the process started sooner , the Intercontinental Hotel Group data breachAttack.Databreachcould have been prevented . Hotels that had implemented the SPS prior to September 29 , 2016 were not affected and those that had implemented the solution between September 29 , 2016 and December 29 , 2016 stopped the malware from being able to locate and stealAttack.Databreachcredit card data . In those cases , only clients that used their credit cards at affected hotels between September 29 , 2016 and when the SPS system was installed were affected . Intercontinental Hotels Group Data Breach One of Many Affecting the Hospitality Sector The Intercontinental Hotels Group data breachAttack.Databreachstands out due to the extent to which the group was affected , with well over 1,100 hotels affected . However , this is far from the only hotel group to have been affected by POS malware . Previous incidents have also been reported by Hard Rock Hotels , Hilton Hotels , Omni Hotels & Resorts and Trump Hotels . Hotels , in particular hotel chains , are big targets for cybercriminals due to the size of the prize . Many hotel guests choose to pay for their rooms and services on credit cards rather than in cash , and each hotel services many thousands – often tens of thousands – of guests each year . Globally , IHG hotels service more than 150 million guests every year , which is a tremendous number of credit and debit cards . Such a widespread malware infection would be highly lucrative for the attackers . Credit card numbers may only sell for a couple of dollars a time , but with that number of guests , an attackAttack.Databreachsuch as this would be a huge pay day for the attackers .
Coventry Trading Standards is again warning Apple Store users to be aware of phishing emails attempting to stealAttack.Databreachyour Apple ID log in details as well as personal and financial information . A Westwood resident reported receivingAttack.Phishingan authentic looking email ‘ invoice ’ from the Apple Store in regards to an order that was placed . At the end of the email , there is a link to ‘ View Your Order ’ . If you click on this link , you will no doubt be taken toAttack.Phishinga fake server and a page asking you to provide personal information , including full credit/debit card details . Criminals can then stealAttack.Databreachany information that you supply and use it to hijack your Apple account , commit credit card fraud in your name , and attempt to steal your identity . The Apple Store will never ask you to provide personal details ( such as passwords or credit card numbers ) via email . If you do have a genuine Apple account , you can check it with Apple directly , but do not use any links in the email . Just type the site 's address into your browser . If you receive what you think is a phishing email claiming to beAttack.Phishingfrom Apple you can forward it to them . Full details are available on the Apple website .
Coventry Trading Standards is again warning Apple Store users to be aware of phishing emails attempting to stealAttack.Databreachyour Apple ID log in details as well as personal and financial information . A Westwood resident reported receivingAttack.Phishingan authentic looking email ‘ invoice ’ from the Apple Store in regards to an order that was placed . At the end of the email , there is a link to ‘ View Your Order ’ . If you click on this link , you will no doubt be taken toAttack.Phishinga fake server and a page asking you to provide personal information , including full credit/debit card details . Criminals can then stealAttack.Databreachany information that you supply and use it to hijack your Apple account , commit credit card fraud in your name , and attempt to steal your identity . The Apple Store will never ask you to provide personal details ( such as passwords or credit card numbers ) via email . If you do have a genuine Apple account , you can check it with Apple directly , but do not use any links in the email . Just type the site 's address into your browser . If you receive what you think is a phishing email claiming to beAttack.Phishingfrom Apple you can forward it to them . Full details are available on the Apple website .
Saudi Arabian security officials said on Monday that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle East nations as well as several countries outside the region . The Saudi government ’ s National Cyber Security Center ( NCSC ) said in a statement the kingdom had been hit by a hacking campaign bearing the technical hallmarks of an attack group dubbed “ MuddyWater ” by U.S. cyber firm Palo Alto Networks . Palo Alto ’ s Unit 42 threat research unit published a report last Friday showing how a string of connected attacksAttack.Phishingthis year used decoy documents with official-looking government logos to lureAttack.Phishingunsuspecting users from targeted organizations to download infected documents and compromise their computer networks . Documents pretending to beAttack.Phishingfrom the U.S.National Security Agency , Iraqi intelligence , Russian security firm Kaspersky and the Kurdistan regional government were among those used to trickAttack.Phishingvictims , Unit 42 said in a blog post ( goo.gl/SvwrXv ) . The Unit 42 researchers said the attacksAttack.Phishinghad targeted organizations in Saudi Arabia , Iraq , the United Arab Emirates , Turkey and Israel , as well as entities outside the Middle East in Georgia , India , Pakistan and the United States . The Saudi security agency said in its own statement that the attacksAttack.Databreachsought to stealAttack.Databreachdata from computers using email phishing techniques targeting the credentials of specific users . The NCSC said they also comprised so-called “ watering hole ” attacks , which seek to trickAttack.Phishingusers to click on infected web links to seize control of their machines . The technical indicators supplied by Unit 42 are the same as those described by the NCSC as being involved in attacks against Saudi Arabia . The NCSC said the attacks appeared to be by an “ advanced persistent threat ” ( APT ) group - cyber jargon typically used to describe state-backed espionage . Saudi Arabia has been the target of frequent cyber attacks , including the “ Shamoon ” virus , which cripples computers by wiping their disks and has hit both government ministries and petrochemical firms . Saudi Aramco , the world ’ s largest oil company , was hit by an early version of the “ Shamoon ” virus in 2012 , in the country ’ s worst cyber attack to date . The NCSC declined further comment on the source of the attack or on which organizations or agencies were targeted . Unit 42 said it was unable to identify the attack group or its aims and did not have enough data to conclude that the MuddyWater group was behind the Saudi attacks as outlined by NCSC . “ We can not confirm that the NCSC posting and our MuddyWater research are in fact related , ” Christopher Budd , a Unit 42 manager told Reuters . “ There ’ s just not enough information to make that connection with an appropriate level of certainty. ” Palo Alto Networks said the files it had uncovered were almost identical to information-stealing documents disguised asAttack.PhishingMicrosoft Word files and found to be targeting the Saudi government by security firm MalwareBytes in a September report .
Cybercriminals prey on naivety , and a new scam campaign that attempts to trickAttack.Phishingpeople into providing bank details to pay for a fake WhatsApp subscription does just that . WhatsApp did once charge a subscription fee of $ 0.99/£0.99 , but stopped the practice in January 2016 . However , the fraudsters behind this latest scam are looking to take advantage of the fact WhatsApp -- which has over a billion users -- did once rely on a subscription service to dupeAttack.Phishingvictims into handing over their banking information . The UK 's fraud and cybercrime centre Action Fraud and the City of London police have issued a warning about the campaign . Emails purporting to beAttack.Phishingfrom 'The WhatsApp Team ' claim that `` your subscription will be ending soon '' and that in order to continue to use the service , you need to update your payment information . Victims are encouraged to sign into a 'customer portal ' with their number and to enter payment information . Naturally , this is a scam -- with spelling errors in the text a huge giveaway -- and all the victims are doing is providing criminals with their financial details . Criminals could use these to simply make purchases or as a basis for further fraud . Scammers have also been known to use text messages in an effort to dupeAttack.Phishingvictims into paying for a fake subscription . Those who receiveAttack.Phishingthe email are urged not to click on any of the links , but to instead report it to the police . Action Fraud also offers advice to those who have already fallen for the scam , telling victims to `` run antivirus software to ensure your device has not been infected with malware '' . Scammers often attempt to lureAttack.Phishingvictims into handing over their credit card information -- or installing malware onto their machines -- often with authentic-looking phishing emails claiming to be fromAttack.Phishingreal companies . Previously , Action Fraud has warned about scammers attempting to stealAttack.Databreachcredentials from university staff with fake emails about a pay rise , while police have also issued a warning about cybercriminals attempting to infect people with banking malware using emails that pretend to beAttack.Phishingfrom a charity .
Kubernetes has12 become the most popular cloud container orchestration system by far , so it was only a matter of time until its first major security hole was discoveredVulnerability-related.DiscoverVulnerability. And the bug , CVE-2018-1002105 , aka the Kubernetes privilege escalation flaw , is a doozy . It 's a CVSS 9.8 critical security hole . With a specially crafted network request , any user can establish a connection through the Kubernetes application programming interface ( API ) server to a backend server . Once established , an attacker can send arbitrary requests over the network connection directly to that backend . Adding insult to injury , these requests are authenticated with the Kubernetes API server 's Transport Layer Security ( TLS ) credentials . Worse still , `` In default configurations , all users ( authenticated and unauthenticated ) are allowed to perform discovery API calls that allow this escalation . '' So , yes , anyone who knows about this hole can take command of your Kubernetes cluster . Oh , and for the final jolt of pain : `` There is no simple way to detect whether this vulnerability has been used . Because the unauthorized requests are made over an established connection , they do not appear in the Kubernetes API server audit logs or server log . The requests do appear in the kubelet or aggregated API server logs , but are indistinguishable from correctly authorized and proxied requests via the Kubernetes API server . '' In other words , Red Hat said , `` The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes pod . This is a big deal . Not only can this actor stealAttack.Databreachsensitive data or inject malicious code , but they can also bring down production applications and services from within an organization 's firewall . '' The only real fix is to upgradeVulnerability-related.PatchVulnerabilityKubernetes . Any program , which includes Kubernetes , is vulnerable . Kubernetes distributors are already releasingVulnerability-related.PatchVulnerabilityfixes . Red Hat reports all its `` Kubernetes-based services and products -- including Red Hat OpenShift Container Platform , Red Hat OpenShift Online , and Red Hat OpenShift Dedicated -- are affected . '' Red Hat has begun deliveringVulnerability-related.PatchVulnerabilitypatches and service updates to affected users . As far as anyone knows , no one has used the security hole to attack anyone yet . Darren Shepard , chief architect and co-founder at Rancher Labs , discoveredVulnerability-related.DiscoverVulnerabilitythe bug and reportedVulnerability-related.DiscoverVulnerabilityit using the Kubernetes vulnerability reporting processVulnerability-related.DiscoverVulnerability. But -- and it 's a big but -- abusing the vulnerability would have left no obvious traces in the logs . And , now that news of the Kubernetes privilege escalation flaw is out , it 's only a matter of time until it 's abused . So , once more and with feeling , upgrade your Kubernetes systems now before your company ends up in a world of trouble .
A zero-day vulnerability present inVulnerability-related.DiscoverVulnerabilitysecurity cameras and surveillance equipment using Nuuo software is thought to impactVulnerability-related.DiscoverVulnerabilityhundreds of thousands of devices worldwide . Researchers from cybersecurity firm Tenable disclosedVulnerability-related.DiscoverVulnerabilitythe bug , which has been assigned as CVE-2018-1149 . The vulnerability can not get much more serious , as it allows attackers to remotely execute code in the software , the researchers said in a security advisory on Monday . Nuuo , describing itself as a provider of `` trusted video management '' software , offers a range of video solutions for surveillance systems in industries including transport , banking , government , and residential areas . Dubbed `` Peekaboo , '' the zero-day stack buffer overflow vulnerability , when exploitedVulnerability-related.DiscoverVulnerability, allows threat actors to view and tamper with video surveillance recordings and feeds . It is also possible to use the bug to stealAttack.Databreachdata including credentials , IP addresses , port usage , and the make & models of connected surveillance devices . Such a security vulnerability has wide-reaching , real-world consequences -- as criminals could compromise a surveillance camera feed , replace the footage with a static image , and raid a premises , for example . In addition , the bug could be used to fully disable cameras and surveillance products . Peekaboo specifically impactsVulnerability-related.DiscoverVulnerabilitythe NVRMini 2 NAS and network video recorder , which acts as a hub for connected surveillance products . When exploited , the product permitted access to the control management system ( CMS ) interface , which further exposes credentials of all connected video surveillance cameras connected to the storage system . Speaking to ZDNet , Gavin Millard , VP of threat intelligence at Tenable , said that organizations all over the world use Nuuo software , including in shopping centers , hospitals , banks , and public areas . However , therein lies the problem -- as the software is also white labeled to over 100 brands and 2,500 camera product lines . Tenable disclosedVulnerability-related.DiscoverVulnerabilitythe zero-day vulnerability to Nuuo . A patch has not been releasedVulnerability-related.PatchVulnerability, but Nuuo is currently developingVulnerability-related.PatchVulnerabilitya fix for deployment . A plugin has also been releasedVulnerability-related.PatchVulnerabilityby Tenable for organizations to assess whether or not they are vulnerableVulnerability-related.DiscoverVulnerabilityto Peekaboo . ZDNet has reached out to Nuuo and will update if we hear back .
With a bunch of security fixes releasedVulnerability-related.PatchVulnerabilityand more on the way , details have been made publicVulnerability-related.DiscoverVulnerabilityof a Bluetooth bug that potentially allows miscreants to commandeer nearby devices . This Carnegie-Mellon CERT vulnerability advisory on Monday laid outVulnerability-related.DiscoverVulnerabilitythe cryptographic flaw : firmware or operating system drivers skip a vital check during a Diffie-Hellman key exchange between devices . The impact : a nearby eavesdropper could “ intercept and decrypt and/or forge and inject device messages ” carried over Bluetooth Low Energy and Bluetooth Basic Rate/Enhanced Data Rate ( BR/EDR ) wireless connections between gizmos . In other words , you can potentially snoop on supposedly encrypted communications between two devices to stealAttack.Databreachtheir info going over the air , and inject malicious commands . To pull this off , you must have been within radio range and transmitting while the gadgets were initially pairing . The bug 's status in Android is confusing : while it does n't appear in the operating system project 's July monthly bulletin , phone and tablet manufacturers like LG and Huawei list the bug as being patchedVulnerability-related.PatchVulnerabilityin the , er , July security update . Microsoft has declared itself in the clear . The CERT note says fixes are needed both in software and firmware , which should be obtained from manufacturers and developers , and installed – if at all possible . We 're guessing for random small-time Bluetooth gizmos , it wo n't be very easy to prise an update out of the vendors , although you should have better luck with bigger brand gear . So , make sure you 're patched via the usual software update mechanisms , or just look out for nearby snoops , and be ready to thwart them , when pairing devices . Manufacturers were warned in January , it appears , so have had plenty of time to work on solutions . Indeed , silicon vendor patches for CVE-2018-5383 are already rolling outVulnerability-related.PatchVulnerabilityamong larger gadget and device makers , with Lenovo and Dell posting updatesVulnerability-related.PatchVulnerabilityin the past month or so . Linux versions prior to 3.19 do n't support Bluetooth LE Secure Connections and are therefore not vulnerable , we 're told .
A serious vulnerability in a widely used , and widely forked , jQuery file upload plugin may have been exploitedVulnerability-related.DiscoverVulnerabilityfor years by hackers to seize control of websites – and is only now patchedVulnerability-related.PatchVulnerability. Larry Cashdollar , a bug-hunter at Akamai , explainedVulnerability-related.DiscoverVulnerabilitylate last week how the security shortcoming , designatedVulnerability-related.DiscoverVulnerabilityCVE-2018-9206 , allows a miscreant to upload and execute arbitrary code as root on a website that uses the vulnerable code with the Apache web server . This would potentially allow an attacker to , among other things , upload and run a webshell to execute commands on the target machine to stealAttack.Databreachdata , change files , distribute malware , and so on . Cashdollar – real name , he swears – was able to trackVulnerability-related.DiscoverVulnerabilitythe flaw down to Sebastian Tschan 's open-source jQuery File Upload tool , and got the developer to fixVulnerability-related.PatchVulnerabilityit in version 9.22.1 . The flaw stems from a change to the Apache web server , from version 2.3.9 and onwards , that disabled support for .htaccess security configuration files , which left projects like jQuery File Upload open to exploitation . Additionally , Cashdollar notedVulnerability-related.DiscoverVulnerability, it is almost certain he was not the first person to come acrossVulnerability-related.DiscoverVulnerabilitythis simple vulnerability . Demonstration videos on YouTube suggest similar flaws are knownVulnerability-related.DiscoverVulnerabilityto miscreants , and have been targeted in some circles for years . `` The internet relies on many security controls every day in order to keep our systems , data , and transactions safe and secure , '' Cashdollar said . `` If one of these controls suddenly does n't exist it may put security at risk unknowingly to the users and software developers relying on them . '' So , it 's believed hackers have been quietly exploiting the bug for several years as the flaw itself is fairly trivial and also eight years old . Now that details of the vulnerability are publicVulnerability-related.DiscoverVulnerability, exploit code has been produced , for example , here , and may be handy if you wish to test whether or not your website is vulnerableVulnerability-related.DiscoverVulnerabilityto CVE-2018-9206 . In any case , loads of people now know about it , so that means more miscreants menacing and hijacking vulnerable websites .
A critical vulnerability in Kubernetes open-source system for handling containerized applications can enable an attacker to gain full administrator privileges on Kubernetes compute nodes . Kubernetes makes it easier to manage a container environment by organizing application containers into pods , nodes ( physical or virtual machines ) and clusters . Multiple nodes form a cluster , managed by a master that coordinates cluster-related activities like scaling , scheduling , or updating apps . Each node has an agent called Kubelet that facilitates communication with the Kubernetes master via the API . The number of nodes available in a Kubernetes system can be hundreds and even thousands . Pulling this off is easy on default configurations , where `` all users ( authenticated and unauthenticated ) are allowed to perform discovery API calls that allow this escalation , '' says Jordan Liggitt , staff software engineer at Google . The security bug was discoveredVulnerability-related.DiscoverVulnerabilityby Darren Shepherd , co-founder of Rancher Labs company that provides the Kubernetes-as-a-Service solution called Rancher . Now tracked asVulnerability-related.DiscoverVulnerabilityCVE-2018-1002105 , the flaw is critical , with a Common Vulnerability Scoring System ( CVSS ) score of 9.8 out of 10 . According to the latest version of the vulnerability severity calculator , exploiting the security glitch has low difficulty and does not require user interaction . Red Hat 's OpenShift Container Platform uses Kubernetes for orchestrating and managing containers is also impactedVulnerability-related.DiscoverVulnerabilityby the vulnerability . In an advisory on the matter , the company explains that the flaw can be used in two ways against its products . One involves a normal user with 'exec , ' 'attach , ' or 'portforward ' rights over a Kubernetes pod ( a group of one or more containers that share storage and network resources ) ; they can escalate their privileges to cluster-admin level and execute any process in a container . The second attack method exploits the API extension feature used by ‘ metrics-server ’ and ‘ servicecatalog ’ in OpenShift Container Platform , OpenShift Online , and Dedicated . No privileges are required and an unauthenticated user can get admin rights to any API extension deployed to the cluster . `` Cluster-admin access to ‘ servicecatalog ’ allows creation of service brokers in any namespace and on any node , '' the advisory details . The problem has been addressedVulnerability-related.PatchVulnerabilityin the latest Kubernetes revisions : v1.10.11 , v1.11.5 , v1.12.3 , and v1.13.0-rc.1 . Kubernetes releases prior to these along with the products and services based on them are affectedVulnerability-related.DiscoverVulnerabilityby CVE-2018-1002105 . Red Hat releasedVulnerability-related.PatchVulnerabilitypatches for the OpenShift family of containerization software ( OpenShift Container Platform , OpenShift Online , and OpenShift Dedicated ) and users receivedVulnerability-related.PatchVulnerabilityservice updates they can install at their earliest convenience . The software company warns that a malicious actor could exploit the vulnerability to stealAttack.Databreachdata or inject malicious code , as well as `` bring down production applications and services from within an organization ’ s firewall . ''
People are still falling for fake sites pretending to beAttack.PhishingFacebook , research from Kaspersky Labs suggests . In 2018 thus far , the Russian security company blocked “ 3.7 million attempts to visit fraudulent social network pages ” . Notably , 58.7 % of these attacks were attempting to direct users to fake FB pages . That ’ s a pretty substantial slice of the pie , considering that VKontakte — Russia ’ s version of Facebook — was responsible for 20.8 % , and LinkedIn 12.9 % . “ At the beginning of the year , Facebook was the most popular social networking brand for fraudsters to abuse , and Facebook pages were frequently fakedAttack.Phishingby cybercriminals to try and stealAttack.Databreachpersonal data via phishing attacks , ” the company states in a press release . The main targets for these attacks include “ global internet portals and the financial sector , including banks , payment services and online stores , ” Kaspersky adds . The firm also suggests that this is nothing new . “ Last year Facebook was one of the top three most exploited company names . The schemes are numerous , but fairly standard : the user is asked to ‘ verify ’ an account or luredAttack.Phishinginto signing into a phishing site on the promise of interesting content , ” it reveals . The company also noted that South America suffered the most phishing attacksAttack.Phishingin 2018 thus far . “ Brazil was the country with the largest share of users attackedAttack.Phishingby phishers in the first quarter of 2018 ( 19 % ) , ” it revealed . It was followed by Argentina , Venezuela , and Albania — all at 13 % .
Do you trust your tax preparer not to fall for this simple phishing scamAttack.Phishing? The Internal Revenue Service is warning tax preparers about a new scam designed to stealAttack.Databreachtheir usernames and passwords . The hacker ’ s goal is to break in to the preparer ’ s computer system and stealAttack.Databreachclient information . The IRS advises the bogus email appears to come fromAttack.Phishingthe recipient ’ s software provider and typically has a subject line that reads something like : “ Software Support Update ” or “ Important Software System Upgrade. ” The message tells the preparer they need to revalidate their login credentials and it provides a link to a “ fictitious website that mirrors the software provider ’ s actual login page , ” according to an IRS bulletin issued last month . “ Instead of upgrading software , the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers ' accounts and to steal client information . '' This phishing attackAttack.Phishingwas cleverly designed to launch at the time of year when many software providers release upgrades to professional preparers . It ’ s also a busy time for preparers who are working to meet the Oct. 15 deadline for clients who filed for extensions . “ This sophisticated scam yet again displays cybercriminals ’ tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business , ” the IRS alert said . Mike Wyatt , a threat researcher with RiskIQ , a digital threat management firm , told NBC News he ’ s not surprised to see this current attack . Getting people to click on malicious links requires social engineering — and launching a phishing campaign related to calendar events can be a successful tactic . “ Cybercriminals very often leverage holidays , events and other important dates in their threat campaigns , so it makes perfect sense that a group is capitalizing on the extended tax deadlines coming up , ” he said . The IRS said it had received reports of “ multiple takeover incidents ” in the past year in which the criminals accessed client tax returns , completed those returns , e-filed them and secretly directed refunds to their own accounts . The phishing emails that made these takeovers possible “ can look convincingAttack.Phishing, appearingAttack.Phishingto originate from IRS e-Services ” the IRS warned . They have subject lines designed to get a quick response , such as : “ Account Closure Now , ” “ Avoid Account Shutdown , ” or “ Unlock Your Account Now. ” IRS screen captures show that the fake login pages createdAttack.Phishingby the crooks look just likeAttack.Phishingthose on the real IRS site . “ We urge tax professionals to be on the lookout for the warning signs of these schemes and many others that can contribute to data loss and identity theft , ” IRS Commissioner John Koskinen said in a statement . “ A few simple steps can protect tax professionals as well as their clients . ”
Do you trust your tax preparer not to fall for this simple phishing scamAttack.Phishing? The Internal Revenue Service is warning tax preparers about a new scam designed to stealAttack.Databreachtheir usernames and passwords . The hacker ’ s goal is to break in to the preparer ’ s computer system and stealAttack.Databreachclient information . The IRS advises the bogus email appears to come fromAttack.Phishingthe recipient ’ s software provider and typically has a subject line that reads something like : “ Software Support Update ” or “ Important Software System Upgrade. ” The message tells the preparer they need to revalidate their login credentials and it provides a link to a “ fictitious website that mirrors the software provider ’ s actual login page , ” according to an IRS bulletin issued last month . “ Instead of upgrading software , the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers ' accounts and to steal client information . '' This phishing attackAttack.Phishingwas cleverly designed to launch at the time of year when many software providers release upgrades to professional preparers . It ’ s also a busy time for preparers who are working to meet the Oct. 15 deadline for clients who filed for extensions . “ This sophisticated scam yet again displays cybercriminals ’ tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business , ” the IRS alert said . Mike Wyatt , a threat researcher with RiskIQ , a digital threat management firm , told NBC News he ’ s not surprised to see this current attack . Getting people to click on malicious links requires social engineering — and launching a phishing campaign related to calendar events can be a successful tactic . “ Cybercriminals very often leverage holidays , events and other important dates in their threat campaigns , so it makes perfect sense that a group is capitalizing on the extended tax deadlines coming up , ” he said . The IRS said it had received reports of “ multiple takeover incidents ” in the past year in which the criminals accessed client tax returns , completed those returns , e-filed them and secretly directed refunds to their own accounts . The phishing emails that made these takeovers possible “ can look convincingAttack.Phishing, appearingAttack.Phishingto originate from IRS e-Services ” the IRS warned . They have subject lines designed to get a quick response , such as : “ Account Closure Now , ” “ Avoid Account Shutdown , ” or “ Unlock Your Account Now. ” IRS screen captures show that the fake login pages createdAttack.Phishingby the crooks look just likeAttack.Phishingthose on the real IRS site . “ We urge tax professionals to be on the lookout for the warning signs of these schemes and many others that can contribute to data loss and identity theft , ” IRS Commissioner John Koskinen said in a statement . “ A few simple steps can protect tax professionals as well as their clients . ”
A flaw in certificate pinning exposed customers of a number of high-profile banks to man-in-the-middle attacks on both iOS and Android devices . A vulnerability in the mobile apps of major banks could have allowed attackers to stealAttack.Databreachcustomers ' credentials including usernames , passwords , and pin codes , according to researchers . The flaw was foundVulnerability-related.DiscoverVulnerabilityin apps by HSBC , NatWest , Co-op , Santander , and Allied Irish bank . The banks in question have now all updatedVulnerability-related.PatchVulnerabilitytheir apps to protect against the flaw . UncoveredVulnerability-related.DiscoverVulnerabilityby researchers in the Security and Privacy Group at the University of Birmingham , the vulnerability allows an attacker who is on the same network as the victim to perform a man-in-the-middle attack and steal information . The vulnerability lay inVulnerability-related.DiscoverVulnerabilitythe certificate pinning technology , a security mechanism used to prevent impersonation attacks and use of fraudulent certificates by only accepting certificates signed by a single pinned CA root certificate . While certificate pinning usually improves security , a tool developed by the researchers to perform semi-automated security-testing of mobile apps found that a flaw in the technology meant standard tests failed to detect attackers trying to take control of a victim 's online banking . As a result , certificate pinning can hide the lack of proper hostname verification , enabling man-in-the-middle attacks . The findings have been outlinedVulnerability-related.DiscoverVulnerabilityin a research paper and presentedVulnerability-related.DiscoverVulnerabilityat the Annual Computer Security Applications Conference in Orlando , Florida . The tool was run on 400 security critical apps in total , leading to the discoveryVulnerability-related.DiscoverVulnerabilityof the flaw . Tests foundVulnerability-related.DiscoverVulnerabilityapps from some of the largest banks contained the flaw which , if exploitedVulnerability-related.DiscoverVulnerability, could have enabled attackers to decrypt , view , and even modify network traffic from users of the app . That could allow them to view information entered and perform any operation that app can usually perform -- such as making payments or transferring of funds . Other attacks allowed hackers to perform in-app phishing attacksAttack.Phishingagainst Santander and Allied Irish bank users , allowing attackers to take over part of the screen while the app was running and stealAttack.Databreachthe entered credentials . The researchers have worked with the National Cyber Security Centre and all the banks involved to fixVulnerability-related.PatchVulnerabilitythe vulnerabilities , noting that the current version of all the apps affectedVulnerability-related.DiscoverVulnerabilityby the pinning vulnerability are now secure . A University of Birmingham spokesperson told ZDNet all the banks were highly cooperative : `` once this was flagged to them they did work with the team to amend it swiftly . ''
A flaw in certificate pinning exposed customers of a number of high-profile banks to man-in-the-middle attacks on both iOS and Android devices . A vulnerability in the mobile apps of major banks could have allowed attackers to stealAttack.Databreachcustomers ' credentials including usernames , passwords , and pin codes , according to researchers . The flaw was foundVulnerability-related.DiscoverVulnerabilityin apps by HSBC , NatWest , Co-op , Santander , and Allied Irish bank . The banks in question have now all updatedVulnerability-related.PatchVulnerabilitytheir apps to protect against the flaw . UncoveredVulnerability-related.DiscoverVulnerabilityby researchers in the Security and Privacy Group at the University of Birmingham , the vulnerability allows an attacker who is on the same network as the victim to perform a man-in-the-middle attack and steal information . The vulnerability lay inVulnerability-related.DiscoverVulnerabilitythe certificate pinning technology , a security mechanism used to prevent impersonation attacks and use of fraudulent certificates by only accepting certificates signed by a single pinned CA root certificate . While certificate pinning usually improves security , a tool developed by the researchers to perform semi-automated security-testing of mobile apps found that a flaw in the technology meant standard tests failed to detect attackers trying to take control of a victim 's online banking . As a result , certificate pinning can hide the lack of proper hostname verification , enabling man-in-the-middle attacks . The findings have been outlinedVulnerability-related.DiscoverVulnerabilityin a research paper and presentedVulnerability-related.DiscoverVulnerabilityat the Annual Computer Security Applications Conference in Orlando , Florida . The tool was run on 400 security critical apps in total , leading to the discoveryVulnerability-related.DiscoverVulnerabilityof the flaw . Tests foundVulnerability-related.DiscoverVulnerabilityapps from some of the largest banks contained the flaw which , if exploitedVulnerability-related.DiscoverVulnerability, could have enabled attackers to decrypt , view , and even modify network traffic from users of the app . That could allow them to view information entered and perform any operation that app can usually perform -- such as making payments or transferring of funds . Other attacks allowed hackers to perform in-app phishing attacksAttack.Phishingagainst Santander and Allied Irish bank users , allowing attackers to take over part of the screen while the app was running and stealAttack.Databreachthe entered credentials . The researchers have worked with the National Cyber Security Centre and all the banks involved to fixVulnerability-related.PatchVulnerabilitythe vulnerabilities , noting that the current version of all the apps affectedVulnerability-related.DiscoverVulnerabilityby the pinning vulnerability are now secure . A University of Birmingham spokesperson told ZDNet all the banks were highly cooperative : `` once this was flagged to them they did work with the team to amend it swiftly . ''
As thousands of freshmen move into their dorms for the first time , there are plenty of thoughts rushing through their minds : their first time away from home , what cringey nickname they 're gon na try to make a thing , if there are any parties before orientation kicks off . One thing that probably is n't on their minds is whether they 're going to get hacked . But that 's all Carnegie Mellon University 's IT department thinks about . Back-to-school season means hordes of vulnerable computers arriving on campus . The beginning of the semester is the most vulnerable time for a campus network , and every year , with new students coming in , schools have to make sure everything runs smoothly . Carnegie Mellon 's network gets hit with 1,000 attacks a minute -- and that 's on a normal day . Cybersecurity is an increasingly important aspect of our everyday lives , with technology playing a massive role in nearly everything we do . Universities have been vulnerable to attacksAttack.Databreachin the past , with cybercriminals stealingAttack.Databreachstudent and faculty databases and hackers vandalizing university websites . Students are often targets for hackers , even before they 're officially enrolled . Considering how much money flows into a university from tuition costs , along with paying for room and board , criminals are looking to cash in on weak campus cybersecurity . A bonus for hackers : Admissions offices often hold data with private information like student Social Security numbers and addresses , as well as their families ' data from financial aid applications . PhishingAttack.Phishinghappens when hackers stealAttack.Databreachyour passwords by sendingAttack.Phishingyou links to fake websites that look likeAttack.Phishingthe real deal . It 's how Russians hacked the Democratic National Committee during the presidential election , and it 's a popular attack to use on universities as well . The latest warning , sent Monday , called out malware hidden in a document pretending to beAttack.Phishingfrom Syracuse University 's chancellor . Digging through my old emails , I found about 20 phishingAttack.Phishingwarnings that had gone out during the four years I 'd been there . Syracuse declined to comment on phishing attacksAttack.Phishingagainst the school , but in a 2016 blog post , it said the attacks were `` getting more frequent , cunning and malicious . '' The school is not alone . Duo Security , which protects more than 400 campuses , found that 70 percent of universities in the UK have fallen victim to phishing attacksAttack.Phishing. Syracuse , which uses Duo Security , fights phishing attacksAttack.Phishingwith two-factor authentication , which requires a second form of identity verification , like a code sent to your phone . But it just rolled out the feature last year . Kendra Cooley , a security analyst at Duo Security , pointed out that students are more likely to fall for phishing attacksAttack.Phishingbecause they have n't been exposed to them as frequently as working adults have . Also , cybercriminals know how to target young minds . `` You see a lot of click-bait phishing messages like celebrity gossip or free travel , '' Cooley said . All students at Carnegie Mellon are required to take a tech literacy course , in which cybersecurity is a focus , said Mary Ann Blair , the school 's chief information security officer . The school also runs monthly phishing campaignsAttack.Phishing: If a student or faculty member fallsAttack.Phishingfor the friendly trapAttack.Phishing, they 're redirected to a training opportunity . When your network is being hit with at least two phishing attemptsAttack.Phishinga day , Blair said , it 's a crucial precaution to keep students on guard . `` It 's just constantly jiggling the doorknobs to see if they 're unlocked , '' Blair said . `` A lot of it is automated attacks . '' It 's not just the thousands of new students that have university IT departments bracing for impact , it 's also their gadgets . `` All these kids are coming on campus , and you do n't know the security level of their devices , and you ca n't manage it , because it 's theirs , '' said Dennis Borin , a senior solutions architect at security company EfficientIP . A lot of university IT teams have their hands tied because they ca n't individually go to every student and scan all their computers . Borin 's company protects up to 75 campuses across the United States , and it 's always crunch time at the beginning of the semester . `` If I was on campus , I would n't let anybody touch my device , '' Borin said . `` So if somebody has malware on their device , how do you protect against an issue like that ? '' Instead of going through every single student , Borin said , his company just casts a wide net over the web traffic . If there 's any suspicious activity coming from a specific device , they 're able to send warnings to the student and kick him or her off the network when necessary . Keeping school networks safe is important for ensuring student life runs smoothly . A university that had only two people on its team reached out to EfficientIP after it suffered an attack . All of the school 's web services were down for an entire week while recovering from the attack , Borin said . Scam artists love to take advantage of timing , and the back-to-school season is a great opportunity for them . There was an influx of fake ransomware protection apps when WannaCry hitAttack.Ransom, as well as a spike in phony Pokemon Go apps stuffed with malware during the height of the game 's popularity . If there 's a massive event going on , you can bet people are flooding the market with phony apps to trickAttack.Phishingvictims into downloading viruses . A quick search for `` back to school apps '' in August found 1,182 apps that were blacklisted for containing malware or spyware , according to security firm RiskIQ . Researchers from the company scanned 120 mobile app stores , including the Google Play store , which had more than 300 blacklisted apps . They found apps for back-to-school tools ; themes and wallpapers for your device ; and some apps that promised to help you `` cheat on your exams . '' Though most of the blacklisted apps are poorly made games , others pretend to help you be a better student . Other warning signs to watch out for when it comes to sketchy apps are poorly written reviews and developers using public domain emails for contacts , Risk IQ said . For any educational apps , like Blackboard Learn , you should always check the sources and look for the official versions . New students coming to school have enough to worry about . Let 's hope a crash course in cybersecurity is enough to ensure they make it to graduation without getting hit by hacks .
The IRS , state tax agencies and the nation ’ s tax industry urge people to be on the lookout for new , sophisticated email phishing scamsAttack.Phishingthat could endanger their personal information and next year ’ s tax refund . The most common way for cybercriminals to stealAttack.Databreachbank account information , passwords , credit cards or social security numbers is to simply ask for them . Every day , people fall victim to phishing scamsAttack.Phishingthat cost them their time and their money . Those emails urgently warning users to update their online financial accounts—they ’ re fake . That email directing users to download a document from a cloud-storage provider ? Fake . Those other emails suggesting the recipients have a $ 64 tax refund waiting at the IRS or that the IRS needs information about insurance policies—also fake . So are many new and evolving variations of these schemes . The Internal Revenue Service , state tax agencies and the tax community are marking National Tax Security Awareness Week with a series of reminders to taxpayers and tax professionals . Phishing attacksAttack.Phishinguse email or malicious websites to solicit personal , tax or financial information by posing asAttack.Phishinga trustworthy organization . Often , recipients are fooledAttack.Phishinginto believing the phishingAttack.Phishingcommunication is from someone they trust . A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade asAttack.Phishinga legitimate source , including presenting the look and feel of authentic communications , such as using an official logo . These targeted messages can trickAttack.Phishingeven the most cautious person into taking action that may compromise sensitive data . The scams may contain emails with hyperlinks that take users to a fake site . Other versions contain PDF attachments that may download malware or viruses . Some phishing emails will appear to come fromAttack.Phishinga business colleague , friend or relative . These emails might be an email account compromise . Criminals may have compromisedAttack.Databreachyour friend ’ s email account and begin using their email contacts to sendAttack.Phishingphishing emails . Not all phishing attemptsAttack.Phishingare emails , some are phone scams . One of the most common phone scams is the caller pretending to beAttack.Phishingfrom the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately , usually through a debit card . Phishing attacksAttack.Phishing, especially online phishing scamsAttack.Phishing, are popular with criminals because there is no fool-proof technology to defend against them . Users are the main defense . When users see a phishing scamAttack.Phishing, they should ensure they don ’ t take the baitAttack.Phishing.
The BBC recently uncovered that scammers are attempting to trickAttack.Phishingus through the abuse of multilingual character sets . By creatingAttack.Phishingthese lookalike sites with domain names that are almost identical to the URLs we know and trust , it ’ s made telling the difference between fake and genuine sites – and avoiding phishing scamsAttack.Phishing– increasingly difficult . Research by security company Wandera revealed that people are three times more likely to fall for a phishing scamAttack.Phishingif it is on their phone . As a result , this new scamAttack.Phishingtargets smartphone users , where the lookalike sites are harder to spot . A recent survey that tested the British public ’ s knowledge of scams and online security behaviours found 16 % of British adults have experienced online fraud . For phishing scamsAttack.Phishingspecifically , it ’ s one in ten of us . The most common age group to experience online fraud is 35 – 54 , with almost one-fifth ( 19 % ) of this demographic having fallen victim to a scam . CEO of Get Safe Online , Tony Neate , said : “ While online fraud is common , it becomes less so when you engage common sense . “ It is very easy to cloneAttack.Phishinga real website and does not take a skilled developer long to produce a very professional-looking but malicious site , but if you know what to look for , it ’ s easy to stay safe. ” There are numerous ways to determine whether or not a received email is from a legitimate company trying to help , or a scammer looking to stealAttack.Databreachfinancial details . The initial sender is a good starting point . Take the time to look at the email address you ’ re being contacted by , not just the name . An unfamiliar address , or one that doesn ’ t correspond with the company , is a giveaway that it ’ s a fraudster . Then take a look at the greeting . If the email opens with ‘ Dear loyal customer ’ or ‘ Hello ( followed by your email address ) ’ then it ’ s another telltale sign . The real company would address you by your full name and make it personal to you . Careless slip-ups in the copy of the email are also giveaways . Does any of the grammar or spelling not sit quite right ? This is a big indicator that it ’ s a phishing scamAttack.Phishing. You wouldn ’ t expect poor language by someone from a legitimate company .
Cybercriminals are finding it more difficult to maintain the malicious URLs and deceptive domains used for phishing attacksAttack.Phishingfor more than a few hours because action is being taken to remove them from the internet much more quickly . That does n't mean that phishingAttack.Phishing-- one of the most common means of performing cyber-attacks -- is any less dangerous , but a faster approach to dealing with the issue is starting to hinder attacks . Deceptive domain names look likeAttack.Phishingthose of authentic services , so that somebody who clicks on a malicious link may not realise they are n't visiting the real website of the organisation being spoofedAttack.Phishing. One of the most common agencies to be imitatedAttack.Phishingby cyber-attackers around the world is that of government tax collectors . The idea behind such attacksAttack.Phishingis that people will be trickedAttack.Phishinginto believing they are owed money by emails claiming to beAttack.Phishingfrom the taxman . However , no payment ever comes , and if a victim falls for such an attack , they 're only going to lose money when their bank details are stolenAttack.Databreach, and they can even have their personal information compromisedAttack.Databreach. In order to combat phishingAttack.Phishingand other forms of cyber-attack , the UK 's National Cyber Crime Centre -- the internet security arm of GCHQ -- launched what it called the Active Cyber Defence programme a year ago . It appears to have some success in its first 12 months because , despite a rise in registered fraudulent domains , the lifespan of a phishing URL has been reduced and the number of global phishing attacksAttack.Phishingbeing carried out by UK-hosted sites has declined from five percent to three percent . The figures are laid out in a new NCSC report : Active Cyber Defence - One Year On . During that time , 121,479 phishing sites hosted in the UK , and 18,067 worldwide spoofingAttack.PhishingUK government , were taken down , with many of them purporting to beAttack.PhishingHMRC and linked to phishing emails in the form of tax refund scams . An active approach to dealing with phishing domains has also led to a reduction in the amount of time these sites are active , potentially limiting cybercriminal campaigns before they can gain any real traction . Prior to the launch of the program , the average time a phishing website spoofingAttack.Phishinga UK government website remained active was for 42 hours -- or almost two days . Now , with an approach designed around looking for domains and taking them down , that 's dropped to ten hours , leaving a much smaller window for attacks to be effective . However , while this does mean there 's less time for the attackers to stealAttack.Databreachinformation or finances , it does n't mean that they 're not successful in carrying out attacks . The increased number of registered domains for carrying out phishing attacksAttack.Phishingshows that crooks are happy to work a little bit harder in order to reap the rewards of campaigns -- and the NCSC is n't under any illusion that the job of protecting internet users is anywhere near complete . `` The ACD programme intends to increase our cyber adversaries ' risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks , '' said Dr Ian Levy , technical director of the NCSC . `` The results we have published today are positive , but there is a lot more work to be done . The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt . '' A focus on taking down HMRC and other government-related domains has helped UK internet users , but cyber-attacks are n't limited by borders , with many malicious IPs hosted in practically every country used to carry out cyber-attacks around the world -- meaning every country should be playing a part . `` Obviously , phishingAttack.Phishingand web-inject attacks are not connected to the UK 's IP space and most campaigns of these types are hosted elsewhere . There needs to be concerted international effort to have a real effect on the security of users , '' says the report .
Social media scams such as blackmail , identity theft , money laundering and dating scams are expected to gain popularity in SA this year . This is according to Kovelin Naidoo , chief cyber security officer at FNB , who explains that although social media scams in SA are not yet as prevalent as global counterparts ; the reality is that they do exist . As social media continues to gain prominence among South African consumers , Naidoo believes platforms like Instagram , Youtube , Facebook and Twitter have also become a platform where fraudsters attempt to catch unsuspecting consumers off guard . `` Given that the popularity of social media is set to remain for the coming years , consumers are encouraged to constantly educate themselves and their loved ones about the latest methods that fraudsters use to get hold of their victims ' personal information , '' adds Naidoo . Naidoo warns consumers to look out for money laundering scams - when scammers trickAttack.Phishingpeople through social media platforms by claiming to have large sums of cash that they need to deposit urgently through a foreign bank account and identity theft - when fraudsters stealAttack.Databreachinformation and use it illegally by impersonating victims . `` Social media blackmail is another scam to watch out for - never share personal photos or videos on social media that portray you in a compromising position as scammers can use these against you by threatening to send them to close family members or upload them on public platforms . Another scam to gain traction is a social media phishing scamAttack.Phishing, where fraudsters pretend to representAttack.Phishingthe victim 's bank on social media platforms , '' advises Naidoo . Manuel Corregedor , COO of Telspace Systems , says consumers who use social media platforms to meet companions or their life partners should also look out for dating or romance scams . `` In these scams , criminals play on the emotions of victims in order to scam them out of money i.e . they target certain profiles based on age , gender and marital status . Once connected , the criminal starts to 'build a relationship ' , with the victim as a means to get them to like or love them . Once this happens , the criminal plays on the victim 's emotions as a means to get money from the client . '' It is necessary to create an awareness around such scams and educate people , advises Corregedor . However , it should be noted , that these scams are not new - they existed before social media . Additional things users can do to protect themselves online is to only add people on social media sites , in particular Facebook , that they have met in person before ; restrict who can see your photos , posts , and look out for the following signs that it might be a scam . Denis Makrushin , security researcher at Kaspersky Lab , says that social media chain letters and phishingAttack.Phishingis also expected to gain traction this year . `` Some social media messages ask recipients to send a small sum of money to certain addressees . Cyber criminals use chain letters to distribute malware - a letter may contain a link to a malicious Web site . A recipient is luredAttack.Phishinginto visiting the site on some pretext or other , for example they are warned about a virus epidemic and are offered the possibility to download an 'antivirus program ' . `` Furthermore phishing scamsAttack.Phishingvia social media messages are also markedly more detailed and sophisticated than the average phishing e-mail . For example , one might be a security alert saying that someone just tried to sign into your account from such and such address using such and such browser - all you have to do is click the link to check that everything 's OK , '' he explains . Naidoo advises social media users to never share their banking details with strangers and to think twice before sending money to someone you recently met online or have n't met in person yet .
Criminals are attempting to trickAttack.Phishingconsumers into handing over passwords and credit card details by taking advantage of the flood of emails being sent outAttack.Phishingahead of new European privacy legislation . The European Union 's new General Data Protection Regulation ( GDPR ) come into force on 25 May and the policy is designed to give consumers more control over their online data . As a result , in the run-up to it , organisations are sending outAttack.Phishingmessages to customers to gain their consent for remaining on their mailing lists . With so many of these messages being sent outAttack.Phishing, it was perhaps only a matter of time before opportunistic cybercriminals looked to take advantage of the deluge of messages about GDPR and privacy policies arriving in people 's inboxes . A GDPR-related phishing scamAttack.Phishinguncovered by researchers at cyber security firm Redscan is doing just this in an effort to steal data with emails claiming to beAttack.Phishingfrom Airbnb . The attackers appear to beAttack.Phishingtargeting business email addresses , which suggests the messages are sentAttack.Phishingto emails scraped from the web . The phishing message addresses the user as an Airbnb host and claimsAttack.Phishingthey 're not able to accept new bookings or sendAttack.Phishingmessages to prospective guests until a new privacy policy is accepted . `` This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies , like Airbnb in order to protect European citizens and companies , '' the message says , and the recipient is urgedAttack.Phishingto click a link to accept the new privacy policy . Those who click the link are asked to enter their personal information , including account credentials and payment card information . If the user enters these , they 're handing the data straight into the hands of criminals who can use it for theft , identity fraud , selling on the dark web and more . `` The irony wo n't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to stealAttack.Databreachpeople 's data , '' said Mark Nicholls , Director of Cyber Security at Redscan . `` Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action , whether that 's clicking a link or divulging personal data . It 's a textbook phishing campaignAttack.Phishingin terms of opportunistic timing and having a believable call to action '' . Airbnb is sending messages to users about GDPR , but the messages contain far more detail and do n't ask the users to enter any credentials , merely agree to the new Terms of Service . While the phishing messages might look legitimate at first glance , it 's worth noting they do n't use the right domain - the fake messages come fromAttack.Phishing' @ mail.airbnb.work ' as opposed to ' @ airbnb.com ' . Redscan has warned that attackers are likely to use GDPR as baitAttack.Phishingfor other phishing scamsAttack.Phishing, with messages claiming to beAttack.Phishingfrom other well-known companies . `` As we get closer to the GDPR implementation deadline , I think we can expect to see a lot a lot more of these types of phishing scamsAttack.Phishingover the next few weeks , that 's for sure , '' said Nicholls , who warned attackers could attempt to use the ploy to deliver malware in future . `` In the case of the Airbnb scam email , hackers were attempting to harvestAttack.Databreachcredentials . Attack vectors do vary however and it 's possible that other attacks may attempt to infect hosts with keyloggers or ransomware , for example . '' he said . Airbnb said those behind the attacks have n't accessedAttack.Databreachuser details in order to sendAttack.Phishingemails and that users who receiveAttack.Phishinga suspicious message claiming to beAttack.Phishingfrom Airbnb should send it to their safety team . `` These emails are a brazen attempt at using our trusted brand to try and stealAttack.Databreachuser 's details , and have nothing to do with Airbnb . We 'd encourage anyone who has receivedAttack.Phishinga suspicious looking email to report it to our Trust and Safety team on report.phishing @ airbnb.com , who will fully investigate , '' an Airbnb spokesperson told ZDNet . Airbnb also provided information on how to spot a fake email to help users to determine if a message is genuine or not .
Criminals are attempting to trickAttack.Phishingconsumers into handing over passwords and credit card details by taking advantage of the flood of emails being sent outAttack.Phishingahead of new European privacy legislation . The European Union 's new General Data Protection Regulation ( GDPR ) come into force on 25 May and the policy is designed to give consumers more control over their online data . As a result , in the run-up to it , organisations are sending outAttack.Phishingmessages to customers to gain their consent for remaining on their mailing lists . With so many of these messages being sent outAttack.Phishing, it was perhaps only a matter of time before opportunistic cybercriminals looked to take advantage of the deluge of messages about GDPR and privacy policies arriving in people 's inboxes . A GDPR-related phishing scamAttack.Phishinguncovered by researchers at cyber security firm Redscan is doing just this in an effort to steal data with emails claiming to beAttack.Phishingfrom Airbnb . The attackers appear to beAttack.Phishingtargeting business email addresses , which suggests the messages are sentAttack.Phishingto emails scraped from the web . The phishing message addresses the user as an Airbnb host and claimsAttack.Phishingthey 're not able to accept new bookings or sendAttack.Phishingmessages to prospective guests until a new privacy policy is accepted . `` This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies , like Airbnb in order to protect European citizens and companies , '' the message says , and the recipient is urgedAttack.Phishingto click a link to accept the new privacy policy . Those who click the link are asked to enter their personal information , including account credentials and payment card information . If the user enters these , they 're handing the data straight into the hands of criminals who can use it for theft , identity fraud , selling on the dark web and more . `` The irony wo n't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to stealAttack.Databreachpeople 's data , '' said Mark Nicholls , Director of Cyber Security at Redscan . `` Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action , whether that 's clicking a link or divulging personal data . It 's a textbook phishing campaignAttack.Phishingin terms of opportunistic timing and having a believable call to action '' . Airbnb is sending messages to users about GDPR , but the messages contain far more detail and do n't ask the users to enter any credentials , merely agree to the new Terms of Service . While the phishing messages might look legitimate at first glance , it 's worth noting they do n't use the right domain - the fake messages come fromAttack.Phishing' @ mail.airbnb.work ' as opposed to ' @ airbnb.com ' . Redscan has warned that attackers are likely to use GDPR as baitAttack.Phishingfor other phishing scamsAttack.Phishing, with messages claiming to beAttack.Phishingfrom other well-known companies . `` As we get closer to the GDPR implementation deadline , I think we can expect to see a lot a lot more of these types of phishing scamsAttack.Phishingover the next few weeks , that 's for sure , '' said Nicholls , who warned attackers could attempt to use the ploy to deliver malware in future . `` In the case of the Airbnb scam email , hackers were attempting to harvestAttack.Databreachcredentials . Attack vectors do vary however and it 's possible that other attacks may attempt to infect hosts with keyloggers or ransomware , for example . '' he said . Airbnb said those behind the attacks have n't accessedAttack.Databreachuser details in order to sendAttack.Phishingemails and that users who receiveAttack.Phishinga suspicious message claiming to beAttack.Phishingfrom Airbnb should send it to their safety team . `` These emails are a brazen attempt at using our trusted brand to try and stealAttack.Databreachuser 's details , and have nothing to do with Airbnb . We 'd encourage anyone who has receivedAttack.Phishinga suspicious looking email to report it to our Trust and Safety team on report.phishing @ airbnb.com , who will fully investigate , '' an Airbnb spokesperson told ZDNet . Airbnb also provided information on how to spot a fake email to help users to determine if a message is genuine or not .
Israel-based cyber security firm Check Point has detected a malware that is not downloaded due to users ’ use but is already present in Android device . According to a company blog post last week , the pre-installed malware was detected in 38 Android devices , belonging to a large telecommunications company and a multinational technology company . “ The malicious apps were not part of the official ROM supplied by the vendor , and were added somewhere along the supply chain , ” the company said . The malware added to the devices ’ ROM could not be removed by the users , therefore , the devices had to be re-flashed . The research team at Check Point found that one of the pre-installed malwares was Slocker , a mobile ransomware , that uses the Advanced Encryption Standard ( AES ) encryption algorithm to encrypt all files on the device and demand ransomAttack.Ransomin return for their decryption key . “ The most notable rough adnet which targeted the devices is the Loki Malware . This complex malware operates by using several different components ; each has its own functionality and role in achieving the malware ’ s malicious goal , ” the cyber security firm said . Pre-installed malwares stealAttack.Databreachdata from the devices and are installed to system , taking full control of the device . The cyber security firm suggested users to protect themselves from regular and pre-installed malware by implementing advanced security measures capable of identifying and blocking any abnormality in the device ’ s behaviour
Attackers continue to take aim at the e-commerce platform Magento . Researchers said last week they came across a malicious function snuckAttack.Databreachinto one of the platform ’ s modules in order to stealAttack.Databreachcredit card information . Code for the function was injected into a .php file for SF9 Realex , a module that helps sites store customer credit card data for the one-click checkout functionality commonly used by repeat customers . The module interacts with the Realex RealAuth Remote and Redirect systems , “ very popular solutions in the Magento community , ” according to Bruno Zanelato , a researcher with the firm Sucuri , who foundVulnerability-related.DiscoverVulnerabilitythe malicious function . The function , sendCCNumber ( ) , reroutes credit card information entered by a customer from Magento to an attacker ’ s email address , hidden inside a variable later in the code . The data , encoded in JSON , arrives in the attacker ’ s inbox without the victim being any the wiser . According to researchers , the attacker uses binlist.net , a public web service for searching issuer identification numbers ( IIN ) , to help identify which bank each card is associated with . Zanelato said Friday that attackers are going greater lengths to target credit card data , especially in e-commerce platforms like Magento . “ Magento credit card stealers are indeed on the rise , ” Zanelato wrote Friday , “ While the information here is specific to Magento , realize that this can affect any platform that is used for ecommerce . As the industry grows , so will the specific attacks targeting it ” . Zanelato is quick to point outVulnerability-related.DiscoverVulnerabilitythat there wasn ’ t a vulnerability in Magento that enabled the theft of credit card data . From there the attacker was able to inject script and takeover SF9 Realex . It ’ s the latest in a line of credit card stealers Sucuri researchers have observed taking advantage of Magento , however . Last summer Cesar Anjos , a researcher with the firm looked at one stealer that was loaded from another source . The stealer essentially performedAttack.Databreacha man-in-the-middle attack between the user and the checkout page after credit card information was entered . Last October , Ben Martin , a different researcher with the firm , discovered attackers scrapingAttack.Databreachcredit card numbers and exfiltratingAttack.Databreachthem in obscure , sometimes publicly viewable image files . Researchers with RiskIQ monitored attacks similar to ones described by Sucuri last year . The firm said the attacks it had been monitoring originated from a single hacking group targeting e-commerce platforms such as Powerfront CMS and OpenCart with a web-based keylogger in March 2016
ESET discovered 13 mobile applications on the Google Play Store that were phishingAttack.Phishingfor Instagram credentials and stealing them to a remote server Global cybersecurity provider ESET , claims to have discovered 13 apps on Google Play Store that stealAttack.DatabreachInstagram credentials . These apps , as stated by ESET , target Instagram users who are wanting to either manage or boost the number of followers . Under the detection name Android/Spy.Inazigram these 13 applications were phishingAttack.Phishingfor Instagram credentials and stealing them to a remote server . ESET claims that these apps seem to have originated from Turkey , some apps used English localization to target Instagram users worldwide and have been installed by 1.5 million users . Post notification by the company the apps were removed from the Google Play Store . To lureAttack.Phishingusers into downloading , the apps promised a rapid increase in the number of followers , likes and comments for an Instagram account . The credentials entered into the form were then sent to the attackers ’ server in plain text . The compromised accounts were used to raise follower counts of other users . ESET believes that apart from an opportunity to use compromised accounts for spreading spam and ads , there are various business models in which the most valuable assets are followers , likes and comments . All the applications employed the same technique of harvestingAttack.DatabreachInstagram credentials and sending them to a remote server . Interestingly , the Instagram account might appear to have increased following and follower numbers , but the user would be getting replies to comments which have never posted . If the attackers were successful and the user did not recognize the threat upon seeing Instagram ’ s notification , the stolen credentials could be put to further use . The company suggests that users should uninstall the apps from the application manager or use a reliable mobile security solution to remove the threats . Change the Instagram password and if the password is same for other platforms it should be changed as well , as malware authors are known to access other web services using the stolen credentials . When downloading third party applications from Google Play Store , ESET states that users should not use sensitive information and check if the apps can be trusted by checking the popularity of the developer through the number of installs , content of its reviews and ratings .
About 33 million records belonging to Dun & Bradstreet have been leakedAttack.Databreach, placing a large portion of the US corporate population at risk . According to independent researcher Troy Hunt , the database is about 52 gigabytes in size and contains just under 33.7 million unique email addresses and other contact information from employees of thousands of large enterprises and government entities . While details are unfolding , the leakAttack.Databreachis thought to be from a database D & B acquired from NetProspex in 2015 . The file is a “ list rental ” file that D & B offers marketers for use for their own email campaigns . It ’ s believed that one of these marketing firms is the source of the leakAttack.Databreachitself having been compromisedAttack.Databreachin some way . `` We 've carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day , ” D & B said in a media statement . “ Dun & Bradstreet maintains that neither they or NetProspex suffered a breachAttack.Databreachor caused the leakAttack.Databreach, ” said Stephen Boyer , co-founder and CTO of third-party risk management and security ratings firm BitSight . “ If true and the leakAttack.Databreachstemmed from one of their customers , which represents a new dimension of third-party risk . While customers do n't have ongoing relationships in the way that vendors and suppliers do , they still can pose risk when licensing and buying data in bulk. ” As originally reported by ZDNet , Hunt said in a blog post that he was able to determine that the most records in the database come from the US Department of Defense , with other government and large enterprises following . The worrisome part is the deep bench of information that the records contain . For Wells Fargo , for example , the information is for the C-suite and 45 vice presidents , senior vice presidents , assistant vice presidents and executive vice presidents , all with names and email addresses alongside job titles . `` The market for stolen personal identifiable information continues to be lucrative for attackers to steal and sellAttack.Databreachdata , ” said Lee Weiner , chief product officer at Rapid7 , via email . “ Individuals affected by this breachAttack.Databreachshould continue to be vigilant for piggy-back attacks that can ensue from attackers using this information to engage in phishing tactics with this information to stealAttack.Databreachpasswords and gain accessAttack.Databreachto accounts . '' Those follow-on threats can include business email compromise ( BEC ) . “ This leakAttack.Databreachallows cyber-criminals to carry out whaling attacksAttack.Phishingfor large enterprises , ” said Boyer . “ Some organizations have over 100,000 employee records compromisedAttack.Databreachin this breachAttack.Databreachand may witness an uptake in targeted phishing attacksAttack.Phishingand fraud schemes. ” Hunt noted that the leak is an example of an endemic problem in data management and society . “ We 've lost control of our personal data and…we often do not have any way of feeding back to companies what data we ’ d rather not share , ” he noted . “ Particularly when D & B believe they 're operating legally by selling this information , what chance do we have—either as individuals or corporations—of regaining control of data like this ? Next to zero and about the only thing you can do right now is assess whether you 've been exposed . ”
Nearly half of businesses report that they were the subject of a cyber-ransom campaignAttack.Ransomin 2016 , according to Radware 's Global Application and Network Security Report 2016-2017 . Data loss topped the list of IT professionals ' cyber attack concerns , the report found , with 27 % of tech leaders reporting this as their greatest worry . It was followed by service outage ( 19 % ) , reputation loss ( 16 % ) , and customer or partner loss ( 9 % ) . Malware or bot attacks hit half of all organizations surveyed in the last year . Some 55 % of respondents reported that IoT ecosystems had complicated their cybersecurity detection measures , as they create more vulnerabilities . Ransomware attacksAttack.Ransomin particular continue to increase rapidly : 41 % of respondents reported that ransomAttack.Ransomwas the top motivator behind the cyber attacks they experienced in 2016 . Meanwhile , 27 % of respondents cited insider threats , 26 % said political hacktivism , and 26 % said competition . SEE : HR managers beware : Ransomware could be your next job applicant While large-scale DDoS attacks dominated the headlines of 2016 , this report found that only 4 % of all attacks were more than 50 Gbps , while more than 83 % of DDoS attacks reported were under 1 Gbps . `` One thing is clear : Money is the top motivator in the threat landscape today , '' said Carl Herberger , vice president of security solutions at Radware , in a press release . `` Attackers employ an ever-increasing number of tactics to stealAttack.Databreachvaluable information , from ransom attacksAttack.Ransomthat can lock up a company 's data , to DDoS attacks that act as a smoke screen for information theftAttack.Databreach, to direct brute force or injection attacks that grant direct accessAttack.Databreachto internal data . '' Despite the growth in attacks , some 40 % of organizations reported that they do not have an incident response plan in place , the survey found .
Like any community , the Internet has dark alleys and sketchy places it is best to avoid . Granted , anyone with a connected mobile device is at risk of having his or her private personal and financial information stolenAttack.Databreachand misused . But dangerous software and applications often lurk in specific corners of cyberspace , where a touch of a button can have disastrous consequences . These sites may have a web address that ’ s similar to legitimate sites but contain misspellings , bad grammar or low-resolution images , according to McAfee Labs , which is the threat research division of Intel Security . Double check URLs to make sure that sites are authentic and not replicas created by scammers to try to stealAttack.Databreachpersonal information . A scam currently making the rounds is a message that shows up in people ’ s in-boxes purporting to beAttack.Phishingfrom Netflix . But in reality , it ’ s a “phishing” schemeAttack.Phishingintended to steal people ’ s log-in and credit card information . Apple.com , obviously , is a well-known and trustworthy source of content . The fake address , however , is not visible when the message is viewed on a cell phone . That “ s ” makes all the difference , because it signals that a site has security encryption . Legitimate e-commerce sites use encryption to keep customers ’ payment information safe . To confirm it is a trusted site , look for on a lock symbol in the browser window . Consumers also should try to restrict their downloads to official and reputable app stores , such as the Apple Store , the Google Play Store and Amazon , said Scot Ganow , an attorney with Dayton-based law firm Faruki Ireland Cox Rhinehart & Dusing whose practice focuses on information privacy and security law . More than 1 million Android phones were infected by a yucky type of malware dubbed “ Googlian ” that consumers downloaded from third-party apps and by clicking on malicious links , experts said . The malware campaign has exposedAttack.Databreachpeople ’ s messages , documents , photographs and other sensitive data and also led to the installation of unwanted apps their devices , according to Check Point , a threat prevention software company .
The $ 2.2 trillion Australian superannuation industry is coming under attack from cybercriminals who are attracted to the high potential gains . According to Palo Alto Networks , the sheer size of the market , the tendency of people to neglect their superannuation , and technology advancements making it easier to commit identity theft are all factors behind the strong interest among cybercriminals in super funds . Because superannuation transactions are now conducted digitally , rather than face to face , identity theft has become easier . Cybercriminals are exploiting a range of techniques , including phishingAttack.Phishing, to stealAttack.Databreachvictims ’ identities before transferring their super into self-managed accounts or applying for hardship payments . Unlike banks , super funds have no obligation to reimburse victims of fraud , and if the fraud takes place overseas there is very little chance of recovering stolen money , Palo Alto said . Cybercriminals are also increasingly targeting the industry with malware , with the number of new threats discovered growing to 350,000 per month in 2017 , up from just 300 per month a decade ago . “ Because superannuation funds are such valuable targets , cybercriminals are unlikely to turn their attention elsewhere anytime soon . Therefore , it ’ s imperative for superannuation providers to review their security measures in minute detail , seeking out every potential vulnerability and finding a way to close the gaps before cybercriminals exploit them , ” Palo Alto Regional CSO for APAC Sean Duca said . “ A solid security strategy should go beyond antivirus and intrusion detection systems
Called Chrysaor , the Android variant can stealAttack.Databreachdata from messaging apps , snoop overAttack.Databreacha phone ’ s camera or microphone , and even erase itself . On Monday , Google and security firm Lookout disclosed the Android spyware , which they suspect comes from NSO Group , an Israeli security firm known to develop smartphone surveillance products . Fortunately , the spyware never hit the mainstream . It was installed less than three dozen times on victim devices , most of which were located in Israel , according to Google . Other victim devices resided in Georgia , Mexico and Turkey , among other countries . Users were probably trickedAttack.Phishinginto downloading the malicious coding , perhaps though a phishing attackAttack.Phishing. Once it installs , the spyware can act as keylogger , and stealAttack.Databreachdata from popular apps such as WhatsApp , Facebook and Gmail . In addition , it possesses a suicide function that ’ ll activate if it doesn ’ t detect a mobile country code on the phone -- a sign that the Android OS is running on an emulator . The surveillance features are similar to those found in Pegasus , which has also been linked with NSO Group . At the time , Lookout called the spyware the most sophisticated attack it ’ s ever seen on a device . The iOS variant exploited three previously unknown vulnerabilities to take over a phone and surveil the user . The spyware was uncovered when a human rights activist in the United Arab Emirates was found infected by it . His phone had receivedAttack.Phishingan SMS text message , which contained a malicious link to the spyware . But Lookout had also been investigating into whether NSO Group developed an Android version . To find out , the security firm compared how the iOS version compromises an iPhone and matched those signatures with suspicious behavior from a select group of Android apps . Those findings were then shared with Google , which managed to identify who was affected . However , unlike the iOS version , the Android variant doesn ’ t actually exploit any unknown vulnerabilities . Instead , it taps known flaws in older Android versions . Chrysaor was never available on Google Play , and the small number of infected devices found suggests that most users will never encounter it , the search giant said
Called Chrysaor , the Android variant can stealAttack.Databreachdata from messaging apps , snoop overAttack.Databreacha phone ’ s camera or microphone , and even erase itself . On Monday , Google and security firm Lookout disclosed the Android spyware , which they suspect comes from NSO Group , an Israeli security firm known to develop smartphone surveillance products . Fortunately , the spyware never hit the mainstream . It was installed less than three dozen times on victim devices , most of which were located in Israel , according to Google . Other victim devices resided in Georgia , Mexico and Turkey , among other countries . Users were probably trickedAttack.Phishinginto downloading the malicious coding , perhaps though a phishing attackAttack.Phishing. Once it installs , the spyware can act as keylogger , and stealAttack.Databreachdata from popular apps such as WhatsApp , Facebook and Gmail . In addition , it possesses a suicide function that ’ ll activate if it doesn ’ t detect a mobile country code on the phone -- a sign that the Android OS is running on an emulator . The surveillance features are similar to those found in Pegasus , which has also been linked with NSO Group . At the time , Lookout called the spyware the most sophisticated attack it ’ s ever seen on a device . The iOS variant exploited three previously unknown vulnerabilities to take over a phone and surveil the user . The spyware was uncovered when a human rights activist in the United Arab Emirates was found infected by it . His phone had receivedAttack.Phishingan SMS text message , which contained a malicious link to the spyware . But Lookout had also been investigating into whether NSO Group developed an Android version . To find out , the security firm compared how the iOS version compromises an iPhone and matched those signatures with suspicious behavior from a select group of Android apps . Those findings were then shared with Google , which managed to identify who was affected . However , unlike the iOS version , the Android variant doesn ’ t actually exploit any unknown vulnerabilities . Instead , it taps known flaws in older Android versions . Chrysaor was never available on Google Play , and the small number of infected devices found suggests that most users will never encounter it , the search giant said
Every year , cybercriminals cash in on tax season by targeting individuals , but this year it 's a little different . It 's businesses that must be extra careful when filing , because businesses are experiencing a rise in tax-related scams , specifically W-2 fraud . Researchers at IBM X-Force , the tech giant 's security research division , discovered more than 1400 % growth in general tax-themed spam between December 2016 and March 2017 . `` On top of all the usual activity -- consumer tax fraud , filing on others ' behalf -- we began to see that businesses are being targeted a lot more , '' says Limor Kessem , executive security advisor for IBM Security . In the past , she says , tax fraud on businesses were the purview of only advanced attackers . This year , they saw a rise in social engineering attacks on smaller organizations like schools , non-profits , and restaurants as fraudsters start to aim for the `` low-hanging fruit '' of the corporate world . Cybercriminals often collectAttack.DatabreachW-2 data by pretending to beAttack.Phishinga company exec and emailing HR or payroll for employee information , which is used to file fraudulent returns and collect refunds . In addition , they may also request a wire transfer to a specific bank account . Attackers who are more technically inclined may bypass the fake emails and breachAttack.Databreachan organization 's servers to stealAttack.Databreachdata directly , says Kessem . In addition to using W-2 data for their own scams , fraudsters will sell it on the dark web , the report states . The most valuable bundles of information are called `` Fullz '' and contain the victim 's address , contact info , Social Security and driver 's license numbers , plus all W-2 and W-9 information . Each record runs for $ 40- $ 50 in Bitcoin on the Dark Web . With all this data for $ 50 per record , harmful activity does n't have to stop at tax fraud , Kessem notes . Cybercriminals can buy and use this data for other scams like identity theft or online loan applications . Tax-related risks increase as the filing deadline approaches . One-third of Americans ( 54 million people ) filed their taxes after April 1 in 2016 , giving fraudsters a larger window of opportunity to strike . Tax-related cybercrime wo n't stop after April 18 , 2017 . `` There are a number of people filing after the deadline , '' says Kessem , noting the popularity of extensions . There are millions who will still be interested in tax-themed emails . '' However , their tax scam strategies will shift after the deadline as cybercriminals move from stealing data to infecting machines with malware . Because victims may expect messages indicating problems with their returns , they are more likely to open potentially malicious attachments , Kessem explains . Researchers believe data sets sold on the Dark Web are a sign that fraudsters are stealingAttack.Databreachtax info from employer databases -- meaning they get it before the taxpayers
Research conducted by both cyber security firm shows that the attacks first appeared in July 2015 and since then , cybercriminals behind these attacks have targeted hundreds of organizations within the region . According to the research , hackers were using KasperAgent and Micropsia malware to target Windows operating system while SecureUpdate and Vamp malware were being used to target Android OS . The cybercriminals behind these attacks used two different techniques to achieve their goal . One technique involved using an URL shortener service Bit.ly to disguiseAttack.Phishingthe original malicious links . The motive behind these attacksAttack.Databreachwas to stealAttack.Databreachcredentials and spyAttack.Databreachon the victims . As per the research , hackers were targeting Educational institutes , Military organization and media companies from Palestine , Israel , Egypt , and the US . SecureUpdate , a malware disguised asAttack.Phishingan Android update was designed to download malicious payloads into the victim ’ s device while the Vamp was focused on stealingAttack.Databreachdata from victims ’ smartphones including call recordings , contact information , and stealingAttack.Databreachother important documents . The malware designed to target Windows operating systemsKasperAgent and Micropsia were capable of downloading other payloads , executing arbitrary commands , stealingAttack.Databreachfiles , capturingAttack.Databreacha screenshot , loggingAttack.Databreachkeystrokes and much more . Essentially the hackers were interested in stealingAttack.Databreachcredentials of the infected devices . At first , no connection was established between the attacks since all the malware were different from each other . On close inspection , however , the security firms found a link . The Same email address was used to register infectious domains which eventually revealed that the attacks were linked after all . Researchers revealed that more than 200 samples of the Windows malware and at least 17 samples of Android malware were discovered which means that potential victims of this malware could be numerous . The researchers at Palo Alto firm stated “ Through this campaign , there is little doubt that the attackers have been able to gainAttack.Databreacha great deal of information from their targets , ” The campaign also illustrates that for some targets old tricks remain sufficient to run a successful espionage campaign , including the use of URL shortening services , classic phishing techniques as well as using archive files to bypass some simple file checks . This is not the first time when a sophisticated malware attack was aimed at the Middle Eastern countries . Just last month StoneDrill malware was discovered targeting not only the Middle East but also Europe . Also , Shamoon malware from Iran is currently targeting Saudi Arabian cyber infrastructure
The mobile apps of seven banks in India were infected with malware that can stealAttack.Databreachsensitive financial information , a study has revealed . According to US-based cyber security firm FireEye , banking network frauds have spread around the world . The firm has tracked such incidents that affected banks in Ukraine , Ecuador and India , with losses totalling more than $ 100 million . “ In India , we have seen financially-motivated cyber-criminal groups launching sophisticated attacks to steal funds from many potential sources : organisations , consumers , ATMs and banks . “ As India ’ s digital payment systems handle more transactions , they will become more lucrative targets , ” Vishal Raman , India Head at FireEye told BusinessLine . “ We have found mobile apps of seven large banks in India infected with malware that has the capability to stealAttack.Databreachuser credentials . We have informed the banks about the same , ” Raman said , without disclosing the names of the banks to prevent misuse of the vulnerabilities . Raman said that while the security deployed by banks in India has improved over the years , hackers seem to be moving faster and banks are merely playing catch-up . “ We ’ re seeing a much higher degree of sophistication from attackers than ever before . Nation-states continue to set a high bar for sophisticated cyber attacks , but some financial threat actors have caught up . Financial attackers have improved their tactics , techniques and procedures to the point where they have become difficult to detect and challenging to investigate and remediate , ” he said . According to FireEye , a majority of both victim organisations and those working diligently on defensive improvements are still lacking fundamental security controls and capabilities to either prevent breaches or to minimise the damages and consequences of an inevitable compromise . The two major malware found on Indian banking apps by FireEye are : Webinjects and Bugat . Webinjects are a functionality integrated into many types of credential theft malware that allow hackers to dynamically alter what is displayed to victims on an infected device ( mobile phone ) . In some cases a message is displayed that encouragesAttack.Phishingusers to download a malicious application , under the guise of installing a personal security certificate for their cell phone SIM card . Bugat is a credential theft malware used by a limited number of cyber-crime groups . These groups spread the malware widely often through spam e-mail campaigns . “ Based on our analysis of Bugat configuration files observed in August 2015 , targets exclusively related to financial services used by consumers , corporations and financial services were added during this time , continuing the operators ’ focus on this sector , ” Raman said .
The mobile apps of seven banks in India were infected with malware that can stealAttack.Databreachsensitive financial information , a study has revealed . According to US-based cyber security firm FireEye , banking network frauds have spread around the world . The firm has tracked such incidents that affected banks in Ukraine , Ecuador and India , with losses totalling more than $ 100 million . “ In India , we have seen financially-motivated cyber-criminal groups launching sophisticated attacks to steal funds from many potential sources : organisations , consumers , ATMs and banks . “ As India ’ s digital payment systems handle more transactions , they will become more lucrative targets , ” Vishal Raman , India Head at FireEye told BusinessLine . “ We have found mobile apps of seven large banks in India infected with malware that has the capability to stealAttack.Databreachuser credentials . We have informed the banks about the same , ” Raman said , without disclosing the names of the banks to prevent misuse of the vulnerabilities . Raman said that while the security deployed by banks in India has improved over the years , hackers seem to be moving faster and banks are merely playing catch-up . “ We ’ re seeing a much higher degree of sophistication from attackers than ever before . Nation-states continue to set a high bar for sophisticated cyber attacks , but some financial threat actors have caught up . Financial attackers have improved their tactics , techniques and procedures to the point where they have become difficult to detect and challenging to investigate and remediate , ” he said . According to FireEye , a majority of both victim organisations and those working diligently on defensive improvements are still lacking fundamental security controls and capabilities to either prevent breaches or to minimise the damages and consequences of an inevitable compromise . The two major malware found on Indian banking apps by FireEye are : Webinjects and Bugat . Webinjects are a functionality integrated into many types of credential theft malware that allow hackers to dynamically alter what is displayed to victims on an infected device ( mobile phone ) . In some cases a message is displayed that encouragesAttack.Phishingusers to download a malicious application , under the guise of installing a personal security certificate for their cell phone SIM card . Bugat is a credential theft malware used by a limited number of cyber-crime groups . These groups spread the malware widely often through spam e-mail campaigns . “ Based on our analysis of Bugat configuration files observed in August 2015 , targets exclusively related to financial services used by consumers , corporations and financial services were added during this time , continuing the operators ’ focus on this sector , ” Raman said .
Trend Micro has identified more malicious Android apps abusing the name of the popular mobile game Super Mario Run . We earlier reported about how fake apps were using the app ’ s popularity to spread ; attackers have now released versions of these fake apps that stealAttack.Databreachthe user ’ s credit card information . Super Mario Run is a mobile game that Nintendo first released on the iOS platform in September 2016 , followed by the Android version on March 23 , 2017 . Mobile games have always proven to be attractive luresAttack.Phishingfor cybercriminals to get users to download their malicious apps and potentially unwanted apps ( PUAs ) . This is not the first time that the name of a popular game was abused ; we ’ ve discussed how the popularity of Pokémon Go was similarly abused . Based on feedback from the Smart Protection Network™ , we saw more than 400 of these apps in the first three months in 2017 alone . In the same time frame , we saw 34 fake apps explicitly namedAttack.Phishing“ Super Mario Run ” —it ’ s a noteworthy trend , as we saw the first of these only in December 2016 . In this post we ’ ll discuss the behavior of a new credit card stealing variant named “ Fobus ” ( detected as ANDROIDOS_FOBUS.OPSF ) . Cybercriminals frequently take advantage of popular and hotly anticipated titles to push their own malicious apps . These are usually distributed via third-party app stores . Some users may utilize such app stores to download “ unreleased ” versions of legitimate apps , or to obtain apps for free . These apps are illegitimate in the first place , and the risks to end users are quite high . We strongly advise that users download and install apps only from legitimate app stores such as Google Play or trusted third-party app store . In other cases , an attacker may even provideAttack.Phishinga fake app store that resemblesAttack.PhishingGoogle Play . Alternately , a message supposedly from a friend sentAttack.Phishingvia social media may lead to a malicious app . Disabling the “ Allow installation of apps from unknown sources ” setting prevents apps inadvertently downloaded these ways from being installed . By default , this setting is set to off . Only turn it on if you know you are installing an app from a trusted third-party app store . To carry out malicious behavior such as installing other apps on the user ’ s device without any user input and consent , or hiding icons and processes , an app needs device administrator privileges . Legitimate apps seldom require these ; users should double check whenever an app asks for them . This is particularly true of games , which do not require device administrator privileges . A “ game ” asking for these privileges is likely to be malicious or a PUA . Trend Micro solutions Users should only install apps from the Google Play or trusted third-party app stores and use mobile security solutions such as Trend Micro™ Mobile Security to block threats from app stores before they can be installed and cause damage your device or data . Enterprise users should consider a solution like Trend Micro™ Mobile Security for Enterprise . This includes device management , data protection , application management , compliance management , configuration provisioning , and other features so employers can balance privacy and security with the flexibility and added productivity of BYOD programs .
An Android SMS-based spyware dubbed SMSVova , which can stealAttack.Databreachand relay a victim 's location to an attacker in real time , has been downloaded between one and five million times since 2014 from the US Google Play store . Zscaler ThreatLabz found that the app claimedAttack.Phishingto give users access to the latest Android software updates , but in fact was being used to spy on a user ’ s exact geolocation , which could have been used for any number of malicious reasons . Despite clear red flags , millions downloaded it . “ The app portrays itself as a ‘ System Update , ’ ” the firm ’ s researchers explained , in a blog . “ After reading the app reviews , it became clear that several users were misled by the app , thinking that it would provide them with latest Android release . Many users were unhappy with the app and conveyed their concerns. ” In addition to the negative reviews , there were other indicators that raised suspicions : The Google Play Store page for this particular app was showing blank screenshots , which is not common , and there was no proper description for the app . It also didn ’ t mention that it would track the victim , nor that it would send location information to a third party . It said only , “ This application updates and enables special location features. ” “ There are many spyware variations present on the Google Play store , such as Cell Tracker , but the legitimate apps are explicit in their intentions , and have specific purposes for tracking a user ’ s device , ” Zscaler researchers noted . As soon as the user tries to start up the app , it abruptly quits and hides itself from the main screen . From there , it sets up an Android service and broadcast receiver to fetch the user ’ s last known location and set it up in Shared Preferences . An attacker could also set a location alert when victim ’ s battery is running low . Interestingly , the code is a carbon copy of the location-stealing code in DroidJack , the remote access trojan . “ There are many apps on the Google Play Store that act as a spyware ; for example , those that spy on the SMS messages of one ’ s spouse or fetch the location of children for concerned parents , ” researchers said . “ But those apps explicitly state their purpose , which is not the case with the app we analyzed for this report . It portrayed itself asAttack.Phishinga system update , misleadingAttack.Phishingusers into thinking they were downloading an Android System Update. ” Google has removed the app from the store since Zscaler reported it to the Google security team .
One of the biggest and most popular social networking platforms , Snapchat , has once again become the center of attention . But this time , it is for all the wrong reasons with tweets and hashtags ( # Uninstall_Snapchat and # BoycottSnapchat ) urging people to get rid of the app . Apparently , the outrage started in India , after one of Snapchat ’ s former employees said that the CEO of the company had no intention to expand the business to India since the Snapchat platform is meant for “ rich people ” and not for “ poor countries ” like India and or Spain . Enraged India first reacted on Twitter , and after that , the hacktivist group Anonymous India claimed that they were responsible for 1.7 million Snapchat users ’ data leakAttack.Databreach. The hacking group has supposedly foundVulnerability-related.DiscoverVulnerabilityvulnerabilities in Snapchat ’ s systems and managed to stealAttack.Databreach1.7 million user data and leakedAttack.Databreachthem on the dark web . It seems that the hackers belong to one of the many bug bounty hunting groups that are findingVulnerability-related.DiscoverVulnerabilityflaws in systems of big companies in exchange for money . It appears that the flaw in Snapchat ’ s security was discoveredVulnerability-related.DiscoverVulnerabilitylast year , but never reportedVulnerability-related.DiscoverVulnerabilityto the authorities . Now , the same flaw was used to steal Snapchat users data , reportsVulnerability-related.DiscoverVulnerabilityDailyMail . The hackers are also demanding that the CEO apologize or an intensive strike against Snapchat will be launched . So far , Snapchat itself hasn ’ t confirmed any data leaksAttack.Databreachand we ’ re still waiting for an official comment from the social media giant . So far , the company has claimed that the allegations are ridiculous and that the app is available worldwide for everyone who wishes to use it . A spokesperson for the company has denied everything that Snapchat is being accused of . Despite this , the outrage on the social media continues , and many are still persuading others to boycott the application , or better yet – to completely uninstall it . The ratings of the company have dropped down fast , and the app is currently rated with only one star on the Apple ’ s App Store , while before this ‘ incident ’ it had a full five-star rating . And when it comes to Google Play Store , the app has a four-star rating at the time of writing . It ’ s unknown what will happen with the company now that their reputation has dropped down so dramatically , but whatever they decide to do to fixVulnerability-related.PatchVulnerabilitythis , they better do it fast .
Sensors used to detect the level of ambient light can be used to stealAttack.Databreachbrowser data , according to privacy expert Lukasz Olejnik . Over the past decade , ambient light sensors have become quite common in smartphones , tablets , and laptops , where they are used to detect the level of surrounding light and automatically adjust a screen 's intensity to optimize battery consumption ... and other stuff . The sensors have become so prevalent , that the World Wide Web Consortium ( W3C ) has developed a special API that allows websites ( through a browser ) to interact with a device 's ambient light sensors . Browsers such as Chrome and Firefox have already shipped versions of this API with their products . Last month , in a discussion of the W3C Generic Sensor specification , the Google team proposed that ambient light sensors ( ALS ) , together with gyroscope , magnetometer , and accelerometer sensors , should be exempt from the browser permissions system . In other words , websites using these sensors wo n't have to ask users for explicit permission before accessing the any of these four sensors . Google 's opinion is that by removing this permission requirement , browsers will be on par with mobile applications , which also do n't have to ask the user for permission before accessing these sensors . This proposal did n't go well with Olejnik and fellow researcher Artur Janc , who in a series of demos , have proved that light radiating from the device 's screen , is often picked up by the ambient light sensors . A determined attacker that can lureAttack.Phishingvictims to his site , or one that can insert malicious code on another site , can determine which URLs a user has visited in the past . The whole attack relies on using different colors for normal and previously visited links , which produce a small light variation that ambient light sensors can pick up . Furthermore , Olejnik and Janc also proved that ambient light sensors can stealAttack.DatabreachQR codes , albeit this attack takes longer to perform . Right now , ambient light sensors readings are blocked in Chrome behind settings flags , as the API is experimental , but they 're supported in Firefox via DeviceLight events . According to Olejnik , mitigating this attack is simple , as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings . Furthermore , the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range . Both attacks Olejnik and Janc devised take from seconds to minutes to execute . With these mitigations in place , the attacks would n't be stopped , but they would take even longer to perform , making any of them impractical in the real world . In the long run , Olejnik and Janc hope to see access to these sensors behind a dedicated browser permission . The two researchers filedVulnerability-related.DiscoverVulnerabilitybug reports with both Chrome and Firefox in the hopes their recommendations will be followed . Olejnik has previously showed how battery readouts can allow advertisers to track users online , how the new W3C Web Bluetooth API is riddled with privacy holes , and how the new W3C Proximity Sensor API allows websites and advertisers to query the position of nearby objects .
Cyber crooks have come up with a new way to infect your computer with financial and banking malware . The process starts by randomly sendingAttack.Phishingusers spam emails disguised asAttack.Phishinga payment confirmation email from Delta Air . The choice to mask the email as coming fromAttack.Phishingan airline wasn ’ t random , since many this time of year is when many consumers purchase flight tickets at discounted rates for the summer . However , no transaction actually took place ! The email is designed to scareAttack.Phishingyou into thinking someone bought an airplane ticket using your identity . You then panic and click on one of the links in the email in order to figure out how someone could do an unauthorized purchase with your credentials . The links then redirect you to several compromised websites , which host Word documents infected with the Hancitor malware . Hancitor is a versatile malware frequently used in phishing attacksAttack.Phishingthat specializes initially infecting a PC , and then acting as a bridge for further malware downloads . If you download the malicious Word document and open it , then Hancitor will activate and infect legitimate system processes in your PC using a PowerShell code . Afterwards , your PC will connect to one or more malicious Command and Control ( C & C ) servers . These C & C servers will then download additional malware on your PC , which belong to the Pony family . Pony malware is specifically designed to stealAttack.Databreachsensitive information such as passwords and usernames from VPNs , web browsers , FTP , messaging apps and many more . On top of that , the C & C servers also download and spread another Pony-based malware called Zloader . Unlike Pony , Zloader is a banking malware designed to clean upAttack.Databreachyour bank account and stealAttack.Databreachfinancial information . Once the information harvestingAttack.Databreachis complete , the malware connects to another set of C & C servers and sends them all of your credentials and financial information .
Cyber crooks have come up with a new way to infect your computer with financial and banking malware . The process starts by randomly sendingAttack.Phishingusers spam emails disguised asAttack.Phishinga payment confirmation email from Delta Air . The choice to mask the email as coming fromAttack.Phishingan airline wasn ’ t random , since many this time of year is when many consumers purchase flight tickets at discounted rates for the summer . However , no transaction actually took place ! The email is designed to scareAttack.Phishingyou into thinking someone bought an airplane ticket using your identity . You then panic and click on one of the links in the email in order to figure out how someone could do an unauthorized purchase with your credentials . The links then redirect you to several compromised websites , which host Word documents infected with the Hancitor malware . Hancitor is a versatile malware frequently used in phishing attacksAttack.Phishingthat specializes initially infecting a PC , and then acting as a bridge for further malware downloads . If you download the malicious Word document and open it , then Hancitor will activate and infect legitimate system processes in your PC using a PowerShell code . Afterwards , your PC will connect to one or more malicious Command and Control ( C & C ) servers . These C & C servers will then download additional malware on your PC , which belong to the Pony family . Pony malware is specifically designed to stealAttack.Databreachsensitive information such as passwords and usernames from VPNs , web browsers , FTP , messaging apps and many more . On top of that , the C & C servers also download and spread another Pony-based malware called Zloader . Unlike Pony , Zloader is a banking malware designed to clean upAttack.Databreachyour bank account and stealAttack.Databreachfinancial information . Once the information harvestingAttack.Databreachis complete , the malware connects to another set of C & C servers and sends them all of your credentials and financial information .
TORONTO , April 19 ( Reuters ) - Global hotel chain InterContinental Hotels Group Plc said 1,200 of its franchised hotels in the United States , including Holiday Inn and Crowne Plaza , were victims of a three-month cyber attackAttack.Databreachthat sought to stealAttack.Databreachcustomer payment card data . The company declined to say how many payment cards were stolenAttack.Databreachin the attackAttack.Databreach, the latest in a hacking spreeAttack.Databreachon prominent hospitality companies including Hyatt Hotels Corp , Hilton , and Starwood Hotels , now owned by Marriott International Inc . The breachAttack.Databreachlasted from September 29 to December 29 , InterContinental spokesman Neil Hirsch said on Wednesday . He declined to say if losses were covered by insurance or what financial impact the hackingAttack.Databreachmight have on the hotels that were compromisedAttack.Databreach, which also included Hotel Indigo , Candlewood Suites and Staybridge Suites properties . The malware searched for track dataAttack.Databreachstored on magnetic stripes , which includes name , card number , expiration date and internal verification code , the company said . Hotel operators have become popular targets because they are easier to breachAttack.Databreachthan other businesses that store credit card numbers as they have limited knowledge in defending themselves against hackers , said Itay Glick , chief executive of Israeli cyber-security company Votiro . `` They do n't have massive data centers like banks which have very secure systems to protect themselves , '' said Glick . InterContinental declined to say how many franchised properties it has in the United States , which is part of its business unit in the Americas with 3,633 such properties . In February , InterContinental said it had been victim of a cyber attack , but at that time said that only 12 of its 286 managed properties in the Americas were infected with malware .
RawPOS continues to evolve , and has recently been equipped with the capability to stealAttack.Databreachdata contained in the victims ’ driver ’ s license ’ s 2-dimensional barcode . “ Although the use of this barcode is less common than credit card swipes , it is not unheard of . Some people might experience getting their driver ’ s license barcode scanned in places like pharmacies , retail shops , bars , casinos and others establishments that require it , ” Trend Micro researchers explained . “ Traditionally , PoS threatsAttack.Databreachlook for credit card mag stripe data and use other components such as keyloggers and backdoors to getAttack.Databreachother valuable information . RawPOS attempts to gatherAttack.Databreachboth in one go , cleverly modifying the regex string to captureAttack.Databreachthe needed data. ” This particular variant is geared towards collectingAttack.Databreachdata from driver ’ s licenses issued in the US . Thus , along with payment card data , criminals also getAttack.Databreachinformation such as the victims ’ full name , date of birth , full address , gender , height , hair and eye color . This additional info could definitely help criminals impersonate the card holder in many identity theft scenarios , as well as while effecting fraudulent card-not-present transactions . RawPOS is one of the oldest known Point-of-Sale RAM scraper malware families . It ’ s first incarnation was spotted all the way back in 2009 . According to the researchers , it is mainly used by threat actors that focus on targeting businesses operating in the hospitality industry .
On Thursday , the Shadow Brokers dumpedAttack.Databreachthem online after an attempt to sell these and other supposedly Windows and Unix hacking tools for bitcoin . The Shadow Brokers made news back in August when they dumpedAttack.Databreachhacking tools for routers and firewall products that they claimed came from the Equation Group , a top cyberespionage team that some suspect works for the NSA . Those tools contained several previously unknown and valuable exploits , lending credibility to the hacking group 's claims , according to security researchers . The Shadow Brokers ' latest dumpAttack.Databreachincludes 61 files , many of which have never been seen by security firms before , said Jake Williams , founder of Rendition InfoSec , a security provider . He ’ s been examining the tools , and said it ’ ll take time to verify their capabilities . His initial view is that they ’ re designed for detection evasion . For instance , one of the tools is built to edit Windows event logs . Potentially , a hacker could use the tool to selectively delete notifications and alerts in the event logs , preventing the victim from realizing they ’ ve been breached , he said . “ If you simply remove a record or two , then even an organization that is following the best security practices , presumably , wouldn ’ t notice the change , ” he said . On Thursday , the Shadow Brokers said they released the Windows hacking tools for free because a Kaspersky Lab ’ s antivirus product could already flag them as harmful . The clandestine group previously tried to auction off a whole set of hacking tools for 1 million bitcoins or what was at the time US $ 584 million . But after several months , that auction only managed to generate 10 bitcoins . “ Despite theories , it always being about bitcoins for TheShadowBrokers , ” the group said in broken English in their supposed final message . However , Williams believes the Shadow Brokers are likely spies working for the Russian government . This latest dump was a message to the U.S , he said . In recent weeks , U.S. intelligence agencies have been claiming the Kremlin tried to influence the U.S. election . Based on those findings , President Barack Obama has already ordered sanctions against Russia and vowed covert action . “ If they are Russian , this is a shot across the bow , ” Williams said . It ’ s unclear how the Shadow Brokers managed to stealAttack.Databreachthe hacking tools . The group has said their arsenal of supposed Linux and Windows-based hacking tools is still up for sale at 10,000 bitcoins . On Thursday , Microsoft said it 's investigating this latest batch of hacking tools that have been released
Malware specialized in infecting Point of Sale ( PoS ) software has gained the ability to search and stealAttack.Databreachdriver 's license information , according to a report published by US cyber-security firm Trend Micro . The collectionAttack.Databreachof driver 's license information surprised researchers , who have n't spotted such behavior in a PoS malware family until now . Even more surprising was that this new data collection systemAttack.Databreachwas spotted in an ancient PoS malware family , and not in one of the newer players . The name of this malware is RawPOS , a malware family that appeared way back in 2008 . Typically , financial malware lives a few years , then it fizzles out and dies , as security firms learn to detect and stop it . In spite of its old age , RawPOS stuck around , and its operators continued to update and deploy it in attacks over the years . Like all other POS malware families , RawPOS is built to target and infect computers that run PoS software . On these PCs , the malware lies in hiding and keeps an eye on the data flowing through the computer 's RAM . Using a simple regex string pattern , RawPOS scrapes the RAM until it finds data that fits the pattern . This pattern is specifically designed to detect payment card data , such as card numbers . Across the years , the different RawPOS versions have featured different versions of this regex string pattern . In total , security researchers have observed five different RawPOS patterns ( versions ) . Earlier this year , Trend Micro discovered the sixth , which featured an expanded regex filter . Besides keeping an eye on credit card data , this expanded filter scraped the infected computer 's RAM for the term `` driver 's license '' and `` ANSI 636 . '' While not directly evident for most , ANSI 636 is a barcode format used for the 2D barcode found on US drivers ' licenses . Pharmacies , retail shops , bars , casinos and others establishments usually scan a customer 's driver 's license as authorization before making particular transactions , such as when buying drugs and alcohol . This data , just like payment card data , is handled and collected by some PoS software solutions , so it makes sense seeing this new regex string pattern inside RawPOS . Researchers believe crooks behind this malware are gatheringAttack.Databreachthis information to create more complete victim profiles , in order to aid various fraud operations , such as identity theft . Even if they do n't use the stolen data themselves , the breadth of data encoded in a driver 's license barcode is valuable enough to sell on underground markets . Taking into account the copycat nature of the malware scene , this new trick of collectingAttack.Databreachdriver 's license information will most likely spread to other PoS malware families .
French presidential candidate Emmanuel Macron 's campaign team confirmed on Wednesday that his party had been the target of a series of attempts to stealAttack.Databreachemail credentials since January but that they had failed to compromiseAttack.Databreachany campaign data . Macron 's party , known as `` En Marche ! '' or `` Onwards '' , said it had been hitAttack.Phishingby at least five advanced "phishing" attacksAttack.Phishingthat involved trying to trickAttack.Phishinga broad number of campaign staff members to click on professionally-looking fake web pages . The latest attacks were confirmed by security firm Trend Micro , whose researchers found links to a cyber espionage group it has dubbed Pawn Storm , the Macron team noted . Other experts link the group , also known as `` Fancy Bear '' or `` APT 28 '' , to Russian military intelligence agency GRU . Russia has denied involvement in attacks on Macron 's campaign . Macron , an independent centrist who has been critical of Russian foreign policy , faces far-right leader Marine Le Pen in France 's presidential runoff on May 7 . Le Pen has taken loans from Russian banks and has called for closer ties with Moscow . `` Emmanuel Macron is the only candidate in the French presidential campaign to be targeted ( in phishing attacksAttack.Phishing) , '' his party said in a statement , adding this was `` no coincidence '' . In mid-February , an En Marche ! official told a news conference the party was enduring `` hundreds if not thousands '' of attacks on its networks , databases and sites from locations inside Russia and asked the French government for assistance . The Macron campaign said on Wednesday it had carried out counter-offensive actions against the fake web sites , which were designed to trickAttack.Phishingcampaign workers into divulging their user credentials . As a further precaution , it also said En Marche ! does not use email to share confidential information .