IT News

IT News

1 2 3 6

Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called “AtomBombing.”
On Tuesday, Magal Baz, security researcher at Trusteer IBM disclosed new research, exposing the new Dridex version 4, which is the latest version of the infamous financial Trojan and its new capabilities.
Dridex is one of the most well-known Trojans that exhibits the typical behavior of monitoring a victim’s traffic to bank sites by infiltrating victim PCs using macros embedded in Microsoft documents or via web injection attacks and then stealing online banking credentials and financial data.

 

Read More:

Yahoo has just revealed that about 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password.
These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months.
The former tech giant said that in a regulatory filing Wednesday that the cookie caper is likely linked to the “same state-sponsored actor” thought to be behind a separate, 2014 data breach that resulted in the theft of 500 Million user accounts.

 

Read More:

Could your company be facing Legal action if you continue to transfer data on EU individual to the US after 31st January 2016.

On 6 October 2015, the European Court of Justice (ECJ) ruled that the commission’s adequacy decision on the EU-US Safe Harbour arrangement is invalid.

The Pan-Europe Data Protection has warned that if no agreement is reached by the end of January 2016, they are committed to take all necessary and appropriate actions. This would appear to mean that business engaged in the transfer of data to the US will have to hope that new laws are agreed otherwise their action could be deemed unlawful.

 

http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/2015/20151016_wp29_statement_on_schrems_judgement.pdf

The European Court of Justice has ruled that the EU Safe Harbour agreement allowed American tech companies such as Facebook to transfer users’ data from the EU to the US is now invalid, .

The court said the transfer of data could be suspended because the US “… does not afford an adequate level of protection”.

EU data protection laws are among the toughest in the world and forbid the data of EU citizens to be exported to countries outside the EU without adequate levels of protection.

 

The European Court of Justice has ruled that the EU Safe Harbour agreement allowed American tech companies such as Facebook to transfer users’ data from the EU to the US is now invalid, .

The court said the transfer of data could be suspended because the US “… does not afford an adequate level of protection”.

EU data protection laws are among the toughest in the world and forbid the data of EU citizens to be exported to countries outside the EU without adequate levels of protection.

 

Why does Safe Harbour ruling threaten Facebook data transfers? BBC News

Published on Oct 6, 2015 “BBC News”
The EU’s top court rules that a data transfer pact with the US did not do enough to protect people’s privacy, causing problems for Facebook. Rory Cellan-Jones explains why.

 

EU Strikes Blow Against Facebook, Data Transfers

Published on Oct 6, 2015 “RT America”
The European Court of Justice ? the EU’s highest ? ruled a 15-year-old agreement between American technology companies handling European data to be invalid, which might be a major blow to companies from ranging from Amazon to Facebook. “Boom Bust” correspondent Bianca Facchinei has more details on the decision.

 

Safe Harbor has been ruled INVALID!

Published on Oct 6, 2015 “Zettabox”
The European Court of Justice has ruled Safe Harbor as INVALID. What should your company do now with its data?

 

Published on Oct 6, 2015 “Associated Press”
The European Union’s highest court struck a blow against Facebook and other web companies by ruling that a long-running pact allowing the free transfer of data to the US was invalid as it does not adequately protect consumers. (Oct. 6)

A zero-day vulnerability affecting all Microsoft supported versions of Windows Operating system, including Windows Server has been identified. Also we are seen reports from iSight identifying a cyber espionage campaign already in progress to compromise exposed system

The vulnerability Exploitation is identified by CVE-2014-4114, and also known as Sandworm. It was been reportedly discovered in the wild in connection with a cyber espionage campaign that iSIGHT Partners has attributed to Russia. The zero-day vulnerability is reported as been used in early September  to infect victims with malicious attachments, primarily PowerPoint files. Although the attackers used PowerPoint as its attack vector.

 

The vulnerability exists in the OLE package manager in Microsoft Windows and Server. The OLE packager (packager .dll) is able to download and execute external files like INF, allowing the attacker to execute commands.

 

Risk Level

The Risk level appears high, because if one group could design a worm to exploit the hole, then someone will try to recode the worm and make it wide spread.

Impact – we are only at the early stage of trying to understand what we are looking at. But the if the vulnerability allows the possibility to download and execute a file that the potential impact is extremely High

 

http://www.tripwire.com/state-of-security/incident-detection/microsoft-windows-zero-day-exploit-sandworm-used-in-cyber-espionage-cve-2014-4114/

 

iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign – See more at: http://www.isightpartners.com/2014/10/cve-2014-4114/#sthash.mDSsxZ8j.dpuf

http://www.isightpartners.com/2014/10/cve-2014-4114/

.

 

http://www.theregister.co.uk/2014/10/14/isight_microsoft_announce_windows_and_windows_server_0day/


.

.
Russian Hackers Target EU, NATO

Shellshock bash Code Injection Vulnerability, what do you need to do? what is the Risk?

 

Report from SAMS ISC

 

Bash Code Injection (Shellshock) Vulnerability (CVE 2014-6271)

 

 

Cento OS Bash vulnerability that had been announced in 2014/09/24 How to FIX

 

 

How to fix bash code injection flaw on CentOS/RedHat 6x Server

 

 

HackerKast Shellshock- September 25, 2014 – WhiteHat Security

 

Would you trust or do business with someone who steals, property theft is a big issue, especially on the internet. We decided to do an investigating to determine how many business website owners on the internet have no regard for copyright and steal logos for other website. For this investigation we decided to see identify who has stolen out logo. From our investigation on the 04 July 2014 we identified 41 cases of logo theft.

————

10 July 2014 As we keep going deeper into this case on Intellectual Property Theft we have now identified 65 sources on the internet that contain this stolen logo. Less than 5 website owner have apologized for the unauthorized use of this logo. But many website owners and business are failing to report, until they realize that we are serious about getting local law enforcement involved.

izeektech isbitgs-wikispaces iqchannels indiamart hotfrog2 hotfrog gshny.weebly gobeshona download.html datacore cybersecureonline buildershoponline beton-nn beacongis 41 40 39 37 35 34 19 18 17 16 14 12 10 9 7 4 3 www.best-reviewer weblocal webdime tozoshop tickadeals security-testlab secugenius sawitcantas rambotechnology rabsnetsolutions podored mywellcare man2bekasi mailmantra macktechaddition javanmardi

A number of UK, US and Australian iPad and iPhone users are experiencing some issues with their Apple devices. A message, saying something like this is popping up on their screens:
 
iPhone's and iPads under attack
 
Device hacked by Oleg Pliss. For unlock device…
In order to unlock the device Mr Pliss is asking for the modest sum of $100/€50 Now.. although the mechanism used to hack these accounts is still unclear, it seems the attackers got hold of the victims' iCloud login credentials and locked their devices remotely. It is speculated that the attackers got hold of these credentials from another data breach and just guessed that Apple users would use the same information.
 
If you haven't become a Victum of this attack
 
  1. Enable 2FA (2-factor authentication) right now for your iCloud account. This will prevent someone holding your iCloud login details to access it. Instructions on how enable 2FA can be found on Apple's support site: http://support.apple.com/kb/HT5570
  2. Change your iCloud password as a preventive measure, especially if you are using the same password for different sites. Instructions on how to do this can be found on Apple’s support site: http://support.apple.com/kb/PH2617
  3. Don’t pay the ransom
 
Steps to take so you do not become a Victum
 
  1. If the attackers have set a passcode on your device, instructions on how to bypass the lock can be found on Apple's support site: http://support.apple.com/kb/ht1212 However, this requires resetting the device, which would erase all information that is not backed up.
  2. In case you cannot recover control of your device, you might need to contact Apple’s support customer care. Here are the phone numbers: http://support.apple.com/kb/he57
 
 
 
This attack is believe to have originated from a physhing email attack where user were informed their "Apple ID has been Disabled for Security Reasons!" which was acutall a tricl to steal their apple login details

Internet Scam Alert

This morning a Social Engineering attack targeting people in Ireland was identified. The attackers are trying to trick people into going to their website, by sending people a fake email that is made to look as if it has come from the Irish Revenue about a tax refund.

The domain been used for this attack is registered to an address in Australia

 

If you recieve this email do not click on hte link

 

From: Revenue – Irish Tax & Customs Notice <service@revenue-refund.com>
Date: 30 July 2012 07:32:47 GMT+01:00
To: <
>
Subject: Online Security Notification


Revenue – Irish Tax & Customs Online Confirmation

This e-mail has been sent to you by Revenue – Irish Tax & Customs to inform you that we must pay you back 278 EUR.
Please complete all the information to process your refund

Please allow 2 weeks for you money to be availabe in your account.
Total refund amount: 278 EUR

To ensure that your service is not interrupted, we request you to confirm and update your information today by following the link below:

Revenue – Irish Tax & Customs Online Confirmation

Thank you for your prompt attention to this matter. Do not reply to this e-mail.
Mail sent to this address cannot be answered.

Member 818779

© Revenue – Irish Tax & Customs 2012

Internet SCAM

An internet Scam target at Bank of Ireland 365 customer has been detected. The Hackers are sending email to targeting Irish email address with a message saying that your account has been temporally limited. This emails is designed to look as if it has come from Bank of Ireland 365 online banking. The emails that we have received have not come from Bank of Ireland and the link in the email  does not take you to a bank of Ireland server. This is a social engineering attack by cybercriminal to steal your banking login details.

If you have already fallen victim to this attack change your banking login details immediately.

 

————————————————————————————–.

From: 365 Online [mailto:no-reply@365online.ie]
Sent: Friday, March 09, 2012 12:45 PM
To: niall@securityitrust.com
Subject: Your account has been temporarily limited. ID: 201203WJS2

 

Bank of Ireland 365 internet scam

Dear Customer,

Your account has been temporarily limited.
To remove the limitation from your account
please confirm your credit card details on file.

 

For confirmation, please click the link below:

Sign In to 365online account  – (Link to fake website desgned to look like 365 Online). 

We apologise for any inconvenience caused.
Thank you.

——————————————————–.

1 2 3 6