IT Security Ireland

IT Security Ireland

A zero-day vulnerability affecting all Microsoft supported versions of Windows Operating system, including Windows Server has been identified. Also we are seen reports from iSight identifying a cyber espionage campaign already in progress to compromise exposed system

The vulnerability Exploitation is identified by CVE-2014-4114, and also known as Sandworm. It was been reportedly discovered in the wild in connection with a cyber espionage campaign that iSIGHT Partners has attributed to Russia. The zero-day vulnerability is reported as been used in early September  to infect victims with malicious attachments, primarily PowerPoint files. Although the attackers used PowerPoint as its attack vector.

 

The vulnerability exists in the OLE package manager in Microsoft Windows and Server. The OLE packager (packager .dll) is able to download and execute external files like INF, allowing the attacker to execute commands.

 

Risk Level

The Risk level appears high, because if one group could design a worm to exploit the hole, then someone will try to recode the worm and make it wide spread.

Impact – we are only at the early stage of trying to understand what we are looking at. But the if the vulnerability allows the possibility to download and execute a file that the potential impact is extremely High

 

http://www.tripwire.com/state-of-security/incident-detection/microsoft-windows-zero-day-exploit-sandworm-used-in-cyber-espionage-cve-2014-4114/

 

iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign – See more at: http://www.isightpartners.com/2014/10/cve-2014-4114/#sthash.mDSsxZ8j.dpuf

http://www.isightpartners.com/2014/10/cve-2014-4114/

.

 

http://www.theregister.co.uk/2014/10/14/isight_microsoft_announce_windows_and_windows_server_0day/


.

.
Russian Hackers Target EU, NATO

SCAM ALERY
 
From: Permanent TSB [mailto:security@onlineupdate.com]
Sent: 04 December 2012 04:57
To:
Subject: Spam:: Permanent TSB Online Banking – 3rd attempt failed !
 
                                                          Your last successful logon was on 2 December 2012 at 19:47
Dear Permanent TSB Customer,
 
 
Within Permanent TSB latest security checks, we recently discovered that today there were 3 incorrect login attempts to your account.
For your safety, Permanent TSB set your account status to limited. For your account status to get back to normal, you will have
to Log in correctly at: https://www.open24.ie/online/login.aspx?session={5uOr40Ld3Ckw-013dk-2D46D4190}
 
Due to our latest fraud attempts, the following IP adresses were recorded:
Invalid login from:
*.*.4.218.lsw.ru
Invalid login from:
*.*.24.144
Invalid login from:
*.*.41.rr.com
 
Please Note:– The account balance may be adjusted in accordance with the
Open 24 Terms and Conditions of use. Please click here for legal information.
 
This message is mandatory, if you do not complete it in less then 24 hours, your account may get suspended.
 
 
Copyright © 2012 permanent tsb p.l.c. is a limited liability company registered in Dublin under No. 222332.

advertisement
 
 
 
This e-mail was officialy sent by The Permanent TSB Team, your reference number is (895-461238)
 
 

Internet Scam Alert

This morning a Social Engineering attack targeting people in Ireland was identified. The attackers are trying to trick people into going to their website, by sending people a fake email that is made to look as if it has come from the Irish Revenue about a tax refund.

The domain been used for this attack is registered to an address in Australia

 

If you recieve this email do not click on hte link

 

From: Revenue – Irish Tax & Customs Notice <service@revenue-refund.com>
Date: 30 July 2012 07:32:47 GMT+01:00
To: <
>
Subject: Online Security Notification


Revenue – Irish Tax & Customs Online Confirmation

This e-mail has been sent to you by Revenue – Irish Tax & Customs to inform you that we must pay you back 278 EUR.
Please complete all the information to process your refund

Please allow 2 weeks for you money to be availabe in your account.
Total refund amount: 278 EUR

To ensure that your service is not interrupted, we request you to confirm and update your information today by following the link below:

Revenue – Irish Tax & Customs Online Confirmation

Thank you for your prompt attention to this matter. Do not reply to this e-mail.
Mail sent to this address cannot be answered.

Member 818779

© Revenue – Irish Tax & Customs 2012

NEW   Titanium Security For Netbooks 2012

Essential Protection

 

ANTIVIRUS
Proactively stops viruses before they reach you
   REAL-TIME UPDATES
Safeguards your PC from the latest Internet security threats
LIGHT ON MEMORY
Internet Security that won't slow you down

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

NEW   Titanium Antivirus Plus 2012

Essential Protection

 

ANTIVIRUS
Proactively stops viruses before they reach you
   REAL-TIME UPDATES
Safeguards your PC from the latest Internet security threats
LIGHT ON MEMORY
Internet Security that won't slow you down

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

NEW   Titanium Internet Security 2012

Advanced protection for your family – All the features of Titanium Antivirus Plus, plus:

 

DATA THEFT PREVENTION
Safely bank and shop online
   PARENTAL CONTROLS
Easily protect your children online
2 GB Online Storage
Protect, access and share your photo's, documents and more with a 2 GB SafeSync account

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

As part of over view of the Irish security market have collected some results from the security topics that people in Ireland search for when on the internet.

 

 

 

Keyword Global Monthly Search Average Irish Monthly Search
security 37200000 165000
security essentials 3350000 14800
microsoft security 3350000 14800
ms security essentials 2740000 12100
microsoft security essentials 2740000 12100
a network 1500000 6600
security jobs 673000 6600
jobs in security 673000 6600
jobs security 673000 6600
jobs it security 673000 6600
jobs in it security 673000 6600
security system 1220000 4400
free security 823000 3600
social security 5000000 3600
security tool 550000 3600
windows security 823000 2900
security windows 823000 2900
security systems 550000 2900
home security 673000 2400
security home 673000 2400
issa 450000 2400
security cameras 246000 1900
security camaras 246000 1900
security services 301000 1900
security camera 368000 1900
free internet security 368000 1900
internet security 2011 1220000 1900
networking security 450000 1600
network security 450000 1600
security network 450000 1600
system security 673000 1600
security training 165000 1600
security guard 368000 1600
security companies 165000 1600
kaspersky internet security 1220000 1300
information security 450000 1300
security information 450000 1300
security of information 450000 1300
security jobs in ireland 1900 1300
wireless security 301000 1300
computer security 246000 1300
private security 110000 1300
security software 246000 1300
software security 246000 1300
it security 201000 1000
security jobs in dublin 1300 1000
security shield 201000 1000
shield security 201000 1000
download internet security 368000 1000
internet security download 368000 1000

Where do we draw the line between protecting user and putting users at risk? Has data protection stepped across the line and because our data protection experts have been so busy protection our data that they have now put laws in place the protect criminals and buy putting our data at risk?

This is an update to our previous post :http://www.securityitrust.com/computer-fixing-scam-over-the-phone/

The latest call we observer are from a group that claim to be from a company called "Online PC Care".
On the phone they claim that they are a not part of a scam and that another group is also calling people and pretending to be their company. When asked where they got the phone number for Irish people and details of the Irish people they are calling they were using the phone directory. When asked why they had called the same numbers more that 10 time and harassing people the Indian agent claims that this was not true. She said that the call must be from a company pretending to them.

So “Online PC Care” want us to believe that there is another identical group of people from India using the same sales pitch and pretending to be them. What else could you expect them to say. So I responded by making the agent aware of the Irish telephone regulation, and if here company was not harassing Irish home user could she explain why she was calling a number that was listed as not open to marketing call. I also pointed out to her about the sexual comment used to insult people who did not want to give out and info on their PC by some of the male callers.
From all the call we have listening in on, and also from people who were are aware of that received these call, they all report that the called had an accent that sounder Indian and that despite giving different company name all claimed they were from India.
Reports from US and UK about this scam are also saying that the caller had Indian accents.

 

Here are some examples of these calls by People who recoded their phone call with the group carrying out these scams.

Scam onlinepccare.com call – The Highlights! 1/3 Scam onlinepccare.com call – The Highlights! 2/3 Scam onlinepccare.com call – The Highlights! 3/3 SupportOnClick Scareware Scam Call part (2/4) SupportOnClick Scareware Scam Call part (3/4) SupportOnClick Scareware Scam Call part (4/4) MICROSOFT COMPUTER SUPPORT SCAM Technical Support Phone Investigation by SymantecScam Microsoft warns computer owners of phone scam PC tech support cold-calling scam

 

 

onlinepccare.com

So if this  Online PC Care is a valid company they why would the contact person behind their domain registration be using a Gmail email address. A private individual with a person website might use a Gmail email address but for a company this would appear to be on the unprofessional side. The Gmail address supplied is actually bogus because   ******@gmail.com is not a valid  email address from Gmail. When we looked further in the DNS registration the billing details pointed us to the domain sifcorp.com

 

 

Registration Service Provided By: SIFY

Contact: +091.4422540770

Website: http://www.sifycorp.com

Domain Name: ONLINEPCCARE.COM

 

Registrant:

    Onlinepccare

    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore

    Kolkata

    West bengal,700053

    IN

    Tel. +091.3340101614

 

Creation Date: 12-Aug-2009 

Expiration Date: 12-Aug-2012

 

Domain servers in listed order:

    sdns.sifytech.net

    pdns.sifytech.net

 

 

Administrative Contact:

    Onlinepccare

    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore

    Kolkata

    West bengal,700053

    IN

    Tel. +091.3340101614

 

Technical Contact:

    Onlinepccare

    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore

    Kolkata

    West bengal,700053

    IN

    Tel. +091.3340101614

 

Billing Contact:

    Sify Limited

    Sify Limited        ***********@sifycorp.com)

    Second Floor, Tidel Park

    No. 4 Canal Bank Road,Taramani

    Chennai

    Tamil Nadu,600113

    IN

    Tel. +091.04422540770

 

Status:ACTIVE

 

Recruitireland.com is reported as been hacked by cybercriminals yesterday. A garda investigation is under way into a breach at the recruitireland.com website.

It is believed that the hackers may have gained access to the names and email addresses of people using the recruitment site.

The website's managing director, Tom Crosbie said that the gardaí were investigating incident and that the Data Protection Commissioner has been made aware of the situation. According to recruitireland.com data such as, including CVs, usernames or passwords were not compromised.

Website hacking is on the increase. No website is 100% secure. So if you or your business has a website the only way you can protect it from hackers is by regular security monitoring and audits.