Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Breaking News. Show all posts
Security News
Breaking News Cyber Security Group-IB Security News

Group-IB : payment data of thousands of customers of UK and US online stores could have been compromised




Moscow, 14.03.2019 – Group-IB, an international company that specializes in preventing cyberattacks, has uncovered a malicious code designed to steal customers’ payment data on seven online stores in the UK and the US. The injected code has been identified as a new JavaScript Sniffer (JS Sniffer), dubbed by Group-IB as GMO.

Group-IB Threat Intelligence team first discovered the GMO JS Sniffer on the website of the international sporting goods company FILA UK, which could have led to the theft of payment details of at least 5,600 customers for the past 4 months.

Do your payments have the sniffles?

Most recent breaches similar to this include British Airways and Ticketmaster which were first analyzed by RiskIQ research team, where cybercriminals managed to compromise personal information of thousands of travelers and concert goers with a few of lines of code. British Airways and Ticketmaster websites were infected with JS Sniffers, a type of malicious code injected into a victim’s website designed to steal a consumer’s personal data including payment card details, names, credentials etc.

FILA UK website (fila.co[.]uk) became cybercriminals’ new major target on the UK market . GMO JS Sniffer has also been discovered on 6 other websites of US-based companies. This type of attack is especially dangerous given that it can be applied to almost any e-commerce site around the world. Group-IB made multiple attempts to alert FILA, which was known to be impacted by GMO. Six other websites affected by this JS Sniffer were notified upon discovery as well. Group-IB team has also reached out to local authorities in the UK and the US to conduct outreach.

Group-IB’s Threat Intelligence team first discovered GMO on the FILA UK website. The malicious code was detected in early March 2019. In the course of further research it was revealed that GMO JS Sniffer has presumably been collecting customer payment data since November 2018. According to Alexa.com, the number of fila.co[.]uk unique monthly visitors is estimated at around 140k per month.

According to IRP, UK market research firm, a minimum conversion into purchase for fashion and clothing ecommerce is equal to 1%. Using very conservative estimates, payment and personal details of at least 5,600 customers could have been stolen by cybercriminals – everyone who has purchased items on fila.co.uk since November 2018 has potentially had their details compromised. Typically, after customer data is stolen, it is usually resold on underground cardshops. Another scheme of cashing out involves the use of compromised cards to buy valuable goods, e.g. electronics, for onward sale.

Read more »
Malware Report
Breaking News Data Encrypting Malware Hacking News Malware Report

Website of Chelyabinsk court hits by data-encrypting malware



Attackers hacked into the website of Arbitration court of Chelyabinsk( a federal subject of Russia, on the border of Europe and Asia) and infected the server with a data encrypting malware.

The malware encrypted the information and files on the server. This incident took place on 4th October. By 10th October, the experts have managed to restore the website from previously saved backup.

However, the court lost all the information that was published on their website for this year, as the last backup operation was done only in January. The online resources including news, charts, video of conferences, information about bureau and judicial appointments were irretrievably lost.

According to the local report, the court is still trying to recover the information using their own sources.  There is no detailed information about the malware variant used in the attack.

- Christina
Read more »
Ukrainian Hacker
Breaking News cyber espionage hacker news Ukrainian Hacker

Ukrainian Hacker detained for remotely spying on Politicians



A 23 year old Ukrainian Hacker from Kharkiv City detained by the National Police of Ukraine for hacking into personal computers of Ukrainian Citizens and other states.

According to the local press report, the hacker used a malicious software(probably RAT - Remote Access Trojan) to control the victim's computers for almost two years.  It is said he also observed the activities of victims using web camera. The hacker is said to invaded personal life of about 100 people.

A Search and Seizure warrant was executed at the hacker's home, leading to the video recordings of victims and malicious software used in the Cyber espionage.

The motive of the espionage is not clear.  One of the theory says that he received order from some one to target people and got money.  The theory might be true as some of the victims were also members of Ukrainian political parties.

If convicted, the hacker will face up to six years imprisonment.

- Christina

Read more »
National Cyber Security
Breaking News National Cyber Security

Putin signed a law to Protect Critical Information Infrastructure from Cyberattacks



On 27 July the President of Russia Vladimir Putin signed a new Law on the Cyber Security in order to protect Critical Information Infrastructure(CII) from hacker attacks.

The document published on the portal of legal information. According to the law, those who creates and distributes malicious programs to commit cyber attacks against Critical Information Infrastructure(CII) will face up to 10 years in Prison.

From now on, hacking or illegal access to computer information of Government Agencies is fraught with a five-year forced labour, 3, 5 and 10 years imprisonment, or a fine up to one million rubles. And after hacker got out of the jail, he may be deprived of the right to hold certain posts within five years.

The law defines that security services and a Federal Executive Authority will deal with the fight against hackers.

A law signed by the President will come into force on 1 January 2018.

- Christina

 
Read more »
Cyber Crime Report
Breaking News Cyber Crime Report

Russian Hacker pleads guilty for role in creating Ebury Malware

The Russians hackers who created the malware Ebury pleaded guilty to the charges brought against them.

Maxim Senach, 41 years old Russian man, inhabitant of Great Novgorod, was arrested in Finland in 2015. In January 2016 he was extradited to the United States. Now the U.S. Department of Justice reports that Senach pleaded guilty, confirming that he was engaged in the development of Ebury malware and controlled the well-known botnet.

Malware Ebury appeared in 2011 and attacked UNIX systems (Linux, FreeBSD, Solaris). Malware was installed on poorly protected servers, and Ebury had the rootkit component, and also a backdoor that allows attackers at any time to get to the server remote access. Additionally, Ebury was used to steal SSH accounting data and private keys. Then attackers also used it to infect new servers.



This malware has become well know after "Ryan Austin" (Unrelated) used it to infect kernel.org servers. It took the administrators months to clear out the infections as kernel.org is the main distribution channel for the linux source code.


Servers affected by Ebury joined in a botnet used by cyber criminals to send spam, clickfraud, traffic-diversion to malicious sites or to sites which paid for "advertising." Ebury totally infected more than 500,000 computers and 25,000 servers. The botnet could send out 35 000 000 spam emails daily, and divert more than 500 000 people to malicious sites. According to law enforcement agents operators of the botnet benefited millions of dollars.

As stated above, Senach pleaded guilty to all charges and now he faces 30 years in prison. The verdict will be announced on 3 August 2017.
Read more »
Information Security
Breaking News CIA Information Security

No app can stop CIA from reading your messages, says Pavel Durov



In an article titled "What does the "Year Zero" and "Vault 7" stuff from Wikileaks mean?", Pavel Durov, the Founder of social network Vkontakte and messenger Telegram, explained how CIA can read your messages even if you are using a secure messaging application.

Durov said that the hackers do not need to directly hack the targeted applications. Instead, they can exploit the vulnerabilities in the mobile operating systems to access your sensitive information and messages.

"To put 'Year Zero' into familiar terms, imagine a castle on a mountainside. That castle is a secure messaging app. The device and its OS are the mountain. Your castle can be strong, but if the mountain below is an active volcano, there's little your engineers can do." he explained. "So in the case of 'Year Zero', it doesn't matter which messenger you use."

He explained that the hackers can gain access to your keyboard that allows them to know which key you press.

"No app can hide what shows up on your screen from the system. And none of this is an issue of the app." said Durov

The founder of the Telegram urged the main developers of operating systems and devices, such as Apple, Google or Samsung, immediately start fixing their vulnerabilities.

He said that normal users do not need to worry about this. But, if the CIA is on your back, it doesn't matter which messaging apps you use as long as your device is running iOS or Android.
Read more »
Mobile Security
Breaking News Cyber Security awareness Information Security News Jio Mobile Security

Be careful with whom you share your Jio Hotspot!

If you are sharing your Jio internet with others via mobile hotspot, you should know what is the risk that you are taking.  Our research shows that sharing your Jio with others puts your sensitive information in their hands.

The person who is using your Jio Internet can easily log into your Jio account. All they have to do is download the MyJio app and click "SIGN IN WITH SIM". 

Steps to replicate:
Step 1:
    You should have two phones - one with Jio Sim and another one with non-Jio SIM(make sure you have not installed Jio app in the second phone yet).

Step 2:
    Turn on Wi-Fi hotspot in the Jio phone and connect from your non-Jio phone

Step 3:
    Install Jio app from playstore and open.  When it is asking for authentication, click "SIGN IN WITH SIM". Now you will be able to access the Jio account from your non-Jio mobile.

View/Modify Details:
After logging in, it is possible to view sensitive information including name, date of birth, mobile number, alternate contact work, address, photo, usage details.  Also, some of the details can be edited.



Once you are logged in, the session is getting maintained even if you are disconnected from the Jio network.

Account lockout:
If you mistakenly log out from the Jio-phone when it is logged in the non-Jio phone, you won't be able to log in to your Jio app unless the other person logs out from the app.

If the victim has installed Jio Security app, it is possible for an attacker to track the current location or see the last location details.

Let's say that you are in public place and a stranger(attacker) asking for Internet connection to check his email.  If you share the Internet, it is enough for the attacker to steal your sensitive information.

The issue can be resolved by adding OTP Check when doing authentication.

We thank Suriya Prakash from Cyber Security & Privacy Foundation(CSPF) for helping us with this research.

Read more »
Vulnerability
Breaking News IT Security News Vulnerability

Hackers could easily bypass SBI's OTP security

One Time Password (OTP) has become the new security feature on most of the websites, including the banks. This feature allows a user to make online transactions after the identity of the customer is verified by putting the OTP password sent to the registered mobile number from the bank. But who knew this security feature could be easily bypassed and lead to huge loss of money.

A white-hat hacker, bug bounty hunter and web application security researcher, Neeraj Edwards shared his research on how he could easily bypass the OTP of one of the most popular bank, State Bank of India (SBI) and could make the transaction with any amount.



While making a transaction, the last page of SBI’s website shows a One Time Password screen where there is a parameter called ‘smartotpflag is set to Y i.e. smartotpflag=Y’.


Smartotpflag parameter is used to generate OTP, and Y represents ‘yes’ to send the code to the registered mobile. However, the risk factor arises if someone changes ‘Y’ to ‘N’ which means ‘No’. The transaction then will be completed without entering the OTP.


Though after Edwards discovery, the vulnerability was patched but it was highly disappointing that the person who could have easily benefited from this vulnerability, but choose not to, was neither rewarded nor acknowledged for his work.

The press too could not make this important news to the papers, thus keeping the public in dark and keeping the discoverer from any achievement.

The POC Video:
https://www.youtube.com/watch?v=2kYm1G2jBcM
Read more »
Subscribe to: Posts (Atom)