Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label HeartBleed. Show all posts

Emails promising CNN article about HeartBleed vulnerability leads to Spam sites

Cyber Criminals often take advantage of hottest topics and latest events to entice users into visiting spam websites. The HeartBleed bug, which has made headlines over the past few weeks, is no exception.

Now, spammers are sending out emails with subject "HeartBleed Bug warning". The spam campaign was discovered by Security researchers at TrendMicro. 

"I Just want to let you know there is a big security concern now in the internet.  The Internet bug called Heartbleed Bug, was recently discovered by experts.  So if were you, you need to change your internet passwords specially your banking passwords." The spam email reads.

"Check for this report in CNN. Report from CNN[LINK]"

If the link provided in the email led to the actual CNN report, the email may have been considered as cyber security awareness email.  But, the link leads to some malicious webpage.

One good thing what spammers did is notifying users about the HeartBleed vulnerability and suggest recipients to change their password.  If the link provided in the email.

Hacker arrested for exploiting HeartBleed vulnerability to steal information

A 19-year-old computer science student has been arrested by the Royal Canadian Mounted Police (RCMP) and accused of stealing personal data by exploiting the "HeartBleed" vulnerability.

HeartBleed, the bug that left the Internet vulnerable, is a recently uncovered security flaw in the popular open-source encryption library(OpenSSL) which allows attackers to read memory of the server running vulnerable OpenSSL - means attacker can steal sensitive information.

Stephen Arthuro Solis-Reyes from London, Ontario, accused of exploiting HeartBleed bug to steal sensitive information from servers of the Canadian Revenue Agency(CRA), according to RCMP.

During the Police raid, his computer was seized by Canadian police.  He is scheduled to appear in court in Ottawa on July 17.

The arrest came after CRA announced that someone exploited the HeartBleed bug to steal 900 Social Insurance numbers of taxpayers.  The agency had shut down its site temporarily to prevent further attacks.

"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible." Assistant Commissioner Gilles Michaud said in a statement.

"Investigators from National Division, along with our counterparts in “O” Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners".