Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

BLOG
New Phishing Campaign Seeks Account Credentials of Apple Users PDF Print E-mail
Written by Administrator   
Saturday, 30 August 2014 19:00


According to security researchers, cyber-criminals are unyielding as they keep garnering account credentials related to various Internet services, and currently, they are executing a robust phishing e-mail scam aimed at users of Apple the software giant, reported softpedia.com dated August 22, 2014.

Typically, the e-mails are spoofed and this time they impersonate Apple using its supposed e-mail id This e-mail address is being protected from spambots. You need JavaScript enabled to view it while issuing alert messages for recipients telling them they require validating their account credentials by logging into the same.

The complete fraud gets the look of security verification, while in case end-users overlook it, they would face suspension of the Apple ID assigned to them. Scammers use this as one usual trick which makes the message seem urgent as also raises the number of successful attempts during the phishing scheme.

Essentially, the message body ends with a web-link supposedly leading onto Apple's site that asks for the end-user's particulars necessary to complete the account verification.

In addition to asking the username and password of the user's Apple account, the phishing site directs him to provide his full name along with birth date; details of credit card such as CVV, number, 3D-secure particular and expiration date; address; driver license code as well as replies to security queries. These information land up with the cyber-crooks who could use the same to commit identity theft vis-à-vis the victim.

Disturbingly, Apple has had such attacks from online miscreants previously too. Indeed, because of these recurrent e-mail scams against Apple, the company as well as security specialists have recommended certain security suggestions for the Apple users.

One, they must be wary of dubious e-mails. In case an e-mail received talks about suspension of the recipient's Apple ID alternatively asks him for making his information up-to-date, he mustn't open the web-link given inside the e-mail rather he should go to his Web-browser and access apple.com for the action.

Two, users should activate the 2-step validation to access their Apple ID. Then, suppose their Apple ID gets stolen, the phishers would not be able in logging into their accounts devoid of being in physical control of their devices or mobile-phones.

Read more... - New Phishing Campaig...
 
POS System of Mizado Cocina Infected by “Backoff” Malware PDF Print E-mail
Written by Administrator   
Saturday, 30 August 2014 19:00


Softpedia.com reported on 21st August, 2014 stating that Mizado Cocina restaurant in New Orleans (United States of America) found their payment systems leaked debit and credit card information to an unknown imposter who is using the Backoff Point-Of-Sale (PoS) malware.

The restaurant came to know about this only when a third-party forensic investigation company informed them on 31st July, 2014 that an attacker installed malicious software on their systems to try to steal information about their customer's credit card.

Earlier also the restaurant observed signs of intrusion as clients reported fake transactions soon after dining at Mizado Cocina.

It became clear after forensic investigation that the payment systems had been infected with malicious software and the hardware was replaced.

The breached system was analyzed and it was revealed that around 8,000 cards of individuals were impacted which were processed by the infected PoS between 9th May and 18th July.

The restaurant announced publicly that the names, card numbers, CVV security codes and expiry dates of customers were compromised during the incident.

It is RAM (Random-Access Memory) scraper which is a part of a new malware family Backoff which can capture data stored in memory. It can log keystrokes and collect details of payment card stored in memory immediately when it is swiped and before encryption of the information. Researchers and law enforcement authorities first encountered Backoff in October 2013 but most major antivirus tools did not detect it till then.

The restaurant claimed to contact and request those customers who dined between the given time-frame (9th May to 18th July, 2014) to review their account statements and notify credit card companies and monitor credit reports to prevent theft of identity.

Nola.com published news on 19th August, 2014 quoting news release of Chris Rodrigue, CEO of Taste Buds Management which operates Mizado Cocina as "As per the advice about security compromise of our point of sale system, we have been working continuously with the credit card processors, appropriate law enforcement authorities and forensic experts to investigate the security compromise to ensure protection of debit and credit card information of our guests.

Read more... - POS System of Mizado...
 
With US Colleges Re-Starting Session, Cyber-Criminals Once Again Get Active; BitSight PDF Print E-mail
Written by Administrator   
Saturday, 30 August 2014 19:00


BitSight Technologies the security rankings issuer has just published a report that claims online criminals are returning with their malicious activities when college students in USA prepare to attend classes, reported nbcnews.com, August 21, 2014.

Evidently, institutions of higher learning go through a wave of sinister cyber-assaults throughout the academic period.

However, the worst thing observed is that the majority universities don't have proper equipments for stopping or dealing with such assaults that as per the report, leads to their rankings within cyber-security lower than those of healthcare as well as retail, the twin segments that experience almost constant security assaults with frequent successful hacks.

Most assaults that colleges and universities encounter result from malware contaminations. Recalling attacks by a Trojan virus that compromised Apple PCs while seized sensitive private data through masking of the malware like some browser plug-in, a similarity can be noticed with colleges getting targeted with mostly such Trojan-like malicious programs.

Other most common malicious software discovered on university or college computers are Adware -malware which attacks end-users via online ads. Conficker is yet another stubborn malware, a kind of PC-worm which compromises Windows OS of Microsoft.

The report indicates that universities become so frequent targets of cyber-assaults since they possess an enormous repository of personal as well as other personal information that include from Social Security Numbers and addresses to intellectual property and credit card details. Accordingly, hackers who fast discern the feeble IT systems the institutions maintain for data protection, exploit the situation.

As per CTO and Founder Stephen Boyer of BitSight Technologies, institutions of higher learning frequently and without difficulty get targeted with malicious software as students lack essential central security arrangement similar as within the corporate. SCMagazine.com published this, August 21, 2014.

Boyer explains the above means probable risk to pupils' data followed with intellectual property too, stored inside computers, which could have vital research material.

He adds that schools, nevertheless, ranked top for security, employed an information security director or CISO. Moreover, even though the complete sector of education is not doing well, evidences do arise of educational institutions which are indeed prospering, he concludes.

Read more... - With US Colleges Re-...
 
Chinese Linux Trojan Jumps to Windows PDF Print E-mail
Written by Administrator   
Friday, 29 August 2014 13:00


According to Russian anti-malware software house Dr. Web, a Chinese computer Trojan written for Linux OS (operating system) has apparently jumped to Windows.

Dr Web first revealed in May 2014 that the original malicious software known as "Linux.Dnsamp" is a DDOS Trojan, or a Distributed Denial of Service Trojan which transmits between Linux machines. It alters the startup scripts, collects and sends data of machine configuration to the server of the hacker and then run silently and wait for orders.

Now the same computer thugs appear to have ported the computer Trojan to run in Microsoft Windows and dubbed it "Trojan.Dnsamp.1"

The Windows edition gains admission into the operating system pretending as Windows Service Test and its then hoarded in the folder of the system of the tainted machine entitled "vmware-vmx.exe".

The threat is crafted to trigger only if the date of the system is set after 2nd December, 2013 otherwise it remains inactive.

It launches attack with a signal to attackers and then obediently waits for the commands to begin the DDoS attack. Worse, it can download and run other malevolent programs creating bigger problem for the end user.

Itprortal.com published news on 20th August, 2014 quoting the security firm as saying "researchers of Dr. Web discovered certain features in the Trojan's code which indicate that it has been written by the virus makers behind Linux.BackDoor.Gates and Linux.DDoS malware."

Dr. Web also says that they found maximum attacks against Chinese servers by this particular Trojan family during the monitoring period of 5ht June to 13th August, 2014.

In July 2014, well-known Russian security firm Kaspersky identified a comparable DDoS Trojan for Linux which, most interestingly, could conduct DNS (Domain Name System) amplification attacks and not like other Linux Trojans, it had an advanced modular structure.

Dr. Web concluded that although most users of computers are vulnerable to threat of malware everyday but to find a threat on Linux machines is a lot rarer and it is almost unheard of any type of malware to be transferred from one operating system to another operating system as is happening in the above mentioned case.

Read more... - Chinese Linux Trojan...
 
Microsoft - Malware Authors Writing Rogue AV More Advanced Now PDF Print E-mail
Written by Administrator   
Friday, 29 August 2014 11:00

Infosecurity-magazine.com reported on 21st August, 2014 quoting software giant Microsoft as "Rogue anti-virus authors are now using browser-based strategies in a new attempt to infect users and improve their success rates."

Infosecurity-magazine.com reported on 21st August, 2014 quoting an explanation of Daniel Chipiristeanu, a Researcher at Microsoft Malware Protection Center (MMPC) recently as "in the past rogue AV would use the hosts file to block access to the genuine security software of victim making it unable to protect against the malware."

He said that Rogue: Win32/Defru, a new variant, will now totally block access to the Internet.

Ibtimes.co.uk published a statement of Chipiristeanu on 21st August, 2014 saying "When the user is surfing the Net, the rogue will employ the hosts file to redirect links to a notorious specific bogus website which is frequently used in social engineering by fake AV malware."

Chipiristeanu said that the rogue is written in PHP and continues at machine reboot by adding up to the registry key.

Luckily, it isn't complicated to eradicate the malware from a tainted device as users must eliminate the entry value from the "Run" registry key and remove the executable file from the disk and admissions from the "hosts" file.

Presently, most of infected machines by Defru - as indicated by language - seem to be found in Russia.

Moreover, product payment can be carried out through credit card at Payeer.com, a payment service based in Russia that also helps in operations relating to currency exchange.

It infected other nations like the United States which comes on a distant second followed by Kazakhstan as third. The remaining infections are mainly in Middle Eastern and Eastern European states with minor infections in Western Europe also.

Securityweek.com reported on 21st August, 2014 quoting Jayce Nichols, Chief of Threat Analysis and Innovation at iSIGHT Partners as saying "we have been monitoring fake anti-virus for a prolonged time period now and it's been a preferred tool by the cyber criminals as users can be tricked effortlessly into either paying for a phony subscription or downloading malicious software while being presented as it looks like a genuine anti-virus alert."

Read more... - Microsoft - Malware ...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1178
Polls
The Spamproblem is
 
Who's online
We have 34 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us