Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

BLOG
‘Rocket Kitten’ Targets Organisations in Israel and Europe PDF Print E-mail
Written by Administrator   
Monday, 30 March 2015 11:00


Trend Micro, a security firm, has disclosed a fresh targeted attack against European and Israel organizations which was launched by the state-backed threat group called 'Rocket Kitten'.

The firm said that the campaign Woolen-GoldFish is a dissimilar set-up from a previous effort by the group.

Trend Micro said in a fresh report that the previous attack depended on a spear-phishing email loaded with a tainted attached Office file and GHOLE malware started to download whenever users had to permit macros to witness the content of the attachment.

This new operation contains an improved and more reliable spear-phishing element with restricted content designed to persuade the user to click through.

It also replaces the nasty attachment with a link of Microsoft OneDrive which leads to a malevolent PowerPoint file known as 'Iran's Missiles program.ppt.exe.' The report claimed that this tactic could have been developed to help the attack avoid the email security.

The executable then drops a CWoolger keylogger's version on the machine of the victim to hover up the details. The authors of this report claim that this malware is not as sophisticated as its contemporaries.

Interestingly, Trend Micro has found many clues which suggest a connection between Rocket Kitten and Iran. Metadata of the malicious files reveal that many individuals have contributed to the development of the malware but the main author is apparently using the online moniker "Wool3n.h4t."

Researchers say that a blog is hosted by a free service in Iran with the help of Wool3n.h4t. The blog is presently not active and hosted posts published by a user known as "Masoud pk," which may be the real identity of Wool3n.h4t. If Wool3n.h4t is the name of Masoud, then he could be Iranian because it is one of the top 50 most common names in Iran.

Experts analyzed the command and control (C&C) servers used by the GHOLE malware and found a connection with Iran.

V3.co.uk published a report on 19th March, 2015 quoting a paper as "threat actors involved in Operation Woolen Goldfish consistently using other malware with command and control reference is hard-coded as an IP address in the binary. A domain name was not used and moreover it lands on the system with a name which is very similar to some variants of Ghole malware (used by Rocket Kitten)."

Read more... - ‘Rocket Kitten’ ...
 
Cisco Identifies a New “PoSeidon” Point-of-Sale Malware PDF Print E-mail
Written by Administrator   
Monday, 30 March 2015 11:00


Thehackernews.com published news on 22nd March, 2015 stating that the security experts of Cisco's Talos Security Intelligence & Research Group has discovered a new and horrible breed of Point-of-Sale malware dubbed "PoSeidon" and the team says that it is more advanced and nasty than the previous Point-of-Sale malware.

The Point-of-Sale malware is designed to have the capabilities of both the notorious Zeus banking Trojan and infamous BlackPOS Trojan which robbed Millions from big retailers of US such as Home Depot in 2014 and Target in 2013.

PoSeidon scrapes memory from PoS terminals to search for sequences of card number of major card issuers such as Master card, Visa, Discover and Amex and then uses the Luhn algorithm to confirm the validity of credit/debit card numbers.

Researchers say that the Trojan then siphons the captured credit card information off to Russian (.ru) domains to harvest and probably resale.

Cisco's team explained that interestingly, at a high level, PoSeidon starts with a Loader binary which, when being executed, will first try to maintain persistence to avoid a system reboot which may happen.

The Loader then contacts a command and control server rescuing a URL containing another binary to download and execute. The downloaded binary known as FindStr installs a keylogger and scans the memory of the PoS device for sequence numbers which could be the number of credit card. When the numbers are verified as credit card numbers, keystrokes and credit card numbers are encoded and sent to an exfiltration server.

Cisco said that the component of the keylogger was potentially used to steal passwords and could have been vector which is the initial infection.

Researchers say that PoSeidon is among other increasing number of malware abusing POS systems which demonstrate the advanced strategies and approaches of authors of malware.

"Attackers will continue to attack POS systems and implement many complicated techniques in trying to avoid detection. Attackers will go on to invest in improvement and techniques of new malware family as long as they get good returns from the attacks on POS."

Cisco observes that the network administrators must adhere to best practices of the industry if they intend to pose a challenge to POS malware.

Read more... - Cisco Identifies a N...
 
Hackers Targeted Sacred Heart Health System PDF Print E-mail
Written by Administrator   
Saturday, 28 March 2015 18:00


Florida, USA situated Sacred Heart Health System of late declared that hackers managed to acquire admission into a PC belonging to an intermediate billing vendor so they could reach the secret information of about 14,000 patients, published ricksblog.biz dated March 17, 2015.

Actually, hackers through a phishing assault acquired admission into a staff member's e-mail account who worked at the billing company.

It maybe noted that phishing assaults involve fraudulent e-mails, which seem as coming from one genuine person or company, as they contain baits for the e-mail recipients to act by following a given web-link that takes onto some phony website or downloading malware onto their computers from attachments in such e-mails so their e-mail accounts can be compromised.

Now, as a consequence of the latest phishing assault, the health data of some patients at Sacred Heart got compromised that consisted of name of patients, their birth dates, the service date, physician name, diagnosis along with treatment processes, and total expenses.

And while the Social Security Numbers of about 40 persons too got accessed, the hackers, however, couldn't manage in reaching medical records of patients.

Also, when on 2nd February 2015, Sacred Heart got notification about the security breach; the organization and the billing company together instantly started one detail investigation.

Privacy Officer Genevieve Harper at Sacred Heart Health System stated that the organization greatly valued patient data's safety and privacy so it regretted the disturbing incident. According to him, it was on top of their activity list to help all of the affected patients, thus published ricksblog.biz.

Harper further said that all essential as also suitable measures were being taken for stopping the kind of happening ever again. In particular, the health system was coordinating with its billing company for making sure the latter continuously changed and evaluated its efforts towards improving the privacy/safety of sensitive/confidential data within its possession.

Those impacted with the breach have been suggested to call 877-244-8984 from 8 am-6 pm, any day from Monday-Friday incase they've any queries. There's also free service to get credit reports for anxious individuals, from TransUnion, Experian alternatively Equifax.

Read more... - Hackers Targeted Sac...
 
NCUA Cautions Consumers about Phishing Scam PDF Print E-mail
Written by Administrator   
Saturday, 28 March 2015 18:00


National Credit Union Administration has expressed concern that end-users could get victimized with one fresh phishing campaign, which masquerades as the regulator by copying its name and online site, published cujournal.com dated March 17, 2015.

It maybe noted that the Virginia, USA headquartered NCUA works like one independent federal organization that US Congress has created for controlling the credit unions of federal rank.

Lately NCUA stated that many reports had come to it regarding a phishing campaign which resorted to one website having the logo and design exactly like its own so as for defrauding end-users into transferring money or revealing information.

The fraudulent e-mails are spoofed to look like NCUA messages that seem as emerging in Australia, however, state the agency provides services within Europe, USA and other countries. According to NCUA, consumers are being cautioned that the e-mails and the administration aren't in any manner linked. Specifically, the phishing e-mails that try convincing end-users towards giving their login information, account numbers, and Social Security Numbers (SSN) aren't from NCUA.

It (the administration) has advised everyone who gets the above phishing e-mails for contacting the fraud hotline phone-number of NCUA while inform IC3 (Internet Crime Complaint Center) an alliance joining National White Collar Crime Center to FBI.

Worryingly, the above type of phishing attacks is numerous that pose one huge threat to Internauts, remark security analysts.

According to them, following are certain easy suggestions for aborting phishing attacks. First, hackers commonly use an urgency tactic to make victims reveal personal information regarding any kind of account like bank account, credit or debit card account, password for an account or SSN similar to the above instance. This tactic is to get the victim follow a malevolent web-address else open an attachment designed for contaminating his PC else capturing his secret data. Hence, it's suggested that such web-links/attachments mustn't be clicked/viewed.

Secondly, all legitimate brands, companies or agencies wouldn't ever contact customers through e-mail, like within the aforementioned instance. Actually, NCUA too states that it won't ever communicate with members asking for financial or other personal information, while if it does, that would be through postal mail.

Read more... - NCUA Cautions Consum...
 
Aurora Health Care Cautions about Internet-based Assaults Targeting the Organization PDF Print E-mail
Written by Administrator   
Friday, 27 March 2015 08:00

Wisconsin, USA-situated biggest health system in the state Aurora Health Care recently cautioned its employees regarding cyber-assault that had targeted the organization for stealing logon credentials that visitors might enter into various websites particularly financial sites, published jsonline.com dated March 17, 2015.

Aurora stated that there was no clue regarding if any patient data like insurance information or medical records had got stolen.

It also told a few erstwhile and all current employees that malware had infected servers and workstations that the health system used so miscreants could seize logon details whilst nurses, doctors as well as other staff visited particular social networking and financial websites.

The malware, allegedly one PC-virus that had infected Aurora Health came to the experts' notice on January 27, 2015 following which Aurora contacted FBI (Federal Bureau of Investigation). The health system further engaged one cyber-security agency for eliminating the virus as well as for carrying out one forensics analysis for finding out the various data that may've got seized.

Through one memo dated March 10 that Aurora distributed among employees, the organization said that surely such kinds of criminal operations were damaging, expensive as well as frustrating. Aurora kept on conducting the investigation with FBI's help for recognizing the hackers. The health care expressed regret due to any difficulties the event caused, the memo indicated.

Meanwhile, extra protection has been enforced at Aurora for stopping the kind of incidents from occurring again. Further, overall security upgrading has been done of the health system's PC-network, with all computers equipped with illegitimate access detection technology, whilst mobile PCs' storage units equipped with beneficial encryption mechanism.

Officially Aurora notified that it considered cyber-security with utmost seriousness while it'd run awareness/training sessions so caregivers could know of cyber-dangers.

The notification that Chief Human Resources Officer Amy Rislov signed concludes with important instructions for keeping intact computers' along with caregivers' security at Aurora. Softpedia.com reported this, March 13, 2015.

Moreover, personnel have been directed for resetting their passwords frequently while avoiding logging into personal A/Cs on social-networking sites via Aurora workstations. They've also been urged for eschewing viewing attachments/URLs that arrived through dubious-appearing e-mails.

Read more... - Aurora Health Care C...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1253
Polls
The Spamproblem is
 
Who's online
We have 53 guests and 1 member online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us