Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

BLOG
Group of Suckfly Cyber-Espionage Targets Indian Private and Government Companies PDF Print E-mail
Written by Administrator   
Wednesday, 25 May 2016 07:00


Symantec, a tech firm of cybersecurity, in recent times published the report mentioning Suckfly's activities. Suckfly is advanced cyber espionage group, which conducted various long-term campaigns of espionage against prominent targets consisting commercial organisations and governments in India.

Symantec identified several attacks happened during last two years, starting from April 2014. These attacks happened in many countries, however Symantec's investigation discovered that the main targets were organisations and individuals mainly located in India.

Symantec identified many targets, which were very popular commercial organisations situated in India. The organizations include a big e-commerce company, one of the biggest financial organizations in India, two organizations of government and one of the top 5 IT firms in India. Suckfly devoted more time in attacking government networks as compared to all barring one commercial targets. Moreover, one of the 2 government organisations had the maximum infection rate among the Indian targets.

All these targets are big corporations, which play a key role in the development of Indian economy. It would be very damaging for the organization if it receives attack. Thetechportal.com posted on May 18th, 2016, stating that Suckfly could have had a much more effect on India and in its economy by targeting each and every of these organisations altogether.

The post also states that, an Indian organization (government) is connected with central government departments of India, and is also accountable for implementing software network in various departments and ministries. High infection rate of the target is expected due to the organisation's access, information and technology, which it has on other government organisations in India.

The attacks by Suckfly on the government organizations, which provide services regarding information technology to other branches of the government, are not only confined to India.

The attacks by Suckfly begin with phishing emails, which deliver the booby-trapped documents. These documents (files) exploit the CVE-2014-6332 to infect target with Nidiran backdoor that the attackers use for installing Hacktool, which is a password removal utility.

Crooks then are using these passwords to search and scout the local network, collect any possibly interesting data as well as use the backdoor another time to send it to the servers.

Symantec observed that these attacks happened on weekdays only because the group was definite to find various working people who will read spear-phishing emails.

Read more... - Group of Suckfly Cyb...
 
Hacker Puts 117m User Credentials from Linkedin Up for Sale on Dark Web PDF Print E-mail
Written by Administrator   
Wednesday, 25 May 2016 07:00


A hacker asserting he possesses the credentials of several million members of LinkedIn has started campaigning sale of the data on the Internet. The overtly long catalogue of usernames/passwords that the hacker apparently obtained through an assault against the professional social-networking website 4-yrs back is getting touted via the Dark Web, an area of the Web that can't be accessed through usual browsers while frequently serves as a platform to carry out illegal operations.

As per Motherboard a news website, one hacker calling himself "Peace" has posted all details about 117m members of LinkedIn on The Real Deal a darknet marketplace at the cost of 5 Bitcoins, the crypto-currency valuing 1,500 pounds.

Peace spoke to Motherboard while substantiated that the login credentials were from a hack of 2012 -suggesting that LinkedIn didn't let it go public how widely the breach had spread during the time. Thenextweb.com posted this, May 18, 2016.

Additionally according to Peace, whilst most of the stolen passwords were hashed/encrypted using SHA1 algorithm, 90%-or-more had already been deciphered. Motherboard itself too verified the passwords and electronic mail ids of a few impacted users.

A victim told the news site it was his current password that belonged to the list, albeit he altered to a fresh one immediately after becoming aware of the hack.

Meanwhile, LinkedIn Corp., of Mountain View, California that boasts of 400m members within two hundred nations and territories globally, stressed that there wasn't any sign of one fresh data-hack.

According to the company, it was working for figuring out just what total number of the listed user passwords continued to be utilized as also was proceeding towards resetting them while informing the said users.

Security specialists state this kind of incident rightly reminds that people must change their passwords often, ideally after some months every time, so that during surfacing of any hijacked information long afterwards, like within the current instance, users wouldn't get too worried.

Had LinkedIn made known the actual effect of the data-hack, people would've adopted the essential measures for protecting their accounts as also eschewed reapplying the same password for other A/Cs as that of LinkedIn.

Read more... - Hacker Puts 117m Use...
 
Bitcoin Exchange Service Gatecoin Suffers a $2m Theft PDF Print E-mail
Written by Administrator   
Tuesday, 24 May 2016 07:00


This past week there was news about a security incident within crypto-currency exchange system affecting one service based in Hong Kong that was executing assets' sale associated with Ethereum-reliant DAOs (decentralized autonomous organizations).

On Friday it was reported that Gatecoin encountered one cyber assault against its digital currency-filled hot wallets which led to huge funds loss. The exchange released one fresh update suggesting that a massive two million dollars were lost, substantiating the hack.

CEO and Founder Menant of Gatecoin writes that during May 13 night HKT, the exchange spotted a few dubious transactions and instantly halted its services for conducting a probe as also for preventing any further illegitimate admission into the hot wallets of BTC and ETH.

Menant continues that the service had earlier communicated about the storage of majority of customers' crypto-asset revenues inside multi-signature cold purses. Despite so the sinister outside party carrying out the current hack managed in changing Gatecoin's system in order that deposit transfers of BTC/ETH eluded the multi-signature cold wallets while landed straight into the hot purses over the hacking time, implying that ETH fund losses went beyond the 5% restriction which the exchange implemented upon its hot wallets.

The remaining crypto-currency remained from hackers' tampering because Gatecoin had kept them within multi-signature cold purses -far more difficult to meddle with. Another service trading Bitcoin namely ShapeShift encountered one likewise event in April 2016, when hackers seized currency from the trader's hot purses.

Meanwhile, according to the exchange, it was able in identifying as well as quarantining the addresses the thieves utilized for exfiltrating the asset revenues. Four Ethereum and six Bitcoin addresses were identified. Softpedia.com posted this, May 16, 2016.

In a voluntary effort, other companies for BTC trading helped Gatecoin via keeping vigil to find any transactions carried out of these wallets as well as track the digital money that got transferred from one end to another end of the block-chain.

Significantly, assuring its clients that their funds were secure, Gatecoin said it would recompense users who lost funds from their wallets. Moreover, Menant said the DAO and Digix tokens hadn't been tampered with.

Read more... - Bitcoin Exchange Ser...
 
Ukrainian Hacker confesses his role in Hacking Three Services of Business Newswire PDF Print E-mail
Written by Administrator   
Tuesday, 24 May 2016 07:00


Vadym lermolovych entered the appeal to a complaint charging him with serious theft of identity and conspiracy to commit wire and hacking of computer. The 28 yr. old man from Kiev faces imprisonment up to 20 years, when he will be sentenced on 22nd August.

Lermolovych was one of the many people arrested in August, in Ukraine and U.S. The Securities and Exchange Commission also charged them along with 23 other persons and companies in Europe and U.S.

Prosecutors claimed that, from Feb. 2010 to Nov. 2014, hackers breached the networks of the computer of three companies and stole draft releases, which they shared among others who traded stocks in advance of the corporate earning which were disseminated in public.

Lermolovych said in his appeal that he purchased a hacked database containing stolen user names and login credentials of employees of PR Newswire. Bloomberg.com posted on May 17th, 2016, stating that he entered the company's network by using stolen credentials of one employee on 27th Feb. 2013, and then went on to steal releases.

The release observed that confession of Lermolovych indicated the first conviction of the hackers who are responsible for breaching the networks of PR Newswire Association LLC and Business Wire and Marketwired L.P. jointly referred to as the "Victim Newswires".

Since some of the trades were traded in New Jersey, charges were filed in federal court in Newark. The hacker pleaded guilty of the charges and so he faces imprisonment for 20 years plus a fine of $250,000 for his wire scam charge; five years more imprisonment plus $250,000 penalty for the scheme to commit cheat and allied activities in connection of computers; and a compulsory penalty for 2 years of jail term to be joined to other sentences for his serious charge of identity theft.

Hacking companies for inside dealings has become a fashion in recent years. Many firms of US saw cyber-attacks from hackers during this March, which tried to breach their network.

Read more... - Ukrainian Hacker con...
 
Apple Removes Security App of iOS Because of “potential” False Positives PDF Print E-mail
Written by Administrator   
Monday, 23 May 2016 07:00


Apple has removed an app which helped customers to identify hidden hackers on their iPhones, just a week after it was launched on the marketplace. The application on 'System and Security Info' of German firm SektionEins, picked up different irregularities including any unwanted tinkering with certificates supposed to guarantee the authenticity of the applications and usage of files associated with definite breakouts.

Such type of breakouts can be carried out without the knowledge of the user to remove Apple's several security protections. Stefan Esser, founder of SektionEins, says that this app was the only app on Apple's App Store which was capable of listing all procedures happening on the device.

Unluckily, the app went into problems during its fourth review process for the App Store and so it was removed. Esser was informed that detecting problems and weaknesses in the phone of the user was not allowed and could lead to "potentially incorrect and deceptive diagnostic functionality for iOS devices."

Esser believes that his app was debarred because Apple does not want its users to know that iOS could have security flaws. Esser adds that his app is a system info tool which shows a list of procedure and status of jailbreak like many other apps presently available. Esser confirms that he will not release a version of the app for jailbroken devices. Slashgear.com posted on 16th May, 2016 stating that Apple has not offered any comment officially to remove this app.

Esser believes that Apple has removed the app because this app is able to show that iPhone has been jailbroken, which will reveal that there are security flaws in iOS. He tweeted "Our app is pulled and not others, because our app shows status of system info/jailbreak as we could dent on 'unbreakable iOS.'

Apple was never friendly with apps which poked internals of iOS; the removal of the app was just a matter of time. The developer of the app has been vocal on Twitter since past hours and he actually explained more sensible than Apple. This decision may confuse users and further remove faith which developers put on the company.

Read more... - Apple Removes Securi...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1403
Polls
The Spamproblem is
 
Who's online
We have 81 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us