Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

BLOG
Chinese APT Syndicate Abuse Microsoft’s Portal PDF Print E-mail
Written by Administrator   
Friday, 22 May 2015 07:00

An APT syndicate from China is believed to have exploited the TechNet website of Microsoft so the syndicate could conceal its BLACKCOFFEE malware's CnC (command-and-control) server IP addresses while using the malware for online spying, published softpedia.com dated May 14, 2015.

In a technique called "dead drop resolver," the cyber-criminals publish the IP codes onto the portal, comments alternatively profile pages through various threads by encrypting the codes that the malware would later access following the target system's compromise.

Software Company Microsoft and Security Company FireEye examined this tactic via blocking access to the pages in which were published the IP addresses after which they sinkholed one page for acquiring details about BLACKCOFFEE's latest malicious activity.

The Chinese syndicate in discussion is named APT17 along with another name DeputyDog. This group has been wielding various variants of BLACKCOFFEE an act being watched over since 2013.

The BLACKCOFFEE, when loaded onto a PC, provides the hackers multiple abilities. It enables downloading and uploading documents; elaborating different processes and files; opening reverse shells; deleting, moving and renaming files; introducing fresh backdoor commands; and disabling processes.

As per FireEye, APT17 has been attacking USA's government organizations along with global NGOs (non-governmental organizations) as well as private firms, especially within the defense sector, mining companies, IT (information technology) firms and law companies.

Groups that are small yet increasing in number typically co-opt popular websites' legal functions with an aim to code in their CnC interactions. Earlier, APT17 exploited Bing and Google for disguising its servers and operations.

Global Information Security Researcher Bill Hagestad II who has also written many books on Internet warfare by China observes that the TechNet ruse by APT17 shows Chinese hackers' tactical change. Technewsworld.com reported this, May 15, 2015.

Hagestad adds that the hackers are moving towards being offensive from being defensive. They are also utilizing 'information sharing' methods against people surfing on the Web.

Hagestad explains how people in western countries share information presuming that's helping others. This is being seen as an opportunity among the Chinese to utilize the rules related to 'exchanging technical information' in opposition to other Web-surfers.

Read more... - Chinese APT Syndicat...
 
Cybercriminals Exploiting Popularity of Dropbox - Warn Experts PDF Print E-mail
Written by Administrator   
Friday, 22 May 2015 07:00

Softpedia.com published news on 11th May, 2015 quoting a warning of security experts as "A new phishing email leveraging the name of popular file storage and sharing service Dropbox is presently rolling and targeting innocent netizens."

The fake email requests you to click on a link showing urgent and extremely confidential documents using the Dropbox app. It tells you to click on a 'Dropbox' URL to download documents and asks you to follow 'kindly do the needful.'

In fact, the phishing email has no link with Dropbox and the URL opens neither any urgent documents nor otherwise.

The fake email asks you to click on an enclosed link which, if clicked, takes you to a phony website or a phishing website which instructs you to login your webmail service provider to see the said document. The webpage contains clickable icons of many well-known email service providers comprising of Yahoo, Gmail and Outlook. The page also contains an icon of generic 'email account' aiming at populace with accounts not specially listed.

Clicking the icon matching your email service provider, will guide you to a second phishing page that asks you to submit your details of email account and password to 'login'.

The scammers masterminding the scam can gather credentials of your login details submitted by you and then employ them to compromise your email account.

Security experts highlight that unfortunately this scam is not new and cyber criminals are continuously changing the content of the message to adjust according to current trends.

The configuration followed in this case is a classic one having ambiguous details about the content mentioned in the message and clear information about the urgency of accessing the resources.

When users get such messages, they should take a moment and analyze these messages to look for signs of fraud. A genuine message from an online service provider is clear and addresses the user by his/her name which was provided at the time of registration.

Security experts, while analyzing the scam email, comment that lack of this element should create suspicion and it is enough reason for further investigation such as looking at the address of the sender of the email.

Read more... - Cybercriminals Explo...
 
Kaspersky Describes ‘Naikon’ Gang Highly Energetic PDF Print E-mail
Written by Administrator   
Friday, 22 May 2015 07:00

An advanced persistent threat (APT) group Naikon, which seemingly speaks Chinese, has been successfully hacking into countries' organizations the past 5-yrs near the sea in south China region, while being extremely active across Asia, says Kaspersky.

It was in April that Kaspersky exposed the group whilst it attacked head on another Internet-spying entity going by the name Hellsing. Hellsing had combated Naikon, which carried out spear phishing assault, via the means of own phishing campaign for extracting additional details regarding the attacker as well as its purpose.

Naikon chiefly attacks high-profile government organizations along with military and civil agencies within nations such as Cambodia, Malaysia, the Philippines, Myanmar, Vietnam, Indonesia, Laos, Thailand, Singapore, Nepal and China.

To infiltrate its targets, Naikon uses spear phishing attacks via the distribution of e-mails having files attached that would enthuse potential victims.

According to Principal Security Researcher Kurt Baumgartner at Kaspersky, the Naikon attackers use an extremely flexible infrastructure easy to establish within any target state. This command structure would extract all data from the victims' computers. Subsequently, the attackers may search for another target inside a different state and exploit it by simply establishing one fresh connection, Baumgartner explains. Gulfnews.com reported this, May 17, 2015.

Meanwhile, it isn't evident from Kaspersky's report if the PC infiltration is designed for filching sensitive data alternatively for proving that the security arrangements by governments aren't sufficiently strong.

Notably, Naikon had tried contaminating PCs belonging to law enforcement, military and government organizations as well as departments of civil aviation within Malaysia along with many other nations soon after the disappearance of the Malaysian Airlines Flight MH370. In April, Kaspersky Lab stated that Naikon was attempting at blocking the details in connection with the missing flight's probe coupled with its search initiatives.

And while there's a close association between Naikon's activities and APT30 a group getting the name from FireEye, Kaspersky Lab doesn't exactly describe the two groups as the same. According to it, it isn't astonishing that both actors may've an overlapping aspect, since they've been mining victims within the same South China Sea for years. Securityweek.com reported this, May 14, 2015.

Read more... - Kaspersky Describes ...
 
Ex Employee of US Govt. Indicted for Stealing and Selling Nuclear Secrets PDF Print E-mail
Written by Administrator   
Thursday, 21 May 2015 07:00

Rt.com published news on 8th May, 2015 stating that Department of Justice in US (DoJ) has accused a former employee, Charles Harvey Eccleston (62), of the Department of Energy of US and Nuclear Regulatory Commission (NRC) for attempting to hack computers of government to obtain information regarding nuclear weapons.

According to the charge announced in court recently, Eccleston is accused of having tried to attack more than 80 employee's email accounts of Energy Department in January 2015 with with email "spear-phishing".

Spear-phishing is done by sending fake emails which look genuine but actually it delivers a virus into the computer whenever it is opened. Eccleston is charged because he tried to damage the computer network of the Department and therefore gained entry to information regarding nuclear weapons.

Rt.com published news on 8th May, 2015 quoting John Carlin, Assistant Attorney General, as saying "Eccleston wanted to compromise, abuse and harm computer systems of US government containing sensitive information about nuclear weapons with a purpose of allowing foreign countries to gain access to that information."

Eccleston collected nuclear secrets through his operations of spear phishing and was caught when he tried to sell the same to an undercover FBI agents who was posing as representative of the unknown country. He also went to the embassy of an unnamed foreign country and tried to sell classified information.

Eccleston was fired from NRC in 2010 apparently for bad conduct and performance and since then he had been living in the Philippines. He was detained by the authorities of Philippine in Manila on 27th March, 2015 and deported to the United States to face criminal charges.

Securityweek.com published news on 8th May, 2015 quoting documents of FBI as "When Eccleston was asked that what he would do if Country A was not eager to take the US government information from him, he said that he would go to Iran, China or Venezuela because he believed that these countries would like to have these information".

Eccleston facing upto 50 years in jail for four charges for which he has been accused will be detained till his hearing on 20th May, 2015.

Read more... - Ex Employee of US Go...
 
Fresh Linux Rootkit Now Leverages Machines of Windows Also PDF Print E-mail
Written by Administrator   
Thursday, 21 May 2015 07:00

COMPUTERWORLD reported on 11th May, 2015 stating that a team of unknown developers who of late developed a Linux rootkit running on graphics cards have released a fresh proof-of-concept malware with same effect on Windows in addition to working of a Macintosh OS X implementation.

The creators are trying to proclaim that malware can taint GPUs and the security industry is unknown of it. Their purpose is not to alert malicious criminals but the release of unfinished and buggy designed source code could be potentially built upon and employed for criminal purposes.

Net-security.org published a report on 11th May, 2015 quoting Team Jellyfish as saying "We are still rotating around ideas and virtual code upon what we think is cool and so we apologize to anyone dissatisfied because of existence of buggy still-in-beta application. Our aim was to inform everyone about the existence of gpu based malware and obviously we succeeded from telling what has been publicized."

The creators are aiming to highlight the problem which does not exist in the operating system like Linux or Windows nor with the GPU (graphics processor unit) sellers but the problem is with current security tools that are not designed to scrutinize the random access memory (RAM) employed by GPUs for malware code.

According to developers, the new Windows malware which is planned for demonstration is known as WIN_JELLY and acts as a Remote Access Tool or Trojan (RAT).

Experts say that besides the malware tapping GPUs to mint Bitcoin and other crypto currencies, they are not aware of active circulation of malicious software in the wild which makes use of graphics processors of infected computers. However, most or all those titles run mainly on CPU and discharge only the computationally intensive workloads to the GPU.

In March 2014, researchers of Kaspersky Lab recognized highly refined malware in the wild which infected firmware running 12 different models of hard drives. The creator of the malware is a group which had flown under the radar for 14 years.

Experts commented that although the code running on the GPU is almost undetectable today, it would not be surprising to realize that state governments had already exploited these weaknesses for detection.

Read more... - Fresh Linux Rootkit ...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1273
Polls
The Spamproblem is
 
Who's online
We have 239 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us