Support our Sponsors

uClip Clipping Path Service

Main Menu
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions

feed-image Feed Entries

Credit Card Skimming Malware Infected Republican Donor Website Spanning Six Months PDF Print E-mail
Written by Administrator   
Friday, 21 October 2016 07:00

Indicating that cyber-criminals actually do not hold any political allegiances, latest news tells that over the past 6 months an online site through which funds are collected to aid Senate Republicans contracted malware. The malware provided the crooks access to Republican donors' names and addresses along with payment card information.

As per Willem de Groot, security developer and researcher, the National Republican Senatorial Committee's (NRSC) storefront related to some 5,900 e-commerce services was lately discovered compromised with data-stealing software.

The Holland-based security researcher explained that anybody buying items from the NRSC and/or giving charity to it through its website possibly ended up divulging his credit card details that probably got sold over the shady regions of the Web. Further according to De Groot, it was discovered that the filched information got transmitted onto multiple servers situated inside Belize that an ISP of Russian language ran. posted this, October 18, 2016.

The researcher stated that he split the malicious software implanted on NRSC's website as well as other servers only to find that weak passwords and security flaws were exploited for hacking into the different e-commerce forums.

He also discovered that the malware was destined to particular URLs that appeared as lawful websites for e-commerce operations. These websites included magento-connected[dot]com, visa-cdn[dot]com and jquery-cloud[dot]net.

Brian Krebs, Security Journalist reporting on the discoveries of De Groot stated that keyloggers employed on the Web performed form grabbing too, splitting form data that Internet site visitors submitted such as names, phone numbers, addresses, payment card numbers along with their verification codes, as consumers swiped in the details while checking out online.

The malware is hard to get noticed because it's quietly planted inside the web-page's code, while a not-so-savvy Web-surfer thinks it to be routine Web-code. Furthermore, since the page has wiretap code actively running there instead of tapping web-traffic, the code flawlessly runs on protected HTTPS pages, making visitors no better perceivers of the malware.

The motives of the political hacks appear different, says FBI such as the DNC security breaches appear to be aimed at manipulating the election's outcome, while the NRSC breach appears financially motivated.

Read more... - Credit Card Skimming...
TrickBot Banking Malware Similar to Old Dyre Trojan PDF Print E-mail
Written by Administrator   
Friday, 21 October 2016 07:00

Malware, might based on one of world's most terrible banking Trojans, is at this moment targeting the Australians users. Jason Reaves, malware mangler of Fidelis, says that the TrickBot malware has many codes similar to Dyre Trojan, which is a threat ripped through the Western banks as well as businesses in UK, US, and Australia, causing damages of tens of millions of dollars through many phishing campaigns and spam from June 2014 onwards. posted on October 18th, 2016, stating that Dyre stole around US$ 5.5 million from the budget carrier Ryanair; and cheated individual businesses around $1.5 million each in the substantial wire transfers by using stolen credentials of online banking.

Fidelis Cybersecurity says that there are sufficient indications as well as similarities between TrickBot and the Dyre for concluding that the team which has designed former is at present working on latter. Jason Reaves, Threat Researcher of Fidelis, says: "from first glance at the loader, called TrickLoader, there are some striking similarities between it and the loader that Dyre commonly used. It isn't until you decode out the bot, that the similarities become staggering."

TrickBot and Dyre use several similar malware componentry, which is called "staggering" similarity by Reaves. The little changes between 2 malware apps code seems to be just upgrades, and not core code.

The researcher indicates similarities that include custom encryptors and loaders, together with close although not the identical hashing, and what looks to be upgraded command as well as control encryption mechanism. They with reasonable confidence assess that one Dyre's original developer or in excess of that were involved with the TrickBot.

TrickBot is not the reincarnation of Dyre; as new trojan got some upgrades over the predecessor. Dyre was coded in C, whereas TrickBot got written in C++. Besides, the new virus for spreading itself also infected the task scheduler of a system, whereas Dyre attacks the system through direct commands. As per Fidelis, the Australian banks are also attacked by face-lifted virus with the help of webinject technique, which is again a departure from Dyre, famous for the URL redirection.

Reaves says that the developers of TrickBot are again rebuilding the Cutwail botnet to get ready for the future spam runs where malware will get spread. It will be exciting to see that whether TrickBot may reach or get pass its predecessor.

Read more... - TrickBot Banking Mal...
Yahoo, Following Massive E-Mail Breach, Thinks Verizon Deal will Continue PDF Print E-mail
Written by Administrator   
Friday, 21 October 2016 07:00

Despite a massive hack against Yahoo in 2014, the Internet pioneer continues to be in business with Marissa Mayer its CEO managing the affairs. During recent few weeks, news headlines contained Yahoo's name for most other things than its products.

According to the General Counsel Craig Silliman of Verizon that had struck a deal with Yahoo valuing $4.83bn, the hack that impacted 500m-or-so electronic mail accounts on Yahoo two years back was likely to affect materially that probably would let Verizon take back its deal.

Verizon's inference, says Yahoo, leads to at least a first impression that the hack hasn't resulted in Yahoo customers fast abandoning the company like fear had emerged in certain quarters. Indeed, customers' behavior revealed increase in e-mail usage and number of pages viewed.

Even then analysts differed in opinion if Yahoo customers' stay dismissed doubts regarding if Verizon would make the deal. While documenting with the securities controllers, Yahoo stated soon before the disclosure of the hack that there weren't any cyber dangers it was aware of raising queries regarding if information of the hack was given to Verizon on time. posted this, October 18, 2016.

According to Ronald Josey, analyst with JMP Securities, the time hadn't yet come when it could be said that the data hack would lead to a lasting damage, while trends of customers indicated a welcome situation.

Following the breach of Yahoo's e-mail accounts, Verizon, preparing for purchasing Yahoo during July, is understood as reconsidering the deal's parts. Accordingly, the wireless firm apparently demands a $1bn reduction in the sales cost. Moreover, Silliman stated that his company was inclining to regard the breached A/Cs as one 'material' event, implying the financial value of Yahoo could be undercut thus making the company less attractive for taking over. Silliman's remarks indicate that Verizon may attempt at negotiating the deal afresh, alternatively perhaps withdraw totally.

Analyst Scott Kessler at CFRA Research stated that because Yahoo didn't notice an instant reduction of users, the hack mightn't result to one material negative change which could impact Verizon's deal. Currently Verizon's acquisition seemingly cannot happen sufficiently quickly for Yahoo.

Read more... - Yahoo, Following Mas...
McAfee Discovers ‘Ghost Push’ the Android Malware PDF Print E-mail
Written by Administrator   
Thursday, 20 October 2016 07:00

A highly prolific Android malicious program continues to be highly prevalent globally even after over 2-yrs of its debut on the threat landscape. The program, an effective Trojan dubbed Ghost Push, contaminates all versions of Android till ver.5 which is called Lollipop that even now 57% of the total Android mobile owners use. Ghost Push doesn't work on Android ver.6 known as Marshmallow as well as the latest ver.7 known as Nougat released recently that together comprise approximately 10% of Android mobiles.

McAfee security researchers the discoverers of the malicious program report that the program pretends to be either an application to access Porn Tube, a Flash plug-in or video codec. A closer examination shows that none of the said items requires confirmation of the user's identity with the aid of any government provided ID; therefore, one should clearly avoid them. posted this, October 17, 2016.

Moreover, after either of the above disguises, the malware poses as Google Play carrying along the first phishing overlay that directs the victim to produce his payment card number. Thereafter, one more phishing overlay directs the victim to produce even more private details along with payment card info comprising name, phone number, birth date, credit card CCV and expiration date, of the card owner.

The aforesaid applications aren't exactly the types to weave even a slightly genuine cause for confirming the user's identity. The red signals appear most prominent. Also, considering we are so advanced to be running in 2016 while Web-surfers continue to employ the password 1234567890, it can be said for sure that somebody would just get ensnared irrespective of how effectively the red signals appear.

So to avoid danger, one must at the foremost eschew downloading dubious 3rd-party applications that an application store may offer rather download applications solely from Google Play because the security firm McAfee observes that the Trojan solely appears as being on applications pulled down from such 3rd-party shopping sites. A downloadable application which seeks personal information is what the application should be actually wanting; while it is extremely occasional when an end-user would require providing his ID's photograph.

Read more... - McAfee Discovers ‘...
The NyaDrop Trojan for Linux-running IoT Devices PDF Print E-mail
Written by Administrator   
Thursday, 20 October 2016 07:00

Malware developers are used to frequently use other malware creators' ideas. Since long, groups of malicious programs have been found, each attempting at doing something that is functionally the same. An example can be illustrated wherein an SQL insertion assault may have changed coding yet it fundamentally remains the same.

Thus, an assault with NyaDrop starts with the malicious program trying to forcibly pierce through the login particulars set by default on Linux-running IoT devices exposed to the Internet. This' done via combing its collection of saved passwords and usernames that's undoubtedly same as the Miral network-of-bots.

But if an end-user reconfigures the device's default login details then NyaDrop mightn't be able to authenticate.

Security community knows Miral best for having its default passwords list from IoT-connected systems inside the malware's source-code. The said default passwords trap the bots because they're frequently kept unchanged at the time of setup. Indeed, a lot of such weak systems mayn't even provide a chance to the end-user for altering them. Possessing ready to use passwords for entering protected systems works to be valuable for one and all trainee botnet herders. posted this, October 17, 2016.

The NyaDrop threat is one fresh Linux Trojan that carries out brute-force assaults on telnet ports while playing the identical IoT tactics like Miral. The small-sized malicious program examines the contaminated PC, creates one backdoor as well as pulls itself down onto the system. That's possible solely when the IoT system's CPU operates MIPS 32-bit architecture that several weak systems contain.

Everything about NyaDrop is obtaining the 'nya' ELF binary which is specified with UNIX, in an appropriate position. This installer practice enables making the malware parasite on hijacked systems up-to-date sometime afterwards. A few mitigation methods can be obtained from a SecurityWeek listing, including a suggestion to vendors for terminating every active SSH from existing as default configuration for the IoT systems.

Thus, it is vital for IoT device users to alter their default login particulars. They must create unique usernames and hard-to-crack passwords. By performing this they'd be protected from NyaDrop as well as many other IoT malicious programs expected overtime.

Read more... - The NyaDrop Trojan f...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1455
The Spamproblem is
Who's online
We have 435 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us