Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

BLOG
Estonian Man Running International Crime Ring to Go to Jail PDF Print E-mail
Written by Administrator   
Tuesday, 03 May 2016 07:00


A United States of America judge sentenced a man from Estonia to 7-yrs and 3-months in jail for allegedly operating one cyber criminal business through which he infected over 4m PCs with malware globally so he could execute click fraud onslaught that profited him greatly.

Lewis Kaplan District Judge of USA ordered the sentence on 35-yr-old Vladimir Tsastsin in Manhattan following the latter's confession during July that he was involved with conspiring to computer intrusion and wire fraud within an operation which caused losses amounting to $14m.

In committing the offense, Tsastsin along with partners arranged the malware as well as several malevolent DNS servers for manipulating Web-surfers' mouse clicks over their search results, followed with removing the original ads from lawful Internet sites and posting their own instead.

The group's objective was to channel huge traffic towards associate as well as advertising programs that fetched it enormous amounts of money. Softpedia.com posted this, April 27, 2016.

Reuter reports U.S prosecutors indicated that Tsastsin along with co-conspirators started to distribute DNS Changer malicious software during 2007. The malicious software would help divert money into accounts of the criminal gang via orchestrations of fake advertisement clicks.

Prosecutors further stated that Tsastsin, back during 2008, was accused inside Estonia over document forgery, money laundering and credit card scam within one campaign, for hacking into Internet retailers' payment processing devices and channeling payments towards his illegitimately created bank accounts.

And while Tsastsin was being convicted, he already owned an active web-hosting firm known as EstDomains Inc. that infamously hosted websites which cyber-crooks could use for child pornography, spamming and malware distribution.

However during November 2011, that activity was stopped after the FBI with assistance from Trend Micro traced the suspects' locations; spoiled the servers, they used, via sinkholing; as well as issued formal accusations against the 7, ultimately detaining 6.

Meanwhile, the extradition procedure stretched so far that a court in Estonia decided announcing Tsastsin not guilty for the DNSMalware scheme. But, U.S authorities maintained their charges leading to the sentencing in addition to which Tsastsin would have to undergo 1-yr of supervised liberation along with forfeiting $2.5m (EUR2.2m).

Read more... - Estonian Man Running...
 
Microsoft Uncovers Attack Group Platinum That Uses Windows Hot-Patching Technique PDF Print E-mail
Written by Administrator   
Tuesday, 03 May 2016 07:00


A hidden utility in Windows computers called hot-patching, not existing inside the operating system from the time Windows 8 was introduced, has become a useful tool for Platinum, an attack group, reveals Microsoft.

Launching targeted assaults, the group spread in Southern and Southeastern counties of Asia beginning 2009. Its interest was particularly government related, so targeted diplomats, defense organizations, government agencies, telecommunication companies and intelligence agencies.

Microsoft uses hot-patching for releasing updates which leverage running processes, as well as upgrade operating system or other applications devoid of requiring computer rebooting. The utility's introduction started through Windows Server 2003 while it was later eliminated within Windows 8 because by then Microsoft realized the mistake committed.

Although assaults haven't ever been documented with the aid of this technique till the present time, security investigators have shown how lethal it was, during different security conferences.

As per Microsoft, Platinum has utilized a minimum of four 0-day exploits within its assaults that aren't exceeded beyond a few each annum so as for remaining undetected. The majority of victims belonged to China, Indonesia and Malaysia.

Exploitation of hot-patching in Windows lets attackers to insert malware inside active processes devoid of even restarting the server. For the utility to work, admin privileges are needed, hence attackers must first be able to access the system for applying the technique. Threatpost.com posted this, April 27, 2016.

Platinum, according to Microsoft, has been applying hot-patching technique via dispatching spear-phishing e-mails, which contain booby-trapped Office files. If recipients open these files, well-known security flaws alternatively first encountered 0-day exploits are employed for contaminating PCs with malicious code which gives the attacker admin rights followed with the ability to execute one malevolent hot-patching operation.

Microsoft notes that a considerable monetary investment is needed for gathering and implementing 0-day exploits for attacks of this level, therefore, the group possibly gets sponsorship from some state actor or some big criminal organization.

Hot-patching, in the form of a methodology overall, isn't for Windows computers solely. Criminals used it last winter and autumn for thrusting malevolent updates into iOS applications, circumventing the App Store of Apple's examination process.

Read more... - Microsoft Uncovers A...
 
Qatar National Bank Suffers Massive Data Breach, No Money Stolen PDF Print E-mail
Written by Administrator   
Tuesday, 03 May 2016 07:00


A huge collection of documents of Qatar National Bank, based in Doha, was leaked and posted online to the Cryptome site on 26th April which is a whistleblower. The leaked data totaling 1.4 GBs, seemingly includes financial data that are sensitive as well as internal corporate files of QNB customers.

There have been many security companies and journalists who have examined and already confirmed the validity of the data since the time popping up online happened first. There is no official count of affected customers as yet, but the number might go up to hundreds of thousands.

The comprised data is more than enough for a wicked actor to commit financial fraud in the name of affected clients.

Softpedia.com posted on April 26th, 2016, stating that QNB first denied any breach of data, however a statement has been issued by the company today saying that they don't wish to comment on the speculation by social media, but specific attention have been paid by them to declare that its customers have not faced any financial impact, partially admitting the incident.

QNB have not responded to the email request of Information Security Media Group for additional information. However, a statement was released by the bank on 26th April saying that the policy of QNB Group is not to comment on reports circulated through social media with reference to "social media speculation in regard to an alleged data breach".

However, QNB commented on the reports by mentioning that neither the bank nor the customers have faced any financial impact, and it is "further investigating this matter in coordination with all concerned parties".

The last folder is doubtfully named "SPY", and contains data of Royal Family of Qatar, the Qatari Ministry of Defence, and different intelligence agencies of Qatar (Mukhabarat), France, UK (MI6) and Poland.

Same folder also consist Al Jazeera reporters details. This data normally comprises of basic reconnaissance info like addresses, contact details, social media accounts, and sometimes even target and their intimate family members images.

QNB, one of the largest banks of Middle East, functions in 27 countries across 3 continents, in 640 locations having 15,300 employees, and with over 1,400 ATM machines. You can read full statement of QNB below.

Read more... - Qatar National Bank ...
 
Android Devices Could Be Infected with Ransomware, No User Interaction Needed PDF Print E-mail
Written by Administrator   
Monday, 02 May 2016 07:00


Attackers by utilizing twin known exploits are unnoticeably planting ransomware onto early versions of Android devices whose operators chance to navigate to websites delivering malevolent ads. It's usual with Windows computers when online assaults, which abuse security flaws within Web-browsers alternatively browser plug-ins, plant malware on the systems. However, this isn't the case with Android which has stronger application security.

The Android assault involves the exploit combination which impact a minimum of 2 crucial flaws within Android ver.4.0 called Ice Cream Sandwich continuing up to ver.4.3 called Jelly Bean. Android ver.4.4 called KitKat could also become contaminated, possibly via exploitation of another combination of flaws.

Google, in one report published in April, states that Android segregates the user-base of its OS to show that users preferred Android ver.5.0 called Lollipop the most. Here, therefore, the worrying aspect is that as many as 56.9% of the entire Android devices can succumb to the particular ransomware, if their versions are the older ones. Ibtimes.com posted this, April 26, 2016.

Vulnerability, which is exploited, exists within Android library 'libxslt' and it lets attackers to take down module.so, name of one ELF binary affecting Linux, on the Android gadget. The said binary exploits the Towelroot vulnerability in Android that's as well one rooting toolkit, enabling the attacker gain the device's root privileges. With confirmed root access, one more Android APK having the ransomware script too gets downloaded via the module.so binary. The root access also lets the attacker quietly plant the ransom software devoid of asking for consent from the user.

Google's report isn't fully published as yet, though it is worrying nonetheless. Possibly Google patched the above vulnerabilities long ago, however, it released the patches merely after it attributed legacy status to Android 4.X. It is as well probable that even with patches for Android 4.X, an OEM's support for a KitKat or Ice Cream Sandwich device now has very low chances; consequently, several devices remain flawed.

It's always recommended that users upgrade their Androids to the most recent edition as the OS' newer versions have security fixes along with other enhanced safeguards.

Read more... - Android Devices Coul...
 
Armanda Collective Imitators Churned Massive Dollars through Fake DDos Threats PDF Print E-mail
Written by Administrator   
Monday, 02 May 2016 07:00


An anonymous cyber-criminal gang has extorted a massive amount of dollars from Cloudflare clients just via a threat that they would be served denial of service assaults. The threat, however, wasn't ever executed.

According to Matthew Prince, chief executive and founder of Cloudflare, over 100 clients of Cloudflare had got electronic mails that the "Armada Collective" supposedly sent insisting they pay 10-50 Bitcoin (A$6,000-A$30,000) as protection fees. The e-mails had been coming during February-March 2016.

It isn't clear whether the individuals creating scare for BlackVPN happen to be the identical gang alternatively are simply copycats. In the case of Anonymous, it is nearly impossible for substantiating if somebody asserts he belongs to the group. Indeed according to a December report, it has been shown what way these hacker collectives frequently get imitated.

BlackVPN stated that a threat for a DDoS onslaught was sent it on 18th April, so it had been getting ready.

The first Armada Collective, in November 2015, executed an enormous DDoS assault on ProtonMail the encrypted e-mail supplier based in Switzerland. The country's governmental CERT (Computer Emergency Response Team) earlier cautioned about the attempts to blackmail by the group that frequently were done prior to a demonstrative assault indicating the threat's credibility.

Apparently, it's this standing on which the latest criminals are depending upon for amassing targets. As different from the first DD4BC/Armada Collective, the imitated gang doesn't threat with a demonstrative assault, nevertheless, it has made its firepower size twofold to 1Tbps. Cso.com posted this, April 26, 2016.

According to experts from Cloudflare, they became alert about the activities of the copycats when 100-and-more firms asked Cloudflare what it was doing regarding its DDoS protection facility.

The latest instance about a ransom demand from Armada Collective follows BlackVPN's that got a similar ransom demand previous week. Moreover, the Cloak VPN service too got one likewise, although it didn't hold Armada Collective responsible. Interestingly, the said services encountered periods of DDoS downtimes, as different from Cloudflare's report, thereby making an impression that two-or-more imitating groups are executing the threats. So-called participants from the first DDBC4/Armada Collective got detained in January.

Read more... - Armanda Collective I...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1395
Polls
The Spamproblem is
 
Who's online
We have 100 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us