Fraud Alert Message Center
Tips for Safe Banking Over the Internet
As use of the Internet continues to expand, more banks are using the Web to offer products and services or otherwise enhance communications with customers.
The internet offers the potential for safe, convenient new ways shop for financial services and conduct banking business, any day, any time. However, safe banking online involves making good choices - decisions that will help you avoid costly surprises or even scams.
- Consumer Best Practices for Online Banking
- Business Best Practices for Online Banking
- Recommendations for Online Fraud Victims
- Recommendations for Mobile Phone Security
Current Online Threats
Please be aware of any email you receive from the following organizations FDIC, FFIEC, NACHA, EPCOR, Federal Reserve and the Better Business Bureau. None of these organizations should ever send you unsolicited emails regarding your bank or your bank accounts. If you receive an email purporting to be from any of the above organizations or other emails you are unsure about, do not open it. The email could potentially contain a virus or malware.
For more information regarding email and phishing scams, please visit: http://onguardonline.gov/
Online Shopping Tips for Consumers. Click Here for Information.
ATM and Gas pump skimming information. Click Here for Article.
Target Card Breach - A breach of credit and debit card data at discount retailer Target may have affected as many as 70 million shoppers. The Secret Service, which is charged with safeguarding the nation's financial infrastructure and payment systems, confirmed it was investigating the breach. Please be assured we are aware of the breach. As we receive additional information from Visa, we will notify any client whose card has potentially been compromised. Customers should monitor their account activity online if they have used their card at Target and report any fraudulent activity to the bank.
Sally Beauty responds to rumors about credit card data being stolen by hackers. Beauty products retailer and distributor Sally Beauty stated March 5 that it had detected an attempted intrusion into its systems and was continuing to investigate but did not believe that customers’ payment card information was compromised. The statement followed a story by a security researcher that over 280,000 payment card records were found for sale in an underweb marketplace and appeared to be connected to the company.
Bitstamp warns of phishing emails after being hit by hackers. Bitcoin exchange Bitstamp reported having its systems compromised by attackers who stole customers’ email addresses. Bitstamp stated that no virtual currency was stolen but the email addresses were being used in phishing attacks.
SEC halts international pyramid scheme being promoted through Facebook and Twitter. The U.S. Securities and Exchange Commission obtained a court order to freeze accounts belonging to MWF Financial and Fleet Mutual Wealth Limited due to the companies allegedly operating a pyramid scheme being promoted through social media networks. The companies operate internationally and around 150 U.S. investor have invested around $300,000 in the alleged scheme.
Cisco patches flaws in routers, wireless LAN controllers. Cisco Systems released firmware updates for several models of small business routers and wireless LAN controllers, addressing vulnerabilities that could allow attackers to compromise devices or perform denial of service (DoS) attacks.
ChewBacca and Zeus malware found on Tor. A researcher at Kaspersky Lab reported that an average of 900 hidden criminal services are operating through the The Onion Router (TOR) anonymity network, including malicious infrastructure, money laundering, and the sale of malware toolkits and stolen information.
Smucker’s shuts down online store after hacker’s access payment card data. Ohio-based Smucker’s fruit spread company shut down its online store after it discovered that attackers breached the company’s systems and may have obtained customers’ payment card and personal information. A security researcher also reported that the group behind the attack also targeted payment processor SecurePay.
New Android devices sold with pre-installed malware. The founder of Marble Security reported finding data-stealing malware disguised as Netflix apps pre-installed on several customers’ new Android devices. Several Samsung, Asus, LG, and Motorola phones and tablets were found with the pre-installed malware.
Flaw in Yahoo! Suggestions allowed hackers to delete 1.5 million posts and comments. A security researcher identified and reported an Insecure Direct Object Reference Vulnerability (IDORV) in Yahoo’s Suggestions Web site that could have allowed attackers to escalate their privileges and delete large amounts of posts and comments. Yahoo addressed the issue within 2 days.
Researchers create legal botnet abusing free cloud service offers. Researchers presenting at the RSA Conference the week of February 24 demonstrated how they were able to create a botnet by abusing trial accounts for several platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) offers. The botnet was created by automating PaaS and IaaS trial sign-up processes and could be used to perform massive port scans, Bitcoin mining, and to manipulate sweepstakes, among other tasks.
Casino operator Las Vegas Sands admits hackers have stolen customer data. Las Vegas Sands announced that cyberattacks which defaced some of its Web sites also compromised employee and customer data from its Sands Bethlehem casino in Bethlehem, Pennsylvania, potentially exposing credit card and bank account information, Social Security numbers, and other personal information. The company is continuing its investigation of the breach.
Gameover malware tougher to kill with new rootkit component. Sophos researchers reported that a new variant of the Gameover banking malware that steals online banking credentials includes a kernel-level rootkit called Necurs that can make the malware more difficult to remove from infected systems.
Meetup down for days due to DDoS attack allegedly ordered by a competitor. Social networking portal Meetup was hit by a distributed denial of service (DDoS) attack beginning February 27 that took the portal's Web site offline for several days. An attacker contacted the company, claimed responsibility, and demanded a payment to end the attack.
Experts find vulnerabilities in RSA Conference 2014 Android application. Six flaws were discovered in the RSA Conference 2014 app, with the most severe potentially allowing an attacker to exploit a man-in-the-middle (MitM) attack. Another vulnerability could give access to a file containing information of every user who signed up for the conference through the app’s SQLite database file.
Gameover borrows kernel-mode rootkit from Necurs malware. Security researchers warned that a new version of Gameover, the peer-to-peer (P2P) version of the Zeus Trojan, has introduced a kernel-mode rootkit from Necurs in order to target users. The new variant is delivered via spam runs and is more difficult to remove.
Fake “payment certificate” notifications used to deliver cross-platform RAT. Symantec researchers reported a spam campaign designed to distribute the Java remote access trojan (RAT) dubbed JRAT that is cross-platform, potentially infecting machines running Windows, OS X, and Linux operating systems.
Flaws in Amazon’s mobile apps could have been exploited to crack passwords. Amazon patched their server after FireEye researchers reported that a weak password policy and no limitation or CAPTCHAs for passwords attempts could have been exploited by attackers to crack the passwords of accounts.
Bitcoin-stealing Mac malware disguised as Angry Birds game. ESET researchers warned that cybercriminals are distributing OSX/CoinThief, malware designed to steal Bitcoins from Mac users, through torrent files, disguised as cracked versions of various popular Mac OS X applications.
Viruses can spread via Wi-Fi access points like the common cold, researchers show. University of Liverpool researchers found that a computer virus can spread through Wi-Fi access points between businesses and homes due to the fact that many access points are not protected by encryption and passwords.
Cybercriminals use Pony botnet to steal 700,000 account credentials, virtual currencies. Experts found that cybercriminals managed to steal more than 700,000 credentials for Web sites, email accounts, File Transfer Protocol (FTP) servers, Secure Shell (SSH), and Virtual Desktops utilizing the Pony botnet. The botnet was also used to steal $220,000 worth of virtual currencies targeting Bitcoin and other virtual currency wallets.
Researchers bypass protections in Microsoft’s EMET security tool. Bromium Labs researchers found a flaw in Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) 4.1 that could potentially allow attackers to sneak malware past it through bypassing several key defenses, taking advantage of its reliance on known vectors of return-oriented programming (ROP) exploitation attack methods.
Neiman Marcus says 350,000 cards are impacted by breach, not 1.1 million. Neiman Marcus published a letter on its Web site the week of February 17 stating that around 350,000 payment cards may have been affected by a 2013 data breach, not 1.1 million as originally reported, after learning the malware used in the breach was not operating at all stores, and was not operating every day.
Banking malware distributed via YouTube ads. Bromium researchers found that cybercriminals compromised an ad network that hosted the Styx exploit kit used to serve advertisements on YouTube. The exploit kit pushes Caphaw malware onto infected devices leveraging Java vulnerabilities to obtain banking information.
Leak of iBanking bot source code opens up new opportunities for cybercriminals. RSA researchers found that the source code for the server-side software of the iBanking mobile bot was leaked on a cybercrime forum, as well as a builder that can be used to unpack the existing APK file and repack it with different configurations.
Massive DDoS attack launched against Namecheap’s DNS platform. Namecheap announced that it suffered of a massive distributed denial-of-service (DDoS) attack, targeting around 300 domains in its DNS platform. The company mitigated the attack and restored services about 11 hours later.
Cisco fixes flaws in several products. Cisco Systems released security updates addressing serious vulnerabilities in a range of products including its Unified Computing System (UCS) Director, Intrusion Prevention System, Unified SIP Phone 3905, and Firewall Services module products.
Bank of the West job applicants told that hackers might have stolen their details. Bank of the West began notifying employment applicants in February that its Web site was breached and any personal information submitted may have been stolen by hackers.
New variant of Zeus banking Trojan concealed in JPG images. Researchers identified a new variant of the Zeus banking Trojan, ZeusVM that is concealed in a JPG image file to avoid detection by security software. The JPG image files contain the malware configuration files that are needed to launch man-in-the-middle and man-in-the-browser attacks and allow attackers to collect personal information and perform online transactions.
Zeus malware-botnet variant spotted ‘crawling’ Salesforce.com. Adallom researchers found that the Zeus trojan, malware known to steal banking credentials, was targeting Windows-based computers in order to swipe business data from the SalesForce Web site through a kind of Web-crawling action.
DoS, XSS, and data injection flaws fixed in Rails 4.0.3, 3.2.17 and 4.1.0.beta2. Ruby on Rails released fixes to address three vulnerabilities, including a data injection flaw impacting Active Record, a cross-site scripting (XSS) vulnerability, and a denial-of-service (DoS) issue in Action View.
US businesses suffered 660,000 internal security breaches. Researchers at IS Decisions found that in the last 12 months, over 660,000 internal security breaches took place in U.S. businesses, and only about 17 percent of information technology managers consider insider threats to be a top priority for their organization.
Linksys announces firmware fix to neutralize “The Moon” worm. Linksys announced that they were aware of “TheMoon” malware targeting its older routers and are working on a firmware fix, but advised administrators and users to Disable Remote Administration of their devices in order to protect themselves from the attack.
Kickstarter suffers data breach. Kickstarter notified users that their user information was accessed following a data breach. The company closed the security vulnerability and began strengthening security measures on their systems, but recommended users change their passwords.
SEA hacks Forbes, steals and leaks 1M user records. The Syrian Electronic Army hacking group is believed to be behind a digital attack of the Forbes Web site and its registered users after more than 1 million user and staff records were obtained. The information was made available for public download and Sophos researchers discovered that passwords could potentially be cracked after learning they were salted and hashed, not encrypted.
Cybercriminals abuse Twilio and Ow.ly for SMS phishing attack. Cloudmark researchers reported that cybercriminals are using Twilio and URL shortening service Ow.ly in an SMS message phishing campaign attempting to steal mobile service provider account login credentials.
Thousands of FTP sites compromised to serve malware and scams. Researchers at Hold Security reported that around 7,000 FTP sites and servers have been compromised and are being used by cybercriminals to host malware or to compromise connected Web services.
Fake SSL certificates used to impersonate Facebook, Google, banks. Netcraft researchers discovered a large number of fake SSL certificates in the wild purporting to be from banks, social networks, payment providers, and other services which could be used by attackers to conduct man-in-the-middle attacks. The researchers warned that mobile banking apps are especially vulnerable because they may not adequately check the validity of SSL certificates.
Gameover Zeus most active banking Trojan in 2013, researchers report. Dell SecureWorks Counter Threat Unit released a report covering banking Trojans in 2013 and found that the Gameover ZeuS Trojan was the most actively observed Trojan during the year, with 38 percent of activity, followed by the Citadel Trojan at 33 percent of activity.
Android apps with Trojan SMS malware infect 300,000 devices, net crooks $6m. Researchers at Panda Labs identified a new Android Trojan app campaign that uses fake permission notifications to get users' devices to send SMS messages to a premium-rate number owned by the attackers behind the Trojan apps. The campaign has infected at least 300,000 devices and netted the attackers at least $6 million.
Linksys home routers targeted and compromised in active campaign. A security researcher reported that an unknown vulnerability is allowing Linksys E1000 routers to be targeted and infected with a worm dubbed TheMoon. The vulnerability is currently being heavily exploited in attacks.
US government delivers cybersecurity framework for critical infrastructure. The National Institute of Standards and Technology (NIST) announced February 12 that it has released the Framework for Improving Critical Infrastructure Security, a document which outlines cybersecurity practices and standards for industry and government to consider when developing security programs for critical infrastructure.
Denial-of-service vulnerability puts Apache Tomcat servers at risk. Researchers published a proof-of-concept exploit for a recently-disclosed vulnerability affecting Apache Tomcat servers that could allow attackers to execute denial-of-service (DoS) attacks against Web sites hosted on the servers.
Corkow Trojan targets bank customers, Bitcoin owners and Android developers. Researchers at ESET have monitored the use of a modular banking Trojan known as Corkow that can be fitted with additional capabilities and is able to steal keystrokes, screenshots, and inject phishing pages. The malware also appears to be targeting Android developers and the login credentials for Bitcoin Web sites.
HVAC company makes statement on Target data breach. Fazio Mechanical Services confirmed that attackers used a data connection with Target used for billing, project management, and contract submission to breach Target’s systems and steal large amounts of customer payment information.
Insecure file sharing puts corporate data at risk. Globalscape released the results of a survey of over 500 corporate professionals and found that in the past 12 months, 63 percent of employees used personal email to send sensitive documents, and that employees frequently used potentially insecure consumer cloud services and sites to store sensitive information, among other findings.
Suspicious activity in Washoe inmate’s account leads to credit card fraud lab. The Washoe County Sherriff’s Office reported that four individuals were arrested for allegedly running a fraudulent payment card operation after a suspicious amount of money in a county jail inmate’s account was noticed by a booking employee. Authorities seized thousands of credit card numbers and other information during the arrests and expected more arrests to follow.
Adobe Flash flaw exploited in the wild, update now. Adobe issued an emergency patch for a critical vulnerability in its Flash Player for Windows, Linux, and OS X systems that could allow an attacker to gain remote control of targeted systems. The vulnerability is being actively exploited in the wild and users were advised to install the patch immediately.
iFrame attack injects code via PNGs. Researchers at Sucuri identified an iFrame injection attack in the wild that embeds malicious code in .PNG files.
13 security holes fixed with the release of Firefox 27. Mozilla released the newest version of its Firefox browser, closing a total of 13 security vulnerabilities, including 4 rated as high-impact.
Gameover ZeuS adds nasty trick. A researcher at Malcovery found that a new version of the Gameover ZeuS variant encrypts its .exe file and distributes it as a .enc file to avoid detection by security software. A phishing email with an attachment containing a new version of UPATRE is then used to decrypt and execute the file.
NameChanger Fake AV has over 200 names, uses social engineering kit to spread. A researcher at Fox-IT found that the group behind the Tritax fake antivirus malware is using three variants of the NameChanger using over 200 names to disguise the malware. The fake antivirus malware has been distributed using compromised, high-profile Websites such as DailyMotion, Business Insider, and ads on Skype.
Hotel company investigates data breach, card fraud. Hospitality company White Lodging Services announced that it is investigating reports of a data breach between March 2013 and late December 2013 that may have exposed customers’ payment card information. The company manages 168 hotels in 21 States under franchises including Hilton, Sheraton, Marriott, and Westin.
DailyMotion still infected, serving fake AV malware. Researchers at Invincea reported that the DailyMotion video-sharing Web site continued to be compromised more than 3 weeks after malicious ads were first found on the site and reported.
Tor-based malware ChewBacca used to steal card data from POS systems. Researchers at RSA found that the ChewBacca Trojan has been used to log track 1 and track 2 data from compromised point-of-sale (POS) systems since October 2013 in attacks targeting dozens of retailers.
Yahoo Mail accounts compromised in coordinated attack. Yahoo reported January 30 that attackers attempted to access a large number of Yahoo Mail accounts using usernames and passwords likely obtained from a third-party database breach. Yahoo reset passwords for affected accounts and advised users to secure their accounts by changing their passwords.
Target: Hackers attacked with stolen credentials. Target Corp., reported January 29 that the attackers who perpetrated a massive breach of customer payment card data used stolen vendor credentials to access the company’s systems.
Neiman Marcus hack involved two pieces of malware. Neiman Marcus reported that two pieces of malware were used to compromise its systems in a recent data breach, with the first inserted before July 2013 which allowed the payment card scraping malware to be uploaded later in the year.
Security 101 fail: 3G/4G modems expose control panels to hackers. A researcher found that several 3G and 4G USB modems are vulnerable to cross-site request forgery (CSRF) attacks that could allow attackers to access the modem’s control panel Web page and tamper with the device. The vulnerabilities could be exploited to send messages to premium-rate numbers and steal user credentials.
High-volume DDoS attacks top operational threat to businesses, service providers. Arbor Networks released its Worldwide Infrastructure Security Report and found that distributed denial of service (DDoS) attacks were the largest operational threat to service providers and enterprises, reaching unprecedented levels in 2013, among other findings.
BBB warns of scam charging $9.84 to credit cards. The Better Business Bureau warned consumers of a payment card fraud scheme that has been making $9.84 charges to consumers’ cards in the name of a generic customer support Web site.
Java bot can launch DDoS attacks from Windows, Mac and Linux machines. Researchers at Kaspersky identified a malicious Java application designed to perform distributed denial of service (DDoS) attacks that can run on Windows, Linux, and Mac OS computers dubbed HEUR:Backdoor.Java.Agent.a. The malware is believed to have been used to attack a bulk email service.
Patnote virus used to distribute ZeuS trojan. Trend Micro researchers discovered a malware distribution campaign using the Patnote virus to spread the ZeuS malware. The virus adds its code to all executable files in a system and on removable and network drives, and contains mechanisms to prevent it from being analyzed.
Researchers discover first Android bootkit, 350,000 devices already infected. Researchers at Doctor Web discovered what is believed to be the first Android bootkit, dubbed Android.Oldboot, which infects Android devices and waits for commands from a server to perform actions such as the downloading, installation, or deletion of apps. Researchers believe it is being spread via modified firmware updates, with the majority of the 350,000 infected devices found in China.
NetSky worm spreads via email attachments. Researchers at Symantec identified a cybercriminal operation using a worm dubbed NetSky that sends several different phishing emails containing the worm to the same email addresses. If a user opens the attached files the worm sends a copy of itself by email to the user’s contacts.
Cybercriminals steal FTP credentials with fake FileZilla. Avast researchers warned users of cybercriminals using a fake version of the FileZilla FTP client to steal users’ FTP credentials. The fake FileZilla client can then upload the credentials to a server for use in hosting malware or stealing data.
McGuire’s alerts customers to credit card breach. The McGuire Management Group began notifying customers January 24 that customers at two of its restaurant locations in Pensacola may have had their payment card information compromised during a data breach that lasted about 90 days in late 2013.
U.S. retailer Michaels warns of possible payment card breach. Arts and crafts retailer Michaels Companies Inc., stated January 25 that it is investigating a possible payment network security breach and advised customers to monitor their financial statements for suspicious activity.
GitHub down due to DDoS attack. GitHub reported coming under a distributed denial of service (DDoS) attack January 27 that prevented users form accessing some services.
Hasbro’s website compromised, serves malware. Researchers at Barracuda Labs found that the Web site of toy maker Hasbro was compromised and would lead users through several redirects to a malicious Web site hosting Java exploits that would attempt to infect systems with an information-stealing Trojan that was not initially detected by antivirus programs. Users who visited the site January 10, 11, 14, and 20 were likely to have been infected.
Mozilla fixes Thunderbird flaw that allowed hackers to insert malicious code into emails. Mozilla confirmed that it fixed a vulnerability in its Thunderbird email client reported in May 2013 that could have allowed attackers to bypass security controls and filters.
Vulnerability that allowed hackers to hijack Samsung.com accounts fixed. Samsung closed a vulnerability reported by a researcher that could have allowed an attacker to take over a user’s Samsung.com account by registering an account with extra spaces on the end of the username.
Neiman Marcus says 1.1 million cards affected by data breach. Retailer Neiman Marcus reported January 23 that around 1.1 million payment cards were compromised during a breach of its point-of-sale systems caused by malware that was inserted as early as July 2013.
FBI warns retailers to expect more credit card breaches. The FBI distributed a report to retailers warning of the potential for more point-of-sale compromises and cyberattacks targeting customers’ financial data after it detected around 20 other cases that used the same variety of malware involved in a recent Target breach.
Windows Trojan Droidpak pushes malware onto Android devices. Researchers at Symantec identified a new Windows Trojan dubbed Trojan.Droidpak that is designed to infect Android devices connected to an infected Windows computer. The Trojan then attempts to replace a legitimate South Korean online banking app if it is present on the device. The malware is also capable of intercepting and forwarding SMS messages.
When ZOMBIES go shopping; 40m Target customer breach? That’s NOTHING! An analysis of 139 U.S. retailers between November 2013 and January 12 performed by BitSight found 1,035 instances of unique malware infections actively communicating with attackers, averaging 7.5 infections per company. The Neurevt Trojan was the most common piece of malware found during the analysis, among other findings.
Experts spot third variant of Mac Trojan used by governments in targeted attacks. Researchers at Intego identified a new variant of the Crisis Trojan that targets Mac OS X systems and has been used by governments in targeted cyberattacks.
Feds: Thieves with Bluetooth-enabled data skimmers stole over $2 million. Thirteen men were charged January 21 with allegedly placing Bluetooth-equipped skimming devices on gas station pumps in Texas, Georgia, and South Carolina and using fraudulent cards made with the data obtained to steal over $2 million. The accused then allegedly deposited the stolen money in New York bank accounts and withdrew the stolen money in California or Nevada.
Russia accused of conducting global cyber espionage campaign. Researchers at CrowdStrike identified a large cyber espionage campaign targeting energy, government, defense, and other organizations in the U.S., Europe, and Asia operated by a group dubbed Energetic Bear that appears to be affiliated with the Russian government. The campaign has been monitored since August 2012 and relies on the HAVEX RAT and SYSMain RAT remote access Trojans (RATs.)
XSS filter bypass bug found in Chrome and Safari. A researcher at Eleven Paths warned of a flaw in anti-cross site scripting (XSS) filters in the Chrome and Safari browsers that could be exploited to allow an attacker to bypass the filters and use XSS flaws on certain Web sites to compromise users’ systems. The researcher released a proof-of-concept for the vulnerability.
Android malware disguised as security update steals SMSs and intercepts phone calls. FireEye researchers identified six versions of a new Android malware dubbed Android.HeHe that can intercept SMS messages and phone calls from numbers specified in a file. The malware is being distributed disguised as a security update for Android.
Hacker breaks into ThrustVPS, launches phishing attack from firm’s own servers. Virtual private server company ThrustVPS stated that they were the victim of a phishing attack that compromised their systems and allowed an attacker to upload a php shell and mailer script, which caused phishing emails to be sent from the company’s servers.
Google pulls Chrome extensions after new owners subvert web tools. Google pulled at least two extensions for its Chrome browser from the company’s online store after a researcher found that spammers and other malicious actors bought the software from developers and then added advertising or other unwanted components to updates for the extensions.
Starbucks fixes vulnerable iOS app, geolocation issue persists. Starbucks issued a patch for its iOS app that was found to contain user names and passwords in plain text.
Hackers stole 11 Gb of customer information from Target’s systems. An analysis of the recent Target customer information data breach found that the attack worked in two phases and stole a total of 11GB of data.
Researchers discover a point-of-sale malware written in VBScript. Researchers at IntelCrawler identified a new piece of point-of-sale (POS) malware known as Decebal for sale on underweb forums. The malware is written in VBScript and can use antivirus bypass techniques.
Neiman Marcus offers update on credit card breach. Retailer Neiman Marcus announced January 16 that a recent data breach of customer data did not contain payment card PINs or the data of online shoppers. The company is continuing to investigate the breach.
At least one smart refrigerator used in massive cyberattack. Researchers at Proofpoint analyzed a large-scale spam campaign that involved over 750,000 malicious emails and found that more than 100,000 Internet-connected consumer electronic devices were used in the attack, including multimedia centers, smart TVs, routers, and at least one smart refrigerator.
Trojan disguised as legitimate applications uses infected PCs to mine Litecoins. Researchers at Doctor Web identified a Trojan disguised as legitimate applications and browser extensions that uses infected systems to mine for the Litecoin digital currency. The Trojan is signed with digital certificates from legitimate applications and has infected over 311,000 computers, mostly in the U.S.
Humor website Cracked.com serves malware, again. Barracuda Labs researchers found that humor Web site Cracked.com was compromised the week of January 13 and being used to redirect users to pages that serve malware by exploiting browser and Java vulnerabilities. The site was previously compromised to serve malware in November 2013
Cybercriminals are distributing malware with fake Flash Player served from SkyDrive. Researchers at F-Secure discovered a recent spike in Trojan.JS.Blacole.Gen infections originating from a malware campaign that uses compromised Web sites to redirect users and attempts to get them to install fake Flash Player updates. The Trojan is then downloaded from a Microsoft SkyDrive account.
Starbucks iOS app stores passwords in clear text. A security researcher disclosed that the Starbucks app for iOS stores user names, email addresses, and passwords in clear text. The information can be obtained even if the phone is locked.
Microsoft confirms: Staff inboxes hijacked amid ‘Syrian army’ cyber-blitz. Microsoft confirmed that a small number of Microsoft employee emails were compromised via phishing attacks during recent Twitter account and blog takeovers by the Syrian Electronic Army hacktivist group.
AVG confirms one of its webservers was hacked and defaced. AVG confirmed that one of its Web servers was breached and defaced by hackers January 10.
Spammers target Snapchat, Bitly, and Kik Messenger. Symantec researchers identified a spam campaign that sends unsolicited contact requests for Kik Messenger via Snapchat, which leads to a spam bot that sends links shortened by the Bitly service which lead to sites trying to sign up users for webcam services.
Cisco: Thousands of web hosting centers now launchpads for attacks. Cisco released its annual security report, which found that Web hosting centers were increasingly being compromised by cybercriminals for use in launching large-scale attacks in 2013, among other findings.
Amazon, Google, and GoDaddy cloud services increasingly abused by cybercriminals. Solutionary released its SERT Quarterly Threat Analysis Report for the final quarter of 2013 and found that cybercriminals are increasingly abusing major cloud services to create, host, and delete malicious Web sites, among other findings.
Spammers target Google hospitality listings. Google worked to fix hospitality-related listings on its services January 14 after receiving a report that spammers had replaced direct links to several hotel Web sites with links that redirect to other sites in order to receive payment through an affiliate marketing network.
Android gamers targeted with trojanized version of Minecraft PE. Researchers at F-Secure identified a malicious Android version of the game Minecraft available on some third-party application marketplaces which could be used by cybercriminals to send SMS messages to premium rate numbers.
22% of small US retailers are not PCI compliant, study shows. Fortinet released the results of a survey conducted on 100 U.S. small and medium-sized businesses that found 22 percent are not Payment Card Industry Data Security Standard (PCI DSS) compliant, among other findings.
Target says customers signing up for free credit monitoring after data breach. Target announced January 13 that it is offering a year of free credit monitoring for customers following a breach of its systems that potentially exposed at least 100 million customers’ personal or payment information.
Vulnerability leaves Cisco small biz routers wide open to attack. Cisco issued a security advisory January 10 warning that some of its routers and networking products contain a vulnerability that could allow attackers to gain root access via an undocumented test interface. Exploit code for the vulnerability is available, though Cisco reported that they did not observe any widespread attacks based on it.
Target CEO confirms hackers installed malware on POS registers. The CEO of Target confirmed that the cause of a recent breach of customers’ payment card information was malware installed by criminals on point of sale (POS) devices at various Target stores.
Hackers slurp credit card details from US luxury retailer Neiman Marcus. Department store Neiman Marcus confirmed that attackers breached its systems and obtained an undisclosed amount of payment card information. The company was alerted in December 2013 to unauthorized card activity and is continuing to investigate the breach.
Target raises estimate of customers hit by breach. Target Corp. stated January 10 that names, email addresses, and home addresses for up to 70 million customers were also stolen during a breach of its systems that compromised the payment card information of around 40 million customers.
Sefnit Trojan endangers users even after removal. Microsoft researchers warned that computers previously infected with the Mevade botnet malware that used a The Onion Router (TOR) connection for malicious uses in 2013 may be vulnerable to future attacks due to the version of TOR that came with the malware not self-updating.
There are still at least 22,000 devices infected with Flashback Mac malware. Researchers at Intego reported finding at least 22,000 Macs that are still infected with the Flashback information stealing Trojan. Intego currently runs sinkhole servers for the malware but warned that it is possible that cybercriminals could regain control of command and control servers in the future.
40% of iOS banking apps leak sensitive data through system logs. A researcher at IOActive analyzed 40 mobile banking apps for iOS devices and found several security issues, including that 40 percent of apps were vulnerable to man-in-the-middle attacks.
Scam emails distribute malware that steals Bitcoins from Bitcoin-Qt users. Researchers at LogRythm analyzed an email attack campaign targeting users of the Bitcoin-Qt wallet service that directs users to a Web site hosting malware that steals Bitcoins from the user’s wallet.
Network Time Protocol abused in DDoS attacks on gaming servers. Researchers found that recent distributed denial of service (DDoS) attacks against several online gaming services by a group called DERP Trolling were launched by abusing the Network Time Protocol.
Spammers use Asprox botnet to distribute malicious Atmos Energy emails. Researchers at Solutionary found that a recent spam campaign using Atmos Energy-themed emails was launched using the Asprox botnet. The researchers also found that the group behind the spam emails has recently been varying the themes of the spam it sends according to holidays and news events.
New Zeus variant stymies malware analysis has rootkit capabilities. Researchers at Trend Micro identified a new variant of the Zeus banking Trojan which can prevent the execution of analysis tools and also has rootkit capabilities and the ability to hide files, folders, processes, and registry keys it creates or uses.
DailyMotion serves fake AV in malvertising attack. Invincea researchers found that the video sharing Web site DailyMotion had been serving fake antivirus malware via malicious advertisements.
OpenSUSE forums defaced via unknown vBulletin 0-day. A hacker exploited a vulnerability in vBulletin to deface the forums of the openSUSE Linux distribution and download a database containing the usernames and email addresses of around 80,000 users.
Prison Locker virus threatens to flood market. Researchers at Malware Must Die identified a new piece of ransomware being advertised on underweb marketplaces named Prison Locker that encrypts all files on a computer except system files and .exe files and demands a ransom. Symantec researchers reported that the ransomware may already be in the wild after they obtained a piece of ransomware that they suspect is Prison Locker.
World Poker Tour Amateur Poker League admits being hacked. Representative for the World Poker Tour Amateur Poker League (WPTAPL) confirmed that their systems were compromised the week of December 30, 2013 and clear text email addresses and passwords of over 175,000 users were leaked. Included in the leaked emails were some U.S. government email addresses from federal agencies.
Google, Yahoo, Amazon and Twitter domains impacted by Tajikistan registrar hack. A hacker compromised the systems of Tajikistan’s domain registrar, changing the DNS records for the Tajikistan domains of Amazon, Google, Twitter, and Yahoo and redirecting visitors to a defacement page.
Yahoo hacked, 2.5 million European users possibly infected with malware. Researchers at Fox-IT discovered an attack that compromised Yahoo’s ad service in order to redirect European visitors to Yahoo to domains hosting the Magnitude exploit kit, affecting as many as 2.5 million users. The attack lasted around 4 days and used Java vulnerabilities to push various pieces of malware.
Trojan targeting WoW accounts disguised as Curse client. Blizzard warned players of its World of Warcraft online game that a Trojan designed to hijack accounts has been spreading disguised as a Curse client hosted on fake Web pages.
Critical backdoor in Linksys and Netgear routers found. A security researcher identified a backdoor in certain Netgear and Linksys routers’ firmware that can be used to reset the devices to default settings, including default administrator passwords. Other brands of routers manufactured by the same company may also be affected.
OpenSSL website hacked through insecure password at hosting provider. The OpenSSL Foundation reported January 1 that a recent attack on its Web site was carried out by attackers exploiting an insecure password at the site’s hosting provider, which allowed the attackers to take control of the hypervisor management console.
4.6M Snapchat users’ info compromised in breach. Hackers created and published a partially-redacted list of 4.6 million Snapchat usernames and phone numbers utilizing a vulnerability disclosed the week of December 23 that was dismissed by Snapchat as theoretical. The vulnerability allows an attacker to look up an unlimited number of phone numbers and see if the number’s owner has a Snapchat account.
Skype’s Twitter account, blog hacked to spread anti-Microsoft messages. Attackers claiming association with the Syrian Electronic Army hacktivist group took control of Skype’s Twitter account and official blog for several hours January 1 and used them to publish posts and tweets before Skype regained control of their platforms.
Malware on USB drives used to empty ATMs. Researchers presenting at the Chaos Communication Congress reported that they discovered a piece of malware that can be loaded onto a USB drive and used to reboot an ATM, cut its network connection, and cause it to dispense cash. The method of attack and design of the malware suggests that the authors of the malware had detailed knowledge of ATMs.
Windows crash reports open to hijacking. Researchers at Websense Security Labs found that the Microsoft Windows Error Reporting feature sends sensitive system information without encryption, potentially allowing attackers to profile and target machines and networks.
Target: Debit PIN data stolen in Black Friday weekend credit breach. Target confirmed December 27 that the attackers who compromised their systems and stole payment card information also obtained encrypted PIN data for debit cards included in the breach.
Vulnerabilities in SD cards can be exploited for MTM attacks. Researchers presenting at the Chaos Communication Congress reported that they found vulnerabilities in Secure Digital (SD) memory cards that could be used to perform man-in-the-middle (MitM) attacks or to gain access to integrated microcontrollers.
Cybercriminals abuse Network Time Protocol for DDOS attacks. Researchers at Symantec found that distributed denial of service (DDoS) attacks have been launched using Network Time Protocol (NTP) reflection, with a peak of 15,000 IP addresses being observed in DDoS attacks December 16.
Joke no more: Comedy virty currency Dogecoin gets real in big Xmas heist. Dogewallet, a wallet service for the Dogecoin virtual currency, reported December 25 that cybercriminals had compromised their systems and redirected all transactions to another address, stealing at least $18,000 worth of the currency.
‘I-55 bandit’ admits 10 bank robberies. A suspect known as the “I-55 Bandit” pleaded guilty December 20 to robbing a total of 10 banks in Missouri, Illinois, Maryland, West Virginia, and Tennessee, stealing around $29,000.
Spotted: New keylogging malware steals Tumblr log-in credentials. Researchers at Malwarebytes identified a fake Chrome browser extension called Archive Poster that harvests users’ Tumblr log-in credentials and other personal information.
Target says hackers likely accessed 40 million cards. Target confirmed December 18 reports that criminals stole the payment card information of around 40 million customers at stores across the U.S., possibly by tampering with card swiping machines. Investigators found that the breach may have lasted from November 28 to December 15.
ZeuS trojan variant targets accounts of BTC China customers. Trusteer researchers discovered a variant of the Zeus banking trojan that is designed to steal the login and one-time password information from customers of BTC China and other Bitcoin exchanges.
OpenX/Revive Adserver zero-day actively exploited in the wild. A researcher discovered a zero-day vulnerability in open-source advertising server OpenX Source that could allow an attacker to gain back-end access. The researcher reported that the vulnerability is being actively exploited in the wild.
Full 4096-bit RSA keys extracted by listening to the sound made by computers. Researchers reported in a paper that they developed an attack method that can extract full 4096-bit RSA keys by listening to the sound generated by a computer’s CPU operations. The sound can be picked up by dedicated microphones or by a phone.
Macbook webcams CAN spy on you – and you simply CAN’T TELL. Researchers confirmed that the webcams in MacBooks can be used to spy on users without an LED warning light being turned on. The researchers released a proof-of-concept demonstrating how the hardware interlock that normally ties camera and LED activation together can be disabled to allow independent operation of either.
Washington Post servers infiltrated, employee credentials stolen. The Washington Post confirmed that some of its servers were compromised by attackers who were able to access encrypted employee usernames and passwords.
Skimmer trojan targets ATMs made by one of the world’s largest manufacturers. Researchers at Doctor Web identified a new ATM trojan dubbed Trojan.Skimmer.18 that targets machines developed by a major ATM manufacturer. The trojan is spread by an infected application, captures payment card information, and allows criminals to collect the data and perform other functions on an ATM using a master card.
Report: In 2013, more than one million U.S. computers were infected with banking trojans. Symantec released a report December 17 which found that more than 1 million computers in the U.S. were infected with banking malware during the first three quarters of 2013, the most of the countries included in the report, among other findings.
CERT Poland warns of DDoS botnet targeting Windows and Linux machines. Researchers at Poland’s Computer Emergency Response Team (CERT Polska) discovered a new distributed denial of service (DDoS) botnet designed to infect systems running Windows and Linux operating systems and that can be used to perform four types of DDoS attacks.
Experts analyzed DGA.Changer malware served in PHP.net attack. Seculert researchers analyzed the DGA.Changer malware that was used in an October attack on PHP.net servers and found that its ability to change it Domain Generation Algorithm (DGA) seed can make it extremely difficult to detect, among other findings.
New DDoS bot has a fancy for ferrets. Researchers at Arbor Networks identified a new piece of distributed denial of service (DDoS) malware dubbed Trojan.Ferret equipped with a number of obfuscation and self-preservation capabilities.
Apple’s Mavericks OS release comes with Safari browser patches. Apple included several patches for its Safari browser in its recent release of the Mavericks operating system, closing eight arbitrary code execution flaws and one credential disclosure issue.
Six indicted in Nevada accused of fraud in international investment scheme. Six men from the U.S. and Switzerland were indicted in federal court in Nevada for allegedly running an investment fraud scheme that supplied fake documentation linked to a Swiss company, allegedly defrauding 12 investors of at least $5.6 million. Three suspects were arrested and three others remain at large.
Mozilla blocks rogue add-on that made computers scan sites for flaws. Mozilla added a malicious Firefox extension to its block list after it was found to be the basis for a botnet that used infected computers to search Web sites for vulnerabilities using SQL injection attacks.
Browlock cybercriminals use malvertising to lure victims to malicious site. Symantec researchers found that the cybercriminals behind the Browlock browser-based ransomware have been targeting a large number of users by using malicious advertising, or malvertising, to direct users to Web sites hosting the ransomware. Source: http://news.softpedia.
Chewbacca latest malware to take a liking to TOR. Researchers at Kaspersky Lab identified a new malware campaign dubbed Chewbacca that is using The Onion Router (TOR) to communicate with command and control servers. The malware drops a keylogger on infected systems and then relays the information back to its servers via TOR.
Google and HP recall HP Chromebook 11 chargers due to fire and burn hazards; charger can overheat and melt. Google and HP announced a recall of about 145,000 HP Chromebook 11 chargers due to an issue that can cause the charger to overheat and melt, posing fire and burn hazards.
Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware. Researchers at Trustwave reported that a remote authentication bypass vulnerability in Adobe ColdFusion was used to infect Internet Information Server (IIS) Web servers with the ISN malware. The vulnerability was previously patched by Adobe in January.
Weak security in most mobile banking apps. A report from Praetorian analyzed 275 Apple iOS and Android mobile banking apps and found that 80 percent contained configuration and design weaknesses that could compromise security.
Serious vulnerability in Safari exposes user passwords. Researchers at Kaspersky discovered a security issue in some versions of Apple’s Safari browser that stores passwords in plain text in a hidden folder utilized for the browser’s session restores function.
Hacker tool allows cybercriminals to automatically register Tumblr accounts. A researcher at Webroot identified a commercially available tool that can be used by cybercriminals to automatically register Tumblr accounts for use in phishing and other campaigns.
Cybercriminals trick unsuspecting U.S. users into delivering goods to Russia. Researchers at Trend Micro monitored a cybercrime ring that recruits and uses individuals as mules in the U.S. to launder stolen money by sending them items bought with stolen payment card information and then having the mules ship the items on to Russia or Ukraine. Some items sent in this way are subject to export restrictions.
Facebook users hit with phishing and malware combo attack. SANS ISC researchers reported a phishing and malware delivery campaign targeting Facebook users. The campaign uses a malicious Tumblr link contained in a phishing message that directs users to a phishing page and then to a fake Youtube page that prompts the user to install a Trojan disguised as an update.
App that claims to notify users of Bitcoin market changes hides RAT. A researcher at Arbor Networks identified a malicious app named BitCoin Alarm that purports to offer users market information on Bitcoins but in fact contains a remote access trojan (RAT) called NetWiredRC designed to harvest login information.
Yahoo Mail still down for some users, after an attempted fix. Yahoo Mail experienced an outage beginning December 10 due to a hardware problem at one of Yahoo’s mail data centers. Some users continued to be unable to login December 11.
Researchers spot 64-bit version of ZeuS malware. Researchers at Kaspersky identified a 64-bit version of the Zeus banking Trojan which now includes the ability to communicate with command and control servers over The Onion Router (TOR) network.
Newly patched Office 365 vulnerability used in “Ice Dagger” targeted attacks. Researchers at Adallom identified a sophisticated targeted attack using a recently-patched vulnerability in Microsoft Office 365 dubbed “Ice Dagger” that can allow an attacker to gain access to a target’s private Office 365 authentication token and use it to access the target organization’s SharePoint Online site and modify or download content covertly.
Hackers can launch MitM attacks on apps bundled with Widdit advertising SDK. Bitdefender researchers analyzed an Android advertising framework called Widdit and found that the advertising software development kit (SDK) can leave users vulnerable to man in the middle (MitM) attacks.
Experts identify 164 fraudulent domains similar to the ones of antivirus vendors. A study by High-Tech Bridge found 946 domain names similar to those of antivirus companies, with 164 containing phishing Web sites, advertising sites, or sites selling suspicious products and services.
MouaBad malware allows cybercriminals to make phone calls. Researchers at Lookout analyzed a new version of the MouaBad Android malware, dubbed MouaBad.p, which can be used to make calls and send messages without a user's input. The new variant only affects Android versions before Android 3.1.
Other browser makers follow Google's lead, revoke rogue certificates. Google, Mozilla, Microsoft, and Opera Software revoked rogue digital certificates that were mistakenly issued by the French Network and Information Security Agency (ANSSI) and signed by the France's treasury department.
Data-stealing malware pretends to be Microsoft IIS server module. A piece of malware was discovered by researchers at Trustwave's SpiderLabs that disguises itself as a module for Microsoft Internet Information Service (IIS) software and collects data entered into Web-based forms. The malware, dubbed ISN, is a malicious dynamic link library (DLL) which is currently undetectable by most anti-virus products.
RBS website disrupted by DDoS attack. The Royal Bank of Scotland (RBS) confirmed that its NatWest Web site was the target of a distributed denial of service (DDoS) attack December 6, causing disruptions for customers. RBS was also recently targeted by a DDoS attack December 2.
PayPal DDoS attackers plead guilty, some may walk free. Fourteen defendants accused of participating in a distributed denial of service (DDoS) attack against PayPal in 2010 pleaded guilty in U.S. District Court in California to related charges December 5.
Citadel malware variant captures screenshots of Bitcoin-related websites. Trusteer researchers identified a variant of the Citadel malware that is capable of capturing screenshots when a user accesses Web sites associated with buying, storing, or trading Bitcoins.
Researchers analyze Dexter and Project Hook PoS malware campaigns. Researchers at the Arbor Security Engineering and Research Team published a paper analyzing point-of-sale (PoS) malware campaigns utilizing the Dexter and Project Hook malware. The paper identified three variants of Dexter, one of which is capable of stealing data via FTP, among other findings.
JPMorgan warns 465,000 card users on data loss after cyberattack. JPMorgan Chase notified around 465,000 holders of prepaid UCard debit cards that their unencrypted personal information may have been obtained by hackers during a July data breach. The cards were issued to corporations to pay employees and to government agencies to pay benefits and tax refunds.
Personal and financial details compromised in Maple Grove Farms of Vermont hack. B&G Foods North America notified customers that a November 16 cyberattack on the Maple Grove Farms of Vermont Web site may have revealed personal information and payment card numbers.
Cybercriminals hijack WP sties with backdoored SEO plugin. Researchers at Sucuri identified a cyberattack that lures owners of WordPress Web sites with a malicious version of a legitimate search engine optimization (SEO) plugin that adds a backdoor to the user’s site and can direct visitors to spam or malicious Web sites.
Passwords reset after ‘Pony’ botnet stole 2 million credentials. Online services affected by the Pony botnet’s disclosure of login credentials, including Twitter, Facebook, ADP, and LinkedIn, reset users’ passwords to prevent unauthorized access.
Logins stolen from Facebook, Google, ADP payroll processor. Researchers at Trustwave gained access to the control panel of a botnet running the Pony controller software and found around 2 million logins and passwords for social media accounts, payment processor ADP, and other services.
Credentials of 38,000 Pixel Federation users leaked by hacker. Game developer Pixel Federation confirmed that a hacker breached its systems and leaked around 38,000 users’ usernames and passwords. The same hacker was also reported to be behind an attack on the U.K. Council for Graduate Education.
Huge quantity of Bitcoins stolen from Sheep Marketplace. The administrators of the Sheep Marketplace underweb market reported to their users that a vendor allegedly broke into the market and stole 5,400 Bitcoins.
Flaw in Android 4.3 can be exploited to remove device locks with rogue apps. Researchers at Curesec identified a vulnerability in Android 4.3 that can be exploited using a rogue app to disable a device’s security features such as PINs and passwords. The researchers produced a proof-of-concept app demonstrating the issue.
Study: 340,000 new malicious websites detected in past 30 days. A study conducted by Commtouch found that the number of malicious Web sites is growing quickly, with an average of 11,500 new threats identified each day. Malware sites made up the majority of malicious sites, followed by phishing and spam sites.
Windows XP zero-day under active attack. Microsoft stated that a recently discovered zero-day vulnerability affecting Windows XP and Windows Server 2003 has been observed being exploited in targeted attacks. The vulnerability can allow privilege escalation, kernel mode code execution, and administrator account creation.
Popular Bitcoin forum targeted in DNS and DDoS attack. The administrators of the BitcoinTalk forum advised their users to avoid logging in for a time December 2 after the site was hit by domain name system (DNS) redirection and distributed denial of service (DDoS) attacks.
D-Link patches security holes in DI-524, DI-524UP, DIR-100 and DIR-120 routers. D-Link released new firmware for various router models addressing a vulnerability that could be leveraged by hackers to gain control of the device after details of a vulnerability were presented in October by Tactical Network Solutions.
Hackers target Bitcoin Talk via vulnerability in AnoymousSpeech registrar. A Bitcoin talk administrator announced December 1 that they were targeted in a man-in-the-middle attack that leveraged a vulnerability in the forum’s AnonymousSpeech registrar, allowing the Web site to be served through CloudFlare. The attacker may have intercepted encrypted communications, including passwords and private messages.
PayPal “Limited Account Access” emails used for phishing. A phishing scheme that is sending emails claiming to be issued by PayPal online payment service asks users for their account login details along with other personal information in order to gain access into their accounts. Users are led into a fake PayPal site that is linked in the email and used to steal their information.
Virus takes user’s photo via webcam. Researchers from Webroot warned that a malware family, made to look like an anti-virus product, disables users’ computers and claims to have detected viruses and demands money to purchase the full version of the product to remove the threats. If the user does not respond, the program takes a picture via webcam and warns the user of the infection and potential theft of personal information.
Researchers track down members of Nigerian cyber gang. Researchers at TrendMicro released a report on a Nigeria-based cybercrime gang dubbed “Ice 419” that is reportedly using the Ice IX banking Trojan to gather personal and banking information and using phishing to target users of Scottrade, Match.com, and a Korean search engine.
VBScript malware deletes files from infected systems. Researchers at TrendMicro identified a piece of malware dubbed VBS_SOYSOS that creates copies of itself using the names of MP3, JPG, and DWG files, deleting the original files. The malware also disables access to the registry editor and task manager, necessitating the installation of alternatives in order to remove the malware.
Ruby on Rails CookieStore vulnerability plagues prominent websites. A researcher found that around 2,000 Web sites using an older version of Ruby on Rails that depends on the CookieStore default cookie storage mechanism were vulnerable to having users’ login information stolen. CookieStore keeps users’ session hashes on the client side, allowing an attacker to use cross-site scripting (XSS) or session hijacking to steal the information.
Experts warn of new banking trojan Neverquest. Security researchers have observed thousands of attempts to infect computers using the Neverquest banking Trojan, a relatively new Trojan that injects a phishing page into sessions when users attempt to access banking Web sites. The Trojan has integrated self-replication mechanisms and is distributed via Trojan downloaders.
Atrax: Cybercrime kit capable of stealing data, launching DDoS, mining for Bitcoins. Security researchers at CSIS identified a new malware kit called Atrax being sold for $250 on underweb forums. Atrax uses The Onion Router (TOR) protocol to hide its communications and comes with several add-ons that allow it to steal data from forms and browsers, launch distributed denial of service (DDoS) attacks, and mine for Bitcoins and Litecoins.
AutoCAD malware paves the way for future attacks. TrendMicro researchers identified a Trojan called Shez that disguises itself as an AutoCAD component in order to create a user account with administrative rights, allowing attackers to steal files and plant additional malware in the future. The Trojan is either dropped by other malware or can be downloaded unknowingly from malicious sites.
Bitcoin exchange Mt. Gox adds ‘extra security’ with one-time password card. To increase security following a series of problems including multiple DDoS attacks, banking delays and the seizure of some of its funds by the U.S. government, the bitcoin exchange Mt. Gox has announced new features and updates to its platform. The platform also introduced a one – time password card as an additional layer of security.
Flash SMS flaw in Google Nexus devices can be exploited to reboot them. Alecu researchers found a vulnerability in Google devices that can be exploited to cause them to reboot and is related to a Class 0 (Flash SMS) messages. The flaw remains unpatched after Google’s Android Security Team was notified over a year ago.
You have a Skype voicemail. PSYCHE! It’s just some fiendish Trojan-flinging spam. A United Kingdom police agency along with MXLab researchers warned that a spam run of fake Skype voicemail alert emails are attached with zip files that are contaminated with a variant of the ZeuS banking Trojan.
10 million new malware strains identified so far in 2013, Q3 study shows. Panda Security researchers reported that almost 10 million new malware strains have been identified so far in 2013, with close to 77 percent identified as Trojans, followed by worms, and viruses.
Evernote warns users whose passwords have been exposed in Adobe breach. Evernote analyzed user data from a recent Adobe breach and found that some of its customers were using the same passwords for Adobe and Evernote. Evernote notified affected customers and advised them to change their passwords.
ICANN terminates accreditation of registrar Dynamic Dolphin. The Internet Corporation for Assigned Names and Numbers (ICANN) announced that it will terminate registrar Dynamic Dolphin’s registrar accreditation agreement effective December 20 due to the registrar having a convicted felon as its owner, a violation of ICANN regulations.
Kaspersky publishes spam report for October 2013. Kaspersky published their spam report for October and found that email spam increased by 6.6 percent, among other findings.
‘High impact’ Gmail password security hole blew accounts wide open. A security researcher found and reported a security flaw in Gmail that could allow an attacker to use a spoof email with a password reset link to direct users to a site that launches a cross-site request forgery (CSRF) attack, harvesting the user’s username, new password, and login cookie. Google closed the vulnerability after it was notified by the researcher.
Number of digitally signed malware samples increases by 50%. McAfee released its threat report for the third quarter of 2013 and found that attacks against the Android platform increased by over 30 percent, that digitally-signed malware increased by more than 50 percent, and that Bitcoin mining malware use is increasing, among other findings
i2Ninja financial malware uses I2P to maintain secure communications. Researchers at Trusteer discovered a piece of financial malware dubbed i2Ninja that uses the Invisible Internet Project (I2P) networking layer to hide and secure its communications with its command and control servers. The malware is capable of stealing information from most browsers and FTP clients, injecting HTML code, stealing information from popular poker clients, scheduling tasks, and allowing users to search for specific files on a compromised
Apache Tomcat servers targeted by self-replicating malware. Symantec researchers identified a self-replicating worm that acts as a Java Servelet and infects Apache Tomcat servers, and appears to be intended for use in distributed denial of service (DDoS) attacks. Command and control servers were identified in Taiwan and Luxembourg.
Bugs hit global payment company PayPal. Researchers with Vulnerability Lab reported finding several vulnerabilities in PayPal’s software that could be used by cybercriminals to hijack customers’ accounts and perform other actions. The vulnerabilities were submitted to PayPal’s bug bounty program.
Google adds Android and Apache to open source security rewards programme. Google expanded its security rewards program for researchers who reveal security issues to include its Android mobile operating system, Apache httpd, and others. Google plans to further expand the platforms included in the program before the end of the year.
Google Ads point to fake Snapchat downloads. Researchers at ThreatTrack Security found that users searching for “Snapchat download” may encounter sponsored results that lead to potentially unwanted applications when they intend to download Snapchat. Similar campaigns of misleading sponsored search results have appeared on Bing as well.
Phony anti-virus programs evade detection with stolen certificates. Researchers at BitDefender found a fake antivirus program named Antivirus Security Pro utilizing stolen digital certificates issued for East Entertainment Services in 2012. BitDefender contacted Ease Entertainment so that the certificates can be revoked.
Cybercriminals use automated attacks to hack GitHub accounts. GitHub confirmed that its authentication service was targeted by an automated brute force attack starting November 17 and continuing through November 19. Users have reported failed login attempts coming from several countries within a short span of time.
More than 12k Cryptolocker victims in less than a week. Researchers at BitDefender Labs used sinkholing to count connection attempts to a Cryptolocker command and control server and found more than 12,000 victims were infected in less than a week, among other findings.
Battlefield 4 PC servers experience DDoS attack. The servers of PC game Battlefield 4 experienced a distributed denial of service (DDoS) attack November 16 that left many users unable to play the game.
Web hosting provider Hetzner hit by large DDoS attacks. Germany-based Web hosting provider Hetzner reported coming under distributed denial of service (DDoS) attack November 16-17, with the attack running at around 60 Gbps.
Rise seen in use of Google service for mobile botnets. Kaspersky Lab released its latest IT Threat Evolution report, which found that mobile botnets are growing and recently began using the Google Cloud Messaging service to communicate with mobile malware, among other findings.
Arbor Networks analyzes Athena DDoS malware. Arbor Networks published an analysis of the Athena malware, capable of launching distributed denial of service (DDoS) attacks, stealing information, and downloading other malware.
Sinowal and Zbot Trojan collaborate in new attack. Researchers at Trend Micro observed a variant of the ZeuS/Zbot Trojan working in collaboration with a new Sinowal Trojan to attempt to make ZeuS’s job easier by disabling the Trusteer Rapport security software. The two Trojans are dropped by the Andromeda backdoor attached to malicious emails.
Pwn2Own crackers leave iOS and Samsung mobe security IN RUINS. Two teams competing in the PacSec 2013 Pwn2Own competition demonstrated methods to compromise security and steal personal information from a Samsung Galaxy S4 running Android and an Apple device running iOS version 7.0.3 and iOS 6.1.4.
Cybercriminals use new Linux backdoor to steal information from companies. Symantec researchers identified a cybercriminal operation that carried out an attack against a large hosting provider using a new Linux backdoor, dubbed Linux.Fokirtor that was able to gain access to usernames, passwords, emails, and possibly financial information. The backdoor hides inside server processes that could give the attack away and prompt security reviews.
Adobe Flash Player 11.9.900.152 addresses critical vulnerabilities. Adobe released a new update for Flash Player, closing two critical memory corruption vulnerabilities. Users were advised to install the updates as soon as possible.
Smartphone PINs skimmed with microphone and camera. Researchers at the University of Cambridge created a program called PIN Skimmer which can utilize a smartphone’s camera and microphone to guess a high proportion of PINs, demonstrating how a malicious program could harvest device PINs and passwords.
Vulnerabilities in RunKeeper allowed cybercriminals to run XSS worm. A security researcher found and reported a cross-site scripting (XSS) and a cross-site reference forgery (CSRF) vulnerability in the RunKeeper app that could have allowed cybercriminals to develop a worm capable of stealing user cookies, collecting private data, or distributing malware. RunKeeper fixed the vulnerabilities after being notified.
Banking malware infections rise to highest level since 2002. Trend Micro released a report for the third quarter of 2013 which found that over 200,000 new banking malware infections were observed between July and September, the highest rate in 11 years. The report stated that ZeuS (also known as Zbot) malware was the most common type of malware, and that the U.S. was the most affected country, among other findings.
Automated hacking tools swarm Web site login pages. Incapsula monitored access attempts at the Web sites of 1,000 of its clients and found that malicious automated tools accounted for 94 percent of access attempts. The tools can be used to find weak passwords and other vulnerabilities.
Bitcoin wallet Inputs.io hacked, 4,100 BTC stolen. Inputs.io notified users that attackers breached the bitcoin wallet service and stole around $1.1 million in bitcoins during two attacks. The attackers were able to compromise email accounts, reset passwords, and bypass two-factor authentication by exploiting server vulnerability.
Cybercriminals opting for real-time malware campaigns and phishing. Commtouch released a report for the third quarter of 2013 and found that the time between news events and phishing attacks that exploited them averaged only 22 hours and that the number of phishing Web sites increased by almost 35 percent during the quarter, among other findings.
Cybercriminals use Android Trojan Svpeng for mobile phishing. Researchers at Kaspersky found that the Svpeng Android Trojan has been enhanced with the ability to perform mobile phishing attacks targeting online banking and credit card information. The Trojan currently targets Russian users but is already equipped with the ability to check for operating system language versions.
Microsoft warns of zero-day attack on Office. Microsoft warned users of a zero day vulnerability in some versions of Office on systems running older versions of Windows. Microsoft offered a fix-it tool until a comprehensive patch can be issued.
Harbor Freight Tools hacked, payment processing system compromised. Harbor Freight Tools began notifying customers of a payment processing system breach that may have exposed customers’ credit card numbers, expirations dates, and CVV codes. The breach concerned transactions that occurred between May 6 and June 30.
Over 1.9 million of Adobe hack victims used “123456” as password. Stricture Consulting Group published a list of the most common passwords used by Adobe customers whose information was part of a major data breach and found lax password practices among many users, with “123456” used by 1.9 million users.
Hackers take limo service firm for a ride. CorporateCarOnline, a limousine and town car service, was found to have been the target of cybercriminals after a plain text archive of more than 850,000 customers’ credit card numbers, names, addresses, transaction records, and other private information was discovered on the same servers where stolen information from PR Newswire and Adobe Systems Inc. was found. Customers whose information was exposed included members of Congress, celebrities, and business executives.
Adobe passwords leaked by hackers not properly encrypted. Researchers found that most customer passwords exposed during a recent Adobe breach could be decrypted due to the passwords being encrypted using Triple DES encryption, which could leave clues to the passwords in the hashes. Adobe confirmed the encryption use, but passwords created within the last year used a newer form of encryption and are not at risk.
Fake LinkeIn profile gathering info for targeted attacks. Websense researchers identified and reported an account on LinkedIn likely being used by cybercriminals to collect information for targeted attacks. The account is used to view potential targets’ profiles and to attempt to redirect users to a dating Web site with an IP address and Autonomous System Number associated with past malicious activity.
Upatre Trojan downloads malware that downloads malware. Researchers at Microsoft’s Malware Protection Center reported a spike in Win/32.Upatre infections in recent months, with a spam campaign distributing the Trojan in malicious attachments. The Trojan then downloads additional malware after it infects a system.
New malware variant suggests cybercriminals targeting SAP users. Researchers at Doctor Web observed a new variant of a banking Trojan that also contains code to search infected systems for SAP client applications, possibly as a first step to targeting SAP users in the future.
Searching for “Google Chrome download” on Yahoo can result in malware infection. ThreatTrack Security researchers discovered that searching for “Google Chrome download” on Yahoo’s search engine can lead users to malicious Web sites via sponsored ads. The malicious sites then attempt to install a variant of the Sirefef/ ZeroAccess malware.
Mavericks Mail’s spam-spewing ‘flaw’ was scripted by red-faced user. Cloud messaging service FastMail retracted a report regarding Apple OS X Mavericks that caused large volumes of spam emails to be generated after finding that the issue was inadvertently caused by an applescript written by one of their employees.
HTTP 301 redirections lead to trouble for mobile apps. Researchers at Skycure found that thousands of mobile apps developed for Apple iOS can be forced to display fake or malicious content due to vulnerability dubbed HTTP Request Hijacking.