Breaking News »

Latest Hacking News

Now, Microsoft says goodbye to common passwords

(pc-google images)

After the LinkedIn debacle, Microsoft says it will stop users from choosing easily guessable passwords in a bid to prevent a repeat of the former’s recently resurfaced fiasco. 

Microsoft’s Alex Simons said that his firm will try to avoid the same thing happening to it by preventing users from making lazy choices in passwords. 

(pc-google images)
Following last week's leak of 117 Million LinkedIn customer email credentials, Microsoft has detailed how it's using the leaked list and others like it to prevent Microsoft Account users from picking passwords that appear frequently in stolen data.

Microsoft will soon launch a new Azure Active Directory (AD) feature that will let admins stop users from picking easily-guessed passwords. Microsoft will roll out the feature to over 10 million Azure AD tenants in coming months. 

IT admins will have the ability to lock down corporate email accounts automatically if the username and password for those accounts match credentials in a newly-leaked list.

Microsoft runs the list of compromised credentials through a system that compares hashes of the passwords with those stored with live accounts. If it identifies an at-risk account, Microsoft locks it and prompts the user to verify their identity and reset their password. This capability will be available with Azure AD users.

Andrew Tang, service director of security at MTI said that there is very little risk with the initiative.
“We are trusting Microsoft to store and secure that password, as it will need to be check every time it's used.  Like all other systems, it's just an algorithm to check how the password is structured.”

1.4 billion yen stolen in japan atm heist

In Japan an international credit card fraud has come to light in which about 1.44 billion yen or more than $13 million was illegally withdrawn with forged credit cards from 1,400 automated teller machines in convenience stores around the country.

The cash was withdrawn within a space of 5 am to 8 am by more than 100 burglars on May 15. The time chosen avoided immediate detection of criminals.

The thieves apparently went to ATMs like those found in 7-11s across Japan and swiped 1,600 counterfeit South African credit cards, created using information from cards issued by South Africa's Standard Bank. Since the money machines would only let them take about $900 at a time, the hackers made thousands of withdrawal.

Suspecting the involvement of international criminal organization, the police are planning to cooperate with overseas investigative organizations.

According to Reuters Africa, Standard Bank is estimating its total losses at 300 million rand ($19 million). The bank said none of its customers will suffer the losses from the international fraud scheme.

The ATMs are in Tokyo, Kanagawa, Aichi, Osaka, Fukuoka and other prefectures.

Police intend to identify the suspects by analyzing the images recorded by security cameras. They also plan to examine how the credit card data was leaked, in cooperation with the South African authorities via Interpol.

The fraud came to light following a report from a bank that installed some of the ATMs.

The heist comes as credit card networks like Visa and MasterCard are trying to move world markets toward uniform acceptance of chip-based cards, which are considered less vulnerable to fraud than magnetic stripe cards.

TeslaCrypt releases master key as it shuts down

TeslaCrypt has shut down and the security researchers of ransomware have created a tool that can decrypt files affected by recent versions of the malicious program.
Over the past few weeks, an analyst for ESET had noticed that the developers of TeslaCrypt have been slowly closing their doors, while their previous distributors have been switching over to distributing the CryptXXX ransomware. 
When the ESET researcher used the support chat on the Tesla payment site to ask if they would release the master TeslaCrypt decryption key. To his surprise and pleasure, they agreed to do so and posted it on their now defunct payment site with an apology for their acts.
“Project closed, master key for decrypt XXX…XXX, we are sorry.”
It is hard to believe that the crooks really were sorry, but it seems that the master was genuine. The decision appears to kill off the net menace.
TeslaCrypt, which first appeared in early 2015 often targeted gamers, landed on systems through malicious downloads; web domains which load exploit kits and phishing campaigns. As ransomware, TeslaCrypt infected systems and encrypted user files, sticking up a landing page and removing access to the PC until a ransom is paid, usually in virtual currency Bitcoin.
What made TeslaCrypt a particularly severe case is that the developers behind the malware were very active, and researchers found it difficult to crack the software before new, even more sophisticated versions were released into the wild.
The program had some moderate success in the beginning, earning its creators $76,522 in less than two months. However, in April 2015, researchers from Cisco Systems discovered a flaw in the ransomware program that allowed them to create a decryption tool for some of its variants.
The number of TeslaCrypt attacks spiked in December and starting with version 3.0.1 of the program, which appeared in March, all encryption flaws were fixed and the existing decryption tools were rendered ineffective. That lasted until Wednesday.
A TeslaCrypt expert has been able to use the master key to update the TeslaDecoder decryption software to unlock all versions of the ransomware which are encrypting files with the .xxx, .ttt, .micro, .mp3 or extensionless files without giving into the malware's demands for payment.
With the release of the master decryption key for TeslaCrypt, victims can now download TeslaDecoder to decrypt files encrypted by TeslaCrypt.
Each computer, or more commonly each file, uses a unique, randomly chosen key that is never saved on disk, so it can’t be recovered directly.
Instead, the file encyption key is then itself encrypted using a public key for which only the crooks have the corresponding private key.
It is all-but-unheard-of for ransomware authors to release a master key capable of decrypting all infected files.

Adobe Patches Flash Zero-day Vulnerability

Adobe has released a patch to fix several security-related problems with its Adobe Flash Player. Adobe released its monthly security patch that included fixes for 25 security issues, including the zero-day. It has updated Flash Player for Windows, Mac and Linux to address the vulnerabilities.

The company made an announcement to draw attention to the zero-day exploit (CVE-2016-4117) discovered by security researcher Genwei Jiang from FireEye.

While Adobe’s pre-notification advisory only mentioned CVE-2016-4117, an advisory published by Microsoft for Flash library updates for Internet Explorer and Edge showed that a total of 25 flaws would be fixed.

Adobe has also released updates for Reader, Acrobat and Cold Fusion to fix nearly 100 vulnerabilities.

Last month, Adobe had pre-announced and patched a similar Flash zero-day that allowed attackers to deliver the Cerber and Locky ransomware families.

Updates for Flash running on Windows, Mac and Linux have been released and are available for download. The latest Adobe Flash Player version numbers are for Windows and Mac, and for Linux distros.

Vulnerability »

Malware Report »

Defacements »

Spam Report »