Fake Verification of Twitter account could lead to Phishing and Credit Card theft

The verification of somebody's account on Twitter is a pretty big deal as you as an user cannot do anything about it. It is only if you are recognizable by thousands of people that Twitter verifies your account.

The chance to get a verified account on Twitter can seem very tempting and that is how somebody operating Twitter account 'Verified6379' is scamming people into divulging their payment details.

The user which claims to be an 'Official Verification Page' of Twitter redirects you using a shortened Goo.gl URL and lands you on a page that looks like twitter.

The page then demands secure information like username, password, credit card numbers and others to verify your account.

The URL has seen over 18,000 hits over the last month.

British lady lost £50,000 in a “phishing scam”

Beware of doing any Online transaction as a lady from London has claimed that she lost £50,000, her life savings in a “phishing scam”.

According to a report published on BBC, the 59-yeat-old Vivian Gabb told in the Victoria Derbyshire’s, a British journalist and a broadcaster, was in the middle of buying a house when her email got hacked by the crooks.

She said that she was conned out of her life savings by scammers who sent her a 'phishing' email with instructions to wire the money to the “bank”.

She was unaware that every email she wrote and received was being monitored by criminals.

According to her, the criminals sent her a message disguised as a follow-up email from her solicitor and asked her to deposit nearly £50,000 into their account.

According to the news report, the Get Safe Online,  an internet safety advice website, says more than half (51%) of people in the UK have been a victim of an online crime, and 15% of people have been victims of either attempted or successful hacks of their email account.

Malwarebytes offers pirates a free one year license

Software companies have been serving the general public for years. But in this process, starts the raging war between the companies and the so-called "crackers" who try to counterfeit genuine products in order to promote piracy.

This creates a loophole in the distribution part of the products. This battle has seen some technical advancement in preventing counterfeiting of the services.

While Microsoft has implemented a product activation procedure for the Windows Operating system and its Office suite, some of the premiere gaming company have a registration process into their servers in order to activate the game, declining which the game becomes unavailable for playing. Yet, there is a continuous struggle amongst the "cracking " society to crack the softwares for free access and piracy.

While this struggle has accelerated with time, a company has finally decided to allow the vicious pirates to gain legit access to their product. Malwarebytes, a premium security firm has initiated Amnesty, a program to enable the users who have procured the serial key from piracy dealers or have downloaded it from the internet, to reissue their security key for free. This reissued key will provide the user with premium access to Malwarebytes Anti-Malware for a period of 12-months.

The company states that the internet has good pioneers as well as bad pirates. While the pioneers work hard day and night in order to provide users with state of the art services, pirates try to dupe people into buying pirated versions of Malwarebytes Anti-Malware.

"Amnesty program has initiated providing free replacement keys to the premium customers who have been facing inconvenience because of pirated keys or software abuse for Malwarebytes Anti-Malware".

To ease it up, you can start by downloading the latest version of Anti-Malware Premium(direct link to download). Once you are done with the installation, the activation setup is initiated, where you have to enter your illegal activation key and proceed. This redirects you to the dialog box which gives you the option to select "I’m not sure where I got my key, or I downloaded it from the Internet". The company then issues you with a new key along with a 12-months free premium membership.

This has been started by Malwarebytes, who are providing one of the best security suites and anti virus tools in the market.

Samsung will unblock Windows Updates “within few days”

South-Korean multinational company, Samsung will release a software patch for its PCs “within a few days” that has been disabling Windows Update.

The conglomerate company has issued a statement on Friday assuring its users that it would  correct the problem, which was initially discovered earlier this week, in the coming days.

The spokesperson of the Samsung wrote in the statement, “Samsung has a commitment to security and we continue to value our partnership with Microsoft. We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days.

“Samsung remains committed to providing a trustworthy user experience and we encourage customers with product questions or concerns to contact us directly at 1-800-SAMSUNG FREE,” the statement read.

Patrick Barker, Microsoft researcher, shared on his blog that he discovered a file named Disable_Windowsupdate.exe after assisting a user in troubleshooting his Samsung computer. With this program installed, Windows users will have to manually install Microsoft's patches to update their computers.

He found out that with Disable_Windowsupdate.exe, even if Samsung users already re-enabled the "Install updates automatically" option on Windows Update, once the computer rebooted, the program will inconveniently return the Windows system to manual updates.

The researcher then reported the flaw to Samsung's support team. However, the company explained that it had to create a program that would prevent Windows Update from overwriting Samsung's default hardware drivers such as those for its USB 3.0 ports.

The spokesperson said in the statement that in order to satisfy their consumer, they are providing option to choose if and when they want to update the Windows software on their products.

Although, it has not been disclosed that how many Samsung computers were affected by the Disable_Windowsupdate.exe, it has programmed to work on all computers with Windows XP and higher, across different language settings.

Some reports mentioned that Samsung users have been complaining about this issue since April.

BadOnions : Bad TOR exit nodes attempts to login with sniffed password


A security researcher spent a month to find bad TOR exit nodes by setting up a honeypot kind of website which has a fake login page - To find the nodes that sniffs the traffic and attempts to steal the password.

Tor protects its users by bouncing their communications around a distributed network of relays runs by volunteers all around the world.

Chloe wrote in a blog, “A few weeks ago I got the idea of testing how much sniffing is going on in the Tor network by setting up a phishing site where I login with unique password and then store them. I do this with every exit node there is and then see if a password has been used twice, if that's the case I know which node that was sniffing the traffic.”

According to the researcher, he bought a domain with a tempting name (such as bitcoinbuy) and then created a sub-domain(admin.) by using vhost and set up a simple login.

He used a simple login script that allowed any password ending wiht "sbtc".  He created a random password ending with "sbtc" (eg:d25799f05fsbtc) and used it via tor nodes.

The script also saves the login attempts and successful logins in a file with user agent, IP and time - This will help him to find the bad nodes.

“The results are not so surprising, but what is most surprising about this is that 2 nodes with the 'guard' flag had logged in twice. Also, none of these nodes has been flagged even though I reported them to Tor.” Researcher said in his blog.
He released the result of the test; He tested more than 130k Exit nodes within 32 days. He found that there were 12 failed-login attempts, 16 successful logins that had not come from the researcher.

Cisco announces its intent to acquire OpenDNS

 
Cisco announced on June 30 its intent to acquire OpenDNS, a security company which provides advanced threat protection for any device, anywhere and anytime based in San Francisco.

It is said that the acquisition will boost Cisco's Security everywhere approach by adding broad visibility and threat intelligence from the OpenDNS cloud delivered platform.

According to the press statement issued by the organization, the OpenDNS team will join the Cisco Security Business Group. As per the agreement, Cisco will pay $635 million in cash and assumed equity awards, plus retention based incentives for OpenDNS. The acquisition is expected to close in the first quarter of fiscal year 2016, subject to customary closing conditions.

The press statement said that the burgeoning digital economy and the Internet of Everything (IoE) are expected to spur the connection of nearly 50 billion devices by 2020, creating a vast new wave of opportunities for security breaches across networks. The faster customers can deploy a solution, the faster they can detect, block and remediate these emerging security threats.

“OpenDNS' cloud platform offers security delivered in a Software-as-a- Service (SaaS) model, making it quick and easy for customers to deploy and integrate as part of their defense architecture or incident response strategies. By providing comprehensive threat awareness and pervasive visibility, the combination of Cisco and OpenDNS will enhance advanced threat protection across the full attack continuum before, during and after an attack,” the statement read.

The statement added that OpenDNS' broad visibility, unique predictive threat intelligence and cloud platform with Cisco's robust security and threat capabilities will increase awareness across the extended network, both on- and off-premise, reduce the time to detect and respond to threats, and mitigate risk of a security breach.

Hilton Romanski, Cisco chief technology and strategy officer, said that many people, processes, data and things connected because of which opportunities for security breaches and malicious threats grow exponentially when away from secure enterprise networks.

“OpenDNS has a strong team with deep security expertise and key technology that complements Cisco's security vision. Together, we will help customers protect their extended network wherever the user is and regardless of the device,” Romanski added.

New Trojan that hides in PNG images affects healthcare organizatons

A new Trojan named the Stegoloader Trojan has been reported. The most victims claimed by this trojan are based in healthcare organizations in the US.

This new Trojan hides itself in PNG imaged to infiltrate personal computers of people and collect information. The malware hides in the pixels of the images.

The trojan hides in PNG images so it is able to circumvent security measures like network firewalls and personal antivirus software.

This malware was first spotted in 2013, but since then it has been reworked many times and multiple versions of Stegoloader now exist. Dell was the first company to report this malware.

Out of all the Stegoloader victims, 42 percent are in the healthcare industry.

Penn State University Becomes Victim To Yet Another Cyberattack


Penn State announced that it has detected another cyber attack.  The recent attack has been confirmed by the university on its’s College of Liberal Arts server. 
Penn State has stated that several systems have been compromised by cyberattacks; which have been accounted as two in number by anonymous threats.

FireEye cyber forensic unit, Mandiant has taken over the case and has been trying to investigate and analyse the attacks, that took place on the 4th of May; Seven weeks since then, the university now states that no harm has occurred in regards to the personally identifiable information(PII) or any other research data, since the it had introduced advances cybersecurity measures after the attacks on the College of Engineering servers.

Mandiant’s spokesperson, Nick Pelletier revealed that the attacks took place for the first time in 2014 within a 24-hour time period, while the latter breach was taken into action during March to May in 2015. Mandiant is not sure if the attackers are the same chinese group that attacked engineering.

Nick Jones, vice-president of Penn State in an official statement said that advanced monitoring systems have been introduced into the entire university network with constant support of Mandiant and the the attackers will be soon tracked down.

The attacks in the state university systems have created a threat for federal systems. Where any PII or research data was not compromised, some college-issued usernames and passwords were stolen and accessed. As a result, all the compromised accounts are being renewed and more information can be gathered from http://securepennstate.psu.edu.

Trend Micro discovers vulnerability in Android debugger "Debuggerd"


Trend Micro has found a new vulnerability that exists in phones running Android IceCream Sandwich to Lollipop.

The vulnerability in the debugging program of Android, Debuggered, allows a hacker to view the device's memory and the data stored on it.

You can create a special ELF (Executable and Linkable Format) file to crash the debugger and then you can view the dumps and log files of content stored on the memory.

The glitch in itself is not a big threat but the type of data it can give a hacker access to can lead to a difficult situation.

Google is said to be working on a fix in the next version of Android for this.

Beware of CryptoWall Ransomware, victims reporting losses totaling over $18 million


FBI's Internet Crime Complaint Center's (IC3) data shows CryptoWall as the most current and significant Ransomware affecting millions of individuals and businesses in US.

CryptoWall and its variants have been targeting people since April 2014, between April 2014 and June 2015, the IC3 received 992 CryptoWall related complaints, with victims reporting losses totaling over $18 million.

The victims incurs ransom fees between $200 and $10,000, there are additional costs which includes network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.

The system becomes infected when the victim visits or clicks on the infected advertisement, email, attachment  or  infected websites- The malware encrypts the victim's file stored on the infected machine. Ransomware schemes demand payment in Bitcoin as  it is easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

Victims can register the complaint to local FBI field office, or may also file a complaint with the IC3 at www.IC3.gov.