Malware detected in Martel’s cameras used by police department

iPower Technologies, a U.S security company and network integrator, has discovered a copies of Conficker malware in the Martel Frontline Camera with GPS, one of the largest manufacturers of police in-car video systems in America, whose product is being sold and marketed as a body camera for official police department.

The Florida-based company, which is currently working to develop a cloud based video storage system for government agencies and police departments to store and search camera video, said that it had received cameras from the supplier Martel Electronics were loaded with 2009's baddest botware.

It was not the first time, the Conficker flaw was discovered in late 2008 when researchers found that the malware, which at that point had already infected millions of PCs, had been set to perform an unspecified update activity on April 1, 2009.

Jarrett Pavao and Charles Auchinleck, researchers from the security company, found that when the cameras were connected to a computer, they tried to execute the Worm ‘Win32/Conficker.B!inf variant’.

“When the camera was connected to a computer, iPower's antivirus software immediately caught the virus and quarantined it.  However, if the computer did not have antivirus actively protecting the computer it would automatically run and start propagating itself through the network and internet, iPower said in a post.

"In the iPower virtual lab environment, packet captures were also run on the infected PC to view the viruses' network activity using Wireshark. The virus, classified as a worm virus, immediately started to attempt to spread to other machines on the iPower lab network, and also attempted several phone home calls to internet sites," the post added.

After the findings, iPower said to have tried to contact Martel Frontline Camera in order to report the flaws. However, the company concerned is yet to give any response. 

A Threat that encrypts data on offline mode

Researchers at Check Point Technologies have discovered an ‘offline’ ransomware that encrypts files on the infected machine without communicating with a command and control (C&C) server.

The ransomware which mainly targets Russian users, has been in existence since around June 2014. Since then, a dozen files have been released and the latest among them is CL which was made available in mid-August.

Security products detect various versions of the threat as Ransomcrypt.U(Symantec),Win32.VBKryjetor.wfa (Kaspersky) and Troj/Ransom-AZT (Sophos).
After the threat infects a computer, it encrypts important files after which it changes the desktop background to a message in native language, ‘Russian’ informing the users about their encryption of files.

Victims are then asked to pay between $300 and $380; depending on how fast they pay up, to receive a decryption tool and the key needed to recover their files.

Due to its offline feature and detachment from C&C server, it becomes more difficult for security solutions that identify threats based on their communications to detect and neutralize the malware.

According to Check point researchers, the malware is designed only to encrypt files and it does not have much other functionality. However, its efficiency on its function is high enough which makes it impossible to recover files without paying the ransom.

The beginning (first 30000 bytes) of each file is encrypted using two buffers of digits and letters that are randomly generated on the infected machine. The encryption process includes taking each original byte along with one byte from each of the randomly generated buffers and performing mathematical operations on them.

The remainder of each file (if it exists) is encrypted using an RSA public key (“local”) that is randomly generated on the infected machine, along with the matching local RSA private key required for decryption of the data.

The randomly generated buffers and the local RSA private key that are required for decryption are added as metadata to each encrypted file, and are then encrypted using three hardcoded RSA 768 public keys that the offender created in advance (“remote”). The matching remote RSA private keys required to unlock the metadata are located on the attacker’s side.”

Ransomware campaigns are highly profitable for cyber criminals who can make huge amounts of cash by encrypting files of Russian users. 

Marshmallow OS to get patch for two critical Android bug

Google has patched seven of its code execution vulnerabilities in which two of them were rated critical, while four were high and one was moderate. This was the fourth round of Android patching since August this year.

Two flaws, which give attackers remote code execution, that were rated critical include libutils (CVE-2015-6609) and mediaserver (CVE-2015-6608) holes. The holes can be exploited by sending crafted media files to the affected devices.

Google informed their “partners’ about the patch on October 5, and the patch code is set to be available on Nexus, Samsung, and Android Open Source Project, but it will be first available for its latest Marshmallow Android operating system.

In its advisory Google said that, "The most severe of these issues is a critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files."

"During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media."

Privilege elevation bug is solved in libstagefright library which was separate from StageFright vulnerabilities reported by Zimperium researcher Joshua Drake earlier this year.

Vulnerabilities in Bluetooth (CVE-2015-6613), the mediaserver (CVE-2015-6611), the telephone app (CVE-2015-6614), and libmedia (CVE-2015-6612) were also patched.

Google says “exploitation is made harder on the security-improved Marshmallow Android platform.

Remote Code Execution Vulnerabilities in Mediaserver
Remote Code Execution Vulnerability in libutils
Information Disclosure Vulnerabilities in Mediaserver
Elevation of Privilege Vulnerability in libstagefright
Elevation of Privilege Vulnerability in libmedia
Elevation of Privilege Vulnerability in Bluetooth
Elevation of Privilege Vulnerability in Telephony

Cyber threats may well face an insurance vacuum, firms need to look after themselves

Anecdotal evidence suggests that the global insurance industry is unwilling to play ball on writing cyber insurance policies. Companies are facing unprecedented cyber threats and thus seeking ever larger cyber insurance covers. Insurers, however, are either unwilling to write policies, or are writing limited policies at a fat cost or with significant conditionalities. Firms are looking for US $ 1 billion covers, but the insurers are not biting.

It is not hard to understand the predicament of insurers. As it stand today, cyber insurers face a situation of information asymmetry, there is none or very limited actuarial insights available. No insurer has a clue as to what hidden vulnerabilities exist in a company’s IT set up - software, websites, network, data centres and processes. How can the insurers know when companies themselves do not fully understand their vulnerabilities?

The task for insurers is made even more difficult by the fact that attacks may not aimed at a big firm directly. The recent attack on iOS (Apple) app store suggests that hackers may have discovered another route to compromise the internet – by infecting machines of software developers writing legitimate programs and apps. Developers are a huge, globally dispersed (geopolitical risks) and logical target for hackers, and this approach may be harder to defend against.

Further, insurers also need to take into account that one lives in the days of internet linked business ecosystems which include multiple partners and suppliers of various sorts, apart from outsourced software development. Smaller, less prepared, less equipped members of ecosystems offer hackers a easier route to sneak into the systems of the big firms

The situation gets extremely complicated when one considers the size of cyber threats. One estimate of annual cost of cybercrime to global economy ranges from US $ 375 bn – US $ 575 bn. That’s a lot of money, and the reluctance of insurers to write out policies to protect against hugely expensive and unknown threats is unsurprising to say the least. Attackers are remotely located, face no direct/immediate physical threat and are unafraid to take risks.

Testing for vulnerabilities is a deeply technical issue. When one is faced with situations such as Advanced Persistent Threats (APT) and 0 Day Vulnerabilities, it needs to be borne in mind that businesses are up against attackers typically belong to organised criminal groups, mafia groups, Black Hat hacker groups or state backed groups.

APT attack happens when committed adversaries persistently utilise advanced technologies to compromise targets. Extremely hazardous 0 Day exploits (vulnerabilities found by hackers and never reported to security vendors) are found in Operating Systems, Application Software, Browsers, Antivirus Software, Firewall, and Internal Application Software. On an average, twenty 0 Day vulnerabilities exist in any given server. O Days have the greatest amount of success and damage rates and least probability of detection by firewalls/IDS/AV's etc.

The problem is also compounded by lack of senior management involvement in a vulnerability assessment and penetration testing similar exercise. This is a matter that cannot be left to systems administrators or developers who are better equipped to remediate security issues than discovering vulnerabilities.

Given the reluctance of insurers to play ball, companies may have little choice but to look after themselves. The buck needs to stop at the desk of senior management and Boards need to ask difficult questions. Cyber threats are strategic in nature and as such a strategic response is called for to defend against financial and non-financial damage.

Constant vigilance, vulnerability assessments and penetration testing are essential for defence. Companies also need to utilise country-cyber espionage and counter-intelligence techniques to protect themselves against cyber-attacks, as well as inject themselves with a healthy dose of paranoia.

Author: Prasanna J, Founder of Cyber Security and Privacy Foundation(CSPF)

Cyber Attack on America’s Thrift Stores exposes credit card numbers

A charity store chain, America’s Thrift Stores discovered on Friday (October 09), that it had been become the victim of a malware-driven security breach which originated from a third-party service provider’s software to process credit card payments in Alabama, Georgia, Louisiana, Mississippi and Tennessee.

America’s Thrift Stores is a for-profit organization which operates 18 donations-based thrift stores throughout the southeast United States that collects used clothing and household items from local communities and sells them for a profit, which it shares with Christian charities.

The Birmingham-based company’s CEO, Kenneth Sobaski declared ina statement released that no customer names, phone numbers, addresses or emails were exposed, but credit card numbers were revealed.

The hack appears to have affected transactions between September 01 and September 27.
The organization cautioned the customers who feared for their data to be compromised to contact their card issuer or bank immediately, and to report any suspicious activity was discovered.

The malware has been removed from the stores’ computers, and purchases outside of those dates should not be at risk.

Security journalist, Brian Krebs stated in his blog that there were indications that data stolen from America's Thrift Store was already being used to create new counterfeit cards with details obtained from several banking sources who confirm a pattern of fraud on cards used at America’s Thrift Stores.

The company assured that U.S. Secret Service is investigating the breach.

The store chain employs over 1,000 employees and turns donated items into revenue to its non-profit partners for their causes. The store chain is estimated to pay out over $ 4 million annually toward its partners.

This store chain is not the only charity organization whose systems have been targeted by cyber criminals.

Last year, Goodwill Industries International’s system was breached which processed payments for twenty Goodwill members, representing roughly 10 percent of all stores.

Its investigation revealed that the attackers had access to the third party vendor’s systems for a year and a half, and leveraged point-of-sale (PoS) malware to steal data which they used for fraudulent purchases.

In these breaches, the problem does not arrive with the Operating system but the biggest problems have to do with various levels of access being given to third party businesses. The organizations fail miserably in protecting their level of access that makes these breaches possible and damaging.

The breach of America’s Thrift stores may be the repetition of Target breach that took place recently. Using easy passwords across the gamut of critical systems lead to such hacks. The Target’s security breach should have been a huge wake-up call for businesses everywhere to adapt and evolve their IT security practices.

Danske bank fixes several vulnerabilities that could allow hackers to get into bank accounts

Most of us prefer to keep money at our bank accounts than to keep at home as we believe that banks are safer in comparison to our homes. But, you must get panicked, once you read a blog post by Sijmen Ruwhof, Freelance IT Security Consultant and an Ethical Hacker.

He has published a bank review entitled “How I could hack internet bank accounts of Danish largest bank in a few minutes”  in which he revealed that any hacker could easily get into the website of Danske Bank, one of the largest banks of Denmark, and get access to the users accounts.

His in-depth technical post explains the extent to which Danske Bank is vulnerable to hacking.

He discovered the vulnerability in August when he got intrigued with the idea of testing Bank’s security while interacting with a group of Danish hackers at the Chaos Communication Camp (CCC), near Berlin.

During the interacting program, security experts and Whitehat hackers were disappointed with the terrible security implementations adopted by many Danish Banks.

“I opened up the Danske Bank’s website and was curious to see how the HTML code looked like, so opened the code of the customer login screen of the banking environment. I strolled thru the code to get a grasp of the technology used,” the security researcher wrote in the blog.

Then he saw JavaScript comments that seemed to contain internal server information. Not just a few variables, but quite a lot of confidential data.

“It was in URL encoded format, so I decoded it right away. Really wondering what kind of secrets it contained,” he added. I was shocked. Is this happening for real? In less than a minute on their web site, this is just the HTML code of the login screen, one of the most visited pages of Danske Bank’s web site.”

The researcher said that he could see IP address of a probable customer via variable HTTP_CLIENTIP while visiting Danske Bank’s website. Similarly, HTTP_USER_AGENT contains an operating system and web browser details.

He warned that variable HTTP_COOKIE was visible and full of information; credentials of a customer could be hijacked in a very few time.

According to the researcher, Danske Bank doesn’t use a secure HTTPS connection to transport customer banking traffic; as variable HTTPS was OFF and SERVER_PORT carried value 80. The bank is still using COBOL code on their backend; for (Customer Information Control System) CICS and Database handling.

However, the good news is bank has patched all the vulnerabilities only after the researcher had uploaded his findings on his blog.

Negligence of Experian puts T mobile’s 15 million records at stake

Third biggest mobile company in U.S, T mobile’s CEO, John Legere is angry again and for a very obvious reason as this time highly personal records of some 15 million users have been leaked through one of the largest credit agency data brokers in the world, Experian.

The information exposed names, addresses, and social security, driver’s license and passport numbers of the customers. The license and passport numbers were in an encrypted field, but Experian said that encryption may also have been compromised.

The massive security breach was first discovered on September 15, 2015 which impacted customers who registered for T mobile between September 01, 2013 and September 16, 2015.

Legere broke the sad news in a post on the company's website which displayed his frustration over the incident.

The post read as below:
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian."

Experian took immediate action upon finding the breach. It secured the server, initiated a comprehensive investigation and notified U.S. and international law enforcement.

In the most obvious manner in which the companies react on their security being breached; Experian too is offering those impacted by the break-in two years of free credit monitoring and identity theft resolution services.

There have been a series of high-profile hacks of businesses and other organisations in recent years impacting millions and sometimes tens of millions of records, including adultery website Ashley Madison, Sony Pictures, and retailers such as Home Depot, Target, and eBay.

Theft of personnel records from the U.S. government this year, a 2014 breach on JPMorgan Chase and a 2013 attack on Target Corp's cash register systems were also some of them.

The irony is that a company which handles the personal information of many Americans had not been able to protect the information of customers who applied for T mobile services.
It is the second massive breach linked to Experian.

An attack on the company's subsidiary happened in 2012 which exposed the Social Security numbers of 200 million Americans and prompted an investigation by at least four states, including Connecticut.
Though the security breach will adversely affect both the companies but T Mobile is trying to put all the blame on Experian.
In one o it’s FAQ , it read-

“Experian has taken full responsibility for the theft of data from its server.”
Both the companies had made it clear that no credit card or banking data was exposed. Yet, the hoard of T-Mobile customer data can still be used for assembling profiles for identity theft.

If consumers can’t pressure data aggregators like Experian into securing their secrets, perhaps the consumer-facing companies who collect that information can.

Will 'Green Dispenser' Take of all your Money?

(pc- google images)
ATM malwares are no myth to the cyber world and this time is no different than the earlier. a team of security researchers from PointProof have unraveled the veil off a new malware, named GreenDispenser, that gives the capability to hackers to attack compromised ATMs and drain all of it's cash.

This malware acts on the basic principle of a primitive DDoS action in which the machine displays an 'out of service' message on the screen but in the meanwhile can crack open the bank vaults through correct pin number, looting a lot of money with no trace of robbery at all.

Such kind of activities were first reported in Mexico and similar abuses have been reported in other countries ever since. GreenDispenser, unlike its predecessors, Ploutus and Tyupkin; requires no physical access for the installation procedure and hence makes it easier for the hacker to break into the machine and subsequently; the server.

It is being doubted that cyber criminal bosses now have an mobile app that provides them with a two-step encryption and creates a firewall of authorisation for malwares such as GreenDispenser itself.

ProofPoint, in another post explained such encryption; an extract from which is given below:-
GreenDispenser employs authentication using a static hardcoded PIN, followed by a second layer of authentication using a dynamic PIN, which is unique for each run of the malware. The attacker derives this second PIN from a QR code displayed on the screen of the infected ATM. We suspect that the attacker has an application that can run on a mobile phone with functionality to scan the barcode and derive the second PIN – a two-factor authentication of sorts.

Now, these malwares are evolving with the passage of time, making ATMs more vulnerable. ATMs being the primary target results as a threat to the financial institutions. Thus, security with credit and debit card credentials should be also enhanced accordingly. The question arises; How long to completely secure the parameters?

Once again a malicious application found on Google Play Store

Researchers at Check Point Threat Prevention have detected a malicious application and said to have affected some one million people, which was published twice in the Google Play Store. The malware was packaged within an Android game called “Brain Test”.

According to the researchers, the malware was reported to Google Play twice. Each instance had between 100,000 and 500,000 downloads as per the Google Play statistics. Check Point reached out to Google on September 10, 2015, and the app containing the malware was removed from Google Play on September 15, 2015.

“The malware was first detected on a Nexus 5 smartphone, and although the user attempted to remove the infected app, the malware reappeared on the same device shortly thereafter. Our analysis of the malware shows it uses multiple, advanced techniques to avoid Google Play malware detection and to maintain persistency on target devices, the researchers wrote in a blog post.

Although, the reported the malware to Google, and the company concerned removed the app from the Google Play Store, it manages to bypass malware detection through several sophisticated techniques. It also installs an application similar to itself and so these two monitor the removal of each other and actually protects each other from being removed.

The researchers suggested that in order to prevent yourself from the malware, you must have an up-to-date anti-malware software on your mobile device. It has already infected anyone’s phone, he/she has to re-flash it with an official ROM.

Lackadaisical VAPT leads to big hole in Cyber Security

Vulnerability analysis and penetration testing (VAPT) is the bedrock for cyber security. How can one fix problems if one does not know what the problem is? Ignorance is no bliss when it comes to cyber security - one estimate of annual cost of cyber crime to global economy ranges from US $ 375 billion – US $ 575 billion. That’s a lot of money.

Pity then that many companies undertake VAPT as an eye wash for ISO 270001, to secure for themselves a compliance certificate. IT vendors/IT Consultants are usually tasked with undertaking VAPT, and these firms in turn outsource it further to so called specialists, sometimes without the clients’ knowledge.

Vulnerability testing is deeply technical issue. When one is faced with situations such as Advanced Persistent Threats (APT) and 0 Day Vulnerabilities, it needs to be borne in mind that businesses are up against highly skilled and creative hackers. Such attackers typically belong to organized criminal groups, mafia groups, Black Hat hacker groups or state backed groups.

APT attack happens when committed adversaries persistently utilize advanced technologies to compromise targets. Extremely hazardous 0 Day exploits (vulnerabilities found by hackers and never reported to security vendors) are found in Operating Systems, Application Software, Browsers’ like Chrome, Firefox, Antivirus Software, Firewall, and Internal Application Software. On an average, twenty 0 Day vulnerabilities exist in any given server. O Days have the greatest amount of success and damage rates and least probability of detection by firewalls/IDS/AV's etc.

The lack of seriousness with respect to VAPT also extends to the “purchasers” of such services. Businesses are not fully equipped to understand the complexities of VAPT. One has heard of instances where a firm sought to dictate the nature of a Test, the date, time and even the server and port/s to be tested. All this fussiness may be relevant when it comes to a haircut, but not in the context of a VAPT. Hackers, of course, are famous for not following any rules whatsoever and thumbing their noses even at hyperactive cyber defenses, leave alone amateurish ones.

The crux of the whole problem appears to lack of senior management or CISO involvement in a VAPT or a similar exercise. This is a matter that cannot be left to systems administrators or developers who are better equipped to remediate the security issues than discovering vulnerabilities.

The lack of senior management attention is often seen in the nature of testing firms recruited to undertake the assignment. Inferior manpower (tool runners abound), no post exploitation skills, - no access to ultra critical 0 Day exploits, no APT “War Gaming” skills, no real white hat hackers on board with practical experience (only people with some theoretical knowledge), limited skills on network analysis – these are some of the downsides of testing firms normally used.

Businesses need to address such issues by ensuring senior level, even board level involvement in cyber security. Further their cyber security vendor selection process needs to be more precise and demanding. Vendors need to have very deep domain knowledge, years of penetration testing experience, sophisticated tools, access of hundreds of 0 Day exploits, and staffed by established and well networked bug bounty hunters and white hat hackers.

J Prasanna
Founder, Cyber Security & Privacy Foundation

Researchers say North Korea behind attacks exploiting a Korean word processing program

Recent reports had confirmed that the relations between the two Koreas (North and South), which were bad for years, now showed some signs of improvement. After Seoul and Pyongyang had exchanged reconciliatory gestures and expressed their willingness to talk. There was even a rather high probability that the third intra-Korean summit would happen in near future.

However, the situation might go in other direction after reading a PDF report by FireEye, a U.S-based security company that provides automated threat forensics and dynamic malware protection against advanced cyber threats. The report says that North Korea is likely behind cyber-attacks that have focused on exploiting a word processing program widely used in South Korea.

Genwei Jiang and Josiah Kimble, authors of the report, identified several malicious documents in the wild that exploit a previously unknown vulnerability (CVE-2015-6585) in the Hangul Word Processor (HWP). HWP, published by a South Korean company, is a Korean word processing application.

“It is widely used in South Korea, primarily by government and public institutions. Some HWP programs are frequently used by private organizations, such as HWP Viewer. The payloads and infrastructure in the attack are linked to suspected North Korean threat actors. Hancom patched CVE-2015-6585,” the authors said in the report.

The authors have said that only a handful of attacks have been publicly attributed to the secretive nation, which is known to have well-developed cyber capabilities.

According to them, if the malicious HWP file is opened, it installs a backdoor which FireEye nicknamed "Hangman", which is used for downloading files and probing file systems and similar to backdoor FireEye calls Peachpit, which may have been developed by North Korea, the report said.

Once Hangman has collected data, it sends it to command-and-control servers over an SSL (Secure Sockets Layer) connection. The IP addresses of those servers are hard-coded into Hangman and have been linked to other suspected North Korea-related attacks.

“While not conclusive, the targeting of a South Korean proprietary word processing software strongly suggests a specific interest in South Korean targets, and based on code similarities and infrastructure overlap, FireEye Intelligence assesses that this activity may be associated with North Korea-based threat actors,” the authors added.

According to a news report published in PCWorld, one of the most prominent instances was the devastating attack in November 2014 against Sony Pictures, which lost sensitive corporate data and email and saw many of its computers rendered inoperable.

“In a rare move, the FBI blamed North Korea for the Sony hack based on an analysis of malware suspected to have been developed by the country and used in other attacks,” the news report added.

Mozilla patches severe vulnerabilities in its Bugzilla bug tracking system

Mozilla confirmed on September 4 that an attacker, stole its security-sensitive vulnerability information from its Bugzilla bug tracking system and then he got accessed to information about unpatched zero-day bugs.

However, Mozilla has now patched all the flaws that allowed the attacker to get the accessed. Similarly, the company concerned said that it would take its own security more seriously than before.

It is also said that the attacker used it to attack Firefox users, the maker of the open-source Firefox browser warned Friday.

“The attacker acquired the password of a privileged Bugzilla user, who had access to security­sensitive information. Information uncovered in our investigation suggests that the user re­used their Bugzilla password with another website, and the password was revealed through a data breach at that site,” Mozilla said in an FAQ on the breach.

The one bug that was exploited in the wild was used to collect private data from Firefox users who visited a Russian news site.

The attacker accessed approximately 185 bugs that were non-public. Among them, 53 were said to be severe vulnerabilities. Mozilla claims that 43 of the severe flaws had already been patched in the Firefox browser by the time the attacker accessed the bug information. That leaves 10 bugs that the attacker had access to before they were patched, and that's where the potential risk to Firefox users lies.

“The earliest confirmed instance of unauthorized access dates to September 2014. There are some indications that the attacker may have had access since September 2013,” the company said.

The company said that during its investigation it found out that the user re­used their Bugzilla password with another website, and the password was revealed through a data breach at that site.
Firefox security lead Richard Barnes detailed what Mozilla is now doing to improve Bugzilla's security.

"We are updating Bugzilla's security practices to reduce the risk of future attacks of this type," Barnes wrote. "As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication."

Stay alert Security Researchers as Fake Recruiters send you invitation on LinkedIn

 a fake invitation on LinkedIn   
A report published in Security Week confirms that LinkedIn accounts of security researchers across the globe have been recently assaulted with recruitment requests from a series of fake accounts in what appears to be an attempt to map their networks.

Sabari Selvan, Senior Researcher at Cyber Security and Privacy Foundation, has received a fake LinkedIn invitation from Jannine Viray who asked him to send his updated resume to jannine.viray[at] as her company needed a mobile security researcher.

It is said that the targeted security professionals might receive multiple recruitment invitations per day. from Talent Sources’ supposed employees over the course of several days, yet they might want to steer clear of them.

The fake recruiters keep an attractive woman’s picture in the profile to attract the people. However, soon after the account details and the picture are changed, provided that the profile does not disappear entirely.

However, they used legitimate logo, copied from a real business, that its Twitter account hasn’t been updated since January, that it uses and egg and only two tweets have been ever posted, and that some of the LinkedIn accounts in question have already disappeared.

According to the news report, another Fox-IT’s Yonathan Klijnsma raised a flag on this activity a few weeks back and explained the manner in which the so-called “recruitment” works, but could not offer specific details on the purpose of this type of activity.

F-Secure's Sean Sullivan took a closer look at these accounts and discovered that they were all for people supposedly working for Talent Src (Talent Sources) and that each was seemingly focused on a particular type of specialist.

“The profile pictures of some of these so called recruiters were found to be flipped copies of images on Instagram and on some legitimate LinkedIn accounts, while their specialties and areas of interest were revealed to be at least questionable,” the report added.

In May 2014, cyber intelligence firm iSIGHT Partners outed a group of Iranian threat actors, who were found using more than a dozen fake personas on popular social networking sites to run a wide-spanning cyber espionage operation since 2011.

“These credible personas then connected, linked, followed, and “friended” target victims, giving them access to information on location, activities, and relationships from updates and other common content,” iSIGHT Partners said.

Ola leaks personal information of its customer, claims a girl

A girl from Chennai claimed that OlaCabs, famous as Ola, a mobile app for personal transportation in India, had sent personal information of more than 100 customers to her via SMS.

Swapnil Midha posted on Facebook that the Ola, which started as an online cab aggregator in Mumbai, now based out of Bangalore and is among the fastest growing businesses in India, leaked personal details such as mobile numbers, locations of users.

However, the company regarded it as a technical fault and confirmed that it has been fixed now.

“About three weeks ago, I booked an Ola cab for a long distance drive. After the ride I received a few garbled texts from "VM-OLACAB" that I didn't think much of and ignored. These messages were alpha-numeric with hashes and made no sense to me whatsoever. I assumed there was some system error and did not anticipate the sleep deprivation that followed,” she wrote on Facebook.

She added, “My phone beeped throughout the night. 1:06, 2:34, 2:37, 2:38, 4:05, 5:17. I couldn't get my head around why these were coming at these times. I then called their call centre the next day to explain that there was probably some sort of bug and my number had somehow gotten into their highly cryptic message transmission systems, whatever secrets they were trying to transmit.”

Although, the Ola assured her to fix the problem soon, she had been receiving SMS after SMS. She received text between 300 and 400.

“I received no further communication from them, no update, no email, just more garbled messages,” she explained. I reached out to them through every channel possible. I called their call centre at least 5 times, demanded to speak to the senior managers, and had to explain my problem each time in great detail, answering the same annoying questions.”

She said that the company shared personal details of their customers throughout the day and throughout the night.

“What scares me the most, is that THIS should be their number one priority. I questioned their lack of concern for privacy and data protection. I threatened to report them to the authorities and TRAI. Nothing seemed to work which makes you think - do they even care about protecting customer information? If they are sending all this to me, who are they sending MY booking details to? Whose number is receiving all of my data? Which creepy criminal knows my full name, my mobile number, my door number, my account details, when I'm home and when I'm out?” she added.

The girl has raised a serious question which the company concerned need to answer as soon as possible. If this, one of the most trusted companies like the Ola does such careless, what do we expect from others?  

Chinese Hackers targeting Indian institution to steal information

If we had to believe FireEye Inc, a US-based cyber security firm, hackers based in China are now targeting India to steal information about its border disputes and diplomatic intelligence.

The relationship between these two countries once broke in 1962 when both of them fought with each other over border issues. However, the situations between these countries have become a bit cool when Modi government came in power.

It is also said that the hackers were also active a month before the PM Modi visit to China.   
Now, it seems the cyber threat would make the thing worse as it was before.   

As per the company, an advanced campaign over the past four years has targeted more than 100 people, 70 percent of whom are in India. Earlier this year it identified a decade-long cyber espionage operation against businesses and governments in Southeast Asia.

“These attacks on India and its neighbouring countries reflect growing interest in its foreign affairs,” Bryce Boland, FireEye’s chief technology officer for Asia Pacific, said in the statement.

Along with the Indian institutions, the hackers also targeted Tibetan activists and others in Southeast Asia, in particular government, diplomatic, scientific and educational organizations, the security company said.

According to a news report published in The Financial Times, the hackers sent so-called spear phishing e-mails with Microsoft Word attachments appearing to relate to regional issues. Those messages contained a script which would create a “backdoor” in infected machines, allowing access to programs without detection by security measures.

Hackers leak more data from Ashley Madison, Biderman’s email along with millions users’ data exposed

Until now, hackers had revealed the personal details of Ashley Madison, a Canada-based online dating service and social networking service marketed to people who are married or in a committed relationship, users’. It seems they have a big plan as they recently hacked the emails of the site's founder and CEO of parent company Avid Life Media, Noel Biderman.

As Biderman tried to convince the reporter that the previous data breach was not true, this time the hacker posted a message for him which says, "Hey Noel, you can admit it's real now."

Along with the CEO, the millions of email addresses for customers of the dating site that facilitates extra-maritnal affairs were revealed, including those of US government officials, UK civil servants and executives at major corporations.

The hackers got accessed through emails sent and received by him. The file with Biderman's name on it has contained nearly 14 gigabytes of data.

According to a published in The Independent, the U.S. Defense Department and Postal Service is investigating the alleged use of military and other government email accounts on the site.

Executive Director of the Louisian Republican party Jason Doré told the Times-Piscuyune paper he was on a list of accounts because the site was used for "opposition research."

New Android Serialization vulnerability which can change a malicious app to a real one

A research team from IBM X-Force Research and Development, a famous commercial security research and development teams across the world, has found out that more than 55 percent of Android phones are at risk of a high-severity serialization vulnerability. Along with it, the researchers have also found several vulnerabilities in Android software development kits (SDKs), which can allow hackers to own apps.

The Serialization vulnerability could allow an attacker to give a malicious app with no privileges the ability to become a “super app” and help the cybercriminals own the device.

The researchers posted a video, in which shows how the malware works.

“Once our malware is executed, it replaces a real app with a fake one, allowing the attacker to exfiltrate sensitive data from the app and/or creates a perfect phishing attack. We replaced the real Facebook app with a fake one called Fakebook,” the team said.

Similarly, other vulnerabilities found in third-party Android SDKs and allow arbitrary code execution in the context of apps that use these SDKs. This executed code can, for example, steal sensitive information from the attacked app.

“The discovered vulnerabilities are a result of the attacker’s ability to control pointer values during object deserialization in arbitrary apps’ memory space, which is then used by native app code invoked by the runtime’s garbage collector (GC),” the researchers explained.

Although, the flaws have been fixed, the researchers feel that a general problem deserves a general mitigation, reducing the impact of such serialization attacks.

“Since bundles are very common in Android’s IPC, we suggest changing the bundle’s behavior from one that automatically instantiates all of its values to a lazy approach, such as retrieving only the values of keys it is asked for,” the researchers added.

ICANN hacked again, users need to reset their password

Internet Corporation for Assigned Names and Numbers (ICANN), has confirmed that an unauthorized person obtained its account holders’ usernames, email addresses and encrypted passwords for profile accounts created on its public website ( last week.

This is not the first time that the company's website got hacked.

According to a news report published in ZeeSome ten months ago, the company’s website had been hacked by hackers, who accessed its internal system following a spear phishing attack in November, 2014.

The company posted in its website on August 5 that these profile accounts contained user preferences for the website, public bios, interests, newsletter subscriptions, etc.

It is said that the encrypted passwords (hashes) are not easy to reverse however, for the users safety the company has urged all its users to reset their passwords.

“When you next visit our site, please go to the login page and click the forgot password link: to create your new password,” the company explained.

“There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization,” the post read. While investigations are ongoing, the encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider.”

Bug allows Hackers to open locked Biometric Fingerprint Doors

Researcher has uncovered various flaws in a Taiwan-based Chiyu Technology's fingerprint access controller which could allow hackers to easily open the locked doors.

The researcher, Maxim Rupp has said that the vulnerabilities allow the attacker to view and modify the existing configuration of the device without authentication by directly accessing known paths. 

The path (CVE-2015-2871) varies slightly depending on model and services available.

According to an advisory published on July 31, the paths for accessing communications, fingerprint and other setup pages vary depending on the model and the services that are available, CERT/CC.

“It has identified models BF-660C, BF-630, BF-630W as being vulnerable; other models may also be vulnerable. The CERT/CC has been unable to verify this information with the vendor. The CVSS score below is based on CVE-2015-2871,” the advisory read.

According to a story published in SecurityWeek, the researcher said that by gaining access to the controller’s fingerprint setup page, an attacker could modify settings, such as “security level” and “sensitivity,” to make it easier to open the door protected by the device. An attacker can also change the device’s network settings and disconnect it from the targeted organization’s network.

“The researcher has also found that some of the vulnerable biometric devices are accessible via the Internet, which allows an attacker to exploit the weakness remotely. An attacker might be able to carry out other actions as well once he gains access to the controller’s configuration pages, but the expert says he hasn’t conducted further tests,” the report read.

The researcher said that there were several other companies that which sold the same devices under a different brand.

The flaws were reported by the researcher to Chiyu Technology via CERT/CC on May 29. CERT/CC. However, the company concerned has not managed to get in touch with the manufacturer.

It is still unclear that when the company will fix the flaws in the fingerprint access controller.

Antivirus software maker Bitdefender hacked, customers data leaked

It has been proved that no one is safe here from hackers. Even the security firms, which are supposed to protect us, get hacked.

Recently, an award-winning antivirus software maker and security software company has been hacked.

As per news reports, Bitdefender customers’ usernames and passwords leaked during the attack. It has confirmed that its system was breached following rumors that someone was holding the Romanian firm to ransom. The company has failed to encrypt its customers’ login details.

After getting into the company’s information, the crooks demanded $15,000 in order to keep its customers’ details safe.

They threatened the company that they would reveal the swiped customer records. However, it is said that they have put some information online.

The company has informed that the issue has been solved and additional security measures have been taken to prevent its customers from hacking.

A password reset notice was sent to all potentially affected customers, representing less than 1 per cent of our SMB customers.

“This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted. Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness,” the company explained.