QR-codes on historical buildings of Russian city Astrakhan that led to Adult sites have been removed

Hacker reportedly changed website location of the QR-codes on historical buildings of Russian city Astrakhan and replaced them with adult website link. There was no technical detail provided how hacker was able to change the location of QR code.

When residents and guests of the city scanned QR-codes, their phones opened resources for adults, instead of sites with historical references.

Galina Goteeva, the Minister of Culture and Tourism of the region, said on March 15 that the signs with QR codes on the historical buildings of Astrakhan were changed.

QR-codes on historically significant buildings of Astrakhan were placed a few years ago. It was assumed that people can get a historical reference about the building after scanning the code with a mobile phone. Already in November last year, the Media reported about QR codes leading to porn sites and dating sites for quick sex.

In fact, the Regional Ministry of Culture for a long time struggled with the elimination of porn content, the signs were removed with great difficulty. And only at the end of the year sex traffic was stopped completely.

However, it is still a mystery why the signs with QR-codes hung for so long and why they were not promptly replaced. In total, there are at least 15 signs. QR-codes stopped working more than a year ago, but officials did not pay any attention to it: first, the pages gave an error, and later they began to lead to porn sites.

Hackers Delivering New Muncy Malware Worldwide through DHL Phishing Campaign

With malicious intentions of targeting the users across the globe, attackers are reported to be disseminating new dubbed Muncy malware in the form of EXE file through DHL phishing campaigns.

Resorting to malspam emails, DHL phishing is amongst the most far-reaching campaigns which distributed several sophisticated malware. They made it appear legitimate by exploiting the deplorable configuration of SMTP servers and by employing email spoofing techniques.

DHL is a company of global repute which specializes in providing express mail services, international couriers and parcels. The reputation of the well-established company took some hits by the cybercriminals as they abused it to distribute malware. 

They did so by configuring the malicious emails to appear to be coming from DHL express. The email comprised of an infected attachment in PDF format.

How the malware is executed?

As soon as the targeted user accesses the PDF attachment, Muncy Trojan file sneaks into the system. Then the packed malware is unpacked and once unpacked it scans the whole C:\ drive for the files containing sensitive data. 

Expert takes

Commenting on the matter, Pedro Tavares, Founder, and Pentester at CSIRT.UBI told the GBHackers, “The phishing campaign is trying to impersonate DHL shipment notification and the malware is attached in the email.”

“This malware is on the rise and is affecting user’s in-the-wild while stealing sensitive information from their devices.”

Scammers disguise themselves as divisions of the Central Bank of Russia

Cyber Criminals performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million.

The attackers disguised themselves as divisions of the Central Bank FinCERT and Alfacapital. It is known that the attacks were carried out by hacker groups Silence and Cobalt, who had previously organized cybercrime. Also along with them operated a new hacker group, which had not been seen before.

The scheme of crimes was the same: the scammers on behalf of the FinCERT division of the Central Bank sent out malicious documents with macros. In addition, a compromised account of an employee of the company Alfacapital was used.

Representatives of many banks confirm the frequent attacks. The criminals tried to penetrate the infrastructure of the financial organization for the withdrawal of money.

The IT-company Positive Technologies conducted their own statistics and found that over 201 million people suffered from such attacks in 2018.

Moreover, banking infrastructure was attacked in 78% of cases, web resources - 13 %, ATMs and POS-terminals - 9 %, personal data - 39% , credential theft , card information, trade secret - 5%, personal correspondence and other information - 8%.

In addition, on February 18, Kaspersky Lab recorded an increase in attacks by Buhtrap and RTM banking Trojans in Russia. At the end of last year, experts recorded an increase in the activity of the banking Trojan RTM 50 times, compared to 2017.

Over 200 Million Chinese CVs Compromised On The Dark Web

Over 200 Million Chinese CVs Compromised Online

Recently, a database comprising of over 200 million Chinese CVs was discovered online in a compromised position where it was laid bare for the dark web to devour. Naturally, it spilled explicitly detailed information.

Having lacked, fundamentally basic security endeavors, the database exposed some really personal data of people.

The database encompassed their names, addresses, mobile phone numbers, email addresses, education details and other what-not.

The much detailed information on the base was developed by persistently scouring various Chinese job sites.

Reportedly, the director of the researching institution cited on the issue that at the outset, the data was thought to be gained from a huge classified advert site, namely, BJ.58.com.

Nevertheless, BJ.58.com, vehemently denied the citation and their relation with this accident.

They had thoroughly analysed and checked their databases and found nothing questionable, hence reassuring that they had no role to play in the data leakage.

They also mentioned that certainly some third-party CV website “Scraper” is to blame.

It was via twitter that the news about this data cache first floated among people, and soon after that, it was removed from Amazon cloud where it had been stored.

But, as it turned out while further analyzing, before it was deleted it had previously been copied around 12 times.

There has been a series of incidents where the Chinese have been cyber-affected, and this data loss is the latest of all.

From online rail bookings to allegedly stealing rail travelers personal data, the early days of January were quite bad for the Beijing people.

Reportedly, in August last year, the police of China were busy investigating a data breach of hotel records of over 500 million customers.

Personal data, including the booking details and accounts, registration details and other similar information were leaked.

Also, the Internet Society of China had released a report wherein the several phishing attacks and data breaches the country’s residents had faced were mentioned.

UK spymasters suspect Russia is using Kaspersky to spy on people


British Intelligence service is reportedly worried that Kaspersky Antivirus offered by Barclays to its customers may be being used by Russian Intelligence agency to spy, according to The Financial Times.

An unnamed official told The Financial Times that GCHQ, British intelligence agency has concerns over widespread distribution of Kaspersky in the UK.

Intelligence officials fear that this might allow Russia to gather intelligence from the computers of Government employees members of the military who are customers of the Bank and have downloaded the software.

The Financial Times added that "No evidence suggests that any data of Barclays customers have been compromised by use of Kaspersky software on their computers."

However, the bank said they were planning to end the deal with Kaspersky for commercial reasons that doesn't have any connection with the GCHQ concerns.

Kaspersky denied the allegations and said the company does not have inappropriate ties with any government.

"No credible evidence has been presented publicly by anyone or any organization. The accusations of any inappropriate ties with the Russian government are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company." Kaspersky said.

Earlier this year, US Spymasters and FBI chief said that they do not trust software from Russian antivirus company Kaspersky.

- Christina

Russian hackers stole 60.5 million rubles using malware

According to the Ministry of International Affairs of Russian Federation, two natives of the Sverdlovsk region stole more than 60.5 million rubles from Petropavlovsk-Kamchatsky (center of Kamchatka Krai) Bank and another commercial organizations.

Irina Volk, official representative of the MIA, said that hackers were able to access the computers of the affected organizations using Malware.  Stolen money was transferred to the Bank accounts of front organizations and cashed.

Criminal cases of illegal access to computer information and cybercrime will be heard soon. According to the first case, hackers can face up to five years imprisonment. According to second, they can face up to ten years with a fine up to one million rubles.

It is known that they have another partners. The investigation against hacker group continues.

According to Ilya Sachkov (CEO and founder of Group-IB), 100% effective safeguards against cyber attacks does not exist, but every organization can reduce the risks and improve protection of banks. The most important thing for organizations is creation their own Information Systems and Security Division.

- Christina

Putin Says Number of Cyber attacks against the Russia grew three times

The number of attacks launched against Russian Cyberspace has increased significantly in the recent years, President of Russian Federation Vladimir Putin said at the annual board meeting of the Federal Security Services on February 16.
"The Number of cyber attacks against official information databases has tripled in the past year compared to 2015", — said the President.

On 11 February, Oleg Salagai, the Director of the Department of public health & communications Ministry, said that unknown hackers attacked the official website of the Health Ministry. The attackers failed to gain access to any personal data or classified files.

Making Indian Cyberspace Secure!

At a time when Cyber attacks are increasing with every passing day, the Indian government on Tuesday (February 21) launched a Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) which is a desktop and mobile security solution for maintaining a secure Cyber space in the country.

India’s IT and Electronics Minister, Ravi Shankar Prasad through its Computer Emergency Response Team (CERT-in) launched the M-Kavach tool in New Delhi which offers a comprehensive mobile device security solution for Android devices addressing threats related to mobile phones. The new solution will notify, enable cleaning and secure systems of end-users to prevent further infections.

"Launched 'Cyber Swachhta Kendra' (Botnet Cleaning and Malware Analysis Centre), an imp milestone in various initiatives taken on Cyber Security," tweeted Prasad. Botnets fundamentally is a program which is automated and runs on a computing device which can be any IoT/smart device. The attacks taking place using botnets are called Distributed Denial of Service (DDoS).

* Botnet Cleaning and Malware Analysis Centre (Cyber Swachhta Kendra) -

India has been ranked 3rd in bot-net distribution. Its a good move for Indian government to clean the computers.  CERTIn has chosen an Indian product for this.

Research by CSPF(Non profit organization) found that Malwarebytes / Avast anti-virus free anti-virus are more effective in removing viruses/bots.

The free product chosen by CERTIn also advertises that botnet cleaning tool is not replacement to anti-virus. "The vendor is trying to sell his other anti virus solutions which is totally unacceptable" according to an US based anti virus company.

"Antivirus and botnet cleaners should be constantly maintained,  Who is going to do this CERTIn or Indian vendor?" asks the US based anti-virus company.

According to CSPF "some samples of botnet were missed by this tool", the tool should have a facility to report malware missed by this tool.

"Launched USB Pratirodh, which will control the unauthorized usage of removable USB storage media devices like pen drives, external hard drives. Launched App Samvid, to protect Desktops from suspicious applications from running," the minister added.

USB Pratirodh is a desktop security solution that controls the usage of removable storage media like pen drives, external hard drives and other USB-supported mass storage devices.

AppSamvid is a desktop solution which protects systems by allowing installation of genuine applications through white listing. This helps in preventing threats from malicious applications.

According to Cyber Security & Privacy Foundation "Some of these tools developed by CDAC including white listing tool is far more complex for a normal user to understand.  White listing tool does not detect .msi files and other extension". 
Executable blocking / allowing has to be manually done. Most end users don't understand white listing, they don't know which to allow/block when there is an issue. users should not end up locking their own computers. Auto white listing that is available in some famous anti viruses should be included.
The reason cyber security is an issue among common man is because common man does not understand anything technical. If using the tool is more complex then the actual problem how are we going to solve the problem says a college student.

He also suggests "video should be released by CDAC showing what the tool is about and how to install and run" in multiple languages. 

During the launch, Prasad said that the 13 banks and Internet service providers are using this government facility presently and the government will co-ordinate with other ISPs and product/antivirus companies to spread its usage for a safer online space.

Prasad said that this Kendra will also enhance awareness among citizens regarding botnet and malware infection along with measures to be taken to secure their devices.

The minister also announced that the National Cyber Coordination Centre will be operational by June 2017 and CERT-Ins will be set up at state level as well.

"The government will set up 10 more STQC (Standardization Testing and Quality Certification) testing Facilities. Testing fee for any start-up that comes up with a digital technology in the quest of cyber security will be reduced by 50 per cent. We will also empower designated forensic labs to work as the certified authority to establish cyber crime," Prasad noted.

The move comes at a time when over 50,300 cyber-security incidents like phishing, website intrusions and defacements, virus and DDoS attacks have been observed in the country during 2016.

As per the information reported to and tracked by CERT-In, a total number of 44,679, 49,455 and 50,362 cyber-security incidents were observed during the years 2014, 2015 and 2016, respectively.

The Cyber Swachhta Kendra is part of the government of India’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY). The Cyber Swachhta Kendra complies with the objectives of the National Cyber Security Policy which aims at creating a secure cyber Eco-system in the country.

The botnet and malware cleaning analysis centre was announced in 2015 with an outlay of Rs. 100 crores.

Industry experts wonder about the 100 crore outlay if it is going to used for building antivirus/botnet cleaning software, honeypots to track bots and take down botnets.

The threat of Cyber security has become more serious and visible in the past few years in the country. There is a need to collaborate and come forth with more solutions like the Cyber Swachhta Kendra. It was a much-needed move by the government. It should not be just another public relation exercise but it should be effective.

You can download the tools from here:

Cyber Insurer sued after company loses $480K in CEO Fraud

A Texas-based engineering firm, Ameriforge Group Inc. or popularly known as AFGlobal is suing its cyber insurance provider, Federal Insurance Co., a division of insurance giant Chubb Group for refusing to cover a $ 480,000 loss following an email scam that impersonated the firm’s chief executive.

AFGlobal claims of having the papers to prove that scammers impersonating AFGlobal’s CEO convinced the company’s accountant to wire $ 480,000 to Agricultural Bank of China.

According to documents filed with the U.S. District Court in Harris County, Texas, the policy covered up to $3 million, with a $100,000 deductible. The documents indicate that from May 21, 2014 to May 27, 2014, AFGlobal’s director of accounting received a series of emails from someone claiming to be Gean Stalcup, the CEO of AFGlobal.

After the demand was fulfilled, the email sender then asked for an additional $ 18 million.

The firm expects some payout from its insurer for this incident but the insurer expects all this to go away.

CEO Fraud schemes are an increasingly common and costly form of cybercrime. According to the FBI, thieves have stolen nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.

The chief financial officer of one of New Zealand’s largest learning institutions had left her job after falling for an email “whaling” scam.

The executive director of finance at Te Wananga o Aotearoa, Bronwyn Koroheke, transferred $US 79,000 ($118,000) to an offshore bank account after receiving an email which appeared to be from her chief executive Jim Mather telling her to send the money which was actually sent from Chinese-based fraudsters running a whaling scam.

In such a scenario, the FBI has urged businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels such as telephone calls to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media.

Source: KrebsOnSecurity

Mozilla awarded $2,500 to security researcher

Security Researcher Ashar Javed, recently discovered three bugs with Mozilla add-ons portal and that had been exploited via "Create new collection" feature.

It was discovered that malicious codes could be inserted in collection of  Mozilla Add - ons . These ad - ons are basically used to organize add-ons for business and personal purposes and can be shared on social media as well.

“Given that the Mozilla add-on site has millions of downloads, it is easily possible for the attacker to convince the victim to visit the collection page,” the expert told SecurityWeek.

Users were later exposed with all kinds of virus attack that could be carried via XSS flaws  and most common attack was cookie theft.

Websites are generally vulnerable to  XSS flaw, add-on collections are very useful for Firefox users, so for discovering the issue Mr Javed recieved $2,500 from Mozilla. There were two other bugs discovered about which Mozilla did not reveled any information apart from the location.

This is not the first time that he had received the heavy amount, Google awarded him $3,000 for a reflected XSS in the main search bar of the YouTube Gaming website.

Smart devices at risk with three-year-old vulnerability

A total of 6.1 million smart TVs, routers and phones are at risk due to a three-year-old vulnerability which has not been patched by many vendors.

The problem came due to a loophole in the portable SDK for UPnP™ Devices or libupnp that allows a buffer overrun to run arbitrary code on an affected device that can give the attacker ability to take control of the device.

Devices that do not have defenses such as data execution prevention and address space layout randomization are ast risk because of this.

This library is used to implement media playback (DLNA) or NAT traversal (UPnP IGD). Apps on a smartphone can use thtese features to play media files or connect to other devices within a user’s home network.

This is the reason why researchers think China's behind the attack on Australia's BoM and why Chinese criminals target journalists.

Although a patch was issued for the component in December 2012, a global security software company, Trend Micro found 547 apps used an older unpatched version of it. 326 out of them are available on Google Play store, including high-profile apps such as Netflix and Tencent QQMusic.

The vulnerability is also found widely in 3G and 4G cellular USB modems and routers.

The campaign first installs "Pony," then a "cocktail" of malware that harvests credentials before encrypting files.

The concern is growing to look over how manufacturers of devices such as routers and smart TVs deal with security vulnerabilities that emerge in their products.

Android and iOS developers need to be keep an eye out for security fixes when including 3rd party libraries that use c/c++ and updating apps accordingly.

World Bank site hacked to launch PayPal phishing page

A report published in SecurityWeek confirmed that the official website of a World Bank’s Climate Smart Planning Platform (CSPP) project had been hacked by two hackers which, was later used to host a well-designed PayPal phishing page.

According to the news report, the CSPP project, which focuses on helping developing countries create and implement climate-smart policies, was ideal for phishing attacks as it used an Extended Validation (EV) SSL certificate issued by Comodo for the World Bank Group.

Since the website carried EV and SSL certificate issued for the World Bank Group, it gave the phishing website enough credibility for the visitors to easily fall for it.

It is said that the certificate gives the “highest available level of trust” as it is offered after an extensive verification process.

After that it displays the name of the owner.

Now, the PayPal phishing site tricked the visitor into logging in with their PayPal credentials. Soon after, the data was submitted and stolen, the user was prompted that the site was unable to load the user’s account and required confirmation of their personal information.

The site then required the user to share their email address, name, postal address, date of birth, and phone number.

Then, it asked the user to verify their PayPal payment information, including credit card number, expiry date, its CVV number, and 3D Secure password if the card required verification. After collecting this personal and payment information, the phishing site then directed the user to the legitimate PayPal website.

The phishing page was hosted on climatesmartplanning.org, the fact that the green address bar in the browser displayed “World Bank Group” might have convinced users that the page was legitimate.

According to various news reports, the same CSPP website was also targeted by a different type of hacker. Although, the phishing page was removed by the CSPP webmasters, the site’s homepage was defaced by an Iraqi hacker who appears to deface random websites in an effort to boost his reputation among his peers.

Today, the site’s EV certificate has been revoked.

Teenager who hacked US and British government website faces jail

A British teenage hacker has been warned by the Birmingham Crown Court that he faces possible jail time for bringing down the FBI's and the Home Office's website.

Charlton Floate  (19) has pleaded guilty to three counts under the Computer Misuse Act and three charges for possessing prohibited images.

Charlton's lawyers argued that their client was only on the outside of the whole conspiracy and not deeply involved in the matter but the court has ruled out that possibility saying that Charlton is a very intelligent man who is an expert in computer marketing.

The judge quoted in the hearing, "A successful attack on the FBI.gov website is regarded by hackers as the Holy Grail of hacking. It was this which he attempted and, indeed, achieved.He was the person who instituted such attacks and assembled the tools and personnel for doing so."

The FBI site was down for about five hours where as the Home Office site crashed for 83  minutes.

PayPal fixes serious vulnerability in its domain

Photo Courtesy: Security Down

A serious flaw in PayPal Holdings Inc, an American company which operates a worldwide online payments system, has been patched. The flaw could have allowed an attacker to trick users into handing over their personal and financial details.

The flaw, which was detected by Ebrahim Hegazy, was caused by a stored cross-site scripting (XSS) bug in the SecurePayments.PayPal.com domain, which is used for PayPal’s hosted solution that enables buyers to pay with a payment card or their PayPal account, eliminating the need to capture or store sensitive payment information

“I’ve found a Stored XSS vulnerability that affects the SecurePayment page directly which allowed me to alter the page HTML and rewrite the page content, An attacker can provide his own HTML forms to the user to fullfill and send the users data back to attacker’s server in clear text format, and then use this information to purchase anything in behave of users or even transfere the users fund to his own account,” the researcher posted in his blog.

According to the Egypt-based researcher, a malicious actor could have set up a rogue shopping site or hijacked a legitimate website, and alter the “Checkout” button with a URL designed to exploit the XSS vulnerability.

The flaw could allow the attacker to change the contents of the SecurePayments page and display a phishing page where the victim is instructed to enter personal and financial information. The collected data is then sent back to a server controlled by the attacker, the researcher explained.

The researcher, who had found a serious flaw in Yahoo domain last year, reported about the vulnerability to PayPal on June 19. The payment processor confirmed patching the flaw on August 25.

After that, the company concerned awarded Hegazy $750 for his findings, which is said to be the maximum bug bounty payout for XSS vulnerabilities. 

FBI catches teen accused of Swatting

A teenager from Texas has pleaded guilty to swatting and giving bomb threats to a Minnesota high school after being caught by the FBI.

The 19 year old Zachary Lee Morgenstern is accused of pulling off various swatting incidents in the Marshall, Minnesota area from Octover 2014 to May 2015.

Zachary is also accused of threatening a police officer and his family.

The FBI got hold of Zachary by sending a subpoena to Google to get details of one of Zachary's email accounts.

The FBI zeroed in on Zachary by using a twitter handle and a Google email id.

Russian APT attackers control the Hacked Machines using Twitter, Github

Russian APT attackers have used an advanced type of backdoor which tries to avoid detection by adding layers of obfuscation and mimicking the behavior of legitimate users. 

The attackers used popular legitimate websites such as Twitter, Github and other compromised web servers to send instructions and steal data from the compromised machines, according to a APT report published by the security firm FireEye.

The group is known as APT29, which creates an algorithm that generates daily Twitter handles and embedding pictures with commands. 

The attackers post instructions for their backdoors in a tweet, which contains a URL and a hashtag.  The malware will download contents hosted in the specific URL including all images in the page. 

They hide the data and other instructions within an Image file using a technology called Steganography. 

The Hashtag contains a number representing a location within the image file and a few characters that should be appended to the decryption key.  The key will be used for retrieving the data stored in the  image.

The instructions also contains where to upload the stolen data - It uploads to a specific account on a cloud storage service using the login credentials.

APT 29 is suspected to be in Russia since it is active during normal working hours in Moscow.

SEBI comes up with cyber security policy for stock exchanges, depositories and clearing corporations

Securities and Exchange Board of India (SEBI), which established in 1988 to regulate the securities market in India, asked stock exchanges, depositories and clearing corporations to put in place a system that would prevent systems, networks and databases from cyber attacks and improve its resilience.

According to a report published on LiveMint, the SEBI said these Market Infrastructure Institutions (MIIs) need to have a robust cyber security framework to provide essential facilities and perform systemically critical functions of trading, clearing and settlement in securities market.

“As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, the MII should formulate a comprehensive cyber security and cyber resilience policy document to put in place such a framework,” the SEBI said.

It is said that the SEBI also asked the MII to restrict access controls in the time of necessary.
As per which no one will have any intrinsic right to access confidential data, applications, system resources or facilities.

The SEBI has asked it to deploy additional controls and security measures to supervise staff with elevated system access entitlements.

According to the news report, the SEBI Chairman UK Sinha said that attackers are attacking in a more sophisticated manner.  

“We are worried over state-sponsored cyber attacks. There are worries that the vulnerability in markets are increasing. We need to create a framework for future plan of action on securities market resilience,” he added.

The exchanges and other the MIIs would also have to submit quarterly reports to the SEBI, containing information on cyber attacks and threats experienced by them and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs, vulnerabilities and threats that may be useful for other the MIIs.

Along with this, the MIIs have to share the useful details among themselves in masked and anonymous manner using a mechanism to be specified by the regulator from time to time, to identify critical assets based on their sensitivity and criticality for business operations, services and data management.

Likewise, it should maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

The SEBI asked market stakeholders to establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment and also to restrict physical access to the critical systems to minimum. 

Selfies to use as a password for doing online payments

You know what? Selfies, which we click mostly for posting on social networking sites, are now being using as a password for doing payments. 

MasterCard, an American multinational financial services corporation headquartered in New York, United States, is trying new facial recognition technology that would let customers verify their identity online by taking a selfie.

Mastercard’ s customers, who still use a system called SecureCode to verify their identity while shopping online, requires them to enter a password at the point of sale.

In an interview with CNN Money MasterCard executive Ajay Bhalla said that they want to identify the people for who they are not what they remember.

"We have too many passwords to remember and this creates extra problems for consumers and businesses. The new generation, this is into selfies….  I think they'll find it cool. They'll embrace it," he added.

According to a news report published on The Telegraph, in order to avoid problems like forgetting passwords, stealing or intercepting, many financial organisations and technology companies are testing biometrics as an alternative form of identification.

Like a British technology firm recently launched the world’s first emoji-only passcode, which allows people to log into their banks using four emoji characters, instead of PINs or passwords.

According to the report, during the trial period, some of the Mastercard's users or customers will be prompted to snap a photograph of their face using the Mastercard app on their smartphone at the online checkout point instead of entering password.

It is said that the app then converts the photo into 1s and 0s using facial recognition technology, and transmits it over the internet to MasterCard, which compares it with a stored code representing the cardholder's face. If the two codes match up, then the purchase will be approved.

Bhalla said that MasterCard will not be able to reconstruct the user's face from the data, and that the information will be transmitted and stored securely.

The company is currently testing the technology with 500 customers, and is planning a broader trial for later this year.

Along with the selfies, the company is experimenting with other forms of identification such as fingerprint scanning and voice recognition.

US Government is moving to HTTPS everywhere

The US government has shown its mandate on backing HTTPS across its Federal websites and web services, as it will make the access safer for anyone using the government sites.

The White House Office of Management and Budget (OMB) issued the HTTPS-Only Standard directive as the unencrypted TTP connections create vulnerability and expose potentially sensitive information about users of unencrypted federal websites and services.

The acronym HTTPS stands for Hypertext Transfer Protocol Secure and it is being used by many commercial organizations to protect visitors to their websites and services which can include data like browser identity, website content, search terms, and other user-submitted information. 

OMB received many comments and suggestions from web browsers, Internet-related organizations and concerned people related to its proposal for the implementation of HTTPS-Only Standard. For the conversion to HTTPS, assistance at https://https.cio.gov is available. And a dashboard has been created to keep a track of the process.

"Per the issuance of this memorandum, all publicly accessible federal websites must meet the HTTPS-Only Standard by 31 December 2016”, said Tony Scott, US Chief information Officer in a White House blog post.

He also added that HTTPS only assures the reliability of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked, or to keep a check from revealing the user information during the normal operation of a web service.

“An HTTPS-Only standard, however, will eliminate inconsistent, subjective decision-making regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide.”, Scott summed up in the White House blog post.

Kaspersky Lab discovers Grabit, small and mid-sized businesses targeted

A cyber-spying campaign “Grabit” has been discovered by the Kaspersky Lab that can steal about 10000 files from small and medium-sized businesses in areas like chemicals, nanotechnology, education, agriculture, media and construction in Thailand, India and the United States.

Ido Noar, Kaspersky Lab's Senior Security Researcher from the Global Research and Analysis team mentioned that a simple Grabit keylogger was found to be sustaining thousands of victim account credentials from hundreds of infected systems on the May 15.

The virus finds its feet when a user receives an email with an attachment that is a Microsoft Office Word (.doc) file. The user clicks to download it and the Grabit is delivered to the machine from a remote server.

Due to the activeness of Grabit, it is important for the users to check the network for ensuring safety in the system.

HawkEye keylogger, a commercial spying tool from Hawk Eye Products and a configuration module containing a number of Remote Administration Tools (RATs) are used by the attackers to control their victims.

Kaspersky lab revealed that 2,887 passwords, 1,053 emails and 3,023 usernames from 4,928 different hosts including Faceook, Twitter, Skype and LinkedIn were stolen by a keylogger in merely one of the command-and-control servers.
To protect against Grabit, Kaspersky Lab has recommend businesses to follow these rules:
·         Check this location C:\Users\<PC-NAME>\AppData\Roaming\Microsoft. If it contains executable files, you might be infected with the malware.
·         The Windows System Configurations should not contain a grabit1.exe in the startup table. Run "msconfig" and ensure that it is clean from grabit1.exe records.
·         Do not open attachments and links from people you don't know. If you can't open it, don't forward it to others - call for the support of an IT administrator.
·         Use an advanced, up-to-date anti-malware solution, and always follow the AV task list for suspicious processes.