Selfies to use as a password for doing online payments


You know what? Selfies, which we click mostly for posting on social networking sites, are now being using as a password for doing payments. 

MasterCard, an American multinational financial services corporation headquartered in New York, United States, is trying new facial recognition technology that would let customers verify their identity online by taking a selfie.

Mastercard’ s customers, who still use a system called SecureCode to verify their identity while shopping online, requires them to enter a password at the point of sale.

In an interview with CNN Money MasterCard executive Ajay Bhalla said that they want to identify the people for who they are not what they remember.

"We have too many passwords to remember and this creates extra problems for consumers and businesses. The new generation, this is into selfies….  I think they'll find it cool. They'll embrace it," he added.

According to a news report published on The Telegraph, in order to avoid problems like forgetting passwords, stealing or intercepting, many financial organisations and technology companies are testing biometrics as an alternative form of identification.

Like a British technology firm recently launched the world’s first emoji-only passcode, which allows people to log into their banks using four emoji characters, instead of PINs or passwords.

According to the report, during the trial period, some of the Mastercard's users or customers will be prompted to snap a photograph of their face using the Mastercard app on their smartphone at the online checkout point instead of entering password.

It is said that the app then converts the photo into 1s and 0s using facial recognition technology, and transmits it over the internet to MasterCard, which compares it with a stored code representing the cardholder's face. If the two codes match up, then the purchase will be approved.

Bhalla said that MasterCard will not be able to reconstruct the user's face from the data, and that the information will be transmitted and stored securely.

The company is currently testing the technology with 500 customers, and is planning a broader trial for later this year.

Along with the selfies, the company is experimenting with other forms of identification such as fingerprint scanning and voice recognition.

US Government is moving to HTTPS everywhere

The US government has shown its mandate on backing HTTPS across its Federal websites and web services, as it will make the access safer for anyone using the government sites.

The White House Office of Management and Budget (OMB) issued the HTTPS-Only Standard directive as the unencrypted TTP connections create vulnerability and expose potentially sensitive information about users of unencrypted federal websites and services.

The acronym HTTPS stands for Hypertext Transfer Protocol Secure and it is being used by many commercial organizations to protect visitors to their websites and services which can include data like browser identity, website content, search terms, and other user-submitted information. 

OMB received many comments and suggestions from web browsers, Internet-related organizations and concerned people related to its proposal for the implementation of HTTPS-Only Standard. For the conversion to HTTPS, assistance at https://https.cio.gov is available. And a dashboard has been created to keep a track of the process.

"Per the issuance of this memorandum, all publicly accessible federal websites must meet the HTTPS-Only Standard by 31 December 2016”, said Tony Scott, US Chief information Officer in a White House blog post.

He also added that HTTPS only assures the reliability of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked, or to keep a check from revealing the user information during the normal operation of a web service.

“An HTTPS-Only standard, however, will eliminate inconsistent, subjective decision-making regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide.”, Scott summed up in the White House blog post.

Kaspersky Lab discovers Grabit, small and mid-sized businesses targeted

A cyber-spying campaign “Grabit” has been discovered by the Kaspersky Lab that can steal about 10000 files from small and medium-sized businesses in areas like chemicals, nanotechnology, education, agriculture, media and construction in Thailand, India and the United States.


Ido Noar, Kaspersky Lab's Senior Security Researcher from the Global Research and Analysis team mentioned that a simple Grabit keylogger was found to be sustaining thousands of victim account credentials from hundreds of infected systems on the May 15.

The virus finds its feet when a user receives an email with an attachment that is a Microsoft Office Word (.doc) file. The user clicks to download it and the Grabit is delivered to the machine from a remote server.

Due to the activeness of Grabit, it is important for the users to check the network for ensuring safety in the system.

HawkEye keylogger, a commercial spying tool from Hawk Eye Products and a configuration module containing a number of Remote Administration Tools (RATs) are used by the attackers to control their victims.


Kaspersky lab revealed that 2,887 passwords, 1,053 emails and 3,023 usernames from 4,928 different hosts including Faceook, Twitter, Skype and LinkedIn were stolen by a keylogger in merely one of the command-and-control servers.
To protect against Grabit, Kaspersky Lab has recommend businesses to follow these rules:
·         Check this location C:\Users\<PC-NAME>\AppData\Roaming\Microsoft. If it contains executable files, you might be infected with the malware.
·         The Windows System Configurations should not contain a grabit1.exe in the startup table. Run "msconfig" and ensure that it is clean from grabit1.exe records.
·         Do not open attachments and links from people you don't know. If you can't open it, don't forward it to others - call for the support of an IT administrator.
·         Use an advanced, up-to-date anti-malware solution, and always follow the AV task list for suspicious processes.

North Korean hackers, now have power to kill

Prof Kim Heung-Kwang, a defector from North Korea who escaped from the country in 2004, has revealed that North Korean hackers have enough control over infrastructure that they could theoretically even kill people.

The Professor revealed this piece of information to BBC and said that North Korea approximately had around 6,000 trained military grade hackers. He has urged international organizations to step in and defuse the threat North Korea's hackers are becoming.

Before defecting from North Korea, Prof Kim taught at the Hamheung Computer Technology University for 20 years in the field of computer science.

Bureau 121, North Korea's hacking unit, has been widely accused of being responsible for recent hacks like the Sony Pictures one that occurred last year.

Many of the attacks of North Korea seem to be focused on their immediate neighbor, South Korea.

Megaupload domains serve malware and scam ads to website visitors


Three years ago, the US government had seized several Megaupload domains that are now directing visitors to malware scams and ads.The domains namely Megaupload[dot]com and Megavideo[dot]com are being exploited by cybercriminals to supply malware and carry out scams.

Seized back in January 2012, the trial and hearing have been delayed since the New Zealand police raided the mansion of Kim Dotcom in Auckland and closed the online file locker storage website. US officials still hope that New Zealand will hand over him and his colleagues.

The domains redirect people to a Zero-Click advertising feed which feeds malicious links to malware installers and other malicious ads.

Many of these redirects try to trap the visitors with the chance of winning iPhones for cheap. One of the malicious ads serves as the link to a false BBC article, offering the iPhone 6 for only £1.

It is said that the reason behind the exploitation of the domains is the failure of the FBI cybercrime unit in controlling the main nameserver, which was previously registered to the Cyber Initiative and Resource Fusion Unit (CIRFU).


CIRFU.biz, the domain name for Megaupload.com, points to a server in The Netherlands hosted by LeaseWeb; and the domain CIRFU.net lists Syndk Media Limited as the registrant.

It seems that Megaupload and Megavideo are serving malicious ads run by the third party as the domain used as a nameserver by the Department of Justice has either expired or taken over via other means, and is no longer a part of the Government.

“With U.S. Assistant Attorney Jay Prabhu the DOJ in Virginia employs a guy who doesn’t know the difference between civil & criminal law. And after this recent abuse of our seized Mega domains I wonder how this guy was appointed Chief of the Cybercrime Unit when he can’t even do the basics like safeguard the domains he has seized,” Megaupload founder Kim Dotcom commented.

“Jay Prabhu keeps embarrassing the U.S. government. I would send him back to law school and give him a crash course in ‘how the Internet works’,” Dotcom adds.

Apart from these domains, various poker sites seized previously, naming absolutepoker.com and ultimatebet.com also are linked to malicious content now.

Will Cyber Security Companies shift their Headquarters out of US?


Until now nuclear, radiological, chemical and biological weapons considered to be a Weapon of Mass Destruction(WMD).

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution.

The tools used for extraction of data or information, from a computer or network-capable device, or the modification of system or user data, will come under this law and is being classified as Intrusion software. Also, the tools designed to avoid detection by 'monitoring tools'( Antivirus, IDS/IPS,End point security products) will be considered as a weapon.

Any penetration testing products designed to identify security Vulnerabilities of computers and network-capable devices fall under this category.

"The proposal is not beneficial. Most vulnerability scanners and penetration testing products come under it. The proposal means tools from US companies which have been used to do assessments and audits in corporate will need to go through the clearance. It could also lead to corporate getting tracked" says J.Prasanna, founder of Cyber Security and Privacy Foundation(CSPF).

Most of these Cyber Security firms either should convince their world wide clients to go through the process or shift their head quarter out of USA.

Prasanna pointed out that US government tried to stop the export of cryptography in the past. But, Russian, European and Israeli companies got advantage by the cryptography restriction.

He said that the new proposal is a bad news for the cyber security researchers. If it becomes a law, it will force them to find a new way to beat the Cyber Criminals.

"Hackers are already may steps ahead of us. Some tools like canvas and Metasploit Pro are important tool for penetration testing" said Prasanna.

Thomas Dullien, Google Researcher, said "addition of exploits to the Wassenaar arrangement is an egregious mistake for anyone that cares about a more secure and less surveilled Internet" in his personal blog.


Rapid7, a Boston-based cybersecurity firm, well known for its Metasploit Pentesting framework, said that they are investigating implications of Wassenaar for Metasploit and security research, and working on comments for the consultation.

According to the proposal, the governments of Australia, Canada, New Zealand or the UK will get favorable treatment for license applications, as they have partnered with the US on Cyber Security Policy and issues.

The BIS is seeking comments before 20th July 2015 on the proposed rule. You can submit the comments here.

‘India should learn from Russia and China agreement’ says security expert

India should learn from the recent cyber-security agreement between Russia and China where both of the countries have agreed to not launch cyber-security attack against each other said an Indian cyber-security expert on Thursday.

J. Prasanna, cyber-security expert and one of the founders of Cyber Security and Privacy Foundation (CSPF), an organization which solves the cyber security problems, said that India should join such initiatives as it provides a chance to share information among law enforcements of different countries.  

“The agreement is good for China and Russia,” he said.

“However, such agreements are only possible when both of the sides (countries) have equal capabilities,” said Prasanna. “Similarly, they should have advanced cyber capabilities.”

According to the agreement, which was signed on May 8 and provided by The Wall Street Journal, Russia and China agreed to share information between law enforcement agencies, share technologies and ensure security of information infrastructure.

Similarly, these countries have agreed to not “destabilize the internal political and socio-economic atmosphere," or "interfere with the internal affairs of the state".

The agreement is said to be the result of the revelations about US and Western nation hacking and surveillance operations by former US National Security Agency contractor, Edward Snowden. After the revelations, Russian lawmakers had demanded for tighter control over the Internet.

It is also believed that the agreement shows that Beijing and Moscow support changes to global Internet governance that would reduce the traditional role of the U.S.

Last year, Russian Communication Minister Nikolai Nikiforov said Russia was preparing an action plan as a backup plan in case the segment of the Internet was shut down from outside.

“For Russia the agreement with China to cooperate on cyber security is an important step in terms of pivoting to the East,” Oleg Demidov, a cyber-security consultant at the PIR Center, an independent think tank focusing on international security, told to The Wall Street Journal. “The level of cooperation between Russian and China will set a precedent for two global cyber security powers,” Mr. Demidov said.

Couple has important message for other parents

Recently, a couple in Washington gave out an important message to other parents, after they had discovered their baby monitor had been hacked.

A couple in Minnesota, whose baby monitor had also been hacked earlier, had also been in the the news before.

“ We don’t know if they could hear but we know that they were watching, for sure,” said a parent.

The couple had been using the monitor for keeping an eye on their three-year old, who complained that somebody had been talking to him over the monitor at night.

Upon investigation they found out that their baby monitor had been hacked and was being controlled by hackers.

“It got me worried that they’ve seen things maybe they shouldn’t see that are private, our privacy’s been hacked,” said the parent.

GTA V users accounts have not been hacked but change passwords to ensure safety


In a response to a number of reports from Grand Theft Auto V (GTA V) users who said their Social Club accounts have been hacked and even modified, Rockstar Games Social Club (RGSC), a hub for GTA V and other games, has confirmed that the accounts have not been hacked.

However, the user can change his/her password in order to prevent his/her account from hacking in the future.

After receiving numbers of complaints about hacking, which did not allow the users to log in to their accounts and they cannot play games, via twitter the authority concerned sent a statement to Kotaku Australia.

According to the statement, their accounts have not been hacked. It seems that some unknown users or website tried to access another’s user accounts using email and password combinations. However, the company is in the process of repairing the affected account in to the original. It also suggested the users not to share their Social Club account username and password to other multiple websites. They should keep different passwords and usernames for their different accounts.

“We are responding to customers, whose accounts got affected, to reinstate full user access within 24 hours of contacting Customer Support. Please keep looking at the Rockstar Support website for more information and updates,” mentioned in the statement.

Earlier, it was said that more than 2500 GTA V users account have been hacked. People were facing problem in drivers, download speeds from Steam, FPS hiccups while playing games.

Similarly, many users complained as the RGSC took a lot of time to take any initiative.

A GTA V user wrote on the Rockstar Support page, “I purchased the game before it got released and got my pre-order bonus. Everything was great until Wednesday night, when I received an email saying that my email address and password on social account has been changed.”

He added that he immediately emailed Rockstar Support. When he did not get any reply, he called the support team.  They gave him a ticket number 3579087 and said it was escalated. Since then, he hasn’t received any information on how long will it take to get back his account.

Flaw in Sync photos feature on Facebook mobile app


A new flaw has been detected by a hacker in Facebook, which allows any malicious application to view your synced mobile photos.

Sync photos feature allow users to sync their mobile photos with their Facebook account, and it remains private until you publish it. But by default this feature is turned on  in many mobile phones.

Laxman Muthiyah, found that "vaultimages" endpoint of Facebook Graph API is handling these synced photos, and this endpoint is vulnerable.

Facebook app would  retrieve the synced photos using a top level access token making  an HTTP GET request to a specific URL enabling a malicious app to read all your private photos in seconds.

Laxman Muthiyah, reported this flaw to Facebook Security Team, they pushed a fix in less than 30 minutes, and rewarded him $10,000 USD as a part of their bug bounty program.

PHP has fixed several vulnerabilities allowing remote code execution


The PHP development team has released new versions in order to fix three security vulnerabilities -one of them is said to be a critical one and leads to remote code execution.

The vulnerability identified as "CVE-2014-3669" can cause an integer overflow when parsing specially crafted serialized data with the unserialize ().The vulnerability is only a 32-bit system, but the danger is caused by the breach and that the serialized data often come from user-controlled channels.

In addition, the updates have been corrected errors associated with the introduction of a null byte in the library cURL, calling the damage dynamic memory during processing of the modified data as a function of exif_thumbnail () in image processing (CVE-2014-3670), as well as buffer overflow in the function mkgmtime () from the module XMLRPC (CVE-2014-3668).

These vulnerabilities were discovered by the Research lab of IT security company High-Tech Bridge.

The new versions 5.6.2,5.5.18 and 5.4.34 address these three vulnerabilities.

Pakistan targets Indian Officials with FinFisher malware

WikiLeaks last month released a set of documents and copies of 'weaponized malware' developed by FinFisher company which is said to be used by Governments around the world to spy on journalists, political dissidents and others.

Cyber Security & Privacy Foundation(CSPF) has recently published a report providing few details that might be shed an “Indian Perspective” to leaked information.

CSPF noted that a screenshot containing targets list of a Pakistani customer has 16 Indian IP addresses and only 2 Pakistani IP Addresses, suggesting that limited “domestic” use.

"One of the Exe’s leaked by Wikileaks 'finfisher.2.zip' MD5:074919f13d07cd6ce92bb0738971afc7 when opened shows the image of 'khushab nuclear reactor ' in Pakistan." The report reads.

"This might have been used to target Indian Officers as they might be tempted to click on it and view the image".

You can find the full report here:
http://securityresearch.cysecurity.org/wp-content/uploads/2014/09/An-Indian-perspective_finspy.pdf

Antivirus Test conducted by Cyber Security & Privacy Foundation

Cyber Security & Privacy Foundation(CSPF) has got members who have more than 30 man years of experience in Antivirus industry. Recently, due to popular demands from its members, CSPF decided to test good antivirus products. 

CSPF chose Avast antivirus and ESET NOD32 for testing from the various antivirus product available. 

Among all the products, CSPF chose ESET NOD32 best suited for Indian environment. ESET NOD32 has also shown consistency in various international testing for last few years.

To access the test report, you can follow the link :
http://securityresearch.cysecurity.org/?p=493

New Android malware 'Samsapo' spreads via Text Messages

If you get a SMS from your friend asking "is this your photo?" with a link, will you open the link or not? We want a honest answer.  Most of the people will do click the link.

If you do so, your device might get infected by a new type of Android worm!

Malware analyst from security firm ESET have discovered an interesting piece of malware, called "Android/Samsapo.A" that spreads via Text messages.

So far, the malware appears to be targeting Russian users.  Once your device is infected with this worm, it will attempt to send SMS with a malware-link to your contact list in an attempt to infect your friends.

Cyber Criminals use the old social engineering trick to lure users into install the malware.  It sends a message that says "is this your photo" in Russian language(Это твои фото?) with a link to Android application package(APK).

The malware is capable of downloading additional malicious files.  It is also capable of stealing phone numbers, text messages, personal data, device info from the infected device.  It doesn't stop with spying, it also register the victim's number to premium-rate services.  So, the victims will lose money. 

BJP website blocked for Pakistan over repeated hacking attacks

The repeated hacking attacks against Bharatiya Janata Party(BJP) websites have forced the authorities to block the access to its official website in Pakistan.

"The owner of this website (bjp.org) has banned your IP address on the country or region you are accessing it from." This is error which is currently being displayed whenever someone tries to access the bjp.org from Pakistan.

At the time of writing, even the BJP's PM candidate Narendra Modi's website(narendramodi.in) has also been blocked for Pakistan and showing some error message.

This move comes after Pakistan hackers targeted BJP related website and defaced BJP's Leader LK Advani's website and Bihar BJP websites in last two days.

The website can be still accessed by users from Pakistan by using proxies to mask their IP addresses.  If the website is secure against all attacks, then there will be need for such wide range of IP blocks except in cases of DDOS attacks. Even then, only individual IPs usually need to be blocked.

Arvind Gupta, BJP IT Cell Heaad, told NewsWeek that the site had been blocked in Pakistan "automatically" as a security measure and they had request CERT-India to unblock the sites.

31 Security bugs fixed in Google Chrome 34

Google has announced the stable release of Chrome 34, an update brining number of fixes, functionality improvements and security updates.

In total, 31 security vulnerabilities have been patched in this latest version 34.0.1847.116 which includes medium to high severity bugs.

The list of high severity bugs are UXSS in V8, OOB access in V8, Integer overflow in compositor, Use-after-free in web workers, Use-after-free in DOM, Memory corruption in V8, Use-after-free in rendering, Url confusion with RTL characters and Use-after-free in speech.

The medium severity bugs include Use-after-free in speech, OOB read with window property and Use-after-free in forms.

A total of $29,500 has been awarded to researchers who reported the above security vulnerabilities.

Indian Election Commission-Google tie up may impact National Security


Thanks to Our Indian Election Commission for tie up with the "US Based" Internet Giant Google, Now NSA can easily get the info of every Indian citizen.

According to Times of India, Google and Election Commission have entered into an agreement under which Google will help EC to manage online registration of new voters and facilitation services ahead of the 2014 elections.

The registered voters can check the address at which they are registered and get directions to the nearest polling station.

Cyber Security experts says the EC'S move will impact national security and democracy itself.

"It is shocking that in a country like India which is called world's software superpower, Election Commission, instead of an Indian company, has chosen a foreign company like Google, which has colluded with American intelligence agencies like NSA (National Security Agency) for global cyberspying, to provide electoral registration and facilitation services by providing them the whole database of registered voters in India," TOI quoted the Indian Infosec Consortium as saying.

The group said it will pose a potential risk to India, as the data could possibly misused by Google and US agencies for cyber espionage.

Rajsekhar Murthy, another member of the consortium, said the poll panel should have spoken to Indian companies such as Infosys or TCS before jumping into such a decision. "Cost wise it is not much," he said.

WoW players targeted with Fake version of Curse Client containing malware


Blizzard yesterday warned World of Warcraft(Wow) players regarding a new malware disguised as Curse client that attempts to hijack victim's accounts.

The fake version of the Curse Client is served in a fake version of Curse Client website.  The fake website is appeared in the search results when users search for the Curse client in major search engines.

If you believe you are one of the victim or want to make sure yourself, you can download the updated MalwareBytes software.  It is currently detecting and removing the malware in question.

If you are good at technical, you can also follow a manual removal method posted by one of the user in their support forum. 

There are 20 out of 48 antivirus detect the malware in virus total.  However, some of the major antivirus failed to detect the malware.

Users are always advised to download the softwares from official website or trustworthy third-party websites such as softpedia, cnet.

Exclusive: Most of the Malware Exploit kits running in Vulnerable nginx server


Bad guys always attempt to exploit the vulnerabilities in victim's system and infect their system with a malware.  It's our turn, Let us hack them back and break into their box.

Malware Must Die(MMD) Team has discovered that most of the malware exploit kit servers, malware page redirection server and malicious proxy servers are using vulnerable version of nginx server.

The team has released poc codes "that was coded & released in Full Disclosure by KingCope" that will be helpful to break into the malicious server and gain access to them by exploiting the known vulnerabilities.

It can be found here: http://pastebin.com/eX69Db7B

The vulnerability allows the security researchers to take control of the server and obtain the infection source codes.  In some cases, it also helps to track the cyber criminals.

Hackers penetrated into website of anti-abortion group "Youth Defence"


Defaced page
An unknown hacker has penetrated into the website belong to the Irish Anti-abortion organization "Youth Defence".

Hacker has managed to replace the homepage with an article titled "This is not the hate-filled truth-distorting website you’re looking for".

""Youth Defence is not what you think it is.  Youth Defence is an extremist group who actively hide their links to shady right-wing connections and where their funding comes from.  Let's blow the lid." The defacement message reads.

The Hacker also managed to post a link that contains more than 5600 email addresses which is said to be the email IDs of Organization's newsletter subscribers.  No individual or group has claimed responsibility for the security breach.

Following the security breach, Youth Defence has made a complaint to the Garda Síochána, as reported by IrishTimes.