Graham Central Station compromised with Empolyees' personal documents

4 Investigates found a pile of records wound up in three giant dumpsters at Graham Central Station  in Albuquerque.The records includes social security number, date of birth and driver’s license number.

According to the tipster, “Driving down the alley, I noticed all the trash cans were full of boxes with what looked like files kind of spilling out the top of them.”

The 4 Investigates team collected the records and  attempted to contact every one of the former employees listed. There’s assurance that if the records had already been compromised or not, but investigative team alerted every one about the possible risk.

The blame game has started. Graham Central Station’s president, based in Texas, Roger Gearhart, refused to answer questions, but sent a statement through his attorney, "Graham Central Station was upset to learn that its landlord... recently discarded dozens of its personnel files into a public dumpster. Ross Plaza One evicted Graham Central Station from its building and offices in November 2014 and changed the locks, which prevented Graham Central Station from accessing its records for a period of months. Although Ross Plaza One assured Graham Central Station that its records would be destroyed, that apparently did not happen."

However, emails from the landlord’s attorney offer a different perspective. The final letter from the landlord to Graham Central Station, which went unanswered, was: “I would like to confirm that Graham is aware that we intend to destroy and dispose of all the boxes…”

Those people who worked at Graham Central Station, need not to worry as  their records are now in safe hands. 

Graham Central Station was famous for having more than one club under one roof, but after eleven years in business, the club was closed down.

SEBI comes up with cyber security policy for stock exchanges, depositories and clearing corporations

Securities and Exchange Board of India (SEBI), which established in 1988 to regulate the securities market in India, asked stock exchanges, depositories and clearing corporations to put in place a system that would prevent systems, networks and databases from cyber attacks and improve its resilience.

According to a report published on LiveMint, the SEBI said these Market Infrastructure Institutions (MIIs) need to have a robust cyber security framework to provide essential facilities and perform systemically critical functions of trading, clearing and settlement in securities market.

“As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, the MII should formulate a comprehensive cyber security and cyber resilience policy document to put in place such a framework,” the SEBI said.

It is said that the SEBI also asked the MII to restrict access controls in the time of necessary.
As per which no one will have any intrinsic right to access confidential data, applications, system resources or facilities.

The SEBI has asked it to deploy additional controls and security measures to supervise staff with elevated system access entitlements.

According to the news report, the SEBI Chairman UK Sinha said that attackers are attacking in a more sophisticated manner.  

“We are worried over state-sponsored cyber attacks. There are worries that the vulnerability in markets are increasing. We need to create a framework for future plan of action on securities market resilience,” he added.

The exchanges and other the MIIs would also have to submit quarterly reports to the SEBI, containing information on cyber attacks and threats experienced by them and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs, vulnerabilities and threats that may be useful for other the MIIs.

Along with this, the MIIs have to share the useful details among themselves in masked and anonymous manner using a mechanism to be specified by the regulator from time to time, to identify critical assets based on their sensitivity and criticality for business operations, services and data management.

Likewise, it should maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

The SEBI asked market stakeholders to establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment and also to restrict physical access to the critical systems to minimum. 

CSPF comes up with modsecurity rules to protect servers from hacker


Cyber Security and Privacy Foundation (CSPF), a non-profit organisation which provides solution to tackle cyber security and privacy issues, has developed a set of rules to protect servers from malicious hackers.


It has come up with modsecurity rules for public, wrote Manish Tanwar and Suriya Prakash of CSPF.

Although, OWASP Core Rule Set (CRS), a project which aims to provide an easily pluggable set of generic attack detection rules that provide a base level of protection for any web application, has been solving several kind of vulnerabilities, it has failed to protect backdoor’s attacks and latest bypasses.

So, CSPF's rules are aimed to protect against the latest bypasses and back doors. It is all set to release the rules for the public.

According to the organization, these can be easily expanded.

Here are the functions of the rules:

-          The rules can block sensitive files and folders from being accessed.
-          The rules can block b374k shell variants along with some other popular shells.
-          The rules also disable directory listing and phpinfo.
-          The rules block SQL Injection.
1.       Normal SQL Injection
2.       Blind and Time Based SQL Injection
3.       All types of SQLI

You can get the rules and procedure to use them from here:
http://securityresearch.cysecurity.org/?p=568

Cisco fixes remote code flaw in its UCS Central software

Cisco System Inc, an American multinational corporation,  has released an advisory to address remote code execution vulnerability in its Unified Computing System (UCS) Central software, a networking giant which integrates processing, networking and storage into one system.


The company said that it could exploit by remote attackers to execute arbitrary commands on affected systems.

“Successful exploitation of the vulnerability may permit unauthenticated access to sensitive information, allow arbitrary command execution on the Cisco UCS Central operating system or impact the availability of the affected device,” Cisco wrote in its advisory on May 6.

“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device," said the advisory. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.”

According to the advisory, the vulnerability was caused by the improper input validation (CVE-2015-0701) which allows an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system with root privileges.

However, the company has failed to validate user input via its web framework, exposing the platform to remote attack in versions 1.2.

The company added that it is not aware of any public exploits as it hasn’t found any evidence to prove it.

The advisory said that the users can fix the vulnerability by updating the software which is provided by Cisco.

The company has urged its users to update to UCS Central software version 1.3. It has assigned the vulnerability its highest severity score of 10.

Earlier, Cisco released security updates for several of its products. Like Cisco Adaptive Security Appliance (ASA), Cisco Small Business SPA300 and SPA500 series IP phones, and IOS software.

Google launches 'Password Alert' to protect its users from phishing attacks


Google on April 29 launched a new extension, ‘Password Alert’, which warns people whenever they type in their Google password on any site that is not a Google sign-in page.

Drew Hintz, security engineer and Justin Kosslyn, Google Ideas, posted on the Google’s Online Security Blog, that the Password Alert, which is now available on the Chrome Web Store, is aimed to prevent phishing attacks. However, it also aims to minimize the over use of Google password.

They wrote that it is designed to alert people while they use their Google password on those sites which are not operated by Google.

According to them, if anyone enters his/her password on a website that’s imitating accounts.google.com and aims to get personal details, he/she will receive a warning. It also provides people time to change their password before it gets misused.

It works by checking the HTML of the page to identify whether it’s a legitimate Google sign-in page or not.

According to Google, the password hacking is known as “phishing” which represents two percent of all Gmail messages.

The new tool is believed to be an additional attempt of security for Google’s users. The Password Alert sits among a number of tools which are aimed to safeguard user accounts. Other methods include two-step authentication and security key.

AT & T fined $25 million over customer data thefts

(photo courtesy- www.bbc.com)

The Federal Communications Commission (FCC) has fined AT & T Inc with $25 million over data breaches at call centers in Mexico, Colombia and The Philippines. The FCC said that at least two employees confessed stealing of private information belonging to thousands of US customers which included their names, full and partial social security numbers and account-related data, known as customer proprietary network information (CPNI).

According to a senior FCC official, the details of about 280,000 people were taken during the data breaches. These series of data thefts took place in 2013 and 2014. The data was used by call center employees to request handset-unlock codes for AT&T phones and shared with third parties involved in trafficking stolen cell phones.

After this incident, AT&T has informed with all the affected customers and it has also terminated its business deal with the companies that operated the call centers where the data was stolen.

The company also quoted that it has changed its policies and strengthened operations to ensure that a similar data breach doesn’t occur.

The investigations began by the FCC in Mexico, last May, after it was given information about data going missing.

The $25 million fine is the highest that the FCC has ever issued for data security and privacy violations.  

Minnesota family discovers breach of their nanny cam stream

An unnamed family living in Rochester, Minnesota discovered that the nanny cam they were using to keep an eye on their baby had been hacked, and the footage was being streamed online to a private channel. The incident was brought to light by KTTC, NBC's local network.

The family said that they kept seeing random things that were happening in their child's room. The parents of the child would be able to hear music coming from the camera, but as soon as they stepped in the room, the sound would stop coming.

After investigasting into the matter, the family found a URL attached with the IP address of the device. Upon following the URL, the family discovered a website displaying feeds from various hacked nanny cams. The hackers are not only able to see the feeds, but they can also physically control the device.

This is not the first time that a vulnerability has been found in Foscam's system. The company has its set of guidelines for implementing security measures and asks users to change the default password.

Fake Kaspersky Antivirus app found on Google Play, Windows Phone Store

While Google Play Store is able to prevent malicious applications from being uploaded to the market,  Google still fails to prevent cyber criminals from uploading fake apps.

Last Month, Android Police discovered a fake Antivirus app on Google Play going by the name of 'Virus Shield' which fooled thousands of users into buying this app.

The story of fake Antivirus apps doesn't stop there.  Today, Experts at Kaspersky have discovered one more fake Antivirus app going by the name of 'Kaspersky Anti-virus 2014' on Google Play.

The fake version of Kaspersky was being sold for $4 that does nothing other than displaying the Kaspersky Logo.

Researchers also discovered that few fake apps were being sold at Windows Phone Store.  Some of them are 'Mozilla Mobile', 'Kaspersky Mobile', 'Avira Antivir' and the 'Virus Shield' apps.

The fake version of Kaspersky antivirus app for Windows phone pretends to be scanning your device but does nothing.


Few weeks back, when i was searching for TrueCaller app for my Windows phone, i also came across a fake paid Version of TrueCaller and other apps.  After i reported to Microsoft, they removed those apps from the store.

Just now, I also found a fake version of COMODO Antivirus for the windows phone which is being sold for $1.49.  This fake app was uploaded by cheedella suresh( The name appears to be South Indian name).


As you can see, the developer has also uploaded few other fake apps in Windows phone store.  These apps have been uploaded in the recent months(April- May).

Emails promising CNN article about HeartBleed vulnerability leads to Spam sites

Cyber Criminals often take advantage of hottest topics and latest events to entice users into visiting spam websites. The HeartBleed bug, which has made headlines over the past few weeks, is no exception.

Now, spammers are sending out emails with subject "HeartBleed Bug warning". The spam campaign was discovered by Security researchers at TrendMicro. 

"I Just want to let you know there is a big security concern now in the internet.  The Internet bug called Heartbleed Bug, was recently discovered by experts.  So if were you, you need to change your internet passwords specially your banking passwords." The spam email reads.

"Check for this report in CNN. Report from CNN[LINK]"

If the link provided in the email led to the actual CNN report, the email may have been considered as cyber security awareness email.  But, the link leads to some malicious webpage.

One good thing what spammers did is notifying users about the HeartBleed vulnerability and suggest recipients to change their password.  If the link provided in the email.

Cyber Defence Course Level 1 in Anna University, Chennai

Most of us from beginners to advanced users use mobile phone/laptops/desktops. We don’t know to secure our machines/phones from hackers, viruses, spies who want to get our information. Here is a short course on securing your computer. mobile phones and laptops from most advanced cyber espionage guys.

Who should learn this:

a. Corporate users – Marketing, sales, CEO, CFO’s who are targeted by corporate espionage

b. Women & Children who want to secure their phones, emails, social media.

c. Lawyers , Doctors who may be targeted to get information on their clientele.

d. Common Man – Anyone who uses computers from young to old for securing their own machines/laptops to protect their loved ones.

e. College Students

Content:

Computer:

  • Security in general.
  • Online security and safe browsing practices.
  • Using live CD for banking.
  • Social Media privacy settings (FB, Twitter, Gmail , 2 factor auth)
  • What can malware do ?
  • Firewall.
  • Check for malware without AV (find undetectable virus).
  • Removing malware manually.
  • Checking USB for malware also disabling autorun.inf type virus.
  • Anti Keylogger.
  • Sandbox.
  • Recover Files.
  • Secure Wipe Files.
  • Encrypt files.
  • Encrypted Email
  • Encrypted Chat

Phone:

Secure Chat, Phone, Messaging on windows, android & others.


Certificate:

Cyber Security & Privacy Foundation will give certificate.

Register here

Venue:
Anna University, Chennai

Canadian Spy agency with help of NSA tracked passengers who used free airport WiFi


Image Credits: Kaspersky
Here is another example why public WiFI networks pose a potential risk to your data.

A report from CBC News based on newly leaked secret document by former U.S. security contractor Edward Snowden reveals that Canadian spy agency was spying on the passengers who used free WiFi service in airports.

The Communications Security Establishment Canada (CSEC) is prohibited from spying on Canadians without a warrant.  However, they have collected metadata about all travelers passing through Airport including Canadians.

The document presented to the CBC shows the captured information from travelers' devices was then helped the spy agency to track them for a week or more as their wireless devices connected to any other Wi-FI hot spots in locations around Canada and event at US airports.

According to CBC, the leaked document suggests that operation was a trial run of a new software developed by CSEC with the help US's National security Agency(NSA).

Two largest Canadian airports - Toronto and Vancouver - and Boingo, a largest independent WiFi services supplier at other airports, have denied the involvement in providing any information of WiFi users.

Hackers reportedly used stolen vendor credentials for hacking Target system


Target Corporation told Wall Street Journal that the massive data breach it suffered last month happened after cyber criminals compromised credentials from a vendor and used them for hacking into the Target system.

The company didn't provide much information.  It didn't say how hackers stole the credentials.  They also didn't specify in which portal hackers logged into.

Cyber security blogger Brian Krebs who brought the Target breach to the light, said in his blog that malware used in the breach had used username 'Best1_user' and password 'BackupU$r' to access the shared drive.  Krebs highlighted the fact that the username is same as the default password used in IT management software developed by BMC Software.

"According to BMC’s documentation, this account is normally restricted, but the attackers may have usurped control to facilitate lateral movement within the network." said in Dell SecureWorks report pointed out by Krebs.

The report also revealed that malware component installed a service called "BladeLogic", appeared to be mimicking the name of another product of BMC.

A Trusted source told Krebs that BMC's software is used by many major retailers.  He believes targets also use it.

Krebs also confirmed that cyber criminals known as Rescator are selling millions of cards stolen in the Target data breach.

Chinese hackers compromised European Ministries' computers before G20 summit


Network Security company FireEye found out Chinese hackers have compromised computers of 5 European foreign Ministries before the last Sep. G20 Summit, reports Reuters.

The cyber attack was achieved by sending spam email containing malicious file entitled "US_military_options_in_Syria". Once the recipient opened the file, it infects the their computer.

The company said they were monitoring the main command and control(C&C) server used by hackers in late August. However, the researchers lost access after the hackers moved to another server before the G20 summit began.

FireEye believes the hackers were preparing the attack to steal data from the compromised computers.

Based on evidences, especially the language used in the hacker's server and computers used for testing the malware, researcher come to conclusion that the attack is from China.

Scientists developed Malware capable of sending data using Mic and Speakers


How a malware can steal the data from an infected system that doesn't have internet connection? You might think it is impossible.  Computer scientists say it is possible.

German Researchers at Fraunhofer Institute for Communication, Information Processing, and Ergonomics, say that a malware can transmit data using inaudible sounds.

It can steal confidential data or keystrokes using nothing more than a normal speakers and Microphones without any internet connection. 


Security researchers often suggest not to connect the system that has sensitive data to Internet so that cyber criminals can't reach them.  But now, It can steal from audio sounds without network connection.  So what now?! Then, Let us remove the audio devices. 

The researchers says it can be prevented by switching off audio I/O devices.  Sometimes, we might need audio devices.  In that case, the inaudible communication can be prevented "by application of a software-defined lowpass filter".

The researchers has described their idea in their paper entitled "On Covert Acoustical Mesh Networks in Air".  You can find the research paper here.

(h/t: Ars Technica)

UW Medicine's Computer infected with Malware, 90k patients data accessed

The University of Washington School of Medicine reports that their computer which had patient stored in it is infected with malware.

The malware made it's way into the infected-system when an employee opened the email attachment that contained malicious software.

After an internal investigation, they found that the patients' data are not targeted. However, the malware managed to access the files containing data of approximately 90k UW Medicine and Harborview Medical Center patients.

The accessed-data includes names, Social Security Numbers,phone number, address, medical record number and few other details, According to their press release.

UW Medicine officials started to notifying patients about the incident. The incident has also been reported to FBI.

It is always good to create cyber security awareness among employees who are taking care of system that has both internet and sensitive data.

Break The Security - Hands on Ethical Hacking and Cyber Security Training for Corporate


Cyber Security & Privacy Foundation is proud to announce the Corporate training in Chennai. The attendees will be trained by four security researchers on various cyber security topics.

The training starts with introduction to information security field and various classes of hackers. It will be hands on training, we will demonstrate the usage of various security tools and will help the attendees to use it.

The course covers various tookits including TamperData, Hackbar, Maltego, FOCA , Live HTTP Headers plugin and more.

We also give training on advanced tools for vulnerability assessment and penetration testing which includes Metasploit, Nmap, Nessus, sqlmap, and more.

Attendees are requested to bring their own laptops installed with isolated network like VMware/Virtual box to gain hands on exposure.

Venue:

Computer Society Of India Head Quarters,
Educational Directorate- Taramani,
Chennai
Chennai, Tamil Nadu

Price:

The Corporate Training tickets would cost Rs. 2000/- per person.

Lunch and Tea/Snacks will be provided at the venue.

Registration Link:

http://www.meraevents.com/event/break-the-security-training–ethical-hacking-hands-on-for-corporate

For more details , visit : http://cwhh.cysecurity.org/?page_id=81

Using Internet ?! Then, Don't expect Privacy , #PRISM is here !



Yes, If you are using Internet, then forget about the Privacy.  Recent report from Guardian is another example that confirms privacy in internet is Illusion.  The whistleblower Edward Snowden has leaked few files that confirms Microsoft collaboration with the U.S authorities.

According to the Guardian report,  Microsoft helped the NSA and FBI to access the unencrypted messages sent over Outlook web chat, Hotmail services and Skype.

Microsoft also helped the authorities to access its cloud storage service SkyDrive. The Skype video & audio calls was also reportedly being collected through PRISM.

"Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;" The report reads.

Secure Gmail Chrome extension to encrypt Gmail Messages

Are You Worrying about Privacy and PRISM? Would you like to boost little security to your confidential mails? Then, here is a small solution for you.  SecureGmail is a Google chrome extension that allows you to encrypt your Gmail messages before sending.

Once you installed the extension, you can see a lock icon near to the Compose button in your Gmail.  Just click the icon to send the Secure Mail. Once you clicked the icon, you will get a normal Gmail "compose" interface with title "Secured"


In Secure mode, the Gmail can't track what you are typing and won't able to save the message in the Draft. 


Click the "Send Encrypted" button, now you will be asked to enter the password- a long & strong password will be good and don't enter any hints.

The best part is that the encryption process will be done in your local machine, Google won't be able to read the plain-text message. 


The recipients will be able to decrypt the message only if they have the passwords that you can message them(but don't send it via Internet )

It is open source project which means that you can review the source code of the extension and help/share your ideas to improve it.
Here you can download it:
https://chrome.google.com/webstore/detail/secure-gmail-by-streak/jngdnjdobadbdemillgljnnbpomnfokn

Conclusion:
* Using the Same password for all messages is not good security measure but using unique and strong passwords will be hard to remember. 

You can use our comment section to share Your Thought about this extension- Do You think it will provide complete protection against privacy problems?

Malware receives instructions from Evernote account


Trend Micro has uncovered a new piece of malicious software that appears to be using the note-taking service Evernote as Command and Control(C&C) Server.

The Trojan , dubbed as VERNOT, can perform several backdoor commands such as downloading , executing and renaming files. It harvests information of affected system .

Here is the interesting part, the malware receives malicious instructions from the Evernote accounts and at the same time, it stores the harvested information in the Evernote accounts.

"Misusing legitimate services like Evernote is the perfect way to hide the bad guys’ tracks and prevent efforts done by the security researchers." Researchers pointed out.

This is not the first time that a popular legitimate service is being abused as C&C server - In the past, Google Docs, Sendspace, Twitter, and other services have been used by Cyber Criminals to send instructions to malware.

IBM Hosted Mobile Device Security Management to Protect Confidential Data


IBM launched Hosted Mobile Device Security Management service to protect confidential data of organization against the risks of using corporate data in mobile.

This service helps protect against mobile device risks like theft, malware, spyware and inappropriate applications across mobile platforms

“The new service from IBM helps organizations protect their enterprise data while allowing employees to have the flexibility needed for today’s work environment," said Marisa Viveros, vice president of IBM Security Services.

A recent Dell Kace survey of 750 IT managers found that 87 percent of companies have employees using some kind of personal device accessing a corporate network
Accessing the corporate data through the mobile help to increase productivity. But accessing corporate data on unsecured mobile devices can leave you vulnerable to potentially disastrous data theft or loss.

You may also be risking noncompliance with regulatory requirements that can result in penalties, legal action and loss of brand reputation. However, setting up an in-house mobile device security infrastructure can involve large IT expenditures and a high level of technical expertise.

Hosted Mobile Device Security Management:

IBM Managed Security Services (Cloud Computing)—hosted mobile device security management is a comprehensive, cloud-based, fully managed solution that helps protect mobile devices used by employees to access corporate data.

It supports virtually all mobile devices across platforms, can help you: address data security issues, reduce capital and operational costs, better manage regulatory compliance and improve employee productivity.

This service is supported by skilled technical professionals with experience and expertise in implementing and managing mobile device security solutions.

The Security Service provides :

  • Protection against and monitor data loss and other risks caused by device theft
  • Protection against unauthorized access
  • Protection against malware, spyware and malicious applications
  • Secure data if the phone or tablet is lost or stolen
  • Track the missing device.

IBM is working with Juniper Networks to provide the protection and device management technology through the Junos Pulse Mobile Security Suite. The service will provide a self-cleaning feature that protects devices from dangerous applications by deleting them from the server.