Fake Kaspersky Antivirus app found on Google Play, Windows Phone Store

While Google Play Store is able to prevent malicious applications from being uploaded to the market,  Google still fails to prevent cyber criminals from uploading fake apps.

Last Month, Android Police discovered a fake Antivirus app on Google Play going by the name of 'Virus Shield' which fooled thousands of users into buying this app.

The story of fake Antivirus apps doesn't stop there.  Today, Experts at Kaspersky have discovered one more fake Antivirus app going by the name of 'Kaspersky Anti-virus 2014' on Google Play.

The fake version of Kaspersky was being sold for $4 that does nothing other than displaying the Kaspersky Logo.

Researchers also discovered that few fake apps were being sold at Windows Phone Store.  Some of them are 'Mozilla Mobile', 'Kaspersky Mobile', 'Avira Antivir' and the 'Virus Shield' apps.

The fake version of Kaspersky antivirus app for Windows phone pretends to be scanning your device but does nothing.


Few weeks back, when i was searching for TrueCaller app for my Windows phone, i also came across a fake paid Version of TrueCaller and other apps.  After i reported to Microsoft, they removed those apps from the store.

Just now, I also found a fake version of COMODO Antivirus for the windows phone which is being sold for $1.49.  This fake app was uploaded by cheedella suresh( The name appears to be South Indian name).


As you can see, the developer has also uploaded few other fake apps in Windows phone store.  These apps have been uploaded in the recent months(April- May).

Emails promising CNN article about HeartBleed vulnerability leads to Spam sites

Cyber Criminals often take advantage of hottest topics and latest events to entice users into visiting spam websites. The HeartBleed bug, which has made headlines over the past few weeks, is no exception.

Now, spammers are sending out emails with subject "HeartBleed Bug warning". The spam campaign was discovered by Security researchers at TrendMicro. 

"I Just want to let you know there is a big security concern now in the internet.  The Internet bug called Heartbleed Bug, was recently discovered by experts.  So if were you, you need to change your internet passwords specially your banking passwords." The spam email reads.

"Check for this report in CNN. Report from CNN[LINK]"

If the link provided in the email led to the actual CNN report, the email may have been considered as cyber security awareness email.  But, the link leads to some malicious webpage.

One good thing what spammers did is notifying users about the HeartBleed vulnerability and suggest recipients to change their password.  If the link provided in the email.

Cyber Defence Course Level 1 in Anna University, Chennai

Most of us from beginners to advanced users use mobile phone/laptops/desktops. We don’t know to secure our machines/phones from hackers, viruses, spies who want to get our information. Here is a short course on securing your computer. mobile phones and laptops from most advanced cyber espionage guys.

Who should learn this:

a. Corporate users – Marketing, sales, CEO, CFO’s who are targeted by corporate espionage

b. Women & Children who want to secure their phones, emails, social media.

c. Lawyers , Doctors who may be targeted to get information on their clientele.

d. Common Man – Anyone who uses computers from young to old for securing their own machines/laptops to protect their loved ones.

e. College Students

Content:

Computer:

  • Security in general.
  • Online security and safe browsing practices.
  • Using live CD for banking.
  • Social Media privacy settings (FB, Twitter, Gmail , 2 factor auth)
  • What can malware do ?
  • Firewall.
  • Check for malware without AV (find undetectable virus).
  • Removing malware manually.
  • Checking USB for malware also disabling autorun.inf type virus.
  • Anti Keylogger.
  • Sandbox.
  • Recover Files.
  • Secure Wipe Files.
  • Encrypt files.
  • Encrypted Email
  • Encrypted Chat

Phone:

Secure Chat, Phone, Messaging on windows, android & others.


Certificate:

Cyber Security & Privacy Foundation will give certificate.

Register here

Venue:
Anna University, Chennai

Canadian Spy agency with help of NSA tracked passengers who used free airport WiFi


Image Credits: Kaspersky
Here is another example why public WiFI networks pose a potential risk to your data.

A report from CBC News based on newly leaked secret document by former U.S. security contractor Edward Snowden reveals that Canadian spy agency was spying on the passengers who used free WiFi service in airports.

The Communications Security Establishment Canada (CSEC) is prohibited from spying on Canadians without a warrant.  However, they have collected metadata about all travelers passing through Airport including Canadians.

The document presented to the CBC shows the captured information from travelers' devices was then helped the spy agency to track them for a week or more as their wireless devices connected to any other Wi-FI hot spots in locations around Canada and event at US airports.

According to CBC, the leaked document suggests that operation was a trial run of a new software developed by CSEC with the help US's National security Agency(NSA).

Two largest Canadian airports - Toronto and Vancouver - and Boingo, a largest independent WiFi services supplier at other airports, have denied the involvement in providing any information of WiFi users.

Hackers reportedly used stolen vendor credentials for hacking Target system


Target Corporation told Wall Street Journal that the massive data breach it suffered last month happened after cyber criminals compromised credentials from a vendor and used them for hacking into the Target system.

The company didn't provide much information.  It didn't say how hackers stole the credentials.  They also didn't specify in which portal hackers logged into.

Cyber security blogger Brian Krebs who brought the Target breach to the light, said in his blog that malware used in the breach had used username 'Best1_user' and password 'BackupU$r' to access the shared drive.  Krebs highlighted the fact that the username is same as the default password used in IT management software developed by BMC Software.

"According to BMC’s documentation, this account is normally restricted, but the attackers may have usurped control to facilitate lateral movement within the network." said in Dell SecureWorks report pointed out by Krebs.

The report also revealed that malware component installed a service called "BladeLogic", appeared to be mimicking the name of another product of BMC.

A Trusted source told Krebs that BMC's software is used by many major retailers.  He believes targets also use it.

Krebs also confirmed that cyber criminals known as Rescator are selling millions of cards stolen in the Target data breach.

Chinese hackers compromised European Ministries' computers before G20 summit


Network Security company FireEye found out Chinese hackers have compromised computers of 5 European foreign Ministries before the last Sep. G20 Summit, reports Reuters.

The cyber attack was achieved by sending spam email containing malicious file entitled "US_military_options_in_Syria". Once the recipient opened the file, it infects the their computer.

The company said they were monitoring the main command and control(C&C) server used by hackers in late August. However, the researchers lost access after the hackers moved to another server before the G20 summit began.

FireEye believes the hackers were preparing the attack to steal data from the compromised computers.

Based on evidences, especially the language used in the hacker's server and computers used for testing the malware, researcher come to conclusion that the attack is from China.

Scientists developed Malware capable of sending data using Mic and Speakers


How a malware can steal the data from an infected system that doesn't have internet connection? You might think it is impossible.  Computer scientists say it is possible.

German Researchers at Fraunhofer Institute for Communication, Information Processing, and Ergonomics, say that a malware can transmit data using inaudible sounds.

It can steal confidential data or keystrokes using nothing more than a normal speakers and Microphones without any internet connection. 


Security researchers often suggest not to connect the system that has sensitive data to Internet so that cyber criminals can't reach them.  But now, It can steal from audio sounds without network connection.  So what now?! Then, Let us remove the audio devices. 

The researchers says it can be prevented by switching off audio I/O devices.  Sometimes, we might need audio devices.  In that case, the inaudible communication can be prevented "by application of a software-defined lowpass filter".

The researchers has described their idea in their paper entitled "On Covert Acoustical Mesh Networks in Air".  You can find the research paper here.

(h/t: Ars Technica)

UW Medicine's Computer infected with Malware, 90k patients data accessed

The University of Washington School of Medicine reports that their computer which had patient stored in it is infected with malware.

The malware made it's way into the infected-system when an employee opened the email attachment that contained malicious software.

After an internal investigation, they found that the patients' data are not targeted. However, the malware managed to access the files containing data of approximately 90k UW Medicine and Harborview Medical Center patients.

The accessed-data includes names, Social Security Numbers,phone number, address, medical record number and few other details, According to their press release.

UW Medicine officials started to notifying patients about the incident. The incident has also been reported to FBI.

It is always good to create cyber security awareness among employees who are taking care of system that has both internet and sensitive data.

Break The Security - Hands on Ethical Hacking and Cyber Security Training for Corporate


Cyber Security & Privacy Foundation is proud to announce the Corporate training in Chennai. The attendees will be trained by four security researchers on various cyber security topics.

The training starts with introduction to information security field and various classes of hackers. It will be hands on training, we will demonstrate the usage of various security tools and will help the attendees to use it.

The course covers various tookits including TamperData, Hackbar, Maltego, FOCA , Live HTTP Headers plugin and more.

We also give training on advanced tools for vulnerability assessment and penetration testing which includes Metasploit, Nmap, Nessus, sqlmap, and more.

Attendees are requested to bring their own laptops installed with isolated network like VMware/Virtual box to gain hands on exposure.

Venue:

Computer Society Of India Head Quarters,
Educational Directorate- Taramani,
Chennai
Chennai, Tamil Nadu

Price:

The Corporate Training tickets would cost Rs. 2000/- per person.

Lunch and Tea/Snacks will be provided at the venue.

Registration Link:

http://www.meraevents.com/event/break-the-security-training–ethical-hacking-hands-on-for-corporate

For more details , visit : http://cwhh.cysecurity.org/?page_id=81

Using Internet ?! Then, Don't expect Privacy , #PRISM is here !



Yes, If you are using Internet, then forget about the Privacy.  Recent report from Guardian is another example that confirms privacy in internet is Illusion.  The whistleblower Edward Snowden has leaked few files that confirms Microsoft collaboration with the U.S authorities.

According to the Guardian report,  Microsoft helped the NSA and FBI to access the unencrypted messages sent over Outlook web chat, Hotmail services and Skype.

Microsoft also helped the authorities to access its cloud storage service SkyDrive. The Skype video & audio calls was also reportedly being collected through PRISM.

"Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;" The report reads.

Secure Gmail Chrome extension to encrypt Gmail Messages

Are You Worrying about Privacy and PRISM? Would you like to boost little security to your confidential mails? Then, here is a small solution for you.  SecureGmail is a Google chrome extension that allows you to encrypt your Gmail messages before sending.

Once you installed the extension, you can see a lock icon near to the Compose button in your Gmail.  Just click the icon to send the Secure Mail. Once you clicked the icon, you will get a normal Gmail "compose" interface with title "Secured"


In Secure mode, the Gmail can't track what you are typing and won't able to save the message in the Draft. 


Click the "Send Encrypted" button, now you will be asked to enter the password- a long & strong password will be good and don't enter any hints.

The best part is that the encryption process will be done in your local machine, Google won't be able to read the plain-text message. 


The recipients will be able to decrypt the message only if they have the passwords that you can message them(but don't send it via Internet )

It is open source project which means that you can review the source code of the extension and help/share your ideas to improve it.
Here you can download it:
https://chrome.google.com/webstore/detail/secure-gmail-by-streak/jngdnjdobadbdemillgljnnbpomnfokn

Conclusion:
* Using the Same password for all messages is not good security measure but using unique and strong passwords will be hard to remember. 

You can use our comment section to share Your Thought about this extension- Do You think it will provide complete protection against privacy problems?

Malware receives instructions from Evernote account


Trend Micro has uncovered a new piece of malicious software that appears to be using the note-taking service Evernote as Command and Control(C&C) Server.

The Trojan , dubbed as VERNOT, can perform several backdoor commands such as downloading , executing and renaming files. It harvests information of affected system .

Here is the interesting part, the malware receives malicious instructions from the Evernote accounts and at the same time, it stores the harvested information in the Evernote accounts.

"Misusing legitimate services like Evernote is the perfect way to hide the bad guys’ tracks and prevent efforts done by the security researchers." Researchers pointed out.

This is not the first time that a popular legitimate service is being abused as C&C server - In the past, Google Docs, Sendspace, Twitter, and other services have been used by Cyber Criminals to send instructions to malware.

IBM Hosted Mobile Device Security Management to Protect Confidential Data


IBM launched Hosted Mobile Device Security Management service to protect confidential data of organization against the risks of using corporate data in mobile.

This service helps protect against mobile device risks like theft, malware, spyware and inappropriate applications across mobile platforms

“The new service from IBM helps organizations protect their enterprise data while allowing employees to have the flexibility needed for today’s work environment," said Marisa Viveros, vice president of IBM Security Services.

A recent Dell Kace survey of 750 IT managers found that 87 percent of companies have employees using some kind of personal device accessing a corporate network
Accessing the corporate data through the mobile help to increase productivity. But accessing corporate data on unsecured mobile devices can leave you vulnerable to potentially disastrous data theft or loss.

You may also be risking noncompliance with regulatory requirements that can result in penalties, legal action and loss of brand reputation. However, setting up an in-house mobile device security infrastructure can involve large IT expenditures and a high level of technical expertise.

Hosted Mobile Device Security Management:

IBM Managed Security Services (Cloud Computing)—hosted mobile device security management is a comprehensive, cloud-based, fully managed solution that helps protect mobile devices used by employees to access corporate data.

It supports virtually all mobile devices across platforms, can help you: address data security issues, reduce capital and operational costs, better manage regulatory compliance and improve employee productivity.

This service is supported by skilled technical professionals with experience and expertise in implementing and managing mobile device security solutions.

The Security Service provides :

  • Protection against and monitor data loss and other risks caused by device theft
  • Protection against unauthorized access
  • Protection against malware, spyware and malicious applications
  • Secure data if the phone or tablet is lost or stolen
  • Track the missing device.

IBM is working with Juniper Networks to provide the protection and device management technology through the Junos Pulse Mobile Security Suite. The service will provide a self-cleaning feature that protects devices from dangerous applications by deleting them from the server.