Phishing pages trick Steam users to Upload SSFN file

Is Steam login page asking you to upload SSFN file? Think twice before uploading, because the legitimate steam site never asks you to upload SSFN file.

Steam Guard is extra layer of security.  It will ask you to enter a verification code sent to your email, whenever you try to log in from a computer you haven't used before.

This feature will prevent attackers from taking control of your steam account, even if they know your login id and password. 

However, there is new Phishing scam uncovered by MalwareBytes that bypasses the Steam Guard protection.  It tricks users into handing over their login credentials and the SSFN file.

What is SSFN File?
SSFN is the file that avoids you from having to verify your identity through Steam Guard every time you login to Steam on your computer.  If an user deletes this file, he will be asked to verify again and new SSFN file will be generated and stored in your pc.

If you upload your SSFN file to a phishing page, attackers can use this file with username &password to take control of your account.

In a reddit thread, several users have reported that they got fooled by this phishing scam.

"Steam will never ask you to provide any Steam Guard files. If you upload or give a user your Steam Guard .SSFN file, they can gain access to your account without accessing your email account. However, they must know your Steam account password and username to use this file" Valve article about Steam Guard reads.

Wired website blocked by Google Chrome

Official website of popular American magazine Wired has been blocked by Google and Chrome.  Users who tries to access few urls of wired are getting a warning message saying "This site may harm your computer".

We tried to access wired.com from Google search result, there was no warning message for home page.  However, when i tried to access the 'wired.com/business/', i was presented with Malware warning page.

"Hey folks, we had a brief technical issue this morning, but it's fixed. Thanks to those of you who brought it to our attention." Wired tweeted regarding the issue.

It is unclear what they mean by 'technical issue' and how come Google has blocked the website.  At the time of the writing, visitors are still presented with the malware warning message.  Wired says it is waiting for Google chrome to remove the warning.

Fake Google apps found in Windows Phone store


Both android iOS have official apps from Google,  but Windows phone users are not blessed with the Google Apps.  But, they have one official Google search app for windows phone.

Recently some of Google apps including Google Hangouts, Google voice, Google + , Google maps and Gmail were placed in the Windows phone store with the price tag of $1.99.

While the legitimate Google search app for Windows has been published with developer name as 'Google Inc', all of these apps were published by "Google, Inc".

The clear intention here is to fool the windows phone users into believe these are official apps from Google.  These fake apps were first spotted by WinBeta.

Microsoft has removed these apps from its store, after The Next Web contacted the Microsoft about the issue.

“We removed a series of apps for violating our policies concerning the use of misleading information,” a Microsoft spokesperson told TNW. "The apps attempted to misrepresent the identity of the publisher."

Bug in Twitter could allow anyone to read tweets from protected accounts

Twitter has fixed a bug in their website that could allow non-approved followers to read the tweets made by protected twitter accounts.

Normally, Tweets from protected accounts can't be seen by public user;  One should get approval from the account holder to view the protected tweets.

This bug could allow anyone to view hidden tweets by getting SMS or push notification from the accounts.  

The microblogging firm said a member of white hat security community helped them to discover and diagnose the bug.  According to its blog post, the bug is there since November 2013.

"As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future."

The bug affects around 93,788 protected accounts.  Twitter has sent mail to all affected users to inform about the bug and apologize.

Thousands of websites using MadAdsMedia ads blocked by Google Safe Browsing

Thousands of websites' owners using MadAdsMedia ads service became mad after Google Safe Browsing blocked their websites.

A number of users have reported in Google forums and Digital Point forums that their website is blocked by GSB and showing the following warning message "This web page at [site] has been reported as an attack page and has been blocked based on your security preferences."

Even after removing the MadAdsMedia script from their website, it is still showing the Malware warning.

"In my webmaster tools it lists the suspicious snippets as the links to madads. As I said before I removed them, then I tried to request a review in my webmaster tools but when I submit it I get: 'Your request can't be processed at this time because your site isn't currently flagged for malware. If you see a malware warning in your browser, it is likely a cross-site warning.' " One of the user posted in DigitalPoint forums.

It is still unknown whether Google mistakenly blocked those websites or the MadAdsWebsite is hacked to serve malicious ads.  We are not sure how many number of websites have been affected.

*Update:
According to fz6-forum, one of the MadAdsMedia advertising vendors' server was hacked and few ads have been injected with malicious code.

"This message is regarding the recent malware notifications that some of our publishers may have experienced. Just before noon today, our engineers discovered that one of our ad serving locations had been hacked."
 
"Since this attack was discovered, our engineering team worked diligently until 3:45pm EST to ensure that the appropriate action was taken to secure our ad server. Unfortunately during that time, this attack effected 7.8% of our publishers' domains. " Mail from MadMAdsMedia reads.

Target's network hacked using stolen credentials from a HVAC company

Stolen Credentials from Fazio Mechanical Services, a Pennsylvania based provider of heating, ventilation and air-conditioning(HVAC) systems, allowed attackers to breach the Target's network which resulted in massive breach involving more than 40 million credit card data.

Cyber security blogger Brain Krebs has learned that US secret services visited the companies offices, but Faizo Vice president has refused to provide further details about the visit.

You may ask why Target gave a ventilation contractor access to its network?  A CyberSecurity expert told Krebs that a HVAC service providers usually get access to retailers' computer systems in order to remotely monitor energy consumption and temperatures in stores.

CyberCriminals first tested their card-stealing malware, by infecting only a small number of cash registers within Target stores.  They conducted the test between November 15 and Nov. 28.

By the end of the November, hackers distributed their malware to a majority of Target's POS Systems.

It appears the stolen financial data stored not only in Russian server but it has also been uploaded to servers located in various countries including Miami and Brazil.

In an official statement, Faizo Mechanical Services said "Fazio Mechanical does not perform remote monitoring of or control of heating, cooling and refrigeration systems for Target"

"Our data connection with Target was exclusively for electronic billing, contract submission and project management, and Target is the only customer for whom we manage these processes on a remote basis."

Chinese Huawei allegedly hacked into Indian state-owned Telecoms company BSNL

Parliament of India was informed on Wednesday that the State-owned Telecoms Company Bharat Sanchar Nigam Limited(BSNL)'s network was allegedly hacked by a Chinese Telecom equipment maker Huawei.

"The government has constituted an inter-ministerial team to investigate the matter."Killi Kruparani, Minister of State for Communications and IT, told the Lok Sabha.

According to reports,  the engineers of Huawei allegedly hacked a BSNL's mobile tower in Coastal area of Andhra Pradesh in October 2013.

India has launched an investigation, the investigation team is comprise of top officials from National Security council Secretariat, Intelligence Bureau, Union home ministry and BSNL.

It is worth to note that BSNL has offered a major part of its network expansion tender to another Chinese company ZTE in 2012.  The goverment suspects it might be the "inter-corporate rivalry" between these two chinese companies.

Huawei India denies allegations of hacking BSNL's network, said it will continue to work with Indian customers and Government and ready to help in addressing any network security issues.

Orange.fr hacked, details of 800,000 customers stolen

Unknown Hackers have breached the website of Telecoms giant Orange and have compromised details of 800k customers from the www.orange.fr.

According to PCINpact, My accounts page of website has been targeted by hackers on January 16.  Hacker have gained access to personal data including names, email IDs, phone numbers, mail addresses and other details.

Orange states claims only personal information have been accessed by hackers, passwords have not been compromised in the Data Breach.  Customers' bank account numbers are stored in separate server which is not impacted by this breach.

Few hours after became aware of the intrusion, the ISP immediately closed the "My Accounts" page to prevent further attack.  The security hole responsible for the breach is said to have been closed.

The company said only 3% of its customers impacted by the breach.  In an email sent to affected customers,  the company warned them that the stolen data can be used by cyber criminals to launch phishing attacks.

The company has filed a complaint about the breach and working with Police.

Canadian Spy agency with help of NSA tracked passengers who used free airport WiFi


Image Credits: Kaspersky
Here is another example why public WiFI networks pose a potential risk to your data.

A report from CBC News based on newly leaked secret document by former U.S. security contractor Edward Snowden reveals that Canadian spy agency was spying on the passengers who used free WiFi service in airports.

The Communications Security Establishment Canada (CSEC) is prohibited from spying on Canadians without a warrant.  However, they have collected metadata about all travelers passing through Airport including Canadians.

The document presented to the CBC shows the captured information from travelers' devices was then helped the spy agency to track them for a week or more as their wireless devices connected to any other Wi-FI hot spots in locations around Canada and event at US airports.

According to CBC, the leaked document suggests that operation was a trial run of a new software developed by CSEC with the help US's National security Agency(NSA).

Two largest Canadian airports - Toronto and Vancouver - and Boingo, a largest independent WiFi services supplier at other airports, have denied the involvement in providing any information of WiFi users.

Bug Bounty Programs: Github now offers $100 to $5000 for security vulnerability

Github is the latest organization to join the list of organizations offering Bounty to security researchers who find and report vulnerabilities.

Github has previously listed the name of those who report vulnerabilities in the 'Hall of fame' page, now offers bounty amount starting from $100 to $5,000. 

The exact bounty amount for each vulnerability is determined by GitHub based on actual risk and potential impact to their users.

Let us say, you find a non-persistent XSS vulnerability which only work in Opera browser(affects only 2% of its users) will get small bounty.  If you managed to find a Persistent(stored) XSS that will work in Chrome(affects 60% of its users), it will earn you larger reward. 

The bounty program currently covers the GitHub API, GitHub Gist and GitHub.com.  GitHub says its other applications are not part of the open bounty, but researchers may receive a bounty at its discretion.

So far, two researchers have received 1000 points for reporting 'Broken Authentication or Session Management' and 'Missing Function Level Access Control'

Hackers reportedly used stolen vendor credentials for hacking Target system


Target Corporation told Wall Street Journal that the massive data breach it suffered last month happened after cyber criminals compromised credentials from a vendor and used them for hacking into the Target system.

The company didn't provide much information.  It didn't say how hackers stole the credentials.  They also didn't specify in which portal hackers logged into.

Cyber security blogger Brian Krebs who brought the Target breach to the light, said in his blog that malware used in the breach had used username 'Best1_user' and password 'BackupU$r' to access the shared drive.  Krebs highlighted the fact that the username is same as the default password used in IT management software developed by BMC Software.

"According to BMC’s documentation, this account is normally restricted, but the attackers may have usurped control to facilitate lateral movement within the network." said in Dell SecureWorks report pointed out by Krebs.

The report also revealed that malware component installed a service called "BladeLogic", appeared to be mimicking the name of another product of BMC.

A Trusted source told Krebs that BMC's software is used by many major retailers.  He believes targets also use it.

Krebs also confirmed that cyber criminals known as Rescator are selling millions of cards stolen in the Target data breach.

Southwest General notifies patients of privacy breach

Southwest General Health Center is notifying over 480 patients who were part of an obstetrics study that a binder containing their private information is missing, according to local news report.

The binder which has been missing since December 5 contains information gathered between April and October 2013.

It includes patient names, date of birth, medical record numbers and clinical information.  Southwest General said no Social Security numbers and financial information were involved in this privacy breach.

The hospital tried to find the missing binder.  However, they are not able to locate it.

They also apologized to its patients and said they have implemented some procedures to prevent this type of incident from reoccurring in future.

Former Natwest Bank clerk jailed for helping fraudsters


A former NatWest Bank clerk has been sentenced to four years in jail for helping fraudsters to gain access to the Bank computers in an attempt to steal over £1 million.

Hans Patterson-Mensah, 24 year old, allowed fraudsters to enter into customer interview room at one of Natwest Branches in Sep. 2012.

The fraudsters managed to install KVM("keyboard, video and mouse) switch into a computer.  The device gave the criminal access to the bank's internal system.

The criminals managed to change some records to make it look like the target person has deposited £1m in their account.  The crooks then withdraw money from that account.

However, Bank staff spotted that something was amiss when they conducted an end-of-day audit.  They managed to recover most of the money(£6,000).

Starbucks iOS app stores username, password in clear text

Starbucks app, which let users to pay for food and drinks using their smartphone, could be putting user's personal information including usernames, passwords at risk.

A Security researcher has discovered the lack of security in the iOS app.  He found that the app is storing the username, email address and password in unencrypted format.

It means an attacker who got access to a phone(let's say a stolen phone) is able to extract the data from the phone.  The extracted data can be used for logging into the Startbucks.

"To prevent sensitive user data (credentials) from being recovered by a malicious user, output sanitization should be  conducted to prevent these data elements from being stored in the crashlytics log files in clear-text, if at all." researcher said.

New service will protect Hong Domains(.hk) from DNS Hijacking


We have recently seen several DNS Hijacking attacks. Hackers had defaced several high profile domains including Google, facebook.

Hackers normally attempt to obtain login details for the Domain admin panel through various method including Social Engineering attack.  If he succeeds, he will change the DNS records fort the websites.

By modifying DNS records, hacker can deface the website or redirect to any other malicious websites.

To make an end to such kind of attacks, a new " registry-lock" service has been launched by Hong Kong domain registrar.

"We are putting back the human factor in the verification process," South China Morning Post quoted the Internet Registration Corporation head Jonathan Shea Tat-on as saying.

The new service will require telephone call verification in order to make any changes to the existing DNS records.  Only up to three persons can be authorized to modify the records.  In addition, the server will be unlocked for just 15 minutes each time.  These options are believed to be security measures that will remove the existing loopholes in automation. 

McAfee Antivirus will be rebranded as Intel Security

Intel has decided to say Good bye to the McAfee brand name for its security software, the McAfee Security will be renamed "Intel Security".

The rebranding will begin immediately, but the company estimates it will take a year to complete.  The red McAfee shield logo will remain.

Along with the rebranding, Intel is offering the mobile version of McAfee's security solutions for free to use on iOS and Android devices.

The controversial founder of McAfee company, John McAfee told BBC that he was elated by the name change. 

"I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet. These are not my words, but the words of millions of irate users." he said.

WoW players targeted with Fake version of Curse Client containing malware


Blizzard yesterday warned World of Warcraft(Wow) players regarding a new malware disguised as Curse client that attempts to hijack victim's accounts.

The fake version of the Curse Client is served in a fake version of Curse Client website.  The fake website is appeared in the search results when users search for the Curse client in major search engines.

If you believe you are one of the victim or want to make sure yourself, you can download the updated MalwareBytes software.  It is currently detecting and removing the malware in question.

If you are good at technical, you can also follow a manual removal method posted by one of the user in their support forum. 

There are 20 out of 48 antivirus detect the malware in virus total.  However, some of the major antivirus failed to detect the malware.

Users are always advised to download the softwares from official website or trustworthy third-party websites such as softpedia, cnet.

Ex-Minister approaches police after his facebook page gets 10,000 fake likes in a day

Former India Railway Minister and Congress MP Pawan Kumar Basanal has approached police to investigate his facebook likes after a sudden surge of likes in his facebook page, according to Local News reports.
'Likes' in his facebook page increased to 60k from 50k within a day.  He believed it is quite unusual and suspected foul play.  So, he a lodged a complaint with IG,Police, Chandigarh.

MP told local news papers that his page usually receive 10-20 likes every day, but thousands of likes in just one day is unusual.  He also added that someone is doing with malicious intention.

Facebook 'Likes' and Twitter 'Followers' play an important role in the online marketing.  Users evaluate the value of one account based on the number of likes and followers.

When an account has likes in Lakhs , we usually won't investigate how many of them are legitimate.  We will start to believe the account is quite popular instead.  By keeping this in mind, people do buy fake likes or use bots to increase likes.

A few months back, The BJP accused Congress leader and Rajasthan CM Ashok Geholt of buying fake facebook likes.  A few days back, 'likes' in the facebook page of Sanjay Tandon, who heads the BJP's Chandigarh unit, increased by over 9k in one day, most of them reportedly from Istanbaul.

Reserve Bank of India warns public against use of Virtual Currency Bitcoin


The Reserve Bank of India(RBI) has issued a warning against the use of Virtual currencies such as controversial Bitcoin saying that they poses a potential financial, legal and security related risks.

RBI warned in its press release that creating, trading or using any of virtual currencies including Bitcoin, Litecoins, bbqcoins, dogecoins are not authorized by any central bank or monetary authority.

RBI said since the virtual currencies are stored in digital form(electronic wallets), they are prone to losses arising out of hacking, loss of password, compromise of access credentials, malware attack.

The warning comes few days after Chinese government banned the use of Bitcoin in their countries Banks, pointing out the risks of using Virtual Currency.

Earlier this month, the French Central Bank also issued a warning about the Bitcoin transaction. 

Hacker sent emails from hacked Police account


The Belington Police has issued a warning about a spam email purportedly from the Belington Police department.

According to The Exponent Telegram, an account of a police officer has been hacked by cyber criminals and sent around 500 emails from the hacked account.

Sgt. J.L. Hymes told the exponent Telegram that the email will ask recipients to donate money saying it is for a child in Ukraine.

Hymes said police will contact the recipients either in person or by phone. They also provided a department contact number ((304) 823-1613), in case the residents want to verify any police contact.