Apple releases Bash update addressing ShellShock vulnerability

Over the last few days we have seen headlines about the critical security bug in Bash shell that affects Unix, Linux and even Mac computers.

Apple previously noted that only few Mac users who runs the advanced Unix Services were actually affected by the shell shock vulnerability.  Others are not at risk to this bug.

Apple said they are working to quickly provide update to patch this problem.

As promoised, it has released OS X bash update for OS X Lion, Mountain Lion and Mavericks.

You can download the update from their support page:
http://support.apple.com/downloads/

CSPF introduces Free online Ethical Hacking Course

Cyber Security and Privacy Foundation is happy to announce the first free online Ethical Hacking & Cyber Defence Course.

Within first 10 days after the course is launched, we have seen alreay 240 students registered for the online course.  The students registered range from Age group of 20 to 60.

Mr. Gemini Ramamurthy, chairman of CSPF, says we are very happy with overwhelming response from across the Globe for this course.  CSPF will continue to offer more such courses to the Online academy.


White Hat Hacking Course:
https://www.udemy.com/certified-whitehat-hacker-level-1/

Cyber Defence Course:
https://www.udemy.com/cyber-defence-course-cdc/

4 Cybercriminals from Vietnam arrested for using SMS malware to earn $100,000


Image Credits: Hanoimoi
Vietnam Police have arrested four individuals accused of stealing approximately $100,000 by infecting more than 100,000 mobile devices with a premium-rate SMS sending virus.

The suspects are identified as 23 year old Ha Xuan Tien, 24-year-old Nguyen Duc Luc, 25-year-old Nguyen Van Tu, 29-year-old Tran Ngoc Hai, according to Tuoitrenews.

The malicious applications which was used by suspects to infect users are said to be distributed via websites like "soundfest.com.vn", "clickdi.com". 

Once the malicious application infects a smart phone, the app will automatically send SMS messages to premium rate numbers.  Premium rate numbers allows the owner to earn money from incoming calls and SMS.

The victim will lose 15,000  Vietnamese Dong($0.71 in USD), after each message is sent from their device to these premium rate numbers.

Using this method, the cyber criminals manged to earn more than 2.1 Billion Vietnamese Dong($98,700 in USD) since late 2013.

Hackers compromised University Servers to Mine Bitcoins

Social Security numbers of Nearly 30,000 students who enrolled between 1995 and 2012 are at risk following the breach of Iowa State University's network server. 

University says they found no evidence that any of the financial information of students or any others files were accessed by the intruders.

Officials at Iowa State University believe the attackers who breached the five departmental servers were trying to use the computing power of the servers to generate virtual currency Bitcoins.

Even though the personal information was not the intended target, the University urges affected students to monitor their financial reports.

Another 18,949 students whose University ID numbers were on compromised servers are being notified about the breach.  However, this data have no use beyond their campus.

The breach occurred on Feb 3rd. On Feb 28th, the University came to know two of their servers were infected. On March 28th, they came to know third server having the personal information were also compromised in the breach.

Law enforcement officials have been notified of the security breach.

BJP website blocked for Pakistan over repeated hacking attacks

The repeated hacking attacks against Bharatiya Janata Party(BJP) websites have forced the authorities to block the access to its official website in Pakistan.

"The owner of this website (bjp.org) has banned your IP address on the country or region you are accessing it from." This is error which is currently being displayed whenever someone tries to access the bjp.org from Pakistan.

At the time of writing, even the BJP's PM candidate Narendra Modi's website(narendramodi.in) has also been blocked for Pakistan and showing some error message.

This move comes after Pakistan hackers targeted BJP related website and defaced BJP's Leader LK Advani's website and Bihar BJP websites in last two days.

The website can be still accessed by users from Pakistan by using proxies to mask their IP addresses.  If the website is secure against all attacks, then there will be need for such wide range of IP blocks except in cases of DDOS attacks. Even then, only individual IPs usually need to be blocked.

Arvind Gupta, BJP IT Cell Heaad, told NewsWeek that the site had been blocked in Pakistan "automatically" as a security measure and they had request CERT-India to unblock the sites.

Google offers Refunds to users scammed by fake "Virus Shield" app

Google is trying to maintain its reputation by offering refunds to those android users who were scammed by a fake antivirus app "Virus Shield".

Earlier this month, Android Police uncovered a fake virus scanner which was hosted in Google's Play Store that did nothing other than changing the icon and led the users into believing their devices are safe.

This fake paid app($3.99) was downloaded by more than 10,000 users before Google and others became aware of the true nature of this app.  In fact, this app reached number one position in the Top Paid apps list.

However, the developer of this app told the Guardian that one of their developers mistakenly uploaded the wrong version of "Virus Shield" application.  At the time, he also promised to refund users who bought their app.

But, Google seems to have decided not to lose thousands of users who are unhappy about the lax security mechanism which allowed such fake apps to be published.

According to Android Police report, Google is not only issuing refunds to purchasers but also offering them $5 promotional credit using which you can buy apps, books and music in Google Play store.