Dell says "sorry" for installing vulnerable digital certificate

Dell has apologized as it confirmed via a blog post that a certificate (eDellRoot), installed on its PCs that introduced a security vulnerability.

It is said that the certificate allows attackers to cryptographically impersonate HTTPS-protected websites. However, the company has issued a software tool that removes the transport layer security credential from affected machines.

The certificate will not reinstall itself, once it is properly removed using the recommended Dell process.

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it,” the company said in the blog post.

According to the blog post, Dell’s customers, Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, informed the company about the presence of such certificate on its PC.

Dell has claimed that the certificate was not a malware but was there to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service their customers.

“We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward,” the company added. 

A Security bug in MetroPCS could allow hackers to access customer data

A critical security bug in MetroPCS could allow anyone who knew your phone number access your personal details from the website including your home address, phone’s model and serial number .

It was revealed in a report by Motherboard that a pair of researchers discovered a bug that left the customer’s personal data exposed to cybercriminals.

With the personal details in hand, cybercriminals could easily move on to identity theft and accessing bank accounts.

 Eric Taylor and Blake Welsh found the flaw on MetroPCS's payment page in mid-October. Motherboard independently verified the flaw and reached out to T-Mobile, which owns MetroPCS, on October 22.

Well-known researchers have claimed it as a pretty nasty bug and a serious privacy exposure.  MetroPCS was unaware of the problem before being contacted by Motherboard prior to their published report. A spokesperson for T-Mobile told Motherboard that the flaw was fixed and the data is not exposed anymore.

But the thing that raised eyebrows was that the hacker won’t even need someone's phone number. An attacker could just run an automated script and obtain the personal data of many MetroPCS customers.

Hackers won $1 million iPhone Jailbreak prize

Zerodium, which had announced to pay $1 million USD to those that could provide a good iOS 9 jailbreak, finally made it public via twitter that some hackers have won $1 million by finding a remote jailbreak of an iPhone.

“Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!,” Zerodium tweeted on November 2.

Last month, the company launched "The Million Dollar iOS 9 Bug Bounty" program which aimed to buy an "exclusive, browser-based, and untethered jailbreak" for Apple's latest mobile operating system,

However, the company has not revealed the winner names or any further details.

A news published in Forbes Magazine, reported that the winners must have spent a significant amount of time trying to meet the tough requirements of the $1 million bounty: a remote attack that successfully took control of an iPhone via either Apple’s Safari browser, Google GOOGL +0.13% competitor Chrome or a text message. The $1 million bounty also required exploits work on the iPhone 6 or 6S, not any earlier models.

As per the news report, it had contacted the Zerodium’s founder, Chaouki Bekrar, however, he had not commented on it.

“The winning team has submitted the exploits just a few hours before the expiration of the Zerodium bounty as they have been working very hard to finish and polish the code until the last day. The exploit chain includes a number of vulnerabilities affecting both Google Chrome browser and iOS, and bypassing almost all mitigations in place. The exploit is still being extensively tested by Zerodium to understand each of the underlying vulnerabilities,” the founder added.

ATMs of Sparkasse Bank not only gives you Money but also Sensitive Information

A security researcher, Benjamin Kunz-Mejri discovered that ATM machines of German savings bank, ‘Sparkasse’ can leak sensitive information during software updates.

Mejri who is a CEO and founder of Germany based security firm Vulnerability Lab, used the ATM of Sparkasse when the machine suddenly ejected his card, and changed its status to “temporarily not available.” The machine later showed details of an update process on the screen which was when Mejri realised that the terminal had become temporarily unavailable because it was performing a software update.

For this attack, Mejri coined the term “timing attack”.

Software updates are normally conducted in the background, but Mejri discovered, the progress and details of the update process can be made visible by interacting with the device as he did.

The researcher found that a lot of sensitive data like bank’s main system branch usernames, serial numbers, firewall settings, network information, device IDs, ATM settings, and two system passwords was vulnerable to the hackers.

During the whole process, the card reader remained available and usable for other operations.

The ATM’s keyboard was also not disabled and the attacker could execute system commands via the available command prompt.

The ATM’s analysed were manufactured by Wincor Nixdorf, a German company that manufactures, sells, installs and services retail and banking hardware and software. The affected ATMs and self-service terminals were running Windows 7 and Windows XP operating systems.

According to the experts, a large scale attack can be coordinated by a criminal ring due to this vulnerability.
An attacker who has a physical access to bank nework can use the information disclosed during the update process to run a man-in-the-middle (MitM) attack on the targeted bank’s local network.

The attacker could push a bogus update to reconfigure the ATMs.

The attacker could conduct fraudulent transactions by forcing the ATM crash and corrupt the logging or debugging mechanism.

If fraudsters can determine the time and date of update schedules, they can conduct a larger, coordinated attack targeting multiple ATMs and self-service terminals as it takes 17 minutes to record all the information displayed on the screen.

There is a possibility that apart from Sparkasse, other banks who use Wincor Nixdorf ATMs and self-service terminals might also be affected.

The bank has already pushed out updates that fix the issue to a limited number of ATMs in German city of Kassel as a pilot project. The update will be installed in other regions after the test of new configuration becomes successful.

It is the first time that a German bank has admitted the security vulnerability in an ATM and rewarded the researcher with undisclosed amount of money.

Last week only, Berlin Police announced that they have been looking for a man who illegally withdrew cash from two ATMs using a USB stick that he connected to the devices after unscrewing their front panel.

Duuzer attacks South Korea that helps to steals data

Symantec, a security firm, has found out that the South Korea has been targeted by an active back door Trojan, dubbed as Backdoor.Duuzer that provides an attacker remote access to the compromised computer, downloads additional files, and steals data.

Researchers from Symantec posted in its blog stating that Duuzer was especially focused on the South Korean manufacturing industry.

It is designed to work on both 32-bit and 64-bit computers. If Duuzer finds the infected computer is a virtual machine that was made using Virtual Box or VMWare, then it stops executing. It allows Duuzer to attempt to evade detection from security researchers who are running virtual machines that are designed to be compromised with malware for analysis.

Once Duuzer infects a computer, it opens a back door, giving the attackers access to almost everything. The attackers can get access to gather system and drive information, create, enumerate, and end processes, access, modify, and delete files, upload and download files, change the time attributes of files and execute commands.

“Based on our analysis of Duuzer, the attackers behind the threat appear to be experienced and have knowledge about security researchers’ analysis techniques. Their motivation seems to be obtaining valuable information from their targets’ computers,” the researchers wrote in the blog. There is also evidence to suggest that the actors behind Duuzer are spreading two other threats, detected as W32.Brambul and Backdoor.Joanap, to target more organizations in South Korea.”

The researcher said that the detected malwares Brambul and Joanap used to download extra payloads and carry out reconnaissance on infected computers. Although, the exact distribution method is still unknown, it is likely that the malware is spreading through spear-phishing emails or watering-hole attacks.

According to the researchers, Duuzer, Brambul, and Joanap are just a small selection of many threats affecting South Korea. The nation has been impacted in high-profile, targeted campaigns over the last few years.

In order to protect, Symantec recommends that users and businesses to change default user names and passwords and not to use common or easy-to-guess passwords, regularly update the operating system and software, don’t open suspicious emails.

YISPECTER: Jailbreak, No Longer a Pre-Requisite for malware attacks

YISPECTER; a new iOS malware that is capable of attacking both jail-broken and non-jailbroken apple devices has been detected, which abuses private APIs and implements malicious functionalities.

(PC- google images)
This malware has been identified in Mainland China and Taiwan, and is hijacking the traffic from the countries’ ISPs. This has led to a huge outbreak of reports to Apple Inc. in the past few weeks and the existence of YISPECTER is being discussed on several online forums for the last months in which, out of the 57 top world cyber security systems, only one has been able to detect this specific malware

The malware comprises of four components which are co-dependent upon each other. With the approval of enterprise certificates, these components abuse private APIs and download files for each other from a command and control (C2) server. Three of them use complex tricks to hide their icons from the SpringBoard, that prevents detection and removal.

 YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 server from the infected iOS devices.

This malware has the capability to determine:
  • Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed
  • Even if you manually delete the malware, it will automatically re-appear
  • Using third-party tools you can find some strange additional “system apps” on infected phones
  • On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show up.

YiSpecter began to spread in November 2014, as per the forums. The main iOS apps of this malware have user interface and functionality that enable the watching of free porn videos online, and were advertised as “private version” or “version 5.0” of a famous media player “QVOD”. QVOD was developed by Kuaibo and became popular in China by users of porn trafficking.

As far as now, there are two main apps distributed in thus far:
  • HYQvod (bundle id: weiying.Wvod)
  • DaPian (bundle id: weiying.DaPian)
Both of them were spread by one or more of the multiple ways described earlier. They include the functionality of watching videos online by consuming credits and users can get credits by installing promoted iOS apps . But most important, it will download and install another malicious app popularly named NoIcon.

The aforementioned apps install NoIcon in a peculiar way. The app opens an HTTP server and listens on port 8080 using [HYAppDelegate createLocalHTTP Server]. This downloads NoIcon’s IPA and PLIST files and then QVOD  uses these local files to construct a local HTTP server that infects iOS and spreads the apps distribution.

From the evidences that have been collected, it is being suggested that a company named YingMob Interaction is the sole developer of YISPECTER. YingMob Interaction’s enterprise certificate. In the NoIconUpdate’s code, we even found a which names the company in the app’s release notes. YiSpecter’s C2 server has hosted some websites belonging to YingMob. For example, if we directly visit the subdomain for YiSpecter’s downloading, qvod.bb800[.]com, we can find it’s an “WAP iOS Traffic Platform Backend Management System” with copyright information of YingMob Interaction.
The world where only jailbroken iOS devices were threatened by malware is a thing of the past. WireLurker proved that non-jailbroken iOS devices can also be infected through abuse of the enterprise distribution mechanism. YiSpecter further shows us that this technique is being used to infect many iOS devices in the wild.

New Malware forces you to change your Wifi's default password

Ifwatch, a custom-built vigilant malware software changed the Wi-Fi passwords of  nearly 10000 routers to make it more secure.

According to researchers at the cyber security firm Symantec, the software is actually used to defend the machine from the hackers and provides solution for the other malware infections.

“We have not seen any malicious activity whatsoever,” said Symantec threat intelligence officer Val Saengphaibul. “However, in the legal sense, this is illegal activity. It’s accessing computers on a network without the owner’s permission.”

Ifwatch software infect the routers with a mysterious piece of “malware” through Telnet ports, which are often protected by default security credentials that could be easily for accessed for malicious attack, and then prompts the users to change their Telnet passwords.

The software is spreading quickly around the world but found mostly in China and Brazil. It was first discovered by an independent researcher in 2014.

“We have no idea who is behind this — or what their full intention is,” Saengphaibul said.

Vodafone 'hacking' of reporter's phone must be investigated, says Greens senator

A report published in The Guardian revealed that an Australian Greens senator Scott Ludlam has urged the Australian Federal Police and Australian Communications and Media Authority to investigate Vodafone over a serious privacy breach in which a journalist’s phone records were accessed.

According to the news report, Natalie O’Brien, Fairfax journalist, had her phone records leaked by a Vodafone employee in 2011, after she reported on a major data breach the company had suffered.
“The Office of the Australian Information Commissioner and Acma have both released statements acknowledging they have been made aware of the breach, but neither organisation has committed to an investigation,” the news report added.

As per the Telecommunications Act, no one either telecommunications provider or an employee, has authority to use or disclose information relating to the contents of phone records.

“It’s flat out a really interesting test of whether the laws that protect privacy in Australia are actually going to be upheld by the regulators,” Ludlam told Guardian Australia. There’s two issues. One will be whether the Acma’s directions were upheld. It’s not clear to me whether they were. Secondly, whether the federal police are intending to investigate the company for illegal access of phone records.

He said that while Vodafone was facing scrutiny for this particular breach, the case was an important illustration to put all companies on notice about their privacy obligations.

According to the news report, in December 2011, Acma gave formal directions to Vodafone that require it to take certain steps to improve its data practices. In the event the organisation were to investigate and find their directions had been breached, they could face heavy financial penalties.

In a statement released on Monday, acting information commissioner and privacy commissioner Timothy Pilgrim said the OAIC had been aware of “an allegation about inappropriate access to an individuals’ telephone records in May 2015.”

“The OAIC has been in contact with Vodafone to make inquiries about the allegation. The OAIC has also been liaising with the Australian Communications and Media Authority about these allegations, in accordance with the memorandum of understanding between the two agencies,” the statement read.
Acma released a statement and said it was aware of the allegations.

“The Acma has not previously investigated these allegations,” the spokesperson said.

Wassenaar Cybersecurity Rules – How India Must Respond

In December 2013, the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (“Wassenaar Arrangement”) extended its reach to the cyber world. The extension seemed to signal a broad attack on export of many categories of cyber security software including commercially available penetration testing and network monitoring products, zero days and other computer exploits. Interestingly, these changes have emerged after media reports of U.S. government purchases of zero day computer exploits or vulnerabilities, i.e., security vulnerabilities previously unknown, by the US National Security Agency (NSA) for use by its hacking team.

Cyber security experts around the world and large companies like Google have raised a banner of revolt against the Wassennar changes and the U.S. Department of Commerce’s Bureau of Industry and Security (BIS)’s proposals for the implementation of the Wassenaar changes. They have expressed serious concerns about the impact of these changes on discovery of new vulnerabilities that could pose a threat to the internet globally.
If anything, the general impression is that Wassenaar Changes and its implementation by the signatory countries would actually make the internet more dangerous to users around the world. Google has been quoted as saying that the rules “are dangerously broad and vague and would have a significant, negative impact on the open security research community. They would also hamper our ability to defend ourselves, our users and make the Web safer. It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure."
The fierce criticism and loud, public protest has had a temporary impact. The US Department of Commerce has now committed to drafting new rules to replace/amend the earlier draft.
It would be pertinent to note here that in response to the Wassenaar changes, VUPEN, a well known zero-day exploit firm (and also a supplier of exploits to the NSA), announced its decision to restrict exploit sales only to approved government agencies in approved countries
So what does all this mean for India? While the Wassenaar Arrangement might have worked in the physical world, will it work in the borderless cyber world? Will a country like Russia, a leading global supplier of cyber security software and tools implement rules to accommodate the Wassenaar changes, especially at a time when it is facing economic headwinds and under sanctions from the US and the EU? It does not seem to be in Russia’s interest at all, given its enormous strengths in the cyber security area and huge market for such products.
But India cannot afford to speculate on which way the wind will blow. The ongoing transformation of India into a Digital Economy implies the need for strong cyber security defences. Imagine a situation where a commercial or defence software is found to have vulnerabilities, whether accidental or deliberate, and the country lacks the tools to test for and mitigate such vulnerabilities? What if such vulnerabilities are discovered in software used in sectors such as Critical Infrastructure, Public Utilities, Financial Services, Health Information Systems? What if vulnerabilities are found in SCADA (industrial automation control systems) used by major industries and the energy sector?
Clearly, India needs to build its own cyber security defences and do it fast. Some expertise is available in the country, and needs to be complemented with global talent. 
The Government, leading software companies, defence companies and major users need to invest liberally in funding and supporting talented cyber security professionals. The Government should support some aggression in sourcing relevant tools, technology and talent from wherever required in the world. Israel’s export of cyber security software now exceeds that of physical weapons systems, and there’s a lesson for India here in the form of a Military/Industrial/Cyber Security Professionals complex to meet India’s needs.
As is known, India has faced serious problems in the past with respect to imports of critical technologies in the areas of defence, space and the nuclear sector. In the context of cyber security, we now have advance warning about problems that are around the corner. It makes no sense to run into a wall all over again and as such, a proactive and immediate national response is called for.
Prasanna J, Founder of Cyber Security and Privacy Foundation.

Mozilla patches severe vulnerabilities in its Bugzilla bug tracking system

Mozilla confirmed on September 4 that an attacker, stole its security-sensitive vulnerability information from its Bugzilla bug tracking system and then he got accessed to information about unpatched zero-day bugs.

However, Mozilla has now patched all the flaws that allowed the attacker to get the accessed. Similarly, the company concerned said that it would take its own security more seriously than before.

It is also said that the attacker used it to attack Firefox users, the maker of the open-source Firefox browser warned Friday.

“The attacker acquired the password of a privileged Bugzilla user, who had access to security­sensitive information. Information uncovered in our investigation suggests that the user re­used their Bugzilla password with another website, and the password was revealed through a data breach at that site,” Mozilla said in an FAQ on the breach.

The one bug that was exploited in the wild was used to collect private data from Firefox users who visited a Russian news site.

The attacker accessed approximately 185 bugs that were non-public. Among them, 53 were said to be severe vulnerabilities. Mozilla claims that 43 of the severe flaws had already been patched in the Firefox browser by the time the attacker accessed the bug information. That leaves 10 bugs that the attacker had access to before they were patched, and that's where the potential risk to Firefox users lies.

“The earliest confirmed instance of unauthorized access dates to September 2014. There are some indications that the attacker may have had access since September 2013,” the company said.

The company said that during its investigation it found out that the user re­used their Bugzilla password with another website, and the password was revealed through a data breach at that site.
Firefox security lead Richard Barnes detailed what Mozilla is now doing to improve Bugzilla's security.

"We are updating Bugzilla's security practices to reduce the risk of future attacks of this type," Barnes wrote. "As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication."

Bug in the GitHub Extension for Visual Studio Makes Developer Lose $6,500

Carlo van Wyk, a South African web developer, said that he lost $6,500 (£4,250) in just a few hours because of a flaw in a tool for using Microsoft's Visual Studio IDE with code-sharing site GitHub inadvertently exposed his sensitive data.

He used the GitHub Extension for Visual Studio 2015 to commit one of his local Git code repositories to a private repository on GitHub. However, an unknown to him at the time the bug in the extension, developed and maintained by GitHub itself, caused his code to be committed to a public GitHub repository, rather than a private one as he intended.

Once he reported the bug, both of the concerned companies fixed it.

According to a report published in The Register, within around ten minutes after publishing his code, he received a notification from Amazon Web Services telling him his account had been compromised. He had included an AWS access key in the code that he had committed to GitHub.

Although, he immediately changed his AWS root password, revoked all of his access keys, and created new ones, within hours the crooks had managed to sign him up for AWS's Elastic Compute 
Cluster and fire off more than 20 instances in each EC2 region.

After that his AWS account had racked up a bill of $6,484.99.

AWS was not available for the comment, as per The Register. However, GitHub has apologized for the error in its code, regarded it as "inexcusable."

WordPress 4.3 automatically generates secure password

The WordPress has announced the release of new version 4.3, dubbed “Billie” in honor of jazz singer Billie Holiday, is available for download, with some changes in the password security system.

The new system of managing a password reset sends a password reset link that has 24-hour expiry window, and users will also receive e-mail notification if e-mail or password is changed.

In a blog post, WordPress developer Brian Krogsgard said that, “This is a relatively minor change to WordPress that will significantly enhance default user behavior for a big security win.”

For the new users to WordPress,  they have add a feature which will automatically generate a secure password for the user. It means that the users will have a strong password by default.  A password strength meter will help users to gauge on the strength of their password.

“Although WordPress isn't stopping you from choosing terrible passwords, the default in 4.3 is that you get secure passwords, and making them less secure takes a bit of work,” noted Mark Jaquith, a lead WordPress core developer.

Creepy Voice that you heard from Your Baby Monitor is not of a Ghost

Beware of the cameras connected to the Internet or the security cameras and monitoring as these systems can be easily hacked by the hackers. It camera hacking has become a serious issue now as of the potential for unauthorized people to make video recordings.

Ontario Provincial Police (OPP) issued a warning on Wednesday reminding people that these systems can be susceptible to hackers because many have an option to be used remotely enabled by default after a family from southwestern Ontario witnessed on July 7 a baby monitor watching their young child when it suddenly began playing music and a voice said they were being watched.

According to Liz Melvin, the OPP Const, the child was about to sleep in the nursery when the camera was remotely activated.  

“The camera played some eerie music and a voice could be heard indicating the parent and child were being watched,” Melvin told National Post. “Obviously it’s going to be disturbing.”

She said the family’s Internet service provider confirmed the router had been hacked and the source of the hack could be from anywhere in the world.

Although, such kid monitor hacking cases have been reported every month, Melvin said no other incidences have been reported and she wasn’t aware of any past investigations into this type of camera hacking in the area.

She said there are no suspects in the case and the investigation is ongoing.

In a bid to protect, people should use passwords to protect access to the Internet connection and access to monitoring systems. Similarly, buy cameras from trusted sources and cover them cameras when not in use.

Avast announced the acquisition of Mobile Virtualization Company ‘Remotium”

Avast Software, maker of the most trusted mobile and PC security products in the world, on July 8 announced the acquisition of Remotium, a leader in virtual enterprise mobility which technology enables enterprises to extend access securely, simply, and cost-effectively to business-critical applications in a bring-your-own-device (BYOD) environment.

According to a press statement posted by the company, the acquisition of the Silicon-Valley-based start-up will allow Avast to expand its offering of mobile security applications to the enterprise space.

The entire Remotium team has joined the global organization of more than 600 Avast employees.

Like Avast, Remotium, which won "Most Innovative Company" at RSA Conference 2013, solves the challenges of delivering corporate applications to employees’ mobile devices by creating a smooth user experience, while assuring data security and compliance.

The company said that its product, Virtual Mobile Platform (VMP), which enables access to enterprise applications from any mobile or desktop device, allows users to work from anywhere in the office, remotely from their home office or while on business trips.

It is said that the users can connect to their VMP from any device they are using smartphones, tablets, and desktops in order to get access to their corporate tools, apps and data.

Vince Steckler, CEO at Avast, said that the Remotium‘s mobile solutions address the needs of modern enterprises.

"As more and more companies support BYOD policies, the question of how to implement these policies efficiently and securely is top of mind for everyone. With Remotium’s technology, 
companies have visibility and security needed to ensure data integrity and corporate compliance. At the same time, users enjoy increased privacy, as well as apps that look and feel consistent across mobile and desktop platforms. We are pleased to add the Remotium staff to our team together we will further accelerate Remotium’s growth and expand its capabilities across enterprise mobility platforms," he added.

Stephanie Fohn, CEO at Remotium, said, "The Remotium team and I are very excited about joining Avast Software. Avast has a long history in creating innovative, best-in-class security for personal and commercial use. We look forward to extending our technology leadership position and continuing to deliver groundbreaking enterprise mobility solutions to meet the needs of the enterprise.” 

Malwarebytes offers pirates a free one year license

Software companies have been serving the general public for years. But in this process, starts the raging war between the companies and the so-called "crackers" who try to counterfeit genuine products in order to promote piracy.

This creates a loophole in the distribution part of the products. This battle has seen some technical advancement in preventing counterfeiting of the services.

While Microsoft has implemented a product activation procedure for the Windows Operating system and its Office suite, some of the premiere gaming company have a registration process into their servers in order to activate the game, declining which the game becomes unavailable for playing. Yet, there is a continuous struggle amongst the "cracking " society to crack the softwares for free access and piracy.

While this struggle has accelerated with time, a company has finally decided to allow the vicious pirates to gain legit access to their product. Malwarebytes, a premium security firm has initiated Amnesty, a program to enable the users who have procured the serial key from piracy dealers or have downloaded it from the internet, to reissue their security key for free. This reissued key will provide the user with premium access to Malwarebytes Anti-Malware for a period of 12-months.

The company states that the internet has good pioneers as well as bad pirates. While the pioneers work hard day and night in order to provide users with state of the art services, pirates try to dupe people into buying pirated versions of Malwarebytes Anti-Malware.

"Amnesty program has initiated providing free replacement keys to the premium customers who have been facing inconvenience because of pirated keys or software abuse for Malwarebytes Anti-Malware".

To ease it up, you can start by downloading the latest version of Anti-Malware Premium(direct link to download). Once you are done with the installation, the activation setup is initiated, where you have to enter your illegal activation key and proceed. This redirects you to the dialog box which gives you the option to select "I’m not sure where I got my key, or I downloaded it from the Internet". The company then issues you with a new key along with a 12-months free premium membership.

This has been started by Malwarebytes, who are providing one of the best security suites and anti virus tools in the market.

Researchers claim hack of Israeli military network

Blue Coat Systems Inc, a network solution provider based in California, has claimed that they have detected a hack in Israel's military network.

According to them, the hack seems to be a four month job and is an espionage campaign that skillfully packages existing attack software with trick emails.

The hack seems to be a job of Arabic-speakimg hackers as researchers at Blue Coat have found that programming tools used to hack the network had a default Arabic setting. They suspect the hackers might be working on a small budget as most of their code has been sourced from previous existing versions of hacking software.

Israeli defense minstry spokerperson said that Military officials were "not aware of hacking on IDF operational networks."

"Not all targeted attackers need advanced tools," Blue Coat wrote in a draft paper shared with Reuters. "As regional conflicts continue, cyber threats from groups of various skill levels will also accompany the conventional armed conflicts."

International operation mounted to counter Beebone Botnet

A multinational task-force comprising of European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), the FBI and led by Dutch National High Tech Crime Unit was recently set up to target the Beebone (AAEH) botnet, a downloader virus that cripples a computers defenses by downloading various malwares on a PC.

Private players Intel Security, Kaspersky and Shadowserver were also present to consult on destroying the polymorphic downloader that according to sources, has affected 12000 computers till date.

The operation 'sinkholed' the botnet by recognizing the domain names and addresses of the affected parties and then rerouting traffic.

Emergency teams around the world have been put into motion to get into touch with the victims of the botnet. The number of affected parties is less in this case, but the botnet has been deemed to be very sophisticated.

The operation was successfully carried out after which Europol’s Deputy Director of Operations, Wil van Gemert, said "This successful operation shows the importance of international law enforcement working together with private industry to fight the global threat of cybercrime."

"We will continue our efforts to take down botnets and disrupt the core infrastructures used by cybercriminals to carry out a variety of crimes. Together with the EU Member States and partners around the globe, our aim is to protect people worldwide against these criminal activities."

Passwords stolen for Windows users of Puush

Over this weekend, the screenshot sharing app, Puush server was hacked and a malware infected program was placed as an update for Windows users.

The software version r94 downloads malware, which  grab passwords from infected systems. The update has been taken offline, and the latest update r100  is available as download, which will tell you if you were infected or not, this update will clean the malware.

The company noted that the Windows version of the app was affected, the iOS and OS X versions apps are safe.

According to statement released by company, "The malware may be collecting locally stored passwords, but we are yet to confirm these have been transmitted back to a remote location. We have been running the malware in sandboxed environments and have not been able to reproduce any such behaviour. Even so, we recommend you change any important passwords which were stored on your PC (unless they were in a secure password manager). This includes chrome/firefox saved passwords."

The company made removal and cleanup tool available for users, who may have been put off using Puush.

“We have created a cleaner for people who do not wish to continue using puush. It is stand-alone and will tell you if you were infected (assuming you have not already updated to r100).”

 You can obtain this here:

Google intrduces new review process for apps, age based rating system for all apps on Play Store soon

Google has decided to make change to its app submission process by adding human approval as a new step. Starting a couple of months back, a team of reviewers at Google started reviewing all applications before they were allowed to go live on the Play Store.

“We started reviewing all apps and games before they’re published – it’s rolled out 100%, and developers haven’t noticed the change.” said Purnima Kochikar, Director of Business Development for Google Play. After implementing the new review system, Google has still maintained its superiority in speed over rivals, Apple. Developers are able to get their apps live within a few hours of its submission on the Play Store, unlike Apple which has lengthy review process.

The reason Google has been so successful at this is its autmoated software that can detect only malware, but also sexual content and infringement of copyrights. Kochikar was not very coclusive about what all Google can detect through its automated detection softwares.

She said, “We’re constantly trying to figure out how machines can learn more,” explains Kochikar. “So whatever the machines can catch today, the machines do. And whatever we need humans to weigh in on, humans do.”

Google also lauched a new age based rating system for the Play Store that is supposed to come into effect in May. The system will be based on the scales provided by a given region’s official rating authourity. App developers will be required to fill in a questionnaire about the objectionable content in their app before submission and return the most appropriate rating for the app.

Googel has said that it will keep an eye on the ratings being given out by the new questionnaire system to make sure that the developers are truthful while filling out the questionnaire. Their will be a grace period for applications which are currently their on the Play Store, but soon, new submissions and updates to the Play Store will require developers to fill out the questionnaire.

Uber files John Doe lawsuit in response to nine month-old data breach

Uber has filed a John Doe lawsuit in the district court of Northern California as part of its investigation regarding a data breach of one its driver’s database.

Last year in on September 17th, Uber discovered that one of its databases had been accessed using a login key that was posted on a post on Github.  The key was used to access Uber's internal database which houses information about 50,000 drivers.

Uber has begun reaching out to drivers whose information was stored in the breached database. The company has also provided a one year free membership of Experian’s ProtectMyID Alert to drivers whose information has been stolen.

Uber has also subpoenaed Github to share the IP addresses of anyone who visited a particular gist post (the login key used to access the database was posted there) between March and September 2014.

Uber shared the information about the breach through a post on its blog, on which it mentioned that the breach of data had occurred sometime around 12th May, last year. The files that were stolen from the database contained names and driving license numbers of its drivers, past and present. According to Uber, no case of misuse of any stolen data has been reported.

Questions have risen after the post was published on Uber's blog as to why the company did not come forward with the information earlier, and why were driver partners whose information was stolen and put at risk, not informed about the incident earlier?