by Swati Khandelwal
DoubleLocker—as the name suggests, it locks device twice.
Security researchers from cybersecurity firm ESET have discovered a new Android ransomware that not just encrypts users’ data, but also locks them out of their devices by changing lock screen PIN.
On top of that:
DoubleLocker is the first-ever ransomware to misuse Android accessibility—a feature that provides users alternative ways to interact with their smartphone devices, and mainly misused by Android banking Trojans to steal banking credentials.
“Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers,” said Lukáš Štefank, the malware researcher at ESET.
“Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom.”
Researchers believe DoubleLocker ransomware could be upgraded in future to steal banking credentials as well, other than just extorting money as ransom.
by Phil Muncaster
Equifax has been left red-faced again after its website began displaying malicious content stemming from third party vendor code.
Reports started to emerge over the past day or so that users clicking through on the main Equifax.com site were being presented with a scam Adobe Flash update page with a centerbluray.info URL.
The domain is detected only by Google and Malwarebytes as malicious.
Clicking on said update would infect the user’s computer with adware, currently only detected by three out of 65 AV firms on VirusTotal: Panda, Symantec and Webroot.
A statement Equifax sent to researcher Kevin Beaumont revealed the problem was down to a third-party partner:
“Despite early media reports Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal.
“The issue involves a third party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content. Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”
Although this incident turned out to be a supply chain hack on a partner, it threatens to further damage the reputation of the under-fire credit reporting agency, which was breached earlier this year and the highly sensitive records of 145.5 million Americans and 700,000 Brits compromised.
By Swati Khandelwal
From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers.
S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages.
According to a security advisory published by SEC Consult earlier this week, a severe bug (CVE-2017-11776) in Microsoft Outlook email client causes S/MIME encrypted emails to be sent with their unencrypted versions attached.
When Outlook users make use of S/MIME to encrypt their messages and format their emails as plain text, the vulnerability allows the seemingly encrypted emails to be sent in both encrypted as well as human-readable clear text forms, the researchers explain.
By Pierluigi Paganini
October 11, 2017
The leading global professional services company Accenture exposed its business data in a public Amazon S3 bucket. Disconcerting!
Another Tech giant has fallen victim of an embarrassing data leak, this time the leading global professional services company Accenture exposed its business data in a public Amazon S3 bucket.
The incident exposed internal Accenture private keys, secret API data, and other information, a gift for attackers that want to target the firm or its clients
The unsecured Amazon S3 bucket was discovered by researchers at UpGuard that privately reported to Accenture on Sept. 17. The company solved the problem in one day.
“The UpGuard Cyber Risk Team can now reveal that Accenture, one of the world’s largest corporate consulting and management firms, left at least four cloud-based storage servers unsecured and publicly downloadable, exposing secret API data, authentication credentials, certificates, decryption keys, customer information, and more data that could have been used to attack both Accenture and its clients.” states the report published by UpGuard.
Autor LEONARDO PEREIRA
Um engenheiro de software chamado Rob Heaton chamou atenção para a existência de uma brecha no WhatsApp pela qual é possível descobrir quando o usuário está dormindo e até com quem ele anda conversando.
Heaton tirou proveito de dois recursos polêmicos do aplicativo para teorizar sua preocupação: o que mostra a última vez em que você foi visto e o que mostra se você está online.
Com isso em mente, um hacker poderia construir uma extensão para Chrome que fica constantemente monitorando os contatos no WhatsApp para compilar informações. Individualmente, esses dados parecem inofensivos, mas a coisa toma outras proporções quando se olha para eles em massa.
Poderiam ser montados gráficos, por exemplo, que mostram a que momento o app deixou de ser usado todos os dias, o que revela a que horas a pessoa costuma dormir. Se o usuário tem sono irregular, seus dados se tornam valiosos para empresas que vendem medicamentos para dormir, o que transforma a brecha numa oportunidade de negócios, como destaca o The Next Web.
Além disso, uma pessoa desconfiada poderia descobrir se está sendo traída. Bastaria procurar alguma correlação entre os padrões de atividade das duas pessoas talvez envolvidas na traição; se ambas estiverem sempre ativas nos mesmos momentos, é possível que estejam se falando.
by Nick Hopkins
The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, the Guardian has been told.
Sources with knowledge of the hack say the incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken.
Deloitte said it believed the hack had only “impacted” six clients, and that it was confident it knew where the hackers had been. It said it believed the attack on its systems, which began a year ago, was now over.
However, sources who have spoken to the Guardian, on condition of anonymity, say the company red-flagged, and has been reviewing, a cache of emails and attachments that may have been compromised from a host of other entities.
The Guardian has established that a host of clients had material that was made vulnerable by the hack, including:
• The US departments of state, energy, homeland security and defence.
• The US Postal Service.
• The National Institutes of Health.
• “Fannie Mae” and “Freddie Mac”, the housing giants that fund and guarantee mortgages in the US.
Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.
Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.
The compromised documents include wartime contingency plans drawn up by the US and South Korea.
They also include reports to the allies’ senior commanders.
The South Korean defence ministry has so far refused to comment about the allegation.
Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.
Mr Rhee belongs to South Korea’s ruling party, and sits on its parliament’s defence committee. He said some 235 gigabytes of military documents had been stolen from the Defence Integrated Data Centre, and that 80% of them have yet to be identified.
The hack took place in September last year. In May, South Korea said a large amount of data had been stolen and that North Korea may have instigated the cyber attack – but gave no details of what was taken.
North Korea denied the claim.
South Korea’s Yonhap news agency reports that Seoul has been subject to a barrage of cyber attacks by its communist neighbour in recent years, with many targeting government websites and facilities.
The isolated state is believed to have specially-trained hackers based overseas, including in China.
The current and former employees want to be compensated for “upset and distress” caused by the incident, but Morrisons claims it is not liable.
However, the retail giant was awarded £170,000 in compensation for the leak at the time, while its staff got nothing, argued Jonathan Barnes, counsel for the 5518 employees.
“The judge was sure that the employees were victims too, and it is those victims who have received no compensation for their distress or loss of control of the situation,” he said, according to the BBC.
“We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information.”
Andrew Skelton was a senior internal auditor at the Morrisons head office in Bradford when he leaked the details of nearly 100,000 supermarket employees, a breach which is said to have cost the firm over £2m to mitigate.
The leaked data – which was posted online and sent to several newspapers in 2014 – included NI numbers, birth dates and bank account details.
These details would certainly be enough for internet scammers to attempt identity fraud or follow-on phishing attacks.
Skelton is serving eight years after being found guilty in 2015. The incident apparently stemmed from a grudge he harbored against his employer after he was cautioned for using the company’s mail room to sell legal highs on eBay.
October 8, 2017
Hackers published the student directory of an Iowa school district online after they threatened to “kill some kids” at local schools.
The trouble began on the evening of 2 October when parents living within the boundaries of Johnston Community School District received some troubling text messages from an unknown number. One chain of messages talked about the innocence of the recipient’s 4-year-old son and then urged them to not have anyone look outside. The message ended with an ominous warning: “I’m only getting started.”
Other messages were much more overtly violent in nature, with some threatening harm against local school kids.
Not surprisingly, many parents called the police. Local law enforcement received dozens of reports along those same lines that night. Not wanting to risk the safety of her students, Johnston Schools Superintendent Corey Lunn decided to close all schools the following day.
FBI recently arrested a psycho cyber stalker with the help of a popular VPN service and this case apparently exposed the company’s lies about the “no logs” policy.
Is your VPN also lying to you? Well, it’s the right time to think about this twice.
It’s no secret that most VPN services—which claim to shield your Internet traffic from prying eyes, assuring you to surf the web anonymously—are not as secure as they claim.
In this post-Snowden era, a majority of VPN providers promise that their service is anonymous, with no log policy, but honestly, there is no way you can verify this.