ESET research on Operation Windigo received an award at Virus Bulletin 2014. Our research on bootkits was also well received, and is now available publicly.
The post Bootkits, Windigo, and Virus Bulletin appeared first on We Live Security.
The creator of an app that secretly allows you to monitor another person’s smartphone usage without their knowledge has been arrested in Los Angeles, according to Slashgear.
The post StealthGenie CEO arrested for marketing ‘illegal stalking app’ appeared first on We Live Security.
With Apple, Google and other tech companies responding to users’ demands for privacy with further smartphone encryption options, not everyone is happy. FBI Director James Comey is “very concerned” about increased mobile OS encryption, according to TechSpot.
The post FBI Director “very concerned” with smartphone encryption appeared first on We Live Security.
An update on support scams: but are the scammers looking for fresh fields and posturings new?
The post Support Scams: Expect the Scammish Inquisition* appeared first on We Live Security.
Newly weds George Clooney and Amal Alamuddin supplied guests with "burner phones" to prevent photographs from falling into the hands of hackers and the tabloid press.
The post How George Clooney made sure phone hackers didn’t ruin his wedding appeared first on We Live Security.
This week, a serious software vulnerability, which rapidly became known as the ‘Bash Bug’ or ‘Shellshock’ dominated the headlines, as two other faked news stories showed that hoaxes can fool the world very easily these days.
The post Week in security: Bash Bug, BlackEnergy and hoax attacks appeared first on We Live Security.
The "Bash Bug" or "Shellshock" vulnerability means a wide range of devices, servers and computers, including Mac OS X, will need to be patched to prevent abuse by malicious persons. Here's advice about what to do and links to more in-depth resources.
The post What to do about Shellshock bash bug on Mac OS X, web servers, routers, and more appeared first on We Live Security.
The media have associated a number of destructive hoaxes with 4chan: people need some historical perspective on how the site actually works.
The post 4Chan: destructive hoaxes and the Internet of Not Things appeared first on We Live Security.
Medical information is now worth up to 10 times the price of credit card details on online black markets, due to weak healthcare security and a thriving black market in data to be used for medical fraud.
The post Healthcare data worth ten times price of credit card data appeared first on We Live Security.
Auction site eBay has remained defiant about ‘active’ listings ,containing computer code, despite multiple reports indicating that these are being used for phishing attacks.
The post eBay scams – site says ‘no plans’ to ban ‘active’ listings appeared first on We Live Security.
The hit shoot ‘em up Destiny has been targeted by a cybercriminal gang thought to be behind recent attacks on game companies including Sony and Blizzard, creators of World of Warcraft.
The post Destiny game servers under attack appeared first on We Live Security.
In what appears to be a misogynist attack directed at Harry Potter actress Emma Watson, a site has appeared supposedly offering a countdown until images of her are released online.
The post Emma Watson images – ‘countdown’ to leak after UN speech appeared first on We Live Security.
Facial recognition is booming, with the market expected to grow from $1.92 billion to $6.5 billion in 2018 - and invading markets such as dating, with Match.com integrating a service which finds users dates based on their exes.
The post Facial recognition – boom in sites such as dating services appeared first on We Live Security.
Home Depot says it was hacked to the tune of 56 million payment cards. What is behind the current wave of cybercrime? This recorded presentation offers answers and some defensive strategies for organizations at risk.
The post What’s behind the rise in cybercrime? Find out from this recorded presentation appeared first on We Live Security.
State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that's evolved into a sophisticated threat with a modular architecture.
The post Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland appeared first on We Live Security.
Home Depot staff repeatedly ignored the concerns of employees about the security of its systems, prior to the Home Depot data breach, now thought to be the largest in history.
The post Home Depot data breach – ‘warnings ignored since 2008’ appeared first on We Live Security.
Thousands of Facebook addicts are feverishly sharing a "news report" claiming that from November 1st you'll be paying $2.99 every month to access the site.
The post Facebook to start charging $2.99/month? It’s nonsense! appeared first on We Live Security.
Updated information on ESET presentations at Virus Bulletin 2014.
The post Virus Bulletin presentations update appeared first on We Live Security.
Home Depot has issued a statement today that provides more details about their recent breach, as well as indicating that the malware used by the attackers has now been removed from their systems. This breach appears to be even larger than Target’s, as it exposed payment information for 56 million customers in their US and Canada locations.
The post How to protect yourself after the Home Depot breach appeared first on We Live Security.
This week is National Health IT Week, and you may be wondering – what is the best way to observe this occasion? While planning for catastrophe may not seem the most celebratory activity, this week is a great occasion to start or review your organization’s risk assessment.
The post National Health IT Week – tips for starting Risk Assessment appeared first on We Live Security.
A poll has found that more than half (61%) of Americans want a ‘right to be forgotten’ from search engines such as Google, as the European Union passed into law earlier on the law.
The post Right to be forgotten – why do Americans want it? appeared first on We Live Security.
This week offered a lesson in how cybercriminals follow the news, and time their attacks to dupe the unwary - with several different attacks aimed at iPhone fans, in the week where Apple unveiled its iPhone 6.
The post Week in security: Free iPhone scams target eager fans appeared first on We Live Security.
This Thursday, September 18, is the biggest day in Scottish political history, as the country votes on whether it should become independent from the United Kingdom - but an ESET security expert has warned cybercriminals could strike.
The post Scottish independence poll – warning over phishing scams appeared first on We Live Security.
The dangers of clicking on links in eBay scam postings were highlighted after a fake posting advertising iPhones linked to a phishing site designed to steal usernames and passwords for the site.
The post eBay scam: site ‘slow to react’ after iPhone phishing attack appeared first on We Live Security.
With iOS 8, you can - for the first time - switch your Safari browser's search engine to alternatives such as DuckDuckGo. Find out why you might want to and, in fairness, why you might NOT want to...
The post How to change Safari’s default search engine in iOS 8 for greater privacy appeared first on We Live Security.
Now more than ever, its important to make sure your social media accounts are safe and secure. Here are our 6 top tips to make your social media accounts almost unhackable.
The post How to make your social media accounts (almost) unhackable appeared first on We Live Security.
Facebook scams tend to crop up in the run-up to a big Apple launch with around the same regularity as big Apple launches themselves. This week’s iPhone 6 launch is no exception, with Help Net Security noting that a Facebook page ‘offering’ free iPhone 6 units is, as usual, a total fraud.
This time, the scam promises a free iPhone 6 as soon as “three easy steps” are completed, which, as usual, involve a survey, which allows you to download a “participation application.”
When a victim completes the free iPhone 6 survey, all their friends are spammed with the fake promotion, Hoax Slayer reveals, but the three “easy” steps are anything but.
Each time someone completes a survey, the page claims there is an error, and they are directed to a further survey, according to Help Net. As always, the “free iPhone 6” never materializes.
“Some of the available surveys want you to provide your mobile phone number, ostensibly to go in the draw for extra prizes or offers. But, by submitting your number, you will actually be subscribing to a very expensive text messaging ‘service’ that will charge you several dollars every time they send you a message,” Hoax Slayer says.
“Alternatively, you may be asked to provide your name, address, and phone details, again, to supposedly enter you into a prize draw. But, fine print on the page will state that your details will be shared with third-party marketers. Thus, after submitting your details, you will likely be inundated with annoying phone calls, emails, and junk mail.”
“Meanwhile, the scammer who created the fake promotion will earn a commission. But, no matter how many surveys you complete, you will still not get to download your ‘application’.”
The site cautions against clicking on any link this week which offers a free iPhone 6, as this sort of big product launch is a prime target for cybercriminals, and any link is potentially suspect.
Mark James, ESET security specialist, says, “We all like the idea of something for free, that’s the approach these type of scams use. Deep down we know it’s not going to happen, but a lot of people will still click the like button or share that simple post in the hope it’s going to arrive.”
“We have seen these types of scams for years but they are still as effective today as they were when started, once we like or share the page we do all the marketing and advertising for the scammers thus providing a very valuable and potential dangerous page to initiate future scams or attacks.”
“I still encourage people to use the “front door” policy, i.e treat it like your front door: ‘When was the last time someone banged on your front door to offer you an iPhone 5 or 6 just for filling out a survey or a £10/£50 supermarket voucher for free?’ It just does not happen.”
The post Free iPhone 6 Facebook scam does the rounds, right on time appeared first on We Live Security.
Gamers have reported losing millions of dollars to hackers running customized software which allows them to steal weapons, loot money, and even make people blow up in their own apartments, according to prominent Grand Theft Auto V YouTube reporter DomIsLive, who devoted an issue of his daily show to GTA V hacks this month.
Yahoo News reports that multiple players have been affected by glitches in online games, described variously as “unfairly modded”, ie using in-game tools, or simply as “hacked”.
DomIsLive, who has nearly half a million subscribers on YouTube, says that several of his subscribers reported losing “millions” in online games which had seemingly been hacked.
On Rockstar’s forums, various gamers complain about having lost large sums of in-game currency to similar GTA V hacks. DomIsLive claims to have seen multiple threads on the forums relating to the same or similar hacks.
ESET Distinguished Researcher Aryeh Goretsky looks in detail at the blurred lines between cheating and crime in an extended blog post on We Live Security, saying, “Computer gaming is a huge and a wildly successful market, and as in any system that works at scale, there are going to be so-called businessmen or entrepreneurs who “seek to optimize their return on investment through whatever means possible” or, to put it more succinctly, criminals who abuse the ecosystem.”
It appears GTA V’s online game system is not exempt.
In one screenshot posted on DomisLive’s channel, a gamer complains, “Dear Rockstar, I have just been robbed of my weapons by an unfair modder. He stole my weapons, causing me to pay around 1,000,000 and I earned it fair and square, and I wondered if I could get my money back because I’m extremely frustrated.”
A Rockstar games representative replies, saying that the team will investigate, but warning that, “Rockstar will definitely look into this, however they may not be able to reimburse you with weapons and/or GTA dollars.”
It’s unclear whether one specific GTA V hack is responsible, or a multitude of methods. DomisLive advises his subscribers, “Losing their money in public sessions, I advise you to stay out of public sessions and stick to private sessions with this friend. If you see something strange happening, and if you see someone dropping their money, leave that lobby now.”
Responses from his subscribers seem to indicate that the problem is worse on Xbox 360 than on PlayStation 3. One poster says, “On Xbox it seems like every 20 sessions you join, you find one [a hacker]. On the PS3 I haven’t found that many, and from what people have told me, it’s because there aren’t that many.”
The post GTA V hacks warning as gamers ‘lose millions’ in online games appeared first on We Live Security.
Business continuity is a term that can sound strange the first time you hear it; after all, you probably have every intention of being in business for the long haul. Right now you may be preparing the 2015 sales forecast and budget, with hopes for a great year ahead. But in your planning, have you thought about how your business would handle the bad things that can happen, from a computer virus outbreak to a biological virus outbreak, and all the other perils in-between, like fires, floods, tornadoes, hurricanes, earthquakes, and tsunamis?
Putting a plan in place to survive such “adverse events” is the goal of business continuity management or BCM, and it could well be the key to securing your digital future. Here is a 50 minute webinar that I recorded on this topic earlier this year. If you want to get a handle on planning for the future of your business, take a listen:
The post Is your business prepared to continue? Watch now and get started with BCM appeared first on We Live Security.
Pirating ebooks is not just bad for the publishing industry: free ebooks available online can also be used to hack into Amazon accounts via the retail giant’s ‘Manage Your Kindle’ page, used to deliver ebook files to Kindle Readers, according to researcher Benjamin Daniel Mussler.
Mussler writes that simply changing the title of the free ebooks allows attackers to execute code when a victim opens the ‘Kindle Library’ page in a web browser, The Digital Reader reports
“As a result, Amazon account cookies can be accessed by and transferred to the attacker and the victim’s Amazon account can be compromised,” Mussler writes.
Engadget reports that Mussler discovered the security issue last October, and the company rapidly patched it. It was reintroduced, however, when the company launched a new version of the “Manage Your Kindle” web page.
Mussler writes that the threat affects, “Everyone who uses Amazon’s Kindle Library,” but stresses that the flaw affects those who pirate free ebooks in particular.
The attack takes place, he writes, “Once an attacker manages to have an e-book (file, document, …) with a title like <script src=”http://ift.tt/1ybSAxg; added to the victim’s library.”
Mussler says, “Users most likely to fall victim to this vulnerability are those who obtain e-books from untrustworthy sources (read: pirated e-books) and then use Amazon’s “Send to Kindle” service to have them delivered to their Kindle. From the supplier’s point of view, vulnerabilities like this present an opportunity to gain access to active Amazon accounts.”
The reappearance of the flaw was highlighted by the German ebook blog Alles Book. The site also produced a proof-of-concept ebook download to demonstrate that it worked. As of the time of writing, the flaw is still active, Mussler reports.
Mussler says, “Amazon chose not to respond to my subsequent email detailing the issue, and two months later, the vulnerability remains unfixed.”
The post Free ebooks warning: Pirates ‘can hack into Amazon accounts’ appeared first on We Live Security.
If you’ve been messing around with technology for a while, you may remember the good old days of acoustic couplers, ZModem, and Bulletin Board Systems (BBSes).
These were the days before the worldwide web had taken off, when even the slowest broadband speeds would have been sheer fantasy.
And because getting an online connection was slow and sometimes flakey, it wasn’t at all uncommon for techies to compress their programs and downloadable files into tight little packages, to make the download as painless as possible for users. The most famous compression tool of all was PKZip, created by the late Phil Katz, and versions of the .ZIP file format are still widely used today in some circles.
But there were other data compression tools which competed for .ZIP’s crown, each with their own loyal bands of followers. And one of the most famous was .ARJ.
And, to be honest, ARJ was pretty cool.
So you can imagine my delight when I discovered today that .ARJ wasn’t entirely forgotten and consigned to the dusty annals of history. Instead, it is still being used – albeit by malware authors…
Here is an example of a typical malicious email, spammed out by online criminals:
Subject: Overdue invoice #14588516
Attached file: invc_2014-09-15_7689099765.arjMorning,
I was hoping to hear from you by now. May I have payment on invoice #45322407834 today please, or would you like a further extension?
Best regards,
Mauro Reddin
Of course, the social engineering might have been a little better thought out. For instance, the invoice numbers quoted in the email don’t match each other.
But it’s easy to imagine how many users might be alarmed to hear that it is being suggested that they are being accused of a late payment, and would click on the attached .ARJ file without thinking of the possible consequences.
At that point the .ARJ file will decompress, spilling out its contents.
As Conrad Longmoore explains on the Dynamoo blog, inside the .ARJ archive file is an executable program – designed to infect your Windows computer.
Before you know it, your Windows PC could have been hijacked by a hacker and recruited into a botnet. Whereupon the remote attacker could command it to send spam on their behalf, launch denial-of-service attacks or steal your personal information.
That’s why you should always be wary of opening unsolicited files sent to you out of the blue via email.
The good news for users of ESET anti-virus products is that it is detected as a variant of Win32/Injector.BLWX. But if you are using a different vendor’s security product you may wish to double-check that it has been updated to protect against the threat.
The post Beware overdue invoice malware attack, wrapped in an .ARJ file! appeared first on We Live Security.
When Malaysia Airlines Flight 17 (MH17) was shot down in Ukrainian airspace in July of this year, the world was understandably shocked.
The news of an civilian passenger flight from Amsterdam to Kuala Lumpur being possibly downed by a surface-to-air missile was horrifying enough, but coming just months after the loss of another Malaysian Airlines flight (MH370) in mysterious circumstances made the headlines seemed even harder to believe.
As we have previously documented on We Live Security, the earlier lost aircraft has been the subject of various scams including a fraudulent message that spread on Facebook claiming it had been found, a fake video of the supposed rescue of its passengers, as well as claims that hackers had stolen secret classified documents held by Malaysian government officials.
Now it appears, the cold-hearted scammers are exploiting the tragic events that befell MH17 over Ukraine too.
Part of the spammed out message reads as follows:
I am a German Solicitor resident in Germany. I was the personal Attorney to Mr.Foo Ming Lee, a national of Malaysia who used to work with a contruction company here in Germany.
Mr.Foo Ming Lee 52 years old made a fixed deposit of funds valued at Nineteen Million Euros with a Bank here in Europe and unfortunately lost his life in the
Malaysia Airlines Flight MH 17 from Amsterdam to Kuala Lumpur that was shot down by pro-Russian separatists on 17 July 2014, killing all 283 passengers and 15 crew on board as you can see on the following link: http://ift.tt/1jCbA1lTo the best of my knowledge as his personal attorney, Mr.Foo Ming Lee has no living beneficiary or next of kin therefore, I want you to reply me immediately after reading this email so that, I can prepare the necessary legal documents and present you to the bank as the only surviving relative to Mr.Foo Ming Lee and instruct the bank to wire the deposit funds Nineteen Million Euros into your provided account.
Yes, it’s “yet another 419 scam”.
Also commonly known as “Letters from Nigeria” or “Advanced Fee Fraud”, the scams typically involve the promise of a vast fortune – but sooner or later (once you have begun to be sucked in and lost all wariness) you will be told that you need to advance an amount of money for logistical reasons, or share sensitive information such as your passport or banking details.
You might not fool for a scam like this, but unfortunately there are plenty of vulnerable people out there who do. And it only requires one person to fool for the scam for it to be worthwhile to the fraudsters, who have typically spammed it out to thousands.
But what makes this scam particularly sick is that it uses the name of a genuine victim of the MH17 tragedy.
As media reports confirm, Foo Ming Lee, who lived in Geneva and was a sales and marketing chief for a Japanese tobacco company, was indeed a passenger on MH17 and was amongst the 43 Malaysians who perished in the downing of MH17 over Ukraine.
It’s clear that whoever is behind this scam has scooped up the name of a victim from media reports, and exploited it in an attempt to defraud the unwary.
After all, anyone who was dubious about the unsolicited message might Google some of the details in an attempt to confirm if any elements of it could be confirmed to be true or not.
Yes, the plane crash happened on the date the scam claims, and Mr Foo Ming Lee was amongst the victims.
What is not true, however, is the claim that he had no next of kin. Another news report confirms that his widow, son and daughter laid his ashes to rest at Nirwana Memorial Park on August 24th.
If scammers had any conscience, they wouldn’t compound the misery of those who have been left bereaved and heartbroken by using the names of victims and details of horrendous accidents and tragedies in their money-making plots.
But the sad truth is that the scammers and fraudsters don’t have any conscience, and are prepared to do anything if it might net them a rich reward.
Hat-tip: Thanks to ESET researcher Pierre-Marc Bureau for bringing this scam to my attention.
The post MH17 plane crash victims exploited by cold-hearted scammers appeared first on We Live Security.
Bitcoin creator ‘Satoshi Nakamoto’ – a pseudonym – could be about to have his identity made public, after a series of odd emails from the address that has been his only point of contact with the world after he ‘went dark’ in 2011, according to a report in Forbes.
Someone claiming to be a hacker has access to “satoshin@gmx.com”, and has posted a threat to Pastebin, saying that he would “de-anonymize” the mysterious Bitcoin creator for a ransom of 25 Bitcoins.
The threat says, “Releasing the so called “gods” dox if my address hits 25 BTC.And no, this is not a scam.” A series of mysterious emails from the Bitcoin creator’s supposed address, reported by Vice.com, have done little to clear up the mystery.
A test email from We Live Security found that the address is now delivering a “mailbox unavailable” error message.
One colleague received a threat to “hitman” him from the account, which Forbes reports drily as not being in the “usual style” of the cryptocurrency founder.
The identity of ‘Satoshi Nakamoto’ who handed over control of the site to a developer nearly four years ago, has been hot property since Newseek incorrectly identified a man, Dorian Nakamoto, as beeing the mysterious developer of the cryptocurrency.
Forbes reports that the email address has lain dormant since 2011, since ‘Nakamoto’ ceased corresponding with people via the address. The magazine speculates that the GMX.com addresss may have fallen dormant through disuse, and been opened up to another user, as GMX’s terms of service specify that accounts can be “terminated” after that time.
Things got yet more mysterious when two separate people appeared to correspond with Motherboard at Vice from the same address. One sent a screenshot showing an Inbox with 11,000 emails.
The site writes, “Motherboard was able to communicate with two individuals who have access to Nakamoto’s old email address. The first said he was only browsing Nakamoto’s for fun. The second not only claimed to be the real hacker of the account, but also said the first person we spoke with was Nakamoto himself.”
The series of emails, chronicled by Vice, become increasingly cryptic as the supposed hacker denies he is associated with the Pastebin post.
One of the concluding emails thickens the plot still further. Asked if he is sure that the other individual with access is definitely Satoshi, the hacker replies, “Satoshi is smart and will have tried to put the people looking for him on the wrong path. This is why I can’t be sure.”
The post Bitcoin creator – could he be ‘outed’ after email ransom? appeared first on We Live Security.
Nearly a billion users of a dozen chat apps for Android including popular apps such as Instagram, Oovoo, OKCupid and Grindr could be at risk from eavesdroppers and snoopers after University of New Haven researchers found serious data leakage problems.
With many of the most popular chat apps on Android affected, tech news site CNET calculates that nearly a billion (968 million) users could be putting highly private data in the hands of apps that transmit and store it unencrypted.
Many of the Android apps (the researchers focused on Android rather than iOS, although there is no evidence the iOS apps behave differently), send text wirelessly unencrypted, and store images on servers for weeks without encryption or authentication.
According to CNET’s report, the following apps sent text, images, location maps and video unencrypted – Instagram, OKCupid, OoVoo, Tango, Kik, Nimbuzz, MeetMe, MessageMe, TextMe, Grindr, HeyWire, Hike and TextPlus.
The site notes that not every app sent every form of media unencrypted, but said that all sent at least some forms, from pictures to text in unencrypted forms.
Others stored media such as images on servers unencrypted and without any form of authentication “for weeks”.
The researchers used PC ‘sniffer’ software such as Wireshark and Network Miner to monitor the data transmitted by the apps, and found images and text transmitted and stored unencrypted – and potentially at risk from snoopers.
In the series of YouTube videos, one researcher says, “We recorded network traffic in Wireshark, to see if files remained on the server. For Instagram, we found an image stored in their servers, unencrypted and without authentication.”
“Next, we opened up Oovoo and sent the keyword “Sparklehorse,” and it was picked up in Network Miner. Next we had Oovoo send an image. It was also picked up in Network Miner.”
CNET reports that few of the apps had replied to requests for further information, but that Grindr had said, “We monitor and review all reports of security issues regularly. As such, we continue to evaluate and make ongoing changes as necessary to protect our users.”
The post Chat apps leak: Billion app users from OKCupid to Grindr at risk appeared first on We Live Security.
The world’s largest home improvement chain store, Home Depot, yesterday confirmed a data breach affecting Home Depot credit cards and debit cards used in stores on the American mainland, which may have continued since April.
Reports by security reporter Brian Krebs and others have said that the malware used in the attack was the same used in the Target breach, and that large-scale fraud is being perpetrated with stolen debit cards, with $300,000 withdrawn from one bank in under two hours, using what appeared to be debit card numbers used in Home Depot.
In an official release, the company said that anyone who used a payment card at a Home Depot store since April 2014 may have been affected, and the chain is to offer free identity protection and credit monitoring to customers who used Home Depot credit cards or debit card in-store. Customers who shopped online or in Mexico have not been affected, the chain said in an official release.
Veteran security reporter Brian Krebs said that the news had been accompanied by a spike in debit card fraud, after a vast haul of Home Depot credit card and debit card numbers were sold on an underground forum last week.
Krebs said, “multiple financial institutions contacted by this publication are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts. Those same crooks also are taking advantage of weak authentication methods in the automated phone systems that many banks use to allow customers to reset the PINs on their cards.”
Home Depot said that there was no evidence PIN numbers had been compromised during the breach, and that, “Home Depot’s investigation is focused on April forward, and the company has taken aggressive steps to address the malware.”
Technology site GigaOm reports that the malware involved in the breach has been reported as being BlackPOS, the same used in the Target breach earlier this year.
“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said Frank Blake, chairman and CEO.
“We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
GigaOm reports that the chain is to roll out EMV chip-and-PIN technology by the end of the year, offering a secure chip rather than a magnetic stripe which is more easily copied by malware such as BlackPOS.
Krebs said that the current glut of fraud relies on working out a customer’s ZIP code using criminal services which sell such information, starting from the ZIP code of the Home Depot they shopped at.
Krebs writes, “Countless banks in the United States let customers change their PINs with a simple telephone call, using an automated call-in system known as a Voice Response Unit (VRU). A large number of these VRU systems allow the caller to change their PIN provided they pass three out of five security checks. One is that the system checks to see if the call is coming from a phone number on file for that customer. It also requests the following four pieces of information:the 3-digit code (known as a card verification value or CVV/CV2) printed on the back of the debit card; the card’s expiration date; the customer’s date of birth; the last four digits of the customer’s Social Security number.”
Krebs said that this authentication process was weak enough that one large bank told him that a single West Coast bank had lost $300,000 in less than two hours due to debit and credit card fraud perpetrated with cards stolen in the breach.
ESET researcher Lysa Myers says, “Malware attacks on Point of Sale (PoS) systems are coming thick and fast right now.”
The post Home Depot credit cards: chain confirms breach, fraud spikes appeared first on We Live Security.
A new Harris survey found that almost all Americans care about online privacy, and 71% said that they ‘care deeply’ about it. The survey found that the service that worries Americans most regarding their privacy is Facebook with 66% of Americans concerned over it, a full 10 percentage points ahead of email (56%) and worries over private browsing (52%).
Worryingly, Americans also voiced concerns about activities governed not by the rules of the open internet, but by employment contracts, such as using social media while at work (16%), and looking up new jobs while at work (9%), according to Help Net Security.
Other technology platforms which worried the adults under survey were search engines (45%) and social photo-sharing apps such as Instagram (35%).
The activities which worried the surveyed adults most were online banking (71%), online shopping (57%), looking up photos of themselves (27%) and browsing pornography according to Business Insider.
Most of the adults surveyed felt that they should have full rights over their own information online, with 93% believing they should have control over at least some of their private browsing information – and 12% specifying “naked selfies” as an area they would wish to have more control over.
The survey was conducted by WordPress hosting service WP Engine, and found that most web users were concerned about desktop private browsing impacting their privacy.
Mobile apps worried only 30% of those under survey, with online dating apps mentioned by 27% of those surveyed, and instant messaging apps such as WhatsApp mentioned by 23%.
This is despite serious security concerns raised over messaging services such as WhatsApp, recorded by ESET security evangelist Aryeh Goretsky in a detailed blog post. “Security and privacy have gotten off to a slow start in WhatsApp,” Goretsky says.
Overall, it was clear that online banking and financial details posed the biggest worries for American web browsers, with a clear majority concerned over the safety of their data.
“With so much personal detail accessible by each other online, it’s more important than ever to be talking about what information is truly respected as private,” said Heather Brunner, CEO of WP Engine.
“99% of Americans say they care about online privacy, so it’s understandably concerning when you consider the sensitivity around some of their data being shared, from bank records to relationship status, in some cases across public platforms.”
The post Private browsing – Americans ‘care deeply’ about privacy appeared first on We Live Security.
Google Chrome will now recommend pronounceable but strong password choices, according to developer and Chrome “happiness evangelist” Francois Beaufort, who announced the new version of Chrome’s built-in password generator via his Google+ page.
But the security-conscious need not be too concerned – by ‘pronounceable’, the search giant does not exactly mean, “Password1”.
Instead, the example given of a strong password which is also pronounceable is “masOotitaiv6”, which may be MORE pronounceable than the average password generated via an algorithm, but remains fairly secure, and not too easy to say out loud.
The Register reports that the new feature is currently being tested in an early developer version of the Chrome browser.
“Give it a try and go to any “sign up” page. As soon as you focus the password field, a nice overlay will suggest you a strong and pronounceable password that will be saved in your chrome passwords,” Beaufort said.
Beautfort continues to say that: “Chromium uses a C library that provides an implementation of FIPS 181 Automated Password Generator.” FIPS 181 is a standard random password generator, used widely on websites, and designed by the NIST (National Institute of Standards and Technology.
The new strong password feature is available to some users running the Canary early “test” version of Chrome, Beaufort says.
As well as pronounceability, the new feature automates the process of auto-generating and saving passwords within Chrome more heavily.
The Register comments, “The update is Google’s latest encroachment into the territory of online password management dominated by LastPass and 1Password, who could well feel threatened as Chrome builds in functionality they once offered as third-party value adds.”
A We Live Security guide to generating strong password can be found here, while veteran security writer and researcher Graham Cluley offers some thoughts on the worst pitfalls awaiting those who ignore password advice here.
The post Strong password – Chrome now offers ‘pronounceable’ choices appeared first on We Live Security.
Scareware is a strategy that Cybercriminals use to trick users into buying and downloading unnecessary and potentially dangerous software. Listen to our top tips to identify whether a threat is real or not.
The post Scareware: How to tell if a threat isn’t real appeared first on We Live Security.
Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ document. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page.
While tracking this new threat, ESET researchers found the malicious gang is targeting new victims. Internet users from the United Kingdom should be aware that fake Royal Mail package-tracking pages are online and distributing TorrentLocker.
The scheme is the same: you type a captcha then click to download a zip file containing the executable payload. It is interesting to note that the fake Royal Mail page will only show if the visitor is from the UK. Filtering seems to be based on the IP address of the request. If the request does not come from a UK IP address, the victim will be redirected to google.com. Three new domains are hosting the fake Royal Mail page:
As you can see, registration date for these domains is September 2nd so this campaign started very recently.
Once installed, victims’ documents are encrypted and they are being asked for a ransom of 350 GBP if paid within 72 hours or 700 GPB otherwise. Payment is done via Bitcoin transaction (1.19 BTC or 2.38 BTC). To hide their infrastructure, the web server is hosted on a .onion host on the Tor network.
To make it is easy for victims to access the web page, TorrentLocker is giving links to Tor2Web nodes so they don’t have to install additional software to reach the .onion website. Interestingly, door2tor.org, the domain name of one of the suggested Tor2Web node, was registered only 2 weeks ago. Perhaps its purpose is only to allow TorrrentLocker’s victims to contact the server selling the decryption software.
This threat caries the TorrentLocker name because it use the “Bit Torrent Application” Windows registry key to store its settings. It is unrelated to the BitTorrent protocol.
As discovered by iSIGHT Partners, the Australian variant they analyzed asked for Bitcoins to be sent to 15aBFwoT5epvRK69Zyq7Z7HMPS7kvBN8Fg. In our case, the Bitcoin address changed to 13qm2ezhWSHWzMsGcxtKDhKNnchfP5Sp3X. If you look at the transactions on both wallets, the Bitcoins are then transferred to 17gH1u6VJwhVD9cWR59jfeinLMzag2GZ43.
Since March 2014, this Bitcoin wallet has transferred over 82 272 BTC. With 1 BTC currently valued at US$480, the total transactions are roughly equal to 40 millions US$. This wallet has been associated with other scams in the past, including wallet stealing and selling fake mining hardware. We do not know if this account is owner by the TorrentLocker gang or it is some kind of exchange service used by different groups.
ESET products detect this threat as Win32/Filecoder.NCC or Win32/Injector.
The post TorrentLocker now targets UK with Royal Mail phishing appeared first on We Live Security.
Let’s be honest. LinkedIn doesn’t have the most spotless record when it comes to security and privacy.
In the past, LinkedIn has been hacked (Who can forget when 6.5 million stolen LinkedIn passwords were found on a Russian web server?)
Or maybe you recall hearing about how LinkedIn was scooping up the contents of iOS calendars, including sensitive information such as confidential meeting notes and call-in numbers, and transmitting them unencrypted in plaintext.
Or how about the time that LinkedIn controversially introduced (and then rapidly withdrew) a widget that meddled with the standard iOS Mail app, with the side effect of compromising the entire security of your email inbox, allowing LinkedIn to read every message you sent or received *outside* of the site?
I could go on, but you get the idea – and, anyway, I like to think that companies can learn. And, on this occasion, LinkedIn has done something that should be applauded.
In a blog post published yesterday, LinkedIn explained that it was introducing three new tools which go some way to boosting security, and granting members more control over their data.
First up, you can now check where (if anywhere) else you are currently logged into LinkedIn.
It’s all very well being logged into your LinkedIn account at home, but are you sure you logged off in the office? Alternatively, is it possible that a hacker has stolen your password and is currently messing around with your LinkedIn account on the other side of the world?
Now there’s an easy way to check.
Go to your settings and click on See where you are logged in to view a complete list of the devices that you are signed into the site.
In the above screenshot, you can see that I have nothing to fear. There’s only one computer currently logged into my LinkedIn account, and I feel fairly comfortable that that’s me.
But if there had been additional sessions displayed, I would have been able check what browser and operating system is being used in each case, and the approximate location of the activity. Then, if I chose, logging them out remotely is just a mouse click away.
And, of course, if the other sessions were at locations or on devices I didn’t recognise then that might be a good time to consider changing my password and enabling LinkedIn’s two-factor authentication.
Next up, LinkedIn is offering more information to users in its password change email notifications – telling them, for the first time, when and where an account’s password change occurred.
Finally, LinkedIn has taken a leaf out of Facebook and Google’s book and provided a way for users to easily export all of the data that the site stores about you, by requesting your data archive.
Once requested, it takes LinkedIn approximately 72 hours to collate the data that it holds on you, but never fear because you will be sent an email once the data is available for download.
None of these new features can really be considered rocket science, but it’s good to see LinkedIn introduce them and putting more power into the hands of its millions of users, who would feel pretty dreadful if their account was ever compromised.
It’s essential to keep your LinkedIn account out of the hands of fraudsters and internet criminals, precisely because it is the “business social network”.
In the past hackers have taken over accounts and posted poisoned links, and it’s easy to imagine the fraudulent behaviour that could take place if a worker’s colleagues and industry peers believed that it was John Doe communicating with them rather than a malicious attacker.
Of course, there’s no point to these tools if they aren’t actually used in the way that they’re designed.
Read LinkedIn’s blog, ensure that you’re familiar with these new features and the site’s two-factor authentication facility, and you will be better placed to protect both yourself and your fellow workers.
The post Now your LinkedIn account can be better protected than ever before appeared first on We Live Security.
