Hacker Samurai: April 2016

Saturday 30 April 2016

Isis New York hit list: Hackers post details of 3,600 residents online

A group of hackers linked to the Islamic State have released a hit list of thousands of New York residents and have urged the militant group’s followers to target them.

The target list was reportedly posted with an announcement saying “We want them #Dead” on encrypted messaging app Telegram.

NBC New York has reported that the list includes the names, addresses and email ids of about 3,600 New Yorkers, some of whom are US State Department and Department of Homeland Security employees. However most of the people in list are ordinary citizens.

Out of those details, some appear to be outdated, a source who was not authorized to discuss the investigation publicly told Reuters.

It is reported that the list was posted for a very short span of time. The Federal agents and New York City police have already started contacting the individuals mentioned in the list to inform them about the posting, although they believe that this was only to scare people and there is no immediate threat. For the full article click here

from hacker samurai http://ift.tt/1QHuzB7
via IFTTT

Hackers will be unstoppable by 2020

What if, in 2020, wearable devices did not care about how many steps you took, and instead were concerned with your real-time emotional state?

With networked devices tracking hormone levels, heart rates, facial expressions, voice tone and more, the Internet could become a vast system of “emotion readers,” touching the most intimate aspects of human psychology.

What if these technologies allowed people’s underlying mental, emotional and physical states to be tracked – and manipulated?

Whether for blackmail, “revenge porn” or other motives, cybercriminals and hostile governments in this world would find new ways to exploit data about emotion. The terms of cybersecurity would be redefined, as it became more important for people to manage and protect how their emotions and mindsets appeared to the monitors.

This is just one of several potential future cybersecurity scenarios dreamed up by a group of multidisciplinary experts recently. Here at the Center for Long-Term Cybersecurity, we asked them to think about what we could see happening in the near future of 2020. For the full article click here

from hacker samurai http://ift.tt/24cLLvg
via IFTTT

FBI to personally visit 3,000 victims of ISIS hackers who leaked New York names and addresses

The FBI and NYPD will personally visit 3,000 New York residents that ISIS hackers placed on a hit list.

Police have been making attempts to contact the individuals to inform them of the threat by Caliphate Cyber Army after the organisation leaked people’s names, home and email addresses online.

The terror group then encouraged other hackers to target them.

Intelligence experts believe 3,600 names were hacked in Syria, with some compiled from university and alumni related websites.

The list reportedly also targeted government employees within the state department and security.

The personal information of the New Yorkers was posted briefly on a channel accessible only by Islamic State on Thursday alongside the statement:“We Want them #Dead,” according to WNBC. For the full article click here

from hacker samurai http://ift.tt/1QHuzB1
via IFTTT

Salted Hash Rehashed: The weekly news recap for April 30, 2016

SWIFT attacks, Ransomware, Daesh hackers, and Doxing are just some of the topics in this week’s report covering news and items of note for the week of April 30, 2016.

Today marks the first post for Salted Hash Rehashed, a weekend recap of the week’s news and other items of note in the security world. Clips listed here will include items posted on Salted Hash, CSO Online, or any other website where something interesting turned up. For the full article click here

from hacker samurai http://ift.tt/24cLMiX
via IFTTT

Hackers beware: UCF students are champs in cyber defense

ORLANDO, Fla. — Hackers beware. University of Central Florida computer students have got your number.

A team of UCF computer science students won a nationwide cyber defense competition for a third year in a row.

UCF’s Collegiate Cyber Defense Club last week won the 2016 National Collegiate Cyber Defense Competition in San Antonio.

During the three-day competition, students managed a computer network as the fended off cyber-attacks modeled on real-world scenarios. For the full article click here

from hacker samurai http://ift.tt/1rpFCKP
via IFTTT

Isis New York hit list: Hackers post details of 3,600 residents online | hacker samurai

from Hacker Samurai http://ift.tt/1QHuzB7
via IFTTT

Hackers will be unstoppable by 2020 | hacker samurai

from Hacker Samurai http://ift.tt/24cLLvg
via IFTTT

FBI to personally visit 3,000 victims of ISIS hackers who leaked New York names and addresses |...

from Hacker Samurai http://ift.tt/1QHuzB1
via IFTTT

Salted Hash Rehashed: The weekly news recap for April 30, 2016 | hacker samurai

from Hacker Samurai http://ift.tt/24cLMiX
via IFTTT

Hackers beware: UCF students are champs in cyber defense | hacker samurai

from Hacker Samurai http://ift.tt/1rpFCKP
via IFTTT

Friday 29 April 2016

Pro-ISIS Hacking Groups Form United Cyber Caliphate

As ISIS-inspired cyber-attacks continue to be of high concern, the United Cyber Caliphate has now formed, composed of previously disparate pro-ISIS hacking collectives.

According to a Flashpoint analysis [PDF], for the vast majority of its existence, the pro-ISIS hacking landscape was composed of at least five distinct groups that launched campaigns in support of the terror group. Evidence indicated that these collectives overlapped or coordinated with one another in certain campaigns, pooling their resources and manpower. This confluence culminated in the 4 April announcement of the new group.

This unification of multiple pro-ISIS cyber groups under one umbrella shows a higher interest and willingness amongst ISIS supporters in coordinating and elevating cyber-attacks against governments and companies. It’s a big departure from the previous norm, the firm noted, even though these hacking groups still operate unofficially and remain poorly organized and are likely underfunded.

“Given prior attacks that compromised the CENTCOM and Newsweek Twitter accounts, new concerns regarding ISIS’s cyber-capabilities have clearly emerged,” said Laith Alkhouri, director of research and analysis for the Middle East and North Africa and a co-founder at Flashpoint. “Until recently, our analysis of the group’s overall capabilities indicated that they were neither advanced nor did they demonstrate sophisticated targeting.” For the full article click here

from hacker samurai http://ift.tt/1r1wWK8
via IFTTT

Canadian Mining Firm Goldcorp Sees Huge Trove of Data Dumped Online by Hackers

Goldcorp, a leading gold producer based in Canada, acknowledged this week a data breach incident at the hands of unknown hackers, confirmed by DataBreaches.Net admin Dissent Doe for The Daily Dot.

Goldcorp Inc., is one of Canada’s biggest mining corporations, with mining sites all over the Americas, from Canada to the US, and from Mexico to the Dominican Republic.

Hackers stole 14.8 GB of company data

Hackers breached Goldcorp’s servers and siphoned off a large number of files, which they later uploaded online and announced the hack via a paste site. No other details about their hacking methods, the date of the server breach, or their identity were revealed.

The data dump includes files containing sensitive employee information, but also internal documents such as emails and reports that offered insight into the company’s activities.

According to the hacker’s statements and the content of the files, the following data has been confirmed as being present inside the data dump: T4 and W2 forms, payroll information, contracts with other companies, bank accounts, wire transfers, marketable securities, budget documents from 2012 – 2016, and treasury reports. For the full article click here

from hacker samurai http://ift.tt/1rEvMoA
via IFTTT

Pro-ISIS Hacking Groups Form United Cyber Caliphate | hacker samurai

from Hacker Samurai http://ift.tt/1r1wWK8
via IFTTT

Canadian Mining Firm Goldcorp Sees Huge Trove of Data Dumped Online by Hackers | hacker samurai

from Hacker Samurai http://ift.tt/1rEvMoA
via IFTTT

Hackers take counterfeit drugs scheme to universities and colleges | hacker samurai

from Hacker Samurai http://ift.tt/1SOMudC
via IFTTT

Hackers take counterfeit drugs scheme to universities and colleges

NEW YORK – Right now drug dealers are invading colleges and universities throughout the country and you’d never even know it. They’re selling millions of counterfeit drugs, but they never set foot on campus.

Instead they’re using hackers to hijack websites.

“It’s more than just selling counterfeit goods,” said Damon McCoy, a computer scientist and assistant professor at NYU’s Tandon School of Engineering. “There’s a lot of collateral damage being done in the marketing.”

For years he’s been trying to track counterfeit pharmaceuticals from your spam folder to your search engine. Time and time again he found hackers targeting higher education to push their counterfeit pills.

“Google gives a bump in the search rankings to university websites, so university websites are particularly valuable to the spammers,” McCoy said. For the full article click here

from hacker samurai http://ift.tt/1SOMudC
via IFTTT

Gumtree users have email addresses and phone numbers stolen by hackers and are warned they could...

from Hacker Samurai http://ift.tt/1WuKB8s
via IFTTT

Phone hackers for hire: A peek into the discreet, lucrative business tapped by the FBI | hacker...

from Hacker Samurai http://ift.tt/1WuKxWh
via IFTTT

Gumtree users have email addresses and phone numbers stolen by hackers and are warned they could now be victims of identity theft

Gumtree users could be exposed to identity theft and phishing after personal details were exposed during a security breach last weekend.

Users were notified via email on Friday that names, email addresses and phone numbers were taken from the website.

Users have now been advised to be wary of any potential spam emails they may receive that try to coax them into providing personal details or bank details.

The attackers accessed your email address. Contact names and phone numbers, which are made publicly available on the site if provided, were also accessed,’ the email stated.

While the website used to buy and sell products, transactions are arranged directly between the two parties meaning financial details were not leaked.

Users do have access to one another names and numbers if they wish to supply them but they’re only accessible if you’re logged in. For the full article click here

from hacker samurai http://ift.tt/1WuKB8s
via IFTTT

Phone hackers for hire: A peek into the discreet, lucrative business tapped by the FBI

When the FBI paid someone to crack the San Bernardino shooter’s iPhone, it didn’t just deftly bypass Apple’s objections. It also made the public aware of the business side of hacking—a business that is apparently as lucrative as it is discreet. “The recent argument between Apple and the FBI over unlocking an iPhone has likely revealed to the public for the first time that companies who specialize in cracking mobile devices even exist,” said Bill Anderson, chief product officer at OptioLabs, a mobile-security developer.

Everything we learn about the FBI’s hackers makes the situation more intriguing. Initial reports indicated the feds were using the services of Israeli mobile forensics firm Cellebrite to crack open Syed Rizwan Farook’s iPhone. Since then, aWashington Post report claimed the FBI hired independent professional hackers, who used a zero-day exploit (a vulnerability unknown to Apple). Another April report showed that the FBI is now willing to help local law enforcement agencies around the country crack iPhones they have in evidence.

Though the FBI has remained mum on any specifics, a recent remark by FBI Director James Comey suggested the fee for the hack was well over a million dollars. Most recently, the FBI declined to divulge details to another government program (the Vulnerabilities Equities Process), claiming ignorance of how the hack actually worked. For the full article click here

from hacker samurai http://ift.tt/1WuKxWh
via IFTTT

Thursday 28 April 2016

Pro-Daesh hackers: More bark than bite, lacking in skills and resources | hacker samurai

from Hacker Samurai http://ift.tt/24mkoeN
via IFTTT

University challenge: Hackers compete for top prize | hacker samurai

from Hacker Samurai http://ift.tt/245FyRT
via IFTTT

Ransomware’s next target: Anything that’s connected | hacker samurai

from Hacker Samurai http://ift.tt/24mkljk
via IFTTT

Why it’s easy for hackers to take over ATMs | hacker samurai

from Hacker Samurai http://ift.tt/24mkmDL
via IFTTT

Pro-Daesh hackers: More bark than bite, lacking in skills and resources

University challenge: Hackers compete for top prize

Computer hackers are constantly exploiting security flaws and accessing private information. For the participants at a new annual competition, though, it’s not a crime – it’s a sport.

Blood-curdling cries were punctuated by the sound of bamboo swords thwacking against armour, as Cambridge University’s Kendo team practiced for their annual match against arch rivals Oxford.

The samurai-inspired martial art requires skill in both attack and defence, and according to the team instructor Dr Frank Stajano, cyber-security is no different.

“You cannot pretend that you will only be able to do the defence side because if you are not skilled at the attack you will not be able to defend.”

Dr Stajano, who is reader in security and privacy at the Computer Laboratory, Cambridge University, is also the organiser of the Inter-ACE Cyberchallenge. It’s a tournament of hacking fought this year between 10 of the UK’s 13 Academic Centres of Excellence in Cyber Security Research. For the full article click here

from hacker samurai http://ift.tt/245FyRT
via IFTTT

Ransomware’s next target: Anything that’s connected

“Ransomware” has turned into a lucrative business for scammers, but it could jump from a troubling annoyance to life-threatening attacks.

The hack is typically targeted at computers, with scammers encrypting files on unwitting victims’ machines. They then demand a ransom — typically about $500, payable in untraceable Bitcoin — in exchange for a key that will decrypt the files. One new type of scam convinces consumers to download the malicious encryption software with the message “Your package has been delivered.”

Already this year, the pace of ransomware attacks has quickened. Security firm Endgame noted that a dozen new variations have been identified so far, compared with about 10 for all of 2015. Security experts say the frequency and type of ransomware attacks are only going to pick up, given that hackers are profiting from it.

One think tank is predicting that the types of attacks will eventually expand to the “Internet of things,” or Internet-connected devices such as cars and medical devices like pacemakers.

“Everything is connected now. It’s the Internet of everything,” said James Scott, senior fellow at the Institute for Critical Infrastructure Technology, which published the report on connected devices. “There are so many vulnerabilities that you can exploit.” For the full article click here

from hacker samurai http://ift.tt/24mkljk
via IFTTT

Why it’s easy for hackers to take over ATMs

Almost any ATM in the world could be illegally accessed and jackpotted with or without the help of malware.
According to research conducted by Kaspersky Lab experts, this is because of the widespread use of outdated and insecure software, mistakes in network configuration and a lack of physical security for critical parts of the ATM.
For many years the biggest threat to the customers and owners of ATMs were skimmers – special devices attached to an ATM in order to steal data from bank card magstripes. But as malicious techniques have evolved, ATMs have been exposed to more danger.
In 2014, Kaspersky Lab researchers discovered Tyupkin – one of the first widely known examples of malware for ATMs, and in 2015 company experts uncovered the Carbanak gang, which, among other things was capable of jackpotting ATMs through compromised banking infrastructure. Both examples of attack were possible due to the exploitation of several common weaknesses in ATM technology, and in the infrastructure that supports them. This is only the tip of the iceberg.
In an effort to map all ATM security issues, Kaspersky Lab penetration testing specialists have conducted research based on the investigation of real attacks, and on the results of ATM security assessments for several international banks. For the full article click here

from hacker samurai http://ift.tt/24mkmDL
via IFTTT

Partial User Data of Food Delivery Service InnerChef Leaked by Purported Hackers

An anonymous hacker has been able to infiltrate food delivery startup InnerChef’s servers, and has leaked a partial list of names, phone numbers, and email addresses used at registration to demonstrate the exploit.

Gadgets 360 confirmed the data breach by calling and verifying three of the phone numbers provided in the list by the hacker in an email. All the three users confirmed that they had used InnerChef’s food delivery service.

“InnerChef is an Indian startup that got funding but despite all that, their security sucks. This funded startup doesn’t care about customer data and only about money, growth, and orders,” the hacker wrote in the email, which disclosed the identities of 35 InnerChef users to demonstrate the breach.

The hacker seems to have a particular axe to grind with the company, accusing InnerChef Co-Founder Rajesh Sawhney of kicking out three co-founders from the startup. For the full article click here

from hacker samurai http://ift.tt/26x3zQm
via IFTTT

Partial User Data of Food Delivery Service InnerChef Leaked by Purported Hackers | hacker samurai

from Hacker Samurai http://ift.tt/26x3zQm
via IFTTT

Wednesday 27 April 2016

CVV shops: How hackers get the three numbers from the back of your credit card | hacker samurai

from Hacker Samurai http://ift.tt/1NST2DK
via IFTTT

Hackers attack Social Democrats’ website | hacker samurai

from Hacker Samurai http://ift.tt/1NST1Qj
via IFTTT

‘Armada Collective’ hackers rake in $100000 from companies by making fake DDoS threats | hacker...

from Hacker Samurai http://ift.tt/1NST1Qd
via IFTTT

Hackers Bolstering Cyber Security in Taiwan | hacker samurai

from Hacker Samurai http://ift.tt/1NST1Qb
via IFTTT

Qatar National Bank Hacked, Hackers Leak 1.4GB Database | hacker samurai

from Hacker Samurai http://ift.tt/1UgOwWm
via IFTTT

CVV shops: How hackers get the three numbers from the back of your credit card

First off, “dumps” — or credit and debit card accounts that are stolen from hacked point of sale systems via skimmers or malware on cash register systems — retail for about $US20 ($25.80) apiece on average in the cybercrime underground. Each dump can be used to fabricate a new physical clone of the original card, and thieves typically use these counterfeits to buy goods from big box retailers that they can easily resell, or to extract cash at ATMs. However, when cyber crooks wish to defraud online stores, they don’t use dumps. That’s mainly because online merchants typically require the CVV, and criminal dumps sellers don’t bundle CVVs with their dumps. For the full article click here

from hacker samurai http://ift.tt/1NST2DK
via IFTTT

Hackers attack Social Democrats’ website

Prague/Zlin, South Moravia, April 26 (CTK) – The website of the Czech Social Democratic Party (senior ruling CSSD) yesterday faced a hacking attack and was temporarily inaccessible due to it, CSSD spokesman Michal Kacirek said.
“It has turned out that our website is to a great extent resistant even to such massive attacks,” the party’s leader, Prime Minister Bohuslav Sobotka, told CTK.
Sobotka said the CSSD reported the incident to the police and the National Security Office.
Kacirek said the attack seemed directed and organised.
The hackers first unsuccessfully attempted to change the contents of the website and then to overwhelm it with traffic, he said, referring to distributed denial-of-service or DDoS attacks. In reaction, the CSSD technicians temporarily switched off the website for security reasons and tried to localise the hackers, Kacirek said.
Karel Miko, an expert on cyber security, said the attack yesterday was far less sophisticated than the recent hacking of Sobotka’s e-mails. For the full article click here

from hacker samurai http://ift.tt/1NST1Qj
via IFTTT

‘Armada Collective’ hackers rake in $100000 from companies by making fake DDoS threats

A hacker group claiming to be the Armada Collective, known for its extortion rackets, has taken cybercrime to new levels. The hacker group has duped companies into paying $100,000 (£68,628) by sending them emails with fake threats of launching a DDoS (distributed denial of service) attack.

In just two months, the hacker group has raked in thousands from companies around the world, who failed to realise that they were being tricked by a mere threat of a potential DDoS attack. According to security firm CloudFlare, the Armada Collective emailed business around the globe demanding ransom in Bitcoin and threatening a hack unless a payment was made.

CloudFlare’s Matthew Price wrote in a company blog: “We have heard from more than 100 existing and prospective CloudFlare customers who had received the Armada Collective’s emailed threats. We’ve also compared notes with other DDoS mitigation vendors with customers that had received similar threats.”

“Our conclusion was a bit of a surprise: we’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack. In fact, because the extortion emails reuse Bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.” For the full article click here

from hacker samurai http://ift.tt/1NST1Qd
via IFTTT

Hackers Bolstering Cyber Security in Taiwan

On April 25, Hacks in Taiwan (HIT) association celebrated its first anniversary. Vice Premier Woody Duh attended the anniversary party and praised the group for its efforts, showing the government’s support.

Duh said that in the past, hackers were always worried that the government was against their ideas, but his attendance of the party shows the government now recognizes the hackers’ efforts.

In recent years, HIT has developed new talents, honed hackers’ skills, and improved Taiwan’s information security by organizing a wide array of activities and forums, which the government is willing to support and invest in, according to Duh.

Duh said that the conventional education system is unable to develop talent for information security, so Hackers in Taiwan Conference (HITCON) is an important platform for the exchange of skills and information. The association can train hackers not only to become the best in the country, but also shine in international hacker contests.

In his speech at the party, Duh said that the government always thought that it had to take the initiative in launching important policies and campaigns, but the myth is now debunked. The government hopes more people from private sectors can take the initiative and it can offer help when they are in need. For the full article click here

from hacker samurai http://ift.tt/1NST1Qb
via IFTTT

Qatar National Bank Hacked, Hackers Leak 1.4GB Database

Hackers leak 1.4GB database of information after breaching Qatar National Bank

A group of unknown hackers have claimed to have hacked into the servers of Qatar National Bank (QNB), based in Doha and posted online to the whistleblower site Cryptome on April 26. Before uploading on this site, the massive leak was uploaded at Global-Files.net, but it was quickly removed without explanation.

The leaked data, which totals 1.4 GB, apparently includes internal corporate files and sensitive financial data for QNB’s customers, such as passwords, account numbers, and credit card information. Moreover, the hackers also claim to have leaked banking details of the Al-Thani Qatar Royal Family and Al Jazeera journalists. For the full article click here

from hacker samurai http://ift.tt/1UgOwWm
via IFTTT

Tuesday 26 April 2016

Islamite hackers steal US State Department employees’ personal data

A group of hackers who support the Islamic State claimed that they got personal data of the US State Department employees.

According to Fox News, the hackers even published several screenshots and promised to “crush” the US.

A group of hackers known as United Cyber Caliphate made a statement, “your system failed to Tackling our attacks. Now we will Crush you again”.

The hackers declared Friday that they got personal data of 18,000 employees of the Saudi Arabian security services. Before that analysts reported that a group connected with the IS published over 3,500 names of the New York residents labeled “Wanted to be killed.”

As Pravda.Ru reported Anonymous group hackers got access to 5.5 thousand accounts of the IS fighters on Twitter. And promised to avenge the terror acts in Paris on 13 November on the IS. For the full article click here

from hacker samurai http://ift.tt/1reXfNo
via IFTTT

Have hackers and cheats ruined The Division on PC?

In financial terms, Tom Clancy’s The Division is a hugely successful video game. Released in March by French publisher Ubisoft, this New York-set third-person shooter quickly became the best selling new franchise of all time, generating more than $330m in sales in its first five days. But, just over a month after release, the best selling game in Ubisoft’s 30-year history looks to be heading for catastrophe.

The Division has a cheating problem. Not just one, either, but a critical mass of glitches, exploits, and hacks that – in the eyes of the playerbase at least – threaten the game’s immediate and long-term future on the PC. Players stack items for unintended bonuses, farm missions in seconds, and – worst of all – using third-party hacks to cheat in player vs player (PvP) competition.

Glenn Young bought The Division and the “season pass” (a pre-purchase of future downloadable content) for £70. “About three weeks ago, the glitches and exploits started to become much more noticeable,” he says. “In particular there was a non-player character (NPC) called Bullet King just outside one of the safehouses [a place players can respawn]. People figured out that if they killed him and not his lackeys, they could loot him, then die and respawn and repeatedly do it again.” For the full article click here

from hacker samurai http://ift.tt/1XUt1tn
via IFTTT

Ransomware Hackers Blackmail U.S. Police Departments

Cyber criminals who have forced U.S. hospitals, schools and cities to pay hundreds of millions in blackmail or see their computer files destroyed are now targeting the unlikeliest group of victims — local police departments.

Eastern European hackers are hitting law enforcement agencies nationwide with so-called “ransomware” viruses that seize control of a computer system’s files and encrypt them. The hackers then hold the files hostage if the victims don’t pay a ransom online with untraceable digital currency known as Bitcoins. They try to maximize panic with the elements of a real-life hostage crisis, including ransom notes and countdown clocks.

If a ransom is paid, the victim gets an emailed “decryption key” that unlocks the system. If the victim won’t pay, the hackers threaten to delete the files, which they did last year to departments in Alabama and New Hampshire. That means evidence from open cases could be lost or altered, and violent criminals could go free. For the full article click here

from hacker samurai http://ift.tt/1reXiIQ
via IFTTT

ISIS-aligned hackers leak confidential info on 43 US State Dept employees

The Islamic State-aligned United Cyber Caliphate claims to have hacked into US State Department records, releasing online information on 43 employees it wants dead. The leak also includes staff with Homeland Security and other agencies, media reported.

The information was released through the group’s account on the messaging app Telegram. The departments of energy, commerce, health and defense have been compromised along with the State Department and DHS, the SITE Intelligence Group reported.

The document is entitled ‘wanted to be killed’ and contains threats to the US, which the group sees as its main enemy. Various staff members from all over the world were identified, including embassy workers in Sudan and Togo, Vocativ was able to verify. The list included other officials, Homeland Security among them.

However, according to Vocativ, the hack is unlikely to reveal much new. A lot of what was listed is publicly-available information, while many numbers are simply office lines. For the full article click here

from hacker samurai http://ift.tt/1XUt1cX
via IFTTT

Hackers are targeting beautiful people in a terrifying new cyberattack

Hackers have targeted elite dating website BeautifulPeople.com and stolen information from more than one million members.

According to web security expert Troy Hunt, information including sexual preferences, addresses, and income of dating website members was stolen in the cyberattack.

Some 15 million messages exchanged between those looking for love on BeautifulPeople.com were also taken. Other information believed to have been stolen includes weight, profession, height, education, eye and hair colour.

The stolen information of some 1.1 million members is now being sold on the black market, according to the researcher. For the full article click here

from hacker samurai http://ift.tt/1reXic3
via IFTTT

Islamite hackers steal US State Department employees’ personal data | hacker samurai

from Hacker Samurai http://ift.tt/1reXfNo
via IFTTT

Have hackers and cheats ruined The Division on PC? | hacker samurai

from Hacker Samurai http://ift.tt/1XUt1tn
via IFTTT

Ransomware Hackers Blackmail U.S. Police Departments | hacker samurai

from Hacker Samurai http://ift.tt/1reXiIQ
via IFTTT

ISIS-aligned hackers leak confidential info on 43 US State Dept employees | hacker samurai

from Hacker Samurai http://ift.tt/1XUt1cX
via IFTTT

Hackers are targeting beautiful people in a terrifying new cyberattack | hacker samurai

from Hacker Samurai http://ift.tt/1reXic3
via IFTTT

Monday 25 April 2016

Facebook Downplays Impact of Corporate Network Hack | hacker samurai

from Hacker Samurai http://ift.tt/23UXkHw
via IFTTT

4 tech nightmares keeping IT leaders up at night | hacker samurai

from Hacker Samurai http://ift.tt/24faUSC
via IFTTT

Clinton Email Scandal: What Did Hillary Crony Admit That Everyone Already Knows? | hacker samurai

from Hacker Samurai http://ift.tt/24faUSw
via IFTTT

SWIFT Software Bug Exploited by Bangladesh Bank Hackers | hacker samurai

from Hacker Samurai http://ift.tt/24faX0U
via IFTTT

Facebook Downplays Impact of Corporate Network Hack

Social media giant claims second hacker was just a bounty hunter.

A security researcher who managed to hack through the security of one of Facebook’s FB -2.54% corporate networks said he found evidence of another hacker having been there too, and having installed a backdoor to steal employees’ credentials.

Penetration tester Orange Tsai, of Taiwanese cybersecurity firm Devcore, said the other hacker had set up a tool to collect and exfiltrate Facebook employees’ usernames and passwords as they logged in.

He himself got in by exploiting vulnerabilities in third-party software, from a company called Accellion, that is used for file transfers. For the full article click here

from hacker samurai http://ift.tt/23UXkHw
via IFTTT

4 tech nightmares keeping IT leaders up at night

Being a CIO isn’t an easy job, not when hackers are coming at you from all sides trying to get their hands on that sweet, sweet data. It’s especially never-racking because one breach can turn a company from a respectable business to one that looks like it protects its information with a layer of Swiss cheese.

Here are four things keeping CIOs up at night – and ways to help them fall back asleep again – or at least into a light doze instead of staring at the ceiling waiting for a hacker to break through.

1. Dude, where’s my data?

Andrew Hay, CISO for DataGravity, says one concern might seem a simple one: “the lack of data awareness that organizations have in terms of where information is stored and what type of sensitive information is accessible by people who shouldn’t have it,” he says.

But that’s not just about where data lives. It’s where copies of it are going, and the security of those systems. “Are [employees] uploading it to things like Drop Box or Google Docs because they work from home or the files are psyched with their personal servers instead of VPN?” For the full article click here

from hacker samurai http://ift.tt/24faUSC
via IFTTT

Clinton Email Scandal: What Did Hillary Crony Admit That Everyone Already Knows?

COrruption: A funny thing happens when political figures play around the edges of truth. They acknowledge facts everyone else has long accepted to be true. One of Hillary Clinton’s confidants did just that last week.

While being interviewed on WMAL radio in Washington, D.C., Lanny Davis, a longtime Clinton fixer — has any political family ever need more fixing? — told the hosts that he wouldn’t be surprised if Clinton’s private email server had been hacked. It was such a startling admission that host Larry O’Connor had to ask Davis again to make sure that he had not misunderstood him. The second time around, the response was the same.

“I wouldn’t be surprised because the federal government itself has been hacked,” said Davis, “but as of now, no, it hasn’t been hacked.”

No. 1, he can’t know whether it’s been hacked or not. Unless Davis has upgraded his education attending night school, he’s neither a computer forensics expert nor a cybersecurity whiz. He’s merely putting the Clinton spin on it. For the full article click here

from hacker samurai http://ift.tt/24faUSw
via IFTTT

SWIFT Software Bug Exploited by Bangladesh Bank Hackers

A bug in SWIFT banking software may have been exploited to allow hackers to make off with $81 million from Bangladesh’s central bank in February, according to reports.

Investigators at British defense contractor BAE Systems told Reuters that the malware in question, evtdiag.exe, had been designed to change code in SWIFT’s Access Alliance software to tamper with a database recording the bank’s activity over the network.

That apparently allowed the attackers to delete outgoing transfer requests and intercept incoming requests, as well as change recorded account balances – effectively hiding the heist from officials.

The malware even interfered with a printer to ensure that paper copies of transfer requests didn’t give the attack away.

It’s thought that the malware was part of a multi-layered attack and used on the SWIFT system once Bangladesh Bank admin credentials had been stolen.

Although it was written specifically for this attack it could be repurposed for similar attacks in the future, BAE claimed. For the full article click here

from hacker samurai http://ift.tt/24faX0U
via IFTTT

Windows Security Flaw Lets Hackers Install Malicious Apps: Report

Microsoft introduced the AppLocker feature in Windows 7, providing company administrators with the ability to whitelist and blacklist apps, ensuring that risk-laden apps are kept of the enterprise’s networks. A researcher has however discovered a flaw in Windows AppLocker that lets hackers bypass the protection, and install any app they want.

Discovered by security researcher Casey Smith, the flaw allows hackers to use the Regsvr32.eve to install the app, by directing it to a hosted file or script. The app or script can then be installed, without administrator access or even modifying the registry – making it very difficult to reverse changes or monitor unauthorised use. The flaw, which could result in the PC installing malicious apps despite having Windows AppLocker, can be exploited in business editions of Windows 7 and higher.

“The amazing thing here is that regsvr32 is already proxy aware, uses TLS, follows redirects, etc…And.. You guessed a signed, default MS binary,” wrote Smith while explaining the flaw in a blog post. For the full article click here

from hacker samurai http://ift.tt/24faPhJ
via IFTTT

Windows Security Flaw Lets Hackers Install Malicious Apps: Report | hacker samurai

from Hacker Samurai http://ift.tt/24faPhJ
via IFTTT

Saturday 23 April 2016

Forcepoint 2016 Global Threat Report WebCast

Title: Forcepoint 2016 Threat Report

Date: Tuesday, May 03, 2016

Time: 11:00 AM Pacific Daylight Time

Duration: 1 hour

Forcepoint Security Labs® has produced their annual Threat Report – the must-read analysis of what’s really happening in the cyber landscape.

Evolving IT environments have made the past perimeter-based security model obsolete. Resource-strapped security teams are struggling to keep up with more and more challenging threats. A new, holistic approach is needed to give enterprises a 360-degree view with real-time analysis and meaningful alerts that anticipate and communicate the threat landscape so customers can act quickly to defeat the most determined adversary.

Using in-depth insights from the Forcepoint Security Labs ThreatSeeker® Intelligence Cloud, Michael Crouse, Office of the CISO, will share the latest threats gathered from more than three billion data points per day in 155 countries around the world, and what they mean for agencies while providing operational and technical recommendations to navigate the ever-changing threat landscape.

Learn more about:

Forcepoint’s first-hand case study on protecting a cybersecurity company during an acquisition.
How to avoid becoming an inadvertent insider threat.
How threats are evolving in capability while traditional security perimeters dissolve.

This is a must-attend webcast. All attendees will receive a FREE copy of the full 2016 Threat Report.

To Register and View More Details Click Here

from hacker samurai http://ift.tt/1YNvZjt
via IFTTT

Forcepoint 2016 Global Threat Report WebCast | hacker samurai

from Hacker Samurai http://ift.tt/1YNvZjt
via IFTTT

Sources Doubt Anonymous Gray Hats Cracked San Bernardino Shooter’s Phone. So Who Did? | hacker...

from Hacker Samurai http://ift.tt/1SDaX8S
via IFTTT

How ’60 Minutes’ played ‘Telephone’ with public-hacking hysteria | hacker samurai

from Hacker Samurai http://ift.tt/1SDaX8K
via IFTTT

Sources Doubt Anonymous Gray Hats Cracked San Bernardino Shooter’s Phone. So Who Did?

The identity of the group that helped the FBI access the encrypted data from San Bernardino shooter Syed Farook’s iPhone is still a mystery.

The common thinking now is that it was a group of anonymous “gray hats”—that is, security pros operating in the gray area between legit research and criminal hacking. But not so fast, say some in the security community; the mysterious helper might yet be Cellebrite, the Israeli security company originally thought to have cracked the phone for the FBI.

The FBI has contracted with the Sun Corporation subsidiary for $338,581 worth of gear and services since December 2, 2015—the date of the San Bernardino attack—according to Federal Procurement Data System records. Neither the FBI nor Cellebrite would say if this was indeed payment for the hack.

Cellebrite and other Sun Corporation companies are in the business of helping extract encrypted data from cell phones—like the iPhone 5C used by Farook, for instance. For the full article click here

from hacker samurai http://ift.tt/1SDaX8S
via IFTTT

Biteng hacked Comelec website to show he’s good | hacker samurai

from Hacker Samurai http://ift.tt/1YMM0pZ
via IFTTT

How ’60 Minutes’ played ‘Telephone’ with public-hacking hysteria

On Sunday, 60 Minutes took a year-old segment on phone hacking it shot and aired in Australia, fluffed it up with other old hacks from last year’s Def Con and repackaged it for an American audience.

Almost no one noticed those particular details.

But just about everyone panicked. “Hacking Your Phone” set off a scare that raged through headlines and social media all week. As the miasmic cherries on top, the episode also freaked out California Rep. Ted Lieu (D), who has called for a congressional investigation, and the FCC is now involved.

The 13-minute segment based its hysteria on a hole in phone-routing protocol SS7 (Signaling System 7), a flaw which, incidentally, isn’t easy to exploit. But perhaps thinking the combination of hacker boogeymen and SS7’s potential wouldn’t make for dramatic TV, the show blurred in a handful of different — and extremely unrelated — ways that smartphones can be hacked. For the full article click here

from hacker samurai http://ift.tt/1SDaX8K
via IFTTT

More cyber security experts needed to combat hackers – MCMC | hacker samurai

from Hacker Samurai http://ift.tt/1YMLYyj
via IFTTT

Biteng hacked Comelec website to show he’s good

The National Bureau of Investigation said yesterday that 23-year-old Information Technology graduate Paul Biteng hacked the Commission on Elections website on Easter Sunday to show nothing more than his skills.

Francis Señora, agent on case, said that a week after successfully hacking the website and finding its vulnerabilities, Biteng bragged what he did to other online hackers, enabling them to penetrate the website and download some of the information found there, including the database of registered voters.

Vic Lorenzo, NBI Cybercrime Division executive officer, said Biteng first hacked the Comelec website on March 20.

NBI Cybercrime Division chief Roland Aguto Jr. said Biteng told them that he had no intention to harm.

NBI Director Virgilio Mendez said that Biteng is not affiliated with any candidate or political party. There was also no indication that he made money and the computer he used was old.

Aguto added that they have the computer he used and their forensic examination on the extent of the data breach is ongoing.

NBI remains hopeful that Biteng’s fellow hackers would fall next, now that two had been identified, including one who is 20.

Biteng was arrested Wednesday night in his house in Balic-Balic, Sampaloc, Manila residence after a three-week surveillance by the NBI Cybercrime Division. For the full article click here

from hacker samurai http://ift.tt/1YMM0pZ
via IFTTT

Big Paydays Force Hospitals to Prepare for Ransomware Attacks | hacker samurai

from Hacker Samurai http://ift.tt/1YMM0pV
via IFTTT

More cyber security experts needed to combat hackers – MCMC

SHAH ALAM: Malaysia needs more cyber security experts in future as preparations to face various risks from the open sky in the rapidly expanding cyberspace industry.

Malaysian Communications and Multimedia Commission (MCMC) Advocacy and Outreach Department senior director Eneng Faridah Iskandar said this was due to the existence of black hackers with various cyber crimes causing internet users to be easily exposed to dangers in the cyberspace.

She said the dumping of hacking technics and methods uploaded on the internet resulted in such illegal activities getting more widespread and serious measures were needed to contain such proliferation.

“The internet is now available everywhere and the number of internet users in Malaysia has reached 20.1 million people in both urban and rural areas. For the full article click here

from hacker samurai http://ift.tt/1YMLYyj
via IFTTT

Big Paydays Force Hospitals to Prepare for Ransomware Attacks

Infected by ransomware, hospitals around the country have been forced to pay hefty sums to criminal hackers.

One of the most extreme cases took place in February, when Hollywood Presbyterian Medical Center handed over $17,000 to hackers who took over its systems. Since then, two other hospitals in California, as well as in Kentucky and Maryland, were also hit.

While ransomware isn’t new, it was rare in the past for hospitals to be targeted, according to Kevin Haley, director of Symantec Security Response.

What changed? That $17,000 payday made headlines. For the full article click here

from hacker samurai http://ift.tt/1YMM0pV
via IFTTT

Friday 22 April 2016

A Business Case For Funding Your Federal Insider Threat Program

WHITEPAPER

The insider threat is a dangerous risk to government agencies and its most sensitive data. Monitoring the behaviors internally and identifying when bad is bad based on access, roles and actions is not a luxury government agencies can afford to go without.

Read our detailed whitepaper on building a case for funding your federal insider threat program and the necessary steps to establishing a successful security posture against such threats.

Get your copy of the report today!

Source : http://ift.tt/1VNA9dd

from hacker samurai http://ift.tt/1WLzsjY
via IFTTT

A Business Case For Funding Your Federal Insider Threat Program | hacker samurai

from Hacker Samurai http://ift.tt/1WLzsjY
via IFTTT

Hackers preview an online multiplayer global cyberwarfare simulator for Android and iOS

Hackers is an online multiplayer cyberwar simulator, where you play as a hacker who has to execute intrusions, attacks and takedowns on enemy networks, and defend your home country from enemy strikes. The gameplay is similar to uplink with a multiplayer component added. The visuals and UI are an enhanced 3D version of the Plague Inc interface. Just like Plague Inc, there is a bar on top that scrolls funny news items. The jokes are shout outs to internet security and gaming phenomena. The game lets you dive deep into the dark web with a host of futuristic hacking tools at your disposal. For the full article click here

from hacker samurai http://ift.tt/1WKm9jL
via IFTTT

Bank Malware Hackers To Spend 24 Years In Jail

Two hackers were sentenced to a combined 24 years in U.S. prison for stealing hundreds of millions of dollars from financial institutions across the globe using the malware SpyEye.

The Trojan virus was disguised as legitimate software and subsequently infected more than 50 million computer systems. SpyEye was used by a cybercriminal ring to carry out a significant amount of theft, with damages estimated at nearly $1 billion globally, The Hill reported Thursday (April 21).

“Through these arrests and sentencing, the risk the public unknowingly faced from the threat posed by the imminent release of a new highly sophisticated version of SpyEye was effectively reduced to zero,” FBI special agent J. Britt Johnson told The Hill.

Last year, investigators from six different European countries, supported by Europol and Eurojust, joined together to bring down the cybercriminal group suspected of creating and distributing two banking trojans, SpyEye and Zeus.

“The cybercriminals used malware to attack online banking systems in Europe and beyond, adapting theirsophisticated banking Trojans over time to defeat the security measures implemented by the banks,” Europol reported in June 2015. For the full article click here

from hacker samurai http://ift.tt/1QsgZRT
via IFTTT

NBI: Comelec site hacker did it for bragging rights

An agent from the National Bureau of Investigation (NBI) revealed that Paul Biteng, the 23-year-old Information Technology fresh graduate, who allegedly hacked the Commission on Elections (Comelec) website on Easter Sunday, said he defaced the site not to get money but for bragging rights.

Vic Lorenzo, NBI Cybercrime Division executive officer, said Biteng was first able to hack the Comelec website on March 20.Francis Señora, agent on case, told reporters that a week after successfully hacking the website and finding its vulnerabilities, Biteng bragged about it to other online hackers, enabling them to penetrate the website and download some of the information found there, including the database of registered voters.

NBI Director Virgilio Mendez said in a press conference that based on their investigation, Biteng was not affiliated with any candidate or political party. There was also no indication that he made money and the computer he used was old.

NBI Cybercrime Division chief Roland Aguto Jr. said Biteng told them that he had no intention to harm.

Aguto added that they have the computer he used and their forensic examination on the extent of the data breach is ongoing.

NBI remains hopeful that Biteng’s fellow hackers would fall next, now that two had already been identified, including one who is a 20-year-old.

Biteng was arrested on Wednesday night (April 20, 2016) at his Sampaloc residence after a three-week surveillance by the NBI Cybercrime Division. However, many netizens doubt the speedy arrest of Biteng. Some claim that he became the “fall guy” and this is just a tactic to divert the public’s attention from other pressing issues.

Some netizens, however, are suggesting that NBI should hire Biteng and make use of his skills instead. For the full article click here

from hacker samurai http://ift.tt/1WKmbs6
via IFTTT

How to protect your Apple ID account against hackers

Passwords are ubiquitous in the information age. We use them every day to sign into our web accounts and devices. As such, passwords help secure our digital lives.

Well… sort of.

Notwithstanding their widespread use, passwords are inherently insecure because they are only information. They are not tied to any physical object. Attackers can therefore steal a password from a vulnerable database (or from the Post-It note on your desktop), or they can purchase a tool that allows them to brute force their way into your account.

It is in response to the shortcomings of password security that we have discussed in recent articles how to add an extra layer of protection to your web accounts.

After covering the difference between two-factor authentication (2FA) and two-step verification (2SV), we explored how to protect a Google account with 2SV, including via the use of the Google Authenticator app. For the full article click here

from hacker samurai http://ift.tt/1QsgXcY
via IFTTT

FIN6 Hackers Stole Millions of Cards Report

Security researchers have lifted the lid on the lucrative world of financially motivated cybercrime, claiming the ‘FIN6’ group may theoretically have made as much as $400 million from a single POS data heist.

FireEye and iSight Partners combined their threat intelligence efforts to compile the Follow the Money report.

It details how, by targeting various companies mainly in the retail and hospitality sectors, and using classic targeted attack techniques, the group managed to deploy Trinity POS malware on around 2000 systems.

The resulting stolen data, dating back as far as 2014, was found on a single underground card site.

The report continues:

“Our analysis of the data sold through this underground vendor indicates that FIN6’s compromises are highly profitable to the actors involved, potentially resulting in extensive fraud losses. For instance, in one FIN6-linked breach the vendor was advertising nearly than 20 million cards. These cards were predominantly from the United States and selling for an average of $21. So the total return for the shop — if all the data was sold at full price — could have been about $400 million.” For the full article click here

from hacker samurai http://ift.tt/1WKm93f
via IFTTT

Hackers preview an online multiplayer global cyberwarfare simulator for Android and iOS |...

from Hacker Samurai http://ift.tt/1WKm9jL
via IFTTT

Bank Malware Hackers To Spend 24 Years In Jail | hacker samurai

from Hacker Samurai http://ift.tt/1QsgZRT
via IFTTT

NBI: Comelec site hacker did it for bragging rights | hacker samurai

from Hacker Samurai http://ift.tt/1WKmbs6
via IFTTT

How to protect your Apple ID account against hackers | hacker samurai

from Hacker Samurai http://ift.tt/1QsgXcY
via IFTTT

FIN6 Hackers Stole Millions of Cards Report | hacker samurai

from Hacker Samurai http://ift.tt/1WKm93f
via IFTTT

Thursday 21 April 2016

Lock-hackers crack restricted keys used to secure data centres | hacker samurai

from Hacker Samurai http://ift.tt/1SxBYup
via IFTTT

Scary security flaw which allows hackers to listen to your phone calls | hacker samurai

from Hacker Samurai http://ift.tt/2108bdO
via IFTTT

Hackers launch website with alleged Comelec voter data | hacker samurai

from Hacker Samurai http://ift.tt/1SxBYuc
via IFTTT

Female Hackers Still Face Harassment at Conferences | hacker samurai

from Hacker Samurai http://ift.tt/1SxBXq5
via IFTTT

These 2 Convicted Hackers Just Got Huge U.S. Prison Sentences | hacker samurai

from Hacker Samurai http://ift.tt/2108a9S
via IFTTT

Lock-hackers crack restricted keys used to secure data centres

Bsides Canberra A group of Melbourne lock-pickers have forged a creative method for popping so-called restricted locks by 3D printing keys found on freely-available designs on patent sites.

The feat demonstrated at the BSides Canberra security conference last week is a combination of opportunistic ingenuity and lock-picking mastery, and will be warmly-received by red team penetration testers and criminals alike.

Lock-picking is common within the information security industry, is a staple at hacker conventions, and is becoming an increasingly used skill as part of anything-goes attempts to access controlled areas wherein computers can be found.

Restricted keys are controlled by limiting manufacture to expensive specialist locksmiths who require licences and specific machinery to produce the keys.

Locks using the keys are used across enterprises to secure sensitive areas such as offices and data centres.

Now a Loop security consultant known as “Topy”, and his fellow lockpickers say restricted keys have become skeletons in the security closet. For the full article click here

from hacker samurai http://ift.tt/1SxBYup
via IFTTT

Scary security flaw which allows hackers to listen to your phone calls

A security vulnerability in Signaling System 7 (SS7) make it possible for a hacker to intercept your phone calls, read your text messages, and determine your movements – all they need is your phone number.

SS7 is an international telecommunications standard developed to manage call set-up, management, and tear down.

SS7 defines how network elements in a public switched telephone network exchange information over a digital signalling network.

The SS7 vulnerability is not new. SR Labs warned of it in 2008, but it was not until 2014 – when the vulnerability was demonstrated at a conference – that people started to take note.

In 2014, researchers warned that vulnerabilities in the protocol threatened users’ privacy, and could lead to user tracking, fraud, denial of service, and call interception.

The issue made headlines again in January after a 60 Minutes report highlighted the dangers of the security weakness. For the full article click here

from hacker samurai http://ift.tt/2108bdO
via IFTTT

Hackers launch website with alleged Comelec voter data

A group of as-yet unidentified hackers has taken the allegedly stolen Commission on Elections data and re-posted it on Thursday, April 21, as a searchable database on an independent site.

The site was put on the same day the National Bureau of Investigation arrested a person who was one of those allegedly involved in the recent defacement and supposed leakage of data from the Comelec website.

The site allows a user to gain access to a person’s basic personal data by just keying in his or her name.

In a statement, Comelec spokesman James Jimenez said the NBI is already investigating what he called the “hacker website.”

He called on the public not to use the site.

“In the meantime that [the NBI investigators] have not furnished us a copy of their findings, we advise the public not to use the hacker website as it can be used by the hackers to steal your information and thus expose you even further to the dangers of identity theft,” Jimenez said. For the full article click here

from hacker samurai http://ift.tt/1SxBYuc
via IFTTT

Female Hackers Still Face Harassment at Conferences

Security and hacking conferences provide platforms for cutting edge research into computer vulnerabilities, exploitable systems, and new defensive measures. These often vast events also let researchers and hackers rub shoulders with their friends and peers, network, and blow off steam.

But a lingering problem remains for some women at a number of conferences: harassment and prejudice.

In a recent example, women were targeted at an after-party of internet and human rights conference Rightscon, which took place between March 30 and April 1 in San Francisco.

“There were incidents of sexual harassment at last night’s CloudFlare party,” tweeted RightsCon, adding that the conference has a zero tolerance policy for this sort of behavior. For the full article click here

from hacker samurai http://ift.tt/1SxBXq5
via IFTTT

These 2 Convicted Hackers Just Got Huge U.S. Prison Sentences

They got a combined total of 24 years and 6 months for their roles with the malware called “SpyEye.”

Two computer hackers were sentenced to a combined total of 24 years and six months in prison for their roles in developing and distributing malware called “SpyEye” blamed for hundreds of millions of dollars in losses to financial institutions worldwide, the U.S. Justice Department said on Wednesday.

A U.S. District Court judge in Atlanta handed down prison sentences of nine and a half years to Aleksandr Panin, 27, of Russia and 15 years to Hamza Bendelladj, 27, of Algeria,the department said in a statement. For the full article click here

from hacker samurai http://ift.tt/2108a9S
via IFTTT

Wednesday 20 April 2016

ICIT Brief: Combatting the Ransomware Blitzkrieg with Endpoint Security | hacker samurai

from Hacker Samurai http://ift.tt/1NBsNkY
via IFTTT

ICIT Brief: Combatting the Ransomware Blitzkrieg with Endpoint Security

Ransomware, the weaponization of encryption, has struck fear and confusion into the hearts of PC users and critical infrastructure communities alike. While it is impossible for organizations to prevent malware from infecting their networks, those who deploy a multi-layered security strategy and teach proper cybersecurity hygiene to their employees have a strong chance of defending against these types of attacks. This brief, entitled “Combatting the Ransomware Blitzkrieg: The Only Defense is a Layered Defense – Layer One: Endpoint Security”, will focus on the critical role endpoint security plays as part of an organization’s comprehensive and holistic security strategy. The brief contains an analysis of:

The need for endpoint security
Vulnerable endpoints (users, personal computers, servers, mobile devices, specialize hardware and cloud services)
Potentially vulnerable endpoints (SCADA/ICS, IoT devices, cars)
Endpoint security
Selecting an endpoint security strategy

The following experts contributed to this brief:

James Scott (Sr. Fellow & Co-Founder, ICIT)
Drew Spaniel (Visiting Scholar, ICIT)
Dan Waddell (ICIT Fellow – Director, Government Affairs, (ISC)2)
Greg Fitzgerald (ICIT Fellow – Chief Strategy Officer, Cylance)
Rob Bathurst (ICIT Fellow – Managing Director, Healthcare and Life Sciences, Cylance)
Malcolm Harkins (ICIT Fellow – Global Chief Information Security Officer, Cylance)
Ryan Brichant (ICIT Fellow – CTO, ICS, FireEye)
George Kamis, (ICIT Fellow – CTO Federal, Forcepoint)
Stacey Winn (ICIT Fellow – Senior Product Marketing Manager, Public Sector, Forcepoint)
Thomas Boyden (ICIT Fellow – Managing Director, GRA Quantum)
Kevin Chalker (ICIT Fellow – Founder & CEO, GRA Quantum)
John Sabin (ICIT Fellow – Director of Network Security & Architecture, GRA Quantum)
Rob Roy (ICIT Fellow – Public Sector CTO, Hewlett Packard Enterprise)
Stan Wisseman (ICIT Fellow – Security Strategist, Hewlett Packard Enterprise)
Cindy Cullen (ICIT Fellow – Security Strategist, Hewlett Packard Enterprise)
Stan Mierzwa (ICIT Fellow – Director, Information Technology, Population Council)

Download the brief here: http://ift.tt/1StJcwm

from hacker samurai http://ift.tt/1NBsNkY
via IFTTT

How To Hack An iPhone Call: Hackers Demonstrate How

Apple has been taking security of their gadgets seriously for a long time. Even when the whole FBI vs Apple issue was going around, Apple released that theycan’t compromise their privacy policies. However, news has been rampant about a congressman’s phone being hacked to show that iPhones can be hacked remotely.

According to iDigitalTimes, the Signalling System No. 7 (SS7), made in 1975 to make roaming possible as well as how phone calls are received all over the world, is the major vulnerability that allowed the hackers or third party access to let phone data be collected. The hacker group that exploits this are German hackers, according to 9to5Mac. In the same report, it was said that a German hacker named Karsten Nohl demonstrated how he was able to track a congressman’s location without the use of the phone’s GPS through the cellphone tower triangulation method. He showed that he can keep track of all the phone calls just by using the phone’s number and don’t need to access the iPhone.

Does it affect just the iPhone?

Although it is not sure if this can be done with other phones since it was tested on an iPhone, you can never be too safe. According to CNet, this hack only requires a mobile phone number and can be accessed through mobile networks. This is a scary thought, isn’t it? For the full article click here

from hacker samurai http://ift.tt/1StvZnh
via IFTTT

How To Hack An iPhone Call: Hackers Demonstrate How | hacker samurai

from Hacker Samurai http://ift.tt/1StvZnh
via IFTTT

Tomorrows Buildings: Help! My building has been hacked | hacker samurai

from Hacker Samurai http://ift.tt/1pgVKfV
via IFTTT

North Korean hackers among worlds best says US General | hacker samurai

from Hacker Samurai http://ift.tt/1We4m3W
via IFTTT

FBI says it needs hackers to keep up with tech companies | hacker samurai

from Hacker Samurai http://ift.tt/1pgVJZq
via IFTTT

Hacker Promises To Kill Apple Mac Ransomware Before It Becomes A Nightmare UPDATED | hacker...

from Hacker Samurai http://ift.tt/1We4lNr
via IFTTT

Tomorrows Buildings: Help! My building has been hacked

In 2013, Google – one of the world’s pre-eminent tech companies – was hacked.

It wasn’t its search engine that was attacked or its advertising platform or even its social network, Google+. Instead, it was a building.

Two cybersecurity experts hacked into its Wharf 7 office in Sydney, Australia, through Google’s building management system (BMS).

One of them, Billy Rios, says: “Me and my colleague have a lot of experience in cybersecurity, but it is not something that people couldn’t learn.

“Once you understand how the systems work, it is very simple.”

He found the vulnerable systems on Shodan, a search engine that lists devices connected to the internet, and then ran it through his own software to identify who owned the building. For the full article click here

from hacker samurai http://ift.tt/1pgVKfV
via IFTTT

North Korean hackers among worlds best says US General

North Korea’s asymmetric warfare potential is being bolstered by one of the world’s best and most organised cyber attack capabilities, according to the Army general nominated to command United States forces in South Korea.

“This is an area of growth,” Army General Vincent Brooks told the Senate Armed Services Committee during his nomination hearing on Tuesday. “While I would not characterise them as the best in the world, they are among the best in the world and the best organised. What they are experimenting with” and “what they are willing to do” has shown boldness and capability, he added.

Although Brooks, the former head of Army Pacific forces, touched on North Korea’s cyber attack skills, he declined during the public hearing to discuss US offensive cyber capabilities against Kim Jong-un ‘s reclusive regime. For the full article click here

from hacker samurai http://ift.tt/1We4m3W
via IFTTT

FBI says it needs hackers to keep up with tech companies

WASHINGTON: The FBI defended its hiring of a third party to break into an iPhone used by a gunman in last year’s San Bernardino, California, mass shooting, telling some skeptical lawmakers Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information.

Amy Hess, the FBI’s executive assistant director for science and technology, made the comments at a hearing by members For the full article click here

from hacker samurai http://ift.tt/1pgVJZq
via IFTTT

Hacker Promises To Kill Apple Mac Ransomware Before It Becomes A Nightmare UPDATED

Ransomware has become the scourge of the web in recent months. Hospitals thrust back into the non-digital age, their files locked up until they paid hefty ransoms in Bitcoin.Schools suffering the same fate. A variant called Locky spreading like wildfire, nearly a million infections in a week. Another, Jigsaw, surfaced this week using imagery from theSaw film franchise to scare the pants off victims. Those are on top of more than 50 other families of ransomware, the most troublesome in recent memory being CryptoWall, robbing organizations and individuals of their funds. Government is even up in arms, the FBI issuing alerts and Congressmen calling for action.

But if you own an Apple AAPL +0.21% Mac, there’s much less chance of your PC being infected with ransomware than if you’re a Microsoft user. Only one fully-functional sample has ever been seen — KeRanger, which infected under 7,000 Apple machines. Not only are there only a handful of examples, two of which were developed as research projects rather than genuine cybercriminal tools, but one professional hacker has developed a tool he believes will successfully prevent any current forms of ransomware infecting Mac OS X. And he believes that as long as criminals aren’t able to hack his tool, future forms of ransomware should be killed before they even have a chance to make a mockery of Apple security. For the full article click here

from hacker samurai http://ift.tt/1We4lNr
via IFTTT

Tuesday 19 April 2016

Hacked by Iran: A putrid pattern | hacker samurai

from Hacker Samurai http://ift.tt/1NyQkTE
via IFTTT

Experts warn: remove QuickTime to avoid hackers | hacker samurai

from Hacker Samurai http://ift.tt/1NyQiuY
via IFTTT

Pentagon to reward hackers for finding security problems | hacker samurai

from Hacker Samurai http://ift.tt/1NyQkTC
via IFTTT

Hackers deface DZMM website leak database | hacker samurai

from Hacker Samurai http://ift.tt/1NyQiuU
via IFTTT

User beware: Hackers pose as friends to get your personal information | hacker samurai

from Hacker Samurai http://ift.tt/1VA5gsB
via IFTTT

Hacked by Iran: A putrid pattern

Long before the Obama administration hailed the nuclear deal with Iran, federal authorities were tracking teams of Iranian hackers who have attacked U.S. financial institutions since 2011.

So as not to rock the boat before implementing the nuke accord and securing the release of four American prisoners in Iran, the Islamic republic’s hacking was kept quiet until recently, according to The Daily Signal. The so-called “powerful message” sent by the hackers’ indictments, trumpeted on March 24 by Attorney General Loretta Lynch, is a tad diluted by its timing.

Reportedly two teams of Iran-based hackers affiliated with the Islamic Revolutionary Guard launched cyberattacks against the United States from 2011-13. Three employees of Iran’s ITSecTeam attacked 46 financial institutions while four employees of Iran’s Mersad Co. attacked 24 companies.

Just last month, National Intelligence chief James Clapper identified Iran, along with China, Russia and North Korea, as “leading threat actors” against U.S. security. For the full article click here

from hacker samurai http://ift.tt/1NyQkTE
via IFTTT

Experts warn: remove QuickTime to avoid hackers

A US cyber security team is advising Windows computer users to remove the software QuickTime to avoid being hacked.

The US Computer Security Readiness Team (CERT) issued the alert on their website late last week.

The alert recommends removing the media software from any computer using Microsoft Windows with Apple QuickTime installed.

“According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation,” CERT wrote.

According to CERT, computer systems that continue to run the unsupported software are exposing themselves to “elevated cybersecurity dangers”.

“Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems…such as increased risks of malicious attacks or electronic data loss.

“Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats.

“Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets,” CERT wrote. For the full article click here

from hacker samurai http://ift.tt/1NyQiuY
via IFTTT

Pentagon to reward hackers for finding security problems

Hacking the Pentagon may sound like something that might land a person behind bars, it’s legal for a select group of hackers and could actually lead to a big pay-day.

The initiative, known as “Hack The Pentagon”, is the first cyber bug bounty program in the history of the federal government.

A group of hackers screened and hand-picked by the federal government are searching for vulnerabilities on Department of Defense (“DOD”) websites. ABC News reports more than 500 people are currently enrolled in the program which started on Monday and will run through May 12.

Chris Woodward, an account technician at Cards Technology, says it’s an approach many big companies have used in the past.

“I know Microsoft, Google, yahoo and apple have all done this in the past,” Woodward explains. “I don’t think their rewards or pots for whoever wins are as big, but it’s definitely a common thing.”

The payout for hackers able to find what the U.S. Department of Defense calls “vulnerabilities” is 150,000 dollars. For the full article click here

from hacker samurai http://ift.tt/1NyQkTC
via IFTTT

Hackers deface DZMM website leak database

MANILA, Philippines — Hackers on Monday defaced the website of ABS-CBN’s radio dzMM and leaked its database.

Bloodsec International and Anonymous Philippines claimed responsibility for the hacking, which is it said was a call for media to be objective in its reporting.

“Our minds are constantly being invaded by legions of half-truths, prejudices and false facts. One of the great needs of mankind is to be lifted above the morass of false propaganda,” the hackers said on the defaced website.

On its Facebook page, Blood Sec Hackers warned other television networks to be fair and objective in reports. For the full article click here

from hacker samurai http://ift.tt/1NyQiuU
via IFTTT

User beware: Hackers pose as friends to get your personal information

BIRMINGHAM, AL (WBRC) –

Your personal computer it’s a gold mine for hackers and those hackers are getting better at stealing your information.

Gary Warner knows the ins and outs of hackers. The UAB computer security expert says once hackers get access to your computer they can do everything from steal your passwords to take control of your webcam.

In fact, Warner says some hackers are trading webcam material of women and the internet itself isn’t helping. Warner says there are a number of sites and groups that teach you how to do it and you could learn how to hack in about an hour.

“One of the common things that we’re seeing right now is there’s a huge increase of phishing in email accounts. So, where they’re trying to steal the password to your Gmail account or your yahoo account, once they have your Gmail password they look through your address book and they find all your friends. And then they send emails as you to try to convince people to click on your things,” said Warner. For the full article click here

from hacker samurai http://ift.tt/1VA5gsB
via IFTTT

Monday 18 April 2016

This Hacker’s Account of How He Infiltrated Hacking Team Says a Lot About Digital Security |...

from Hacker Samurai http://ift.tt/1XEHNEh
via IFTTT

Rutgers hosts 10th HackRU over weekend | hacker samurai

from Hacker Samurai http://ift.tt/1SpLlw0
via IFTTT

Apple iOS 9.3 Jailbreak Tool Still Being Awaited by Users; American Tech Giant Appears to Have...

from Hacker Samurai http://ift.tt/1SpLlfF
via IFTTT

Battle lines drawn in the war against against car hackers | hacker samurai

from Hacker Samurai http://ift.tt/1SpLjEq
via IFTTT

Your phone number is all a hacker needs to read texts, listen to calls and track you | hacker...

from Hacker Samurai http://ift.tt/1SpLlfD
via IFTTT

This Hacker’s Account of How He Infiltrated Hacking Team Says a Lot About Digital Security

You may remember that last year, a hacker exposed the inner workings of Hacking Team, a company that makes spyware for governments. Now that the dust has settled down, someone claiming to be the hacker has posted all the details on how he did it.

The hack itself was executed using a common weakness: first, an embedded device within the network was found with a known zero-day weakness. From there, the hacker was able to get into an unencrypted backup and find the passwords for a Domain Admin server, which basically gave him the keys to the kingdom. For the full article click here

from hacker samurai http://ift.tt/1XEHNEh
via IFTTT

Rutgers hosts 10th HackRU over weekend

Hundreds of students gathered to practice their coding and design skills at the 10th semi-annual HackRU.

The 24-hour software and hardware design event, took place at the Rutgers Athletic Center on April 16 and 17 with about 800 students in attendance, the majority of whom were from Rutgers.

The remainder hailed from different institutions ranging from local high schools to the University of Maryland, Temple University, Drexel University, Stony Brook University, Rochester Institute of Technology and Cornell University.

HackRU is the second oldest student-run hackathon in America behind PennApps, which is run by the University of Pennsylvania, said Michelle Chen, a School of Arts and Sciences junior and the executive director of the event.

HackRU is seeking to better itself not in terms of money or hackers but rather in terms of quality, she said.

One way they are working to improve its quality is through Tech Talks.

Tech Talks are 30 to 60-minute long technical seminars or workshops that are given by either representatives of sponsors, alumni, on-campus organizations or the Undergraduate Student Alliance of Computer Scientists (USACS), the organization that runs HackRU, Chen said.

“This year we ramped-up our tech-talks. We have over half a dozen going on during this hackathon,” she said.

The panels focus on central topics, she said. Introductory talks were included this year, which allowed both beginners and advanced hackers to learn new things. For the full article click here

from hacker samurai http://ift.tt/1SpLlw0
via IFTTT

Apple iOS 9.3 Jailbreak Tool Still Being Awaited by Users; American Tech Giant Appears to Have Come Up with an Unjailbrekable Firmware

Despite claims from several hackers that they have already cracked the Apple iOS 9.3 since it was officially released last month, no jailbreak tool has been officially released by anybody thus far.

For sure, the people at Cupertino in California are reserving their best smiles since not even the popular jailbreakers over at Pangu and TaiG have not able to come up with something thus far, notes Neurogadget.

Normally, a jailbreak exploit comes out in just a matter of days or even hours upon the release of the latest iOS from Apple. However, in the case of the Apple iOS 9.3, it seems that the hacking community is having some difficulty cracking such. For the full article click here

from hacker samurai http://ift.tt/1SpLlfF
via IFTTT

Battle lines drawn in the war against against car hackers

How many ECUs do you reckon your car has on board?

One or two? As many as a dozen?

According to Hans Roth, of tech giant Harman, modern cars can have 120 ECUs operating them. That’s how far we’ve already done down the road towards driving self-propelled computers.

Of course, as autonomous driving becomes reality these computers will become ever-more interconnected. And that raises the spectre of hacking.

Last year, Fiat Chrysler recalled 1.4 million vehicles after a pair of hackers were able to take control of a Jeep Grand Cherokee via the mobile phone network – to the degree that they could disable its brakes and even take over its steering.

And Harman is alert to the threat. It recently bought two software security companies – and subsequently launched a new anti-hacking package. For the full article click here

from hacker samurai http://ift.tt/1SpLjEq
via IFTTT

Your phone number is all a hacker needs to read texts, listen to calls and track you

Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number.

The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS’s 60 Minutes.

The hack uses the network interchange service called Signalling System No. 7(SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another.

By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person’s location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier. For the full article click here

from hacker samurai http://ift.tt/1SpLlfD
via IFTTT

Saturday 16 April 2016

Hackers seek to hijack tax preparers’ computers | hacker samurai

from Hacker Samurai http://ift.tt/1V8k3uE
via IFTTT

QuickTime For Windows Now Vulnerable To Hackers, Users Urged To Uninstall | hacker samurai

from Hacker Samurai http://ift.tt/1p6qgcg
via IFTTT

Apple says it has the ‘most effective security organization in the world’ | hacker samurai

from Hacker Samurai http://ift.tt/1V8k3uy
via IFTTT

Hackers Gain Control of Small Business’s Facebook Page, Demand Ransom | hacker samurai

from Hacker Samurai http://ift.tt/1p6qeRG
via IFTTT

Hackers seek to hijack tax preparers’ computers

The Internal Revenue Service on Friday warned tax preparers of a new scam in which cyberthieves hijack a preparer’s computer system, file client tax returns, and redirect refunds to thieves’ accounts.

The IRS advisory, which was distributed to the media and tax-industry participants, said the agency is aware of a handful of cases to date. The scheme, which comes ahead of the April 18 tax filing deadline in most areas, is the latest development in cybercriminals’ ongoing efforts to steal tax refunds using the information of legitimate taxpayers.

The scam has also surfaced with state tax returns, said Verenda Smith, a spokeswoman for the Federation of Tax Administrators, an industry group of state revenue officials. On Tuesday, the Indiana Department of Revenue warned the state’s CPA Society to take precautions against it.
“We are seeing this in a lot states. It’s not concentrated in any one geographic area or type of firm,” said Andy Bucholz, an executive with LexisNexis Special Services, which helps 16 states fight tax cyberfraud. For the full article click here

from hacker samurai http://ift.tt/1V8k3uE
via IFTTT

QuickTime For Windows Now Vulnerable To Hackers, Users Urged To Uninstall

WASHINGTON, D.C (CBS) – A warning to Windows users, the government is urging users to uninstall the QuickTime application on your computer as soon as possible.

On Friday, the Department of Homeland Security issued an alert stating that the QuickTime software will soon be vulnerable to hackers and possible exploitation.

“Computer systems running unsupported software are exposed to elevated cyber-security dangers, such as increased risks of malicious attacks or electronic data loss. Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems,” the department said. For the full article click here

from hacker samurai http://ift.tt/1p6qgcg
via IFTTT

Apple says it has the ‘most effective security organization in the world’

Apple said in a press briefing earlier today that it has the “most effective security organization in the world,” and discussed multiple layers of iPhone security on both the hardware and software side to underscore this point.

The press briefing with Apple engineers was highly technical, including details that were previously undisclosed and in some cases might require deep knowledge of security protocol to understand. But it doesn’t take a degree in CS to understand the timing and relevance of the briefing: Apple is currently at odds with the U.S. government over the issue of encryption. While the government is exerting pressure on Apple to make the iPhone less secure and to cooperate when it comes to obtaining crucial digital information, the company is adamant that doing so would compromise the privacy and security of consumers. For the full article click here

from hacker samurai http://ift.tt/1V8k3uy
via IFTTT

Hackers Gain Control of Small Business’s Facebook Page, Demand Ransom

A small Nashville business, The Vintage Honey Shop, has found out the hard way how easy it is to fall victim to money-grubbing hackers. The co-owners, Jennifer and Melissa Gilkes, who are sisters-in-law, make organic jewelry, which sell well among mothers.

Their business Facebook page was hacked, with the so-far-anonymous hackers demanding money:

“If you want to get your Facebook page back you have to pay a little bit. You have 24 hours to tell us if you want your business back,” she [Jennifer] read.

The ransom was sent through Facebook message and email. — WTVF (Nashville) Webstaff, NBC26

When the money wasn’t forthcoming, the hackers, posing as the owners, posted vulgarities on the site. But a little publicity on behalf of the Gilkes brought results with the hackers being ousted. For the full article click here

from hacker samurai http://ift.tt/1p6qeRG
via IFTTT

Hacking Homelessness at Business Rocks

What do you get when you combine a hundred hackers with a bunch of business billionaires? Just maybe a solution for global homelessness!

Manchester, UK, April 15, 2016: At 9am on April 21, the Business Rocks conference in Manchester will welcome the 48-hour Hackathon for Homelessness, bringing together hackers from around the globe, billionaire business leaders, and international activists to collaborate on producing a technological solution for the growing problem of global homelessness.

“They say that a nation should be judged by how they treat their most vulnerable and if trends in criminalization of the impoverished and homeless is any indication, the US & UK are absolutely losing this battle,” says US activist and actor Joe Fionda, one of the Hackathon panelists.“The objective to the hackathon is to develop a universal human rights framework. We have government systems For the full article click here

from hacker samurai http://ift.tt/1ScY3ZE
via IFTTT

Hacking Homelessness at Business Rocks | hacker samurai

from Hacker Samurai http://ift.tt/1ScY3ZE
via IFTTT

Friday 15 April 2016

Blizzard’s Battle.net taken offline by hackers

Lizard Squad takes massive cloud gaming platform offline

Hacking collective Lizard Squad is claiming responsibility for a DDoS attack that last night caused major disruption to Battle.net, the network that supports Activision-Blizzard’s flagship games World of Warcraft, Diablo 3, Starcraft 2 and Hearthstone.

DDoS (distributed denial of service) attacks are a crude but relatively effective way of taking websites and online services, such as cloud gaming platforms and websites, offline completely or causing major disruption. Frequently, the objective is simply to cause inconvenience to the target and its customers – in this case, the several million combined subscribers to these four games – but can also sometimes be used as a distraction technique for a more serious attack.

Blizzard’s customer services Twitter account first acknowledged an “issue affecting [its] authentication servers, which may result in failed or slow login attempts” at 2.37am BST, before confirming it was suffering a DDoS attack roughly 30 minutes later. In total, the attack lasted approximately two-and-a-half hours. For the full article click here

from hacker samurai http://ift.tt/1SGzDHi
via IFTTT

Email spoofing scam resulting in W2 fraud

(WFLA) — You would never expect your company to willingly hand over your personal information to a hacker, but it’s happening all the time. That’s because hackers are spoofing the email addresses of CEOs, so employees don’t realize they’re sending sensitive information to a hacker until it’s too late.

In some cases, hackers are obtaining W2 information so they can fill out bogus tax returns and make off with refunds.

The FBI refers to the scam as “Business Email Compromise,” and it can come in different forms. Between October 2013 and March 2016, the FBI reports more than 12,000 cases of BEC in the U.S. resulting in more than $900 million in losses. In Florida, there are more than 700 reported cases resulting in more than $29 million in losses. For the full article click here

from hacker samurai http://ift.tt/1MxPk7r
via IFTTT

Blockchain used as ransomware delivery system for hackers

Ransomware authors have turned to the blockchain to better facilitate their operations, using it to better deliver decryption keys to victims who have paid up.

The new technique has been spotted in a recent version of the well-travelled CTB-Locker ransomware. CTB has been targeting Windows computers for some time but a new PHP-based variation has started targeting websites.

In its original form, once a victim of the ransomware pays up to unlock their files (encrypted by the malware upon infection), a script called access.php was used to access the hacker’s back-end server and retrieve a decryption key.

Security researchers Sucuri reckon that hackers have turned away from that method due to its relative unreliability. Hacked websites storing the php file could be cleaned by their owners, and having to maintain a list of hacked servers would be “a hassle” for the criminals.

In an ingenious turn to make hackers everywhere shed a tear of pride, the authors behind CTB-Locker have started using the blockchain to deliver keys instead.

The technique was first spotted by Sucuri in March and relies on an information field in Bitcoin protocols introduced in 2014. It creates a unique Bitcoin wallet address for every infection and then, once the victim pays up in Bitcoins, it sends a bogus transaction in the opposite direction. For the full article click here

from hacker samurai http://ift.tt/1SGzDqG
via IFTTT

GOOGLE FIGHTS HACKERS, INCLUDING STATE-SPONSORED ONES

Google is protecting Gmail users against hackers by using more encryption.

The tech giant has launched new tools to alert users when email is not encrypted, when a link could be dangerous or when a user may be the target of state-sponsored attacks.

Google has extended its Safe Browsing service for Gmail accounts to help identify malicious activities that are being sent or received through email messages. The service already has been used to spot potentially dangerous links in messages, but now Gmail users will see pop-up warnings if they click the links: “Warning – visiting this web site may harm your computer!’’

“The security of our users and their data is paramount. We’ll continue to build new protections … that keep users safe,” Google said in a blog post.

The improved safety plan also includes stronger protections against rare but egregious state-sponsored attacks, which Google says happen to less than 0.1 percent of all Gmail users. For the full article click here

from hacker samurai http://ift.tt/1MxPlbt
via IFTTT