Tuesday, 27 June 2017

Warning : Petya Ransomware Hits Banks, Telecom, Businesses & Power Companies.

NotPetya Ransomware just like WannaCry , Petya is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.

Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.

The attack already hit Ukraine central bank and Russian oil giant Rosneft. Government computers, airports, and large communication companies in Ukraine appear to have been affected as well. US biopharmaceutical giant Merck also confirmed that its network has been compromised as part of the global attack.

"Kaspersky Lab's analysts are investigating the new wave of ransomware attacks targeting organizations across the world. Our preliminary findings suggest that it is not a variant of Petya ransomware as originally reported, but a new ransomware that has not been seen before," the company said in a research note Tuesday afternoon. "That's why we have named it NotPetya."

According to Recorded Future’s Liska, other payloads might also be used in the attack: “There are also reports that the payload includes a variant of Loki Bot in addition to the ransomware. Loki Bot is a banking trojan, it steals usernames and passwords as well as other personal data from the victim machine and sends it to a command and control host.  Which means this attack not only could make the victim's machine inoperable, it could steal valuable information that an attacker can take advantage of during the confusion.’”

Sunday, 25 June 2017

Microsoft Said that: Windows 10 has disabled third-party Anti-Virus

Windows 10 does disable some third-party security software, Microsoft’s application compatibility teams found that roughly 95 per cent of Windows 10 PCs had an antivirus application installed that was already compatible with Windows 10 Creators Update,” said Rob Lefferts, director of security in the Windows and Devices group

But what about the 5 percent that weren’t compatible in Microsoft’s eyes? Lefferts says:"For the small number of applications that still needed updating, we built a feature just for AV apps that would prompt the customer to install a new version of their AV app right after the update completed. To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating".

Kaspersky is worried that Microsoft is trying the same trick, but – based on Lefferts' post – Redmond is ready to fight such claims "it has designed its own security software to only kick in when "an AV subscription expires, and the AV application decides to stop providing protection to the customer."

Thursday, 22 June 2017

OpenVPN Patches Remotely Exploitable Vulnerabilities

OpenVPN this week patched several vulnerabilities impacting various branches, including flaws that could be exploited remotely.

Four of the bugs were found by researcher Guido Vranken through fuzzing, after recent audits found a single severe bug in OpenVPN. While analyzing OpenVPN 2.4.2, the researcher found and reported four security issues that were addressed in the OpenVPN 2.4.3 and OpenVPN 2.3.17 releases this week.read more

Wednesday, 21 June 2017

Mostly Smartphone Apps share Your Data With Third-Party Services

Most of Smartphone app share your personal data with third-party comapnies like google Analytics, the facebook graph API or etc  , this is data privacy issue.

When people install a new  Android or iOS app, it asks the user's permission before accessing personal information. afthar that these app are collect the information from your phone as like contact number,message and etc.

and it can share your data with anyone the app's developer wants to -- letting third-party companies track where you are, how fast you are moving and what you are doing.
To get a picture of what data are being collected and transmitted from people's smartphones, the researchers from IMDEA Networks Institute in Spain developed a free Android app of their own, called the Lumen Privacy Monitor.

Because Lumen is about transparency, a phone user can see the information installed apps collect in real time and with whom they share these data.
"We try to show the details of apps' hidden behaviour in an easy-to-understand way. It's about research, too, so we ask users if they'll allow us to collect some data about what Lumen observes their apps are doing - but that doesn't include any personal or privacy-sensitive data," the researchers said in a statement released by the institute.

"We discovered 598 internet sites likely to be tracking users for advertising purposes, including social media services like Facebook, large internet companies like Google and Yahoo, and online marketing companies under the umbrella of internet service providers like Verizon Wireless," the study said.

Mobile App Protection

Your mobile applications can present material organizational risk, including intellectual property theft, operational disruption, software piracy, and data loss. Below are some examples.

1.Mobile apps may be modified with malware and placed on the public app marketplace.
2.Mobile apps proprietary business logic can be inspected and/or copied.
3.Mobile apps security and license checks may be circumvented.
4.Debugging mobile apps may allow access to sensitive data such as personally identifiable or regulated information.
5.Reverse engineering mobile apps can readily expose potential vulnerabilities and unlock otherwise secure access to high-value services.

Tuesday, 20 June 2017

Securityweek:Cisco Releases Open Source Malware Signature Generator

Cisco’s Talos intelligence and research group announced on Monday the availability of a new open source framework designed for automatically generating antivirus signatures from malware.
read more

Monday, 19 June 2017

Advertising Program:Facebook chases TV’s US$70b stash with its own video series

Facbook will statrt TV advertising market in its sights,the creation of video series that will begin to appear on the world’s largest social network later this year.

Facebook is closing deals for its first batch of shows, including two that the Hollywood Reporter unveiled earlier this week — reality competition series Last State Standing and a second season of comedy Loosely Exactly Nicole, which first appeared on MTV. The shows will be available via a new video tab on Facebook that hasn’t been released.

Facebook isn’t trying to compete with the highest end of that market — paid services Netflix, HBO and Showtime. It has its sights set on cable networks and advertising-supported online services with young viewers.
“Funding video is a way for Facebook to figure out its greater advertising program,” said Matthew Segal, chief executive officer of ATTN, a digital media company that publishes video to Facebook. “It’s clear they want to be a bigger player in the space; they want to eclipse TV.”

Facebook’s interest in funding video tantalises Hollywood, where producers drool at the thought of another deep-pocketed patron alongside fellow tech giants Amazon.com Inc, Apple Inc and Alphabet Inc. Other new players, like Verizon Communications Inc, have had a harder time, often committing less money to less ambitious shows.

With two billion people checking their news feed every month, Facebook reaches more people than any TV network. “Not only do nearly 100 per cent of people under 35 have an account, but they are spending over 1,000 minutes a month on Facebook,” said ATTN’s Segal.

Facebook is also developing a second tab that will be devoted to the more high-end programming, the people said. Facebook prefers not to put details of the video product in writing and will only discuss it by phone, according to people who have dealt with the company. Facebook has also rankled some potential partners by insisting on selling advertising itself and inserting ads into the middle of live broadcasts, the people said.

Facebook has a small staff handling original programming, not enough to manage a robust operation. Facebook would rather share money from advertising sales than pay for content in the long term.
“The sustainable model is some sort of revenue sharing,” Fidji Simo, Facebook’s head of video product, said in an interview. “The goal is really to get a lot of different partners to come to Facebook share their content and find success. It’s very hard to find that over the long-term by funding.”

Sunday, 18 June 2017

Canada: Hackers Targeted Country's 2015 Election, May Try Again in 2019

Canada’s electronic agency says hackers tried to influence the 2015 election that brought Justin Trudeau to power and may try again in 2019.

In a report, the Communications Security Establishment (CSE) said hacktivists and cybercriminals had leaked sensitive government documents, and attempted to smear candidates and spread disinformation and propaganda ahead of the 2015 vote. read more

Wednesday, 14 June 2017

FBI Warns of North Korea's 'Hidden Cobra' Attacks

The Hidden Cobra group(North Korean government hackers) has been busy targeting victims for the last eight years. they are use Malicious tool as like DDos botent , keyloggers, RATs(remote access tool) and wiper malware.
The group tends to target old runing machine  and unsupported versions of microshoft windows. It has also exploited Adobe Flash Player vulnerabilities and Microsoft Silverlight to get a toehold in environments. Organizations are advised to update to the newest version and patch level; if Flash and Silverlight are no longer needed, then push them to the curb and get those apps is off the of systems.

The FBI investigate and found , the 663 IP addresses listed in the IOC are being used by Hidden Cobra for network exploitation. DHS and FBI want network administrators to add those source and destination IPs to their watchlists to determine if there has been malicious activity within their organizations. The alert also includes YARA rules and network signatures created through a “comprehensive vetting process.”

                                                         Read full news article