MageCart Kills Competition By Rendering The Rival’s Marketable Data Worthless

New Post has been published on https://worldhackernews.com/magecart-kills-competition-by-rendering-the-rivals-marketable-data-worthless/

MageCart Kills Competition By Rendering The Rival’s Marketable Data Worthless

on Sunday, November 25, 2018 |

Seems like the cyber-cons don’t completely rely upon their own tight-fist web-crime methods and hence have resorted to incapacitating their rivals in terms of destroying the payment data drawn out via the online sites. As a result the victimized participant faces a humongous loss and a seriously jeopardized reputation.

The par takers of this feud have clearly started thinking of this as a game and they tend to clash up on the actual victim’s server.

Reportedly, the parties that are a part of this whimsical rivalry strife belong to the “MageCart.” Groups.

One of the independent security researchers, belonging to a well-established organization, had published a couple of reports instating the codes that were used by “MageCart” group 9 in the attempt of destroying their rivals’ manoeuvres.

The stores used as battlefield in the strife were, “B.Liv” online (a cosmetics shop) and “Umbro Brazil.”

The code which was used by group 9 was obfuscated and could easily sense the incidence of other web-skimming tools on the server.

To kick the data-poisoning system into effect, the domain names used by the rival to eliminate the payment data are checked by the skimming code. The moment it gets sensed the very moment a number that falls between 0-9 is substituted at the last in the card number.

The moment a rival skimmer is sensed, the card data gets seized immediately and the last number gets changed, rendering the data futile.

Such a minor alteration in the card’s number is more than enough to render the data useless.

The rival would then attempt to sell the card with no useful material in it on the dark web only to hamper his reputation vastly. The black market is all about status and once that is smashed into pieces by unsatisfied customers, the seller would stand nowhere.

This strategic approach of the cyber-cons towards their competition has been spotted previously as well, in case of crypto-mining.

“Magecart” specifically exploits the third-party scripts loads during checkout. The website owners should eliminate pages that exhibit payment details or transaction data to keep themselves and their sites safe.

Follow @EHackerNews

Category:

Share this with Your friends:

MageCart Kills Competition By Rendering The Rival’s Marketable Data Worthless ~ E Hacking News: http://www.ehackingnews.com/2018/11/magecart-kills-competition-by-rendering.html

Source link

Your Company Phoneline Could Be A Potential Security Risk

New Post has been published on https://worldhackernews.com/your-company-phoneline-could-be-a-potential-security-risk/

Your Company Phoneline Could Be A Potential Security Risk

In an age of tighter regulation and growing cyberthreats, companies are under increasing pressure to ensure their customers’ financial data is safe and secure. The number of incidents reported in the news about breaches of credit card details, passwords and account information reveal the extent of the challenge that companies are facing. This year alone, British Airways, Delta and Cathay Pacific all suffered cyber-attacks that saw thousands of customers financial details stolen.

Whilst the breaches were resolved, and customers informed, the impact on these companies’ brand, reputation and the trust of customers has been substantial. These incidents serve as a reminder that companies can’t afford to just react to cyberattacks – they need to think ahead and implement security strategies that will safeguard their customers financial data. The challenge is to do this while also delivering a seamless, hassle-free purchasing and payment experience to their customers. That experience is being delivered, in most cases, well on online platforms and in person but companies need to remember another crucial channel of communication with customers – the phone. With so many interactions between companies and customers still taking place via the phone, it is crucial that these security strategies extend to calls where payment is being taken over the phone.

Contact centres, where the majority of these calls take place, play a crucial role in shaping customers’ perception of a brand, as they are one of the first ports of call for customers to contact when they face issues. They need to be at the forefront of financial security strategies, implementing measures that will safeguard customers’ financial data.

Phone payments need to be as secure as online payments

While online payment systems already have a high security level, where payments go through the financial service directly without any input from the company receiving it, payments made over the phone don’t have the same level of transparency and security. By making payments over the phone, customers run the risk of divulging their sensitive, personal financial information without actually knowing what happens to it, how it is used and by whom.

For many, particularly older generations, making a payment over the phone is still their preference – so contact centres need a system similar to that used in online platforms to ensure total compliance to regulation and the safety of their customers’ personal data.

To offer maximum compliance and protect both their customers and themselves, companies need to equip their contact centres with GDPR-friendly payment systems, that will allow customers to connect directly and seamlessly to the card payment network to make payments while on calls. For instance, enabling the customer to type in their credit card details directly through the phone keypad and share that information directly with the financial service provider, removing the contact agent out of the equation. At the same time, it’s crucial that while they make the payment, customers stay connected with the contact agent through voice to ensure they can flag any issues and complete their payments securely while on the call.

The regulation age

The recent introduction of GDPR (which imposes heavy fines to companies who don’t upgrade their security standards and fail to disclose breaches) and PCI DSS (an information security standard for organisations handling branded credit cards from the major card schemes to reduce fraud), coupled with high-profile hacks means consumers and companies alike are getting increasingly concerned about the safety of their personal financial data.

Consumers now hear almost every week on the news about a new data breach impacting them and putting their personal data at risk. They hear about those stories and know they might be next on the list of victims – making them increasingly worried about what happens to their financial data when they pass it on to companies to make payments over the phone. Consumer trust is now the hardest thing for companies to gain and retain, in the wake of high-profile data breaches. If that trust is breached, customers won’t think twice about moving to a competitor to get their services. This creates an imperative for companies to stop holding their customers’ credit card information, to remove the risk of it being compromised.

On top of this, empowering companies with the ability to record calls between them and their customers adds another layer of security and compliance, as it will give companies full transparency on what happens during calls and how call agents handle the customers’ data given to them over the phone.

Companies know that they can’t afford the financial and reputational loss a hack or data breach could cause in the GDPR era. On top of the heavy fines they would be subjected to, their turnover could be seriously affected by customers deciding to switch to rival businesses. Companies must invest in phone payment systems as robust and secure as their online payment systems. Only then will they be able to fully retain their customers’ trust.

window.fbAsyncInit = function() FB.init( appId : 494784607323930, // App ID cookie : true, // enable cookies to allow the server to access the session xfbml : true, // parse XFBML version : 'v2.4' // use version 2.0 ); ;

// Load the SDK asynchronously (function(d, s, id) var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "http://connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); (document, 'script', 'facebook-jssdk')); Source link

German e-government SDK patched against ID spoofing vulnerability

New Post has been published on https://worldhackernews.com/german-e-government-sdk-patched-against-id-spoofing-vulnerability/

German e-government SDK patched against ID spoofing vulnerability

Germany has patched a key “e-government” service against possible impersonation attacks, and both private and public sector developers have been told to check their logs for evidence of exploits.

Vulnerability in web library lets attackers spoof electronic ID card identities. The vulnerability, when exploited, allows an attacker to trick an online website and spoof the identity of another German citizen when using the eID authentication option. There are some hurdles that an attacker needs to pass before abusing this vulnerability, but the researchers who found it say their eID spoofing hack is more than doable.

In July, SEC Consult, the German cyber-security firm who discovered the flaw in this SDK, warned the country’s federal computer emergency team at CERT-Bund that software supporting the government’s nPA ID card had a critical vulnerability (the ID cards themselves have not been breached). Thereafter, Germany’s Computer Emergency Response Team coordinated with Governikus, the vendor, to release a patch –Autent SDK v3.8.1.2– in August this year.

The vulnerable component is named the Governikus Autent SDK that allows web developers to check users’ identities against the nPA. Because of a quirk of HTTP, the system could be tricked into authenticating the wrong person, SEC Consult said.

Governikus Autent SDK is one of the SDKs that German websites, including government portals, have used to add support for eID-based login and registration procedures.

The vulnerability doesn’t reside in the radio-frequency identification (RFID) chip embedded in German eID cards, but in the software kit implemented by websites that want to support eID authentication.

SEC Consult’s explained the exploit process in this blog post.

Online authentication is carried out using a smartcard reader and electronic ID (eID) client software such as the government’s AusweisApp 2. To authenticate a citizen, a web application (which could be a government service such as tax, or a private service such as a bank or insurer) sends a request to the eID client.

Source link

Fraudsters using Google Map flaw to dupe people

New Post has been published on https://worldhackernews.com/fraudsters-using-google-map-flaw-to-dupe-people/

Fraudsters using Google Map flaw to dupe people

Scammers have found a new loophole in the Google Maps  interface that allows them to edit the contact details and addresses of major banks, by which they have tricked users into revealing their their bank details like CVV and ATM PINs.

According to Google’s User Generated Content policy, anyone can edit the contact details and address on the platform. Taking advantage of this flaw,  a group of Thane-based con artists have updated the contact details of Bank of India and putted their own contact number, by this way they have been able to fool people.

“We have received at least three complaints from the Bank of India (BoI) over the last one month. In all three instances, we immediately notified the authorities at Google,” the Superintendent of Police, Balsing Rajput of the State cyber police quoted in the Hindu.

Meanwhile, the Bank of India spokesperson said that they have checked and changed the contact details of their branches on the Google Maps.

BOI’s spokesperson said, “After these incidents came to our notice, we modified the contact details on these branch listings on Google Maps. We asked users to use only Bank of India’s official website to search for branch contact details.”

However, the Google’s spokesperson said, “Overall, allowing users to suggest edits provides comprehensive and up-to-date info, but we recognize there may be occasional inaccuracies or bad edits suggested by them. When this happens, we do our best to address the issue as quickly as possible. The Google Safety Center outlines tips to help consumers stay safe online.”

Source link

The Best Way to Remove Malware from Mac Is Here

New Post has been published on https://worldhackernews.com/the-best-way-to-remove-malware-from-mac-is-here-2/

The Best Way to Remove Malware from Mac Is Here

Certain Mac apps being so persistent that they are it is anything but a simple task to remove them via the traditional methods. Regardless of whether done as such, there will dependably be some app remnants that will later stop up the system’s memory and assets regardless of whether one gets rid of the primary program, a few documents are probably going to be conveyed around the hard drives that are almost difficult to track and expel.

Thus, this piece particularly stresses on the means associated with the removal of such applications and their different classifications, why they hold on the user’s system and what ought to be done with the end goal to uninstall them totally.

A well-known participant from the rundown of the undesirable Mac apps is Advanced Mac Cleaner, appropriated through a fake Adobe Flash Player installer which is a variant of Crossrider/OSX Shlayer, basically an adware program. The Advanced Mac Cleaner uses Siri to inform the user in regards to some wrong doing with their Mac along with a configuration profile that the malware installs itself in the user’s Mac.

The expulsion of malware and other undesirable programs from the user’s Mac frequently requires root access, which represents the peril of changing system documents and impairing their computer by and large. Then again, a non-intrusive yet to a great degree complete Mac cleaner app like TunesBro CleanGeeker will get rid of anything related with an application that is being uninstalled.

The user should simply install the software and given it a chance to carry out the activity for them. The other option is simply to do it physically – go into every one of their registries one by one and search for stranded documents and organizers downloaded by the application that the user will probably never again require. Then again, CleanGeeker will give the user a chance to do a similar thing in just a few minutes. Here’s the ticket:

Step 1: For the user to download TunesBro CleanGeeker from the official TunesBro website and install it on their Mac.

Step 2: Once they launch the application, they will see an Uninstaller option on the left menu panel. They have to click on that.

Step 3: The software will scan and list out all the apps currently residing in the user’s Mac. They simply pick out the ones to uninstall and hit the button to proceed.

Step 4: Once the process is complete, they can go in manually and check for themselves – all app remnants will have been deleted.

As CleanGeeker offers all the correct alternatives to do so, the user’s next target ought to be to expel the remainders of applications that were uninstalled prior. To do this, the means given ought to be pursued painstakingly:

Step 1: Remove Junk Files – Using apps, browsing and interacting with people online generates a lot of digital junk that ends up clogging your memory. Click on Quick Scan in the CleanGeeker interface and delete all the junk found by the program.

Step 2: Remove Duplicates – Though not related to malware or unwanted apps, this is a useful step. Click the Remove Duplicates tab and then scan the system. CleanGeeker will list out all duplicates and similar. Review, select/deselect and delete them forever. You’ll be surprised by how much space is taken up by duplicate files.

Step 3: Remove Large Files – Most of the time, we don’t need those massive media files to sit around our system. The best thing for these is to back them up to the cloud and clear your local memory. To remove them, click on the corresponding tab in CleanGeeker to see all your large files. If you don’t need them, just select and delete them in bulk.

Furthermore, this is the way by which one efficiently expels the undesirable apps on Mac or anything so far that can possibly influence the user’s framework by backing it off or cutting it down totally.

Source link

US Postal Service fixed a year old vulnerability

New Post has been published on https://worldhackernews.com/us-postal-service-fixed-a-year-old-vulnerability/

US Postal Service fixed a year old vulnerability

The US Postal Service says it has fixed a security weakness on usps.com for sometime that let anyone see the personal account info of its users, including usernames and street addresses. The open vulnerability was reportedly identified over a year ago by an independent researcher but USPS never patched it until this week, when information security reporter Brian Krebs on Security flagged the issue after he received a tip from an anonymous security researcher. The USPS fixed the error within 48 hours after then.

The flaw exposed personal data for 60 million ‘Informed Visibility’ accounts.

“It was caused by an authentication weakness in the site’s application programming interface (API) that allowed anyone to access a USPS database offered to businesses and advertisers to track user data and packages. The API should have verified whether an account had permissions to read user data but USPS didn’t have such controls in place.”

Users were not simply exposed by sending and receiving mail, only becoming potentially compromised should they have conducted business on the site which required a user name. The user names were also exposed by the vulnerability, along with attending addresses. So if you have been one of the many users who have utilized USPS services online, hackers may have gathered some of your private information.

Users’ personal data including emails, phone numbers, mailing campaign data were all exposed to anyone who was logged into the site. Additionally, any user could request account changes for another user, so they could potentially change another account’s email address and phone number, although USPS does at least send a confirmation email to confirm the changes.

The United States Postal Service has recently been in the news due to another price increase on stamps and other delivery services. Those increases were the result of yet another year of financial woes, struggles which have left the USPS deeper in debt. It is reasonable to imagine that every aspect of the service is struggling, not just the information technology division.

Source link

Pedophiles are using Chinese apps to groom underage girls into porn: Experts

New Post has been published on https://worldhackernews.com/pedophiles-are-using-chinese-apps-to-groom-underage-girls-into-porn-experts/

Pedophiles are using Chinese apps to groom underage girls into porn: Experts

Social video apps have been gaining favour in India recently. We’re not talking about YouTube here, but apps focusing on ultra-short clips of about 15 seconds.

A clip was seen where a young girl, not more than 12 years old is dressed in a bright pink lehenga and a royal blue velvet blouse. She is standing in the middle of a field and swaying her body, shaking her hips, her chest heaving as she dances to a popular Hariyanvi number that goes Meri jalti jawani maange paani paani. It’s a 15-second clip on a short video app called Kwai popular in India. There’s another video of the girl in the same setting and clothes dancing with a boy about the same age, thrusting their bodies at each other in another song.

In another video, a girl about 10, looks directly at the camera, smiles sheepishly and parrots this couplet like she has just memorized the lines: Chadar odh kay sona, takiya modd kay sona, meri yaad aye, toh jagah chhod kay sona. A man’s voice behind the camera prods her: “Aur, aur suna (sing more, more)”.

She shies away saying, “Aur yaad nahi (don’t remember more).” The videos — and there are at least 560 more of them — were posted on the account, ‘Gaon ki Bachchiya’ (Village Girls), which has nearly 98,000 followers. Some of the videos are of girls as young as two or three, lip-syncing and dancing in an age-inappropriate manner, or doing chores like cooking and drawing water from a well. The comments are mostly from men, complimenting the girls on their bodies or asking to see more skin.

Much of the content featuring children come from accounts that are aggregators of such content or managed by parents or relatives of the children. Children think they are completing a challenge or a contest, not understanding what they are doing.

Worryingly though, experts say the apps are being abused, and are turning into a paedophile’s heaven.

What seems to be happening here is that the girls are being exploited for borderline child pornography. Nitish Chandan, a project manager for anti-child porn non-profit Cyber Peace Foundation, agrees. “Short video apps are the new ground to groom underage girls for child pornography,” he tells the publication. He says that, in the past year, their group has found a significant uptick in cases of child sexual abuse, harassment, and blackmail, where the predator found their victim on social apps like Kwai.

Source link

US Postal Service took a year to fix API flaw that exposed 60 million users' data

New Post has been published on https://worldhackernews.com/us-postal-service-took-a-year-to-fix-api-flaw-that-exposed-60-million-users-data/

US Postal Service took a year to fix API flaw that exposed 60 million users' data

The US Postal Service has finally fixed a security bug that allowed anyone logged onto the service to view the personal details of  other 60 million account holders.

The vulnerability was earthed over a year ago, but was patched yesterday after Krebs on Security flagged the issue as an anonymous security researcher informed them about the flaw.

According to researcher, it was caused by an authentication weakness in the application programming interface (API) that let users to access a USPS database for tracking packages.

The data that bug exposed includes email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data and more.

USPS has released an official statement, and said that the incident is under investigation.

“We currently have no information that this vulnerability was leveraged to exploit customer records,” USPS says. “The information shared with the Postal Service allowed us to quickly mitigate this vulnerability.

“Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information,” it continued. “Similar to other companies, the Postal Service’s Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity.”

“Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law,” USPS said.

Source link

21-Year-Old Arrested For SIM Swapping Hack; Allegedly Steals $1 Million

New Post has been published on https://worldhackernews.com/21-year-old-arrested-for-sim-swapping-hack-allegedly-steals-1-million/

21-Year-Old Arrested For SIM Swapping Hack; Allegedly Steals $1 Million

U.S. broadsheet the New York Post announced Nov. 20 regarding some authorities in the United State, state of California who have arrested a 21-year old New Yorker for the supposed burglary of $1 million in crypto utilizing “SIM-swapping,”

SIM-swapping otherwise called a “port-out scam” includes the burglary of a mobile phone number with the end goal to capture online financial and social media accounts, empowered by the way that numerous organizations utilize computerized messages or telephone calls to deal with client validation.

The captured suspect, Nicholas Truglia, is accused for having focused on well off Silicon Valley officials in the Bay Area, and of effectively convincing telecoms support staff to port six exploited people’s numbers to his an affirmed “crew” of accomplice attackers. Deputy DA Erin West, of Santa Clara Superior Court, told the Post that the ploy was “a new way of doing an old crime.”

“You’re sitting in your home, your phone is in front of you, and you suddenly become aware there is no service because the bad guy has taken control of your phone number,” West said.

With his capture on November 14, authorities were able to recover $300,000 in stolen reserves while the remaining assets remain untraced.

Trugila is currently being held at pending for extradition to Santa Clara, where he faces 21 felony counts related with an aggregate of six exploited people, authorities said. One of Truglia’s supposed SIM-swapping victims, San Francisco-based Robert Ross, was purportedly robbed of $500,000 worth of crypto possessions on his Coinbase wallet “in a flash” on Oct. 26, and in the meantime a further $500,000 was taken from his Gemini account. West said the $1,000,000 was Ross’ “life savings” and his two girls’ college fund.

This rising predominance of SIM swap-related occurrences has therefore provoked a California-based law enforcement group to make it their “most noteworthy need.” in excess of one prominent occasion, exploited people have acted to sue telecoms firms, for example, AT&T and T-Mobile for their help of the wrongdoing.

Truglia is since being held Manhattan Detaintion Complex pending extradition to Santa Clara in California. Formal charges identify with a seven-day “hacking spree” starting Oct. 8, particularly involving “grand theft, altering or damaging computer data with the intent to defraud and using personal information without authorization.”

Source link

Amazon's technical error leaks customers names and email addresses

New Post has been published on https://worldhackernews.com/amazons-technical-error-leaks-customers-names-and-email-addresses/

Amazon's technical error leaks customers names and email addresses

World’s largest e-commerce website Amazon has sent out emails to some of its customers informing them about a “technical error” that exposed their emails IDs and user names  on its website  publicly.

However, Amazon refused to elaborate the nature of the “technical error,” and the number of customers affected by this error.

The company said in In a statement, “We have fixed the issue and informed customers who may have been impacted.”

Amazon customers across Europe and the United States tweeted a screenshot of the email.

The company has appealed affected customers need not to panic, changing their password is not necessary.  Although phishing attackers could use affected customers names and emails to attempt to reset their accounts or target their emails.

Amazon has fired the employee who was behind the technical error. Their letter sent to the customers states: “We are writing to let you know that your email address was disclosed by an Amazon employee to a third-party seller on our website in violation of our policies. As a result, the employee has been tarminated and we are supporting law enforcement in their prosecution. The third-party seller has been blocked. This is not a result of anything you have done, and there is no need for you to take any action.” 

Source link

Over 6,500 Sites Down as Hackers Wiped Out Database

New Post has been published on https://worldhackernews.com/over-6500-sites-down-as-hackers-wiped-out-database/

Over 6,500 Sites Down as Hackers Wiped Out Database

Daniel’s Hosting, one of the most popular and largest hosting services providers for the ‘Dark Web’ Tor network was heavily targeted by cybercriminals, the hack attack wiped the server clean of 6,500 websites. Though the attack and the statistics have been confirmed by the service, the administrator still does not know where the vulnerability exactly is. 

Apparently, the websites have been forced to go offline but there’s more to the injury. 

Acknowledging the hack attack, Daniel Winzen who is a German software developer and the hosting administrator stated on the hosting provider’s website that the attack was instigated on Thursday i.e., 15th of November which is a day after a PHP zero-day exploit was leaked. 

   Referenced from Winzen’s writings, “The account “root” has been deleted,” 

“To this day around 6500 Hidden Services were hosted on the server and there is no way to recover from this breach, all data is gone.”

“I might re-enable the service once the vulnerability has been found, but right now I first need to find it,” said Winzen having ambiguous thoughts on the ‘type’ of vulnerability. 

According to him, the attackers worked their way to gain root access via phpMyAdmin and subsequently had all the data erased from the server. 

Quite oddly, Winzen noted that the attackers somehow did not get access to the full system. 

Putting that into perspective, he explained, “Other than the root account, no accounts unrelated to the hosting were touched and unrelated files in /home/ weren’t touched either. As of now, there is no indication of further system access and I would classify this as a “database only” breach, with no direct access to the system. From the logs, it is evident that both, adminer and phpmyadmin have been used to run queries on the database.” 

As the culprit remains to be unidentified along with the reason why Daniel’s Hosting was particularly targeted, Winzen quite reasonably is seeking IT security researchers and ethical hackers to get him through the crisis by identifying the vulnerability. 

Source link

Banks suspended work with the Unistream Bank due to hacker attacks

New Post has been published on https://worldhackernews.com/banks-suspended-work-with-the-unistream-bank-due-to-hacker-attacks-2/

Banks suspended work with the Unistream Bank due to hacker attacks

on Thursday, November 22, 2018 |

Many Russian Banks have suspended or terminated cooperation agreements with the Unistream Bank after a hacker attack.

On November 19, Fincert warned that some credit institutions blocked all incoming correspondence from the Unistream Bank after sending malicious content from its legal e-mail address.

As it became known, the recipients of the “malicious mailing” were many Banks from its partners in Russia, as well as in the CIS. Foreign partners reacted harshly to the hacking of Unistream Bank— some banks from Kyrgyzstan, Tajikistan and Uzbekistan suspended cooperation with the Unistream Bank. For example, Orient Express Bank prematurely terminated the contract on cooperation.

Some Russian banks have suspended cooperation for a while. However, some organizations, such as the Mail-Bank, didn’t see the reason to break contracts.

Representatives of the Unistream Bank deny the suspension of contracts with partners. The credit organization said that the investigation of the hacker attack is almost completed.

Follow @EHackerNews

Category:

Share this with Your friends:

Banks suspended work with the Unistream Bank due to hacker attacks ~ E Hacking News: http://www.ehackingnews.com/2018/11/banks-suspended-work-with-unistream.html

Source link

Mac users using Exodus wallet hit by spam

New Post has been published on https://worldhackernews.com/mac-users-using-exodus-wallet-hit-by-spam/

Mac users using Exodus wallet hit by spam

Security researchers at F-Secure have recently uncovered a small spam campaign aimed at delivering spyware to Mac users that use Exodus cryptocurrency wallet.

The campaign leverages Exodus-themed phishing messages using an attachment named “Exodus-MacOS-1.64.1-update.zip.” The messages were sent by accounts associated with the domain “update-exodus[.]io”, the attackers used it to trick victims into believing that it was a legitimate domain used by the Exodus organization.

The malware poses itself as a fake Exodus update, it is using the subject “Update 1.64.1 Release – New Assets and more”. Experts pointed out that the latest released version for Exodus is 1.63.1.

The zip archive includes an application created earlier this month that contains a Mach-O binary with the filename “rtcfg”.The researchers analyzed the code and found several strings and references to the “realtime-spy-mac[.]com” website, a cloud-based remote spy software for Mac systems.

“From the website, the developer described their software as a cloud-based surveillance and remote spy tool. Their standard offering costs $79.95 and comes with a cloud-based account where users can view the images and data that the tool uploaded from the target machine.” states the blog post published by F-Secure. “The strings that were extracted from the Mac binary from the mail spam coincides with the features mentioned in the realtime-spy-mac[.]com tool.”

Experts searching for similar instances of the Mac keylogger in the F-Secure repository and found other applications, including taxviewer.app, picupdater.app, MacBook.app, and launchpad.app.

“Based on the spy tool’s website, it appears that it does not only support Mac but Windows as well,” concludes F-Secure. “It’s not the first time that we’ve seen Windows threats target Mac. As the crimeware threat actors in Windows take advantage of the cryptocurrency trend, they too seem to want to expand their reach, thus also ended up targeting Mac users.”

Further details about the campaign, including IoCs are reported in the analysis published by F-Secure.

Source link

Track-pad Mode on iPhone and iPad; Changes The iOS Keyboard Into A Mouse

New Post has been published on https://worldhackernews.com/track-pad-mode-on-iphone-and-ipad-changes-the-ios-keyboard-into-a-mouse/

Track-pad Mode on iPhone and iPad; Changes The iOS Keyboard Into A Mouse

on Wednesday, November 21, 2018 |

Is your fat thumb or finger making it difficult for you to edit messages or words? Relax because the days of tapping onto words are gone. With the iOS 12, Apple has introduced to its iPhone and iPad users the new “track-pad” mode.

The aforementioned mode enables the users to change the whole keyboard into a mouse by holding onto any desirable key.

Simply pressing and holding any key of the iOS keyboard does the trick and makes the keyboard disappear and makes it possible for the users to freely and easily move their way like a mouse to where ever they want, without having to use their fingers or thumbs.

Using the track-pad is quite uncomplicated. Touch any key on the iOS keyboard of your iPhone or iPad and hold it, the keyboard would start disappearing and now simply start moving the cursor like a mouse.

Follow @EHackerNews

Category:

Share this with Your friends:

Track-pad Mode on iPhone and iPad; Changes The iOS Keyboard Into A Mouse ~ E Hacking News: http://www.ehackingnews.com/2018/11/track-pad-mode-on-iphone-and-ipad.html

Source link

The Federal Antimonopoly service in Russia has undergone cyber attack

New Post has been published on https://worldhackernews.com/the-federal-antimonopoly-service-in-russia-has-undergone-cyber-attack/

The Federal Antimonopoly service in Russia has undergone cyber attack

on Tuesday, November 20, 2018 |

Representatives of the Federal Antimonopoly service (FAS) of the Russian Federation announced that there was a cyber attack on their resources. The attack occurred last Wednesday.

The attack began with a sending to the FAS emails with the virus that steals service logins and passwords.

In parallel, there was a cyber attack on the information resources of the FAS, presumably for the purpose of hacking. Also, the Central Office of the Ministry and regional offices were attacked.

The Head of Public Relations Department of the FAS Irina Kashunina reported that hackers created for FAS the personal virus – the email with the attached file “Axigen WebMail.htm.”

The Information Security Service quickly reacted to the incident, there are no victims yet.

Follow @EHackerNews

Category:

Share this with Your friends:

The Federal Antimonopoly service in Russia has undergone cyber attack ~ E Hacking News: http://www.ehackingnews.com/2018/11/the-federal-antimonopoly-service-in.html

Source link

Facebook Messenger app crashed for users around the world

New Post has been published on https://worldhackernews.com/facebook-messenger-app-crashed-for-users-around-the-world/

Facebook Messenger app crashed for users around the world

　

　

Facebook Messenger has crashed for several users around the world, it specifically affected users in the United States and Europe.

The outage happened a day just after launching a new feature which allow users to delete messages on the app. However, on late Monday, thousands of users were unable to receive messages, send messages, some of them even faced problem in logging-in, and connecting to the Facebook servers.

According to the Down Detector, a portal which track outages report that within ten minutes of Messenger’s blackout they got 2,535 reports, and multiple reports were reported from around the world on Twitter.

The Messenger was down for a few hours before being set to normalcy. Facebook did not reveal the reason behind the outage.

“Messenger is generally reliable, but has had more issues recently, with four outages in September alone,” said a Forbes report.

The Facebook has introduced a new “Remove for Everyone” feature on its messaging, it gives users ten minutes to delete a sent message. It was initially only available for CEO Mark Zuckerberg. Now, it is being rolled out for all the users around the world.

　

Messenger has over 1.3 billion monthly active users, and 1.5 billion monthly average users.

　

Source link

European Cinema Chain Loses an Astonishing US$21.5 Million to a Business Email Compromise

New Post has been published on https://worldhackernews.com/european-cinema-chain-loses-an-astonishing-us21-5-million-to-a-business-email-compromise/

European Cinema Chain Loses an Astonishing US$21.5 Million to a Business Email Compromise

on Tuesday, November 20, 2018 |

An European-based cinema chain Pathé lost an enormous fortune of around 19 million euros (US$21.5 million) to a business email compromise (BEC) scam in March 2018 by an attack, which kept running for about a month and ultimately costed the organization 10 percent of its aggregate profit.

The scammers here deserted setting the ‘fake President’ against the ‘real CFO’ for faking French head office missives to the Dutch management.

Beginning with the following mail:

“We are currently carrying out a financial transaction for the acquisition of foreign corporation based in Dubai. The transaction must remain strictly confidential. No one else has to be made aware of it in order to give us an advantage over our competitors.”

Even however the CFO and Chief considered it odd, they pushed on in any case and still sent more than 800,000 in Euros. At the point when more demands pursued, including a few while the CFO was on furlough—the two executives were fired not long after the head office took note of the situation.

In spite of the fact that they weren’t associated with the fraud, Pathé said they could and should have seen the warnings. The business email compromise endeavor was devastatingly effective as they failed to take note of the warnings and there was no security net set up.

Typically a business email compromise is a sort of phishing attack, topped with a dash of ‘targeted’ social engineering however this specific BEC scam was very intriguing since it featured a somewhat extraordinary way to deal with the attack.

As the business email compromise keeps on developing in ubiquity among the scammers, and it’s up to us to battle it. It is progressively essential for any and each organization to consider the BEC important.  BECs being a standout amongst the most slippery dangers around it is advised for the all the clients to keep their funds operating at a profit as a need, regardless of the fact that whether they disseminate motion pictures, IT administrations, or anything else for the matter.

Follow @EHackerNews

Share this with Your friends:

European Cinema Chain Loses an Astonishing US$21.5 Million to a Business Email Compromise ~ E Hacking News: http://www.ehackingnews.com/2018/11/european-cinema-chain-loses-astonishing.html

Source link