Archive for June 30, 2015

New Trojan that hides in PNG images affects healthcare organizatons

A new Trojan named the Stegoloader Trojan has been reported. The most victims claimed by this trojan are based in healthcare organizations in the US.

This new Trojan hides itself in PNG imaged to infiltrate personal computers of people and collect information. The malware hides in the pixels of the images.

The trojan hides in PNG images so it is able to circumvent security measures like network firewalls and personal antivirus software.

This malware was first spotted in 2013, but since then it has been reworked many times and multiple versions of Stegoloader now exist. Dell was the first company to report this malware.

Out of all the Stegoloader victims, 42 percent are in the healthcare industry.

Penn State University Becomes Victim To Yet Another Cyberattack


Penn State announced that it has detected another cyber attack.  The recent attack has been confirmed by the university on its’s College of Liberal Arts server. 
Penn State has stated that several systems have been compromised by cyberattacks; which have been accounted as two in number by anonymous threats.

FireEye cyber forensic unit, Mandiant has taken over the case and has been trying to investigate and analyse the attacks, that took place on the 4th of May; Seven weeks since then, the university now states that no harm has occurred in regards to the personally identifiable information(PII) or any other research data, since the it had introduced advances cybersecurity measures after the attacks on the College of Engineering servers.

Mandiant’s spokesperson, Nick Pelletier revealed that the attacks took place for the first time in 2014 within a 24-hour time period, while the latter breach was taken into action during March to May in 2015. Mandiant is not sure if the attackers are the same chinese group that attacked engineering.

Nick Jones, vice-president of Penn State in an official statement said that advanced monitoring systems have been introduced into the entire university network with constant support of Mandiant and the the attackers will be soon tracked down.

The attacks in the state university systems have created a threat for federal systems. Where any PII or research data was not compromised, some college-issued usernames and passwords were stolen and accessed. As a result, all the compromised accounts are being renewed and more information can be gathered from http://securepennstate.psu.edu.

Trend Micro discovers vulnerability in Android debugger "Debuggerd"


Trend Micro has found a new vulnerability that exists in phones running Android IceCream Sandwich to Lollipop.

The vulnerability in the debugging program of Android, Debuggered, allows a hacker to view the device's memory and the data stored on it.

You can create a special ELF (Executable and Linkable Format) file to crash the debugger and then you can view the dumps and log files of content stored on the memory.

The glitch in itself is not a big threat but the type of data it can give a hacker access to can lead to a difficult situation.

Google is said to be working on a fix in the next version of Android for this.

Beware of CryptoWall Ransomware, victims reporting losses totaling over $18 million


FBI's Internet Crime Complaint Center's (IC3) data shows CryptoWall as the most current and significant Ransomware affecting millions of individuals and businesses in US.

CryptoWall and its variants have been targeting people since April 2014, between April 2014 and June 2015, the IC3 received 992 CryptoWall related complaints, with victims reporting losses totaling over $18 million.

The victims incurs ransom fees between $200 and $10,000, there are additional costs which includes network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.

The system becomes infected when the victim visits or clicks on the infected advertisement, email, attachment  or  infected websites- The malware encrypts the victim's file stored on the infected machine. Ransomware schemes demand payment in Bitcoin as  it is easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

Victims can register the complaint to local FBI field office, or may also file a complaint with the IC3 at www.IC3.gov.

Don’t click every link to read sensational stories on social networking site

Credits: Symantec

Sensational stories! Wow, the only one thing common which we all love. Especially on social medias, we do not think even hesitate before clicking any sites or email to read such stories.

However, researchers say that we need to be vigilant and skeptical when reading sensational stories on social media sites or in emails.

People should visit trusted news sources for information instead of clicking on random links online, go directly to your trusted news source because few days ago, a Brazilian singer and songwriter Cristiano Araújo lost his life in a car accident.

After his death, Symantec started to observe malicious spam email using the news as a lure. Some of the spam emails attempt to entice users into downloading video footage of the accident. If users click on the Google Drive URL found in the email, they will end up downloading malware. The malware is detected as "Download.Bancos", a well-known banking malware that has been plaguing South America for a while now.

Once the initial malware, a downloader, infects the computer, it will download Infostealer.

Security researchers from Symantec Security Response wrote in the blog that their telemetry on the malware distributed by this spam campaign shows it targeting users in Brazil and Venezuela.

“Symantec advises users to be cautious when it comes to emails crafted around popular news stories such as the one discussed in this blog as they may be malicious. This type of social engineering is not limited to email and users should also be careful on social media sites as similar tactics can also be used,” the researcher added.

The researchers strongly suggest that never install applications or do surveys in order to view gated content. It's a trick to put money in the pockets of scammers and anyone’s computer or device is at risk to malware.

“Report suspicious content. Do your part by reporting this type of content as spam,” the blog read.