Archive for April 30, 2017

Game guide malware targets 500,000 users

(pc-Google Images)
App-based guides for games have targeted more than 500,000 users with malware. According to researchers at Check Point, More than 40 guide apps, including Fifa and Pokemon Go, for popular games were found to be capable of delivering the malware to users' devices.

It is expected that the apps were downloaded between 528,000 and 1.8 million times, though it is not known how many of these downloads resulted in the deployment of malware.

"Since the actual apps do not contain any malicious code themselves, it's very hard to trace," said Daniel Padon, at Check Point.

When an app is downloaded, it asks users for device admin permission to ensure the software cannot be deleted. It then tries to establish a connection with a command and control server, turning the device into a bot in a botnet - a network of devices controlled from afar. Malicious software can then be downloaded.

This could allow hackers to send illegitimate pop-up ads, use the device as part of a DDoS attack, or snoop on data sent via the device's network.

Software flaw makes HP, Fujitsu and Philips notebooks vulnerable

(pc-Google Images)
Researchers at SEC Consult discovered a vulnerability in Portrait Display, a software used by OEMs such as HP and Fujitsu on millions of notebooks.

The impacted product allows users to configure their displays (i.e. rotation, alignment, colors and brightness) via a software application instead of hardware buttons.

Portrait Displays’ products are used by several major vendors, including Sony, HP, Acer, Fujitsu, Philips, Dell, Benq, Lenovo, Sharp and Toshiba. However, SEC Consult could only confirm the vulnerability for Fujitsu’s DisplayView, HP’s Display Assistant and My Display, and Philips’ SmartControl applications.

The vulnerability, tracked as CVE-2017-3210, exists in the Portrait Displays SDK service and it allows any authenticated attacker to execute arbitrary commands and escalate their privileges to SYSTEM.

Portrait Displays has released a patch and advised users to install it immediately. As an alternative, users can address the problem by removing the vulnerable service’s permissions via the “sc” command in Windows. CERT/CC has also released an advisory for this security hole.

Hackers threatens Netflix to release new season of "Orange Is The New Black" online

Hackers who claims to have stolen and published first 10 episodes of the upcoming season of Netflix’s "Orange is the New Black" on the Torrent site.

They are now threatening them to release more episodes on the internet if the Netflix fails to pay them an undisclosed amount of ransom money.

"We are aware of the situation. A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved,” Netflix said in a statement.

According to the reports of Variety, the group is operated under the name of "The Dark Overlord." They threatened the network that they have plenty of more series from other networks like ABC, Fox, IFC, and National Geographic.

"It didn't have to be this way, Netflix. You're going to lose a lot more money in all of this than what our modest offer was," the hacker wrote, reports Variety. "We're quite ashamed to breathe the same air as you. We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves."

The  F.B.I. is investigation this matter.

While the new episodes of “Orange Is the New Black” are set to release on June 9.

Iran launches cyber attacks on Saudi Arabia

 McFee revealed that the cyber attacks on Saudi Arabia over the last few months have been continuing. McAfee revealed the details about  this disruptive campaign which is unofficially directed to Iran.

Raj Samani, chief Scientist said that the previous cyber attacks on Saudi Arabia's state run oil company happened in 2012 were very similar to cyber attacks this time though this time its more massively destructive , speaking ahead of the blog post's publication.

Samani said "This campaign was a lot bigger" he added "Way larger in terms of the amount of work that needed to be done"

In one of the claims, the 2012 cyber attacks against Saudi Aramco and Quatari natural gas company RasGas were one of the most dangerous cyber attacks ever publicly revealed. It was a huge data wiping attacks that wrecked tens of thousands of computers.

McAfee officials said that the malicious code for attacks used this time were heavily copied from the previous 2012 attack, part of the code seems to have been copied from a previously known hacking group, Rocket Kitten. US cyber security has indicated Iran for the attacks with greater or lesser certainty.

While McAfee has refused to link any particular actors to the incident.

Saudi officials gave little information about the incident saying more than dozen government agencies and companies were effected and a governor adviser didn't responded when asked about the attacks.

The Iranian Embassy in Paris have also not responded to the messages .

Interpol unearths more than 9000 malware hit servers in ASEAN

(PC-Google Images)
A cybersecurity operation run out of the Interpol Global Complex for Innovation (IGCI) has uncovered more than 9,000 malware-laden servers and hundreds of compromised websites in the Asean region, including government portals.

Interpol said that it worked with investigators from seven countries and seven private sector companies for this operation. The countries involved were Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam. China also provided additional cyber intelligence.

Investigators also found close to 270 infected websites including some government portals, potentially exposing data on citizens. Among them were several government websites which may have contained personal data of their citizens.

The law enforcement organization also claimed to have “identified” a number of phishing website operators including one with links to Nigeria and one selling phishing kits on the darknet who has posted to YouTube.

Interpol says investigations are ongoing. IGCI Executive Director Noboru Nakatani said the operation was a perfect example of how the public and private sectors can work efficiently together in combating cybercrime.

"With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries," said Mr Nakatani.