Tagged: Cybersecurity
City in Florida pays $600,000 to Hackers, after a ransomware attack
River Beach is a small town in Florida, of less than 40,000 people. The City Council in Riviera Beach agreed to pay a $600,000 ransom to hackers who encrypted files on their computers. In hindsight it would have been cost effective to hire a couple of IT guys to go around and apply the Microsoft Security patches to all the computers used by River Beach.
Click on this link to visit The New York Times website to read their post titled: “Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000″.
Ransomware attacks targeting small cities are prevalent and growing. Those cities which do not pay the ransom, may end up spending Millions of Dollars rebuilding their IT Systems. Click on this link to visit the Wired website to read their article titled: “ATLANTA SPENT $2.6M TO RECOVER FROM A $52,000 RANSOMWARE SCARE”.
When the Security Patches were being applied, the IT guys could also discuss Phishing emails as most people are not even aware what a Phishing email is. It is not just small cities that fall for Phishing emails. The accounting departments of huge Tech firms have sent out cheques worth Millions of dollars because of fake Phishing emails.
Video courtesy of the RT America YouTube channel
Many of the Ransomware attacks (such as WannaCry) used the Microsoft SMB vulnerability.
There was a prior Cert advisory titled: “Vulnerability Note VU#867968” (Microsoft Windows SMB Tree Connect Response denial of service vulnerability) was issued on Feb 02 2017.
In March Microsoft issued their Microsoft Security Bulletin MS17-012 which addressed the SMB issue.
There was also an even earlier US-CERT Advisory posted on Jan 16 2017 titled: “SMB Security Best Practices”, which suggested “blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN. “. Port blocking can be done using your Firewall Software (or Hardware).
A number of attacked city systems had “not” updated “all” their computers with suggested Security Updates. Some of their Operating Systems and Server System software go back to days of Windows 7. The often quoted statement is that they did not have the IT resources to get Security Updates installed on all the computers.
One area which IMHO require more training is Phishing Attacks. That is the use of fake emails sent to emails which are part of a city’s system. The fake email will ask the receiver to click on a link. If the receiver clicks on the link they will link to one of the Hacker’s Command and Control Servers, which will then upload the Ransomware to the receiver’s computer. The Ransomware will be started and spread to the System Servers and to all the other computers. Once running on a computer, the Ransomware will start to Encrypt data files using a secret key. Next messages will pop up on infected computers telling them that their files have been encrypted and that they have so many days to pay a Ransom to get the key to be able to un-encrypt their files.
I recently posted the following article on this site which was titled: “Phishing eMail Scam targeted Facbook and Google for $100 Million Dollars.”.
If the main Servers have Security Updates installed then the Ransomware will not spread. Also, if the System Admins have been doing daily backups, they may be able to recover the Servers using their backup files. They would still have to deal with individual end user computers which were infected.
The “key” is training End Users to not open emails from unfamiliar people. If opened, then the end user should not click on any links and they should immediately contact their IT Support Team. Unfortunately in real life, that is easer said than done.
Click on the CYBERSECURITY box in the menu at the top of this site, to read more Security related posts.
Posted by Vincent Banial
Phishing eMail Scam targeted Facbook and Google for $100 Million Dollars.
So how does one scam companies like Facebook and Google out of $100 Million Dollars?
Evaldas Rimasauskas, 50, pleaded guilty last week to wire fraud. The scheme used was to register a fake company whose name was the same as a company which did business with Google and Facebook. Then Phishing emails were sent asking for money to pay fake invoices.
Click on this link to visit the CNBC website to read their new article titled: “How this scammer used phishing emails to steal over $100 million from Google and Facebook”.
The scam was started in 2013. It worked and kept being used. Then in 2017 Evaldas was arrested in Lithuania and was then extradited to the US where he was charged with one count of Wire Fraud. Evaldas also had to forfeit over $49 Million dollars.
Click on this link to visit the Reuters website to read their new article titled: “Lithuanian pleads guilty in U.S. to massive fraud against Google, Facebook”.
One would think that after scamming Millions of Dollars, that Evaldas would have done a quick Google search for countries which do not have an Extradition Treaty with the US. The other question which comes to mind is: When is the amount scammed enough? Why keep doing it till you are caught? I believe such actions are due to someone being afflicted with “Never Enough Disease”.
Video is courtesy of the Fortune Magazine YouTube channel
Click on this link to visit the official US Government Justice.Org website to view the official U.S. v. Evaldas Rimasauskas Indictment. Clicking on the gold colored “U.S. v. Evaldas Rimasauskas Indictment” line will allow you to download a copy of said indictment.
Posted by Vincent Banial
Microsoft Cybersecurity Architect Dr Erdal Ozkaya discusses the state of Cyber Security
The is a capture of a Mar 20 2019 Webinar by Microsoft Cybersecurity Architect Dr Erdal Ozkaya presented by IT Masters Pty and Charles Sturt University.Ltd.
Video is courtesy of ITMastersCSU YouTube channel
Posted by: Vincent Banial
Increase your CyberSecurity by installing VirusTotal web browser extensions from Chronicle
Chronicle is a new CyberSecurity company that you have never heard of. Google’s Search Engine can be your friend when doing web searches. Well Google also owns Chronicle. Google can be your friend when trying to increase your CyberSecurity on the Internet.
Click on this link to visit the Business Insider webpage where they discuss Google’s New CyberSecuroty Division called Chronicle.
Chroncile’s offering is for Enterprise customes. One the products which Chronicle has is called VirusTotal, which can be used by home users. VirusTotal comes as a Extensions for popular web browes like FireFox, Chrome and IE Explorer.
Video curtesy of the Google Cloud Platform YouTube channel
From the VirusTotal website: “Imagine you log into your Gmail account and find a suspicious email from your bank. The email informs you about an unauthorized access to your account and asks you to follow a link and provide your credentials to view the account access log. Wouldn’t it be great if you could simply right-click on the link and check it against VirusTotal in order to understand whether it is legit or report a phishing site? Wouldn’t it be great if you could do this just with that right-click, without having to navigate to VirusTotal and refer to the URL tab? This is what VirusTotal’s browser extensions allow you to do, and they come in flavors for the most widespread browsers.“
Click on this link to visit the download page at VirusTotal for their Web Browser Extensions.
Opening an email using Outlook could let someone steal your Windows Login Password
You receive an email from what seems like a legitimate source. By openiing that email using Microsoft Outlook, you could be allowing a Hacker to gain your Windows Login Password.
If the received email contains say a UNC web link starting with \\, clicking on the link will start a SMB connection and the username and password hash data can be transferred without the users knowledge.
This is because Microsoft Outlook allows documents to contain embedded parts within a document. Microsoft allows the use of Rich Text Format (RTF) and Object Linking and Embedding (OLE). That can be exploited to get Outlook to “automatically” open an SMB connection to a remote SMB Server.
Last Tuesday (Apr 10 2018) Microsoft released a fix for the above bug. Click on this link to visit Microsoft’s site with details of the bug fix: CVE-2018-0950 | Microsoft Office Information Disclosure Vulnerability – Security Vulnerability –
Published: 04/10/2018
MITRE CVE-2018-0950
The above Microsoft fix does address the “Automatic” opening of an SMB connection to a remote SMB Server. But, the user viewing said document can still click on a link embedded (via OLE) within the document and that will then initiate an SMB connection.
To check if your Windows systems has the update installed goto Settings → Update & Security → Windows Update → Check for updates. The updates can be set to install automatically or you can manual get them installed., or you can install the updates.
For info on keeping your Microsoft Windows updated click on this link to visit the Windows Update: FAQ
The Microsoft Apr 10 Security update does not address the end user clicking on a link. To elminate an SMB session being established after an OLE Link has been clicked you need to block certain ports for incoming and outgoing SMB sessions. Block TCP/IP port 445 and port 137 and port 139. In addition, you need to block UDP port 137 and UDP port 139. That way no inbound or outbound SMB connections will be started.
You should also add a Windows Registry DWORD32 key named “EnterpriseAccountSSO” and then set that key to a value of “0”. How to do that is detailed below.
Click on the following link to visit the Microsoft Security Advisory page titled: ADV170014 | Optional Windows NTLM SSO authentication changes – Security Advisory – Published: 10/10/2017
The above link will discuss adding a registry entry which will block disable the NT Lan Manager Single Sign-on (SSO) authentication. It’s a small simple addition:
Customers can add a DWORD32 key named “EnterpriseAccountSSO” to the Windows Registry location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 with the following options:
- 2 – Always allow SSO. (This is the default state.)
- 1 – Deny SSO if the resource is public. Allow if the resource is private or enterprise. Allow SSO if the resource is unspecified.
- 0 – Deny SSO if the resource is public. Allow if the resource is private or enterprise. Deny SSO if the resource is unspecified.
You should set it to “0”, which would DENY SSO authentication requests.
References for more details:
Carnegie Mellon University – Software Engineering Institute – CERT/CC Blog post by Wll Doorman titled: Automatically Stealing Password Hashes with Microsoft Outlook and OLE Posted on by in Vulnerability Discovery
CVE page at Mitre.org: CVE-2018-0950
Microsoft’s page titled: Description of the security update for Word 2016: April 10, 2018
Fastest DNS Service on the Internet. Change your DNS server setting to 1.1.1.1
It’s a free DNS resolver service. It’s also the Fastest DNS Service and likely the most Secure DNS Service. The new DNS Service addresses are 1.1.1.1 and 1.0.0.1
Just open up Control Panel on your Windows machine. Then check the Network Adapter Setting. Once there, click on Properties. Most ISPs are still using IPV4. Add in the DNS server address 1.1.1.1 and then another at 1.0.0.1
Click Ok and close. You will then have free access to the Fastest DNS Service on the Internet.
They also have DNS resolvers setup to handle IPV6. The IPV6 DNS Server addresses are 2606:4700:4700::1111 and 2606:4700:4700::1001
In North America most ISPs are still using IPV4.
Check out Cloudflare’s website for their new DNS Service at https://1.1.1.1 – not a typo. In the address bar of your web browser, key in https://1.1.1.1 and hit enter.
Video courtesy of the The PC Security Channel [TPSC] YouTube channel
This new service was created from a partnership between Cloudflare and APNIC Labs. Cloudflare had the networking hardware, while APNIC had the IP Address 1.1.1.1
For more details plse click on this Link to visit Clouflare’s Blog post which provides lots of detail about this new free Super FAST DNS Service which is also likley the most Secure DNS Service.
Click on this link to visit APNIC’s blog post, about their new DNS venture with Clourdflare.
Posted by: Vincent Banial
Petya Ransomware Major Global Attack
WannaCry Ransomware paved the way by showing how to quickly spread across the Global Internet. It focused on on a vulnerability with Windows SMB which had been there for years and only exploited by Nation State employed Hackers.
Petya Ransonware, as has been named by the Security Staff at Kaspersky Lab, learned much from the WannaCry outbreak. Petya Ransomware has spread to thousands of computers at major institutions across the Globe. Petya ransomware is just starting. This is a major Ransomware attack.
It is basically a Worm which was first spread by malicious XL spreadsheets. Once on a network it stays in memory and as such is no so easy to detect and protect against. It looks like it is also focusing on the Windows SMB protocol and the Ports which support SMB.No wonder the focus on SMB as Petya use EternalBlue code as did WannaCry
My big fear is that Banks and Financial Institution had been targeted by Petya Ransomware. If it infects a large number of Banks then we could possibly see a Major Banking Crisis. It might be an idea to keep some cash on hand, in a safe place. Because it operates as Worm Code it is hard to detect and eliminate.
I will prepare a full review later this week. In the meantime the following are links which will shed light on what is happening. Some of the protective measures which stopped WannaCry Ransomware in it’s tracks, like disabling SMB ports, could also work to stop or slow the spread of Petya Ransomware.
Click on this link to visit Krebs On Security to read their initial post about Petya.
Click on this link to visit the Kaspersky Lab post titled “Petya Ransomware eats your hard drives“
Click on this link to visit the Securelist site to read their very detailed post about how Petya Ransomware functions.
Click on this link to visit the Check Point site to read their discussion of the Petya Ransomware worldwide outbreak.
Video is courtesy of the F-Secure YouTube channel
Click on this link to view the prior coverage about WannaCry Ransomware found on Uniquely Toronto.
Posted by Vincent Banial
“Rivolta” gives an insight into the Exploits of a 15-year-old “Elite” Hacker named Michael ‘MafiaBoy’ Calce, who had taken down the websites of some of the largest companies.
Michael “MafiaBoy” Calce was just 15 years old. During his Exploit days, prior to being arrested, he had taken down the websites of some of the largest companies in the world, causing an estimated $1.7 billion in losses. He realized the depth of what he had done, after watching a news program where then President Clinton spoke about what “Mafiaboy” had done.
This video: “Rivolta: Inside the Mind of Canada’s Most Notorious Hacker” was produced by HP Canada. “Rivolta” was directed by Hubert Davis.
In one way this young person was extremely curious and yet his educators did not pick-up on that, so he sought out info elsewhere. In one part of the video, Michael Calce talked about taking a computer programming class in Pascal, but showed his instructor that he could code the course examples in far more powerful and complex “C Language“.
How many other genius kids who have the inner desire to learn, are also being missed by their Educators? Yes, this video is about the Exploits of a 15-year-old “Elite” Hacker, but it is also about an Educational System which in my opinion failed this young lad.
Video is courtesy of the HP Canada YouTube channel
WannaKey along with WanaKiwi may help to decrypt your WannaCry encrypted files without having to pay the Ransom
Adrien Guinet, a French security researcher Adrien Guinet has created a software tool called “WannaKey” that “may” decrypt the files which were encrypted by WannaCry Ransomware. So if you are lucky and have not rebooted the infected computer you “MAY” be able to unencrypt your files without having to pay the Ransom fee.
WannaKey works with older variants of Windows Server and Windows Workstation Operating Systems such as Windows Server 2003, Windows Server 2008, Windows XP, Windows 7, and Windows Vista.
When WannaCry encrypts your files, it creates a Private Key which is used to create the decrypt key. Then the Private key is erased. On older Windows systems the erase does not remove the data from memory. So if you are lucky and you have “not” rebooted the PC then there is a chance that WannaKey could recover the Private key, because it is still held in the system memory.
Once you have the Private Key then you can use a different program developed by Benjamin Delpy called wanakiwi to decrypt the files on the WannaCry encrypted PC.
The key point to remember is that the above process “MAY’ work. The Computer which was encrypted by WannaCry Ransomware, must “NOT” have been rebooted. Any files to download would be done using a different computer and then run on the encrypted PC via a USB flash Drive. The WannaCry code did issue the command to erase the Private Key but the bug in older Windows Operating Systems is that Private Key has not been erased from the computer’s main memory. With a bit of luck, you may be able to decrypt your WannaCry encrypted PC. Note there is no guarantee that this will work. If you are unsure how to go about this, then get a computer professional to help you.
Click on this Link to visit the Adrien Guinet GitHub page for Wannakey.
Click on thsLink to visit the Benjamin Delpy GitHubn page for Wanakiwi.
Click on this Link to visit the Comae Blog post by Matt Suiche titled “WannaCry — Decrypting files with WanaKiwi + Demos”. Matt goes thru the whole process along with screen shots.
Video is courtesy of the Vishnu Ava YouTube channel
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by Vincent Banial
Disclaimer: Everything in the post above is subject to change without notice. There could be unintentional errors. Please confirm all info via the linked to websites and web pages. Best Practice is to also always create daily backups. If you try to decrypt a WannaCry encrypted personal computer or server, you do so at your own risk. There is no guarantee that the above info will be successful in decrypting the files.
CERT had issued Vulnerability Note VU#867968 advising about the SMB vulnerability in Microsoft Windows
WannaCry Ransomware seems to have appeared out of the blue. Because of it thousands of people have searched the internet to find out how to disable SMB on their Microsoft Windows based Servers and Workstations and Personal Computers. Thousands had dropped by Uniquely Toronto to read out posts which provided details on ways to disable SMB v1.0.
Now Adylkuzz is running another major attack which is underway and uses the SMB vulnerability in Windows.
There was a prior Cert advisory titled: “Vulnerability Note VU#867968” (Microsoft Windows SMB Tree Connect Response denial of service vulnerability) was issued on Feb 02 2017.
In March Microsoft issued their Microsoft Security Bulletin MS17-012 which addressed the SMB issue.
There was also an even earlier US-CERT Advisory posted on Jan 16 2017 titled: “SMB Security Best Practices”, which suggested “blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN. “. Port blocking can be done using your Firewall Software (or Hardware)
“US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547 (link is external) and 204279 (link is external).”
Microsoft Windows MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by Vincent Banial
Disclaimer: Everything in the post above is subject to change without notice. There could be unintentional errors. Please confirm all info via the linked to websites and web pages. Please install the Microsoft Windows MS17-010 Security Update (see link above). Best Practice is to also always create daily backups
Global spread of WannaCry Ransomware – Mon May 15 2017
Video is courtesy of the NIC Webcast YouTube channel
WannaCry Ransomware is continuing the spread around the globe. Some have even called it the start of a CyberWar. Russian President Putin is apparently blaming the U.S. for creating the tool set. Microsoft is apparently pointing that it is the stolen software tools from the N.S.A (National Security Agency).
Click on this link to visit the Kaspersky Lab SecureList blog site to read their detailed coverage titled “WannaCry ransomware used in widespread attacks all over the world”
I’m going to try something new, by featuring links to current news and major website posts related to the Global spread of WannaCry Ransomware:
Click on this link to visit the Microsoft Blog to read their post titled: “The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack” by Brad Smith – President and Chief Legal Officer.
The following is a paragraph from Brad Smith’s post:
“All of this provides the broadest example yet of so-called “ransomware,” which is only one type of cyberattack. Unfortunately, consumers and business leaders have become familiar with terms like “zero day” and “phishing” that are part of the broad array of tools used to attack individuals and infrastructure. We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident. This included a decision to take additional steps to assist users with older systems that are no longer supported. Clearly, responding to this attack and helping those affected needs to be our most immediate priority.“
Kudos go out to Microsoft for providing the Security Update for Windows XP:
Click on this Link to visit the Wall Street Journal website to read their post “Cyberattack Is Likely to Keep Spreading“. In the post they state that WannaCry Ransomware has spread to over 150 countries. Yesterday I had checked a tracking site which stated that over 230,000 computers had been hit with WannaCry. The Tracker only keeps track of those PCs which were still connected to the internet.
Click on this Link to visit The Telegraph news site to read their post “Cyber attack latest: Vladimir Putin blames US for hack as thousands more computers hit by ransomware“.
Click on this Link to visit the CyberSecurity Firm Malwaretech to view their live tracker for WannaCry / WannaCrypt.
Click on this Link to visit the Yahoo Tech site to read the 
Associated Press article “The Latest: 29,000 Chinese institutions hit by cyberattack“.
Click on this link to visit the Associated Press news site to read their article “Log in, look out: Cyber chaos may grow at workweek’s start“.
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by Vincent Banial
“Hack the Air Force” is a new White Hat Hacking contest. The United States Air Force is inviting vetted computer security specialists from across the U.S. and select partner nations to do their best to hack some of its key public websites.
Posted by Vincent Banial
The recent DOD ‘Hack the Pentagon’ contest was a success. That contest was limited to US based Cyber Security enthusiasts. The United States Air Force “Hack the Air Force” contest, will be expanding the opportunity to join in the contest by allowing individuals and groups from the following countries to also participate (in addition to US Citizens): United Kingdom, Canada, Australia and New Zealand.
The Hack the Air Force contest is being run with the help of CyberSeurity Firm HackerOne. The HackerOne platform will help allows White Hat Hackers to submit their Security Holes in a safe and secure manner.
Video is courtesy of the HackerOne YouTube channel
On the HackerOne main website page they state :
“77% of Programs Find Security Vulnerabilities within 24 Hours.”.
This sounds like a great move by the Department of Defence and the US Air Force. The prior “hack the Pentagon” contest was a great success. This new Hack the Air Force contest will allow non-US based CyberSecurity Talent to participate. The more people joining the contest the more Security Vulnerabilities I suspect will be found.
This should be a win-win for bothe the Air Force and for the White Hat Hackers. The HackerOne facebook page states that $16 Million in bounties have been paid out in prior HackerOne coordinated White Hat Hacking events.
Registration for the ‘Hack the Air Force’ event opens May 15 on the HackerOne website. The contest opens May 30 and ends June 23. Military members and government civilians are not eligible for compensation but can participate on-duty with supervisor approval. Mark your calendars and make sure that you register starting on May
Mark your calendars and make sure that you register starting on May 15 2017.
Click on this link to visit the official US Air Force site to read their news Release about this new “Hack the Air Foce” White Hat Hacking contest.
Click on this link to view other Cyber Security posts on Uniquely Toronto.
“SysAdmin’s Essential Guide to Linux Workstation Security” free eBook from The Linux Foundation
Photo courtesy of Gerd Altmann – CC0 License. Vincent Banial modified the look & feel.
The Linux Foundation is offering a free download eBook titled: “SysAdmin’s Essential Guide to Linux Workstation Security“.
The suggestions offered in their eBook, are based on 3 level levels of security which one would want. These are:
(ESSENTIAL) items, if “not implemented” could introduce high risks to your workstation security.
(NICE) to have items will increase the overall security, but may require learning new habits or unlearning old ones.
(PARANOID) items could significantly improve your workstation security but may require time to learn new ways of doing things.
Click on this link to visit The Linux Foundation website and download your own copy of their eBook titled: “SysAdmin’s Essential Guide to Linux Workstation Security“.
Click on this link to view other Cyber Security posts on Uniquely Toronto.
Cisco Talos Security Webinar
Participated in the Cisco Talos Security Webinar on Wednesday.
Last year I had posted about Kaspersky Lab reporting about a Bank exploit, where Russian Banks were targeted. Basically the Hackers were able to get Bank Accounting Staff to connect to a site where a keylogger and other Trojan Remote Control software was secretly uploaded and installed into “system RAM“, but not onto the Hard Disk or Network Storage. That allowed their remote control software (called Lurk) to be overlooked by Security Software, because Security Software usually scans stored files and not RAM. Once installed, the hackers could monitor the employees. When the employee went for lunch, they took over the PC and started to transfer funds around the world.
Video is courtesy of the DewClarke YouTube Channel
Earlier this year, Russian Authorities had arrested over 50 alleged Hackers who were alleged to be part of the group which targeted and Hacked into the Banks. The investigation into this group’s activities had been ongoing for years (at least since 2013). The Cisco Talos Security Webinar discussed the arrests and the aftermath. Cisco’s research seems to indicate that the same group was involved in other Internet Exploits. One of which was the Angler Ransomware.
Since the Russian arrests, certain malware has disappeared, along with certain DarkNet sites and BotNets. The Russian Authorities made the Internet a tad safer, at least for a short while.
Click on this Link to visit The Hackers News website to read about the Russian sting operation and arrest of 50+ alleged hackers involved in the Banking Exploit.
Click on this Link to view other Uniquely Toronto posts related to Cyber-Security issues.
Posted by: Vincent Banial
http://www.uniquelytoronto.com
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.
Malware infected Android Apps discovered by Cybersecurity Researchers
Click on this line to read the article on the Softpedia website titled “
190 Android Apps Infected with Malware Discovered on the Google Play Store“
Click on this line read the article on the AVAST Security Software website Blog titled “
“
Click on this line to read the article on the McAfee Labs Blog titled “
Android Malware Clicker.G!Gen Found on Google Play“
Click on this line to read the article on the Dr. Web Anti-Virus website titled “
Android.Click.95“
Click on this line to read the article on the Softpedia website titled “
Android Trojan Pesters Users for Administrator Rights Non-Stop“.
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Be careful out there. Stay Safe
Posted by: Vincent Banial
http://www.uniquelytoronto.com
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.
Warning for Android based Cell Phone Users. Cybersecurity Experts have found a Fake Google Chrome Update which instals Malware
The Cybersecurity Researchers at Zscaler Inc have posted a new finding of a Fake Google Chrome Update which installs Malware. The only way to get rid of the Android Infostealer Malware is to reset the Android Phone to factory settings (thus wiping claen).
Click on this line to be taken to the Zscaler website to read their Blog post ttiled: “Android infostealer posing as a fake Google Chrome update“.
Their post was written by Viral Gandhi
Click on this line to visit the Zscaler YouTube channel
Click on this line to visit the Zscaler website.
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by: Vincent Banial
http://www.uniquelytoronto.com
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.
HORNET, the alternative to Tor Network
When we think about surfing the Internet, most people are looking at just the top of the network iceberg. When in fact, the web actually holds a “Deep Web,” hidden from everyday users and ordinary browsers. This is due to the Deep Web continuously encrypting …
Source: HORNET, the alternative to Tor Network
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Major Bank Heist using SWIFT. Hackers tranferred over $950 Million and got away with $81 Million
The link above is to a Financial Post article on Cyber Security by Martin Arnold
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by: Vincent Banial
http://www.uniquelytoronto.com
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.
New Apple OS X Ransomware discovered by “Unit 42” of Palo Alto Networks
A new Ransomware targeting Apple OS X based computers has been found and reported by Palo Alto Networks. Their Unit 42 Security Group have named this new ransomware as “KeRanger”.
Two installers of the Transmission BitTorrent ailient installer for OS X were found by Palo Alto Networks to be infected with KeRanger Ransomware.
The following is a quote from the Palo Alto Networks Reseaarch Center blog:
“Palo Alto Networks reported the ransomware issue to the Transmission Project and to Apple on March 4. Apple has since revoked the abused certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website.
The Transmissionbt.com home page features the following security notice:
Read Immediately!!!!
Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware (more information available here) is correctly removed from your computer.
Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file.
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by: Vincent Banial
www.uniquelytoronto.com
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.
Apple withdraws China Apps for the Apple App Store, after XcodeGhost Malware infected IOS Apps were found by CyberSecurity firm Palo Alto Networks.
Ryan Olson, Intelligence Director, with Cyber Security Firm Palo Alto Networks discusses the finding of Apps on Apple’s App Store which were infected by XcodeGhost Malware.
Ryan Olson states that this is an important issue for every Apple IOS user.
If you had downloaded an infected app, one solution might be to then download an “updated” version as it becomes available on Apple’s App Store.
Video is courtesy of the Associated Press YouTube Channel
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by: Vincent Banial
http://www.uniquelytoronto.com
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.
Kaspersky Lab publishes details about the Equation Hacker group’s arsenal, including “nls_933w.dll” which can reprogram the hard drive firmware of over a dozen different hard drive brands
Kaspersky Lab presented at their Security Analysts Summit something even more scary than the details about the Carbanak Bank Cyber Heist. Per Karspersky the Carbanak group ripped off about 100 banks around the globe of about $1 Billion Dollars (and in my opinion very likely still counting).
Kaspersky Lab Experts referred to the Equation group as the “God” or the “Death Star” of Malware. Part of the huge arsenal of code which the Equation group has been developing over what looks like decades is “nls_933w.dll“. “It allows them to reprogram the hard drive firmware of over a dozen different hard drive brands“.
Once “nls_933w.dll“ installs the Malware into the Hard Disk’s firmware, there is no way to remove it. Repartitioning will not affect it. Reformatting has no effect. The only way to get rid of this Malware from the targeted computer, is to physically destroy the Hard Disk.
Kaspersky Lab goes on to report that the Equation group seems to have existed long before the Stuxnet group.
The word “Elite” is part of the lexicon of Hackers. The Equation group therefore can be called the Elite of the Elite of the Elite of the Elite of the Elite and so on of Uber Hackers. To be able to hack and modify a Hard Drive’s firmware is unheard of. To be able to do so for Hard Drives of over a dozen different brands is insanely impossible. Yet the Equation group did it and very likely much more, that has yet to come to light. In comparison, this makes things like the REGIN Malware group’s incredible capabilities seem like no big deal.
Ok, enough of my rambling.
Click on this line to view the Kaspersky Lab report about the Equation group and their arsenal of jaw dropping Malware. On that page you will find a link to a downloadable PDF of the Question and Answer session from their presentation at the Security Analysts Summit.
Wow, this has turned into a CyberSecurity long weekend. Very impressive and rather scary stuff has been revealed by Kaspersky Lab.
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by: Vincent Banial
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.
Kaspersky Lab report: The Great Bank Robbery: Carbanak cybergang steals $1 Billion Dollars from 100 financial institutions worldwide
Video is courtesy of the Kaspersky Lab YouTube channel
The Kasperskpy Lab report which was presented at the Security Analyst Summit (on Feb 16 2015) is now available online.
Click on this line to visit the Kaspersky Lab SecureList page which discusses the report : The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide. You can also download a PDF of the “Full” Report via a link on that webpage.
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by: Vincent Banial
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.
Hackers supposedly were able to steal up to $1 Billion Dollars from Banks around the globe
This is a further update to our prior post about the breaking news of a major Cyber Bank Heist.
The amount supposedly stolen from assorted banks around the globe is now being published to be around $1 Billion Dollars.
Racks filled with Cisco Networking gear. Photo Credit Vincent Banial
Hackers supposedly infiltrated Banks via Malware, allowing them to steal hundred of millions of dollars. Detailed report by cybersecurity firm Kaspersky Lab to be made public on Monday Feb 16
Photo of racks filled with Cisco Networking Gear. Photo Credit Vincent Banial
I have had many arguments about security software. One group especially got me going because to them Norton Security was the end all and be all. I finally got their so-called Tech to admit that to him Norton Security was the best because it had the largest market share. That’s like saying that GM automobiles are better than Rolls Royce automobiles because GM has a larger market share.
Of course Norton Security is very good. I believe that the security software created by Kaspersky Lab is better (your mileage may differ). Testing done by the Security Software testing site AV TEST http://av-test.org also top rates Kaspersky Lab security software. But I digress…our coverage of this major Cybersecurity Breach continues below.
The report on what Kasperky Lab had determined about the Cyber Bank Heist will be made public on Monday Feb 16.
Supposedly ATMs were instructed by the Hackers to dispense money at specific times.
Account balances were supposedly inflated and then the inflated amounts were transferred to Bank Accounts setup by the Hackers.
In the New York Times article it seems that Kaspersky Lab had supposedly seen evidence of hundreds of millions of dollars in supposed theft. The article implied that the Cyber Security Experts at Kaspersky Lab think that the sums stolen could possibly be multiple times more.
I will keep watching for the official Kaspersky Lab report on Monday. Till then you can learn more about this by visiting some of the links below.
The New York Times post which looks to be the main post which brought this to public light.
CNet’s post about the supposed Cyber Bank Heists.
ARS Techinca coverage of the Cyber Attack on Banks around the globe.
The Citizen post about this Hacker worldwide Bank Heist.
New York Times sub post about how Hackers infiltrated Banks.
I will continue to post about this as more is learned – most likely when that Kaspersky Lab report is released on Monday Feb 16 2015.
Posted by: Vincent Banial
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.
Uniquely Toronto 