11 total posts
Mass AG, Victim of iTunes Scam, Says She'll Demand Answers
"Massachusetts Attorney General, Victim of an iTunes Scam, Says She'll Demand Answers"
Massachusetts Attorney General Martha Coakley said on Tuesday that her office would be inquiring into long-standing complaints about fraudulent purchases that leverage Apple's popular online music store.
In a lunchtime address to business and technology leaders in Massachusetts, Coakley said she was a victim of identity theft in recent months, and that her stolen credit card information was used to make fraudulent iTunes purchases. When asked (by Threatpost) about whether such fraud constitutes a reportable event under the Bay State's strict data breach notification law, Coakley said that her office would be looking into that question and demanding answers from Cupertino, California based Apple, which has steadfastly refused to comment, or report the breaches to Massachusetts regulators.
Coakley was speaking before an audience of technology and business leaders at an inaugural lunch for Massachusetts' Advanced Cyber Security Center (ACSC). Coakley said that her investment in protecting consumers from identity theft was personal, acknowledging that her bank account was emptied after cyber criminals stole her debit card information during a ski trip to New Hampshire. It was not the first time Coakley had mentioned the incident in public. After skimming the card info, Coakley said the thieves attempted to use it to purchase a laptop from Dell Computer, which detected the fraudulent transaction and contacted Coakley. Not so Apple, whose iTunes media store was used to make a slew of transactions that emptied the Attorney General's account.
Continued : http://threatpost.com/en_us/blogs/massachusetts-attorney-general-victim-itunes-scam-says-shell-demand-answers-092111
Botnets on discount!
From the G Data Security Blog:
Creating a botnet has become insanely easy and cheap
We've encountered a bot sale, which, in case it finds followers, can cause a massive glut of malware all over. The so-called "Aldi Bot" first appeared in late August and has been sold for the initial price of €10! Parts of the bot's code oddly look like ZeuS code...
The malware author, the name used makes us suspect it is a male author, announces his bot creation in the underground and explains that he likes coding and is not keen on making a lot of money. That would be the reason for the low price, he says. Accepted payment methods: paysafecard (with receipt) and Ukash. "I cannot guarantee that the stub you get is always FUD", he says. This means that there is no guarantee for buyers that the program code remains undetected by AV products. And he is quite right - AV products are able to detect the bot.
The offer: 1 x Builder + stub + updates + installation assistance = €10
This price even dropped down to €5, less than two weeks ago.
The main functions of "Aldi Bot" v1.0 are:
• Possibility to carry out DDoS attacks
• SOCKS; bot owner can use victim's pc as proxy
• Firefox password stealer; stealing passwords saved in Firefox database
• Remote execution of any file
An update to v2.0 added the following functions to the ones already in use:
Continued : http://blog.gdatasoftware.com/blog/article/botnets-on-discount.html
"We are going to sue you" spam campaign leads to malware
Every once in a while, security researchers spot an email spam campaign so poorly thought out and executed that I have to wonder: "Who would fall far this?" But then I remember that a moment of distraction and/or simply curiosity sometimes makes people act irrationally.
A similar campaign has been recently spotted by Websense. It involves poorly written emails purportedly coming from well-established companies that threaten the potential victim with a lawsuit for sending out spam: [Screenshot]
The attention grabbing subject line ("We are going to sue you") is just one of the variations employed by this particular campaign. Other popular choices are "This is the final warning", "Please stop sending spam messages..." and "A message from our security service."
The attached ZIP file is not a text document, but an executable - a downloader Trojan that copies itself on the target's computer, deletes the original file, and then proceeds to execute every time the machine is started. Needless to say, this opens the way for other malware to be downloaded and executed on the computer.
Russian cracker helps hoist $10m, fined $310k
A Russian cracker has sold two St Petersburg apartments to cover a $309,000 fine for his role in hacking into the Royal Bank of Scotland's RBS WorldPay service and stealing more than $10 million from ATMs.
Viktor Pleshchuk plead guilty and was slapped with six years' probation and fined under new Russian laws that allow economic criminals to evade harsh punishment if they financially reimburse victims, local news outlet Fontanka reported.
The cracker sold the properties and two cars, a BMW and Lada Kalina, initially worth around $245,000 for a 30 percent profit, all of which went to the bank.
The sell-off saved him up to six years in jail, according to Fontanka.
Fellow cracker Eugene Anikin received three years' probation and will sell his two Siberia properties in October to pay for fines.
The lighter punishments were introduced under reforms to the Russian Criminal Code by President Dmitry Medvede.
Continued : http://www.scmagazine.com.au/News/272675,russian-cracker-helps-hoist-10m-fined-310k.aspx
Russian hacker sells home and cars to pay RBS
Russian hacker's property auctioned off to pay RBS: report
Russian hacker sells a Lada to pay off RBS
China rebuffs allegations over Mitsubishi Heavy hack attack
Plays victim card again; denies role in hack attack on Japan's biggest weapons contractor
China has quickly and angrily rebuffed media reports which suggested that the country was behind the hacking attack on Mitsubishi heavy, Japan's biggest weapons contractor.
A Chinese foreign ministry spokesman Hong Lei told reporters, "The Chinese government has consistently opposed hacking activities. The law strictly prohibits this."
As in the past, when the country refuted suggestions that it was behind the hack attacks on government servers in South Korea, the spokesman said that China itself is a victim of hacking.
"China is one of the main victims of hacking ... criticising China as being the source of the hacking attacks is not only baseless, it is also not beneficial for promoting international co-operation for internet security," said Hong Lei.
Recently, Mitsubishi Heavy Industries Limited disclosed that hackers have stolen data from its database after a hack attack, believed to be the first hack attack on Japan's defence industry.
Continued : http://security.cbronline.com/news/china-rebuffs-allegations-over-mitsubishi-heavy-hack-attack-210911
China denies hacking high-tech weapon maker
China denies role in hack of Japanese defense contractor
Microsoft dumps partner over telephone scam claims
One of Microsoft's Gold Partners has had its relationship with the software giant unceremoniously terminated, after being revealed to be orchestrating a telephone support scam.
Comantra, based in India, are said to have cold-called computer users in the UK, Australia, Canada and elsewhere, claiming to offer assistance in cleaning up virus infections.
The bogus support calls came from Comantra employees who claimed to be representing Microsoft, and used scare tactics to talk users into opening the Event Viewer on Windows, where a seemingly dangerous list of errors would be seen.
Once terrified by what appears to be a worrying collection of warning messages, and believing this was evidence of a malware infection, users would be tricked into allowing Comantra technicians to gain remote access to their computer, and hand over their credit card details to fix any "problems".
In the past, vulnerable elderly people have even been told by scammers that heavy rain may have caused a computer virus infection.
Continued : http://nakedsecurity.sophos.com/2011/09/21/microsoft-dumps-partner-telephone-support-scam/
Also: Microsoft dumps partner over support call scam
Flash Player Update Fixes Critical Flaws
Adobe today issued an out-of-band software update to fix dangerous security flaws in its Flash Player products, including at least one that is actively being exploited. Patches are available for versions of Flash on Windows, Mac, Linux, Solaris and Android operating systems.
Adobe said one of the bugs, a cross-site scripting flaw, is being exploited in the wild in targeted attacks to trick users into clicking on a malicious link delivered in an email message. At the moment there isn't much more information about this vulnerability (other than Adobe credits Google with reporting it). That may soon change if news begin to surface about which organizations that were targeted with the help of this flaw.
According to Adobe: "This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website."
This update applies to Flash Player 10.3.183.7 and earlier on Windows, Mac, Linux and Solaris systems, and Flash 10.3.186.6 for Android. Adobe's bulletin says the company is fixing at least six different security flaws in this update. The latest version for Android devices is 10.3.186.7; for all others it is 10.3.183.10.
Continued : http://krebsonsecurity.com/2011/09/flash-player-update-fixes-critical-flaws/#more-11579
See: Security update available for Adobe Flash Player (APSB11-26)
Does Adobe Flash 11 have a future on the Web?
Adobe promises amazing graphics performance and 3D gaming in Flash 11, but how bright is Flash's future on the Web, particularly without Apple's iOS and Windows 8 Metro?
Adobe has formally announced it will be shipping Adobe Flash Player 11 and Adobe Air 3 in early October. Adobe touts the new versions as a "game console for the Web," with graphics performance up to 1,000 times faster than Flash Player 10 and Adobe Air 2, thanks to full hardware-accelerated rendering for both 2D and 3D graphics and 64-bit support on Windows, Mac OS X, and Linux. However, while Adobe Flash remains common on PCs, Apple has famously eschewed Flash on its iOS mobile platform, and even stopped shipping it on Macs (although Mac users are free to install it themselves). This week, Microsoft announced the version of Internet Explorer for its Windows 8 Metro environment won't support browser plug-ins — and that means no Flash in the browser.
Is Adobe Flash going to fade away in the face of HTML5 and online video delivered in formats like H.264 and Google's WebM? Or will Adobe's advances to the platform let it remain a major player in Internet development even as it starts to disappear from people's browsers?
What Adobe's Bringing to Flash 11 and Air 3
The flagship development in Flash Player 11 and Air 3 is Stage 3D, a new hardware-accelerated graphics architecture for 2D and 3D rendering performance...
Continued : http://www.digitaltrends.com/mobile/does-adobe-flash-11-have-a-future-on-the-web/
The Shifting Motivations Behind Digital Threats -INFOGRAPHIC
From TrendLabs Malware Blog:
Online threats and malware have been plaguing Internet users for more than 20 years. While today's cybercsecurity headlines often refer to the latest data breaches, Facebook scams, and the 1410% increase in Android malware, it is interesting to note that the tool used by today's cybercriminals are, in a sense, the BRAIN-child (pun intended) of two Pakistani brothers who ironically wanted to do good and prevent software piracy. From the PC boom in the 80's to the rise of the Internet and connectivity in the 90's to 2000's, Trend Micro has been closely monitoring technological advancements in information exchange, and along with it, how malware and online threats grew and developed from their roots as pesky computer viruses to the notorious information stealing programs they are today.
Today, Trend Micro sees 3.5 new threats per second. With more and more businesses and home users taking the inevitable journey to the cloud, the risks of data loss and financial loss are greater than ever. Trend Micro also continues to uncover cybercrime operations and how bad guys are earning millions of dollars, pointing to an underground economy that matures with time.
Our new infographic Threat Morphosis: The Shifting Motivations Behind Digital Threats offers a look into the evolving motivations of cybercriminals and the resulting shifts in the threat landscape through the years.
Click here for a detailed look of the thumbnail below. [INFOGRAPHIC]