Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response
Showing posts in English
Avdhoot Patil | 11 Apr 2014 11:11:40 GMT

Politicians are frequently featured on phishing sites and in light of the ongoing general election in India, phishers are starting to target Indian users by using a local politician and his party as bait. 

Symantec recently observed a phishing site which spoofs Facebook’s appearance and includes Arvind Kejariwal, the former chief minister of New Delhi and leader of the Aam Aadmi Party. The phishing site was hosted on servers based in Lansing, Michigan in the US. 

figure1_facebookspam.png
Figure 1. A fake Facebook “like” button and a picture of Arvind Kejariwal on the phishing site

As seen in the previous image, the phishing site, titled “Unite With Us Against Corruption”, uses a poster of the Aam Aadmi Party along with a fake Facebook “like” button. The site’s background image is a picture of the party’s leader Arvind Kejariwal...

Dick O'Brien | 09 Apr 2014 18:18:41 GMT

A newly discovered vulnerability in OpenSSL, one of the most commonly used implementations of the SSL and TLS cryptographic protocols, presents an immediate and serious danger to any unpatched server. The bug, known as Heartbleed, allows attackers to intercept secure communications and steal sensitive information such as login credentials, personal data, or even decryption keys.

Heartbleed, or the OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability (CVE-2014-0160), affects a component of OpenSSL known as Heartbeat. OpenSSL is one of the most widely used, open source implementations of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.

Heartbeat is an extension to the TLS protocol that allows a TLS session to be kept alive, even if no real communication has occurred for some time. The feature will verify that both computers are still connected and available for...

Satnam Narang | 09 Apr 2014 04:50:42 GMT

Over the last week, Instagram scammers have been posting images offering fake lottery winnings to followers. They have convinced users to share the posts, give up personal information, and even send money back to the scammers.

In this scam, a number of Instagram accounts have been created to impersonate real-life lottery winners from the UK and US. These accounts claim to offer US$1,000 to each Instagram user who follows them and leaves a comment with their email address.

figure1_20.png
Figure 1. Instagram accounts impersonating real-life lottery winners

The accounts impersonating lottery winners have been extremely successful, and have gained anywhere from 5,000 to 100,000 followers.

Once they have amassed a certain number of followers, they reveal a secondary Instagram account belonging to their “accountant”, who is in charge of...

PraveenSingh | 08 Apr 2014 18:24:52 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of 11 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-...

Kevin Haley | 08 Apr 2014 09:28:08 GMT

istrbanner.png

Once again, it’s time to reveal the latest findings from our Internet Security Threat Report (ISTR), which looks at the current state of the threat landscape, based on our research and analysis from the past year. Key trends from this year’s report include the large increase in data breaches and targeted attacks, the evolution of mobile malware and ransomware, and the potential threat posed by the Internet of Things. We’ll explore each of these topics in greater detail below.

The year of the mega data breach
While 2011 was hailed by many as the “Year of the Data Breach,” breaches in 2013 far surpassed previous years in size and scale. For 2013, we found the number of data...

Roberto Sponchioni | 07 Apr 2014 23:49:19 GMT

Windows PowerShell, the Microsoft scripting language, has made the headlines recently due to malware authors leveraging it for malicious purposes. Symantec has identified more PowerShell scripts being used for nefarious purposes in attacks. Unlike other PowerShell scripts that we have identified previously, the new script, which Symantec detects as Backdoor.Trojan, has different layers of obfuscation and is able to inject malicious code into “rundll32.exe” so that it can hide itself in the computer while still running and acting like a back door.

Powershell 1.png

Figure 1. The original Microsoft Windows PowerShell script

As seen from the previous...

Avdhoot Patil | 07 Apr 2014 07:25:58 GMT

Contributor: Parag Sawant

Phishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.

The phishing page, hosted on a free web hosting site, targets Facebook users and contains a fake voting campaign, “WHO IS GREAT BOYS OR GIRLS?” along with the “VOTE” button to register votes. The page is also embedded with pair of bar charts representing voting ratio and displays the total votes gained for the last four years. These give a more legitimate feel to the fake application.

figure1_1.jpg
Figure 1. The Facebook application asks users to register their votes

The first phishing page contains a button to initiate the...

Satnam Narang | 04 Apr 2014 14:56:45 GMT

Earlier this week, a large number of Twitter accounts were compromised and used by spammers to spread “miracle diet” spam. The compromised accounts included public figures, as well as average users of the social networking service.

Figure1_10.png
Figure 1. Twitter miracle diet spam

Déjà vu
Diet spam is quite common and can been found on various social networking sites and Twitter is no stranger to this problem. Over the years, we’ve seen many different campaigns try to capitalize on the latest miracle diet craze. In this particular case, spammers are trying to peddle garcinia cambogia extract through a page designed to look identical to the real Women’s Health website.

...

Joji Hamada | 03 Apr 2014 09:08:58 GMT

bankeiya_concept.png
In recent years, the Japanese Internet community has faced difficult times trying to combat financial Trojans such as SpyEye (Trojan.Spyeye) and Zeus (Trojan.Zbot). The number of victims affected and the amount of funds withdrawn from bank accounts due to compromises is increasing at an alarming rate. Just to give you an idea, according to the Japanese National Police Agency, the number of reported illegal Internet banking withdrawals jumped from 64 incidents in 2012 to 1,315 incidents in 2013. The loss in savings amounted to approximately 1.4 billion yen (US$ 14 million) in 2013, up from 48 million yen (US$ 480,000) in 2012.

More recently, the nation has also...

Orla Cox | 02 Apr 2014 13:59:50 GMT

Attacks are getting bigger and bolder and this calls for a new approach to cybersecurity. Cybercriminals have broadened their scope beyond conventional computer systems and now almost every connected device can be a target. 2013 was the year of the megabreach, where we witnessed some of the biggest data breaches of all time with over 500 million records exposed. Point of Sale terminals have been infected with malware in order to siphon off millions of credit card records. Attackers are even going one step further and using malicious code to steal cold hard cash. A recent piece of malware, Ploutus, allows criminals to use a mobile phone to get an ATM to spit out cash by sending a...