ipTIME n104r3 suffers from cross site request forgery and cross site scripting vulnerabilities.
Monthly Archives: July 2015
Get a total of $4,2 million for the FBI’s most wanted hackers
It’s most likely not a huge surprise that there is such a list, and while it’s probably not as well-known as its “big brother”, the rewards offered for information leading to the arrest and/or conviction of 5 of the top most wanted cybercriminals on that list is not too shabby: The Federal Bureau of Investigation is willing to pay a total reward of $4.2 million!
So who is actually on the list? Let’s take a look.
EVGENIY MIKHAILOVICH BOGACHEV
Evgeniy Mikhailovich Bogachev, aka “lucky12345” and “slavik”, became famous as being the alleged mastermind behind the Trojan called “Zeus”. The Russian currently fetches a reward of $3 million.
NICOLAE POPESCU
The Romanian Nicolae Popescu apparently was involved in Internet Fraud schemes and made quite a lot of money with it. The FBI is offering a reward of $1 Million for him.
ALEXSEY BELAN
Belan is only worth $100,000 to the authorities. The Russian is wanted for allegedly having broken into three major United States-based e-commerce companies. Afterwards he tried to sell the stolen usernames and passwords on the black market.
PETERIS SAHUROVS
Being accused of selling malware laced ads that distributed ransomware, the reward for the Latvian is currently at $50,000.
CARLOS ENRIQUE PEREZ-MELARA
While the reward for Melara is set at $50,000, my guess is that the FBI actually wants to hire the guy: He allegedly was involved in manufacturing spyware “which was used to intercept the private communications of hundreds, if not thousands, of victims”.
For the rest of the list just go here.
The post Get a total of $4,2 million for the FBI’s most wanted hackers appeared first on Avira Blog.
Mastercard trials selfies as password replacement
A new app could see Mastercard accepting selfies instead of passwords to make purchases online.
The post Mastercard trials selfies as password replacement appeared first on We Live Security.
OLE Packager Embedding Issues
This write up discusses the dangers around the OLE packager used to embed any file into Office documents.
WordPress easy2map 1.24 SQL Injection
WordPress easy2map plugin version 1.24 suffers from a remote SQL injection vulnerability.
CryptoWall joins forces with click fraud botnet to infect individuals and businesses alike
Newest CryptoWall variant enters systems through a click fraud botnet.
Earlier this year, we told you about the return of CryptoWall, malware that encrypts certain files in your computer and, once activated, demands a fine around $500 as a ransom to provide the decryption key. These kinds of financial fraud schemes target both individuals and businesses, are usually very successful and have a significant impact on victims. The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website.
Recently, a click fraud botnet with ties to CryptoWall has been discovered. The malware, nicknamed ‘RuthlessTreeMafia‘, has been being used to distribute CryptoWall ransomware. What first appears as an attempt to redirect user traffic to a search engine quickly mutates into an alarming threat as infected systems begin to download CryptoWall and system files and data become encrypted, rendering them useless by their owners. Click fraud and ransomware are two types of crimeware that are usually quite different from one another and typically don’t have many opportunities to join forces; therefore, the result of this unlikely yet powerful collaboration can be detrimental to its victims.
In a public service announcement issued on June 23, the FBI warns of the continued spread of this variant of CryptoWall that has the potential to affect not only individuals, but also government entities and businesses. The report reads:
“Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.”
The uncovering of this most recent CryptoWall variant also goes to show just how creative cybercriminals can be when coming up with ways to get their malware onto people’s systems. A simple click fraud botnet compromise can now lead to a potentially serious ransom attack.
How to stay safe against infection
- Go with your gut. Don’t click on any emails or attachments that appear as suspicious or unfamiliar to you.
- Enable popup blockers. Popups are a popular way for hackers to spread malware. To eliminate the chance of accidentally clicking on a popup, it’s best to prevent them from appearing in the first place.
- Educate employees about the dangers of malware. It’s crucial that SMBs teach their employees about the risks that malware pose to their business. Hold regular workshops to educate employees about common malware attacks, such as phishing emails, and how they can stay safe against them.
- Always use antivirus software and a firewall. It’s crucial that you download and use antivirus software to best protect yourself against malicious attacks. For the highest level of protection, regularly make sure that your software is updated to the latest version.
Parents failing to educate children on Internet dangers
LONDON, 3 JULY, 2015 – In today’s ever-connected world, online dangers can present themselves around every virtual corner. As the third annual Child Internet Safety Summit commences, AVG® Technologies N.V. (NYSE: AVG), the online security company™ for more than 200 million monthly active users, has released new research revealing the extent of children’s exposure to inappropriate content online, and the conflicting views and concerns of their parents.
The findings reveal that more than a third (35%) of UK children have encountered dangers online while at home – a figure that rises to 40% among tech-savvy ‘tweens’.
Despite this reality, a quarter (24%) of all parents have no plans to educate their children about online risks – and this is particularly the case for those with older children, rising to one in four (39%) parents with 10-12 year olds, and two thirds (62%) of parents with 13-16 year olds.
When asked why, two in five (44%) parents believe their child is sensible enough to know what to avoid online, 22% think it will just be too awkward to discuss, and one in seven (14%) simply don’t think it’s necessary.
These startling findings highlight the growing need to educate both children and parents about the threats that lurk online.
Tony Anscombe, Senior Security Evangelist at AVG Technologies, explains: “No matter how tech-savvy today’s children are, nor how ‘technophobic’ their parents think they are, it’s important not to forget that they are still just kids. As with any other life lessons, children look to parents for guidance; and in turn, it is their responsibility to teach them good from bad.
The findings of this research prove exactly that. By assuming children know best, simply because they have grown up around technology, parents are opening up their children to online dangers – and a significant amount are falling victim to them in some form. It’s only through parents educating themselves and their children about these dangers that we’ll start to reduce the number of children exposed to inappropriate content online.”
The study also sheds light on where parents see their child’s digital habits being influenced. The vast majority (88%) say school friends and teachers play the biggest combined role, while over a quarter (26%) say friends from outside of school are also key influencers.
With 40% of parents most concerned for their child’s online safety when they are away from home, these findings highlight how they could be overlooking the online dangers within the home. While parents are rightly conscious of letting their children surf the web outside of the family environment, the findings suggest they may be too quick to shift the blame, for children encountering dangers online, onto these outside influencers, rather than shoulder it themselves.
Julia Bradbury, TV presenter and mother of three, comments: “As a parent, I’m increasingly conscious of keeping my children safe from all the risks they face – whether it’s crossing the road or playing with apps on my phone. Admittedly, it’s a lot easier to see the damage from a scrape on the knee, but – as the Internet plays a bigger role in their lives – we need to understand that virtual bumps and bruises can be just as painful.
All three of my children will be growing up around technology – they simply won’t know anything different – so it’s my job, as a mother, to make sure they know right from wrong (on-and-offline), so they can make the most of their connected world. Having those ‘awkward’ conversations is often part of parenting, and if they protect your child in the long run, then it’s something worth blushing for!”
Activity at the Child Internet Safety Summit 2015 is part of AVG Technologies’ SmartUser mission – a growing movement based on the belief that everyone on the Internet is responsible for making it a better place. The objective is to make the next two billion users of the mobile Internet Smart Users, through education, to help them make informed choices about their own security and privacy — all from the first moment they start using a connected device. The SmartUser initiative works on the basis that if you would teach a child how to safely cross the road, there is a similar duty to teach them how to responsibly use the Internet, as well.
– ENDS –
About the Research / Methodology:
AVG commissioned an online survey, interviewing 2,200 UK adult parents (aged 18-65) with one or more children aged 4-16 years old. The market research company, Vanson Bourne, carried out the fieldwork between 4th-12th June 2015 using their propriety panels.
How can we encourage girls to pursue a career in tech?
My career in the technology sector is a fortunate accident but it remains far too rare an outcome for women entering today’s workforce. This week I addressed an audience at the Child Internet Safety Summit in London to offer a woman’s perspective on what it means to be in technology, why it’s so important for young women to consider a career in the technology sector and what they can do to prepare themselves to be a part of the industry.
Of the many data points that serve to paint the picture of women in technology, I think that Maria Klawe, president at Harvey Mudd in Claremont California provides the clearest description of the problem.
“We’ve done lots of research on why young women don’t choose tech careers and number one is they think it’s not interesting. Number two, they think they wouldn’t be good at it. Number three, they think they will be working with a number of people that they just wouldn’t feel comfortable or happy working alongside.”
Not Interesting?
Ouch. It’s hard to understand this perspective from inside tech. From my vantage point, this is the industry most directly affecting people’s lives today and being a part of that is genuinely exciting. Somehow, at home, in schools and even in movies and television, we’re somehow failing to capture the imagination of young women. What I can other women in tech can do is be evangelists and invest some of our time talking with women and sharing our perspectives whether we are coders, marketers or engineers.
Not Good At It?
Young women don’t come to the conclusion that they wouldn’t be good at a particular thing without some pretty strong communication from their community. Whether at home or at school, our families and institutions need to consciously change the dialog and tone. The evidence is clear that women are just as capable as men in business, technology, medicine and virtually every other field. We need to stop suggesting otherwise and present the skills that lead to tech openly and without bias.
Not Comfortable?
I cannot honestly think of a workplace in which everyone liked each other or got along all the time. Working with a variety of personalities is essential to success regardless of sector so it makes me wonder what message we are sending to young women that gives them this perception of people working in technology. Perhaps the most important thing we can do is to help teach all children how to work together, to compromise and to be a part of a truly diverse workforce.
Much of the media’s focus on women-in-tech has focused on coding, and the good news is that there are many companies and organizations working to make sure young women know that this field is open to them and that there’s much that they have to offer and can accomplish. We’re far from there but we’ve started.
More importantly though, we need a more comprehensive change perceptions and from the beginning communicate to girls and young women that entire world of careers is open to them and welcomes them. To that end we should all do the following:
- Become advocates and mentors and provide encouragement, affirmation and confidence. Women in particular need to be role models and mentors in their community.
- Young women need to seek out sponsors, someone who will truly take an active role in supporting their career aspirations.
- Men need to be allies and supportive.“A true male ally is a man who is willing to defend women when there are no women in the room.”
Ultimately, the most impactful thing we can do in our industry is to tell a good story that demonstrates technology is compelling and accessible to everyone.
We don’t need to change who people are or turn women into men. We simply need to make sure that we all women have the opportunity to choose to be a part of whatever industry we want.
Debbie Sterling, Founder and CEO of Goldieblox said it well, “There’s nothing wrong with being a princess, we just think girls can build their own castles too.”
Video
Boardroom or Baby: The choices of women in tech
433,000 Ford cars to be recalled because of software bug – would you have preferred an internet update?
Cars which are capable of receiving instructions via the internet (such as software updates) are potentially more at risk of being hacked or meddled with than those which don’t.
The post 433,000 Ford cars to be recalled because of software bug – would you have preferred an internet update? appeared first on We Live Security.
Developers are neglecting the login security for both Android and iOS
You open an application to read the news, check your e-mail or social networks and, on many occasions, it asks you for a username (which may be your email address) and a password. You must sign in to access the headlines which have been customized depending on your preferences, your Inbox where you receive your emails (and not those addressed to anyone else) or, to your personal, and supposedly non-transferable, account.
Technically, yes. A team of researchers from the University of Darmstadt (Germany) and the Fraunhofer Institute for Secure Information Technology scanned 750,000 applications for Android and iOS and discovered that the apps developers didn’t take as seriously as they should the security of this important step (login or authentication).
These experts claim that the analyzed apps, including very popular ones – although they didn’t give any names- and they detected vulnerabilities in all kinds of applications, from games to Instant Messaging, through social networks, financial services or even health-related software.
According to the findings of this research team, many programmers are managing the information needed for logging in, in a negligent or improper way, leaving user names, email addresses or passwords available to third parties with dubious intentions. During their analysis, they found 56 million ‘sets’ of unprotected data.
“App developers use cloud databases to store user data but apparently ignore the security recommendation given by the Cloud providers” says Prof. Eric Bodden, study’s lead author, regarding to the cloud databases offered by Facebook (Parse) and Amazon (AWS).
Storing the users data in third-party cloud it is easier for developers (for example, when it comes to synchronizing web services and applications for different operating systems), but it is a decision that should not be taken lightly. Our data’s security is at stake.
Why is there so much unprotected data?
Cloud vendors offer different security mechanisms to determine if a user is who he claims to be when he checks the database: the more sensitive the information, the higher the barriers. Bodden explains that “the weakest form of authentication, meant to identify rather than to protect the data, uses a simple API-token, a number embedded into the App’s code”.
Using the appropriate tools, an attacker could easily remove those tokens and access the data, read it or even manipulate it. There are endless ways of harming or cashing in for someone unscrupulous: from selling emails and passwords on the black market, to blackmailing the data owners, spreading malware or turning the cell phones of hundreds of users into soldiers of a bot army.
To prevent this, app developers should implement more sophisticated security measures, precisely, just what Facebook, Amazon and other cloud vendors recommend. As the research carried out by Darmstadt and Fraunhofer recommended, developers should implement an access-control scheme, which according to the test most of the 750,000 analyzed applications didn’t.
“Our findings and the nature of the problem indicate that an enormous amount of app-related information is open to identity theft or even manipulation” says Prof. Eric Bodden. “With Amazon’s and Facebook’s help we also informed the developers of the respective apps and they really are the ones who need to take action because they underestimated the danger”.
The post Developers are neglecting the login security for both Android and iOS appeared first on MediaCenter Panda Security.