Bitcoin has issued an urgent warning that very recent transactions could be invalid, due to a glitch with older mining software that could cause Bitcoins to be double-spent.
The post Outdated Bitcoin mining software loses miners thousands appeared first on We Live Security.
It’s most likely not a huge surprise that there is such a list, and while it’s probably not as well-known as its “big brother”, the rewards offered for information leading to the arrest and/or conviction of 5 of the top most wanted cybercriminals on that list is not too shabby: The Federal Bureau of Investigation is willing to pay a total reward of $4.2 million!
So who is actually on the list? Let’s take a look.
EVGENIY MIKHAILOVICH BOGACHEV
Evgeniy Mikhailovich Bogachev, aka “lucky12345” and “slavik”, became famous as being the alleged mastermind behind the Trojan called “Zeus”. The Russian currently fetches a reward of $3 million.
NICOLAE POPESCU
The Romanian Nicolae Popescu apparently was involved in Internet Fraud schemes and made quite a lot of money with it. The FBI is offering a reward of $1 Million for him.
ALEXSEY BELAN
Belan is only worth $100,000 to the authorities. The Russian is wanted for allegedly having broken into three major United States-based e-commerce companies. Afterwards he tried to sell the stolen usernames and passwords on the black market.
PETERIS SAHUROVS
Being accused of selling malware laced ads that distributed ransomware, the reward for the Latvian is currently at $50,000.
CARLOS ENRIQUE PEREZ-MELARA
While the reward for Melara is set at $50,000, my guess is that the FBI actually wants to hire the guy: He allegedly was involved in manufacturing spyware “which was used to intercept the private communications of hundreds, if not thousands, of victims”.
For the rest of the list just go here.
The post Get a total of $4,2 million for the FBI’s most wanted hackers appeared first on Avira Blog.
Cars which are capable of receiving instructions via the internet (such as software updates) are potentially more at risk of being hacked or meddled with than those which don’t.
The post 433,000 Ford cars to be recalled because of software bug – would you have preferred an internet update? appeared first on We Live Security.
The UK government has launched a new website designed to support victims of online abuse, while offering practical advice on how to report the abusers.
The post UK government tackles online abuse with anti-trolling website appeared first on We Live Security.
If your answer is yes, you might want to change your password, ladies and gentleman, because Plex has been hacked.
Plex, a very popular media sever helps you to organize videos, music and photos and allows you to stream them to your smart TVs, streaming boxes and of course mobile devices. The company also runs their own forum which now has been hacked.
The hacker who goes by the name of Savaka demands a payment of about 1500€ worth of bitcoins. He writes: “Hello,
My name is savaka and I like to hack things. Recently https://plex.tv/ (s) forum & website was compromised by me. I managed to obtain all of your data, customers as well as software and files.
I replaced the index.php of the administrator cpanel with a nice message, but the ones in charge of your data decided that it would be pretty lulzy’ to remove the message and place the original index back there.
I gave them until the 3rd of this month to send 9.5 BTC to redacted or I would release all this data.
This ransom is still active and on the 3rd: if no BTC payment is made, the ransom wll go up by 5 BTC.
Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv
You can also pay me to remove your data from the content that’s going to be released by e-mailing [redacted ] If you send an e-mail without BTC ready to send, I will add your data to a special list.
savaka
P.S I don’t care who the BTC comes from as long as the payment is made: no data will be released.“
As a result the company has taken its forums offline for the time being and informed its users about the hack. Right now the Plex staff is investigating whether other parts of their infrastructure have been compromised.
Our forum machine has apparently been compromised. We’ve brought it down so we can investigate; we’ll have more news as soon as we know more
— Plex (@plexapp) July 1, 2015
The post Plex TV Has Been Hacked – You Might Want To Change Your Password! appeared first on Avira Blog.
We all know what malware is capable of and that’s why we use a good and reliable antivirus like Avira. But while most of the things malware does sounds horrible and scary there are some that … well, do not.
The perfect example would be click-fraud malware, a kind of malware that does exactly what its name says: It clicks on advertisement. Basically the advertiser has to pay each time a real person or – in the case of malware – a bot-infected device clicks on an ad. A recent report claims that businesses are losing as much as $6.3 billion a year to click-fraud. Crazy, right? But still nothing to lose any sleep over since you are not the one paying the bill.
According to the security researchers from Damballa though, click-fraud can evolve: “Click-fraud malware infections can become something more sinister. In May, Damballa Failsafe tracked and recorded the activity of a click-fraud infection that pulled in three additional click-fraud infections plus CryptoWall, which encrypts the files on the host system to render them inaccessible to the user. Within a couple of a couple hours a simple click-fraud infection escalated to a crippling malware infection. Suddenly, that infected device became a high-risk priority.“
If there is one lesson to be learned from all of this: No malware is too small or “unimportant” to become really dangerous at some point.
The post Click-fraud evolved, and it has a plan appeared first on Avira Blog.
The second admission followed a week later. The Office of Personel Management (OPM) announced that on June 4, a hack attack had succeeded on governmental staff – four million people affected. It now appears that an additional 18 million records were stolen. The government, communicated this as two separate events in an apparent attempt to downplay the scale.
So what happened in the alleged second hack? That 18 million Social Security numbers have been compromised, is a “preliminary, unverified, approximate” according to a letter from the Director of OPM, Katherine Archuleta. The number — 18 million – affects people working for a federal agency or who applied for funding. The data, according to US government circles, may be in the hands of spies from the People’s Republic of China. This has been flatly denied by Chinese officials.
Mrs. Archuleta was called to testify before a Congressional committee: Encryptions are not always possible due to the age of facilities. She argued, however, that even encryption would have not sufficed, because the hackers would then have copied keys and passwords.
An article from the Wall Street Journal mentions that the government described the attack as happening in two waves in orde rto downlplay the severity. In addition, the OPM had denied the disclosure of sensitive information twice, even though the FBI had informed the OPM on June 5 about the attack…
The post Office of Personal Management Hacked – US Government Downplays the Event appeared first on Avira Blog.
Cisco security engineers have disclosed that there is a single default ‘maintenance’ SSH key hardcoded into several families of Cisco security appliances.
The post Cisco warns of default SSH key in several products appeared first on We Live Security.
Hacker Mateusz Jurczyk from Google’s Project Zero disclosed 15 remote execution vulnerabilities, most of them for Windows and the Adobe Type Manager Font Driver. He presented his findings at the Recon security conference and aptly named his research “One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation”.
According to his blog the most serious and interesting security issue he discovered so far was a really reliable BLEND instruction exploit. Jurczyk writes that “the extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) – thus making it possible to create an exploit chain leading to a full system compromise with just a single bug – makes it one of the most interesting security issues I have discovered so far.”
He also shared two videos in which he shows how he successfully exploits the Adobe Reader 11.0.10 using the BLEND vulnerability (CVE-2015-3052), accompanied by sandbox escapes via ATMFD.DLL in the Windows Kernel as well as a “Registry Object” vulnerability on x64 builds (CVE-2015-0090).
Jurczyk reported all of his discoveres to Microsoft and Adobe which fixed the bugs in security bulletins MS15-021 (March), APSB15-10(May) and MS15-044 (May).
The post Time to Patch: Loads of Security Issues in Adobe Reader and Microsoft Windows appeared first on Avira Blog.
A serious flaw has been discovered in the Spiceworks application, which creates an admin account for anyone logging in using their Facebook or LinkedIn details.
The post Spiceworks application vulnerability disclosed appeared first on We Live Security.
