-->
ROOM ZKE
USAComment.com
Zicutake USA Comment | Search Articles



#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington
 Smiley face
PROXY LIST

[Calculate SHA256 hash]
 Smiley face
Zicutake BROWSER
 Smiley face Encryption Text and HTML
Aspect Ratio Calculator
[HTML color codes]
 Smiley face Conversion to JavaScript
[download YouTube videos in MP4, FLV, 3GP, and many more formats]

 Smiley face Mining Satoshi | Payment speed
CALCULATOR DIMENSIONS AND RECTANGLE

 Smiley face
CREATE ADDRESS BITCOIN
Online BitTorrent Magnet Link Generator
[PERCENTAGE CALCULATOR]
JOURNAL WORLD:

SEARCH +8 MILLIONS OF LINKS ZICUTAKE STATE

#Security

#Security


Cybersecurity week Round-Up (2018, Week 8)

Posted: 26 Feb 2018 12:57 PM PST

Cybersecurity week Round-Up (2018, Week 8) -Let’s try to summarize the most important event occurred last week in 3 minutes.

Last week, the Russian central bank revealed unknown hackers have stolen roughly $6 million from a Russian bank last year via SWIFT system.

The Indian City Union Bank announced that cyber criminals compromised its systems and transferred a total of US$1.8 million.

Hackers continue to show a great interest in cryptocurrency.

  • Researchers with Cisco Talos have monitored a bitcoin phishing campaign conducted by a criminal gang tracked as COINHOARDER that made an estimated $50 million by exploiting Google AdWords.
  • A criminal organization has made $3.4 million by compromising Jenkins servers and installing a Monero cryptocurrency miner dubbed JenkinsMiner.
  • Hackers compromised a Tesla Internal Servers with a Cryptocurrency miner.

Google Project Zero hackers disclosed details of an unpatched vulnerability in the Edge browser because Microsoft failed to address it within a 90-day deadline.

Google white hackers disclosed also critical vulnerabilities in uTorrent clients that could be easily exploited by the researchers to deliver a malware on the target computer or view the past downloads.

The former NSA hacker and malware researcher Patrick Wardle spotted a new remote access Trojan dubbed Coldroot RAT. The Coldroot RAT is a cross-platform malware that is targeting MacOS systems and the bad news is that AV software is not able to detect it.

Intel released a stable microcode update to address the Spectre vulnerability for its Skylake, Kaby Lake, and Coffee Lake processors in all their various variants.

State-sponsored hackers are often active and are expanding their horizons:

  • North Korean APT Group tracked as APT37 broadens its horizons targeting entities in Japan, Vietnam, and even the Middle East last year;
  • Russia-linked Sofacy APT group shift focus from NATO members to towards the Middle East and Central Asia;
  • Iran-linked group OilRig used a new Trojan called OopsIE in recent attacks against an insurance agency and a financial institution in the Middle East.

Researchers at Fortinet have discovered the OMG botnet, the first Mirai variant that sets up proxy servers on the compromised IoT devices.

SamSam Ransomware hit the Colorado Department of Transportation Agency that shut Down 2,000 Computers after the infection.

FBI warns of spike in phishing campaigns to gather W-2 information.

Enjoy the video 😉

 

Pierluigi Paganini

(Security Affairs – cybersecurity, cyberweek)

The post Cybersecurity week Round-Up (2018, Week 8) appeared first on Security Affairs.

VISA – The adoption of chip-and-PIN card technology lead to 70% Drop in Counterfeit Fraud

Posted: 26 Feb 2018 05:38 AM PST

VISA – The cases of counterfeit fraud had dropped by 70% in September 2017 compared to December 2015 thanks to the diffusion of the diffusion in the storefronts of payment systems for EMV cards.

The introduction of chip-and-PIN card technology in the United States improved in a significant way the security of merchants and has reduced payment card fraud.

The cases of counterfeit fraud had dropped by 70% in September 2017 compared to December 2015 thanks to the diffusion of the diffusion in the storefronts of payment systems for EMV cards.

“For merchants who have completed the chip upgrade, counterfeit fraud dollars
EMV chip cards and chip-activated merchants combat counterfeit fraud in the U.S.
December 2017 Visa Chip Card Update in September 2017 compared to December 2015″ states VISA.

The process started in 2011 with the introduction of EMV (Europay, MasterCard, Visa) card technology in the United States.

The process was very slow, according to Visa, by September 2015, only roughly 392,000 merchants were accepting payment card using the new technology. at the same period, the number of Visa debit and credit cards using the EMV technology was only at 159 million.

Now Visa has shared data related to the adoption of the EMV technology by December 2017. The number of storefronts that currently accept payments with chip cars has reached 2.7 million in the U.S. (+570%), representing 59% of the total.

VISA DATA

The number of Visa payment cards using EMV technology increased passed from 159 million to 481 million (202%), with 67% of Visa payment cards having chips.

It is an excellent result, according to VISA Chip transactions continue to increase in the US. EMV cards accounted for 96% of the overall payment volume in the United States in December 2017, with chip payment volume reaching $78 billion.

VISA data 3

Cybercriminals have responded to the adoption of EMV chip cards focusing their efforts on card-not-present (CNP) fraud had that is today a serious concern for merchants.

Pierluigi Paganini

(Security Affairs – EMV chip cards, VISA)

The post VISA – The adoption of chip-and-PIN card technology lead to 70% Drop in Counterfeit Fraud appeared first on Security Affairs.

Pyeongchang – Russia’s GRU military intelligence agency hacked Olympics Computers

Posted: 26 Feb 2018 03:14 AM PST

Pyeongchang – Russia’s GRU military intelligence agency hacked Olympics Computers conducted a false flag operation to make it appear the attack originated in North Korea.

On February 9, shortly before the Pyeongchang opening ceremonies on Friday, televisions at the main press centre, wifi at the Olympic Stadium and the official website were taken down.

According to The Washington Post, the incidents were caused by cyber attacks powered by hackers working at Russia’s GRU military intelligence agency that managed to take control in early February of 300 computers linked to the Olympic organization.

The cyber attacks were a retaliation against the International Olympic Committee for banning the Russian team from the Winter Games due to doping cases of Russian athletes.

“Analysts surmise the disruption was retaliation against the International Olympic Committee for banning the Russian team from the Winter Games due to doping violations. No officials from Russia's Olympic federation were allowed to attend, and while some athletes were permitted to compete under the designation "Olympic Athletes from Russia," they were unable to display the Russian flag on their uniforms and, if they won medals, their country's anthem was not played.” reported The Washington Post.

“As of early February, the Russian military agency GRU had access to as many as 300 Olympic-related computers, according to an intelligence report this month.

The Office of the Director of National Intelligence declined to comment.”

Pyeongchang Olympic Games

The cyber attacks caused severe problems to the Olympic organization, many attendees were unable to print their tickets for the ceremony and were not able to participate the event.

According to the authorities, it is a sabotage, Russian cyber soldiers compromised South Korean computer routers and implanted a strain of “malware” that paralyzed the network.

In order to make hard the attribution of the attack, Russian hackers conducted a false flag operation to make it appear the attack originated in North Korea.

“Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to U.S. intelligence.” continues the Washington Post.

“They did so while trying to make it appear as though the intrusion was conducted by North Korea, what is known as a "false-flag" operation, said two U.S. officials who spoke on the condition of anonymity to discuss a sensitive matter.”

Stay Tuned.

Pierluigi Paganini

(Security Affairs – Russian hackers, Pyeongchang Olympic Games)

The post Pyeongchang – Russia’s GRU military intelligence agency hacked Olympics Computers appeared first on Security Affairs.

Data Keeper Ransomware – An unusual and complex Ransom-as-a-Service platform

Posted: 26 Feb 2018 12:13 AM PST

The Data Keeper Ransomware that infected systems in the wild was generated by a new Ransomware-as-a-Service (RaaS) service that appeared in the underground recently.

A few days ago a new Ransomware-as-a-Service (RaaS) service appeared in the underground, now samples of the malware, dubbed Data Keeper Ransomware, generated with the platforms are have already been spotted in the wild.

The Data Keeper ransomware was discovered by researchers at Bleeping Computer last week.

“The service launched on February 12 but didn’t actually come online until February 20, and by February 22, security researchers were already reporting seeing the first victims complaining of getting infected.” reads the blog post published by Bleeping Computer.

Anyone can sign up for the RaaS service and activate his account for free and create their samples of the ransomware.

The ransomware encrypted the files with a dual AES and RSA-4096 algorithm, it also attempts to encrypt all networks shares. Once the files are encrypted, the malicious code will place a ransom note (“!!! ##### === ReadMe === ##### !!!.htm“) in each folder it will encrypt files.

The operators behind the Data Keeper RaaS request their users to generate their samples and distribute them, in turn, they offer a share of the ransom fee when victims pay the ransom. It is not clear the percentage of the ransom that is offered to the user.

Affiliates just need to provide the address of their Bitcoin wallet, generate the encryptor binary, and download the malware along with a sample decrypter.

According to the researchers at the MalwareHunterTeam who analyzed the ransomware, even if it is written in .NET language, its quality is high.

 

The Data Keeper ransomware is complex, it is one of the few ransomware strains that use the PsExec tool. The Data Keeper ransomware uses the PsExec to execute the malicious code on other machines on the victims’ networks.

An interesting characteristic implemented by the Data Keeper ransomware is that it doesn’t append an extension to the names of the encrypted files.

With this trick victims won’t be able to know if the files are encrypted unless they try to open one.

“This is actually quite clever, as it introduces a sense of uncertainty for each victim, with users not knowing the amount of damage the ransomware has done to their PCs.” continues Bleeping Computer.

Another singularity of this RaaS platform is the possibility for affiliates to choose what file types to encrypt, affiliated can also set amount of the ransom.

The platform uses a payment service hosted on the Tor network, it is a common option for many malware.

According to the researchers, many crooks have already signed up for the Data Keeper RaaS and are distributing weaponized binaries in the wild.

The experts at MalwareHunter told Bleeping Computer that one of the groups that is distributing the ransomware is hosting the malicious binaries on the server of a home automation system.

Further technical details and the Indicators of Compromise (IOCs) are included in the post published by Bleeping Computer

Recently other RaaS services were spotted by the experts in the underground, GandCrab and Saturn were discovered in the last weeks.

Pierluigi Paganini

(Security Affairs – Data Keeper ransomware, RaaS)

The post Data Keeper Ransomware – An unusual and complex Ransom-as-a-Service platform appeared first on Security Affairs.