Zicutake USA Comment | Search Articles

#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington
Space ads.
Contributions BTC: 1D3rCiP7XpdZbNF9g8HHqmRs9GxXgwb4ec



SunTrust unfaithful employee may have stolen data on 1.5 Million customers

Posted: 22 Apr 2018 10:25 AM PDT

SunTrust Banks Inc announced it discovered that a former employee may have attempted to download information on nearly 1.5 million clients and share it a criminal organization.

A former employee at the SunTrust Bank may have stolen data on 1.5 million clients,  including names, addresses, phone numbers, and account balances.

“The company became aware of potential theft by a former employee of information from some of its contact lists. Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed.” reads the press release published by the bank.

“The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver’s license information. SunTrust is also working with outside experts and coordinating with law enforcement.”


The bank said it believes the information doesn’t include personally identifiable information, such as social security numbers, account numbers, pins, user IDs, passwords or driver's license numbers.

SunTrust is notifying approximately 1.5 million clients that certain information may have been exposed.


According to the Reuters agency, the unfaithful employee tried to download the client data a few weeks ago in an attempt to sell it to a criminal.

“Chief Executive Officer William Rogers brought the incident to light on a post-earnings call with analysts on Friday. He said the attempt to download client information was made six to eight weeks ago.” reported the Reuters.

SunTrust CEO William Rogers said that there was no indication of fraudulent activity using the exposed information, likely the data had not been sent outside the bank.

The SunTrust is now offering free identity protection services to all of its clients.

“SunTrust Banks, Inc. (NYSE: STI) is now offering Identity Protection for all current and new consumer clients at no cost on an ongoing basis. Experian IDnotify™ will be provided to those who sign up for the service.” continues the press release.

“The IDnotify product by Experian is being offered in addition to existing SunTrust security protocols: ongoing monitoring of accounts, FICO score program, alerts, tools and zero liability fraud protection.” 

Pierluigi Paganini

(Security Affairs – Bata Breach, cybercrime)

The post SunTrust unfaithful employee may have stolen data on 1.5 Million customers appeared first on Security Affairs.

Experts spotted spam campaigns delivering XTRAT and DUNIHI backdoors bundled with the Adwind RAT

Posted: 22 Apr 2018 06:57 AM PDT

Security experts at Trend Micro have spotted spam campaigns delivering XTRAT and DUNIHI Backdoors and Loki malware bundled with the Adwind RAT.

Malware researchers at Trend Micro have uncovered a spam campaign that delivers the infamous Adwind RAT (aka jRAT) alongside the XTRAT backdoor (aka XtremeRAT) and the Loki info stealer. In a separate Adwind RAT spam campaign, the researchers observed the use of the VBScript with backdoor tracked as DUNIHI.

Both campaigns abuse the legitimate free dynamic DNS server hopto[.]org.

“Notably, cybercriminals behind the Adwind-XTRAT-Loki and Adwind-DUNIHI bundles abuse the legitimate free dynamic DNS server hopto[.]org.” reads the analysis published by Trend Micro. “The delivery of different sets of backdoors is believed to be a ploy used to increase the chances of system infection: If one malware gets detected, the other malware could attempt to finish the job.”

The experts detected 5,535 unique infections of Adwind between January 1 and April 17, most of them in the US, Japan, Australia, Italy, Taiwan, Germany, and the U.K.Adwind RAT detections

Crooks behind the Adwind, XTRAT, and Loki used weaponized RTF document that triggers the CVE-2017-11882 vulnerability to deliver the Adwind, XTRAT, and Loki bundles.

Below the attack chain:

Adwind RAT detections 2

“The dropped files are effective RATs with multiple backdoor capabilities, anti-VM, anti-AV, and are highly configurable. Notably, Adwind and XTRAT connect to the same C&C server: junpio70[.]hopto[.]org.” continues the analysis.

Adwind is a cross-platform Java backdoor that has been observed in the wild since 2013. XTRAT shares similar capabilities with Adwind, it also implements features to control both device camera and microphone.

Loki was known as a password and cryptocurrency wallet stealer well-known in the cybercrime ecosystem.

The experts also observed Adwind bundled with DUNIHI backdoor, attackers used a JAR dropper that ships a VBS dropper delivered via spam mail. The VBS dropper download and execute both DUNIHI and Adwind.

DUNIHi connects to pm2bitcoin[.]com:62103, while the Adwind/jRAT variant contacts the badnulls[.]hopto[.]org:3011.

Experts suggest a multilayered approach to security when dealing with a cross-platform threat like Adwind.

“IT administrators should regularly keep networks and systems patched and updated.”

“Both variants of Adwind arrive via email, so it is imperative to secure the email gateway to mitigate threats that abuse email as an entry point to the system and network.” concluded Trend Micro.

“Businesses should commit to training employees, review company policies, and develop good security habits.” 

Pierluigi Paganini 

(Security Affairs – Adwind RAT, cybercrime)

The post Experts spotted spam campaigns delivering XTRAT and DUNIHI backdoors bundled with the Adwind RAT appeared first on Security Affairs.

Security Affairs newsletter Round 159 – News of the week

Posted: 22 Apr 2018 01:30 AM PDT

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Let me inform you that my new book, “Digging in the Deep Web” is online

Kindle Edition

Paper Copy

Digging The Deep Web

Once again thank you!

·      Microsoft engineer charged with money laundering linked to Reveton ransomware
·      TrueMove H, the biggest 4G mobile operator in Thailand suffered a data leak
·      UK GCHQ director confirmed major cyberattack on Islamic State
·      Attackers exfiltrated a casinos high-roller list through a connected fish tank
·      Bitcoin web wallet addresses generated with a flawed library are exposed to brute-force attacks
·      Massive Ransomware attack cost City of Atlanta $2.7 million
·      Talos experts found many high severity flaws in Moxa EDR-810 industrial routers
·      Roaming Mantis Malware Campaign Leverages Hacked Routers to Infect Android Users With Banking Trojan
·      UK GCHQ spy agency warns telcos of the risks of using ZTE equipment and services
·      UK NCSC, DHS and the FBI Warn of Russian hacking campaign on Western networks
·      A flaw could allow easy hack of LG Network-attached storage devices
·      Intel announced the new Threat Detection Technology and Security Essentials
·      Probably you ignore that Facebook also tracks non-users across the web
·      Experts are observing Drupalgeddon2 (CVE-2018-7600) attacks in the wild
·      Hacking Cisco WebEx with a malicious Flash file. Patch it now!
·      New Windows Defender Browser Protection Chrome extension aims to protect them from online threats.
·      Private Intelligence agency LocalBlox leaked 48 Million personal data records
·      Rockwell Automation Allen-Bradley Stratix and ArmorStratix switches are exposed to hack due to Cisco IOS flaws
·      A flaw in LinkedIn feature allowed user data harvesting
·      At least 20 Million Chrome users have installed malicious Ad Blockers from Chrome store
·      Exclusive – APT group exploited still unpatched zero-day in IE dubbed 'double play
·      iOS users can now use Google prompt on their devices via the Gmail app
·      AlienVault presents OTX Endpoint Threat Hunter, its innovative free endpoint scanning service
·      Attackers Fake Computational Power to Steal Cryptocurrencies from equihash Mining Pools
·      Twitter bans Kaspersky from advertising its products through its platform
·      UK Teenager Kane Gamble who hacked CIA Chief and other US intel officials gets 2-year jail sentence


Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 159 – News of the week appeared first on Security Affairs.

Unscrupulous crooks behind the RansSIRIA Ransomware try to exploit attentions on Syrian refugee crisis

Posted: 22 Apr 2018 01:08 AM PDT

Researchers at MalwareHunterTeam have discovered a new strain of ransomware called RansSIRIA that encrypts victim’s files and then states it will donate the ransom to Syrian refugees.

Unscrupulous cybercriminals try to exploit every situation, even the most dramatic incidents. In the past, crooks attempted to exploits the media attention on dramatic events such as the Boston Marathon, the MH17, and the Hurricane Matthew Marathon.

Now security experts at MalwareHunterTeam have discovered a new strain of ransomware called RansSIRIA that encrypts victim’s files and then states it will donate the ransom to Syrian refugees.

According to the experts, the RansSIRIA ransomware is a variant of the WannaPeace ransomware the campaign spotted by the researchers aimed at Brazilian users.

Once the ransomware is executed, it will display a fake Word window while the malware encrypts victim’s files.

When the encryption process is completed, the ransomware will display a ransomware note containing the instructions for the payment.

The ransom note also contains a singular message to explain the ransom will be used to help Syrian refugees.

The ransom note is written in Portuguese, below the translated text was published by experts at BleepingComputer:

Sorry, your files have been locked    Please introduce us as Anonymous, and Anonymous only.  We are an idea. An idea that can not be contained, pursued or imprisoned.  Thousands of human beings are now ruled, wounded, hungry and suffering ...  All as victims of a war that is not even theirs !!!  But unfortunately only words will not change the situation of these human beings ...  We DO NOT want your files or you harm them ... we only want a small contribution ...  Remember .. by contributing you will not only be recovering your files ...  ... but helping to restore the dignity of these victims ...    Contribute your contribution from only: Litecoins to wallet / address below.

The ransomware will show a gallery of cruel images that show the dramatic situation in Syria and will play a YouTube video of the “Save the Children” organization that shows the suffering of Syrian children and the effect of a stupid war that someone don’t want to stop.

If the victims chose to pay the ransom, the malware will decrypt the files and then open the short URL https://goo.gl/qNxDFP, that is the Google-translated version of the article published at Worldvision about Syrian refugee children.

Statistics on the short URL shows the RansSIRIA ransomware was created on March 15th and at the time of writing it was opened 64 times, a circumstance that suggests that the threat is currently not widespread.

Unfortunately, ransom paid by the victims will never support the Syrian refugees.

“The ransomware developers, though, are not donating the ransom payments to the Syrian people and are only trying to benefit from others pain and suffering, which makes it that much worse.explained Lawrence Abrams from Bleeping Computer.

Pierluigi Paganini

(Security Affairs – RansSIRIA ransomware, cybercrime)

The post Unscrupulous crooks behind the RansSIRIA Ransomware try to exploit attentions on Syrian refugee crisis appeared first on Security Affairs.