Japanese defense contractors disclose about a security beach

Today, the two Japanese defense contractors -Pasco Corporation and Kobe Steel disclosed the security breaches happened in the May 2018 and in June 2015/August 2016. The geospatial provider and major steel provider also confirm about this authorized access to the internal network and infect the systems in it with malware during the two incidents. Pasco is a provider of satellite data and Kobe is the supplier of submarines parts for the Japan Self defense forces. As per Pasco, the breach did not lead to the leakage of any defense information. However, the kobe’s statement did not mention anything on it. But, as per Nikkei reports, 250 files with data related to Ministry of Defense and personal info were compromised due to the company’s server hacked. Japanese Defense Minister, in a press conference on January 31 said, the two companies are the last of the four defense related firms hacked between Read more

Wawa data breach over 300 million card individuals’ card details

In December 19, 2019, Wawa, a company from East Coast of the US, announced about data breach on their retail giant shop. The company believed that the breach was a result of being infected with point of sale POS malware. This is the same malware that led Visa to warn fuel stations throughout North America and the pumps and devices attached being the target of Cybercriminal organizations. POS malware is especially designed to steal credit and debit card details from point of sale devices to process card payments. It encrypts the data of the card on payment devices before sending for the approval to bank network. The encryption occurs inside the RAM of the device which allows the malware to scrap the hardware and steal the card details. The command and control server of hackers’ control then connect to the device and receive the information. Returning to the Wawa incident, Read more

Final Windows 7 Update Breaks Desktop Wallpaper Feature

The last update for the Windows 7 OS has damaged some of the desktop wallpaper features and caused user’s backgrounds to become a blank black screen. Windows 7 reached its end of life on January 14th 2020, which means there will be no more fault fixes or free security updates after that date. Microsoft released the final free Monthly Rollup on the same day, KB4534310 that includes the last quality updates and free security updates for Windows 7 users. According to multiple reports in the Microsoft Forums, people have got to know that after installing the Windows 7 KB4534310 and rebooting the PC, their desktop wallpaper would no longer be displayed. Security team as capable of reproducing this issue and when using any other image position, the wallpaper properly displays. Once you configure it to use ‘Stretch’ and restart, the image will be black. In the tests, the WallpaperStyle Registry Read more

“Fleeceware” apps overcharge users even after the uninstall

Researchers from SophosLabs discovered that Fleeceware app overcharges users for providing its services when the short trial period got expired even if the app is uninstalled. The Fleeceware phenomenon was discovered on September last. Google took down this app due to such unfair practices. But, security experts found more culprits and the number of installers of the app exceeds 600 million. Users lose their hundred of dollars The trial period of Fleeceware app operated on opt-out basis, which means users who signed up to the apps had to cancel the trial before they get charged. The users who acquired the trial-based application and soon uninstalled the apps from their device do not get charged as developers assume that the product does not satisfy the customer.  However, some developers did not play all that fair and they charged users even if they uninstall the apps from their phones or tablets. “As Read more

Look out For Amazon Prime Support Scams in Google Search Ads

Users are redirected to fake Amazon support sites and tech support scams because a malicious ad campaign is underway in Google Search results. When a person clicks on the ad, he will be rerouted to a domain that tries to portray Amazon and includes a phone number to call to acquire help. This number is 1-844-325-7794, which is different from the legitimate Amazon support number of 1 (888) 280-4331. In addition to Amazon support scams, other ads revealed by the investigator were for the search keywords “my account” and “login” that lead to a number of different tech support scams like the one below. Thousands of users look at these ads and wonder how anyone could fall for them. The truth is that there are many people, particularly older people, who are not comfortable with computers, the Internet, and receiving support via online chat and email. These types of users Read more

After INTERPOL Action, Cryptojacking Drops by 78% in Southeast Asia

After intervention integrated by the International Criminal Police Organization (INTERPOL), the number of routers infected with coin miners in Southeast Asia dropped by 78%. INTERPOL is an inter-governmental organization that joins police forces from 194 countries in battling crime in multiple locations across the world. INTERPOL’s operation in Southeast Asia was established in June of 2019 and permits investigators and experts from 10 Southeast Asian countries to observe compromised routers. This led to repairing infected devices and removing coin miners. When the initiative got down, INTERPOL perceived over 20,000 hacked routers in the area, which accounted for over 18% of cryptojacking infections worldwide. Since the integrated operation began, the number of devices infected has dramatically decreased. However, INTERPOL’s efforts to remove the infections from leftover devices will continue into the New Year as cryptojacking continues to jeopardize safety. INTERPOL’s Operation Goldfish Alpha established in June 2019 permited cybercrime researcher and Read more

Emotet Trojan Gang Sends Christmas Party Invitation Email: Asking To Open Malicious Attachments

New Malware campaign: “Emotet Trojan inviting you to Christmas Party” email asks you to open malicious attachments According to report, Cybercriminal Group behind Emotet Trojan has started to deliver Christmas themed emails that trick you into opening the malicious attachments and become infected. One thing is clear that malware programmer behind this phishing/scam or email spam campaign wants to get the receipt to open the attached documents and infect targeted PCs with Emotet Trojan and other malware in order to open such malicious attachments. As per our research, Emotet Trojan Gang uses variety of email themes including payment invoices, payment receipts, shipping details, voicemails and eFaxes. Due to these malicious emails, attacker can easily access recipients’ PC/device and infect their machine with Emotet Trojan or other infections. Hacker Group behinds this phishing/scam takes the advantages of upcoming festival “Christmas Party” and sending our holiday-themed emails that invite you to Christmas Read more

Microsoft Explained Malware Spotted in Windows Machine Gone Down Due Major Security Improvements

Microsoft released three of more cunning phishing operations discovered in 2019 According to report, Microsoft has revealed three of more dangerous phishing operations discovered in 2019. The company has explained about the phishing attack in their recent blog post and states that scammers attempt to gain individual’s personal information via phishing tactics like use of malicious emails and fake websites, and targets the user with money and information that can be used for identity theft. Since, protections against phishing have increased and become incredibly effective, preventing billions of malicious phishing emails from the reaching end- users. Cyber security researchers & experts at Windows’ office 365 Advanced Threat Protection has noticed an malicious techniques involving the abuse of genuine cloud services like those offered by Google, Amazon, Microsoft and others. Let’s start the discussion about all three case studies of cunning phishing operations. Case Study 1: URLs that point the legitimate Read more

Zeppelin ransomware Attacks major organizations in Europe, US and Canada

Zeppelin ransomware is a new dangerous file-encoding malware that has been found to be infecting large healthcare and technology organizations worldwide. Victims of this deadly crypto-threat are largely from USA, Canada and Europe. Reports from Cylance researchers suggest that this virus is known to be Delphi-based RaaS and belongs to the family of Vega/Vegalocker ransomware. The initial Vegalocker threats were spotted at the beginning of 2019 attacking Russian speaking users. Within a period of only a bit over a month, Zeppelin ransomware was modified so much and enhanced upon Vegalocker. According to the security researchers, there might be a different hacker group spreading it altogether. Malware analysis displayed that it is developed to prevent its execution if it infiltrates your PC that is situated in Russia or other countries that fall under USSR block in the past. In a stark opposition to the Vega campaign, all Zeppelin binaries (as well Read more

PyXie RAT Targeting Health & Educational Organization: Stealing Credentials and Password

PyXie RAT uses .pyx File Extension to execute its code instead of .pyc Python-based files According to report, security experts & researchers have discovered a new Remote Access Trojan (RAT) that is currently being used to collect login credentials, record videos and keylogging components in its objectives. Security researchers have explained that PyXie RAT is new name of RAT Virus that is capable to gained access to targeted machine and cybercriminal to control their PC. However, it is also hard to detect this infection by most of the security application because this data stealing virus doesn’t shows up in lists of running programs or tasks. In other word, we can say that the action performs by PyXie RAT can be similar to those of genuine programs. Furthermore, hacker behinds this attack manages the level of resources use so that drop the performance doesn’t notify the targeted users that something’s amiss. Read more