Latest Posts

HR Targeted Ransomware Campaign


Security researchers from Check Point came across a new Ransomware campaign targeting Human Resource departments. The attack start by an email pretending to be a job application. The email contains a brief message from the applicant and two attachments, a PDF file and an Excel document.

The PDF file is non malicious cover letter which trick the receiver into believing that the email is legitimate. The second document, is a macro-enable Excel file containing a picture of a flower with the word "Loading..." . A text asking the victim to enable the content can also be seen.

 As soon as the receiver enable the content, the macro in the excel document is executed and the encryption process of the files is started, preventing the user from accessing the files. Once encryption is completed, the victim is presented with a note: “YOUR_FILES_ARE_ENCRYPTED.TXT” . 

The device is then automatically rebooted and a fake “chkdsk” screen is displayed while the disk is been encrypted.

After disk encryption, the victim is presented with the below screen where steps to decrypt their disk has been given.

We advise people from HR departments to remain alert. Make sure a robust anti-Ransomware software is running on your device. Scan all downloaded document before opening.

Source: [CheckPoint Blog]

Google Patches 95 Android Vulnerabilities

Google's first Android Security Bulleting for 2017 addresses 95 vulnerabilities in the operating system, among which, 22 were rated Critical. This update is split into two, the 2017-01-01 security patch, which addresses 23 vulnerabilities and the 2017-01-05 security patch level addresses 72 bugs affecting drivers.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

A full list of all the addressed vulnerabilities can be find from official source below.

We advise our readers to update their Android devices.


Source: [Android.com]

Denial-of-Service Malware Targeting Macs


Security Company Malwarebytes has warned about a new malware which is targeting Macs. The Denial of Service malware hijacks Safari and Apple's Mail applications and automatically creates email drafts continuously until the Mac can no longer handle the task and crashes.
A link is been sent via email addresses dean.jones9875@gmail.com and amannn.2917@gmail.com. The malware is hosted on different sites such as safari-get[.]com, safari-get[.]net, safari-serverhost[.]com and safari-serverhost[.]net.

Mac users running macOS 10.12.2 (or later betas) are not affected, as Safari detects the attempt to open the Mail app and blocks the unwanted event.

We advise our readers not to open emails from these addresses and to immediately delete them.

Source: [9to5mac]

Hacker Donates $11000 to Help Kurds in Rojava

A hacker going by the codename HackBack or Phineas Fisher, has donated $11000 in bitcoins to Rojava – a Kurdish region in northern Syria, located at the borders of IS (Daesh) controlled territory.On his twitter account, he described them as "one of the most inspiring revolutionary projects in the world today.

The hacker stated that the money comes from a heist but refused to reveal more details. He also revealed that a much bigger cyber-heist is been work on. The donation was done online though a campaign which the Rojava is running to get fun to feed its region.

Source:[Click Here!

Hacker Selling 117 Million LinkedIn Accounts On Darkweb

A hacker using the code name of Peace is selling 117 million LinkedIn user information on darkweb for 5 Bitcoins(around $2200/£1,500).LeakedSource, the paid search engine for hacked data managed to get a copy of the stolen data stated that there are around 167 million hacked account and 117 million have both emails and encrypted passwords.
LeakedSource commented about the password sasying,
"Passwords were stored in SHA1 with no salting. This is not what internet standards propose. Only 117m accounts have passwords and we suspect the remaining users registered using Facebook or some similarity."

Additionally, security researcher Troy Hunt Tweeted that as the passwords are encrypted with SHA-1, it will be easily cracked.

Source:[Click here!]

444 School Websites Shut Down By Teen Hacker

A 16 year old student has been charged with obstruction of justice for having launched DDoS attacks on 444 school websites in Japan. The incident took place in November 2015 and is considered to have made history in Japan for having targeted a local governmental organisation. According to the local police, the boy launched the attack to teach his educators a lesson.

"I hate how the teachers talk down to us and never let us express ourselves. So, I thought I would remind them of their own incompetence. It felt good to see them have problems. I did it several times,"

Police seized the boy's computer and some hacking book. He downloaded tools which sent large volumes of data to the Board of Education servers, causing it to be unreachable for about one hour. The boy also told the police that he wanted to join the hacking group Anonymous.

Japanese law punishes such crimes with a maximum of a three-year prison term or a fine of ¥500,000 (£3204, $4,598). Taking the boy's age into consideration, it is not sure that he will face the maximum sentence.

Source:[Click Here!]

Visitors

Free counters!

Receive all updates via Facebook. Just Click the Like Button Below...

Powered By MauriHackerS

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !