Beware of 'Your Hotmail Account services has expired' Phishing Scam

Security researchers from Malwarebytes have discovered a phishing email making the round stating that the recipient Hotmail account has expired and it has been upgraded to Outlook.com.The email goes as follow:
Security Change
Dear User,
All Hotmail customers have been upgraded to Outlook.com. Your Hotmail Account services has expired.
Due to our new system upgrade to Outlook. In order for it to remain active follow the link Sign in Re-activate your account to Outlook. account.live.com
Thanks,
The Microsoft account team

Once the recipient click on the link, he/she is sent to a fake website looking exactly like the page of Outlook.com. Researchers discovered that the page is hosted on a compromised website. They also discovered that the link in the email is broken and does not point directly to the fake website. Cybercriminals behind the campaign will surely correct this and internet users should be careful.

Source:[Malwarebytes]

Beware of British Airways Customer Services Phishing Emails

An email pretending to be from British Airways customer services is at the moment making the round and is claiming that your order has been successfully booked.The email contains a booking reference, departure date/time, and prices. They also added a link to download your 'ticket'. The file contain malware.British Airways never ask you to enter your personal bank account or credit card details through  link sent in email.
We advise our readers to immediately delete this email if they received it.
Source:[Click Here!]

Beware of PayPal Phishing Scam 'Your Transaction was Declined'

An email is at the moment in circulation and is pretending to be from PayPal. The email states that a transaction has been declined because the account seems unusual.As such, the receiver of the email must confirm their account details for security reasons. The email contain a PayPal logo and looks professional which give the impression that the email is genuine. The email ask the recipient to open the attached file and to fill the form to confirm the information they provided at the the time they created their account. By providing all the information, the scammers collect all the login information and also the financial details. After providing the login details on the fake PayPal login page, they are directed to another page to provide personal and contact details.

After completing all the forms, the user will be taken to a confirmation page stating that they successfully restored access to their account.
We ask our readers to be vigilant and if ever you think you have been victim of the scam,change your password immediately and contact your bank.

Source:[Click Here!]

Two Students Arrested For Hacking Data InfoSys

Two 19 year old IT students ,Kulshrestha Varma and Hardik Sud, have been arrested by Jaipur cyber crime police for hacking Data Infosys e-processing system and fraudulently recharging BSNL's pre-paid mobile phones worth Rs 8 lakh. They hack into Data Infosys's website in a cyber cafe.
The security breach and the fraudulent mobile recharge was discovered in November during an audit. The police stated that it took them 75 days to crack the case as there was a lot of technical investigations which had to be carried out.
Source:[Times Of India]

CERT India Advising Internet Users to Update Their Browsers

With recent vulnerabilities discovered in browsers like Google Chrome and Mozilla Firefox, CERT India is advising Indian internet users to keep their browsers updated to avoid being victims of cyber criminal.
A cyber security expert told PTI "The two web browsers are an important tool for Internet surfing among Indian online consumers. The anomalies have been detected recently and it would be advised that users upgrade their existing versions sooner than later. These activities are mischiefs on part of hackers or they are harmful viruses,"

According to CERT In, several vulnerabilities were reported in Mozilla Firefox, Thunderbird and SeaMonkey which could allow remote attacker to bypass certain security restrictions, disclose potentially sensitive information, gain escalated privileges, execute arbitrary code and causes denial of service condition on the affected system.
In Google Chrome, vulnerabilities could be exploited to cause denial of service condition or execute arbitrary code on the target system.
We advise all our readers to update their browsers from the official website of each browser.

Source:[NDTV Gadget]

Beware of Phishing Scam "Microsoft Reactivate Your Email Account"

An email pretending to be from Microsoft Corporation is at the moment in circulation and is asking recipient to reactivate their email account. This is pure phishing and a way for cyber criminal to harvest email addresses and passwords.
The email content goes as follow:
Subject: REACTIVATE YOUR EMAIL ACCOUNT!!!

Attention;
In compliance with the email upgrade instructions from
Microsoft Corporation and WWW email domain host, all unverified email accounts would be suspended for verification.
To avoid suspension of your email account and also to retain all email Contents, please perform one time automatic verification by completing the online verification form.
Please CLICK HERE
for the online verification form.
As a confirmation of complete and successful verification, you shall be automatically be redirected to your email web page.
Please move this message to your inbox, if found in bulk folder. Please do this for all your email accounts.
Thank you.
WWW. mail Support Team.
© 2014 Microsoft Corporation.

When users click on the link provided, they are directed to a fake website where they are asked to provide their personal information such as email address, password, phone number date of birth and whether they are using a public or private computer.
We advise our readers not to provide information to such stuffs! No email provider will send these request. If you have been a victim of this scam, change your password immediately.

Source: [Click Here!]

40,000 AVS TV Accounts Leaked

Hacker using the codename of DeleteSec leaked 40,000 user accounts after they hacked AVS TV website(avstv.com). This was announce  through the official twitter account of DeleteSec.The database leaked contains address information, date of birth, full names, contact numbers, email addresses, usernames and passwords in plain texts.
What is AVS?
AVS - Asian Variety Show is a weekly capsule that encompasses the best of Bollywood and beyond. Established in North America in 1987, AVS TV Network has been leading the way in providing top quality entertainment to millions of viewers hungry for Bollywood entertainment. Each episode is produced in English so people from around the world can enjoy what the South Asian community has come to love.

For security reasons, we are not providing link to the database leaked.

Beware of Valentine Scam and Mobile Applications

Cybercriminals and scammers have started sending spam emails on the occasion of Valentine's Day. These spam campaigns usually advertised about 'the perfect gift' for the occasion,such as flower deliveries,free coupon,fake pharmaceutical sites and so on.As such, experts from Trendmicro Lab have published about some examples of the rogue emails and website which are making the rounds these days.
Adding to this, experts from Bitdefender have identified a series of 'valentine's applications' which steal data.These applications asked for permissions to access and send your location over the internet and also to read your browsing history.
We advise our readers to be careful when installing applications or visiting untrusted websites.
Read More From Sources:
Bitdefender: [Click Here!]
TrendMicro: [Click Here!]

Anonymous Video Statement on GCHQ's War

Recently the Britain’s Government Communications Headquarters (GCHQ) used DDOS attack to disrupt Anonymous' communication channel. As such, the hacktivist released a video statement regarding this issue of GCHQ's war against Anonymous.At the time of publishing, the video already had over 2000 views.
Video


Transcript
Greetings GCHQ, we are Anonymous,
While imitation is the greatest form of flattery, we have some concerns. With tax payer purchased botnet lasers firing on privately owned networks, we have to wonder if the laws and criminal courts will incarcerate those responsible? You try to sail with us, but your fleets can't even comprehend staying afloat. Little leaky boats sunk by the USS Snowden. No longer can you hide behind the "anonymity" of your "Top Secret" document. You really do idolize us, don't you?
The Top Secret slide show states that 80% of users didn't return to IRC a month after your attack on a private network and the conclusion was overwhelmingly 'jolly good, cheerio' at GCHQ declaring it a success.
We don't need to explain to you where the over 9000% of us who are still left went, it is beyond GCHQ's understanding, seemingly. Hint; there are other, better forms of Anonymous communications. Moreover, GCHQ documents reveal that they still do not understand our "idea."
Distributed Denial of Service attacks are illegal in most countries, yet we are sure that the operatives that attacked our private chat network will see no jury or trial because they are the government. When a government takes down a network, it is in the name of freedom and democracy; when citizens do it, it is cyber terrorism. GCHQ, you might have just stirred up something you will not be able to control, making DDoS a valid tool via your example. Thank you. We will also make sure to bring this up in any future court cases involving this form of protest, since GCHQ has validated it as a "technique that can aid in awareness."
Our freedom of conscience, freedom of speech, and right to assembly is covered under the 1948 United Nations Universal Declaration of Human Rights. Blatantly, GCHQ and other western security agencies around the globe disregard our freedoms and the laws their very government set up, yet they use Anonymous' own methods of protest to try and silence us. Dictator much?
We are Anonymous.
We are legion,
We do not forgive,
We do not forget.
Now that we truly know who it was who attacked us,
Expect all of us.

Dubai Police Social Network Accounts Hacked

Hackers from the group TheHorsemen hacked several social accounts of Dubai police. This was announced on the hacking group official twitter account. The hackers posted screenshots of the different social networks they gained access to,namely, Twitter account, Pinterest account, Tumblr account, Linkdin, and what they posted 1hour back is a screenshot of an email.

Beware of cPanel 'Account Verification' Phishing Scam

Website owners and managers, be careful. An email pretending to be from website hosting control system cPanel is at the moment in circulation.The message in the mail goes as follows:
Subject: Your cPanel Account VerificationDear client,
Our Technical Services Department are carrying out a planned software upgrade. Please login to re-confirm your account.
To login, please click the link below:
login.cPanel.net
This instruction has been sent to all our customers and is obligatory to follow.
Thank you,
Customers Support Service.

When users click on the login link, they are sent to a fake website where they are asked to put their cPanel login details. When they click on the 'log in' button, they will receive a message stating that they successfully confirmed their accounts. These credentials are collected by cyber criminals and are used to hijacked websites and accounts to host other fake websites.
We strongly advise our readers not to provide login credentials to untrusted urls.

Source:[Click Here!]

Syrian Electronic Army Hacked Facebook Domain

Through their official Twitter account, SEA announced that they hijacked the Facebook domain. They provided a screenshot of the whois.domaintools.com where it was clearly seen that the domain was registered on the SEA email address.

 The hackers also claimed that they were able to change the Facebook's servers but as it was "taking too much time", they had to abandoned it.

 This was done on the 10th anniversary of Facebook. By the time of publishing, the email was already removed from the Facebook's Domain Registrar, MarkMonitor.

Firefox 27 Fixes 13 Vulnerabilities

A total of 13 security vulnerabilities have been fixed in the latest release of Firefox. These are distributed among 4 critical, 4 high, 4 moderate and 1 low-impact flaws.

Fixed in Firefox 27
  • MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
  • MFSA 2014-12 NSS ticket handling issues
  • MFSA 2014-11 Crash when using web workers with asm.js
  • MFSA 2014-10 Firefox default start page UI content invokable by script
  • MFSA 2014-09 Cross-origin information leak through web workers
  • MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
  • MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
  • MFSA 2014-06 Profile path leaks to Android system log
  • MFSA 2014-05 Information disclosure with *FromPoint on iframes
  • MFSA 2014-04 Incorrect use of discarded images by RasterImage
  • MFSA 2014-03 UI selection timeout missing on download prompts
  • MFSA 2014-02 Clone protected content with XBL scopes
  • MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

We advise our readers using Firefox to update to the latest version.
Source:[Click Here!]

State Bank of Patiala Website Defaced By Pakistani Hackers

Members of The Hackers Army using the codename of THA Disaster and THA xHaxor defaced the website of State Bank Of Patiala. They uploaded a defacement page where the following message was written,
"Free Kashmir..Freedom is our goal .. end the occupation
the Institutionalized impunity with which the killing of civilians by military and Police forces in Jammu Kashmir continues should be  source of shame for India which propagates tobe democracy1
Kashmir doesn’t want militarized governance | Stop killing children,raping women and imprisoning the man they just want Freedom! freedom from the evil of Indian Military.
"

At the time of publishing, the defacement page which they uploaded was already removed. A mirror of it has been provided below.

Website:
https://sbp.co.in/Index.html
Mirror:

Russian Federal Customs Service Website Hacked Again

After hacking Morocco Environmental Department(POPs) website last week and the Thailand Police website the week before, hackers from the hacking group MaXiMiZerS have now defaced the English version website of the Russia’s Federal Customs Service (eng.customs.ru). The hackers uploaded a simple defacement page on which the following was written,
"Owned by Team MaXiMiZerS | Respect Every Women in Russia and do not ban Hijaab for Them |"
At the time of publishing, the defacement page was already removed. A mirror has been provided below so that readers can have an idea how it looked at the time of defacement.
The same website was defaced last year by a Pakistani hacker using the codename of 'khan'.(Here!)
Website:
http://eng.customs.ru/x.html
Mirror:

Beware of 'Image Has Been Sent by Evernote' Malware Email

An email pretending to be from Evernote is at the moment in circulation. It says that an image has been sent to the receiver and invite the user to view the image by clicking on a "Go to Evernote" button. This mail was not send by Evernote. When a receiver clicks on the link, he/she is sent to a compromised website which harbours malware. Users are tricked into downloading and installing infected file to be able to view the "image".
We advise our readers to be careful and to check the urls properly. These malwares harvest personal information once they infect a computer.
Source:[Click Here!]

Visitors

Free counters!

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !