The University of Mauritius Website Defaced By AnonPlus

A hacking group going by the name of AnonPlus has defaced the website of the University of Mauritius. The defacement page had the AnonPlus logo only. This was publish on the official Twitter account of AnonPlus. At the time of publishing, the website was unreachable


Source:[AnonPlus Twitter]

Petya Ransomware Causing Massive Attack

Thousands of computers around the globe have been hit by a new ransomware called Petya. Similar to WannaCry, the new ransomware is using the Ethernal Blue exploit as one of it mean to propagate itself inside network. After infecting the computers, victims are asked to pay $300 in bitcoins to regain access to their machine.
Several high profile firms have already been affected by the new ransomware. In Ukraine, the Ukraine’s central bank, the Kiev Boryspil Airport, Ukrenego electricity supplier, municipal metro, and state telecom have been attacked.

The international logistics company MAERSK has announced on its twitter account it has fallen victim of Petya ransomware.

 Researchers from Hacker Fantastic have noticed that the encryption process takes place after the infected windows device is rebooted. If devices are not powered on again, files will not be encrypted.

University College London (UCL) Suffered a Major Ransomware Attack

The University College London was hit by a major Ransomware attack on June 15 2017. The Ransomware infected personal and shared drives in the network and the UCL's information Security Team is working with the affected users to identify the exact source of the infection.
According to press release of the University, this could be a zero-day attack as the virus did not show any suspicious activity.

"We are continuing to investigate the infection that is affecting UCL users. Our current hypothesis is that the malware infection occurred through users visiting a website that has been compromised rather than being spread via email attachments. However this remains unconfirmed at the moment."

The security team later confirmed that the attack was not via email but by visiting infected website.
"We have continued to analyse the infection across the UCL filestore and the method of infection this is still ongoing. We have not seen any more users affected by the malware. We no longer think the infection came from an infected email but from users accessing a compromised website. Please be vigilant if you notice an unexpected popup or other unusual behaviour when you access a website close the browser and report it to Service Desk."

At the time of writing, the Security team were still restoring the infected drives.
Source: [UCL ISD News]

Beware of Fake Wannacry Protection Apps on Google Play Store

Researchers from MacAfee came across a series of rogue apps on Google store posing as Wannacry protectors. Wannacry is a Ransomware which affects Windows operating system only. But, cybercriminals are taking advantage of the trending topic to trick Android users into installing fake Wannacry protectors on their devices.

These applications are loaded with ads and once installed, they advertise sponsored applications, encouraging users into installing them. These sponsored applications may contain other malware. We advise our readers to follow the tips provided by MacAfee before installing any application:

Be careful what you download
 Don’t download anything for WannaCry protection unless it’s from a trusted security provider. More importantly, if the issue does not affect your type of operating system, don’t download anything you don’t need to.

Read app reviews.
Before you even download an app, make sure you head to the review section of an app store first. Take the time to read the reviews, and keep an eye out for ones that mention that the app is falsely advertised, or has had issues with security. When in doubt, avoid any app that seems remotely fishy.

Use a comprehensive security solution.
Whether the newest cyberattack is after your computer or your mobile devices, make sure you cover all of them with a comprehensive security solution.


WannaCry: The Global Ransomware Attack

By now, the ransomware cyber-attack which started on Friday has infected more than 200 000 computers in 150 countries, and, as per security researchers, this number will continue to rise. The ransomware, which is known as Wannacry, mainly target old or unpatched Microsoft Windows operating system by locking the device. To unlock the device, the user must pay a ransom of $300. This piece of malware lock the computer by encrypting its hard disk, preventing users from getting access to their files. They are presented with a screen where steps of how to decrypt their device is published. Big companies such as British NHS, FedEx and Telefonica have fallen victims of the cyber-attack.

Hackers behind this attack has been using EthernalBlue, an exploit developed by the NSA to identified flaws in Microsoft SMB protocol, and which was leaked in the dark web by a hacking group called Shadow Brokers. Microsoft released an update to patch the vulnerability on its newer version in March. Many users and administrators have failed to apply the updates, making it easier for the ransomware to spread more quickly.  As many small businesses and individuals are still using older version of operating system, Microsoft took an unusual step by releasing updates for Windows XP, Windows 8, and Windows Server 2003 so that all users can patch their system.

We advise our readers to apply the patch released by Microsoft as soon as possible and not to open any files received from an unknown source.

Microsoft Updates Catalogue [Click Here!]

Cybersecurity Seminar by BDO IT Consulting Ltd

There are only two types of company: those that have been hacked, and those that will be.

From anywhere and at any time, hackers can launch a cyber-attack on your organisation. Taking this into consideration, BDO IT Consulting Ltd is organising a full day cybersecurity seminar where, ideas, trends, technology and knowledge will be shared to keep you one step ahead of these attacks.
The key topics which will be discussed in the first session are:
•    Hacking Humans
•    In and Out: Strategies for Preventing, Detecting and Mitigating Cyber Risk
•    Building Cyber Capacity: Market Opportunities and Challenges
•    Bridging the gap between prevention and incident response
And the second session will be a three hours of live attack, where an expert ethical hacker from BDO South Africa Forensic and Cyber Lab will guide the audience through hacking methodologies.

For more details and to register [Click Here!]

Florida Man Pleads Guilty to Attempted Hacking of Clinton Foundation

Timothy Sedlak, a 43 years old man from Florida pleaded guilty on Thursday for attempted hacking of the Clinton Foundation. Sedlak was arrested in 2015 and according to the prosecutors, he launched about 390,000 unsuccessful attempts on the charitable organization's computer network. The police also discovered files of child pornography on his computer and he was sentenced to 42years of imprisonment, separately, by Orlando court

Describing himself as a private investigator, Timothy stated that he was searching whether charities were used to fund Islamic militant groups.

During the proceeding, the prosecutors did not mention the name of the New York-based charitable organization but Reuters managed to get a copy of the filing on February 3.

More can be read from Reuters Here!

Hard-to-Detect Malware Attacking Enterprise Networks

According to Kaspersky Lab's latest report, an "invisible" malware is spreading among banks, telecommunication companies and government agencies. This sophisticated worm uses legitimate system admin and security tools such as PowerShell, Metasploit and Mimikatz to inject malware into computer memory.

This particular malware was first discovered by the security team of a bank. They found a copy of Meterpreter on the physical memory of Microsoft domain controller. Forensic analysis reported that the Meterpreter code was downloaded and injected by using PowerShell commands. It was discovered that the NETSH utility was used for tunneling traffic from the victim's computer to the attacker's server. To run malicious PowerShell scripts, the attackers grabbed credentials from Service accounts with administrative privileges by using Mimikatz.

By now, over 140 enterprises in 40 countries have been affected by the new malware.

Source:[Securelist Blog]

Fined For Sending Embarrassing SMS

A 24 years old driver has been fined Rs 75000 for sending five embarrassing SMS to a bank staff in 2010. He was found guilty of violating the telecommunication law of Mauritius by sending four SMS and making eight phone calls on May 1, 2010.
The plaintiff registered a statement on May 20, 2010 and stated that she was humiliated and demoralized by these SMS. She also added that she did not know the person who send her the messages and that it was a man who spoke to her on the other end of the line. She even had to change her phone number.
Following the judge order, the police were able to get the identity of the SIM card owner. The plaintiff later added that the defendant went to her work place to apologize and begged her to withdraw her complaint.
In court the defendant pleaded not guilty and maintained that he was not the one who sent these SMS. However, he was not convincing and could not provide explanation as the SIM card was registered on his name.

We advise our readers not to register other people's SIM card on their name.

Source: [Defimedia]

HR Targeted Ransomware Campaign

Security researchers from Check Point came across a new Ransomware campaign targeting Human Resource departments. The attack start by an email pretending to be a job application. The email contains a brief message from the applicant and two attachments, a PDF file and an Excel document.

The PDF file is non malicious cover letter which trick the receiver into believing that the email is legitimate. The second document, is a macro-enable Excel file containing a picture of a flower with the word "Loading..." . A text asking the victim to enable the content can also be seen.

 As soon as the receiver enable the content, the macro in the excel document is executed and the encryption process of the files is started, preventing the user from accessing the files. Once encryption is completed, the victim is presented with a note: “YOUR_FILES_ARE_ENCRYPTED.TXT” . 

The device is then automatically rebooted and a fake “chkdsk” screen is displayed while the disk is been encrypted.

After disk encryption, the victim is presented with the below screen where steps to decrypt their disk has been given.

We advise people from HR departments to remain alert. Make sure a robust anti-Ransomware software is running on your device. Scan all downloaded document before opening.

Source: [CheckPoint Blog]

Google Patches 95 Android Vulnerabilities

Google's first Android Security Bulleting for 2017 addresses 95 vulnerabilities in the operating system, among which, 22 were rated Critical. This update is split into two, the 2017-01-01 security patch, which addresses 23 vulnerabilities and the 2017-01-05 security patch level addresses 72 bugs affecting drivers.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

A full list of all the addressed vulnerabilities can be find from official source below.

We advise our readers to update their Android devices.

Source: []

Denial-of-Service Malware Targeting Macs

Security Company Malwarebytes has warned about a new malware which is targeting Macs. The Denial of Service malware hijacks Safari and Apple's Mail applications and automatically creates email drafts continuously until the Mac can no longer handle the task and crashes.
A link is been sent via email addresses and The malware is hosted on different sites such as safari-get[.]com, safari-get[.]net, safari-serverhost[.]com and safari-serverhost[.]net.

Mac users running macOS 10.12.2 (or later betas) are not affected, as Safari detects the attempt to open the Mail app and blocks the unwanted event.

We advise our readers not to open emails from these addresses and to immediately delete them.

Source: [9to5mac]


Free counters!


MauriHackerS - Providing Latest IT Security and Hacking News !