Hackers leak 13,000 Passwords Of Amazon, Walmart and Brazzers Users

Hackers claiming affiliation with the hacktivist group "Anonymous" have allegedly leaked more than 13,000 username and password combinations for some of the worlds most popular websites, including Amazon, Xbox Live and Playstation Network.

The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin (now deleted), on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates.

The news came just a day after the hacker group Lizard Squad compromised Sony’s Playstation and Microsoft’s Xbox Live gaming networks on Christmas day, which is estimated to have affected Xbox's 48 million subscribers and PlayStation's 110 million users, making it a total of more than 150 million users worldwide.

However, data breach of 13,000 users is not the biggest data breach we've ever seen. When millions of passwords are used for sites around the globe, chances are very minor that our’s among those compromised. But still it’s important to note as these accounts come from a variety of online sources and among those, some are really very popular.

The Daily Dot's Aaron Sankin has compiled a comprehensive list of sites associated with the username and password leaks, and discovered that the leaks came from the sites run the gamut from pornography to gaming to online shopping. The list of the compromised websites is as follows:

• Amazon
• Walmart
• PlayStation Network
• Xbox Live
• Twitch.tv
• Dell
• Brazzers
• DigitalPlayground
• and see complete list.

Just to be on a safer side, users are recommended to change their passwords if they have accounts on these compromised websites, and also pay attention to your credit card transactions and if any suspicious activity found, immediately communicate with related banks and financial institutions.

Also, don't use the same passwords for banking and online shopping sites, and always keep an eye out for unusual activities or unauthorized purchases with your accounts.

North Korea Internet partially restored following a 9.5 hours outage

North Korea has regained partial Internet access, following a widespread outage that occurred days after the U.S. vowed to respond to a cyberattack on Sony that was blamed on Pyongyang.

The Korean Central News Agency and the Rodong Sinmun newspaper were back online Tuesday after earlier being inaccessible. It was unclear whether wider Internet service in the North has been restored to its previous levels.

The reason for the massive outage is not yet clear, but it comes just days after President Barack Obama warned the U.S. would retaliate against the North. A State Department spokeswoman, when asked about the situation, declined comment.

However, she did say the U.S. government is discussing a range of options in response to the Sony hacking, some of which, she said, will be "seen" and some that "may not be seen."

Doug Madory, a spokesman for the U.S.-based Internet analysis firm Dyn Research, said the Internet problems in North Korea could be the result of an attack.

Earlier, North Korea had called on the United States to apologize for implicating Pyongyang in the hacking of Sony Pictures and threatened to fight back in a variety of ways, including cyberwarfare.

The National Defense Commission for Pyongyang said in state media late Sunday that the U.S. government was wrong to blame North Korea for the hacking. It also said the claims are groundless.

Meanwhile, China's Foreign Ministry said it does not have enough information to determine whether reports that North Korea used Chinese facilities to stage a cyberattack on Sony Pictures are true.

Foreign Ministry spokesperson Hua Chunying said Monday China is "opposed to all forms of cyberattacks" and would not reach any conclusions without having "enough facts."

However, Hua said China is opposed to attacks on a third party "through making use of the facilities of another country" and is ready to have a "dialogue with other countries."

The United States is in talks with China to possibly help block cyberattacks from Pyongyang

How to disable the WhatsApp blue double check on Android

Android users can now disable the blue double check in WhatsApp. The corresponding update for the app is now available from Google Play.

Do you want to know how to disable it? Follow these steps:

• From the latest version of the app, go to ‘Settings‘
• Then go to ‘Account‘
• Next ‘Privacy‘
• And finally, unselect ‘Read receipts’.

Don’t forget though, that if you disable read receipts, you won’t be able to see when your messages are read either.

What do you prefer?

FBI Officially Blames North Korea in Sony Pictures Hack

Following the high-profile cyber attack against Sony Pictures Entertainment, and continuous threats against  employees and celebrities, the FBI has released an official statement declaring the investigation has lead to “enough information to conclude that the North Korean government is responsible for these actions.”

In a press release issued Friday morning, the FBI listed several factors that lead to its conclusion, including:

• Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks
• The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
• Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

President Obama held a news conference shortly after the announcement, where he was asked to comment on the United States’ proportional response to the attack.

“Our first order of business is to try to prevent those attacks from taking place,” said President Obama. “Everything that we can do at the government level to prevent these types of attacks [we’re doing]. We’re coordinating with the private sector but we’re not even close to where we need to be.We need strong cybersecurity laws that provide for data sharing.”

Without further details, President Obama added a response would come “at a time and place we choose.”

Secretary of the Department of Homeland Security Jeh Johnson also stressed in a statement the high-profile event underscored the importance of good cybersecurity practices to rapidly detect cyber intrusions and promote resilience throughout all networks.

“Every CEO should take this opportunity to assess their company’s cybersecurity,” said Johnson. “Every business in this country should seek to employ best practices in cybersecurity.”

The FBI’s statement comes days after Sony Pictures Entertainment called off its plans to release “The Interview” — a comedy depicting the assassination of North Korea’s leader Kim Jong-un, and after several theaters received threats for intending to show the film

TorLocker ransomware variant designed to target Japanese users

Ransomware is nothing new to Japan. Symantec’s research has found that Japan ranks among the regions that are the most affected by global ransomware attacks. However, no attacks specifically targeting Japanese users have ever been confirmed. That is, until now. In the recent weeks, Symantec has observed a ransomware variant in the wild that was designed to target users who speak Japanese.

Figure 1. Ransomware attacks in November 2014 by region

The ransomware threat in question is a localized variant of TorLocker. The malware encrypts files with certain file extensions on the compromised computer and demands that the user pays in order to decrypt the files. Symantec has confirmed multiple variants of this particular Japanese ransomware threat.

TorLocker has been used in ransomware attacks around the world. The threat is part of an affiliate program, where the program’s operator gives participants the builder to create custom ransomware, access to the TorLocker control panel to track infections, and miscellaneous files to be used in conjunction with the malware. In return, the participants give a portion of the profit from the attack to the affiliate program’s operator.

Infection
The localized variant’s attacks on Japanese users have occurred on compromised websites that commonly host blogs. However, it is also possible that the attacker is renting an exploit kit to automatically compromise victims’ computers by exploiting software vulnerabilities. In one case, a recently compromised site owned by a Japanese publishing company redirected traffic to several domains hosting the Rig exploit kit. This may have ultimately served the ransomware as a payload.

In another case in late November, a blog site was compromised to display a fake Adobe Flash Player installer page.

Figure 2. Fake Adobe Flash Player installer page

If the user clicks on the yellow install button, they are prompted to download and execute a setup file to install the plugin. However, the file does not contain the typical icon used in Flash Player installers. The file is not digitally signed either, which suggests that the installer is a phony.

Figure 3. Icon of the installer downloaded from the fake Flash Player page

Once the setup file is executed, it does not install Flash Player. Instead, it encrypts certain files and displays a message in Japanese in popup window, stating that the computer has been locked. The message then asks the user to pay in order to unlock their files. The demanded ransom ranges from 40,000 yen to 300,000 yen (approximately US$500 to US$3,600).

Figure 4. Pop-up window of the TorLocker ransomware variant targeting Japanese-speaking users

Stay protected
Japan is approaching its week-long New Year holiday. The long break is a perfect opportunity for the attacker to perform its campaign, as many users will likely surf the internet during the time off. Symantec has the following recommendations to avoid or mitigate ransomware infections:

• Update the software, operating system, and browser plugins on your computer to prevent attackers from exploiting known vulnerabilities.
• Use comprehensive security software, such as Norton Security, to protect yourself from cybercriminals.
• Regularly back up any files stored on your computer. If your computer has been compromised with ransomware, then these files can be restored once the malware is removed from the computer.
• Never pay the ransom. There’s no guarantee that the attacker will decrypt the files as promised once they receive payment.

Four key areas of security solutions Singapore companies need to invest in

Singapore is one of the most well developed security markets in Asia/Pacific, and in the age of advanced attacks, organizations need to invest in four key areas of security solutions, according to Gartner, Inc. These four key areas of security solutions include: preventive, detective, retrospective and predictive.

“The key to achieving a strong security posture is to have these four types of security capabilities work well as an integrated, continuously monitored solution, something Gartner refers to as the adaptive security architecture,” said Sid Deshpande, principal research analyst at Gartner.

Organizations in Singapore display a heightened sense of urgency today towards improving their security posture, driven by the following factors:

• Strong efforts by government and regulatory bodies to increase security awareness and drive investment in security innovation
• The new types of risks associated with digital business models
• Highly visible security incidents in 2013 and 2014
• Overall IT spending growth

Gartner predicts that by 2018, 25 percent of corporate data traffic will flow directly from mobile devices to the cloud.

As the majority of consumer facing businesses in Singapore go digital, organizations are looking at investing in mobile and cloud security solutions that can help them mitigate risks associated with digital business.

The high interest areas around security from organizations in Singapore include security monitoring, identity and access management, advanced threat prevention, IoT security, application security, cloud security and GRC, among others.

“2013 and 2014 have seen a slew of merger and acquisition activity in the security space globally, and the increasingly complex nature of threats is driving security providers to fundamentally change the way they address their customers’ security challenges and communicate their message effectively. The renewed security opportunity presented to providers by Singapore enterprises brings with it sales and marketing challenges for security providers,” said Deshpande.

Yahoo! To Shut Down Texas-Holdem Poker Due To Web Security Issues

Just one month after Yahoo began heavily advertising its Texas Hold’em portal in conjunction with fantasy football, Yahoo has announced it is shutting down its online poker site entirely, effective December 31.  Although Yahoo has left open the possibility of launching a new Texas Hold’em game in the future, no further details are yet available.

According to the Yahoo webpage, it will not longer offer its current Texas Hold’em game because “changes in supporting technologies and increased security requirements for our Yahoo web pages” have rendered the game “incompatible, insecure, and no longer functioning correctly.”

While web security is an extremely important issue, it is somewhat surprising to find Yahoo shutting its Texas Hold’em game just one month after it began heavily advertising these game on its fantasy football webpages — the holy grail of young-adult, male advertising space.

If Yahoo had been planning to close these games, it may have been better off selling the ad space to Toyota, Procter & Gamble's Gillette, or one of its other regular fantasy sports advertisers.

Noteworthy in all of this news is that at the bottom of the Yahoo Games Help webpage, Yahoo mentions that it will be working toward the launch of new online games with better cyber-security, and these new games may ultimately include a new form of Texas Hold’em.

In addition, unlike the current Yahoo poker games that require users to purchase chips to enter, Yahoo has indicated that a new game, if launched, would be “free to play” but may offer ‘boosts’ for purchase” — a model similar to Candy Crush.

Unfortunately, the Yahoo’s information page does not discuss whether Yahoo! Poker will allow for prizes if it returns. Yet, if Yahoo is even remotely considering a move in that direction, its upgrade of web security serves absolutely utmost importance.

No doubt, the hosts of the Yahoo Hold-em recognize that much.

But the shutdown still seems odd, given the heavy marketing efforts of Yahoo holdem-poker that so recently predated it.

China-made E-Cigarette Chargers Could Infect Your Computer with Virus

It's better for smokers to quit smoking. Are you using electronic cigarettes (E-cigarettes) instead normal ones? Still, you should quit your smoking habit, because it not only damages your health, but could pose a danger risk to the health of your computer.

E-cigarettes have become the latest vector for hackers to distribute malicious software. E-cigarettes manufactured in China are reportedly being used to spread malware via a USB port to computers when users plug in for charging it up.

The report broke when an executive at a "large corporation" had been infected with malware from an undetermined source after he quit smoking and switched to e-cigarettes made in China, detailed a recent post to social news forum Reddit.

Further investigating the matter, he found that the chargers of the e-cigarettes - bought from the online auction site eBay for $5 - are hard-coded with the malware that infected his workstation despite having latest virus and anti malware programs installed.

"The executive's system was patched up to date, had antivirus 

and anti-malware protection," Reddit user Jrockilla said. "Web logs were scoured 

and all attempts made to identify the source of the infection but to no avail." 

"Finally after all traditional means of infection were covered, IT started looking 

into other possibilities. They finally asked the executive: 'Have there been any changes 

in your life recently?' The executive answered: 'Well yes, I quit smoking two weeks ago 

and switched to e-cigarettes.' And that was the answer they were looking for."

Rik Ferguson, a security consultant for Trend Micro, also considers the matter plausible and says, "Production line malware has been around for a few years, infecting photo frames, MP3 players and more." In 2008, for instance, a photo frame produced by Samsung shipped with malware on the product's install disc, the Guardian reported.

"Hackers are able to exploit any electronic device to serve malware to 

a poorly protected network," Pierluigi Paganini, chief information security officer 

at ID management firm, said in a blog post. 

"Despite the [fact the] idea could appear hilarious, many electronic cigarettes 

can be charged over USB using a special cable or by inserting 

one end of the cigarette directly into a USB port."

The idea is similar to the BadUSB, whose source code was released by the researchers last month on the open source code hosting website Github. BadUSB was capable to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. Ferguson explained that "a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices."

FBI warns of 'destructive' malware in wake of Sony attack

The Federal Bureau of Investigation warned U.S. businesses that hackers have used malicious software to launch destructive attacks in the United States, following a devastating cyber attack last week at Sony Pictures Entertainment.

The five-page, confidential "flash" warning issued to businesses late on Monday provided some technical details about the malicious software that was used in the attack, though it did not name the victim.

An FBI spokesman declined comment when asked if the software had been used against the California-based unit of Sony Corp.

The FBI occasionally issues "flash" warnings to provide businesses with details about emerging cyber threats to help them defend against new types of attacks. It does not name the victims of those attacks in those reports.

The report said that the malware overrides data on hard drives of computers which can make them inoperable and shut down networks.

It is extremely difficult and costly, if not impossible, to recover hard drives that have been attacked with the malware, according to the report, which was distributed to security professionals at U.S. companies.

Crash Your Friends' WhatsApp Remotely with Just a Message

A Vulnerability has been discovered in the wildly popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ‘The Hacker News’.

Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst.

In a video demonstration, they showed that by sending a 2000 words (2kb in size) message in special character set can crash the receiver's app. The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely.

"What makes it more serious is that one needs to delete entire chat with the person they are chatting to in order to get back whatsapp work in normal," Bhuyan told THN in an e-mail.

According to the duo, the reported vulnerability has been tested and successfully works on most of the versions of Android Operating system including Jellybean, Kitkat, and all the below android versions.

Similarly, Any member of your WhatsApp group could intentionally send a specially crafted message to exit people from the group and delete the group. Also, for example, if I don’t want someone to keep records of my chat with them, then I can also send the same message exploit to the person.
The vulnerability has not been tested on iOS, but it is sure that all versions of WhatsApp including 2.11.431 and 2.11.432 are affected with this bug. Also the attack does not work on Windows 8.1.

They have also provided the Proof-of-Concept (PoC) video for the attack, users can watch below.

WhatsApp, bought by Facebook for $19 billion in February this year, has 600 Million users as of October 2014, and according to the researchers, an estimated number of users affected by the vulnerability could be 500 Million.

WhatsApp was in news recently for making end-to-end encryption on all text messages as a default feature in an effort to boost the online privacy and security of its users around the world. The app maker describe this move as the "largest deployment of end-to-end encryption ever."

Twitter to start snooping at which apps you have installed - here's how to opt out

Twitter is set to start peeking on users' iPhones, iPads and Androids in order to see which apps they
have downloaded.

The company will start collecting the list of apps installed on those smartphones and tablets so that it can, in its own words, "deliver tailored content that you might be interested in."

A support article says the additional data collection will allow Twitter to make better recommendations on who to follow, as well as insert content it thinks you will find interesting into your feed.

The new feature, which Twitter has named "app graph," could tie in with the company's recently announced Instant Timeline feature which takes new users' areas of interest and the people their contacts follow, and serves up a feed created for them in order to better personalise Twitter from day one.

By collecting data about other installed apps, the feature would be better positioned to create a more relevant starting timeline.

Of course, the main benefit to Twitter will be the ability to use the collected information to surface more targeted adverts. Or, as Twitter puts it, show you more promoted content it "think[s] you'll find especially interesting."

Twitter says it will only record the list of apps you have installed, not how they are used.

So, for example, Twitter will be able to see that you have Spotify on your phone, but not that you're listening to the same 80s classic over and over and over again.

While entry into the new tracking system is automatic and opt-in by default, Twitter has promised to alert users when the new feature is turned on.

We will notify you about this feature being turned on for your account by 

showing a prompt letting you know that to help tailor your experience, 

Twitter uses the apps on your device. 

Until you see this prompt, this setting is turned off and 

we are not collecting a list of your apps.

If you don't want your apps to be snapped up by Twitter's data gobblers, here's how to turn it off:

Twitter for Android

1. Tap the overflow icon (looks like 3 vertical dots)
2. Choose Settings.
3. Select your account
4. Under Other, turn off Tailor Twitter based on my apps.

Twitter for iOS

1. Tap the Me tab, and then the gear icon
2. Choose Settings
3. Select your account
4. Under Privacy, turn off Tailor Twitter based on my apps.
5. Once you opt out, Twitter says it will remove your app graph data from Twitter and stop future collection.

If you don't yet see the option then Twitter won't have started tracking you yet.

If you want to stop the collection before it's started, Twitter says you can turn on Limit Ad Tracking on your iOS device by going to Settings and Privacy.

If you're an Android user, go to Settings, tap the Google account, choose Ads and then turn on Opt out of interest-based ads.

Layers and Protocols of Internet of Everything Devices

We see the ‘cool’ when we wear or operate our smart TVs and watches and all other smart devices we own. But are we aware of how the data is processed in these devices? And where does the data we get or the data that these devices transmit end up?

Most, if not all, smart devices are connected to the Internet – where the data we send and receive over our smart devices are stored. Before ending up on the Internet, the data passes through several layers:

1. Link layer – where the smart devices sends and shares the data. In this layer, the data is shared among devices via Wi-Fi, Ethernet, RFID, and Bluetooth protocols, among others.
2. Router layer – can also be referred to as the Smart Hub layer. It is the device that connects all of your smart devices to the Internet.
3. Session layer – when you use apps in your smart devices (think FitBit as an example), the data sent and received through these apps are managed in this layer. Both HTTP and HTTPS are the more known protocols used in this layer.
4. Internet layer – can also be called as the Cloud layer. This is where the data ends up. If you use apps that have equivalent Web-based login pages (take fitness monitoring apps such as Runtastic, for example), you’ll see the 101 steps you recorded is ‘pushed’ to your Web profile almost immediately.

Now there is nothing wrong with the way smart devices and the Internet link together. It’s perfectly fine save for one thing: there are risks. The possibility of the Internet layer (where the data is stored) being attacked is highly likely. Password-based attacks – guessing passwords, brute force attacks – can be used to access the Internet layer and steal data. Changing the data that passes through the Session layer by way of man-in-the-middle (MITM) attacks is also possible. Hacking the Link layer, while difficult and low-yield, is also likely.

Be on the safe and smart side of smart devices. There is an infographic Layers and Protocols: Possible Attacks on the Internet of Everything that will walk you through the risks and suggests protection measures you need to know and implement.

Click to enlarge:

Four-year-old comment security bug affects 86 percent of WordPress sites

A Finnish IT company has uncovered a bug in WordPress 3 sites that could be used to launch a wide variety of malicious script-based attacks on site visitors’ browsers. Based on current WordPress usage statistics, the vulnerability could affect up to 86 percent of existing WordPress-powered sites.

The vulnerability, discovered by Jouko Pynnonen of Klikki Oy, allows an attacker to craft a comment on a blog post that includes malicious JavaScript code. On sites that allow comments without authentication—the default setting for WordPress—this could allow anyone to post malicious scripts within comments that could target site visitors or administrators. A proof of concept attack developed by Klikky Oy was able to hijack a WordPress site administrator’s session and create a new WordPress administrative account with a known password, change the current administrative password, and launch malicious PHP code on the server. That means an attacker could essentially lock the existing site administrator out and hijack the WordPress installation for malicious purposes.

“For instance, our [proof of concept] exploits first clean up traces of the injected script from the database,” the Klikki Oy team wrote in a blog post on the vulnerability, “then perform other administrative tasks such as changing the current user's password, adding a new administrator account, or using the plugin editor to write attacker-supplied PHP code on the server (this impact applies to any WordPress XSS if triggered by an administrator). These operations happen in the background without the user seeing anything out of the ordinary. If the attacker writes new PHP code on the server via the plugin editor, another AJAX request can be used to execute it instantaneously, whereby the attacker gains operating system level access on the server.”

The current version of WordPress (version 4.0), which was released in September, is not vulnerable to the attack. However, WordPress issued a security update to version 4.0 last week to address unrelated cross-site scripting issues.

Android ransomware 'Koler' turns into a worm, spreads via SMS

A malicious Android app that takes over the screen of devices and extorts money from users with fake notifications from law enforcement agencies was recently updated with a component that allows it to spread via text message spam.

Known as Koler, the ransomware Trojan has been on malware researchers' radar since May when it started being distributed through porn websites under the guise of legitimate apps. A new variant of the threat found recently by researchers from security firm AdaptiveMobile spreads through SMS messages that attempt to trick users into opening a shortened bit.ly URL.

Once installed on a device, Koler opens a persistent window that covers the entire screen and displays a fake message from local law enforcement agencies accusing users of viewing and storing child pornography. Victims are asked to pay a "fine" using MoneyPak prepaid cards in order to regain control of their phones.

The Koler ransomware is capable of displaying localized ransomware messages to users from at least 30 countries, including the U.S., where the impersonated law enforcement agency is the FBI.

The new version found by AdaptiveMobile sends a text message to all contacts in the victim's address book. The message reads: "someone made a profile named -[the contact's name]- and he uploaded some of your photos! is that you?" followed by a bit.ly URL or a similiar URL shortened link:

The URL points to an Android application package file called IMG_7821.apk that's hosted on a Dropbox account. When installed, this application uses the name PhotoViewer, but is actually the ransomware program.

Due to the Worm.Koler's SMS distribution mechanism, a rapid spread of infected devices since the 19th of October is observed, which is believed to be the original outbreak date.

During this short period, several hundred phones that exhibit signs of infection have been detected across multiple US carriers. In addition to this, other mobile operators worldwide -- predominantly in the Middle East, have been affected by this malware.

The best protection against ransomware threats like Koler is to have the "unknown sources" option turned off in the Android security settings menu. When this setting is disabled -- and it typically is by default -- users won't be able to install applications that are not obtained from the official Google Play store. Some users do turn this option on though, because there are legitimate applications that are not hosted on Google Play for various reasons.

Koler does not encrypt users’s files, for this reason it is easy for users to eliminate it from infected devices. Below the instructions to remove the malware:

• Reboot the mobile device in the “Safe Mode“
• Remove the malicious ‘PhotoViewer‘ app using standard Android app uninstallation tool

Instructions on how to reboot the device in safe mode should be available in the phone's manual, but it generally involves pressing and holding the power button until the power menu appears, then tapping and holding Power Off until the option to reboot in safe mode appears.

As of 24 Nov, this worm has reached the shores of Singapore, as reported in a popular local forum.

Symantec Uncovers Sophisticated, Stealthy Computer Spying Tool

Computer security researchers at Symantec say they have discovered a sophisticated piece of malware circulating the world that appears to be used for spying at Internet service and telecommunications companies, and was likely created by a government agency. And while its origin is unclear, a short list of capable countries would include the U.S., Israel and China.

The research, published today, comes from the same team at Symantec that four years ago helped discover and ferret out the capabilities of Stuxnet, the world’s first digital weapon. It is believed to have been created by the combined efforts of the U.S. and Israel and used to sabotage the Iranian nuclear research program.

The team has dubbed this newly found Trojan “Regin” according to a Symantec blog post, and they are describing it as a “complex piece of malware whose structure displays a degree of technical competence rarely seen.” They say the tool has an “extensive range of capabilities” that provides the people controlling it with “a powerful framework for mass surveillance.”

The researchers said Regin has been used in what appears to be an ongoing spying operation that started in 2008, stopped suddenly in 2011, and then resumed in 2013.

The campaign was carried out against government organizations, businesses, researchers and private individuals. About 100 Regin infections have been detected, the researchers said, with most — a combined 52 percent — in Russia and Saudi Arabia. The remainder have occurred in Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. No infections have yet been detected in the U.S. or China.

Symantec was first made aware of Regin after customers discovered parts of it and sent the code for analysis. “We realized there was more to what was sent us than was readily apparent and went back to investigate further,” said Liam O’Murchu, one of the researchers. Symantec security software can now detect it, he said.

The quality of Regin’s design and the investment required to create it is such that it was almost certainly made by a nation-state, said O’Murchu. But asked to speculate which nation-state, he demurred. “The best clues we have are where the infections have occurred and where they have not,” he said in an interview with Re/code. “We know it was a government that is technically advanced. … This has been a huge spying campaign dating back at least to 2008 and maybe even as early as 2006.”

It doesn’t take much of a leap to wonder out loud if the U.S. National Security Agency or the Central Intelligence Agency, perhaps working with Israel, might be the source, especially given the list of countries targeted. However, there are other possible sources, including China.

There is still a lot about Regin that’s not known. (And for more technical detail on what is known, there’s a 21-page white paper here.) There are pieces of it, O’Murchu said, that haven’t yet been found and examined. But here’s what understood so far:

Regin attacks systems running Microsoft Windows. It attacks in stages and requires five pieces. Only the first stage is detectable– it opens the door for the subsequent stages, each of which decrypts and executes the following stage. In this way it’s similar to Stuxnet and its sibling Trojan, Duqu which was designed to gather intelligence on a target by stealing massive amounts of data.

Nearly half of all Regin infections occurred at Internet service providers, the targets being the customers of those companies. Other companies attacked included telecom providers, hospitality companies, energy companies, airlines and research organizations.

How the malware spreads is also a mystery. In one case — but only one — the infection was carried out by way of Yahoo Instant Messenger. In other cases, Symantec believes victims were tricked into visiting spoofed versions of well-known websites. “Other than that one example, we have no firm information on how it has been distributed,” O’Murchu said.

Once a computer has been compromised, Regin’s controllers can load it up with whatever payload is needed to carry out the spying operation. Said Symantec: “Some custom payloads are very advanced and exhibit a high degree of expertise in specialist sectors,” say something that’s specifically geared toward spying on an airline or an energy company. This is “further evidence of the level of resources available to Regin’s authors,” the company said.

There are dozens of these payloads. One seen in several cases is a remote access tool, or RAT, which gives an attacker the ability to take control of a computer remotely — copy files from the hard drive, turn on the Web cam, turn on the microphone. RATs are also good for capturing keystrokes, a good way to steal passwords. Some of the more advanced payloads seen on machines compromised by Regin include software to monitor network traffic and a tool to manage mobile phone base stations.

Exceptional effort was made by its creators to prevent Regin and its communications to its handlers from being detected. “Even when its presence is detected, it is very difficult to ascertain what it is doing,” said Symantec.

Several pieces of Regin are still circulating and are as yet undiscovered, O’Murchu said. He hopes that with the publication of Symantec’s findings, more information from other researchers will come to light.

If You Didn’t Change The Default Password On Your Security Camera, Someone’s Probably Watching It Stream

Remote access has been a boon to many industries. Home security cameras, for example: not only can you keep an eye on your property in case anything bad happens, but you can do it in real-time, instead of reviewing footage after the fact. But cameras protecting the security of your home may in fact need a serious security helper of your own. And running tens of thousands of searchable livestreams from unwitting camera owners who didn’t change default the access passwords on their devices is certainly one (unethical, intrusive) way to make the point.

One site does exactly that, as Vice reported recently. The site runs live streams of feeds from tens of thousands of IP cameras around the world.

Users buy the devices — think nanny cams, baby monitors, and home security — to keep an eye on their families, valuables, and property. But with poor security practices, anyone and everyone else can keep an eye on your goods, too.

Cameras designed to be accessed remotely, as these are, have passwords. And they ship with default passwords, that users are supposed to change during the set-up processes. Only, many users don’t. (Even when they do, admittedly, people are often objectively terrible at passwords.) That makes it easy for someone with an idea for a website to come along and write a script that looks for cameras on the internet, then tries the default password on them and adds the feed to a public collection if that password works.

Despite running ads and generating revenue, security is the real point the site is making, its owner told Vice. “Most people still do not know about the problem,” they wrote in an e-mail, and so nobody has yet asked to have their camera removed from the collection. “Only [the website] can prove the scale of the problem,” the administrator added. “This problem was in darkness for many years.”
Vice then goes on to look at how ethical hackers — the so-called “white hat” set — expose software vulnerabilities and then share their information with the companies that made the vulnerable products. It’s a common pastime for network security experts and for security companies. (When done by the latter, it’s not entirely altruistic: if you can point out a security hole, you can point out the need for someone to buy your services to fix it.)

The person or group behind this particular website, Vice concludes, isn’t exactly one of the good guys; they’re doing something both illegal and unethical. But this particular camera-sharing website, though troubling, isn’t really the root problem. It’s just one symptom of a massive, much larger, much deeper issue.

As everything gets “smart,” mobile, remote-accessible, and connected, security becomes an ever-deeper challenge. Sophisticated hackers will probably always be able break their way into certain lucrative systems, just as criminals will always try to rob physical banks. But millions of cracks, hacks, and break-ins aren’t even the purview of sophisticated hacking operations: they’re just the result of plain bad security that end-users — we home consumers — didn’t even know needed fixing. It’s not about how to protect your bank vault from Bonnie and Clyde; it’s about knowing the cash should go in a vault in the first place, and not simply be left in piles on the lawn.

Commandeered cameras are incredibly intrusive, but as far as poor default security goes, they’re only the tip of the iceberg.

Every wifi router ships with a default password, and it’s super easy to look those up by make and model. Securing your router, on the other hand, takes more work.

Your remotely-accessible multifunction printer might use a weak default password or in fact not have a password at all, meaning anyone with know-how could get in. Like a wandering security expert who hacks it to run video games… or someone less ethical, installing something worse as a gateway to the whole network.

A common default password can get you into a cash-filled ATM, where you could presumably then commit actual bank robbery.

At least, though, we all have a vague association with “network” and “security” when it comes to our
routers, even if we’re bad at implementing it, and we know that banks need strong network security to protect their customers and their transactions. But security applies to everything that uses an internet connection.

From heating to cooling, homes are getting ever more connected. When your whole house goes smart, Bradbury-style, that means your whole house is vulnerable. Last year, one Forbes contributor explained how she was able to access everything from televisions to light switches to hot tubs in complete strangers’ homes.

Home appliances — from TVs to refrigerators — have already been unwitting participants in spam-sending botnets. Spam e-mail is annoying but comparatively harmless. Future intrusions, though, might not be.

Any company making connected devices that can receive, transmit, or share data needs to be stepping up their security game. Anything and everything should clearly require passwords and should require on first use that owners change those passwords to something reasonably secure, for a start.

But until then, the burden remains on individuals. Any time you buy or install a device that in any way connects to the internet? Look up how to keep it secure. And use a good password when you do.

WhatsApp Messenger Adds End-to-End Encryption by Default

Good news for all Privacy Lovers! Finally the wildly popular messaging app WhatsApp has made end-to-end encryption a default feature, stepping a way forward for the online privacy of its users around the world.

WhatsApp, most popular messaging app with 600 Million users as of October 2014, has partnered with Open Whisper Systems to boost its privacy and security by implementing strong end-to-end encryption on all text messages.

The strong end-to-end encryption here means that even Mark Zuckerberg himself can't pry into your conversations, even if asked by law enforcement officials. The app maker describe this move as the "largest deployment of end-to-end encryption ever."

The Open Whisper System is a non-profit software organisation started by security researcher Moxie Marlinspike, who is behind the development of TextSecure app used for encryption. Over the past three years, his team has been in the process of developing a 'modern, open source, strong encryption protocol' for messaging service, which is now being incorporated into Whatsapp.

A simplified picture of how OTR protocol works, courtesy of WhisperSystems

There are some limits to WhatsApp's end-to-end encryption, as so far, it only works on Android platform (with iOS coming soon) and covers only one-to-one messages, not group messages. Also the app is now open to potential man-in-the-middle (MitM) attacks because there's no way to check or verify the identity of the person you are messaging.

WhatsApp was bought by Facebook for $19 billion in February. The popular app has been criticized over the years for a series of security and privacy issues. But after the announcement of this rollout, it has been praised over the internet by security folks.

Other encryption messaging apps do exist currently, including Cryptochat, Silent Text and Telegram, but according to the Verge, WhatsApp will be the largest to implement this type of end-to-end encryption ever.

Open Whisper Systems is a company built from open source contributors and a dedicated team to advance "state of the the art" secure communication, and is best known as the developer of the Signal, Redphone, and TextSecure apps.

The Hacker’s New Best Friend Could be Your USB Port

It’s tiny and portable, yet perfect for storing large items. I’m talking about the good ol’ Universal Serial Bus (a.k.a USB) drive, the giveaway of choice at tradeshows across the world, and perfect for the easy storage and transfer of photos, documents, music and more. But you might want to think twice before plugging a free USB into your machine. The reason: USBs can now contract an undetectable - and unfixable - virus that can be spread quite easily.

News of this potent malicious software (often referred to as malware) has circled around the information security industry since researchers Karsten Noh and Jakob Lell described their new attack to a packed room at this year’s Black Hat security conference in early August.

The malware, dubbed BadUSB, can take over a computer, as well as redirect Internet-bound traffic to different site. But BadUSB’s danger doesn’t lie with its ability to execute code—this type of malware, called auto-run (because it runs automatically when the USB drive is inserted into your device), has been around for some time now. The danger lies with its ability to never be detected. BadUSB exploits how the USB standard was built and coded, and mixes malware with the device’s firmware—the code that tells the USB stick how to work. This intermingling of code makes the malware indistinguishable from normal, safe firmware.

Because of the danger this particular form of malware posed to the public at large, the pair refrained from releasing the code to attendees. That reasoning, however, didn’t sit well with another pair of researchers, who did publish the infectious malware after reverse engineering it. The malware that freaked out two security researchers enough to make them refrain from publishing their work is now out in the open.

USBs, long considered secure (perhaps incorrectly), are now major liabilities to consumers everywhere. So the question now is, should you be worried?

The answer is yes and no.

The good thing about this malware variant is that it’s isolated to just USB devices. But that’s also its danger: USB devices are so ubiquitous that consumers typically don’t pay them any attention—the best sort of attack vector hackers could hope for. Hackers could also hide this malware within a larger package and could, theoretically, infect a computer that would subsequently infect any and all USB devices that connect with that machine—thereby spreading the malware even further. All in all it’s pretty bad news.

So why did these researchers knowingly, and publicly, publish such dangerous malware? Because they want to see this security issue fixed, and the only way they’re convinced it’ll be fixed is by lighting a fire under USB manufacturers.

They’re not entirely wrong, either. Manufacturers, largely for business reasons, have been notoriously slow in fixing security issues (called patching), and USB drives are no different. By publicly making this code available, the pair of researchers will deny USB manufacturers the ability to claim that they weren’t aware of security vulnerabilities on USB. That knowledge, it’s theorized, will drive better security further down the road.

Publishing this code was well intentioned, and, truthfully, is a fairly standard practice in the information security industry. But this particular malware is going to cause a lot of headaches for quite a few years (likely a decade). So what can you do to protect yourself while this newfound attack vector is out in the wild? Well there are a few options available:

• Use caution with free USB drives.
  A lot of companies like to go to major conferences and events and hand out free USB drives. This is bad security practice. Free USBs have always carried the risk of being preloaded with malware, and now the risk has doubled. You don’t have to turn down free USBs drives, but you do have to be conscious of the risk you’re running when you don’t know where that USB has been. If you’re uncertain if a USB is safe, run a scan.
  
• Lock down your computers.
  USBs have long been a reliable method of compromising computers. All it takes is an unknowing person to plug a USB drive into a port, and the damage is done. Never leave your computer sitting out in a public place where someone could access your USB port.
  
• Use comprehensive security.
  Between USB devices, computers and mobile phones - all the technology we own is a security risk. So how can you minimize the likelihood of getting infected by malware? By using a comprehensive security service, which provides a comprehensive shield against malware, phishing attacks and a variety of other nasties aimed at compromising your digital life. Such software also automatically scans USBs when they’re connected to your computer, for known malware. This is a step you cannot afford to skip in the protection of your valuable information.

Windows Phone 8.1 Hacked

Do you wanna hack Nokia Lumia phone running the latest mobile operating system Windows 8.1 ? Hackers have made it very easy for you all!

Just few weeks after Microsoft announced a 19 year-old critical security hole existed in almost every version of its Windows operating system, XDA-developers have discovered a new vulnerability in Microsoft’s youngest OS Windows 8.1 that could easily be exploited by hackers to hack a Nokia Lumia phone.

XDA Developers hacker who go by the name DJAmol has found a wide open hole in OS Windows Phone 8.1 which makes the operating system very easy to hack. The vulnerability allows attackers to run their application with other user's privileges and edit the registry.

DJAmol realized that simply by replacing the contents of a trusted OEM app that has been transferred over to the SD card, the app will inherit the privileges of the original app. Once done, an attacker could then delete the existing directory and create a new directory with the same name as the original App.

As a result, the third party registry editor app will gain full access to the Info and Settings in the app itself. This how the hack can be implement in a few simple steps prescribed by XDA-developers in a blog post.

• Develop your own application package and deploy it on the target device.
• Install an any application such as “Glance Background Beta” from the Window Phone app Store.
• Delete all folders under the targeted directory of the installed app, in this case, Glance background.
• Now copy the contents of your own deployed package and paste it on the targeted directory. This implies replacing the “Program Files” of the installed app with your package files.
• Finally launch the App which will run in OEM (Glance Background beta) directory using the privileges of the targeted App.

The hack is very simple and easy to implement because all it need an application from the Window app store. But thankfully, the hack has not yet escalated to a full interop unlock, as the applications which are allowed to be moved to the SD card have limited access.

XDA developers forum reported the vulnerability to the Microsoft and also warned them that the vulnerability could give higher privileges to the attackers if tried using a First Party Application, rather a third party app. By the time, we can just wait for a response from Microsoft’s part to prevent it from getting more serious.

Suspected WireLurker malware creators arrested in China

Beijing police have arrested three people suspected of developing the “WireLurker” malware that may have infected as many as hundreds of thousands of Apple users.

Local authorities arrested the three suspects on a tip from Chinese security company Qihoo 360 Technology, the Beijing police’s Internet security team said Friday.

The three suspects, surnamed Chen, Li and Wang, were detained Thursday and charged with creating and spreading the malware, the police said in a post on its official Sina Weibo account. The police did not publish the full names of the suspects. It's ironic that China, believed to be one of the largest state sponsors of organized cyberattacks against the Western world, moved so quickly to arrest the creators of WireLurker

The malware appeared to victimize Chinese users only, and didn't have a widespread presence outside of the country. The suspects had conspired to create WireLurker as a way to gain illegal profits, and used a Chinese third-party application store called Maiyadi to spread the malware, the police added. The Maiyadi site has also been shut down.

WireLurker made headlines last week, after researchers at Palo Alto Networks discovered the malware and found that it could collect call logs, phone book contacts, and other personal information from Apple mobile devices.

Qihoo 360 Technology traced the malware back to Maiyadi, a Chinese site devoted to Apple news that also offers downloads of iOS apps and Mac software.

The malware spreads when users download an infected Mac application to their desktops or laptops. It then will go on and try to infect iOS devices once they’ve connected to the Mac via a USB cable.

About 467 Mac desktop applications infected with the malware were discovered at Maiyadi. WireLurker had yet to progress beyond collecting users’ data, Palo Alto Networks said last week.

Apple was quick to act, and said it had blocked the infected apps from launching on users’ systems. Apple did not specify how it stopped the apps from launching.

#ClickSmart Tip!

Think your computer is immune to viruses? Think again! #ClickSmart this season to keep all your holiday cheer. 

How To Find And Remove WireLurker Malware From iPhone, iPad

The WireLurker Malware is the malware which is badly affecting iPhone and iPad. This malware has hit many iOS and OS X devices in China already.Therefore, most of the users across the globe are little worried about the security of their device.

Known to exist as a threat in China for now, but if you think you’re infected by WireLurker, then here’s how you can remove it before it does any damage.

If you’re jailbroken and believe that you’re affected by WireLurker, then follow the steps which are outlined below. But be warned, the steps might be a little complicated for some users, and if you feel that you don’t want to go through the tedious process, then simply do a clean restore of your iPhone, iPad or iPod touch using iTunes on the latest currently available public iOS release.

For Jailbroken Users
Step 1: Make sure you have iFile installed from Cydia, or the capability to SSH into your iOS device to access system directories.
Step 2: Navigate to /Library > /MobileSubstrate > /DynamicLibraries.
Step 3: Here, look for a file named sfbase.dylib, and if found, you know your device is infected.

However, if no such file exists, breathe a sigh of relief.

Normally one would perceive deleting this file as a removal of the threat that WireLurker is, but it is recommended that you do a complete restore of your iOS device from iTunes.

For Non-Jailbroken Users
Although there’s no way you can be infected by WireLurker at this point, considering Apple has placed in appropriate security measures, but, there’s a possibility that you conceived the malware a while back before the Cupertino giant took action. And if you believe that you’re infected, and don’t happen to be jailbroken, then read on.

Step 1: Open the Settings app and go to General > Profile.
Step 2: Check for any anomalous profile listed here, and if you find one delete it.

Step 3: Check all installed apps for strange behavior, and delete all strange or suspicious ones that you find installed.

Again, it is highly recommended that you do a complete restore of your iOS device from iTunes till a more effective and sure fire solution comes up.

If you found this guide helpful, then do share it with your friends too, in order to make them safe and secure too.

The iPhone WireLurker malware - what you need to know

There’s a scary new piece of malware that collects call logs, phonebook contacts and other sensitive information from Apple iPhones and iPads. Should you be worried?

The malware was first discovered by researchers at Palo Alto Networks who dubbed it WireLurker and said it exhibited behavior that had never been seen before in malicious software targeting Apple’s platforms.

It works by infecting software downloaded from the Web into a desktop or laptop computer. Once installed, the malware waits for an iPhone or iPad to be connected via USB, then it scans the mobile device to see what software it contains. If a target app is installed, it copies the app from the mobile device to the desktop or laptop PC, infects the app and then copies it back.

Once infected, the malware appears to collect data from the user but, to date, no other malicious activity has been discovered, said Palo Alto Networks.

For hundreds of millions of Apple iOS users, malware is a scary prospect. The platform has seen so few attacks that many users don’t run antivirus software.

If you’re one of them, you probably don’t have much to worry about from WireLurker.

The primary route of initial infection has been through several hundreds apps offered through a third-party Chinese software site called Maiyadi, so if you’ve kept away from that you’re almost certainly safe.

Secondly, the malware primarily targets iPhones that have been “jailbroken”—that is had some of their security removed so certain apps can be run on them. There is a version that targets conventional iPhones and carries an Apple digital security certificate, but researchers say even that version requires that users approve it before it runs.

And finally, it targets popular Chinese apps like Taobao, Alipay or Meitu, so if you’re not running those, you have another layer of protection.

Palo Alto Networks estimates several hundred thousand iPhone and iPad users have nonetheless been infected.

For the rest, Apple has blocked affected apps so that should halt infection this time.

The limited nature of the security problem might turn out to be a blessing in disguise. Engineers at computer security companies and Apple will be able to analyze the way WireLurker works and prevent similar malware from spreading the same way in the future.

Chinese iOS devices fall prey to invasive WireLurker malware

Researchers at Palo Alto Networks said they’ve discovered an impressive malware attack against Apple devices, which for now appears to be limited to users of a Chinese application store.

The campaign revolves around infecting Mac OS X applications with “WireLurker,” which collects call logs, phone book contacts and other sensitive information on Apple mobile devices.

Some 467 Mac OS X applications offered on a Chinese third-party application store called Maiyadi were found to have been seeded with WireLurker, including “The Sims 3,” “International Snooker 2012” and “Pro Evolution Soccer 2014,” according to Palo Alto’s research paper.

Over the last six months, those applications and others have been downloaded 356,104 times ”and may have impacted hundreds of thousands of users,” the paper said.

Apple advises that users stick to downloading applications from its App Store, which it closely vets, and stay away from third-party stores for security reasons.

It would appear some people turn to the Maiyadi store because it offers applications for free, said Ryan Olson, intelligence director for Palo Alto Network’s Unit 42, the company’s threat intelligence branch.

Palo Alto analyzed three versions of WireLurker, each of which were improvements on the previous one, Olson said in a phone interview Wednesday. But it doesn’t appear the WireLurker attack progressed beyond collecting data from mobile devices.

“We think we sort of caught someone developing the attack, and they haven’t gotten to the point of launching the full attack,” Olson said. “From our perspective, it still looks like an information gathering operation.”

The WireLurker attack is notable for how it leverages desktop Mac applications as part of the attack on iOS. If someone downloaded a Mac OS X desktop application from Maiyadi, WireLurker came along with it.

WireLurker then waits for when an iOS device is connected by a USB cable. A second version of WireLurker checks if the Apple device was “jailbroken,” the term for removing restrictions that Apple uses to prevent users from running applications it has not approved.

Then it would look to see if applications such as Taobao, Alipay or Meitu, a photo editing application, were installed, Olson said. If so, it would copy the application to the desktop Mac, infect it with WireLurker and copy it back to the device.

The third iteration of WireLurker targets iOS devices that are not jailbroken as well. In that version, WireLurker used a digital certificate that Apple issues to enterprise developers so they can run their own applications in-house that do not appear on the App Store.

Using the digital certificate means iOS would allow a third-party application to be installed, although it would display a warning to users, Olson said. If a user approves the installation, WireLurker could be installed along with a legitimate application.

Olson said Palo Alto Networks has been in contact with Apple in the last few days, which is now aware of WireLurker.

“There’s no vulnerability here for them to patch, but they certainly want to be aware of malware and how it works,” Olson said.

Apple could first revoke the enterprise digital certificate that WireLurker’s creators are using, Olson said. The company could also issue an update to detect WireLurker in XProtect, Apple’s antivirus engine, he said.

7 Things About Android Lollipop 5.0 You Need To Know

After offering chocolate (Kit-Kat), now Google is ready to serve you Lollipops. Google on Wednesday finally revealed the official name of its next version Android L - Android 5.0 Lollipop.

The newly released Android 5.0 Lollipop ships with the latest Motorola-made Nexus 6 smartphone and Nexus 9 tablet built by HTC, but the company did not make the Lollipop available for download to other users immediately. The older versions of Nexus devices will receive the Lollipop update in the coming weeks.

Lollipop features some significant changes to the Android platform with a sleek new user interface, cross platform support and improved performance via the new ART runtime engine. The operating system also offers better battery life, improved notifications, OpenGL ES 3.1 and 64-bit support, among other features.

Here are some most notable features of Android 5.0 Lollipop, along with some insight as to when you might be able to get your hands on it.

Google describes Lollipop as "the largest Android release yet," with more than 5,000 new APIs. So from the developer’s perspective, there is a lot for developers to explore. Technically, the release brings Android up to API level 21.

1) MATERIAL DESIGN
Lollipop features a redesigned User Interface, which is referred to as Material Design, in which Google made extensive use of animations and layered elements to deliver what it promises.
The material design interface runs on multiple types of devices, including everything from your smartphone and tablet to your laptop and TV. The new interface supports elevation values, real-time shadows and lighting that gives a 3D appearance overall.

2) SECURITY IMPROVEMENTS
With Lollipop, Security gets enhanced as well, since it comes with encryption turned on by default in order to protect users’ data from being accessed on lost or stolen devices.
Most importantly, now you are free to share your devices with any of your friends, as Lollipop offers you guest user mode, where you can create multiple user accounts to enable your friends to log in on your device. Therefore, in both the cases, no one will be able to access your private files.

3) ANDROID SMART LOCK
For an extra layer of security, there is an Android Smart Lock, which makes it easier to unlock your phone without having to constantly enter a pin or trace a pattern. Android smart lock secures your phone or tablet by pairing it with a trusted device like your Android smartwatch, car, or even facial expressions.

For example, your Android Lollipop device will recognize your Smart watch and let you unlock your phone by simply tapping the power button. The company has also enforced the SELinux security module for all apps to give better protection against vulnerabilities and malware.

4) NOTIFICATIONS ENHANCEMENT
Notifications also get enhanced with the new OS, as of now you’ll be able to rank them based on your priorities. You can now view and respond to messages directly from your lock screen, and also could hide notifications for sensitive contents by turning on Priority mode through your device’s volume button.

You can also choose to avoid calls from interrupting the game you are playing or the movie you are watching. You can also see a more complete list of features here; scroll down to the bottom and click the “See All Features” link.

5) KILL-SWITCH IMPROVEMENT
Among lots of other features of Lollipop, Google is supporting a “kill-switch” to make stolen phones unusable through what it is calling “Factory Reset Protection.”
Essentially, it requires a password before a phone can be reset, ideally preventing thieves and intruders from making use of stolen phones.

6) RUNTIME AND PERFORMANCE BOOST
Users will experience a faster, smoother and more powerful computing with Lollipop. ART, an entirely new Android runtime, improves application performance and responsiveness as well. The new Android is ready for the 64-bit era, as it comes fully prepared to support a full 64-bit environment.
Supports 64 bit devices that brings desktop class CPUs to Android
Support for 64-bit SoCs using ARM, x86, and MIPS-based cores
Shipping 64-bit native apps like Chrome, Gmail, Calendar, Google Play Music, and more
Pure Java language apps run as 64-bit apps automatically

7) BATTERY LIFE
Last but not least, Android Lollipop is expected to bring some serious battery improvements to your mobile devices via Google’s Project Volta. The software will benefit you from a Power Saving mode that detects when your handset’s battery life is low, the app can automatically reduce CPU load and display brightness.

According to Google, the feature can get you an additional 90 minutes when you are running low, which is a lot of power when you are running on empty. The feature also displays an estimated time left to fully charge when your device is plugged in as well as time left on your device before you need to charge again.

YouTube Ads Lead To Exploit Kits, Hit US Victims

Malicious ads are a common method of sending users to sites that contain malicious code. Recently, however, these ads have showed up on a new attack platform: YouTube.

Over the past few months, Trend Micro has been monitoring a malicious campaign that used malicious ads to direct users to various malicious sites. Users in the United States have been affected almost exclusively, with more than 113,000 victims in the United States alone over a 30-day period.

Recently, they saw that this campaign was showing up in ads via YouTube as well. This was a worrying development: not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views – in particular, a music video uploaded by a high-profile record label.

The ads observed do not directly lead to malicious sites from YouTube. Instead, the traffic passes through two advertising sites, suggesting that the cybercriminals behind this campaign bought their traffic from legitimate ad providers.

In order to make their activity look legitimate, the attackers used the modified DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.)

The traffic passes through two redirection servers (located in the Netherlands) before ending up at the malicious server, located in the United States.

The exploit kit used in this attack was the Sweet Orange exploit kit. Sweet Orange is known for using four vulnerabilities, namely:

• CVE-2013-2460 – Java
• CVE-2013-2551 – Internet Explorer
• CVE-2014-0515 - Flash
• CVE-2014-0322 – Internet Explorer

Based on Trend Micro's analyses of the campaign, they were able to identify that this version of Sweet Orange uses vulnerabilities in Internet Explorer. The URL of the actual payload constantly changes, but they all use subdomains on the same Polish site mentioned earlier. However, the behavior of these payloads are identical.

The final payloads of this attack are  variants of the KOVTER malware family, which are detected as TROJ_KOVTER.SM. This particular family is known for its use in various ransomware attacks, although they lack the encryption of more sophisticated attacks like Cryptolocker. The websites that TROJ_KOVTER.SM accesses in order to display the fake warning messages are no longer accessible.

Users who keep their systems up to date will not affected by this attack, as Microsoft released a patch for this particular vulnerability in May 2013. We recommend that read and apply the software security advisories by vendors like Microsoft, Java, and Adobe, as old vulnerabilities are still being exploited by attackers. Applying the necessary patches is essential part of keeping systems secure. Backing up files is also a good security practice to prevent data loss in the event of an attack like this.

In addition to blocking the files and malicious sites involved in this attack, Trend Micro's browser exploit prevention technology prevents attacks that target these vulnerabilities.

With additional insight from Rhena Inocencio (Threat Response Engineer), the following hashes are detected as part of this attack:

09BD2F32048273BD4A5B383824B9C3364B3F2575
0AEAD03C6956C4B0182A9AC079CA263CD851B122
1D35B49D92A6E41703F3A3011CA60BCEFB0F1025
32D104272EE93F55DFFD5A872FFA6099A3FBE4AA
395B603BAD6AFACA226A215F10A446110B4A2A9D
6D49793FE9EED12BD1FAA4CB7CBB81EEDA0F74B6
738C81B1F04C7BC59AD2AE3C9E09E305AE4FEE2D
A1A5F8A789B19BE848B0F2A00AE1D0ECB35DCDB0
A7F3217EC1998393CBCF2ED582503A1CE4777359
C75C0942F7C5620932D1DE66A1CE60B7AB681C7F
E61F76F96A60225BD9AF3AC2E207EA340302B523
FF3C497770EB1ACB6295147358F199927C76AF21

Google has been about this incident.

Nearly 7 Million Dropbox Account Passwords Allegedly Hacked

Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening, The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world.

Dropbox, the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files.

HACKERS CLAIMED TO RELEASE 7 MILLION USERS’ PERSONAL DATA
A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sharing site.

Hackers have already leaked about 400 accounts by posting login credentials, all starting with the letter B, and labelled it as a "first teaser...just to get things going". The perpetrators are also promising to release more more password details if they're paid a Bitcoin ransom.

"More Bitcoin = more accounts published on Pastebin. 

As more BTC is donated, More pastebin pastes will appear."

The security breach in Dropbox would definitely have bothered its millions of users and since passwords are involved in this incident, so it has more frightening consequences on its users. Reddit users have tested some of the leaked username and password combinations and confirmed that at least some of them work.

DROPBOX DENIED THE HACK - THIRD PARTY IS RESPONSIBLE
However, Dropbox has denied it has been hacked, saying the passwords were stolen apparently from third-party services that users allowed to access their accounts. In a statement to The Next Web, Dropbox said:

"Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. 

We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well."

The incident came just few days after the Snappening incident in which the personal images of as much as 100,000 Snapchat users were leaked online, which was the result of a security breach in the its third-party app.

Snapchat has denied that its service or server was ever compromised, but the servers of a third-party app designed to save Snapchat photos, which became the target for hackers to obtain personal photographs.

DROPBOX - "HOSTILE TO PRIVACY" SAYS SNOWDEN
Dropbox was in the news earlier this week when, in a recent interview with The Guardian, NSA whistleblower Edward Snowden called Dropbox a "targeted, wannabe PRISM partner" that is "very hostile to privacy" — referring to its ability to access your data itself, which is yet another security consideration when it comes to web services.

Snowden suggested web users to stop using Dropbox and warned them that the cloud storage service does not safeguard users’ privacy because it holds encryption keys and can therefore be forced by governments to hand over the personal data they store on its servers. He suggested people to use an alternative cloud storage provider that do not store any encryption keys, so that the users’ data cannot be read by anyone.

USERS ARE ADVISED TO CHANGE PASSWORDS
Until the full scope of the problem is known, it’s probably worthwhile changing your password. But whether the attack is confirmed or not, it’s a good idea to change your password just to be on a safer side — especially for those users who use same password for multiple services.
Users are also recommended to turn on two-factor authentication, which Dropbox now supports and install a time-based, one-time password app on a mobile device.

Update: Dropbox has issued a statement on its blog further clarifying that the Dropbox passwords were stolen from "unrelated services."

"The usernames and passwords...were stolen from unrelated services, not Dropbox," 

the company said in a blog post. "Attackers then used these stolen credentials to try to 

log in to sites across the internet, including Dropbox. We have measures in place 

that detect suspicious login activity and we automatically reset passwords when it happens."

"Attacks like these are one of the reasons why we strongly encourage users 

not to reuse passwords across services. For an added layer of security, 

we always recommend enabling 2 step verification on your account."