Microsoft Requests for Permission to Publish Detailed Data Request Information

Microsoft is accused of collaborating with the NSA and providing them with direct access to databases associated with Outlook.com, Skype and other services without any legal right. The corporation has denied these allegations. Furthermore, they asked the government for permission to reveal more details concerning private data handling. They would like to inform the public how they react when approached by government agencies.

The situation became intense when media had published reports concerning Microsoft and NSA collaboration. Supposedly, Microsoft is helping the government agency to bypass the encryption wh Continue reading

Reveton Ransomware Hides Under IC3 Notification

Developers of Reveton ransomware have changed their tactics a bit. The malware is now disguised as a notification from Internet Crime Complaint Center (IC3). The IC3 is a government organization, which is responsible for online complaints, such as ransomware. In fact, this organization published a report about the latest modifications of Reveton malware last Friday.

The developers of the ransomware use tactics, for the distribution of Reveton, known as drive-by-download. This means that the PC is infected in complete secrecy, when the user visits a corrupted webpage. Furthermore, the Reveton is often bundled with a banking virus called Citadel. Once the ransomware infects the computer, its screen becomes blocked. Furthermore, a notification appears, stating that the user has committed crimes such as illegal distribution of copyrighted material or storage of child pornography.

Continue reading

Ransomware and Banking Trojans Target Skype Users

Security company GFI has discovered two new threats which cause danger to Skype users. One of them is ransomware which is spread via instant messages, and the other one is banking virus called Zeus, the latter is distributed using spam email. Chris Boyd, a security expert from GFI, claims that this is the first time ransomware is distributed using Skype messenger. The investigations concerning these malicious programs are still ongoing because some details concerning them haven’t been discovered yet. Fortunately, the basic concept of these viruses is clear, and the information was revealed to the public.

Developers behind the Zeus Trojan project use this kind of tactics. They create email letters which act like Skype voicemail notifications. The letter contains a link which supposedly leads to a website providing internet phone service. Unfortunately, instantly after the user has clicked on the link, his computer gets infected with Zeus Trojan. These attacks were discovered just after a report concerning the new ransomware was released. The ransomware is distributed using instant messages. Users get a message containing text “lol is this your new profile pic?” and a link. What is more, the link and text are provided by someone from your contacts, so it looks like a credible source. The written language of the text may differ according to the geographical region, thus making the scam even more believable.

Continue reading

Matthew Weaver Gets Year in Prison

Matthew Weaver a student from Huntington Beach, Calif,  was plead guilty and will face one year imprisonment. He implicated keystroke loggers to steal student log-in information, in order to use it for upcoming elections in the California State University San Marcos (CSUSM).

The former student managed to steal credentials belonging to approximately 750 students. His goal was to become the president of the CSUSM student government. Unfortunately to him, university’s IT specialist discovered suspicious activity in the network and managed to catch Matthew Weaver red-handed. Matthew Weaver asked for probation, but U.S. District Court Judge denied the request, stating that the former student gave an example of “phenomenal misjudgment” while trying to falsify the election.

Continue reading

FBI Ransomware Attacks Mac Users

Mac OS X users are now facing the same problems which were troubling Windows OS users for a long time. Recently, a new strain of ransomware has appeared which attacks Safari users. This malicious program was discovered by security firm called Malwarebytes. The malware blocks the computer, until a certain amount of money is paid.

Jerome Segura, who is a senior security researcher at Malwarebytes, reported that the infection reaches the computer after visiting corrupted websites. When the malware infiltrates the system it hijacks Safari Browser. Then a fake FBI notification appears on the screen.

The warning message claims that the user committed crimes such as illegal distribution of copyrighted material and pornography or gained illegal access to some sort of databases. The design of the notification looks credible, thus a lot of people are fooled. Although, sometimes the warning message only states that the computer is infected with certain malware, and transfer of funds is needed in order to remove the malicious program. The criminals require a transfer of 300 U.S. dollars via MoneyPak or Green Dot vouchers.

Continue reading

Data of 35K Konami Gamers Has Been Leaked

Konami is another popular Japanese video game company, which was attacked. Information belonging to thousands of gamers was exposed due to the hack. In fact, a website owned by the company, Konami ID, reported that the recent attacks affected 35,000 users. These events greatly resemble the attacks against Nintendo.  Few days ago the gaming giant also suffered serious damage due to a security breach exploited by hackers.

The attacks against Konami lasted few weeks. Between June 13 and July 7, hackers conducted 3,945,927 login attempts to the website using stolen passwords and usernames, unfortunately, 35,252 of them were successful. Furthermore, Konami took notice of the events only on July 8 as only then they managed to discover a massive amount of access errors, which indicated that there might be a problem.

Continue reading

Browser Security Warnings Appear to be Effective

Recent investigation revealed that users notice internet browser security warnings more than it was thought. The last two months saw about 25 million security notifications from Mozilla Firefox and Google Chrome examined. The research took place from May to June 2013. Its main goal was to analyze the user interaction with by passable browser warnings. Interaction with two types of notifications were examined: “proceed anyway“ provided by Chrome and “understood the risks“ displayed by Firefox.

By using metrics Akhawe and Felt summed up the number of times users encountered phishing, malware or SSL warnings and calculated the click-through rates per user. The researchers came to the conclusion, that users pay do attention to the warnings they are displayed, but 25% of times they ignored the phishing and malware notifications and just clicked through. The browser they were using was not a factor, in this case. The interesting fact is that about 33% of the Firefox users were stopped by SSL warnings while 70% of the Chrome disregarded this notification and entered the website. These findings suggest that Google should rethink their warning concept.

Continue reading

Nintendo Fan Site Data Leaked After Hackers Attacks

Data belonging to more than 20,000 users was leaked due to the breach in Nintendo servers. The vulnerability was exploited by a group of hackers which conducted attacks for almost an entire month.

The main target of the attacks was a fan/membership site called Club Nintendo. The purpose of the site is to register products, conduct surveys and give away coins or credits to the users, which can be exchanged to limited edition items or other rewards. The siege of Club Nintendo lasted from June 9 to July 4, during this time the hackers made millions of log-in attempts, 23,926 out of them were successful. Unfortunately, Nintendo was not aware of the situation until July 2, when “access error occurred” which unraveled a mass log-in attempt. According to a recent press release made by Nintendo the hackers had a list of log-ins and passwords acquired from an unknown third party company. What is more, it is believed that the third party source is associated with the Club Nintendo itself.

Continue reading

Adobe Fixes Bugs in Flash, Shockwave and ColdFusion

New security updates for Flash Player, Coldfusion and Shockwave were released by Adobe, few days ago. April was the last time they patched the mentioned software.

The security breaches in Shockwave and Flash Player could allow malicious third parties to install and run malware on the system. While the ColdFussion bugs are allowing hackers to remotely cause a denial-of-service condition on a ColdFusion server, or call a public method on ColdFusionComponents using WebSockets.

Breaches in ColdFusion security caused a lot of leaks this year. One of the most notable incident involved Washington state court system. Cyber criminals managed to access that particular court system and then steal the stored information. The data which was lost, includes residents’ driver’s license numbers, Social Security numbers and other sensitive information. These events affected more than one million residents of Washington. The particular vulnerabilities which were exploited during these hacks, were never revealed by the authorities.

Continue reading

Microsoft Fights Against Software Piracy Worldwide

Microsoft is fighting viciously against their own software piracy world wide, so it doesn’t matter where the counterfeiters are from the company will still be after them.

2012 saw Microsoft settle thirty-five piracy cases in the United States alone, and more than three thousand cases in 42 different countries world wide. Furthermore, between the summer of 2011 and the spring of 2012 Microsoft requested Google to eliminate about two and a half million URLs, because they allegedly used copyrighted or pirated software, thus becoming the company who made the biggest amount of take down requests to Google. Microsoft Cybercrime Center also released a statement concerning the damage piracy does. It claimed that software counterfeiting results in slower economic growth globally and locally, it also reduces the need for innovation and negatively impacts the development of new software.

Continue reading