Posts

Showing posts from 2016

US charges Chinese ex-IBM employee with Espionage

Image
The United States federal authorities have boosted charges against a former IBM Corp. software developer in China for allegedly stealing valuable source code from his former employer in the US. Chinese national Xu Jiaqiang, 30, was arrested by the FBI in December last year, when he was charged with just one count of theft of a trade secret. However, Jiaqiang has been charged with six counts: three counts of economic espionage and three counts of theft of a trade secret, as US prosecutors accused him of selling the stolen information to other companies, according to the Justice Department indictment [ PDF ]. The proprietary source code, which Jiaqiang was intended to sell for the benefit of the Chinese government, has been described as  "a product of decades of work." Jiaqiang worked as a software developer for an unnamed American company that developed networking software from November 2010 to May 2014. In May 2014, Jiaqiang resigned the company only to sell the code st...

Microsoft releases tons of Security updates to patch 44 vulnerabilities

Image
Microsoft has released  16 security bulletins  on Tuesday resolving a total of 44 security holes in its software, including Windows, Office, Exchange Server, Internet Explorer and Edge. Five bulletins have been rated “critical” that could be used to carry out remote code execution and affected: Windows, Internet Explorer (IE), Edge (the new, improved IE), Microsoft Office and Office services; and the remaining 11 are marked important. One of the critical issues, MS16-071 that caused alarm bells to go off for many security experts involves a Use-After-Free bug (CVE-2016-3227), which affects Microsoft Windows Domain Name System (DNS) servers for Windows Server 2012 and 2012 R2. The vulnerability resides in the way servers handle requests. Attackers could send a specially crafted request to a DNS server and convinced it to run arbitrary code in the context of the Local System Account, Microsoft’s advisory warns. Another critical vulnerability is addressed in MS16-070, which...

Ransomware now targets Smart TV

Image
Do you own a Smartwatch, Smart TV, Smart fridge, or any Internet-connected smart device? If your answer is yes, then you need to know the latest interest of the cyber criminals in the field of Internet of Things. Ransomware! After targeting hospitals, universities, and businesses, Ransomware has started popping up on Smart TV screens. A new version of the  Frantic Locker  (better known as  FLocker ) Ransomware has now the ability to infect and lock down your Smart TVs until you pay up the ransom. Researchers at Trend Micro have  discovered  the updated version of FLocker that is capable of locking Android smartphones as well as  Smart TVs . Originally launched in May 2015, the FLocker ransomware initially targeted Android smartphones with its developers constantly updating the ransomware and adding support for new Android system changes. Here's what the new version of FLocker does to your Android-powered Smart TVs: FLocker locks the device's screen...

U.S. Supreme Court allows the FBI to Hack any Computer in the World

Image
The US Supreme Court has approved amendments to Rule 41, which now gives judges the authority to issue search warrants, not only for computers located in their jurisdiction but also outside their jurisdiction. Under the original Rule 41, let’s say, a New York judge can only authorize the FBI to hack into a suspect's computer in New York. But the amended rule would now make it easier for the FBI to hack into any computer or network, literally anywhere in the world. The Federal Bureau of Investigation (FBI) can now Hack your computers anywhere, anytime. The FBI appeared to have been granted powers to hack any computer legally across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any United States judge. The U.S. Supreme Court  approved  a change in Rule 41 of the Federal Rules of Criminal Procedure that would let U.S. judges issue warrants for remote access to electronic devices outside their jurisdiction. "These amendme...

Ransomware virus shuts down Electric utility

Image
Ransomware has become an albatross around the neck, targeting businesses,  hospitals , and personal computers worldwide and extorting  Millions of Dollars . Typical Ransomware targets victim's computer encrypts files on it, and then  demands a ransom  -- typically about $500 in Bitcoin -- in exchange for a key that will decrypt the files. Guess what could be the next target of ransomware malware? Everything that is connected to the Internet. There is a huge range of potential targets, from the pacemaker to cars to Internet of the Things, that may provide an opportunity for cybercriminals to launch ransomware attacks. Recently, the American public utility Lansing Board of Water & Light (BWL) has announced that the company has become a victim of Ransomware attack that knocked the utility's internal computer systems offline. The attack took place earlier this week when one of the company’s employees opened a malicious email attachment. Once clicked,...

Homeland Security issues warning about QuickTime for Windows

Image
Apple no longer supports QuickTime for Windows, users are being encouraged to uninstall the program immediately. The warning from the U.S. Department of Homeland Security (DHS) comes on the heels of a  warning   from antivirus vendor Trend Micro that the video playback software is vulnerable to a pair of zero-day exploits. Apple has not updated the Windows version of QuickTime 7 since January and it would seem does not plan to release any more security patches to fix the exploits. Trend Micro notes that even Apple recommends Windows users uninstall the player. QuickTime for Mac is unaffected and remains supported by Apple. Trend Micro said it was not aware of any active attacks against these vulnerabilities, but that “the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it.” The  DHS warning  is pretty basic and to the point about QuickTime no longer being supp...

What is SMTP STS?

Image
Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age. But are your Emails secure? We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely. However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades. But worry not. A new security feature is on its way!!! SMTP STS: An Effort to Make Email More Secure Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed. Dubbed...

Hospitals attacked by Ransomware

Image
Just last week, the Federal Bureau of Investigation (FBI) issued an urgent "Flash" message to the businesses and organisations about the threat of  Samsam Ransomware , but the ransomware has already wreaked havoc on some critical infrastructure. MedStar, a non-profit group that runs 10 hospitals in the Baltimore and Washington area, was attacked with Samsam, also known as  Samas  and  MSIL , last week, which encrypted sensitive data at the hospitals. After compromising the MedStar Medical System, the operators of the ransomware offered a bulk deal: 45 Bitcoins (about US$18,500) for the decryption keys to unlock all the infected systems. But unlike other businesses or hospitals, MedStar did not pay the Ransom to entertain the hackers. So, you might be thinking that the hospitals lost all its important and critical data. Right? But that was not the case in MedStar. Here's How MetStar Successfully dealt with SAMSAM Ransomware MetStar set...