Thursday, May 28, 2015

Attackers use email spam to infect point-of-sale terminals with new malware


Cyber ​​criminals are targeting employees who browse the Web or check their email from point-of-sale (PoS) computers, a risky but unfortunately common practice.
Researchers from security firm FireEye recently came across a spam campaign that used rogue email messages masquerading as job inquiries.
The emails HAD Fake resumes Attached That Were Actually Word Documents with an Embedded Malicious Macro. If Allowed to Run, The Macro Installed A Program That Downloaded Additional malware from A Remote Server.
Among those Additional Programs, The FireEye Researchers  Identified A new Memory-scraping malware Threat That Steals PAYMENT Card Data from PoS Terminals. They've dubbed The new Threat NitlovePOS.
PoS malware HAS Become commonplace over The past FEW years and HAS LED to Some of The Largest Credit Card breaches to date. This Kind of Malicious Program WAS Used to Steal 56 Million PAYMENT Card Records from Home Depot last year and 40 Million from Target in Late 2013.
Once they are installed on PoS terminals, these programs scan the system's memory for card data while it's being passed from the card reader to the specialized merchant application-hence the term "memory-scraping." Criminals can use the stolen data to create fraudulent copies of the compromised cards.
Attackers typically Infect PoS Systems with malware by Using Stolen Or Easy-to-guess Remote Access credentials. Another method Is First to Compromise on Other Computers The SAMe as The Network Terminals and Then to Attack Them.



Organizations should educate their employees to follow best security practices, such as using POS systems for what they are intended for and not to browse the web, check email, play video games, etc., 
Posted by at No comments:

Offline access: Google's plan to attract the next billion users



Not everyone enjoys the constant connectivity that First World users take for granted. So, for developing countries-and, possibly, the US? -Google Said it will allow many of its apps to be accessible offline. 
"Making the world's information accessible to users everywhere has been at the heart of what Google does, right from the start," said Jen Fitzpatrick, vice president of engineering, on stage at the Google I / O developer conference keynote on Thursday. 
"More and more People are Getting A new smartphone, and for MANY of These People, BE IT Will Their very First Computer," Fitzpatrick Said. She That Just Added Six Countries, Including China, Mexico, and Brazil, Will BE Responsible for 1.2 billion smartphone sales by 2016, But MANY of Them Lack pervasive Internet Access. "These People Will Have A ProFound Impact on Mobile computing, Both as users and as creators," Fitzpatrick Continued. "So we're Thinking very carefully How we Evolve our products, and our platforms, to address their particular needs. "

Fitzpatrick Said " And Yes, There Will BE acceess offline ". "This MEANS That you'll BE Able to Save Any page you'll visit ... for Later," 

YouTube Offline:  In India, Indonesia, The Philippines, and Vietnam, Google HAS Launched YouTube Offline, users Where Can Cache A video for up to 48 hours on YouTube Their phone Without an active Internet connection.

 Source
Posted by at No comments:

Google announces Android M, available later this year

Android M release date news and features

Say Hello to Android Mobile Platform The Latest from Google.  
Android M release date
The Android M developer preview is available from today, but the main Android M release date is set for Q3 2015 - and we'd say it's most likely to be September 

"Android M" is explicitly listed within the description of the conference. Specifically, Looks like The next version of Google's Mobile operating System Will BE FOCUSED on The Workplace. Or, All The Work places:

"Android M Is Bringing The Power of Android to All Kinds of Workplaces."

Last year, Google unveiled Android Lollipop and so it's no surprise that the company would have another version of the mobile OS ready to get shown off this year.

 Features
Android "M" Will Focus primarily on Fit and Finish and Other Feature additions, Inspired by those Made by Other OEMs on Their Devices. Android's permission System HAS been redesigned; Apps compiled for "M" Use A Simplified permission Model, and are No Longer All Relevant permissions granted by default. When A functionality Requesting permission Is A First Used (such as Accessing The Microphone), The user must now explicitly Grant permission to The app to Allow IT to Have Access to The Function. Android "M" Also Provides A Standard Fingerprint Recognition API? Fingerprint credentials Can BE Used to UNLOCK The device and AUTHENTICATE Play Store and Android Pay Purchases. A new Power Management Scheme Known as "doze" reduces The device's background Activity When The device Is not Being physically Used to Conserve Battery power. 

Posted by at No comments:

Wednesday, May 27, 2015


Smart credit cards are coming. Here's what you need to know




At least four startups are betting the world is not ready for mobile payments.
Unlike Services like Pay Apple and Google Wallet (Which Use your phone), All-in-One cards Or "Smart cards" embrace A Familiar Medium - The Plastic Credit Card - and turn IT Into an All-in-One Solution PAYMENT.  
Smart credit cards primarily offer convenience while maintaining security. Instead of carrying a dozen cards (including gift and rewards cards), all your payment options are tidied up into one dynamic card.
Since MANY Merchants are not yet Equipped to accept Contactless payments Pay like Apple and Google Wallet,  A Smart Card Is One passing to consolidate your wallet Until Merchants catch on .
Since  Coin's Introduction in 2013 , AT Least Three Solutions comparable Have The space Were Were Were Were were entered:  Swyp , Stratos  and  Plastc . You'll have to wait to get them, though. Plastc, Swyp, Stratos and Coin are Currently Taking pre-orders-- But IF IT Sounds like an appealing alternative to Mobile payments, Getting One of These cards Might BE Worth The The wait. It Works like this: A Card - not unlike The form factor of magnetic stripe cards you currently carry - is embedded with a Bluetooth connection, which it uses to act as a variety of cards. That smart card can act as your mileage rewards card, your debit card, and even your in-store club card.
I reached out to four card makers, and none but Stratos could provide review units. The companies are either committing to giving their early backers the first units, or are not ready for distribution just yet.
Once more review units are available, we'll do a real-world road test. Until then, we know enough about how these cards work and what they do to give you a comprehensive comparison.

How it works

The selling point on smart credit cards is that they offer convenience. Instead of crowding your wallet with many cards (including gift cards and club cards), one digital card represents them all.
Stratos, Coin, Swyp and Plastc achieve this in an unexpected way. When you receive one of these cards, it comes with a magstripe reader that looks a lot like the Square or PayPal card readers.
Once you've confirmed your identity, you'll be able to add your "old school" cards to the smart card's app by swiping them through the card reader. (More on this under "Security.") Then, using Bluetooth, the app loads that information onto your smart credit card.
How can one magnetic stripe act as many different cards? Like this: When you select the card you want to use, an induction coil embedded within the card sends a signal that re-programs the magnetic strip.

The added benefits

Some of these cards offer more than just convenience. For instance, the accompanying Plastc app can also act as a place where you can manage your budgets and keep track of all transactions in one central place, much like Mint.com.
Stratos, Swyp, and Plastc will offer tokenization eventually, a feature that masks your credit card's identity for each transaction, preventing your true account number from being exposed during a credit card data breach. (Plastc and Swyp plan to add this feature as an update after the initial launch.)
These cards can be updated with over-the-air updates, so expect more features to be added as smart card makers look for ways to make their product stand out from the rest.

Where they're accepted (or not)

They're just like any other credit card, so you should be able to use them everywhere, right? Almost.
Most of the credit cards in your wallet are actually equipped with two magnetic stripes, called "Track 1" and "Track 2." You can not see them - they're usually masked under what looks like a single stripe. Track 1 is primarily used for your name, while Track 2 is used for your credit card number.
If a credit card contains both tracks, then your card will be accepted universally. But, if the card only contains one track (Track 2), then some credit card terminals might not be able to read it.
Coin only employs One Track, and Provides A List of major Retailers Where ITS Card Is not accepted. When asked if and when the card would be updated to include both tracks, Coin did not respond.  
This is not necessarily a deal-breaker, but definitely something that might affect a seamless transition from your current card to a smart card. Plastc, Swyp, and Stratos all use both tracks, ensuring your card will be accepted everywhere you go.
And, yes: smart cards can be used with ATMs.

As easy as a credit card?

Just like picking a card out of your wallet, you'll need to choose a card at the cash register. Stratos, Coin, Plastc, and Swyp want to make this process as fluid as possible so that using their smart cards are just as easy as the way you pay for things now. The method is a little different for each card, and while we have not had a chance to do a real-life test, here's what we know.
  • Stratos . When you're at the register, you'll tap the card onto the counter top (or another hard surface) to activate. Stratos will light up, at which point you'll choose the card you want to use by selecting it on the card itself. Stratos does not have an actual display - just LED lights that represent your primary four cards.
  • Coin . To make a purchase, you'll tap the button (it's flat) on the card to toggle through your available cards and make a selection.The card has an LED display, so you can see the names of the cards as you toggle through.
  • Plastc . Since it has a considerably large e-ink display, Plastc is probably the most user-friendly card. To select a card at the point of sale, you'll swipe across the e-ink display until you find the card you want to use. You'll be able to arrange the order of the cards. Consider that we will not know how responsive the screen is until the card is available to test.
  • Swyp . This one works a lot like Plastc. The card include a small display that shows your card's name and account information. It's equipped with buttons so that you can toggle through your cards when you're ready to buy. Swyp's stand-out feature is that it will eventually learn which cards you like to use based on the time of day and location.

Security

Because this is an entirely new concept and product category, all four makers are taking a very careful approach to how your cards are stored, programmed and kept secure. Before we dive into card-specific approached, here's how (generally) all four cards work from a security perspective.
  • Verifying your ID.  The ENSURE No One Creates A Smart Credit Card Using your name, The Card Maker Will Conduct A Thorough identification verification Process That ensures you are Who you say you are. First, you'll provide your name and the last four digits of your social security number. Most card makers use a third-party service to then verify your ID by asking questions about your previous addresses, family members and other information only you should know.
  • Adding Accounts to your Smart Card.  As we'd Expect, you'll only BE Able to add cards That Match The account name you Verified in The First Step. In addition to swiping the card, you'll take a photo of it to ensure the info on the card matches what's on the magnetic stripe. Plastc takes that a step further and uses the front-facing camera to ensure the person adding a card is the same one who created the account.
  • Losing your Card.  The Mechanics of this are A Little Different with Each Card, But The Point Is The SAMe: ​​Security Measures Will ENSURE IT BE Difficult to Use your Card IF you Lose IT. For instance, Swyp requires a four-digit PIN you'll enter on the card if it loses connection with your phone. Coin works similarly, but instead of a PIN code, you'll be required to enter as series of button presses on the card. Stratos and Plastc let you determine how long they should wait before shutting down after losing a conenction with your phone.
  • PCI DSS Compliance.   Anyone Who accepts Credit cards, online Or offline, Is Required to BE PCI DSS (Data Security Standard) compliant, and That Includes Smart cards. This ensures that the card data they collect and store is done in a secure fashion. It also ensures they're equipped to prevent, detect and react to any security breaches. Stratos, Plastc and Swyp are all working on meeting these requirements. Coin did not respond.

Future-proofing

Plastc and Swyp told us in interviews that they will ship cards that are capable of programming EMV (or "chip-and-PIN") cards. Those same cards can also be used for NFC-based contactless payments (where you'd tap the card on the terminal instead of swiping.) Stratos also plans to add this feature and will incorporate it into the next version of its card.
These features will not be available at launch, but once the companies are ready to deploy the updates, cards will be updated over the air.
This is important because by the end of the year, a liability shift will take effect, and merchants who do not support EMV cards will be responsible for fraudulent transactions.
In order to comply, more merchants will update their credit card terminals to accept these new cards. Those new terminals will likely also work with contactless payments like Apple Pay and Google Wallet. If that's the case, then ubiquitous support for contactless payments might be around the corner. At which point we'll ask: where do smart cards fit in?

Posted by at No comments:

Thursday, May 21, 2015

NSA planned to hijack Google Play Store, Samsung app store to deliver malware

 App stores from Google and Samsung reportedly became targets for government hijacking a few years ago, as the National Security Agency and its allies ramped up their data collection efforts.
As Reported by CBC News and The Intercept , The Plan Involved The hijacking connections Between smartphones and Their Marketplace app servers, and Then planting Malicious software on Targeted Devices. The NSA and friendly spying agencies could then secretly collect data, and possibly even send "selective misinformation to the targets" for propaganda or confusion purposes.
The reports stem from a new document provided by former NSA contractor Edward Snowden. It outlines a series of workshops held by the NSA and its counterparts in Canada, the United Kingdom, New Zealand, and Australia-collectively known as "Five Eyes."
While investigating this possible hijacking method, the NSA and its allies also came across a major vulnerability in UC Browser, which is hugely popular in Asia. The program was reportedly leaking phone numbers, SIM card numbers, and other device details to its servers in China, making it a possible treasure trove for spying agencies.
The vulnerability persisted until last April, when human rights group Citizen Lab alerted the Alibaba Group, UC Browser's parent company. An Alibaba source said it never heard a word about the leakage from spying agencies.
Why this Matters: While IT's unclear What Became of The app Store hijacking Plan, Have shown earlier Reports That UK GCHQ spying Agency Designed A suite of spyware aimed AT iPhones and Android phones. The new documents could show how agents planned to load that spyware onto target's phones.
The documents also speak to a larger issue of whether spy agencies should continue to exploit the software vulnerabilities they discover-thereby putting all users at risk-instead of reporting them. President Barack Obama HAS Said he's in favor of disclosing vulnerabilities , But with Exceptions for National Security and Law Enforcement Needs. The Electronic Frontier Foundation HAS Sued The NSA for more Specifics on When Might Keep IT Security flaws SECRET. 

SOURCE
Posted by at No comments:

Saturday, May 16, 2015

Google blocks Chrome extensions not found in the official Web Store


Google will require extensions for its Chrome browser to be installed from its Web Store, a move intended to stop users from inadvertently installing malicious ones.
Google has gradually been changing its policy around extensions to prevent abuse. Last year, IT Mandated That All Chrome Extensions for Windows BE Hosted in ITS Store, Wrote Jake Leichtling, an Extensions Platform Manager product.   
The change caused a 75 percent drop in requests from customers asking how to uninstall unwanted extensions, he wrote. It did not apply to the Windows developer channel, but hackers are now using that in order to install extensions, he wrote. Starting Wednesday, all extensions for Windows will have to be hosted in the store, and the same will apply to OS X in July.
Google automatically analyzes Extensions for Malicious Behavior. Most are then published, although some may be held for manual review. IT bans Extensions That interfere with Advertisements, for Example, Or are spammy.    
For development purposes, Google will still allow extensions to be installed locally, as well as forced installs using a group policy for enterprises, Leichtling wrote.
To not disrupt users' Experiences, Google Also allows SO-called inline installations , Where A user appears to Install an Extension Directly from A Website, But Is Actually Hosted IT AT The Web Store. 


Posted by at No comments:
gta v michael tripping

Malicious keylogger malware found lurking in highly publicized GTA V mod


Mods! They're  A Big Part  of What Makes Great PC Gaming SO. They're an Even Bigger Part of The Grand Theft Auto franchise's success on PCs. Malicious But No-goodniks out There Have seized Advantage of The current Spotlight on GTA V to slip nasty malware Keylogger Into Some of The mods available for The Game-Including The otherwise Awesome-looking "Angry Planes" mod That Made The rounds on The Big gaming sites this week.    
GTA Forums Member aboutseven  First noticed Angry Planes misbehaving, Kotaku Reports. He became suspicious when he noticed an odd C # compiler program running in his system processes, sending and receiving data across the web. Further digging revealed a Fade.exe executable buried in his PC's Temporary Files folder, keeping logs of his activity and altering the Windows registry to silently launch at system boot. Gulp. 
Aboutseven Fade.exe eradicated from His System, But noticed IT Sprung back to life Whenever he Ran GTA V with mods Installed. After a bit more trial and error, he pinpointed the Angry Planes mod as the culprit. Another mod dubbed "No Clip" was also found to contain the malware.  
Why this Matters:  Bad guys always find A passing to Ruin A good Thing. But this Fiasco drives Home an Important Point: Mods are software Designed to Run on your System, and you shouldnt  religiously  Scan All you download software with Anti-Virus and Anti-malware Tools  Before  you Run Them. Yes, even mods.
If you Need Some AV Recommendations and do not Have A dime to Spare on Premium Suites, PCWorld's Guide to  Building The Ultimate free Security suite  you Can Point in The Right Direction.

The dangers of Angry planes

So what, exactly, does Fade.exe do? Fellow GTA Forums Member ckck Performed an Analysis Also after Being Infected by Angry Planes and Claims The Trojan malware Used His PC to Participate in A DDoS Attack Against A Twitch Game Streamer. He also says he found the following modules active inside the malware:  
  • "Facebook spam / credential stealing module
  • Twitch spam / credential stealing module
  • Messenger.com spam / credential stealing module
  • A Steam spamming module
  • A Steam module that evaluates the items in your inventory and their value based on current market value
  • A Keylogger module that logs individual button presses in an XML like format, it also includes information about context switches (switching from one app / window to another)
  • A UDP flooding module
  • There were others I had not deciphered and did not see in action. "
Fortunately, GTA5-mods.com -One of The sites That Hosted The malware-ridden mods as well as MANY, MANY more legit GTA V -mods promptly Removed The offenders, issuing A Public apology and Explanation. If you've Used Angry Planes Or No Clip with GTA V , Perform an Anti-malware Scan with One of The AV Programs That detects The Malicious File . Since the keylogger malware monitors Steam, Facebook, and Twitch, you'll want to change your passwords for those services, as well. Heck, Changing  All your passwords Would BE The SMARTEST IDEA.      

Posted by at No comments:
Subscribe to: Posts (Atom)