• Emails, Hashed Passwords of 18 Million Ixigo Users Stolen
    The data stolen from Ixigo is part of a broader data steal that saw user information leaked from seven other global sites including Houzz. Earlier, online food delivery platforms like Zomato and FreshMenu faced similar incidents of data leaks in the country. TNN | Updated: Feb 16, 2019, 10:40 ISTIxigo founder and CEO Aloke Bajpai told TOI the company will issue a notification to its users to reset their passwords as a safety measureBacked by China’s Fosun, Ixigo had over 20 million monthly active users in November last year(Representative image)BENGALURU: User data of 18 million, largely email IDs and hashed passwords, were allegedly stolen from online travel aggregation platform Ixigo. Ixigo founder and CEO Aloke Bajpai told TOI the company will issue a notification to its users to reset their passwords as a safety measure. Earlier, online food delivery platforms like Zomato and FreshMenu faced similar incidents of data leaks in the country. For Zomato, the scale of the leak was higher with data of 17 million users compromised.Read More
  • Saudi Arabia in the crosshairs as cyber-raids target Gulf
    Cyberattacks were ranked as the second most important risk after an “energy shock” in these three Gulf states, according to the WEF’s flagship Global Risks Report 2019 Criminal phishing attacks rising sharply, cybersecurity experts warn RIYADH: Online phishing attacks are on the rise with experts warning of increasing numbers of cyber-raids targeting Saudi Arabia and other Gulf countries. “Computer users in Saudi Arabia have been confronted with more than 30 million phishing emails in recent years,” he said. The Royal Saudi Air Force is offering the activity as part of the third Armed Forces Exhibition for Diversification of Local Manufacturing, inaugurated on Thursday The Royal Saudi Air Force is offering the activity as part of the third Armed Forces Exhibition for Diversification of Local Manufacturing, inaugurated on Thursday. Topics: Tabuk military exhibition Saudi Royal Air ForceRead More
  • Navy looks to expand the reach of its information warfare teams
    Vice Adm. Matthew Kohler, deputy chief of naval operations for information warfare and director of naval intelligence, said the service is considering an information warfare construct that would reach beyond the tactical, carrier strike group level. Roughly two years ago, the Navy established an information warfare commander within its carrier strike group concept, Kohler said. But the Navy wouldn’t have been able to train information warfare commanders two years ago without first establishing the community a decade ago, he added. The Navy also created a type command in 2014 for information warfare, just as the Navy has type commands for the other warfighting areas. Following that organization, the Navy established a “top gun” for information warfare in its Naval Information Warfighting Development Center in 2017. Navy creates Information Warfighting Development Center In order to meet evolving threats and challenges, the Navy is standing up a center to train warfighters.Read More
  • Facebook exposed US counter-intelligence agents to Iranian spies
    The US Department of Justice has refused to comment on the revelation that counter-intelligence staff were exposed to Iranian spies by using a Facebook (NasdaqGS: FB - news) group which was infiltrated. According to the indictment, the Iranians created a Facebook account under the real name of a counter-intelligence agent, using pictures and details from that agent's real account on Facebook. Because the imposter account appeared legitimate, the US agent they first befriended vouched for them when they added the fake account to a private Facebook group "composed primarily" of intelligence staff. They then befriended other intelligence staff on Facebook and attempted to send them files that appeared to be pictures, but were actually malware which would have allowed the spies to access the agents' computers and any networks the computers were connected to. A DoJ spokesperson declined to comment to Sky News on whether the agents who had been part of the Facebook group were reproached for the security gaffe. However, the behaviour of the counter-intelligence agents in creating a Facebook group has been criticised for exposing the agents.Read More
  • Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme
    Wrong password response when the user inserts credentialsAs per commonly observed credential harvesting websites, the cyber threat actor at this stage has now captured the inserted victim credentials. Anomali Labs assesses with moderate confidence that this attack is being used to acquire access to commercial Texas entities to obtain further personal/corporate access or data, to sell the credentials to other cyber threat actors or groups, and/or use to extort the victims whom were susceptible to the lure.Defending Against Phishing and Credential Harvesting SitesEnterprisesDomain Takedowns - The first step in protecting your brand is to register your trademark.  A friendly reminder, organisations need to first register your trademarked brand with the Trademark Clearinghouse (TMCH), which is ICANN’s database of protected trademarks before submitting the URS complaint.Browser Vendor Reporting - If you come across a phishing or malware site and followed the takedown options with no success, or a delay in the offending domains removal, consider reporting it to a Google and Microsoft.Read More
  • Brokerage Firms Warned by FINRA Regulator of New Phishing Attack
    The Financial Industry Regulatory Authority (FINRA) has issued an information notice to brokerage firms regarding an ongoing phishing attack which currently targets member firms with malicious spam e-mails. The phishing attack warning comes after a number of brokerage firms have already received suspicious looking e-mails camouflage to appear as being received from a legitimate credit union entity. The email appears to be from a legitimate credit union attempting to notify the firm about potential money laundering involving a purported client of the firm. The contents of the message mention a money transaction made by one of the clients of the targeted brokerage firms to the credit union, a transfer allegedly put on hold because of money laundering concerns. Additionally, as detailed in FINRA's alert, "The sender attempted to give some legitimacy to the email by including a reference to a provision of the USA Patriot Act that relates to the ability of financial institutions to share information with each other." The phishing e-mail also comes with a number of other fraud red flags:Read More
  • 'Old Phantom Crypter' supplants older Microsoft Office exploit builder tools
    Home > Security News Out with the old, in with the… Old Phantom Crypter, which despite its name is actually a new Microsoft Office exploit builder that’s been surpassing its predecessors in popularity among the cybercriminal community. Gabor Szappanos, principal malware researcher at SophosLabs, described the ascendance of Old Phantom yesterday in a company blog post, which links to a more detailed technical paper. Old Phantom Crypter first emerged roughly 11 months ago, originating as a PE cryptor before adding the Microsoft Office exploits capabilities as a means to deliver the executable, Szappanos reports. Over the past year, “The old, established, dominant ‘brands’ of maldoc builder tools (like Microsoft Word Intruder, Ancalog and AKBuilder) were abandoned,” says Szappanos in the blog post, “and these previously dominant builders have been completely wiped out of the ecosystem,” replaced by Old Phantom Crypter and several other newcomers.Read More
  • ICS/SCADA Attackers Up Their Game
    The good news: Some industrial control systems (ICS) operators increasingly are taking more proactive defensive measures to thwart cyberattacks on their networks. "The threats are getting worse," says Robert M. Lee, CEO and co-founder of Dragos, whose company this week published its annual findings on ICS threats and engagements with its industrial clients in 2018. Even so, only about 20% to 30% of ICS organizations in North America today use real-time network monitoring to detect and thwart attacks, according to Lee. "Not much has changed in the last year" in ICS attack trends, says David Weinstein, vice president of threat research at industrial security firm Claroty. Meanwhile, to patch or not to patch remains the big question for many industrial organizations as the number of ICS vulnerability discoveries and patches rose last year. Some 72% of ICS vulnerability advisories in 2018 encompassed engineering workstation systems, human machine interfaces (HMIs), and industrial networking components, according to Dragos' data.Read More
  • BEC Targets BSA Officials At Credit Unions
    To that end, phishing attacks, more commonly known as business email compromises (BECs), have been aimed at Bank Secrecy Act (BSA) officials at credit unions. Krebs on Security noted that the emails sent to officials at the United States credit unions looked like they were being sent by other BSA officials. As noted in this space late last year, five federal agencies spoke out, and presented a statement that detailed how credit unions and banks could share resources to make Bank Secrecy Act compliance efforts more streamlined. Separately, an investigation in its early stages has alleged that three executives and several others within British Telecom’s Italian operations — as reported by Reuters — were aware of fraud. Italian prosecutors made the allegations in a document this past week, alleging that the trio exaggerated revenues and presented fake supplier transactions that were designed to meet bonus targets. The document also said that the Italian partner of PwC, which served as auditor to the BT unit, is under investigation as well for allegedly falsifying the audit.Read More
  • "Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
    CrowdStrike® Intelligence observed a new campaign from a LUNAR SPIDER affiliate to distribute WIZARD SPIDER’s TrickBot malware on Feb. 7, 2019. However, this latest campaign is somewhat unique due to a custom variant of a TrickBot module that (to date) is only associated with this campaign. The WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking malware. This group represents a growing criminal enterprise of which GRIM SPIDER appears to be a subset. The LUNAR SPIDER threat group is the Eastern European-based operator and developer of the commodity banking malware called BokBot (aka IcedID), which was first observed in April 2017. The BokBot malware provides LUNAR SPIDER affiliates with a variety of capabilities to enable credential theft and wire fraud, through the use of webinjects and a malware distribution function.Read More