Posted by & filed under Security Threats.

High court told more alleged hacking victims will file civil claims, while News Corporation has accepted another 64 cases into its compensation scheme.

A further 20 alleged victims of phone hacking are expected to lodge civil claims against News International shortly, taking the latest total to more than 70 claimants, the high court has heard.

Rupert Murdoch’s News Corporation has also accepted 64 further claims into its compensation scheme for News of the World phone-hacking victims, Hugh Tomlinson QC told the high court on Friday.

The 20 new claimants that will lodge claims shortly, according to Tomlinson, were not named in court.

The number of those taking action against News International is likely to grow further.

The Metropolitan police service has received 286 requests for the disclosure of evidence related to phone hacking, including the notes of the private investigator Glenn Mulcaire, since late April, the court was told on Friday.

Those who have lodged claims include professor John Tulloch, who was just three feet from Mohammad Sidique Khan when he detonated his rucksack explosives at Edgware Road tube station in the 7/7 bombings; Hannah Pawlby, aide to former home secretary Charles Clarke; and Lewis Sproston, the boyfriend of murdered model Sally Anne Bowman.

Others include Cherie Blair, David Beckham’s father, Ted, and footballer Wayne Rooney.

It also emerged at the high court on Friday that News International, News Corp’s UK subsidiary and the former publisher of the now defunct News of the World, has retrieved the company iPhones of three unnamed executives and is trying to track down another one.

read the rest of the story at theGuardian

Posted by & filed under Security News.

Microsoft released a security alert and patch due to the disturbing news that the hugely complex Flame malware has spoofed MS-signed certificates, potentially making Microsoft Update a malware delivery mechanism. Yikes and double yikes.

In what security researcher Mikko Hypponen calls the “Holy Grail” of malware writers, the massive and complex Flame malware, linked to state-sponsored espionage and information-gathering, has managed to spoof Microsoft-signed digital certificates, creating the potential for man-in-the-middle attacks on the Microsoft Update system.

Clearly, as Hypponen points out, successfully exploiting this vast delivery mechanism for malware could be disastrous. If the Flame module successfully performs a man-in-the-middle attack, it drops a file called WUSETUPV.EXE on to the target computer. As of now, however, Hypponen says, “…It has not been used in large-scale attacks. Most likely this function was used to spread further inside an organization or to drop the initial infection on a specific system.”

Microsoft’s warning and patch are located on its support page. The full Technet Security Advisory is linked here:

Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:

Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1)

The investigation into the incident is ongoing, but the main takeaway for now is to patch immediately!

source: TechRepublic.com

Here is a video on how the Flame Malware works.

Posted by & filed under Spyware Articles.

Hacking social media accounts is becoming prominent nowadays. A lot of accounts are being compromised by cyber criminals that can ruin your reputation or your privacy. In this post I will outline some ways on how you can secure your online accounts.

1. Generate strong passwords. It is recommended that a strong password consist of a mixture of lower and uppercase letters, and numbers. You should not used default names such as admin, your birthday, name of someone you love. Do not create passwords that even your friends are familiar with.

2. Sign-out if you are in a public computer. If you forgot to sign-out your account in an Internet shop, the next computer user can use your account. Although the password may not be changed but the person can post on your update status or access your private photos.

Turn off the remember your passwords when in public computer or just say NO if it ask you to remember the password. To turn this “AutoComplete'” feature in your browser. (In IE: Tools >Internet Options >Content tab >AutoComplete button – uncheck “usernames and passwords on forms;” clear passwords.)

Clear out the browser’s history so as to prevent the next customer in seeing the pages you recently visited.

3. Avoid using the same password for your other online accounts, such as email, bank, or social networking accounts. Since these accounts are inter-linked to each other, it is a precautionary measure to have separate passwords for each. If one account is compromise, the other accounts cannot be easily hack.

4. Do not reply to emails asking you to change your password. I used to received emails supposedly from hotmail asking me to change my password. However after checking the email header and the anchor link, it shows that source of the email came from an untrusted source. Rule of thumb, if you do not asked to change password then don’t entertain untrusted emails.

5. Update your antispyware software. Keyloggers is a type of malware that can send your data over the Internet . Updating your antivirus software can prevent your computer from being infected. A free antispyware can be downloaded here.

Privacy and securiy is a major issue in our Internet life. Following the initial steps above can help users in protecting their accounts from being compromised.

photo credit: SXC.hu

Posted by & filed under Security News.

Megaupload founder Kim Dotcom is demanding access to 135 computers and hard drives that were seized from his home in January, so the data can be used for his defense. Until then, he refuses to give up passwords to encrypted data stored on the machines. Dotcom’s legal team is challenging the legality of the search warrants at the High Court in Auckland and is accusing the US Government of an unfair fight.

Megaupload continues its legal battle, both in the US and New Zealand. This week Dotcom and his legal team were at Auckland’s High Court to request a judicial review of the legality of the search warrants that were used to raid his Coatesville mansion in January.

During the hearing Dotcom’s lawyer Paul Davison demanded access to the data stored on the 135 computers and hard drives that were taken into custody.

The lawyer argued that the data is needed to mount a proper defense. Not only to fight the extradition, but also to show that “excessive police action’ was used during the raid. The raid was captured by CCTV data which is stored on the computers in question.

The FBI, however, is objecting to the data handover because some of the files are encrypted. Megaupload’s founder is refusing to hand over the passwords to these files before he’s guaranteed access to the data himself, supervised by the court if needed.

Read the rest of the story at TorrentFreak

photo credits: Wikipedia.com

Posted by & filed under Security News.

If all of sudden a window pop-up in front of your screen and locks your computer telling that the authorities already knows your illegal activities then most likely your system is infected with a Ransomware.

A new type of malware is spreading in European countries like Germany, France, Switzerland, Austria, and the Netherlands. Once the ransomware is installed, it locks the computer and asks the user to pay a fee before the ransomware unlocks itself.

The ransomware was first discovered by abuse.ch as exploit known as Blackhole. Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader. the software is being sold in an underground community for cyber criminals wanting to gain extra bucks.

How does the malware works? Blackhole, just like any malicious malware, exploits un patched or un-updated security fix from software makers like Java. It install itself as a trojan on the users’s PC. As soon as it is completed in its installation it prompts the user that the computer has been locked due to illegal downloads like pirated music and videos.

The user is then prompted to pay a fee amounting to $80. The payment is to be made via Paysafecard. What it makes more realistic is that the logo of Metropolitan Police is displayed on top of the webpage.

The domain name used by the ransomware is pointing to a Russian website: joonwalker.com. The domain is registered to “Huth Matthias”. Abuse.ch suggests that the following domain names be blocked from the network because they are suspected to be owned by the same registrant.

arschenpustel.com
arschtrompete.com
arschtrompeteauto.com
arschtrompeteshop.com
bascvj.com
brauchnwanich.com
dergeldmacher.com
deutschecamworld.com
easyonlinebuxxx.com
fettehupenalter.com
fiftypercentworker.com
flobbo-online.com
fressehaltenlol.com
fuehlediebezahlung.com
fuehlediecon.com
geiledeutschecams.com
geileschnittendicketitten.com
geld-machen-mit-ebooks.com
geldverdienen-easy.com
gema-gebuehreneinzug.in
gemagatezor.com
gemagatezor.net
gewinnspiele-king.com
grosqa.com
helexxaione.com
hunnibezahlor.com
hunniconnector.com
ichmussconnecten.com
joonwalker.com
knallrattern.com
kohlhanser.com
konschtantin.com
kuemmeljoe.com
leckerfrischekacke.com
meineguetekak.com
meineherrenlaff.com
mightyporntube.com
mjun1.info
mongoneger.com
moxitoeex.com
moxitom.com
muellgeburten.com
muselfrauen.com
nulpapors.com
odrjaj.com
ratschuikakk.com
ratzeputzel.com
reich-durch-ebooks.com
toilettenspuelung.com
trueffelmueffel.com
tschaijikki.com
tujkea.com
universalpan1.com
universalpan2.com
urgeprotectar.com
vabrus.com
verdienjegek.com
whatwillhappenbaby.com
wonkeebonkii.com
xakacj.com
zeig-malmo-pse.in
zeig-malmopse.in
zeigmalmoepse.in
zeigmalmopse.in

In order to prevent your computer from being compromise by a malware, it is suggested to keep your software or third party plugins updated from the latest security patches.

Click here for a free antispyware software.