4268269143_52921820e5The Iranian Cyber Army has struck again. Baidu, the top search engine in China has been hacked by the Iranian Cyber Army group of hackers. It was only this past December, that the group managed to successfully take over Twitter for a short period of time to leave behind an anti-American message. However, because of the energy gasoline that Chinese state companies sell to Iran, relations between Iran and China have been generally good, so it isn’t clear for as to why the group decided to hack the Chinese search engine.

In response to the attack, Reuters received a statement from Baidu:

This morning, Baidu’s domain name registration in the United States was tampered with, leading to inaccessibility.

(Via Search Engine Land)

Read More →

An e-mail circulating the Internet claiming to be from shipping giants UPS, FedEx, and DHL, is actually a virus – so don’t open it! This phishing scam looks like its alerting customers or late or undeliverable packages, but in actuality it’s a virus attached to the e-mail. If you receive an e-mail like the one below, make sure you delete it immediately and refrain from opening the attachment.

(Via Snopes)


Read More →

1201_riskiest-countries-internet_565Of all the websites in the world, it turns out that Cameroonian-based websites have the highest volume of malware infected sites.

In a recent study done by the McAfee cyber security firm, it was found that more than half of the sites tested in Cameroon’s domain space were found to be engaged in shady behavior, such as infecting visitors with password-stealing or spam-sending software.

According to the McAfee analysts, your computer may be exposed to malicious programs or hacks through the simple typo of writing .cm rather than .com. Thanks to these Cameroonian .cm scams, the country of Cameroon has recently taken the title of most dangerous web domains (susceptible to hacks), a title that previously belonged to Hong Kong.  Last year it was found that in Hong Kong one out of every five sites put your computer at risk. Nowadays, McAfee states that one in every three websites may contain malicious programs and downloads for your computer.

Cyber criminals are attracted to this method of hacking because of new technology that allows them to run multiple malicious programs at once across servers that have low traffic. The moral of the story is to be careful how you type the names of your websites or you could end up with a virus from another country.

(Via Forbes)

Read More →

iwormJailbroken iPhone users in the Netherlands beware, a new worm is luring itself by redirecting users from the ING bank web site. When users visit the bank’s home page they are redirected by the worm which leaves them vulnerable to criminals that can capture their banking log-in information. Security experts at F-Secure are also warning that the worm can potentially turn infected iPhones into a “bonnet”, which is a network of compromised computers at the mercy of hackers or cybercriminals that can be accessed and controlled without the permission of the user. The worm can also be easily spread from one jailbroken iPhone to another when the jailbroken iPhones are connected to the same wireless internet connection.

Although this iPhone Worm is far from the first iPhone security threat to come out recently, Mikko Hypponen of F-Secure says that this is worm is the first seriously malicious virus for the iPhone. “There’s a clear financial motive behind it,” he told the BBC. “It’s fairly isolated and specific to the Netherlands, but it is capable of spreading.”

(Via the Telegraph)

Read More →

rbs-worldpayIn an elaborate plan to hack into ATMs worldwide, four hackers were able to accrue $9.5 million in cash in a matter of hours. The hackers, Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a fourth person identified only as “Hacker 3″ targeted the bank card processing company RBS WorldPay. By reverse engineering the PIN numbers assigned to payroll debit card accounts, the hackers were able to access millions of dollars and run.

RBS WorldPay, the payment-processing arm of the Royal Bank of Scotland, first noticed that they were hacked on November 10th. The hackers had actually  gained access to sensitive information for 100 payroll cards and the social security numbers of about 1.1 million account holders on November 4th. Little did the company know that within 12 hours they would be out $9.5 million dollars. Once the hackers broken into the company’s accounts, they raised the amount of available funds on the cards, some withdrawal limits to as high as $500,000. After raising the limit, the hackers are described to have provided the account details to their “army of cashers,” around the world who hit more than 2,000 ATMs in less than 12 hours.

Tsurikov, Pleshchuk, Covelin and “Hacker 3″ face up to 20 years in prison for conspiracy, while Covelin is currently wanted by the NY government for cyber crimes committed earlier in the year.

(Via Wired)

Read More →

hacked-phoneRecently cyber criminals found a new platform for their latest hacks:  Internet phone services. VoiP (Voice Over Internet Protocol) has becoming increasingly used and its particularly susceptible to hacker attack.

In the past few weeks, dozens of telephone systems across the country have been hacked into. Once hacked, these phones will automatically call banking customers and trick them into giving out sensitive financial information.  Typically the hackers target small businesses as they are least likely to have proper system defenses. Once hacked, when a customer receives a call, a prerecorded message will play telling them that there has been a bank error and that their accounts have been temporarily suspended. It then prompts the customer to enter his account or ATM card number, which the hacker then uses to open fake debit cards and clean out the accounts. As more phone systems move to the Internet, this new technology is more susceptible to attack due to weak or non existant defenses.

(Via CIO.com)

Read More →

uscyberchallengeInstead of prosecuting hackers, the US government is hoping to wrangle these people into working for the US government. Organizers of the event called the US Cyber Challenge, invited 10,000 of America’s best computer whizzes in an attempt to persuade them from illegal activities and turn them into security “top guns.” A similar conference is planned for next year in Britain.

Entrants are asked to play a series of video games to highlight their potential hacking skills. Using games to look at the kids’ abilities, the kids are asked to analyze hard drives, collect evidence, and extract passwords from the computer.

If eventually recruited, they could earn up to six figures from the US government.

“Government and business need more and better security experts to protect intellectual property and business continuity and keep private communications private,” Judy Baker, a security consultant and organizer of the UK branch stated.

The winner of the first US Cyber Challenge was 17-year-old Michael Coppola from Connecticut. What sealed the deal was his ability to break into the scoring system to award himself 10,000 extra points.

(The TimesOnline)

Read More →

twitterUsers of the social networking website Twitter have yet another virus to fear. According to these latest reports, there is a new worm related to a phishing scam floating around Twitter and it’s using the system’s direct messages to spread.

An already compromised account will send a direct message to another account with a body similar to:

“rofl this you on here? http://videos.twitter.secure-logins01.com.”

Once users click on the link they are asked to submit their information via a fake Twitter login page. And, once they’ve entered their login information, hackers use the compromised account to send a fresh batch of messages to all of the person’s Twitter followers. By luring unsuspecting users with “rofl is this you?” promises of a funny picture, victims are inclined to click on the fake link and thus subject themselves to the phishing virus.

Read More →

skullpayrollGangs of cyber criminals who have been attacking big business have now set their sights on public schools and colleges.  On October 17th, hackers broke into the Stanford school district and initiated fake money transfers from the schools payroll accounts. The thieves kept the amounts below $10,000 in order to avoid detection by the banks. By the time the staff caught on two days later they had already lost $177,000.

Stanford was not the only school to report thefts like this. The Sand Springs, Oklahoma school district has also been attacked,  as well as Marian University, a Catholic university in Fond du Lac, Wisconsin. Each establishment had close to $200,000 stolen from it. All three schools were able to detect the fraudulent transfers soon enough to reverse some of the damage, however the only school able to have its losses completely recovered was Sand Springs.

Read More →