Eddie Bauer the Latest Victim of POS Malware Attack

what-is-malware-as-a-serviceOutdoor clothing company Eddie Bauer has become the latest victim of a large scale Point of Sale malware attack, leading to the compromise of customer card data over the first six months of this year.

The firm claimed in a press release late yesterday that it is currently notifying an unspecified number of customers about the attack, which took place between 2 January and 17 July this year.

Interestingly, the company said that this POS malware campaign was part of a “sophisticated attack” encompassing a range of hotels, restaurants and retailers.

It emerged this week that a major breach had occurred at Hyatt, Marriott, Starwood and Intercontinental hotels between March and June 2016.

“We have been working closely with the FBI, cybersecurity experts, and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts,” said Eddie Bauer CEO, Mike Egeck.

Continue reading

Project Sauron has Been Spying on Governments for 5 Years

Project Sauron, the sophisticated information exfiltration malware, has been spying on government computers and computers at major organizations for over five years.

According to Comodo, to boot, there is a very real possibility that a government-sponsored group is behind it.

Project Sauron—so-called because of the reference to Sauron, the main antagonist in J. R. R. Tolkien’s Lord of the Rings, in its source code—was first detected reportedly on an unspecified government network last September. And like the evil Tolkien nemesis, it appears to be all-seeing: It can be used to steal passwords, encryption keys, configuration files and log stores, plus it logs key strokes and opens backdoors for hackers to take control of a system or network.

“Subsequent probes revealed that the malware was present in many other networks,” researchers said, in a blog. “Project Sauron has been found in the networks of at least 30 organizations. This includes government networks and strategic ones like the networks of military, financial and telecommunications organizations. Reports say that the malware has been detected in an airline in China, an embassy in Belgium, and an unidentified organization in Sweden.”

Comodo noted that Project Sauron uses a strange executable file that claims to be a Windows password filter. Whenever a user would log on or enter a password, this executable would start up, and unlike usual malware, it appears differently on different systems/networks.

“Project Sauron is a malware that’s almost impossible to detect,” the researchers noted. “The malware doesn’t leave behind tell-tale signs like other malware would and thus it becomes rather difficult to identify other infections. The creators of Project Sauron make sure that no two infections are similar and that no two infected systems create the same software artifacts.”

Continue reading

Trojan uses TeamViewer to spy on Victims

Dr. Web Researchers have warned of a backdoor Trojan targeting US users. The Trojan which is distributed under the name Spy-Agent and identified by Dr. Web as BackDoor.TeamViewerENT.1 uses legitimate TeamViewer components to spy on victims and have in the past targeted European and Russian users.

The Trojan further installs additional malware like keyloggers and form grabbers on infected systems and use them to spy on users. The researchers noted that the Trojan hides itself from users by terminating the TeamViewer process whenever Task Manager or Process Explorer is started and by disabling error messaging in TeamViewer.

To prevent Trojan infections, computer users are advised to:

  • Use a robust anti-virus software
  • Use firewall
  • Ensure software patches are updated
  • Ensure proper user-accounts permissions; giving administrative rights only where required.

Know the right time for security messages

Brigham Young University researchers have found that 90% of people disregard important security messages if they come up at the wrong time.

The study was carried out by BYU researchers in collaboration with Google Chrome engineers. They found that warning messages appearing haphazardly results in up to 90% of users ignoring them. They found that this is as a result of the nature of the human brain which cannot handle multitasking well even when the tasks involved are simple ones.

The best times to present security messages to users are after watching a video, while waiting for a page to load or after interacting with a website as found by the research.

This research has convinced Google chrome security engineers to change the timing of security messages in future versions of the Chrome Cleanup Tool and hopefully other developers will follow too.

Browser hijacker ‘Bing.vc’ is around.

major-browsersA browser hijacking malware, Bing.vc is being packaged along with free softwares offered by Lavians. Lavians is a small software vendor that offers different types of softwares for free and for sale.

The malware installs itself into Internet Explorer, Firefox and Chrome and redirects users to unexpected sites.

Users are redirected to the bing.vc site which offers them a solution but trick them into paying for the software.

Uninstalling the application does not solve the problem as the file causing the redirection will remain on the system and windows registry entries created by the malware will still be there to keep the file running. To remove bing.vc, an infected user must remove the registry entries and clean up the browser’s shortcut target in the browser properties.

Video-Jacking Attack: Attacker can see everything you see.

Aries Security researchers have described how you could fall victim of a video-jacking attack by docking your phone at unfamiliar charging stations.

A device that is hidden in what appears to be a charging station, worth $220 is used for the attack. A device connected to the charging station exposes virtually everything to the attacker. The attacker can see user passwords when entered, all taps and whatever the user is seeing and doing on their device.

Devices vulnerable to this attack includes several Androids, iPhones and other HDMI ready smartphones manufactured by Asus, Blackberry, HTC, LG, Samsung and ZTE.

Spyware in Vietnamese Institutions

what-is-malware-as-a-serviceCybersecurity firm, Bkav has issued a warning of a spyware lurking in the website operations of several Vietnamese institutions. The spyware, they say is the same one that recently infiltrated Vietnam Airlines as well as two airport information systems. In July, the hackers stole information of over 400,000 Vietnam Airlines members and also took over flight information and loudspeaker systems at two major airports in Vietnam.

The spyware is disguised as an anti-virus, collects passwords and enables remote control of compromised computers.