Wine Prices DroppingThe price of wine is expected to drop to its lowest levels in five years thanks, in part, to a surplus of California grapes.
Cab Driver Saves Elderly Woman From Being Scammed Out Of $25K In RosevilleA cab driver in Roseville knew something sounded fishy when his elderly passenger said she needed a ride to the bank to withdraw $25,000.
Active Threat TrainingFairfield police will soon be conducting training for an active threat event at the Solano town center during the next few weeks.
Evacuees To LandOnce the plane arrives at Travis AFB, the base says that Americans on the flight are going to be quarantined for 14 days.
CBS13 PM News Update – 2/16/20Here are the latest headlines from around the region.
Evening Forecast – 2/16/20Here’s your extended 7-day forecast!
NorCal Safeway Workers Threaten Strike Over Wages And HoursApproximately 14,000 union workers at Safeway stores in Northern California are threatening to go on strike.
4 Arrests, 60 Citations, 6 Cars Towed At Stockton SideshowFour people were arrested, 60 citations were issued and six vehicles towed at a sideshow in Stockton on Saturday night, police said.
Suspected DUI Driver Arrested Following Fatal Collision In ModestoA man suspected of driving under the influence of drugs is behind bars after hitting and killing a pedestrian in Modesto on Saturday night, authorities said.
Suspected DUI Driver Arrested After Head-On Crash Leaves 6 With Major Injuries In North HighlandsSix minors are in the hospital with major injuries following a head-on crash with a suspected DUI driver in North Highlands on Saturday evening, authorities said.
New Wave Of Evacuees Arriving At Travis AFBThe United States chartered plane carrying Americans who were quarantined on a cruise ship in Japan is on its way to California and is expected to arrive at Travis Air Force Base close to 11 p.m. on Sunday night, officials said.
Student Data BreachSchool officials in Lodi are investigating after student data was breached at two different schools.
Suspected DUI Driver Arrested After Head-On Crash Leaves 6 With Major Injuries In North HighlandsSix people, including five minors, are in the hospital with major injuries following a head-on crash with a suspected DUI driver in North Highlands on Saturday evening, authorities said.
Man Arrested, 440 Pounds Of Marijuana Seized At Illegal Grow In Calaveras CountyOne man was arrested and 440 pounds of pot were seized at an illegal marijuana grow in Calaveras County on Thursday, authorities said.
Roseville Coach Accused Of Having Long-Term Sexual Relationship With MinorRoseville police arrested a 38-year-old sports coach Thursday who is being accused of engaging in a long-term sexual relationship with a minor on a team he coached.
Homicide Investigation Underway After Man Found, Pronounced Dead In Modesto RoadwayA man was pronounced dead after detectives located him down in the roadway in Modesto on Friday night, authorities said.
Pilot Lands Plane Safely At SMF After Losing Power MidairA plane landed safely at Sacramento International Airport after losing power on Saturday.
Evening AppCastAfter a nice Saturday we’ll see temps cool on Sunday with more cloud cover.
CBS13 PM News Updates – 2/15/20Here are the latest headlines from around the region.
Evening Forecast – 2/15/20Here is your extended 7-day forecast!
Dry Winter May Mean No Super Blooms This SpringCalifornia’s ongoing dry winter could mean no wildflower super blooms for the springtime.
Suspected Killer Behind BarsMichael Green, the new suspect in the 1985 El Dorado Hills murder case Ricky Davis was just exonerated from, has been moved from the Placer County Jail to the El Dorado County Jail.
Coach Arrested In RosevilleRoseville police arrested a 38-year-old sports coach Thursday who is being accused of engaging in a long-term sexual relationship with a minor on a team he coached.
Police Put Brakes On SideshowsA pair of missions against sideshows in Stockton resulted in dozens of cars being towed in just one night, police say.
The Indonesian cybercrime gang Cyber Army has expanded its phishing-as-a-service offering, dubbed 16Shop, enabling users to target PayPal and American Express customers.
operation was first picked up by McAfee in November 2018 and has primarily
targeted Apple owners and Amazon customers for its phishing attacks, but now
ZeroFOS’s Alpha Team has proof 16hop has added PayPal and American Express. This
information was obtained from phishing kit from the gang picked up by Alpha
Team researchers, the
emails are designed to obtain as much PII as possible. The email note itself
generally informs the target their account has been breached or compromised in
some manner and the alleged company needs to confirm their account details,
including login credentials and payment card data.
themselves are designed for non-technical users.
“The goal of
phishing kits is to make this experience seamless, so not-so-technical kit
operators can deploy phishing pages without needing to understand the
underlying protocols behind managing this infrastructure. This kit also merges
dashboard functionality regardless of the scam page an operator buys, so the
operator gets an integrated experience whether they purchase one or multiple
kits,” the company said.
Want to read more?
Please login or register first to view this content.
Austria’s foreign ministry is facing a “serious cyber attack”, it said late Saturday, warning another country could be responsible.
“Due to the gravity and nature of the attack, it cannot be excluded that it is a targeted attack by a state actor,” it said in a statement with the interior ministry shortly before 11.00 pm (2200 GMT), adding that the attack was ongoing.
“In the past, other European countries have been the target of similar attacks,” it continued.
Immediate measures had been taken and a “coordination committee” set up, it said, without elaborating.
The attack came as Austria’s Greens on Saturday gave the go-ahead to a coalition with the country’s conservatives at a party congress in Salzburg, removing the last obstacle to the unprecedented alliance.
A newly discovered ransomware called PureLocker is targeting the production servers of enterprises, while exhibiting some behavior that’s very unusual for most malicious encryptors.
Among its quirky features: it’s written in the PureBasic programming language, which helps it avoid conventional anti-malware detection engines; it’s very picky about who it infects, only executing if the victim machine passes a series of checks; and it appears to be used as a later stage of a larger multi-stage attack.
Researchers from Intezer and IBM X-Force IRIS analyzed the ransomware and detailed their findings in a joint blog post this week. “PureLocker is a rather unorthodox ransomware,” said Interzer security researcher Michael Kajiloti. “Instead of trying to infect as many victims as possible, it was designed to conceal its intentions and functionalities unless executed in the intended manner. This approach has worked well for the attackers who have managed to successfully use it for targeted attacks, while remaining undetected for several months.”
Much of PureLocker’s code is unique, but a certain portion, including its dropper program and its built-in evasion and anti-analysis functionalities, is borrowed from a backdoor malware called more_eggs, which is sold on cybercrime forums by a prominent malware-as-a-service provider. “These findings strongly suggest that the MaaS provider of ‘more_eggs’ has added a new malware kit to its offerings, by modifying the ‘more_eggs’ loader’s payload from a JScript backdoor to a ransomware,” the blog post concluded.
The more_eggs backdoor has been used in the past by financially motivated cybercriminal groups including the Cobalt Gang and FIN6. However, it has not been determined if one of these groups or another threat actor is responsible for distributing PureLocker.
The researchers only looked at samples that target Windows, but there are also PureLocker variants that can infect Linux-based machines as well. One Windows sample was disguised as C++ cryptography library called Crypto++, Kajiloti reported. From Oct. 13-30, the sample went almost completely undetected in VirusTotal scan results — a feat the researchers attributed to the use of PureBasic as a programming language.
“AV vendors have trouble generating reliable detection signatures for PureBasic binaries,” the blog post said. “In addition, PureBasic code is portable between Windows, Linux, and OS-X, making targeting different platforms easier.”
Shortly after installation, the malware goes through a thorough series of checks. It makes sure it’s not being analyzed or debugged, that its being executed by the command-line utility “regsrv32.exe,” that its file extension is .dll or .ocx, that the current year on the machine is 2019, and that it has administrator rights. If it does not pass all these checks, the malware exits and does not perform its attack.
If it does pass the checks, PureLocker encrypts primarily data files with AES and RSA algorithms and adds a .CR1 extension to them. It then secure-deletes the original files to thwart recovery efforts. The ransomware note threatens the victim that the private key will be erased in seven days, and leaves an email address to contact regarding payment.
The United Nations and other non-government organizations have been undergoing spear phishing attacks since at least March of this year with the goal of obtaining staffers’ login credentials.
The attackers are using compromised Office 365 credentials garnered through phishing attacks to enter the NGOs’ systems, enabling them to install phishing websites that mimic each organization’s sign-on page. The campaign was uncovered by the security firm Lookout, which noted that the as-yet-unknown attackers were utilizing a couple of unusual techniques.
First, the sites have a unique keylogging capability that directly takes the login information directly from the input field as it is being typed and sends it to a command and control server. This means even if the person does not complete the login process the username and password is stolen, Lookout said.
Next, the malware used can also detect if a mobile device is accessing the phishing site, and then deliver mobile-centric content. An additional benefit of using a mobile URL is they are normally shortened, which helps hide the fact that they are not genuine, Lookout said.
step taken to make the sites appear legitimate is the use of SSL certificates with
the phishing websites.
vice president of security strategy and threat intelligence at Venafi, said
companies need to check for fake certificates.
“In order to
protect businesses and users, security teams must identify all the legitimate
TLS certificates on their own networks. They also need to identify fraudulent
certificates issued by attackers that are being used to impersonate their
organization,” he said.
Lookout does not know who is responsible for the campaign, it has pinned down
where the malware is hosted.
have been hosting phishing content, session-services[.]com and service-ssl-check[.]com,
which resolved to two IPs over the course of this campaign: 126.96.36.199 and
188.8.131.52. The associated IP network block and ASN (Autonomous System
Number) is understood by Lookout to be of low reputation and is known to have
hosted malware in the past,” Lookout wrote.
that have been targeted include the UN, the UN World Food Programme, UN
Development Programme, Heritage Foundation and the International Federation of
the Red Cross and Red Crescent Societies.
The Department of Homeland Security on Thursday sought to clear up confusion over its assessment that 21 states had their election systems targeted by Russian government hackers, saying just because the hackers in some states didn’t directly scan election systems, it doesn’t mean they weren’t looking to break into them….
Did you know 60 percent of small businesses that have been hacked go out of business within six months of the cyber-attack? With phishing scams on the rise, businesses need to be aware of the various attacks in circulation and how to be prepared if they fall victim to a…
Hacker attacks are nothing new – yet they seem to have evolved in terms of focus and impact, as recent devastating malware attacks like WannaCry and Petya have demonstrated. Everybody is a target nowadays, but the trend does not stop at large companies and tech giants. It seems that cybercriminals…
A HIGH tech centre dedicated to cyber security has been opened at the University of Bradford, and one of its first projects it to look at how to deal with online radicalisation. The Cyber Security Interdisciplinary Centre will see students using top technology to research the ever evolving online world…
Source: National Cyber Security – Produced By Gregory Evans Operation aimed at Russian audience carries hallmarks of interference in Macron campaign Hackers are stepping up efforts to steal and manipulate emails from critics of the Russian government, security researchers say, using techniques that were hallmarks of a cyber attack on Emmanuel Macron’s campaign on the […]
View full post on AmIHackerProof.com | Can You Be Hacked?