Posted on

5,300 Wells Fargo employees fired after 2 million fake accounts discovered

Since at least 2011, Wells Fargo employees have been creating fake accounts using customers’ identities to boost their sales numbers, federal regulators said on Thursday.

The Consumer Financial Protection Bureau (CFPB) fined the bank $100 million after a third-party consulting firm found that 2 million fake deposit and credit card accounts had been made without the consent of the person whose name was on the account. According to CNN Money, the bank fired 5,300 employees for taking part in the scheme, which constitutes about 1 percent of the bank’s payroll.

Tags: 

via https://ift.tt/2c3ekI1

Posted on

Warning! Just an Image Can Hack Your Android Phone — Patch Now

Own an Android smartphone? Beware, as just an innocuous-looking image on social media or messaging app could compromise your smartphone.

Along with the dangerous

Quadrooter vulnerabilities

that affected 900 Million devices and other previously disclosed issues, Google has

patched

a previously-unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking image via social media or chat apps.

In fact, there is no need for a victim to click on the malicious photo because as soon as the image’s data was parsed by the phone, it would quietly allow a remote attacker to take control over the device or simply crash it.

The vulnerability is similar to last year’s

Stagefright bug

(

exploit code

) that allowed hackers to hijack Android devices with just a simple text message without the owners being aware of it.

The Stagefright flaw affected more than

950 Million Android devices

and resided in the core Android component Stagefright — a multimedia playback library used by Android to process, record and play multimedia files.

However, the recent vulnerability (

CVE-2016-3862

) resided in the way images used by certain Android applications parsed the Exif data in an image, SentinelOne’s

Tim Strazzere

, the researcher who uncovered the vulnerability, told

Forbes

.

Any app using Android’s Java object ExifInterface code is likely vulnerable to the issue.

An Image Received…? Your Game is Over

Making a victim open the image file within an affected app like Gchat or Gmail, a hacker could either cause a victim’s phone to crash or remotely execute malicious code to inject malware on the phone and take control of it without victim’s knowledge.

“Since the bug is triggered without much user interaction – an application only needs to load an image a specific way – triggering the bug is as simple as receiving a message or email from someone,” Strazzere said. “Once that application attempts to parse the image (which was done automatically), the crash is triggered.”

According to Strazzere, attackers could develop a simple exploit inside an image to target a large number of vulnerable Android devices.

Strazzere crafted exploits for the affected devices and found that it worked on Gchat, Gmail and most other messenger and social media apps, though he did not disclose the names of the other non-Google apps affected by the flaw.

When will I expect a Fix?

All versions of Google’s operating system from Android 4.4.4 to 6.0.1 are vulnerable to the image-based hack, except today’s update that fixed the vulnerability.

The researcher even successfully tested his exploits on a handful of phones running Android 4.2 and Amazon devices and found that the devices remain unpatched, leaving a large number of users of older Android devices exposed.

So, if you are not running an updated version of operating system and/or device, you probably are vulnerable to the image-based attack.

Google has

delivered a patch

to fix the issue, but given the shaky history of handset manufacturers and carriers rolling out security patches, it is not known how long the companies will take to update vulnerable Android devices.

Google rewarded Strazzere with $8,000 as part of the company’s Android bug bounty program.

via https://ift.tt/2bSsdCK

Posted on

DBPwAudit – Database Password Auditing Tool

DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory.

DBPwAudit - Database Password Auditing Tool

Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

Compatibility

The tool has been tested and known to work with:

– Microsoft SQL Server 2000/2005
– Oracle 8/9/10/11
– IBM DB2 Universal Database
– MySQL

Requirements

The tool is pre-configured for these drivers but does not ship with them, due to licensing issues. The links below can be used to find some of the drivers. They should all be copied to the jdbc directory.

Links to JDBC Drivers:

MySQL
Microsoft SQL Server 2005
Microsoft SQL Server 2000
Oracle

Usage

root@darknet:~# dbpwaudit

DBPwAudit v0.8 by Patrik Karlsson <patrik@cqure.net>

DBPwAudit s <server> d <db> D <driver> U <users> P <passwords> [options]

 

    s Server name or address.

    p Port of database server/instance.

    d Database/Instance name to audit.

    D The alias of the driver to use (L for aliases)

    U File containing usernames to guess.

    P File containing passwords to guess.

    L List driver aliases.

Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver (-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst):

root@darknet:~# dbpwaudit -s 192.168.1.130 -d testdb -D MySQL -U root -P /usr/share/wordlists/nmap.lst

You can download DBPwAudit here:

dbpwaudit_0_8.zip

Or read more here.

via https://ift.tt/2bZ0GS8

Posted on

Get This Top-Rated Backup and Recovery Program Free Through November

Download the full version of Paragon Backup and Recovery 16 for free (usually $39.95)!

Paragon has just released version 16 of their Backup and Recovery program, and are giving away free licenses for the full version of the program through November 1st, 2016.

To get the program, you’ll need to create a free Paragon account, then download and install the program. During installation you’ll be asked to register for an account. Just provide a valid email address and choose a country (presumably so you get the right language version) and you’re done.You’ll recive an activation code at the email address you provided. During my installation, the program activated automatically after registering, and I also received the activation code email with registration details, a bit different than described on the website.

Paragon is one of the top rated drive cloning programs here at Gizmo’s Freeware. Supported Operating Systems: Windows 7 SP1, Windows 8/8.1, and Windows 10.  Read More

via https://ift.tt/2cgtoyv

Posted on

Kali Linux 2016.2 — Download Latest Release Of Best Operating System For Hackers

As promised at the Black Hat and Def Con security and hacking conferences, Offensive Security – the creators of Swiss army knife for researchers, penetration testers, and hackers – has finally released the much awaited Kali Linux 2016.2.

Kali Linux is an open-source Debian-based Linux distribution designed to help ethical hackers and security professionals with a wide range of tools for penetration testing, forensics, hacking and reverse engineering together into a single package.

Earlier the Kali Linux distribution was known as

BackTrack

.

Kali Linux 2016.2 is an updated Live ISO image of the popular GNU/Linux distribution that includes the latest software versions and enhancements for those who want to deploy the operating system on new systems.

What’s new?

Besides bringing the updated Live ISOs of Kali Linux, the Kali Linux team brings multiple variants of the GNU/Linux distribution with various Desktop Environments, specifically KDE, Xfce, MATE, LXDE, and Enlightenment – all available only for 64-bit platforms.

What’s even more exciting is that, from Kali Linux 2016.2 onwards, the team promises to release updated Live ISO images of Kali with new software versions and the latest security patches every week.

Since Kali Linux has been the most advanced and widely used distro for penetration testing and forensics, this weekly update has come up as exciting news for those involved in various hacking and security-related projects.

It’s been several months since the last update to the official Kali Linux Live ISOs, and there are a few hundred new or updated packages pushed to the Kali repositories.

This means that the packages incorporated in the previous Kali Linux ISOs need bug fixes and OS improvements, which are implemented in the most recent versions of the Linux distro.

"Since our last release several months ago, there’s a few hundred new or updated packages which have been pushed to the Kali reports," the Kali Linux team’s announcement reads. "This means that anyone downloading an ISO even 3 months old has somewhat of a long ‘apt-get dist-upgrade’ ahead of them."

You can download the latest

Kali Linux 2016.2 ISOs

from its official website now. The Kali Linux team has also promised to bring a lot of exciting announcements in the next few weeks, so keep an eye on its announcements for the latest updates.

via https://ift.tt/2c7w7vV

Posted on

SWIFT Discloses More Cyber Thefts, Pressures Banks On Security

Jim Finkle, reporting for Reuters:SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank. In a private letter to clients, SWIFT said that new cyber-theft attempts — some of them successful — have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank. "Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated – and it is here to stay." The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers. The Brussels-based firm, a member-owned cooperative, indicated in Tuesday’s letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded.



Share on Google+

Read more of this story at Slashdot.

via https://ift.tt/2bSDEhI

Posted on

Mobile device infections rose 96 percent in the first half of 2016

After examining general trends and statistics for malware infections in devices connected through mobile and fixed networks, Nokia found a sharp rise in the occurrence of smartphone malware infections in the first half of the year.

mobile device infections

Mobile malware samples since July 2012

Smartphone infections nearly doubled between January and July compared to the latter half of 2015, with smartphones accounting for 78 percent of all mobile network infections. The malware infection rate hit an all-time high in April, with infections striking 1.06 percent of all mobile devices tracked.

Devices running Android were the most targeted mobile platform by far, representing 74 percent of all mobile malware infections.

“Today attackers are targeting a broader range of applications and platforms, including popular mobile games and new IoT devices, and developing more sophisticated and destructive forms of malware. Nokia’s network-based security solution is the best approach to address this growing threat to all types of devices. It detects and prevents malware activity that device-based solutions may miss,” said Kevin McNamee, head of the Nokia Threat Intelligence Lab.

mobile device infections

Most prolific malware

Key findings

96-percent surge in smartphone infections: The average smartphone infection rate increased 96 percent in the first half of 2016, compared to the second half of 2015 (0.49 percent vs 0.25 percent).

New all-time high: In April 2016, mobile infections hit an all-time high, with 1.06 percent of devices infected by a range of malware, including ransomware, spyphone applications, SMS Trojans, personal information theft and aggressive adware.

One out of 120 smartphones infected: In April, one out of every 120 smartphones had some type of malware infection.

Android OS hit hardest: Android smartphones were the most targeted mobile platform, accounting for 74 percent of all malware infections compared to Window/PC systems (22 percent), and other platforms, including iOS devices (4 percent).

75 percent jump in malware samples: The number of infected Android apps in Nokia’s malware database soared 75 percent, from 5.1 million in December 2015 to 8.9 million in July 2016.

Mobile game infections detected within hours: Downloaded mobile applications are a key conduit for malware attacks. The Nokia Threat Intelligence Lab detected infected copies of an extremely popular mobile game within hours after they were posted on untrusted third-party download sites.

More sophisticated malware: Malware is becoming increasingly more sophisticated, as new variations attempt to root the phone in order to provide complete control and establish a permanent presence on the device.

Top three mobile threats: The top three mobile malware threats were Uapush.A, Kasandra.B and SMSTracker, together accounting for 47 percent of all infections.

Fixed residential network infections rise: The overall monthly infection rate in residential fixed broadband networks reached an average of 12 percent in the first half of 2016, compared to 11 percent in late 2015, primarily due to an increase in moderate threat level adware. These infections are mostly due to malware on Windows PCs and laptops in the home, but also include infections on smartphones using home WiFi.

via https://ift.tt/2bJYVqu