Posted on

Over 3.2 Million Debit Cards May Have Been Compromised, Says National Payment Corporation of India

A total of 3.2 million debit cards across 19 banks may have been compromised as a result of a suspected malware attack. The breach, possibly largest of its kind in India, was confirmed by the National Payment Corporation of India (NPCI) in a statement today. The problem was brought to NPCI’s attention via complaints from banks informing the agency that their customers’ cards were used fraudulently, mainly in China and USA, while customers were in India, according to the statement.

"How the breach could have occurred," Alex Mathew reporting in Bloomberg: "The breach that has apparently given hackers access to the PIN codes of several bank customers is likely to be on account of a malware attack. This attack is believed to have originated at an ATM. The actual modus operandi of the hackers will only become clear once the forensic audit is released in November… First, the hacker would have had to gain physical access to an ATM. The malware was then likely injected by connecting a laptop or another special device to a port on the cash disbursing machine, said Tiwari, a consultant at Centre For Internet & Society in Bengaluru. Once the malware is injected, it automatically spreads across the network…"

via https://ift.tt/2dSt6go

Posted on

ScreenWings is an anti-screenshot tool

ScreenWings is a free anti-screenshot program for the Windows operating system that blocks screenshots from being taken properly on devices it is run on.

Malware comes in many different forms: from ransomware that encrypts your files, over trojans that add your devices to a botnet, to outright destructive malware that deletes files without any gain whatsoever.

There is malware that tries to steal information, and in this context specifically information that its operators can turn into money. This includes account data, banking information, credit card data, and any other data that is of value on the darknet.

ScreenWings

screenwings

screenwings

ScreenWings is a simple to use portable program for Windows that ships with only two buttons when you launch it. The first, the red x-icon, closes the program. The second, enables its anti-screenshot functionality. The button acts as a toggle for the anti-screenshot functionality that ScreenWings offer.

What this means is that you need to enable it whenever you need it, and may disable it when you don’t.

While you can still use the screenshot functionality of Windows or any third-party tool, you will notice that the program blackens the screen entirely once it recognizes a screenshot taking process.

We tried a variety of programs, the snipping tool, print-key, and SnagIt, and the program managed to detect them all properly and protect the screen from being captured. This worked regardless of the selection mode (including fullscreen and auto-saving options).

There is no guarantee obviously that ScreenWings will block any malicious process from capturing the screen but it seems to work well.

The application supports multi-monitor setups which is another bonus.

Closing Words

ScreenWings is a simple program for Windows to block processes from taking screenshots while enabled. Since it is portable, it is probably best used in that context. You may copy it to a USB Flash Drive and run it on Windows PCs that you don’t have full control over for that extra bit of security.

It is not really suitable for home use as there are better ways to protect your data from being leaked. This means proper security software for one that blocks malware before it has a chance to run and do harm.

Also, and that is probably the main downside of ScreenWings, it is quite the memory eater. The program used 175 Megabyte while running on a Windows 10 machine.

All in all, this may be an option if you have to work on public PCs or PCs that you don’t have full control over.

Author Rating

no rating based on 0 votes

Software Name

ScreenWings

Operating System

Windows

Software Category

Security

Landing Page

via https://ift.tt/2dmvHOG

Posted on

No loss to customers from cyber attack: Axis Bank

New Delhi, Oct 19: Private sector Axis Bank today said there was no loss to its customers from the recent cyber attack. The malware attack was detected in time and was duly informed to the regulator RBI, Axis Bank said in a statement.

via https://ift.tt/2dBoUnL

Posted on

New hacker collective targets SWIFT system

Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.

A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organizations have been affected by these attacks so far.

Tags: 

via https://ift.tt/2dO2aA3

Posted on

Google Sprayscapes lets you build surreal 360-degree landscapes

Google has long held a reputation for being an experimental company, so it was notable that it felt the need to build Android Experiments, the platform it launched last year to show developers how weird you can get when building smartphone apps. The crazy interactive "paper planes" demo Google showed off at its I/O developer conference earlier this year is a perfect example of what the company is encouraging developers to do with Android Experiments.

All developers are encouraged to build Android Experiments, but today Google is launching one of its own called Sprayscape. It’s a weird name, but fairly accurate once you start using the app: It turns whatever your camera sees into a virtual spray paint gun that lets you splash the landscape around a 360-degree virtual canvas. The phone’s gyroscope is used to orient your position inside that sphere.

I won’t fault you if that description just made things more confusing. Here’s an example of an image I created using the app. That should clear everything up.

Still confused? I don’t blame you. It took me a long while to figure out how to best use the app, partially because there’s nothing in the way of directions when you launch Sprayscape for the first time. All you see is a black screen with some white grid lines outlining a 360-degree space. It sort of feels like you’re in an empty Photo Sphere (remember those?).

After many failed experiments, I realized that if you tap and hold on the screen, it’ll "spray" whatever the camera sees onto the 360-degree canvas; if you keep your finger on the screen and move the camera around, you’ll start filling in that space with the colors of the world around you.

It’s not altogether different from creating a Photo Sphere, but Sprayscape encourages weirdness and creativity and is absolutely not well-suited to capturing an accurate representation of the world around you. Once I realized that, I started getting weird. I took my phone on a walk and started randomly spraying in whatever was around me as I walked, with no concern for stitching together a coherent scene.

Another time, I tried to "write" on the virtual wall, with little success; there’s only enough room to get in about three letters, and a lack of precision makes it a pretty tricky prospect. That’s fine, though: There isn’t a "right" way to use the app, and it’s clearly meant for experimentation. Ultimately, the creations I liked the best were when I stood in one spot, spinning around to capture as much of the scene as I could. The results evoked where I was standing, but in a blurry, surreal dream-like way. Stitching together results from various locations looked much weirder and disjointed.

Unfortunately, the app is also pretty buggy right now in some crucial ways — namely saving your creations. Once you’re done making your scene, you can tap a save button that’ll upload an image file to your Google Drive account. You can also upload the link to a Sprayscape sharing site that’ll let others view it in their browser, on web or mobile. Viewing in a browser works pretty well, actually; you can pan around the scene by moving your phone, or click and drag around if you’re on a desktop.

But a few times times my creations simply didn’t save to Drive. I’m not sure where they went, but they were gone, never to return. I didn’t exactly mourn the loss of any of my abstract, messy creations, but the overall process for saving and sharing your creations could be a bit smoother. The app also straight-up crashed on me several times, but I’m not going to fault Google too much for that. I’ve been testing a beta version, and I’ll be looking to see if the app that’s now out in Google Play is more stable. The good news is that using the "share" feature to email links around to my weirdo creations seemed to work just about every time — the files just didn’t always end up in Google Drive.

Given Google’s interest in letting people generate their own "VR-ish" content, Sprayscape is a fun tool to achieve those ends. The results can be viewed in Google Cardboard, of course, but Sprayscape creations can still be fun to view in a normal browser. I may not have come up with any great pieces of 360-degree art in the few days I had to play around with the app, but I have little doubt that more skilled souls will use this to make some pretty fascinating landscapes. The app is out now for Android, and Google says that an iOS version will launch soon.

via https://ift.tt/2dWE3Pm

Posted on

Second Hacker Group Targets SWIFT Users, Symantec Warns

A second hacking group has sought to rob banks using fraudulent SWIFT messages, cyber security firm Symantec said on Tuesday. The group is said to be using the same approach that resulted in $81 million in the high-profile February attack on Bangladesh’s central bank. From a Reuters report: Symantec said that a group dubbed Odinaff has infected 10 to 20 Symantec customers with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system. Symantec’s research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise. SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.



Share on Google+

Read more of this story at Slashdot.

via https://ift.tt/2dNAvji

Posted on

This Infographic Shows the Common Ways Scammers Try to Phish Your Account

Chances are if your email or social media account has ever been compromised, you accidentally gave your credentials to the scammers yourself. The most common way to infiltrate an account is called phishing, in which people trick you into handing over your login info to false websites that look legitimate.

Phishing attacks aren’t new, of course, and there’s likely a deluge of such emails in your spam folder, but it’s still the leading cause of compromised accounts. This graphic from Digital Guardian highlights how you can spot phishing attempts in your inbox and how to avoid them. Whether it’s weird attachments that prey on your curiosity or spoofed links that take you to a false login page that imitates a familiar brand, there are a variety of techniques that scammers use to engineer their way into your account (often just to proliferate more spam). And it’s not just email; beware of shady text messages from unknown numbers or people posing as IRS agents requesting your private info.

Have a look at the graphic below for a thorough look at common phishing methods.

Don’t Get Hooked: How to Recognize and Avoid Phishing Attacks (Infographic) | Digital Guardian

via https://ift.tt/2dL5oHK

Posted on

The Difference Between Two-Factor and Two-Step Authentication

You know you should use two-factor authentication everywhere you can, but there’s also “two-step” authentication, which may come off like the same thing. They’re really not. Here’s the difference, and what you should know about both.

Old security heads will know the difference here just because of the names, but since they’re often used interchangeably by companies looking to obfuscate the difference, it’s worth highlight the separation between them. This thread at StackExchange sums up the difference well for anyone unfamiliar, or who doesn’t get the nuance. This answer from tylerl teases out the nitty details:

Two-factor authentication refers specifically and exclusively to authentication mechanisms where the two authentication elements fall under different categories with respect to “something you have”, “something you are”, and “something you know”.

A multi-step authentication scheme which requires two physical keys, or two passwords, or two forms of biometric identification is not two-factor, but the two steps may be valuable nonetheless.

A good example of this is the two-step authentication required by Gmail. After providing the password you’ve memorized, you’re required to also provide the one-time password displayed on your phone. While the phone may appear to be “something you have”, from a security perspective it’s still “something you know”. This is because the key to the authentication isn’t the device itself, but rather information stored on the device which could in theory be copied by an attacker. So, by copying both your memorized password and the OTP configuration, an attacker could successfully impersonate you without actually stealing anything physical.

The point to multi-factor authentication, and the reason for the strict distinction, is that the attacker must successfully pull off two different types of theft to impersonate you: he must acquire both your knowledge and your physical device, for example. In the case of multi-step (but not multi-factor), the attacker needs only to only pull off one type of theft, just multiple times. So for example he needs to steal two pieces of information, but no physical objects.

The type of multi-step authentication provided by Google or Facebook or Twitter is still strong enough to thwart most attackers, but from a purist point of view, it technically isn’t multi-factor authentication.

So what does this all mean for you? Well, nothing really—if a service offers two-step or two-factor, you should absolutely enable it, and it’s not like a service will give you a choice between the two. There are differences between types of two-factor, and you should absolutely choose the best one for you, but the bottom line is that being aware of the differences will help you understand exactly how secure your most important accounts really are.

Two-Step vs. Two-Factor Authentication – Is there a difference? | StackExchange

Photo by Brianetta.

via https://ift.tt/2dPpC34