Posted on

Over 3.2 Million Debit Cards May Have Been Compromised, Says National Payment Corporation of India

A total of 3.2 million debit cards across 19 banks may have been compromised as a result of a suspected malware attack. The breach, possibly largest of its kind in India, was confirmed by the National Payment Corporation of India (NPCI) in a statement today. The problem was brought to NPCI’s attention via complaints from banks informing the agency that their customers’ cards were used fraudulently, mainly in China and USA, while customers were in India, according to the statement.

"How the breach could have occurred," Alex Mathew reporting in Bloomberg: "The breach that has apparently given hackers access to the PIN codes of several bank customers is likely to be on account of a malware attack. This attack is believed to have originated at an ATM. The actual modus operandi of the hackers will only become clear once the forensic audit is released in November… First, the hacker would have had to gain physical access to an ATM. The malware was then likely injected by connecting a laptop or another special device to a port on the cash disbursing machine, said Tiwari, a consultant at Centre For Internet & Society in Bengaluru. Once the malware is injected, it automatically spreads across the network…"

via https://ift.tt/2dSt6go

Posted on

ScreenWings is an anti-screenshot tool

ScreenWings is a free anti-screenshot program for the Windows operating system that blocks screenshots from being taken properly on devices it is run on.

Malware comes in many different forms: from ransomware that encrypts your files, over trojans that add your devices to a botnet, to outright destructive malware that deletes files without any gain whatsoever.

There is malware that tries to steal information, and in this context specifically information that its operators can turn into money. This includes account data, banking information, credit card data, and any other data that is of value on the darknet.

ScreenWings

screenwings

screenwings

ScreenWings is a simple to use portable program for Windows that ships with only two buttons when you launch it. The first, the red x-icon, closes the program. The second, enables its anti-screenshot functionality. The button acts as a toggle for the anti-screenshot functionality that ScreenWings offer.

What this means is that you need to enable it whenever you need it, and may disable it when you don’t.

While you can still use the screenshot functionality of Windows or any third-party tool, you will notice that the program blackens the screen entirely once it recognizes a screenshot taking process.

We tried a variety of programs, the snipping tool, print-key, and SnagIt, and the program managed to detect them all properly and protect the screen from being captured. This worked regardless of the selection mode (including fullscreen and auto-saving options).

There is no guarantee obviously that ScreenWings will block any malicious process from capturing the screen but it seems to work well.

The application supports multi-monitor setups which is another bonus.

Closing Words

ScreenWings is a simple program for Windows to block processes from taking screenshots while enabled. Since it is portable, it is probably best used in that context. You may copy it to a USB Flash Drive and run it on Windows PCs that you don’t have full control over for that extra bit of security.

It is not really suitable for home use as there are better ways to protect your data from being leaked. This means proper security software for one that blocks malware before it has a chance to run and do harm.

Also, and that is probably the main downside of ScreenWings, it is quite the memory eater. The program used 175 Megabyte while running on a Windows 10 machine.

All in all, this may be an option if you have to work on public PCs or PCs that you don’t have full control over.

Author Rating

no rating based on 0 votes

Software Name

ScreenWings

Operating System

Windows

Software Category

Security

Landing Page

via https://ift.tt/2dmvHOG

Posted on

No loss to customers from cyber attack: Axis Bank

New Delhi, Oct 19: Private sector Axis Bank today said there was no loss to its customers from the recent cyber attack. The malware attack was detected in time and was duly informed to the regulator RBI, Axis Bank said in a statement.

via https://ift.tt/2dBoUnL

Posted on

New hacker collective targets SWIFT system

Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.

A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organizations have been affected by these attacks so far.

Tags: 

via https://ift.tt/2dO2aA3

Posted on

Checklist: IoT security and privacy

The Online Trust Alliance (OTA) released the consumer IoT security and privacy checklist, which contains steps consumers can take to help increase the security, privacy and safety of their connected home and wearable technologies.

checklist IoT security

OTA recommends consumers utilize this checklist to regularly reassess their security and privacy settings on their IoT devices. Not unlike changing the batteries on a smoke detector once a year, consumers should tune up and optimize IoT device settings regularly.

While many people cite safety as a top reason for buying smart devices and homes, conclusive research shows that security and privacy concerns are the biggest barriers to IoT adoption. OTA hopes that by having consumers play an active role in their smart device’s security and privacy, it will not only increase the security and privacy of those devices but also boost consumer confidence in them.

“In this increasingly complex world of connected devices, consumers cannot take it for granted that their devices remain safe, secure and private year after year,” said Craig Spiezle, Executive Director Online Trust Alliance. “As people acquire more devices, the long term risks to their family and community rise exponentially.”

From connected home to health and fitness devices, consumers are realizing significant benefits from the Internet of Things, but the devices’ growing complexity and popularity make them difficult to manage. As devices age and become unsupported, many risk becoming insecure while still collecting and potentially sharing vast amounts of personal data.

Checklist: IoT security and privacy

  • Inventory all devices within your home and workplace that are connected to the Internet and network. Router reports can help determine what devices are connected to your network. Disable unknown and unused devices.
  • Contact your ISP to update routers and modems to the latest security standards. Change your router SSID to a name which does not identify you, your family or the device.
  • Check that contact information for all of your devices are up-to-date including an email address regularly used to receive security updates and related notifications.
  • Confirm devices and their mobile applications are set for automatic updating to help maximize protection. Review their sites for the latest firmware patches.
  • Review all passwords creating unique passwords and user names for administrative accounts and avoid using the same password for multiple devices. Delete guest codes no longer used. Where possible implement multi-factor authentication to reduce the risk of your accounts being taken over. Such protection helps verify who is trying to access your account—not just someone with your password.
  • Review the privacy policies and practices of your devices, including data collection and sharing with third parties. Your settings can be inadvertently changed during updates. Reset as appropriate to reflect your preferences.
  • Review devices’ warranty and support policies. If they are no longer supported with patches and updates, disable the device’s connectivity or discontinue usage of the device.
  • Before discarding, returning or selling any device, remove any personal data and reset it to factory settings. Disable the associated online account and delete data.
  • Review privacy settings on your mobile phone(s) including location tracking, cookies, contact sharing, bluetooth, microphone and other settings. Set all your device and applications to prompt you before turning on and sharing and data.
  • Back up your files including personal documents and photographs to storage devices that are not permanently connected to the Internet.

“As millions of cars, apps and household devices connect to the Internet, we need to discuss the privacy implications and resolve key questions about data ownership and management,” said Washington State Chief Privacy Officer, Alex Alben. “For the IoT to thrive in the long term, consumers will have to trust that their data and concerns about personal privacy are addressed, and OTA’s recommendations are a positive step to accomplishing this.”

via https://ift.tt/2dsjYBh

Posted on

Raptor WAF – C Based Web Application Firewall

Raptor WAF is a Web Application Firewall made in C, using DFA to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal.

Raptor WAF - C Based Web Application Firewall

DFA stands for Deterministic Finite Automaton also known as a Deterministic Finite State Machine.

It’s essentially a simple web application firewall made in C, using the KISS principle, making polls using the select() function, it’s not better than epoll() or kqueue() from *BSD but it is portable.

Features

WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend against most commonly SQL Injections and XSS attacks.

  • Block XSS, SQL Injection attacks and path traversal
  • Blacklist IPs to block users using config/blacklist ip.txt
  • Supports IPv6 and IPv4 for communication

Coming in the Future

  • DoS protection
  • Request limits
  • Rule interpreter
  • Malware detection for uploads
  • SSL/TLS Support

Do bear in mind this is an early stage almost PoC tool and not really production tested or ready, I think it’d be a great project to contribute to and most people don’t need a super complex WAF – just something REALLY reliable, stable, performant and blocks 80-90% of the common attacks.

Other options for a WAF:

NAXSI – Open-Source WAF For Nginx
Amazon AWS Web Application Firewall (WAF ) Launched
ModSecurity – Open Source Web Application Firewall

You can download Raptor WAF here:

raptor_waf-0.2.zip

Or read more here.

via https://ift.tt/2cNozQ4

Posted on

Verizon technician admits he sold customer data for years

A former Verizon Wireless network technician in Alabama has admitted to using company computers to steal and sell private customers’ location and call data over a period of five years. As Ars Technica reports, Daniel Traeger of Birmingham faces up to five years in prison or a $250,000 fine for the federal hacking charge. As part of a plea deal, Traeger confessed that he sold the data to an unnamed private investigator.

Tags: 

via https://ift.tt/2dmp92Q