About 50 million computers worldwide are infected with malware

About 50 million computers running Windows, around the world are infected with malware. This is stated in the latest study materials of the Russian antivirus company "Kaspersky Lab".

In total, according to various estimates, the world has 1.5-2 billion personal computers. Two thirds of them are used at home or in small companies. It is these computers, according to experts, are the most susceptible to infection.

The study found that about 5% of the computers that are running antivirus software, you still have been infected, and among the "unprotected" devices, the share is 13%.

Backdoor Tidserv uses a Google developed platform

Symantec Corporation gives details about the complex threat activity Tidserv, which uses rootkit functionality, so that it is extremely difficult to detect. For the operation of malware essential medium Chromium Embedded Framework, so it is further pumped to the infected computer about 50 MB.

Tidserv (or TDL) - this is a complex threat that disguises itself in the system using rootkit technologies. Being discovered in 2008, it remains active to this day. Distributed across the web version Tidserv worked in its software platform Chromium Embedded Framework (CEF). Although this is not the first time that crackers use legitimate software for their own purposes, in this case for the correct operation of the virus is required to retrieve all components of the environment with total size of 50 MB, which is quite unusual for malware.

Hackers attacked the website American Express

The New York Times reports today that a group of hackers on the eve for more than two hours to block access to the site of the payment system American Express, leaving many people in the U.S. and Canada could not arrange for payments using their cards.

The publication notes that the attack on the Amex, most likely a continuation of the campaign of Middle East hackers attacking American financial institutions. A few days earlier had been attacked servers bank JPMorgan Chase, which also reported that as a result of DDoS-attacks down withdrew its IT capacity. Recall that the first attack on U.S. financial institutions began last fall, and since then, the hacker group has conducted several campaigns to attack.

The new malicious code works through the Evernote service

Network's criminals are resorting to ever more sophisticated ways to create botnets and management.

For criminals problem is that the botnet tied to one or more command server, turning off the server command millions of client computers included in the network will not be available to attackers, in addition, often the security system of computers detect and block suspicious communications strange communication . In other words, the task before the crooks to create unusual communications between them and the army of bots-computers.

In the anti-virus company Trend Micro said that detects such an unusual way of communication. As "command server" criminals used popular notes service Evernote, which turned infected PCs.

What is VPN and why we need it

In this article, we will learn what is a VPN and why it is needed.

Three letters deciphered as VPN Virtual Private Network. The essence of this technology is that you connect to the VPN server over a public network is a connected organized an encrypted channel, which provides high protection of transmitted over this channel of information from special algorithms.

In other words VPN - is the combined local networks or individual machines that are connected to a public network in a single virtual (overlay) network to ensure the privacy and integrity of information on it.

VPN technology is often used not only to create a private network, but many providers to provide access to the Internet. With proper implementation and use of special software VPN network can provide a high level of encryption of the information. With all the technology is well tuned, VPN provides anonymity on the web.

Kaspersky Lab has found out targeted attacks on Android

Experts by "Kaspersky Lab" has found targeted attacks on users of mobile devices running the operating system Android.

It aimed to Tibetan and Uighur Chinese and Mongolian activists from phones that cybercriminals steal contact lists, messages and calls history, location-based data and information on the phones themselves.

Attack was carried out at the end of March 2013 and organizationally was very similar to the previous ones, aimed at the Uyghur and Tibetan activists. The main difference was that this time the attackers did not use the vulnerability to DOC, XLS and PDF-documents for hacking computers running Windows and Mac OS, and are focusing on mobile devices.

In the iPhone found more vulnerabilities than in Android

During the existence of smartphones Apple iPhone - from 2007 - they found more vulnerabilities than in smartphones Android, BlackBerry and Windows.

This conclusion is contained in the report, compiled by analysts of Sourcefire.

In 2012, the mobile operating system iOS, supervising the execution of iPhone, was found 56 vulnerabilities. For comparison, the Android platform was found six vulnerabilities in BlackBerry - three vulnerabilities in Windows Phone - one vulnerability. We are talking about the vulnerabilities for which information contained in the database Common Vulnerabilities and Exposures (CVE).

Analysts pointed out that Apple did not pay particular attention to safety in the launch of the first iPhone, but since then has been considerable work in this direction.

The biggest hacker attack slowed down the Internet

The largest in the history of the world hacking reduced data rate on the internet, according to BBC News. Investigating the incident handled by experts from five different countries.

The target of attack became Spamhaus company countering spam with offices in London and Geneva. To combat spam Spamhaus maintains a database, which entered the servers that are used to send spam messages. The company also supports a number of services that block suspicious mailing servers.

March 27, it became known that the servers Spamhaus were "the biggest DDoS-attack." CEO Steve Linford described it as unprecedented in scale to date.

U.S. bank Wells Fargo suffered DDoS-attack

Major U.S. bank Wells Fargo today announced that its online banking system faced an unusually high volume of traffic resulting from DDoS-attack.

"Much of the customers was not affected, as customer data remains secure," - said Bridget Braxton, a spokeswoman for Wells Fagro.

According to her, customers who can not use online banking at the moment, can try to access the system online resources later, maybe in a few hours.

Recall that in September last year, a group of Middle Eastern hacker Izz al-Din al-Qassam Cyber ​​Fightrers conducts periodic DDoS-attacks against U.S. banks. Tuesday at the site Pastebin.com hacker group published an article that it is for the bank Wells Fargo was chosen as the target for the attack this time.

In December, Wells Fargo has been attacked for four days.

mSpy Mobile Monitoring Software Review

mSpy Mobile Monitoring Software

mSpy is an innovative new background smartphone application that allows you to intelligently monitor the activity of any selected phone.

By secretly recording messages, calls, and GPS movements, the software provides users with an easy and reliable way to keep their children safe or scrutinize their employees.

The following are just a few of the app's advanced special features:

Kaspersky Lab has announced a free version of Kaspersky Mobile Security

The company Kaspersky Lab has announced a free version of Kaspersky Mobile Security for Symbian based mobile OS Android.

Users are offered a standard set of tools to protect against viruses and malware, as well as some useful new features, such as check suspicious links in text messages and the ability to remotely activate the alarm on the missing or lost device.

Modern anti-virus engine and cloud protection technology underlying the Kaspersky Mobile Security, help spot the even lesser known types of threats. Free version lets you check the user's request, and in the commercial version also allows you to protect your smartphone in real time.

Panda Security has announced a new version of Panda Cloud Partner Center

Console Panda Cloud Partner Center now offers a single point of access from which you can manage all cloud solutions Panda. With this tool, partners can provide security services and system of remote monitoring and control, optimizing resources and increasing profits.

Ease of use of this new console is achieved by integrating cloud-based security solutions with Panda Cloud Office Protection, Panda Cloud Office Protection Advanced and Panda Cloud Email Protection, as well as new management and monitoring of Panda Cloud Systems Management. In this way, partners can easily manage the entire lifecycle of its customers without access to Panda Security, which can increase their profits.

"The new Panda Cloud Partner Center allows partners to focus on their core business and avoid the complexity of working with different producers cloud solutions - says Manu Santamaria, product manager at the headquarters of Panda Security. - As developers, we must help our partners to create a more flexible business model, but because the service they offer to their customers, is not only more efficient, but also allows you to get higher profits. "

South Korean experts: North Korea prepares a cyber army

This is the conclusion reached by researchers conducting the analysis of attacks on computer systems in South Korea.

According to the newspaper Associated Press, South Korean experts in information security have accused North Korea in preparation cyber army. During the investigation, a number of attacks on computer systems of the country, the researchers came to the conclusion that the failure of 32 thousand computers and servers of the three major telecommunications networks and the three largest banks in South Korea, was established by a special unit that intends to transfer the national opposition in cyberspace .

It should be noted that South Korean experts conducting the analysis of attacks, can not yet up to prove the involvement of the North Korean hackers to attack. In addition, the study found that some of the attacks were carried out with the United States and several European countries, and some viruses were launched from computers in Seoul.

New malicious code attacks trade POS-terminals

The anti-virus company McAfee warned about detection of a new sample of the malicious software focused on infection of retail POS terminals for the purpose of theft of buyers given about cash cards.

 A new Trojan called vSkimmer and a Trojan-like malicious code designed to infect Windows operating system and capture payment data while shopping through POS-terminal. It is reported that vSkimmer can also work with the connected POS-terminals readers of bank cards, reading them with additional data.

In McAfee said that the first vSkimmer was detected on 13 February and is now on a number of hacker forums sellers of the code say vSkimmer exceeds the functionality previously found malware Dexter, discovered in December last year.

Attack on South Korea were not committed from the Chinese IP address

IP-address registered in China, in fact belongs to the South Korean bank.

According to Reuters, cyber attacks committed on March 20 on the banks and telecommunications companies in South Korea, were not committed to the Chinese IP-address. Earlier in the investigation revealed that all the attacks occurred with a Chinese IP-address. However, Seoul accused of committing attacks North Korea.

Officials in South Korea reported that North Korean hackers in the past have used servers located in China. However, South Korean experts agency Korea Communications Commission said that the detected IP-address is a virtual IP-address for the internal bank NongHyup Bank, subjected to attack. Coincidentally, this IP-address matches the address registered in China.

South Korean virus wiped MBR on your hard drives at 14-00

The Internet began to emerge the first information about the software tools that have been used for attacks March 20, 2013 on the banking system and the media in South Korea.

March 20 at 14:00 on computers running Windows has been erased boot record MBR and VBR, and on servers running Unix / Linux files deleted via the standard remote management, after receiving authorization data from infected Windows-machines.

The list of goals:

- Nonghyup Bank;
- Shinhan Bank;
- Jeju Bank;
- Nonghyup Life;
- KBS TV;
- MBC TV;
- YTN TV.

Monitoring the using of the Internet

It is difficult to call a little large organization, whose office isn't connected to the Internet. Even a small company involved in the production of stools or to hang on (away from the high-tech, it would seem), now in its activities using the Internet.

About the companies involved in the collection of information or, worse, software development, and say nothing - a wide channel on the Internet has become a thing, the most for granted.

However, the presence of the channel connected to the world, in addition to pros and cons is in the form of misuse of staff time. Previously, employees were chatting on business phones are now using Office Internet for text messaging, postcards and visit various social networks. According to studies, over 40% of the activity of users on the Internet is not even remotely related to work process.

Dr. Web has found a new Trojan for Mac

If on your Mac began appearing advertising images on sites where they usually do not appear, there is a risk that the computer was infected Trojan.Yontoo.1. The program has been identified by the Russian company Dr. Web. The experts did not provide data on the number of infected computers.

While Dr. Web is the only company, which reported on the existence of the virus, so that the threat is likely not too common. However, its identification eloquently shows that contemporary Mac users are increasingly becoming the target of hackers.

Trojan.Yontoo.1 works simply. Users are invited to the program installer as a plugin for the browser. This usually happens when a person comes to specific Web sites that should show trailers for films. The installer may appear directly in the media player or in an accelerator downloads. The program asks the user if he wants to carry out installation Free Twit Tube. After that, the Trojan is downloaded from the network and is installed as a plugin on all browsers, including Safari, Firefox and Chrome.

OPSWAT Metascan Client - a free virus scanner

The company OPSWAT presented to the public a new version of an application called Metascan Client. This portable virus scanner can be used to scan your computer for threats on demand.

This tool is not a full remedy and cant boast a wide range of opportunities. Including utility Metascan Client is not able to ensure the security of your PC in real time, does not allow you to scan automatically on a predetermined schedule or even eliminate the threats detected. However, the application can be used as a supplement to antivirus installed, it will also help to dispel (or confirm) your concerns, if you are faced with indirect signs of infection.

Metascan Scan interface will not cause too many questions even for users with minimal training. All you have to do is run the application and click on the «Scan». After following these simple steps the program will check all the active processes and modules, determine the hash value of each of them and give the collected data to the server Metascan, where they will be carefully processed using several powerful antivirus engines. Developers from OPSWAT report that to identify malicious software includes technology from leading manufacturers, including ESET, AVG, Microsoft, Bitdefender, Symantec, F-Secure, GFI, Kaspersky and McAfee.

Apple has released an update that covers the vulnerability in the operating systems

Apple has released a security update - 2013-001. It is intended to close 21 vulnerabilities and solve the problem of the intermediate copy of the certificate issued by mistake TURKTRUST. Pack 2013-001 closes vulnerabilities in operating systems: Mac OS X 10.6.8, OS X Lion 10.7-10.7.5, OS X Mountain Lion 10.8-10.8.2, Mac OS X Server 10.6.8 and OS X Lion Server 10.7 -10.7.5.

Among the closed holes: two vulnerabilities Wiki Server, allowing remote code execution. A vulnerability in the Profile Manager, one in the Podcast Producer server and one in PDFKit.

Were closed vulnerabilities that allow attackers, under certain conditions, arbitrary code execution by exploiting a vulnerability in the ImageIO, with a malicious TIFF file or a memory corruption problem in IOAcceleratorFamily.

Cisco announces about poorly hashed passwords in its IOS-devices

The actual implementation of technology Password hashing not meet the standards set out in the description of the company's products.

One type (Type 4) passwords in certain devices, Cisco IOS and Cisco IOS XE hashed not the right way and do not meet the standards outlined in the product description. Thus, they are vulnerable to a number of common attacks, said the developers.

Implementation feature passwords Type 4, as follows from the description of Cisco, involves the use of technologies Password-Based Key Derivation Function 2 (PBKDF2), according to which the user's password hash is done using encryption standards SHA-256, 80-bit "salt" and the iteration hash algorithm, a thousand times. However, the actual implementation is a hash function without "salt" with the SHA-256, and a single iteration.

Large-scale cyber attack on South Korea

The authorities of South Korea declared today about the investigation beginning a large-scale cyber attack that paralyzed major computer networks of local broadcasters and banks.

Korean broadcaster KBS, MBS and YTN said today that their networks were almost simultaneously attacked and destroyed.

Two Korean banks - Shinhan Bank and Nonghyup - also said the attacks on their networks. About hacking their network reported big internet provider LG UPLUS.

The exact causes of the output of large networks of action are unclear. However, South Korean media dismiss that out of resources down there a few days after North Korea said on cyber attacks on their computers from the United States and South Korea.

420 thousand devices have become part of a botnet Carna

The hacker has created a botnet to demonstrate card devices that use the IPv4

Unknown hacker has created a botnet to demonstrate map computers around the world that use the protocol IPv4. He found that the network has a lot of unprotected IPv4-devices. In order to get control of them was enough to enter the default credentials «root: root» or «admin: admin».

"I really had the chance to work across the Internet, to manage hundreds of thousands of devices with a single mouse click, scan and create a map of the Internet. Before me, this has never been done, "- said the hacker.

In order to implement his plan hackers create two executable files to 46KB and 60KB (depending on the processor architecture) for the C programming language, and download it to the device without the user's knowledge. An attacker could gain control of 420 thousand units, which created a botnet Carna.

Bitdefender Sphere 2013 optimal protection for your PC, Mac, and Android

 For customers in search of optimal protection for your PC, Mac, or other Android devices, one of the many products you can purchase is Bitdefender Sphere 2013.

 There are many features customers will love, and the level of protection that the product offers, is much greater in comparison to many other products out there.

•  The Good

 Like any protection software, there are pros and cons to choosing Bitdefender Sphere 2013. Some of the pros that customers will like with this product include:

 - It covers any machine (Mac, PC, Android, etc), and it covers all of your devices (it used to be limited to 3 PC, Mac, and Androids, now it is unlimited);
 - You receive full security suite for your PC;
 - Antivirus and anti theft are provided;
 - App audit is available for Android users;
 - At $99.95, it is lower in price than competitor products available for security.

Kerio Technologies has updated its products

Today, Kerio Technologies has announced a major upgrade of two of its products for small networks. In the unified security management system (UTM) Kerio Control 8 adds support for IPSec VPN.

IP PBX phone system Kerio Operator 2.1 now includes the company's application, which allows users to connect to your office line from your device. These new features are designed to provide greater flexibility for IT-managers and workers using popular smartphones on iOS and Android.

"The principle of BYOD (employees use their own devices) have changed the way of our work, so the corporate IT-network must also change," - said James were buzzing, Director of Business Development of Kerio Technologies. "With the addition of support for open standard IPSec, devices running iOS and Android, including the iPad, can connect securely to the corporate network. Our new application for phones Kerio Operator will turn your iPhone or Android-phone device for IP-telephony, allowing you to call and receive calls from your office number, from anywhere. "

Fixes critical vulnerability in Apple Mac OS X and Apple Safari

The products Apple updated: WebKit, PostgreSQL, QuickTime, Ruby, and other built-in components.

Apple has released this year's first security update for Mac OS X 10.8, 10.8.3 and earlier versions of the. The operating system has been updated embedded implementation International ImageIO, components Unicode, PostgreSQL, Podcast Producer Server, QuickTime, and Ruby.

In addition to the holes in the OS, the American corporation has eliminated the vulnerability in the browser Safari, which was updated WebKit.

Most of the underlying vulnerability allows a remote user to execute arbitrary code on the target system.

The operating system for research security of systems

Kali Linux: the operating system for research security of systems

Kali Linux has replaced the earlier developing project BackTrack Linux and released instead of the expected release of BackTrack 6. Solved problems by Kali Linux is identical to BackTrack Linux and is also designed for testing systems for vulnerabilities, audit, analysis of the residual effects of information and identify attacks.

Kali Linux is developed in partnership with Rapid7, to develop a platform for the analysis of vulnerabilities and Metasploit has taken over the provision of official support of Metasploit in Kali. In preparing Kali Linux was considered the entire seven-year experience of the project BackTrack and implemented many new ideas on the establishment of a new generation of security checks.

Kali Linux is positioned as a professional version of BackTrack Linux, ready for use in a corporate environment and taking into account the possible need responsible for the security of IT-staff to adapt to the distribution infrastructure. The key difference from its predecessor is the transition to a packet base Debian GNU / Linux, instead of the previous package build their own infrastructure, and borrowing some of the basic parts of Ubuntu.

Internet scammers promise Google Glass

Security experts are warning users and administrators that the new electronic glasses Google Glass can be a real platform for fraud.

In the British antivirus company Sophos say that these glasses can be not only a tool for espionage, but the very fact of their existence has become an occasion for fraudulent campaign.

Sophos experts say the discovery of a network of fraudulent sites, the owners of which offers visitors a pre-order for Google Glass. Naturally, the customers do not score any points either immediately after receiving the order, or later. Graham Cluley, senior technology consultant at Sophos, said that the company also revealed a wave of spam from China, which the organizers claimed that taking pre-orders for Google Glass. Led on by spam scams sites that provided details on the electronic glasses.

The expert identified a serious vulnerability in the PayPal subdomain

Expert in the field of information security Prakhar Prasad revealed a serious vulnerability in the PayPal subdomain - BillMeLater.com.

Using this vulnerability, an attacker could upload different file server PayPal formatov.Istochnikom vulnerability became an old version of CMS DotNetNuke, which allows you to upload files to the sites of the following formats: docx, xlsx, pptx, swf, jpg, jpeg, jpe, gif, bmp, png, doc, xls, ppt, pdf, txt, xml, xsl, css, zip and spin.

According to the expert, using the vulnerability by cybercriminals to upload malicious files. For example, downloading a malicious swf-file, they can create online XSS-vulnerability, with the infected files: docx, pptx, xls or pdf - upload BillMeLater client exploits, and in a file format hackers could download txt message letting deface site.

Experts argue that tried to load the shell, which would enable it to execute arbitrary code. However, his attempts were unsuccessful, as the server software has been updated in a timely manner.

Experts revealed the new phishing campaign aimed at clients of AOL

Hoax Slayer unveils new phishing campaign against AOL users. This time, the victims do not tempt cyberhawks "security updates" and "warn" them about the infection virusom.Potentsialnye cyberhawks victims usually receive emails entitled: "Customer Care Solution." Phishing links within emails are usually accompanied by the following text:

"A TJ2117 Virus has been detected in your folders. Login Here to Switch to the new Secure TJ2117 anti virus 2013. Thank you for choosing our service. "

"In your folders virus detected - TJ2117. Keep a username and password here (link) to go to the new secure antivirus Secure TJ2117 anti virus 2013. Thank you for using our service. "

The method of breaking of RC4 is presented

Method breaking RC4

The attack on the cipher is possible because of the small chance of the bit stream that is transmitted message. W34PMXHJPX2G

In Singapore last week held a conference cryptographic Fast Software Encryption, the main event of which was the performance of the American professor Dan Bernstein (Dan Bernstein), who introduced a method of bypassing security protocols Transport Layer Security (TLS) and Secure Sockets Layer (SSL), if they use an algorithm encryption RC4.

This cipher in 1987, was created by Ron Rivest and is represented by RSA Security. Since then, thanks to the simplicity of the software and hardware implementation, it is widely used in a variety of security solutions, including TLS and SSL. Until recently, no developer is not of practical hacking techniques RC4.

A successful attack on the cipher can be implemented due to the lack of random bit stream that is transmitted message. If you run through this flow of a large number of network packets, you can identify a sufficient number of repetitive patterns in order to get the original message content.

The experts compared the reliability of the three types of passwords

Expert Computer Laboratory at Cambridge University Ross Anderson in his book "Security Engineering 2nd Edition" described a study of passwords for their reliability.

The experts decided to establish what passwords (invented by users, randomly generated or compiled on the basis of passphrases) are the most reliable.

The experiment involved 300 students. The volunteers were divided into three groups ("red", "yellow" and "green") one hundred people each. Participants in the "red" team independently came up with a password consisting of 8 characters, at least one of which is not a letter. Students from the "yellow" group came up with a password consisting of the first letters and punctuation known phrases or sayings (such as a password «Wyc-swyg» turned out «What you see is what you get»). "Green" group received one hundred randomly generated passwords. Participants had to memorize them and destroy them.

Trend Micro experts examined botnet Asprox

 Trend Micro experts examined botnet Asprox. It is known that through this botnet attacker to send spam.

Cybercriminals sent out fake e-mails on behalf of various companies, such as DHL, FedEx and the U.S. Postal Service.

Experts point out that, since its introduction in 2007, Asprox generated a very substantial share of the world's spam. Despite the fact that over the years information Asprox was not much, it is known that the owners of the botnet improved it by making more effective.

For example, we know that at the moment Asprox has a modular structure that allows operators of the botnet, if necessary, to extend its functionality.

In addition, it is known that by spreading malicious Asprox module that steal information from infected computers. This module allows its owners to "collect" from infected systems, user names and passwords to the accounts. For example, e-mail, Web sites and FTP-servers.

Trojan FinFisher used by repressive regimes

Canadian independent IT experts say the discovery of a new Trojan software FinFisher, designed for a wide range of espionage.

At the Trojan researchers from University of Toronto have found two dozen management servers to which flocked data. Experts say that FinFisher - this is just an example of "gov-hacking", as this malware is aimed at spying on dissidents and the political opposition, who lives in the so-called regime countries.

Laboratory Citizen Lab, based at the University of Toronto, said that the 25 host servers FinFisher located in different countries and they flock data dissidents, log data, information about the interception of Skype-sessions and even audio recordings captured by the Trojan from computer microphone. According to the analysis, FinFisher used against political opposition in Canada, Mexico, Bangladesh, Malaysia, Serbia and Vietnam. However, Canadian experts say that this is probably not a complete list of countries.

The network has a new Exploit Kit Neutrino

During attack the malicious application is install on system by a trojan extortioner which blocks work of the computer.

According to analysts Trend Micro, on underground forums, a new set of exploits - «Neutrino». As the researchers found, the tool is also currently operates a gap in Java JRE (CVE-2013-0431, CVE-2012-1723). Vulnerable to attack are systems with versions of Java 7 Update 11 and earlier.

During the attack a malicious application installed on the system Trojan extortionists, locking down your computer.

Neutrino developers themselves are the following features of the set of exploits:

• User friendly control panel;
• Easy management of the domain and IP (countermeasures for anti-virus software;
• Continuous monitoring of the status of anti-virus software;
• Traffic Filtering;
• Encryption of the stolen information, etc.

Trojan cryptologist attacked Spain and France

The company Dr Web captures ongoing at the moment of the mass distribution of foreign users Trojan cryptographer Trojan.ArchiveLock. Modifications of the program, dubbed Trojan.ArchiveLock.20, infecting more and more computers in France and Spain.

In August last year, the company Dr Web reported the Trojan cryptographer Trojan.ArchiveLock. This malware uses file encryption standard archiver WinRAR. In order to spread malicious threats to use brute force to access the victim's computer via RDP. Once connected to the attacked workstation cybercriminals launch her Trojan. Obtaining control, Trojan.ArchiveLock.20 locates in one of the system folders application coder.

Trojan.ArchiveLock.20 then creates a list of files to be encrypted, and then empties the Recycle Bin, and removes stored on your computer data backups. Using a console application WinRAR coder puts user files to a predefined list in the password-protected archive, and the source data is destroyed using a special tool - recover deleted files then becomes impossible.

Mideast hackers again attacked western banks

Middle Eastern hacker group al Qassam Cyber ​​Fighters in the past few days continued attacks against Western banks and directed its efforts against the new financial institutions of the Western world. Meanwhile, the Western media are increasingly saying that it was too long and powerful cyber organizing this group. Clearly, this group has great resources and good funding, perhaps even at the state level.

American banks since last fall with enviable frequency reported DDoS-attacks on its IT systems by hackers Middle East. Repeatedly hackers could permanently damage the online banking systems of large banks, which angered tens of thousands of customers who were not able to hold or receive payments.

March 5 al Qassam Cyber ​​Fighters reported another cyber-company start by posting on popular resource Pastebin message about the upcoming attack on the nine western banks. According to experts, now al Qassam Cyber ​​Fighters have much more powerful DDoS-channels. If before power DDos-traffic at al Qassam Cyber ​​Fighters rarely exceeds 10 Gbit / s, it now amounts to about 40 Gbit / s.

Android.SmsSend Trojan spreads through advertising platform Airpush

The company Dr Web today warned about the intense spread Trojans Android.SmsSend by advertising platform Airpush, which is used by many developers to make money on the applications they create. Demonstrated the system messages may confuse users and lead to malicious software downloads.

Virus lab experts Dr Web periodically recorded complaints from users on false positives from Dr.Web for Android applications against GooglePlay_install.apk, which detected the Trojan Android.SmsSend.315.origin. After studying the problem of virus experts have confirmed the validity of the detection of the program, which is in fact a fake installer and charge for access to the free applications, sending premium SMS to a short number. However, the treatment of such complaints are still coming. Spent on this investigation had revealed one of the sources of the spread of Trojan: it was advertising system Airpush.

As you know, many games and applications for Android are free, but in order to recoup their development in time and money, developers often use a special system that plugs directly into the target program and show users different advertisements. These systems, in particular, is a popular advertising platform Airpush. A typical algorithm of its work is to demonstrate the application of advertising in a specially designated place, but some version of this module can also display different dialog boxes when working with the program, and without it directly run. In this case, the contents of the advertisements themselves can be absolutely anything, what and exploited, so decided to distribute the Trojan Android.SmsSend.315.origin.

Trend Micro Enterprise Security and Data Protection

Trend Micro has introduced a new product Enterprise Security and Data Protection

The company Trend Micro Incorporated, a leading manufacturer of "cloud" protection announced a new enterprise product called Trend Micro Enterprise Security and Data Protection. The proposed solution, according to developers, will help to reduce the risks, including reduce the likelihood of successful attacks on the IT infrastructure of the organization and minimizes the risk of leakage of sensitive information.

Benefits of the proposed solutions will be able to fully appreciate the organization whose employees actively use brought from home mobile devices to access corporate systems and data. According to Forrester Research "in most organizations, there are specific policies regarding the use of smartphones, tablets and other consumer electronic devices in the workplace. However, more than half of the companies, by their own admission, did not have a reliable tool for the effective implementation of these policies and monitor their compliance." Platform Trend Micro Enterprise Security and Data Protection will provide the opportunity. List of key features of the product include support for a wide range of platforms and devices (including tablets, smartphones, laptops, and removable disks), and centralized management of the proposed defense mechanisms.

Kerio Control 8 and Kerio Operator 2.1 - update with a focus on mobile devices

The company Kerio Technologies has released new versions of its two important products: Kerio Control 8 and Kerio Operator 2.1.

UTM-system (Unified Threat Management) Kerio Control 8.0 for unified threat management, implemented as a dedicated security server now offers support for virtual private networks VPN standard IPsec. Telephone exchange software for IP-telephony Kerio Operator 2.1 offers customers a branded softphone for smartphones. With this client utility smartphone users in your organization can easily connect to your phone line at the station Kerio Operator. Both of these upgraded products offer greater flexibility to use for IT managers and employees who are using at work popular devices running iOS and Android.

Implementation support VPN-based network protocol IPsec was the main innovation of Kerio Control 8 in comparison to previous versions. IPSec - it is an open standard protocol that allows a wide variety of client devices to connect to the corporate network through a VPN-gateway connections securely. Implementing IPSec VPN package Kerio Control 8 supports transparent access relevant client devices based on iOS and Android. It also supports multi-node VPN-standard configuration "server to server", which can be turned on UTM-solutions from many reputable manufacturers. More importantly, all the Kerio Control configuration policies to control traffic, protocol analysis, virus scanning, and quality of service can now be applied to the tunnels and IPSec VPN.

Multiple vulnerabilities in Microsoft Products

Multiple vulnerabilities in Microsoft SharePoint Server and Microsoft SharePoint Foundation

Danger: High
Patch: Yes
Number of vulnerabilities: 4

CVE ID:
- CVE-2013-0080;
- CVE-2013-0083;
- CVE-2013-0084;
- CVE-2013-0085.

Vector of operation: Remote
Impact:
- Cross-site scripting;
- Denial of service;
- Disclosure of sensitive data;
- Exposure of system information;
- System compromise.

Affected products:
-  Microsoft SharePoint Server 2010;
- Microsoft SharePoint Foundation 2010.

Affected versions:
- Microsoft SharePoint Server 2010 Service Pack 1;
- Microsoft SharePoint Foundation 2010 Service Pack 1.

Description:

New Android-malware Perkele intercepts messages

Discovered a new virus program that intercepts incoming sms-messages with the use of mobile devices running Android. Independent expert on computer security Brian Krebs found on one of the online forums offering for sale a program that forwards incoming sms text organizers virus attack, "merging" confidential user information - for example, the data for online banking.

Part of banking institutions in many countries, a two-level authentication - the client to confirm the payment, not only need to enter the password, but also a special sms-code.

Virus Perkele (program name translates as the Finnish obscene expletive) works in conjunction with other malware that installs a virus and replaces the instructions on the Web page of the payment - as a result the user is asked to install on the phone, "a special program to secure Android», under the guise of which the hidden Perkele.

New scheme of phishing attacks on Facebook users

Experts have identified a new scheme of phishing attacks on Facebook users

  According to available information, cybercriminals are using a new scheme of phishing attacks on users Facebook. According to The Hacker News, cybercriminals use specially created page verification, placed them on the site apps.facebook.com.

Potential victims are asked to link [https_://apps.facebook.com/verify-pages], ostensibly to verify Facebook account. In fact, the victims of cybercriminals get to a phishing site. Filling out a special form of "verification", they pass their credentials Facebook accounts criminals then redirect victims to legitimate page "Terms and Conditions Facebook".

Attacks on Microsoft and Facebook were made with sites mobile developers

Over the last few months the victims of such attacks was approximately 40 companies, including car manufacturers, government agencies and the U.S. confectionery company.

As reported by The Security Ledger, have now become aware of the details of recent attacks on computer systems of large companies such as Apple, Facebook, Microsoft and Twitter. Victims of attacks have also become well-known car manufacturers, government agencies and the U.S. confectionery company.

It is known that to penetrate the computer network attackers used a third-party websites, and technology «watering hole».

"The variety of activities victims may not accurately distinguish, on what kind of industry were aimed attackers," - said the director of security Facebook Joe Sullivan.

Small and medium business is most subject to cyberthreats

More than half of small and medium-sized businesses face the problem of leakage of sensitive information.

Experts Ponemon Institute commissioned by a major U.S. insurance company Hartford Steam Boiler conducted studies cybersecurity of small and medium business. The study found that about 55% of their face with a leak of confidential data due to the low level of protection. Many organizations do not even take care of the minimum necessary steps to ensure protection, Firewall, regularly updated anti-virus software, as well as basic coaching staff.

Vice President Insurance Eric Cernak said: "The first thing you have to do a small business - is to realize that he is at risk. Companies need to determine what information they have stored and for how long. "

According to the expert Symantec Paul Wood, small businesses are ill-equipped to protect confidential data and have difficulty finding gaps, as the Internet in their work is secondary. In addition, only one-third of small businesses, whose data have been compromised, report it to the victims. Wood said that the concealment of information leakage incidents fraught for companies legal consequences.

The main threat last month - Trojan Linux.Sshdkit

Experts antivirus companies disclose information on virus activity for February 2013.

According to analysts antivirus company Dr Web at the end of February this year, the most interesting was the threat of Trojan Linux.Sshdkit, designed to compromise the servers based on Linux.

A virus is a dynamic link library (experts point spread as 32-bit and 64-bit versions), ability to integrate into the process of sshd, intercepting the authentication function. As a result of infection with the user credentials of the system are sent to a remote server attacks.

During the rapid spread were infected more than 450 Linux-servers worldwide. The greatest number of compromised systems (27.7%) was found in the U.S., where Dr Web, 132 incident.

Trojan.Hosts infects about 8,000 new computers every day

The company Dr Web today informed the members about the intense hackers hacking Web sites to download to your computer malware family Trojan.Hosts. The magnitude of this threat in early 2013, took almost an epidemic. Peak spread Trojans Trojan.Hosts was in January and the middle of February, when daily on users' computers fixed order 9500 cases of infection. In March Trojan.Hosts infect computers around 8000 per day.

To hack websites cybercriminals use protocol FTP, connecting to resources using previously stolen usernames and passwords. Then, on the hacked site to load the command interpreter (shell) which varies with the file. Htacess, and the site has not hosted malicious script.

As a result, when entering the infected site visitor, it prints a web page that contains links to a variety of malicious applications. In particular, so recently begun to be widely distributed family of Trojans Trojan.Hosts.

ESET NOD32 START PACK

Basic computer security suite with Antivirus ESET NOD32 START PACK

The company ESET, a leading international developer of antivirus software and an expert in the field of cyber crime, is a unique product for a basic computer protection - ESET NOD32 START PACK. Based on the flagship solutions ESET NOD32 Antivirus, it is a one-year license to protect one computer at a bargain price.

In addition to ensuring a high level of security, it allows you to flexibly manage the license, start expanding functionality.

ESET NOD32 START PACK includes all the benefits of the new, sixth-generation products ESET, reliably protecting your computer from malware, phishing URLs, spyware, and ensuring the safety of your personal information.

Cybercriminals offer to purchase 10,000 botnetss from the U.S. for just $ 1000

Webroot specialist company was able to identify a dedicated website where virtually anyone wishing to offer to purchase a ready-botnet. At the same time the most expensive cybercriminals evaluate bots, located in the U.S..

According to reports, 1,000 infected computers will cost $ 120 (€ 93), 5000 PC - $ 550 (€ 423). The most discerning buyers are offered to purchase 10,000 infected computers located in the U.S., only $ 1,000 (€ 770), less demanding clients buy bots, located in the territory of Canada, Germany and the UK. In this case, 10,000 bots will cost the buyer $ 600 (461 euros).

But those who are totally indifferent to the country in which they are acquired infected devices offered to purchase 10,000 botnets for just $ 200 (€ 159).

Tunisian Cyber ​​Army hacked sites Pentagon and U.S. State Department

Tunisian Cyber ​​Army together with activists of Al Qaida Electronic Army launched Operation OpBlackSummer.

According to the company illSecure, activists Tunisian Cyber ​​Army to identify and exploit vulnerabilities that can make the implementation of SQL-code on two domains belonging to the U.S. State Department.

According to the hackers, they were able to gain access to confidential information, and IP-addresses of government computers and servers. In addition, members of the Tunisian Cyber ​​Army identified and, by some accounts, used XSS-vulnerability in one of the Pentagon's website, owned by the National Guard of the Army.

According HackRead, hackers are planning to use the identified vulnerabilities in the operation OpBlackSummer. This operation Tunisian Cyber ​​Army is planning a collaboration with Chinese hackers. It should be noted that this is not the first time that hackers identify and exploit vulnerabilities in systems to protect U.S. State Department website. It is known that in February of this year, as part of Operation OpLastResort, activists hacker group Anonymous stole the credentials of hundreds of users from a database site state.gov.