Malware Odin Ransomware [1]This is the latest strain of malware that originates from the infamous Locky ransomware [2], the main difference with this version being that files are encrypted using the ‘.odin’ file extension. Once a device has been infected, users are redirected to the ‘Locky Decryptor’ page. Odin has only been seen being pushed out via spam email, where the recipient is told that an order has been processed. Attached to the email is a ‘Cancellation Form’, which if executed, will infect the user’s device with the ransomware. Just as was the case with Locky, files are encrypted using AES [3] and can only be unlocked using the RSA private key. More information. [4] Magecart malware targets checkout pages of Online storesA new malware named Magecart [5] is currently targeting the checkout pages of over 100 online stores to steal customers payment information. The malware authors add a malicious JavaScript file to a site's source code allowing Magecart to target customers in a two stage process. First it determines if the target has reached URLs specific to each platform's checkout page. If they have, Magecart moves to the second phase, which entails loading a JS script to record the information the victim enters in the form fields. This data is sent to a remote server controlled by the attacker. According to the company RiskIQ [6], Magecart can operate on both online stores handling their own payment processing operation, and those using specialised payment solutions such as Magento or VeriSign. Allegedly, online stores Everest and Faber & Faber are amongst the sites which have been infected. More information [7]. Hacker operationsIndian hackers target Pakistani government networkReports have emerged that the Pakistani government network has fallen victim to a cyber-attack originating from India. According to several Indian media outlets, an anonymous Indian hacker has infected Pakistani government networks, taken control over hundreds of computers and used a malicious code to render data on the network inaccessible to its users. However, few other details on the attack is currently available. This latest alleged attack comes only days after 7,000 Indian websites were hacked by a Pakistani hacker group, as reported here [8]. More information [9]. Ongoing Campaigns Clinton Foundation warns donors of targeted phishing campaignThe Clinton Foundation [10] is warning its donors of a targeted phishing email campaign attempting to steal their personal information. In an email seen by Reuters, the charitable organisation admits that donors have received emails falsely claiming to be from the Foundation. The phishing email informs donors that their current account information has been hacked, and they therefore have to confirm their personal information via a linked website. This revelation comes despite the Clinton Foundation's continued denial that their system has been breached. More information [11]. VulnerabilitiesHacking Mac WebcamsAn ex NSA and NASA employee has revealed that Mac webcams are vulnerable to hijacking. Patrick Wardle explains that a hacker can gain access to the camera without being detected, as the malware used to carry out the attack only starts working when the camera is turned on for a legitimate purpose. This means that there is no suspicion from the user as the webcam light is expected to be on and the webcam is expected to be functioning, however they remain completely unaware that the recordings are being distributed. Applications such FaceTime and Skype are affected by this vulnerability. More information [12]. General NewsGoogle warns users to stay away from Pirate BayGoogle has warned users that visiting the Pirate Bay [13] website could lead to malicious content being unwittingly downloaded onto their device. Those that use Google Chrome may find that they are faced with a red screen, warning them that entering the website may lead to the user being tricked into revealing personal information or installing software. Google’s security concerns stem from the presence of third-party advertisements that the torrent site hosts, many of which are suspected of being used in malvertising campaign. More information. [14]Smishing CampaignIsle of Man police are warning of an ongoing campaign that they are referring to as ‘smishing’ or SMS phishing [15]. The current scam sees text messages sent out to victims, reportedly from their banks, that refer to an attempted withdrawal from their account. Residents of the Isle of Man have been told to ignore any such message and avoid texting any provided numbers or clicking any links. This is by no means a new scam but it has proven to be very lucrative to criminals in the past. Earlier this year, one victim lost £22,500 after a text purporting to be from Santander. More information [16].Verizon Wants $1 Billion Discount on Yahoo Acquisition DealThe situation continues to get worse for Yahoo as Verizon, who were set to acquire the email company for $4.8 billion, have now allegedly asked for a $1 billion discount. The New York Post has claimed that Verizon are looking to lower the price for the company after the recent hacking scandal and the news that Yahoo were allowing the NSA to monitor their customers’ communications. Yahoo claim that no such negations have taken place. Tim Armstrong, the chief executive of AOL has reportedly been looking into whether or not the deal can actually be cancelled as Yahoo failed to disclose the breach that took place in 2014. It is currently unclear if the deal will go through and if so, at what cost. More information [17]. The Silobreaker TeamDisclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
[1] https://my.silobreaker.com/view360.aspx?item=11_1077220644#?q=Keyphrase:%22Odin%20Ransomware%22&rd=true
[2] https://my.silobreaker.com/view360.aspx?item=11_966417407#?q=Keyphrase:%22Locky%20Ransomware%22&rd=true
[3] https://my.silobreaker.com/view360.aspx?item=11_720666#?q=Keyphrase:%22AES%20Advanced%20Encryption%20Standard%22&rd=true
[4] https://nakedsecurity.sophos.com/2016/10/06/odin-ransomware-takes-over-from-zepto-and-locky/
[5] https://my.silobreaker.com/view360.aspx?item=11_1085079195#?q=Keyphrase:%22Magecart%22&rd=true
[6] https://my.silobreaker.com/view360.aspx?item=11_223981370#?q=Company:%22RiskIQ%22
[7] https://www.riskiq.com/blog/labs/magecart-keylogger-injection/
[8] http://www.silobreaker.com/silobreaker-daily-cyber-digest-5-october-2016/
[9] http://www.deccanchronicle.com/technology/in-other-news/071016/cyber-war-indian-hackers-lock-pakistans-data.html
[10] https://my.silobreaker.com/view360.aspx?item=11_797141#?q=Organization:%22William%20J%20Clinton%20Foundation%22
[11] http://www.reuters.com/article/us-usa-election-clinton-foundation-idUSKCN1262IC
[12] https://www.cnet.com/news/mac-webcam-hack-ex-nsa-employee/
[13] https://my.silobreaker.com/view360.aspx?item=11_338231#?q=Company:%22Pirate%20Bay%22&rd=true
[14] http://thenextweb.com/apps/2016/10/06/the-pirate-bay-phising/#gref
[15] https://my.silobreaker.com/view360.aspx?item=11_8239859#?q=Keyphrase:%22SMS%20Phishing%22&rd=true
[16] http://www.energyfm.net/cms/news_story_450321.html
[17] http://www.techtimes.com/articles/181262/20161006/verizon-seeks-1-billion-discount-on-yahoo-acquisition-deal-due-to-hacking-email-scanning-scandals-report.htm