According to security firm Sophos, the latest phishing attack appears to fool computer users with Apple accounts to give attackers their account information.

“With more and more people having Apple IDs (used by millions for purchasing software from the Mac or iPhone App stores, or downloading music and movies from iTunes) it’s inevitable that criminals will show an interest in stealing your credentials,” Sophos wrote in a blog post.

The firm said that scammers send out an email that looks like a legitimate email from Apple, saying that the account billing records of the customer are out of date. The email then asks them to update the data and warning them that the account will be terminated if they fail to do so. They will then be asked to click on a link and enter their login information to confirm their billing info records.

Sophos noted that upon hovering over the link, it points out to a German website instead of the Apple Store Site.

“The emails appear to be being spammed out widely, and not just to Apple Store users. The cybercriminals are taking a shotgun approach, hoping that a good proportion of recipients have Apple IDs and might be fooled into handing over their details,” the security firm added.

via: PC Advisor

New form of phishing attacks target your Apple ID is a post from: Gadgets and gizmos

According to tech news site PC Magazine, the software giant has downplayed the data dump, where 90 Xbox Live gamertags were posted on Pastebin.com. Microsoft said that it is only a “minor phishing incident,” not a big network breach, unlike what happened to the PlayStation Network.

“We do not have any evidence the Xbox Live service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats,” a Microsoft spokesperson said in a statement sent to the tech news site. “However, we are aware that phishing attackers will occasionally post small lists of victims on public channels, and we will work directly with the impacted members to resolve any unauthorized changes to their accounts.”

The company also recommended that users of the Xbox Live service follow its Account Security guidance, which is provided at xbox.com/security.

Earlier this year, Sony’s PlayStation Network suffered from a number of attacks from hackers that are believed to be part of the hack-attack group Anonymous. The attack took down the gaming service for weeks, rendering the company to resolve its security issues. The incident affected around 77 million accounts and cost Sony around $171 million.

Do you think this incident is the start of something bigger?

via: PC Magazine

Xbox Live IDs and passwords posted by hackers is a post from: Gadgets and gizmos

The Hackers Online Club said that the social network’s “Trusted Friends” can fail if the victim is fooled into accepting accounts from the hacker as friends.

Facebook said earlier that the new security feature helps a user if ever he or she gets locked out of their accounts. The tool is similar to other features that can help prove a user’s identity via one’s friends by sending codes to their chosen friends so they can pass along the information to the user.

The Hackers Online Club said that once these fake accounts are accepted as friends, the attackers can just go to Facebook and click on the “Forgot your password” link. These attackers can then set their emails to receive the password.

“Facebook will ask you to choose three trusted friends … choose the three fake profiles of your which you created and added into the victim’s account,” the report read. “After selecting three accounts, Facebook will send security codes to these accounts; just enter these codes and you will get Password Resetting email from Facebook on the account you created.”

via: Hackers Online Club

Facebook’s new security feature may fail is a post from: Gadgets and gizmos

Security experts at Sophos said that the malware, named DevilRobber (also known as OSX/Miner-D), comes with copies of Mac OS X image editing app GraphicConverter ver. 7.4 that are uploaded to torrent sites and other file-sharing networks.

“If your Mac computer was infected by the malware, the first thing you might notice is performance becoming sluggish. That’s because OSX/Miner-D tries to generate Bitcoins, the currency of the anonymous digital cash system, by stealing lots of GPU (Graphics Processing Unit) time. GPUs are much better than regular CPUs at performing the mathematical calculations required for Bitcoin mining,” the software firm wrote in a blog post. “Yes, this Mac malware is stealing computing time as well as data.”

Aside from mining Bitcoins, the trojan also spies on the user by stealing usernames and passwords and taking screenshots of the system’s screen. The malware also runs a script that copies all the user’s valuable data to a file called dump.txt.

Sophos said that the app’s producers have not done anything wrong, as they are victims of cyber criminals who use their software as a trap to infect users who download the app from unofficial sources.

The security firm advised Mac OS X users to practice safe computing, and only get software from legitimate download services and official websites.

via: Sophos

New Mac OS X malware uses GPU and spies on users is a post from: Gadgets and gizmos

“Tens of millions of links are tweeted on Twitter each day,” said the developers from Twitter in a post in its official blog. “Wrapping these shared links helps Twitter protect users from malicious content while offering useful insights on engagement. All links submitted within tweets and direct messages, regardless of length, will eventually be wrapped with t.co.”

Every link that is converted by the service will be checked for malware. When a user clicks a link to a potentially hazardous site, the service will redirect them to a page, warning them that the site may be malicious. Unlike bit.ly and other link shorteners, Twitter’s t.co displays the domain name, so its users will know what they are clicking on. Although only a few characters are displayed, the new link shortener will function with bit.ly and other shorteners normally.

This move by Twitter seems to edge out third party websites that make money off the service. Twitter has also recently announced its own photo sharing service, which also seems to edge out companies that give similar services.

If this new feature will effectively provide users a safer experience by helping them avoid going to phishing links and malicious sites, then there’s nothing bad with the change.

Currently, the link shortening service of Twitter is only available for posted links and is not available as a link shortening service.

via: Mashable

Twitter to reformat all links to t.co is a post from: Gadgets and gizmos

The virus was first detected around two weeks ago by the U.S. Military’s Host-Based Security System. Even though it has been detected, it did not cause massive panic and did not prevent pilots at Creech Air Force base from flying their missions. According to reports, there have not been any incidents of classified data that has been lost, stolen or sent to an outside source.

Network specialists said that the virus has resisted their attempts to remove it.

The U.S. has not grounded the said drones, and sources from the military claimed that it had not gained access to classified information. Specialists also said that it might be a common malware that just made its way into sensitive networks.

Some reports say that the bug got into the system through a hard drive or a disk that picked up the virus somewhere else.

“We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,” an Air Combat Command representative told tech website Wired. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.”

via: Today

Computer virus infects U.S. drone fleet is a post from: Gadgets and gizmos

The security firm named the trojan “ANDROIDS_ANSERVER.A,” which poses as an e-book reader and is distributed to unofficial app stores in Chinese websites. These app stores are very popular in the country because mobile phone owners do not have access yet to Google’s Android Market.

Once a user downloads and installs the app to their smartphones, it connects to two separate servers, where it receives additional commands and files. Karl Dominguez, a Threat Response engineer at Trend Micro, said that the first server is a website where the malware can send and receive data from, while the second server showed some characteristics that caught the security team’s attention.

“The second C&C server, however, caught our attention more,” wrote Dominguez on a Blog post on the TrendLabs Malware Blog. “This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate.”

According to the researchers, it was the first time an Android malware used this kind of technique to communicate. The use of blogs and other social media sites for malware control, however, is not new. For example, a number of trojan creators use micro-blogging site Twitter to control botnets.

As security experts have predicted that, malware are increasingly growing, and things are expected to get worse. It is always best to know if your apps have proper reviews and avoid downloading apps from suspicious third party app stores.

via: Trend Micro

New Android malware can be controlled via blogs is a post from: Gadgets and gizmos

According to a report by The Next Web, by using a system developed by security company Websense, the service will scan links as a precaution to protect users.

“A platform as popular as Facebook is naturally a target for attackers,” wrote Websense on its blog. “We have been working with Facebook and their security teams for a number of years in order to keep their users safe, but now we have integrated directly into the platform for an unprecedented security combination.”

Facebook has been seeing an increase in scammers who use the website to drive traffic towards internet scam sites and malware. The service will be using the new technology to analyze the links.

A warning page will explain why the linked site is considered malicious. Users can still proceed, but only at their own discretion. This is very similar to Google’s Safe Browsing technology, which is integrated into Chrome and Firefox.

In a survey conducted by Websense, 52 percent of businesses said that they have experienced an increase in malware attacks because of unsafe use of Twitter and Facebook. With 800 million users, Facebook has been a hunting ground for hackers and scammers.

The new move will give Facebook users an extra line of defense against attacks, but it is still best for users to avoid clicking links going to untrusted sites

via: ZDNet

Facebook partners with Websense to scan links for malware is a post from: Gadgets and gizmos

In an official press release posted by the group on Pastebin, Anonymous said that they will be joined by other cyber liberation groups in its attacks on “Wall Street, Corrupt Banking Institutions – and the NYC Police Department.”

The said attack is reported to take place in a number of cities across the US at high noon. The group also suggested that people follow the Twitter account @PLF2012, which will publish reports throughout the day.

“Anonymous & the other cyber liberation groups around the world together with all the freedom loving people in the USA will NOT stand for this. We will peacefully yet forcefully resist the abuses of the NYC Police Department,” wrote the group in the press release. “And so Anonymous announces a nationwide ‘Day Of Vengeance’ to take place in dozens of cities across the USA on Saturday – September 24, 2011 at High Noon.”

Anonymous has criticized how protesters were handled during a series of protests last week, saying that they faced “phalanxes of heavily armed paramilitary police officers from local and federal jurisdictions.” Though some of these protesters were arrested last week, the group’s real issue was when the officers used excessive force against these “peaceful protesters,” a number of whom were injured.

via: Ubergizmo

Anonymous announces September 24 as “Day of Vengeance” is a post from: Gadgets and gizmos

The newly developed antenna, called the Body Wearable Antenna (BWA) enables soldiers to communicate with other soldiers without the need for the usual radio whip-antennas that weighs a lot. By weaving the antennas into soldiers’ uniforms, it allows very effective communication and helps improve agility. A BWA concept has been developed to showcase the technology, which can transmit voice and video data from a helmet-mounted camera, and GPS locations through the same antenna.

This can improve the situational awareness of a team, enabling soldiers to communicate with the team easily and allowing them to see through the team mate’s eyes in real time. A soldier can alert a team via his helmet-mounted camera when he spots a situation. The BWA links with a wrist-mounted smartphone and uses its sensors to allow the team to tag objects like potential hazards that will appear highlighted on the image displayed by the phone.

“Frontline soldiers carry a huge amount of weight when on patrol,” said Jon Pinto, Antennas and Electromagnetics Group Leader from BAE Systems Advanced Technology Centre. “Research into body wearable antennas has shown we could reduce this burden and in the future give forces improved communication capabilities and a significant advantage on the battlefield.”

The technology’s applications will go beyond the defense industry, as the company is currently testing incorporating BWAs into firefighters’ and police officers’ suits.

BAE Systems develops Body Wearable Antennas for soldiers is a post from: Gadgets and gizmos