16.4.16

Scammers target Apple customers for bigger rewards


Apple customers are prime targets for cyberattacks as they are more likely to have a high disposable income, a security expert has suggested.
WeLiveSecurity contributor Graham Cluley has warned owners of Apple devices to be on their guard after spotting a fresh SMS phishing scam designed to compromise Apple ID credentials.
The scam in question came in the form of text messages from “Appleinc” warning recipients that their Apple IDs were about to expire.
Victims are urged to click links to hold on to their IDs, which direct them to a replica version of the Apple website where they’re asked to hand over their credentials.
After harvesting Apple ID usernames and passwords, the website then asks victims to provide further personal information to “unlock” their accounts – including their telephone numbers, address and credit card details.
“They deliberately took advantage of people’s trust in the Apple brand to steal information,” Mr. Cluley told the BBC.
“The truth is that criminals will go where the money is. Apple products cost more than some of their competitors so it’s likely that their customers have more disposable income.
“That’s cash, which the bad guys would like to have filling their pockets,” he added.
Apple’s support website warns customers never to enter their Apple ID information on a non-Apple website.
However, with a convincing replica site, it can be difficult to spot the difference.
As well as the name of the text message sender “Appleinc”, the International Business Times noted that the URL victims were directed to – “isappleexpired.co.uk” – was another giveaway in this instance.
The phony website has since been blocked by web browsers including Chrome and Firefox.

Meanwhile, Mr. Cluley had advised Apple customers to be extra cautious of the links they click on via email and text message, suggesting two-factor authentication as an extra measure to back up Apple IDs.

14.4.16

“My video”, “My first video”, “Private video”… Don’t fall for this Facebook scam



Not even a week has passed since ESET warned users worldwide about an active Ray-Ban scam campaign on Facebook, which tricks users into sending their payment card details to the attackers. Today we bring you information on yet another malicious activity targeting the world’s largest social network.
This time, malicious links are disguised as a post on a Timeline you were tagged in, or as a message sent to you via Messenger by a friend. Using one of the titles “My first video”, “My video”, “Private video” or a string of randomly generated characters, it tags various people from victim’s friendlist and lures them into clicking on it.

If an unsuspecting user falls for the scam, the post redirects him/her to a fake YouTube website. After what pretends to be an unsuccessful attempt to load the content, he/she is requested to install an additional extension using the following message: Sorry, if you don't install Video Play plugin, you will not be able to watch the video! Click 'Add Extension' to watch the Video                            

If the victim installs the malicious plug-in, his/her browser becomes infected and carries the infiltration further. As described above, his/her Facebook wall becomes flooded with fake video posts tagging multiple friends from the victim’s friendlist and subsequently, all online friends will receive an identical message via Messenger with the same harmful contents.
ESET detects this threat as JS/Kilim.SO and JS/Kilim.RG. At this point, the infiltration only targets Chrome users, but there is no guarantee that it will not spread to other browsers in the future.

How does it work?
After clicking on “Add Extension” at the fake YouTube site, malicious code installs a Trojan plug-in (containing malicious Java Script code) into the Chrome browser. This is disguised as a legitimate “Make a GIF” plug-in, but comes from a different developer - namely “freechatfor.org”.


Software AG in Q1: Strong start into 2016


 [Please note: All revenue-related percentage figures in the text are net of currency]

Software AG (Frankfurt TecDAX: SOW) today announced its preliminary financial figures (IFRS, preliminary) for the first quarter 2016. The company continued its successful transformation reaching further improvements on all key performance parameters. Total revenue improved by +9 percent, driven by strong total license sales of +31 percent. Product revenue (Licenses + Maintenance) increased by +11 percent, while Services improved by +2 percent. The company’s database business Adabas & Natural (A&N) grew by +20 percent due to early contract closings and driven by Software AG’s announcement in Q4 last year to support its A&N customer base with innovative product developments beyond 2050. The Digital Business Platform (DBP) improved by +6 percent with licenses increasing by +7 percent and maintenance by +5 percent. Along with a positive revenue development, the Group also managed to materially increase its profitability again, also due to operational efficiency improvements: the earnings before interest and taxes (EBIT) increased by +55 percent and operating earnings (EBITA, non-IFRS) by +23 percent. Accordingly, the operating earnings margin (EBITA, non-IFRS) was at 29 percent. Based on the positive business development in the first quarter, Software AG confirmed its outlook for the full year 2016.
“The Q1 financial results underline our total customer focus, our high operational efficiency standards and the success of our value strategy. Our commitment to support our A&N client base beyond 2050, announced in Q4 last year, is perceived very well in the market. Additionally, our leading position with our digital product portfolio results in organic growth and a strong project pipeline,” said Karl-Heinz Streibich, CEO of Software AG. “Our value-oriented strategy for the hybrid software market - on premise and in the cloud - shows stunning results”. 
“We are smoothly continuing the journey in Q1 that we ended in Q4 last year: Organic growth, process optimization and financial discipline”, said CFO Arnd Zinnhardt. “The financial figures display only once a quarter what we constantly execute in our everyday operations: We drive profitable growth in the long-term interest of our employees, customers and shareholders”.
 Development of the business divisions
The Digital Business Platform (DBP) achieved license revenue of EUR 32.7 million (Q1 2015: EUR 31.1 million) in the first quarter – a plus of 7 percent over the previous year. Maintenance revenues amounted to EUR 61.9 million (Q1 2015: EUR 59.9 million), approximately +5 percent over the same period. Accordingly, total DBP product revenue (Licenses + Maintenance) amounted to EUR 94.6 million in the first quarter (Q1 2015: EUR 91.0 million), up +6 percent.
Additionally, Software AG’s cloud order entry increased by +155 percent in the reporting period. Including the substantial growth in the cloud business area, total DBP licenses showed double-digit growth.
The Adabas & Natural (A&N) business line recorded revenue of EUR 63.6 million (Q1 2015: EUR 55.4 million) – a plus of 20 percent. License sales increased to EUR 26.4 million (Q1 2015: EUR 15.5 million) which equals a significant improvement of +79 percent, reflecting early closing of deals and the strong commitment of the A&N customer base to continue to run their critical business applications on Software AG’s proven technology. A&N maintenance reached EUR 37.0 million (Q1 2015: EUR 39.8 million).
Revenues in the Consulting line of business were EUR 48.0 million (Q1 2015: EUR 47.7 million) which equals an improvement of +2 percent.
 Total revenue and earnings development
Software AG’s total revenue in the quarter under review was EUR 206.2 million (Q1 2015: EUR 194.1 million), an increase of +9 percent. The company’s product revenue (Licenses + Maintenance) was up +11 percent for the quarter at EUR 158.0 million (Q1 2015: EUR 146.2 million). The license revenue for the reporting quarter was EUR 59.1 (Q1 2015: EUR 46.5 million), representing a +31 per­cent rise. The Group’s maintenance revenue reached EUR 98.9 million (Q1 2015: EUR 99.7 million).
The company’s earnings before interest and taxes EBIT in the first quarter was EUR 45.3 million (Q1 2015: EUR 29.3 million), a plus of 55 percent. The operating earnings (EBITA, non-IFRS) increased strongly due to a higher product revenue, improved sales mix, higher efficiency and active cost management reaching EUR 59.1 million (Q1 2015: EUR 48.1 million) in the quarter reported – an improvement by +23 percent. Accordingly, the operating earnings margin (non-IFRS) reached 29 percent (Q1 2015: 25 percent).
Outlook 2016
Based on the positive Q1 business development, Software AG confirmed its full year outlook 2016. The company expects a currency-adjusted increase of DBP product revenue between +5 and +10 percent for 2016. For A&N, the Group expects currency-adjusted sales to decline between -4 and -8 percent over the previous year. Moreover, the company expects further improvement of its operating profit margin (EBITA, non-IFRS) reaching 30 to 31 percent.
         

13.4.16

Qbot returns: New strain of data-stealing malware detected


By Narinder Purba posted 13 Apr 2016 - 05:23PM

Security researchers have detected a new, updated strain of the data-stealing trojan Qbot that is “harder to detect and intercept”.
According to a detailed report by BAE systems, the malware has already infected more than 54,000 computers across thousands of organizations. ESET detects this threat as Win32/Qbot and Win32/Kryptik.
Analysts said that a number of updates have been made to the original Qbot malware, including a “shape-changing” and “polymorphic” code that makes it more difficult to detect.
As noted by IT Pro, the malware can also detect if is being looked at in a sandbox environment – a tool used by security researchers to spot malware before it can cause damage to users.
An incident response team at BAE Systems discovered the new threat in early 2016, when 500 computers belonging to an unnamed public sector organization were infected.
The BAE Systems blog notes that cybercriminals have specifically targeted public organizations including police departments, hospitals and universities.
Adrian Nish, head of Cyber Threat Intelligence at BAE Systems, explained: “Many public sector organizations are responsible for operating critical infrastructure and services, often on limited budgets, making them a prime target for attacks.
“In this instance, the criminals tripped up because a small number of outdated PCs were causing the malicious code to crash them, rather than infect them. It was this series of crashes that alerted the organization to the spreading problem.”
The BAE Systems report categorizes Qbot as a network-aware worm with backdoor credentials, primarily used for harvesting user credentials.

It’s noted that Qbot could still continue to spread, and organizations are being recommended to update and search their defensive systems to identify attacks.

And how do you protect your webcam?


James Comey, who heads up the Federal Bureau of Investigation (FBI), recently made an interesting remark during his presentation about encryption and technology at a college in Ohio, US. He admitted that, in order to protect his privacy, he puts tape over his laptop’s camera.
The FBI director’s revelation created a buzz among information security professionals. Some have accused Mr. Comey of creating a “warrant-proof webcam” – preventing himself from being able to deliver evidence, should he be investigated.
“I saw something in the news, so I copied it. I put a piece of tape — I have obviously a laptop, personal laptop — over the camera.”
“Although in this case the sentiment was pretty lighthearted, the mood echoes the efforts of the authorities of several countries’ to adopt legislation mandating that service providers and equipment manufacturers maintain the ability for police and security services to access any communication.
(Of course, putting a tape over a webcam prevents evidence from coming into existence, which is different from making the evidence inaccessible through end-to-end encryption.)
Jokes aside, the FBI director’s security measure is well-informed. The FBI has long known about the technology needed to remotely activate a computer’s camera without the user’s knowledge. If software called a remote administration tool (RAT) is installed on a system that has a camera, it can capture video — without triggering the recording light — and subsequently send that video out over internet. ESET researchers have been studying police use of this type of malware for many years. For example, see this 2009 white paper (PDF link) and this 2014 article which discusses an FBI takedown of a RAT.
In order to prevent a webcam from being turned into a tool for spying, appropriate measures should be taken. For most scenarios, quality security software – if kept updated – should be enough. These programs work to block any unauthorized installation of software on your machines regardless of whether it is coming from criminals or law enforcement. And for those who wish to eliminate even the smallest remaining risk, Mr. Comey’s solution does make sense.