Month: May 2018

How to turn on Apple’s new Messages in iCloud

Dan Uff May 30, 2018 0

“With the release of iOS 11.4, Messages in iCloud, which keeps your iMessage and SMS messages in sync between your Apple devices, is now available to the public,” Joseph Keller writes for iMore.

“In addition to syncing your messages, Messages in iCloud lets you store your messages, photos, and other attachments in iCloud, letting you free up storage space,” Keller writes.

“Messages will also immediately start to appear on new devices after you sign into your iCloud account,” Keller writes, “and once you delete a message thread on one device, it will be automatically deleted on all of your devices.”

Here's how to enable the new feature:

1. Go to SETTINGS.

2. Tap on the Apple ID Banner (near the top of the page).

3. Scroll down until you get to the iCloud setting - select it.

4. Tap the switch next to Messages to turn the feature ON.

5. That's it.

How to install Applications using the Command Line in Ubuntu

Dan Uff May 30, 2018 0

While it is true that Ubuntu has an App Store that makes installing compatible apps a breeze, sometimes you come across an app that you must install from the command line.

The command line is the way you can use the O/S by completely bypassing the GUI.

Even though this how to focuses on Ubuntu, this should work with other flavors of Linux as well.

Open Terminal (CTRL + ALT + T).
Navigate to the directory where you've downloaded the file (usually cd/username/download).
To install any software on Linux, you must have administration rights (also known as a Super user or Root).
At the prompt, type: su -
When prompted, enter the root password.
If all goes well, you'll see another prompt that should look like: #root@username >
To find the name of the package that you've downloaded, issue the command ls
When you find the file, then it's time to unpack it and install the included installer.
Type: sudo dpkg -I filename.deb
The above command will unpack the necessary files from the .deb file and put them in the same directory.
Then (if it finds an install package) will go ahead and install the app for you.
You'll see each file being unpacked and installed in their correct locations.
That's it.

Again, this should work with all flavors of Linux (and possibly Unix as well).

Fraudsters Claim To Hack Two Canadian Banks

Threatpost Security News May 30, 2018 0

Two Canadian banks have reported that they may be targets of a hack, after bad actors claimed that they electronically accessed personal and account information.

On Monday, both Bank of Montreal and Simplii Financial (the banking subsidiary of the Canadian Imperial Bank of Commerce) announced that “fraudsters” contacted them over the weekend claiming they had accessed certain personal and financial data from customers.

BMO said that a limited number of customers were impacted: “We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off,” the company said in a statement. “We have notified and are working with relevant authorities as we continue to assess the situation.”

The bank, which has 7 million customers overall, added that it believes the bad actors originated the attack from outside the country.

Simplii meanwhile said that approximately 40,000 customers may be impacted. The company added that there is currently no indication that clients who bank through CIBC have been affected.

“Immediately upon learning of the potential issue, Simplii began investigating to understand the claim and verify its accuracy,” Simplii said in a statement. “We also moved quickly to implement enhanced online fraud monitoring and online banking security measures. In addition, Simplii will be reaching out to clients proactively through all channels.”

Simplii told customers in a tweet it would “ensure that 100% all money lost [sic]… will be returned.”

We’re assessing all potential impacts. If a client is a victim of fraud bcuz of this issue, we will ensure that 100% all money lost in an affected account is returned. If ur account was affected by this issue, we will reimburse u for 1 year of credit monitoring. ^Julie

— Simplii Financial (@SimpliiFin) May 29, 2018

Neither bank responded to multiple emails from Threatpost inquiring about any links between the two breaches; nor whether any money was stolen from customers’ accounts.

James Lerud, head of the Verodin Behavioral Research Team, said the incident appears to be an extortion attempt by the hackers, where they threaten to publish stolen data unless they receive a ransom.

“It’s hard to say what the motivation for demanding the ransom is,” he said. “It could be that the data stolen isn’t as valuable as they are making out to be, or if the hackers are looking for a cherry on top of their haul and would just use the stolen information after a ransom was paid.”

Tim Erlin, vice president of product management and strategy at Tripwire, told Threatpost that attackers generally target banks because, put simply, that’s where the money is. “Ultimately, the biggest threat is the loss of money, but the mechanisms by which an attacker might execute such an attack can vary,” Erlin told Threatpost. “There’s no single, biggest threat for banks to address outside of complexity. The more complex the environment, the greater the attack surface.”

To protect themselves, consumers should always use a complex password and PIN, and regularly monitor their accounts for signs of unusual activity.

Brazilian Banking Trojan Communicates Via Microsoft SQL Server

Threatpost Security News May 29, 2018 0

Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control (C&C) server and a full-screen social-engineering overlay form.

Researchers at IBM X-Force research on Tuesday revealed that attackers are using the malware – dubbed MnuBot –mainly in Brazil to perform illegal transactions on victims’ open banking sessions.

“MnuBot… has the same capabilities as most RATs,” Tomer Agayev, threat research team lead at IBM security, told Threatpost. “It allows the attacker to gain remote access to the infected machine, including displaying fake windows of various banks on the victim’s machine.”

The remote access trojan (RAT) is unique in that it constantly queries the Microsoft SQL Database server for commands to be performed, giving attackers better dynamic configurations and anti-research capabilities.

“Most malware in the wild today use a C&C server which is based on some form of a web server or an IRC channel,” Agayev wrote in a blog post. “In contrast, the MnuBot malware uses Microsoft SQL Server database server to communicate with the sample and send commands to be executed on the infected machine.”

Once it has infected a system, MnuBot also uses a tricky social engineering method called a full-screen overlay form, which keeps the user waiting while the attacker commits the fraud.

Overlay forms, similar to those used by many other malware families in the region, are used to prevent the victims from accessing their open banking session inside the browser. A pop-up appears, and meanwhile, in the background, the attacker takes control over the user endpoint and attempts to perform an illegal transaction via that open banking session.

Agayev said that data about the scope of the malware campaign is not public: “MnuBot was discovered during active research of new Brazilian malwares, and… we can’t disclose any additional information about its methods,” he told Threatpost.

Two-Stage Attack Flow

The majority of Brazilian malware infects systems via malicious email, although X-Force is still examining the infection methods, Agayev told Threatpost. After this initial infection, MnuBot is built from two base components making up a two-stage attack flow, said researchers.

In its first stage, MnuBot looks for a file called Desk.txt within the AppData Roaming folder, which places data from applications onto whatever machine the user happens to be logged in on. This enables MnuBot to know which desktop is currently running; the malware then constantly checks for a window name that is similar to one of the bank names in its configuration.

Once it discovers one, it will query the server for the second stage executable according to the bank name that was found. The subsequent downloaded executable (C:UsersPublicNeon.exe) contains the meat of the attack by providing the attacker with full control over the victim’s machine, according to Agayev.

This executable also gives attackers abilities like keylogging, taking screenshots of desktops, restarting the victim’s machines, creating a form to overlay the bank’s forms and stealing user data in the form.

C&C Server

MnuBot connects to the Microsoft SQL Database server in order to fetch the initial configuration by using SQL server details – such as server address, port, username and a password – which are hardcoded inside the sample.

Attackers can dynamically change MnuBot’s malicious activity, and once the authors take down the server, it becomes almost impossible for a researcher to reverse engineer the malware sample behavior.

“It is most likely that MnuBot authors wanted to try to evade regular AV detection, which is based on the malware traffic. To do so they tried to wrap their malicious network communication using seemingly innocent MS SQL traffic,” said researchers.

Some of MnuBot’s tricks are typical traits of malware families in Brazil, researchers said.

“MnuBot is an excellent example of many malware families in the Brazilian region,” said Agayev. “It holds many characteristics that are typical of other recently discovered malware strains. For example, the overlaying forms and the new desktop creation are well-known techniques that malware authors in the region use today.”