BU-CERT News

From zdnet.com

A new Trojan has been unmasked by researchers which pretends to be a Google service on infected Android devices.

The malware, dubbed “GPlayed,” is a Trojan which labels itself “Google Play Marketplace” and uses a very similar icon to the standard Google Play app in order to dupe victims into believing the software is legitimate.

According to researchers from Cisco Talos, GPlayed is “extremely powerful” and its key strengths are flexibility and the ability to adapt after deployment.

The Trojan contains a number of interesting built-in capabilities. Written in .NET using the Xamarin mobile environment, GPlayed’s main .DLL is called Reznov, which, in turn, contains a root class called “eClient.”

From bleepingcomputer.com

A new phishing campaign spotted this September shows increased sophistication from the operators, who take over email accounts and insert a banking trojan in conversation threads.

The malware comes through replies to existing discussions, a powerful social engineering approach likely to guarantee a high rate of success because it relies on the familiar context the victim already trusts.

The lure for installing the malware is an attached document which, once launched, springs a routine for retrieving the latest version of Ursnif malware. It runs only on systems running Windows Vista and above and avoids machines with Russian or Chinese locales.

From zdnet.com

Top figures in the infosec industry fear that the recent arrest of a top Chinese intelligence officer will spark an increase in cyber-attacks from Chinese hacking groups in the coming months.

Xu was not arrested on hacking charges, but for attempting to commit economic espionage and steal trade secrets after trying to recruit several insiders from multiple US aviation and aerospace companies.

But reports from US cyber-security firm Recorded Future, and from shadowy group Intrusion Truth, have pegged the MSS as the Chinese agency in control of China’s cyber-espionage operations.

From gbhackers.com

The malicious campaign primarily targets the education, financial, and energy sectors, some industries such as real estate, transportation, manufacturing, and government entities are affected.

Security researchers from TrendMicro spotted the campaign mostly affecting North America and Europe, also they found the similar type of samples in Asia and the Latin American region.

From gbhackers.com

The Hackers almost defaced around 70 websites that belong to Italian and foreign institutional sites along with American spy agencies and 8 NSA owned domainsback in 2013.

A 23-year-old man from Salò pealed guilty for hacking these well-known domains and change the home page of NASA websites and replace with “Master Italian Hackers Team”

Always protect any important and sensitive files with a password before storing or emailing them.

To do this for Microsoft applications, go to File, Information and then click Protect Document, as shown below.

Then select Encrypt with Password, this brings up the option to add a password, as shown below.

If you are sending the document to someone, remember to send the password to the recipient by means other than email – options include over the phone or via text.

Read our further guidance about Protect Data.

If you do ever forget your BU password, just register at https://pwdreg.bournemouth.ac.uk before resetting your BU password via https://pwdreset.bournemouth.ac.uk.

From thehackernews.com

Adobe has released its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity.

Adobe has also released updated versions for Flash Player, but surprisingly this month the software received no security patch update.

Also, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.

Read more…