Hotel Data Breach’ at FastBooking server affects Hotels Worldwide!

User data, of the thousands of guests, at hotels from all over the world was stolen from a Paris based firm, FastBooking, which deals in Hotel booking software, on June 14 2018. The company sells its software to more than 4000 strategic partner hotels in about 100 countries with around 1.2 million transactions annually and about 10 million server requests on their CRS servers each day.

This Hotel Data breach was detected by the FastBooking employees after about 5 days, on June 19 2018. The malware tool installed in the servers by the attacker(s) allowed them remote access to the FastBooking servers. The attacker(s) had gained access by exploiting a vulnerability in an application that was hosted on the FastBooking servers. The attacker(s) then installed a malware tool to gain access and steal the data of hundreds of thousands of users. The data contained personal details and banking card details of the guests who had stayed at the strategic partner hotels which are currently using the FastBooking software for their hotels.

In a more detailed analysis, at the time, by FastBooking, it was found that the attacker(s) had targeted guests’ first names, home address, nationality, e-mail address and hotel check-in, & check-out details.

The attacker(s) had managed to obtain personal banking card details of some of the customers from the servers that had this data stored on them. It contained holder’s name on the card, expiration date and the card’s number.

Read Full Article

Guide to remove HomeworkSimplified from the system

HomeworkSimplified is a browser extension that is considered to be a browser hijacker.  Designed with the malicious purpose to extort user and generate revenue, Homeworksimplified may seem legitimate and useful as it deceives user to provide significant information relating to school subjects. However HomeworkSimplified is a deceptive application and installs without user consent and modifies browser settings and track user’s internet browsing activity.

An attempt to revert the changes made by the pernicious program is futile as this browser hijacker reassigns the settings. Once infiltrated this malicious infection modifies the browser settings and changes the default search engine, homepage and new tab.

If a user seeks for any search result they are automatically redirected to hp.myway.com. This is a sponsored domain and displays search results as per domain preference. This ruins user online surfing routine as the sites they are redirected to may be malicious and could end up infecting the OS with nasty software program.

The presence of this pernicious app may lead to serious privacy issue or even identity thefts. It is therefore advised to protect the system against such malware intruders and if infested get rid of them as soon as possible.
Threats posed by the invasion of HomeworkSimplified in the system:

 HomeworkSimplified is a monetized app that is deceitful, malicious and intrusive. The malware targets high school students and bluffs them to assist with their homework on various subjects like math, Science, English etc. However it is better we understand the fact that every positive such free tools offer is surpassed by the negative they enforce.

Following are the threats posed by this pernicious Browser Hijacker:

The malware infiltration poses a threat to user security and privacy. This nasty software program keeps an eye on user browsing activities and gathers their confidential information like banking details. The collected data is used to either exploit user or is sold to third parties.

Read Full Article

How to Remove RotorCrypt Ransomware from the System?

RotorCrypt is a dangerous and destructive malware. It is categorized as a Ransomware which is used to infect the computer and encrypt the files with a .mail extension. The RotorCrypt Ransomware infects systems through spam email messages that contain attached files of popular extensions such as .doc, .txt, .zip, .pdf, .jpeg etc.

The RotorCrypt Ransomware was first detected in 2016 and the cyber criminals have been updating and adding new .mail extensions to the ransomware. The latest version of the RotorCrypt Ransomware was released in June 2018 with!@#$%__PANAMA1@TUTAMAIL.com__%$#@.mail’ extension, !@#$_____ISKANDER@TUTAMAIL.COM_____$#@!.RAR extension and the!@!@!@_contact mail___boroznsalyuda@gmail.com___!@!@.psd .mail extension as the new additions.
RotorCrypt Ransomware – Threat Behavior

The RotorCrypt Ransomware infiltrates the system through spam email campaigns where the user receives mails which contain infectious attachments. These attachments are from popular file type extensions such as .doc, .txt, .zip, .pdf, .jpeg etc. that require ‘editing to be enabled’ in the software to open these file. Once the user enables editing the file then sends a command to hacker’s servers which then download the virus payload in the user’s system. These files may also be executable files which will download the virus payload on execution.

The main executable file of the RotorCrypt Ransomware makes changes to the important folders in the victim’s system. The folders that may undergo the changes are %AppData%, %Temp% and %Local%. The ransomware Virus uses windows command prompt and may delete the Shadow Volume copies and may disable system recovery.

Read Full Blog

Apple prohibits cryptocurrency mining apps from its app store!

In a recent change in its guidelines for app developers, Apple prohibited cryptocurrency mining from its App Store. The new rule was applied to all Apple Devices and platforms. Apple was forced to take this step as the cryptocurrency mining apps have to be in active mode always that was draining the battery faster.  These Cryptocurrency apps deteriorated the OS performance by engaging all the major device resources. The heat generated by the device was a cause of concerns for many users.

Apple prohibited Cryptocurrency mining from its app store after it removed Calendar 2 App from the Mac App Store in March. The calendar 2 app had offered the premium services to the users in exchange of cryptocurrency mining on the user’s devices. This was a service infringement to what apple had promised its users in terms of device performance. This app drained the battery and caused the device to heat up while affecting the OS, causing it to lag and freeze.

It was a first from apple when it took action against cryptocurrency mining apps on its app store. Apple made significant changes on how it allowed cryptocurrency apps to function in its app store. The new rules stated by apple in its new guidelines are stated below:

1. Developers who have enrolled themselves as organizations will be allowed to create apps which allow virtual currency wallets.

2. Cryptocurrency mining apps will only be allowed on the device if the cryptocurrency mining is done outside the device i.e. cloud-based mining.

3. Cryptocurrency apps can help users in trading, receiving and paying via these apps only if the apps are approved by a legitimate currency exchange. The apps need to be from the exchange themselves to have credibility for the users.

Read Full Article