January 21, 2018

Apply Now: British Full Paid Tuition Scholarships in UK at Northumbria University for International Students

The Northumbria University is proud to offer 2 scholarships worth 100% and 3 scholarships worth 50% of year 1 international postgraduate tuition fees to students who apply for a full masters programme. The University’s aim is to grow high-quality research and use it to drive excellence in all of our activities.
Northumbria University, officially the University of Northumbria at Newcastle, is a university located in Newcastle upon Tyne in the North East of England. A former polytechnic, it was established as one of the new universities in 1992. It is a member of the University Alliance and the second University of Newcastle. Today, by putting students at the heart of an outstanding experience, and with world leading research and award-winning partnerships, Northumbria is a new kind of excellent university.
Northumbria is top ten in the UK for the number of graduates entering professional employment and nine out of ten of our graduates are working or studying six months after graduation. We are ranked 21st out of 111 universities in the 2014 Times Higher Education Student Satisfaction Survey.
Course Level: Scholarships are available for pursuing master’s programme.
Study Subject: Scholarships are awarded to study the subjects offered by the university.
Scholarship Award: The University will be awarding 2 scholarships worth 100% and 3 scholarships worth 50% of Year 1 international Postgraduate tuition fees to students.
Number of Scholarships: Total five scholarships are available.
Scholarship can be taken in the UK
Eligibility for the Scholarship:
Eligible Countries: International students can apply for these scholarships.
Entrance Requirements:  You must meet the following conditions to compete for one of the five available scholarships:
  • You must be ordinarily resident in a country outside of the United Kingdom or it’s dependencies and the European Union
  • You must hold an ‘international’ fee status
  • Students who have applied for a Postgraduate programme at the University by 15 November 2017 can apply for a scholarship worth 100% or 50% of the Year 1 international tuition fees
  • You must accept an offer made by the University by following the instructions, which will be sent to you. Please note that students holding both conditional and unconditional offers are eligible to enter
  • You must be joining Year 1 of a Postgraduate programme commencing in January 2018
  • You must not have previously studied at the University
  • You must not be joining the University through an articulation agreement
  • Employees, agents or contractors of Northumbria University are not eligible
English Language Requirements: Applicants whose first language is not English are usually required to provide evidence of proficiency in English at the higher level required by the University.
Application Procedure:
Students must submit an online application for a place on a Programme.
How to Apply:
University will ask you to submit a video lasting no more than 30 seconds which we will share on the University’s social media channels. Your video should answer one key question:
  • Why is Northumbria a great place to prepare for your future?
Application deadline: November 15, 2018

Here is The Top 10 Best Universities in Canada that Offers Fully Funded Scholarship – VISA ASSURED

There is nothing as great as pursuing your studies in Canada. For those who do not have the idea, Canada is among the countries with the most appealing and professional colleges. The history of education in this country has been on top of the game for years. If your wish is to join one of the credible Universities in Canada, then you should not hesitate to apply for a free scholarship.
Here are 10 universities/colleges that offer free scholarships for students in Canada:
1. McGill University, Montréal
The legacy of this university is nothing short of impressive. It is among the oldest universities in Canada and one of those that have a credible image due to the quality of education offered there. You can secure a free scholarship in this university and become the person you have always wanted. 
With some 300 buildings, 40,000 students, 250,000 living alumni, and a reputation for excellence that reaches around the globe, McGill has carved out a spot among the world’s greatest universities. If you’re considering an academic career at McGill, we hope that one day you will count your own pages among them.
2. University of Manitoba, Winnipeg
As a University of Manitoba student, you’ll be challenged to grow, inspired to create and dared to excel. Wherever life takes you after graduation, you’ll be able to apply what you’ve learned, both personally and academically, to make a real-life impact. If you want to study in Canada, your Canadian future begins right here.
This comes as one of the leading higher education institutions in Canada and America as a whole. The scholarship program featured by the school has benefited a large number of students and you can definitely be one of them.

January 19, 2018

Apply Now: 2018 Mitsubishi Corporation Fully Funded Undergraduate & Postgraduate Scholarships in Japan


Deadline: December 18, 2017
Japan Educational Exchange and Services (JEES), with the support of Mitsubishi Corporation (Takehiko Kakiuchi, President, and CEO), is delighted to announce Mitsubishi Corporation International Scholarship for the year 2018.
The aim of the scholarship is to provide financial aid to international students to study in Japan.
The Scholarship is intended to provide support to outstanding foreign students who are studying at Japanese universities and graduate schools at their own expense. It is hoped that this will both help alleviate the financial concerns and enhance the learning effectiveness of the recipients.
Scholarship Description: 
  • Course Level: Scholarships are available to pursue Undergraduate, Master and Doctoral programme.
  • Study Subject: Scholarships are awarded to learn any of the courses offered by the university.
  • Scholarship Award: Undergraduate: ¥100,000/Month, Graduate / Doctorate: ¥150,000/Month.
  • Nationality: Students of any nationality other than Japan.
  • Number of Scholarships: 50 new recipients.
  • Scholarship can be taken in Japan
Eligibility for the Scholarship: 
Eligible Countries: Students of any nationality other than Japan are eligible to apply for this scholarship.
Entrance Requirements: Only applicants who meet all of the following criteria will be considered:
(1) A student with citizenship of a country other than Japan and who are paying their own expenses
(2) Someone who intends to study in Japan as an official undergraduate student, graduate student or doctoral student as of April 2018
(3) Someone in need of financial assistance (someone who pays for a large portion of their own expenses through part-time work, etc.)
(4) Someone who doesn’t receive other scholarships except for loan scholarships, tuition exemption or one-time lump sum scholarships.
(5) Someone who is eligible to receive the Scholarship at least for one year.
(6) Someone who has not received the Mitsubishi Corporation International Scholarship in the past.
(7) A talented, well-behaved individual who is in good health, both mentally and physically
(8) Someone who has a keen interest in societal contribution geared towards international exchange, and who has a strong desire to contribute to the development of the global society both now and in the future
(9) Someone who does not plan to go abroad, as a general rule, for six months or longer during the Scholarship period.
(10) Someone who comes highly recommended by their university.
English Language Requirements: Applicants whose first language is not English are usually required to provide evidence of proficiency in English at the higher level required by the University.
Application Procedure: 
How to Apply: Recommendation Materials
  1. Application Form (Attachment 1): 1 form.
    In principle, this form should be completed in Japanese. However, for students enrolled in courses that are conducted entirely in English, the form may be completed in English
  2. Applicant Photo: 1 photo
    Must have been taken within the last 6 months. 4.0cm length by 3.0 width, upper body included, head uncovered. Write Applicant’s name on the reverse side and attach to the Application Form
  3. Letter of Recommendation from University Head (Attachment 2): 1 form
    Reasons for recommendation should be written by a current professor or other similar person of authority
  4. A copy of the Applicant’s official academic transcript for 2016 1 form
  5. If transcripts are unavailable, the Applicant must attach a written explanation (format not fixed).
Application Deadline: December 18, 2017

Nigerian Scholarship: Apply Now at Nigerian Agip Exploration Limited Application For Graduates


We’ve just received information, that the Nigerian Agip Exploration Limited (NAE), had jointly released information on behalf of the NNPC/NAE/OANDO PSC, inviting applications from suitably qualified, eligible and interested Nigerian graduates for the 2017/2018 Post Graduate Scholarship Award Scheme.
All interested applicants and persons, should note, that the award is categorized in:
Nigerian,
Overseas.
Applicants MUST Do the Following:
Requirement For All Applicants
● All applying candidates are required to possess a minimum of Second Class Upper Bachelor’s Degree from a recognized Nigerian University.
● The Scholarship board also requires all candidates/applicants, that they must have secured admission into a Nigerian or Overseas University (based on the category being applied for) for a one year Master’s Degree programme in any of the disciplines which will be listed below.
● Also take note, that all applicants must not be above 28 years of age by December 2017.
● Applicants must also have completed the one year National Youth Service Corp (NYSC)programme.
● All applying and interested candidates are required to possess an international passport valid for travel at least one year from September.
Recommended: How to Write a Strong Scholarship Application Letter That Works Wonders

Course of Study

Only candidates with offer of admission in disciplines related to the following areas should apply;
● Geosciences
● Engineering (Petroleum, Mechanical, Civil, Sub Sea, Electrical/Electronic, *Marine, Chemical)
● Petroleum Economics
● Law (Oil and Gas/Petroleum) 

How to Apply For this Scholarship

Interested and qualified candidates should have the following documents before starting the application process:
The scholarship board requires all applicants, to clear scanned copies of the following documents:
● Applicants are all required to have passport photograph with white background, which must not be more than 3 months old.
● All interested candidates should note, that they are required to have a valid International Passport Data Page (Valid for travel at least one year from September 2017)
● All applicants should also provide provisional admission letter for post graduate studies 2017/2018 session – National/Overseas.
This admission letter must be for the course stated on the candidate’s application form.
● First Degree Certificate
● NYSC Discharge Certificate
● Label the scanned documents accordingly, to avoid mix up during upload.
● Attach the right documents in the appropriate upload section.
Interesting Candidate Should Click here to apply online

General Instruction

Successful candidates will be contacted with details of the qualifying test via SMS text and e-mail.

Please note of the following mentioned below:

● All shortlisted candidates will be required to take an aptitude test before they’ll be selected for admission.
● The scholarship board also disclosed that only shortlisted candidates will be contacted for the aptitude test.
● All candidates must be in strict compliance with the above guidelines is required.
● Current and past beneficiaries pf similar awards from NAE and other companies and agencies are not qualified.
● Employees of NAE and other affiliate companies and their dependent are not eligible for this scholarship
All applicants must take note, that the completion of the application and test invitation shall not be construed as a commitment on the part of NAE, nor shall it entitle applicants to make any claims whatsoever and/or seek any indemnity from NAE and/or any of its partners by virtue of responding to this invitation to apply for post-graduate scholarship award.

Application Closing Date

The board had yet to reveal the date.

2018 Scholarship: ZJU-UoE Dual Degree Undergraduate Scholarship in UK & China for International Students

Deadline: June 15, 2018
ZJU-UoE Dual Degree Undergraduate is now available for all Non-Chinese students. The Institute provides undergraduate education programmes that produce students with academic excellence, leadership skills, innovative capacity and global vision.
Students who successfully complete the program and meet the requirements of both universities will receive two bachelor’s degrees in their respective major fields: Bachelor of Science (Honours) from the University of Edinburgh and Bachelor of Science from Zhejiang University.
Zhejiang University (ZJU) is one of China’s oldest and most prestigious higher education institutions. Its engineering programs ranked 4th in the “Best Global Universities Rankings 2016” list published by US News & World Report.
Founded in 1583, The University of Edinburgh (UoE) has been providing students with world-class teaching for more than 425 years. It is one of the world’s top universities, consistently ranked in the world top 50, and placed 19th in the 2016/17 QS World University Rankings.
Scholarship Description:
  • Course Level: Scholarships are available to pursue undergraduate programme. (Dual Degree programme)
  • Study Subject: The ZJU-UoE Institute offers all English taught undergraduate academic programmes in integrative biomedical sciences and biomedical informatics, and a Dual PhD programme, and plans to expand into other fields of medicine and science as it grows. Successful students receive biomedical science degrees from both UoE and ZJU when their study is completed.
  • Scholarship Award: Half and Full Scholarships.
Half Scholarship covers:
  • Tuition Waiver: CNY 100,000 per year
  • International student medical insurance: CNY 800 per year. (Relevant medical insurance items can be found at www.lxbx.net).
  • Living allowance: CNY 1,400 per month, 46 months in total.
Full Scholarship covers:
  • Tuition Waiver: CNY 200,000 per year
  • Accommodation on campus: CNY 8,000 per year
  • International student medical insurance: CNY 800 per year. (Relevant medical insurance items can be found at www.lxbx.net).
  • Living allowance: CNY 1,400 per month, 46 months in total.
Duration: 4 years (The scholarship will be reviewed and given on the condition that the student meets the requirements for satisfactory progress toward a degree and follows the rules of the ZJU-UoE Institute.)
  • Nationality: Non-Chinese students
  • Number of Scholarships: University plan to enrol 30 international students. Scholarships are awarded on an individual basis to outstanding students.
  • Scholarship can be taken in China
Eligibility for the Scholarship: 
Eligible Countries: Non-Chinese students are eligible to apply for this scholarship.
Entrance Requirements: Applicants must meet the following requirements:
Applicants shall be aged at 18-30, non-Chinese passport holders, high school graduates, mentally and physically healthy and must obey Chinese law and University’s regulations, and respect Chinese culture and habits.
Minimum requirements:
SQA/HighersIBGCE A-level
ABBB by end of   S5 or ABBBB/AABB from S4-S6, with a minimum of BBB, achieved in one year of   S4-S6, to include Biology and Chemistry. Mathematics and/or Physics are recommended. Qualified applicants are advised to take Biology and Chemistry at Advanced Higher level where possible. National 5: Mathematics at Grade B.   English at Grade C.Overall score of 32 points, including HL Biology and Chemistry, one at Grade 5 and one at   Grade 6. Mathematics and/or Physics are recommended. SL: English at Grade 4   and Mathematics at Grade 4. If you are using English / English Language at SL   as part of the English language requirements, you must obtain Grade 5.ABB, in one sitting, to include Biology and Chemistry. Mathematics and/or Physics are recommended. GCSEs: Mathematics at Grade B or 6 and English at Grade C or 4.
English Language Requirements: Students whose native language is not English should submit official results of TOEFL or IELTS tests. The Admissions teams are seeking students who will be successful in our English-based instructional program.
Application Procedure: 
How to Apply: Submit required materials:
  • Application Form
  • Personal Statement in application form
  • 2 referees – not parents
  • Degree certificate showing highest qualification
  • High school transcripts, scores on recognized tests such as ACT or SAT or IB
  • English Language proficiency
  • and other material indicated on the admissions website
Application deadline: June 15, 2018

Apply For Scholarship: University of Aberdeen International Undergraduate Scholarship in UK


Deadline: August 2018.
The University of Aberdeen is currently accepting applications for International Undergraduate Scholarship for students studying for 4 years or more at the University (excludes Medicine). This scholarship is worth one year’s tuition fee.
The University of Aberdeen aims to provide a secure and happy environment where trained staff provides a variety of spontaneous and planned activities for children to enjoy, which are designed to enable them to develop a wide range of skills and abilities.
The University of Aberdeen is one of the UK’s most internationally distinguished universities. It has a student population of around 14,500 and a large international community of students drawn from 120 different countries.
Scholarship Description: 
  • Course Level: Scholarship is available to pursue undergraduate degree programme.
  • Study Subject: Scholarship is awarded to learn any of the subjects offered by the university excluding medicine.
  • Scholarship Award: This scholarship is worth one year’s tuition fee and is open to all international undergraduate students studying for 4 years or more at the University of Aberdeen (excludes Medicine).
  • Nationality: International students
  • Number of Scholarships: Numbers not given.
  • Scholarship can be taken in the UK
Eligibility for the Scholarship: 
Eligible Countries: Students from all around the world are eligible to apply.
Entrance Requirements: Applicants must meet the required criteria:
  • You must be applying for undergraduate study beginning in September 2018
  • You should be classed as international for the purposes of tuition fees
  • You should be registered on an undergraduate degree (with the exception of Medicine) and have completed three (3) years of study at the University in order to receive the scholarship in your fourth year.
English Language Requirements: To study for a degree at the University of Aberdeen it is essential that you can speak, understand, read, and write English fluently. Read more about specific English Language requirements here.
Application Procedure: 
How to Apply: You will be considered for and notified of the University of Aberdeen International Undergraduate Scholarship as part of the application process. There is no need for an additional application form.
Application Deadline: Scholarship is open for the year 2018/2019 before August 2018.

January 17, 2018

Michaels Talks Cyberattack, Possibly 3 Million Cards Affected a day

Back in January, Michaels Stores Inc. confirmed that it was working with federal law enforcement and conducting an investigation with the help of two independent, expert security firms into the possible fraudulent activity on some U.S. payment cards. The U.S. Secret Service also confirmed that it was investigating a potential data breach at the Irving, Texas-based art-and-crafts chain store. Read: Michaels May Be the Latest to Be Hit in Retail Hack

Now months later, Michaels has confirmed that its systems in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware. Even more, this malware had not been encountered previously by the security firms investigating the breach.

The company has now identified and fully contained the incident.

The affected systems contained certain payment card information about both Michaels and Aaron Brothers customers, such as payment card number and expiration date, according to the company. There is no evidence to suggest that the hackers obtained other personal information like PIN numbers, names and addresses.


"The attack targeted a limited portion of the point-of-sale systems at a varying number of stores between May 8, 2013 and January 27, 2014," states the company's announcement. "Only a small percentage of payment cards used in the affected stores during the times of exposure were impacted by this issue."

Approximately 2.6 million cards may have been impacted, which represents about 7 percent of payment cards used at Michaels stores in the U.S. during the relevant time period, the company revealed. As for Aaron Brothers, 54 stores were affected by malware between June 26, 2013 and February 27, 2014. The company estimates that around 400,000 cards were potentially impacted during this period.

Michaels' announcement said that it has provided data about potentially affected cards to the relevant card brands so they can take appropriate action. The good news here is that Michaels has only received a limited number of reports from the payment card brands and banks regarding fraudulent use of payment cards potentially connected to to the two stores.

"Our customers are always our number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused. We are committed to assisting affected customers by providing fraud assistance, identity protection and credit monitoring services. Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers," said Chuck Rubin, Michaels CEO. "In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers."

Customers who have questions or would like more information, can call (toll-free): 1-877-412-71451-877-412-7145, Monday through Saturday from 8 a.m. to 8 p.m. CDT.

US Government Personnel Network Hacked China SERVER

Government officials told the New York Times that Chinese hackers managed to infiltrate the network of the U.S. Office of Personnel Management, which contains the personal information of all federal employees. The hack took place back in March, and was aimed at acquiring the files of thousands who have applied for top-secret clearance. This information includes previous jobs, foreign contacts, financial data and more.
According to the report, the hackers managed to access several databases before federal authorities detected the hack and blocked them from the network. Currently the personnel agency and Homeland Security have no idea how deep the infiltration goes, nor do they know if the hackers are a part of the Chinese government. An emergency response team was assigned to the case to determine if any personally identifiable information was obtained.
American officials admit that attacks against the United States government servers take place every day, but they rarely succeed, which is why this attempt is a real eyeopener. The Office of Personnel Management is run by a system called e-QIP, which requires personal information when federal employees apply for security clearance. This info is used to determine if the applicant is qualified for security clearances.
The last successful attempt to break into the U.S. government's network took place last year. Hackers gained entry to the Department of Energy and ran off with contractor and employee data. The DOE was forced to reveal the details due to state disclosure laws that require agencies to disclose breaches when personal information is involved; disclosure isn't required when it pertains to the theft of sensitive government data.
One senior government official told the New York Times that the attack can be traced back to China. However, the Chinese point out that the United States isn't any better thanks to Edward Snowden. Snowden revealed that the NSA hacked its way deep into the computer systems of Huawei and ran programs to intercept the conversations of China and its military.
The paper also points out that despite the Obama administration's desire for American companies to come forward with breaches if they involve personal information, that didn't happen with the Office of Personnel Management. Caitlin Hayden, a spokeswoman for the Obama administration, told the paper that the administration has never advocated that all intrusions should be made public.
"We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers’ personal information," Hayden said. "We have also advocated that companies and agencies voluntarily share information about intrusions."
Although the hack wasn't announced to the public, it was revealed to other federal agencies, state governments and local governments. The info was then shared with several members of the security industry. So far there's no evidence that personal information was obtained in the hack.

WordPress Sites Exploited to MailPoet Vulnerability Attacks

Last week, security firm Sucuri reported on a rise in broken WordPress websites. The firm stated that the cause stems from a malicious payload that is being "blindly" injected into the sites' code, thus breaking WordPress websites.

Even more, the infecting PHP code is corrupting legitimate core WordPress files, including plugins and themes. Thus when visitors pull up the infected page, all they will see are various PHP errors. The only way to fix these sites, once the malware has been removed, is to restore the damaged files from backup.

After that report, the firm soon discovered that the attack vector is the MailPoet WordPress Plugin vulnerability, which was disclosed just a few weeks ago.

"Because of the nature of the vulnerability, specifically it's severity, we will not be disclosing additional technical details. The basics of the vulnerability however is something all plugin developers should be mindful of," Securi's Daniel Cid writes. "The vulnerability resides in the fact that the developers assumed that WordPress's "admin_init" hooks were only called when an administrator user visited a page inside /wp-admin/."


Cid said hackers have been using that "admin_init" hook to verify if a specific user is allowed to upload files to the victim WordPress site. Hackers are managing to upload themes with backdoors thanks to a line of php code that doesn't require the user to be authenticated. Through this vulnerability, attackers can inject anything they want on a WordPress website, allowing hackers to deface the website, insert malware and so on. The security firm urged everyone with a WordPress website to update immediately.

"To be clear, the MailPoet vulnerability is the entry point, it doesn't mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website," Cid writes. "All the hacked sites were either using MailPoet or had it installed on another site within the same shared account."

Cid reports that the attack is always the same at first, with the hacker trying to upload a custom, malicious theme to the target site. Once that's in place, hackers then stroll through their backdoor and take full control of the targeted website.

"The backdoor is very nasty and creates an admin user called 1001001," he writes. "It also injects a backdoor code to all theme/core files. The biggest issue with this injection is that it often overwrites good files, making very hard to recover without a good backup in place."

Unfortunately, MailPoet is an extremely popular plugin and has been downloaded around two million times. According to a chart, the infections peaked at just under 3,000 websites, and began to fall on July 22. Cid suggests that WordPress users upgrade the MailPoet plugin immediately (v2.6.7 or later) or remove it altogether to avoid any issues.

Researcher Finds Flaw in Satellite SIGNALS EDURING Assisted Airline Equipment

Cyber security researcher Ruben Santamarta has found a way to hack into satellite communications equipment used on passenger flights, Reuters reports. He is able to do so through inflight entertainment systems and WiFi. Santamarta plans to reveal his method Thursday during the Black Hat conference in Las Vegas.

Santamarta figured out how to hack into the equipment by reverse engineering the firmware. He theorizes that once a hacker gains access to the equipment, they can then hack into the plane's avionics equipment and disrupt or modify satellite communications. In turn, that could interfere with the plane's safety systems and navigation. Read: Virtualization Security Tips: Preventing Hyper Jumping

The good news here is that Santamarta has only performed the hack in a controlled environment; he hasn't taken his knowledge and performed the hack on a real plane. What's more, the hack may be quite difficult to perform in "the real world." Still, there's enough of a problem that Santamarta felt that it needed to be uncovered at the hacking event this week.


Cobham Plc, one of the equipment manufacturers, told Reuters that its Aviation 700 aircraft satellite communications equipment, which was the focus of Santamarta's research, can't be used by hackers to disrupt critical systems on an airplane. A Cobham spokesman said that hackers must have physical access to the company's equipment to cause any commotion.

"In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only," spokesman Grag Caires told Reuters.

According to the Reuters report, Santamarta published a 25 page research report in April detailing multiple bugs that were found in firmware used in satellite communications equipment. This equipment was made by Cobham, Harris, Hughes, Iridium and Japan Radio Co., and used in a number of industries including aerospace and the military. The Santamarta report included ways in which hackers could launch attacks, but the details won't be provided until he presents the report at Black Hat later this week.

However, one of the problems he noted was that hackers can retrieve passwords used in "hardcoded" log-in credentials, which allows service technicians to access any piece of equipment using the same login and password. Hackers can get the password simply by hacking into the firmware.

Hughes spokeswoman Judy Blake told Reuters that hardcoded credentials are necessary. She also said that the worst a hacker could do was disable the communications link.

Syrian Malware :Team Disguises Downloads to Take Over PCs

In a recent blog post by network security vendor, FireEye, the company reported that hacker group Syrian Malware Team (SMT) has released an updated version of the BlackWorm designed to infiltrate western news organizations and sites known to be frequented by anti-Syria activists [ Read: How the Syrian Electronic Army Hacked Forbes ].

The BlackWorm variant is a category of virus called remote access trojan (RAT) and is designed to obtain control over remote systems allowing hackers access to the file systems, computer control and even the ability to damage the hardware by over-clocking. Read: Virtualization Security Tips: Preventing Hyper Jumping

"BlackWorm v2.1 has the same abilities as the original version and additional functionality, including bypassing User Account Control (UAC), disabling host firewalls and spreading over network shares. Unlike its predecessor, it also allows for granular control of the features available within the RAT. These additional controls allow the RAT user to enable and disable features as needed," Wilhoit and Haq write.


One common method the group is using to hide the malware is to use a cleverly disguised GUI tagged with popular vendor names to catch non-technical people into clicking on the links to install the malicious payload. The SMT is targeting popular social media sites and chat services used by anti-Syria activists including Facebook and YouTube. The malware links are disguised as popular applications such as WhatsApp or Viber in the comments of the feeds to target these activists.

SMT also uses social engineering in posting comments on social media sites using keywords such as "scandals" and "shocking disturbing" to attract people to click the links. While most of the downloads can be identified by up to date antivirus applications, the sophistication and structure of the virus download methods shows advanced manipulation designed to avoid detection.

While malware and hacking are not unique, the targets, methods and sponsorship of this latest BlackWorm variant is. According to FireEye, the SMT does not appear to have a direct connection to the Syrian government even though it is pro-Syria; however the group does appear to have ties to the Syrian Electronic Army entity whose place in the Syrian government structure has not been officially identified. While the Syrian Electronic Army has been largely public about its efforts in the hacking community, including hacks on the Twitter accounts of Reuters and Associated Press, as well as redirects of websites for the New York Post and CNN, the SMT has been largely unknown until now.

Breach at HealthCare.gov Raises Security ISSUES

Federal officials announced last Thursday that a hacker succeeded in breaking into a server which was part of the HealthCare.gov website and installed malicious software. A subsequent investigation however, revealed that no consumer data was viewed or stolen during the attack. Read: US Government Personnel Network Hacked; Points to China
While the breach provides fresh talking points to lawmakers who oppose the Affordable Care Act that mandated the site's creation, it may also serve as a wake-up call to other large organizations that are still behind the curve in protecting consumer data, as this breach comes on the heels of other high profile incidents such as last year's breach involving Target and the more recent breach at Home Depot.
According to federal officials, the hacker gained access to a test server used by programmers and that contained no sensitive information. The server was connected to other machines which house more sensitive information, but those servers are said to have much tighter security measures in place. Officials acknowledged that it may have been theoretically possible for the hacker to move through the network and try to view more sensitive information. 

"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security," according to a statement issued by the U.S. Department of Health and Human Services.
The evidence indicates that the hacker intended to install malware on the server and use it for future DoS attacks. In these types of attacks hackers will take over machines and use them to flood targeted websites with massive amounts of traffic with the intention of overloading the site and bringing it down. The hacker was able to easily gain access to the server because it was still configured using a default manufacturer assigned password. The oversight on this particular server was attributed to the fact that the server was never intended to be connected to the internet. 
The production site holds personal data such as names, Social Security number and consumer financial data which would be of great value to hackers. The HHS undertakes daily security scans, and drill-hacking tests and contracts with the Blue Canopy Group LLC for quarterly security audits.

Drupal Fixes SQL Injection Security Vulnerability

The Drupal security team has issued a patch to a major security flaw in Drupal version 7.x. This vulnerability allowed attackers to use SQL injection to compromise the security of a Drupal site. The flaw exists in the database abstraction API, which is designed to prevent just such attacks.

By exploiting this vulnerability, an unauthenticated user on a Drupal site could execute carefully crafted SQL code on the targeted site. These attacks can be used to gain access to usernames and passwords, to create backdoors to a site by inserting malicious data directly into database tables containing the Drupal menu system, or other attacks.

The Drupal Security Team recommends that all current users of Drupal 7 upgrade to version 7.32, which contains the patch to the database abstraction API. Alternatively, Drupal users may also apply this patch.

The following update appeared on Drupal.org shortly after the attack was announced:

“Several hours after the security announcement was released, proof of concept (POC) instructions began appearing in the wild that demonstrate how to exploit the vulnerability. Shortly afterwards, hosting companies began to report a variety of systematic exploit attempts targeting Drupal websites on their platforms. These exploit attempts are ongoing and underscore the need to update all Drupal 7 sites immediately.”


The Drupal security team has received reports from users that some sites have already been patched, even though no one in charge of those sites had actually performed the update. This means that the site has already been compromised by an attacker, according to the security team, and they recommend that the site be taken offline and a full security audit of all Drupal site components be performed.

The vulnerability was discovered in the third week of September by a German PHP security firm, Sektion Eins, while performing a security audit for an unnamed client. Core Drupal security patches are issued on the third Wednesday of every month. According to the FAQ accompanying this release, the security team had considered releasing the patch earlier due to its severity, but the team felt that due to the timing of this issue and its coincidence with Drupalcon Amsterdam, they would release this fix under the normal schedule.

Update: This articles was updated on Oct. 30 to reveal new information.

The maintainers of the Drupal content management system have released a warning to users stating that "any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised."

"Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement," a statement released by the Drupal maintainers on Wednesday says.