10Fold – Security Never Sleeps – 50

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerA new Android Trojan named Xbot, is capable of stealing banking information and remotely locking the device and then requesting a ransom to release the data from external storage. Linux mint forum users who downloaded and installed a copy of the software on Saturday could potentially be compromised by hackers. Companies are now paying for data mining on their own employees healthcare data. Comodo Internet Security suite has found flaws in the VNC server that allows hackers to remotely run different sandboxes throughout the operating system.

New Trojan Xbot A Swiss-Army Knife Of Malicious Features Publication: Dark Reading Reporter name: Jai Vijayan

The creators of a new Android Trojan dubbed Xbot that has begun targeting victims in Australia and Russia appear to have thrown in everything but the kitchen sink into the malware. Security vendor Palo Alto Networks, which sounded the alert on it this week, described Xbot as capable of taking a variety of malicious actions, including stealing banking credentials and credit card data, remotely locking Android devices, encrypting data on external storage, and asking for ransom. Xbot can also steal SMS messages and contact information from Android devices that it infects, intercept SMS messages before they hit the device, and extract the mobile transaction authentication numbers that banks sometimes require when logging into accounts.


Linux Mint hit by malware infection on its website, forum after hack attack Publication: Ars Technica Reporter name: Kelly Fiveash

Linux Mint forum users, and anyone who downloaded and installed a copy of the 17.3 Cinnamon edition on Saturday have probably been compromised by hackers and need to take action immediately, the distro’s creator has warned. Clem Lefebvre, confirmed in a blog post that the “intrusion” had taken place over the weekend. He said: “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.” The resultant malware infection had only affected ISOs downloaded from the Linux Mint site on Saturday, February 20. “As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition,” Lefebvre said. However, by Sunday it was a different story, with Linux Mint confirming that its forums database had also been targeted in the hack of its systems.


Security This Week: Employers Are Paying Data Firms to Predict Your Health Risks Publication: Wired Reporter name: Yael Grauer

Employee wellness firms and insurers are working with companies to mine sensitive health data about workers like you: such as which prescription drugs you use, whether you vote, how you shop—all in order to predict your health needs and risks. If that isn’t unsettling enough for you, one wellness firm can predict impending pregnancies by looking at when a woman fills—or stops filling—her birth control prescriptions, her age, and the age of any children she already has.


More insecure security software: Comodo’s on-by-default VNC app Publication: Ars Technica Reporter name: Peter Bright

Comodo Internet Security is a security suite that includes anti-virus, firewalling, and sandboxing to allow applications to be run in a notionally secure unprivileged environment. By default, it also includes a component called GeekBuddy. GeekBuddy is a VNC server, providing full remote access to your system. In May of 2015 it was pointed out that this VNC server was running without a password—yes, really—providing, at the very least, local privilege escalation. Sandboxed applications such as Google Chrome, or even those running in Comodo’s own sandbox, could connect to this VNC server and have full access to your system. With the right (or rather, in this case, wrong) network configuration, the VNC server might even be exposed to remote attackers.