Tag Archives: hackers

10Fold – Security Never Sleeps – 98

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Researchers have encountered a denial-of-service botnet that’s made up of more than 25,000 Internet-connected closed circuit TV devices. Scammers are spreading JavaScript malware disguised as a Facebook comment tag notification. The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more.

Large botnet of CCTV devices knock the snot out of jewelry website – Publication: Ars Techinca – Reporter name: Dan Goodin

The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second. The DDoS attack continued for days, causing the Sucuri researchers to become curious about the origins of the attack. They soon discovered the individual devices carrying out the attack were CCTV boxes that were connected to more than 25,500 different IP addresses. The IP addresses were located in no fewer than 105 countries around the world.


Facebook comment tag malware scam targets Chrome users – Publication: SC Magazine – Reporter name: Robert Able

A user will receive a notification in their app and/or in their email about a friend tagging them in a comment and, upon clicking the link, malware is downloaded to their device, according to Hackread. Currently the malware is only targeting Chrome and one analyst on the network question and answer site Stack Exchange said the file is a typical obfuscated JavaScript malware, which targets the Windows Script Host to download the rest of the payload.


Google Accounts Of US Military, Journalists Targeted By Russian Attack Group – Publication: Dark Reading- Reporter name: Sara Peters

A Russian attack group used the Bitly URL-shortener to disguise malicious links in order to carry out spearphishing campaigns not only against the Democratic National Committee, but also against some 1,800 Google accounts of US military and government personnel and others.


New and improved CryptXXX ransomware rakes in $45,000 in 3 weeks – Publication: Ars Technica- Reporter name: Dan Goodin

Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn’t include revenue generated from previous campaigns.

10Fold – Security Never Sleeps – 97

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A remote desktop access service called GoToMyPC was hacked this weekend and is urging all users to immediately change their passwords; The number of network infections generated by some of the most prolific forms of malware — such as Locky, Dridex, and Angler — has suddenly declined; on Friday night a hacker made off with $50 million of virtual currency after hacking the DAO (Decentralized Autonomous Organization); and a new variety of ransomware called RAA has been discovered.

GoToMyPC hit with hack attack; users need to reset passwords – Publication: PCWorld – Reporter name: Nick Mediati

According to a post published to GoToMyPC’s system status page, the remote desktop access service experienced a hack attack this weekend, and it’s now requiring all users to reset their passwords before logging in to the service.


Malware infections by Locky, Dridex, and Angler drop — but why?  – Publication: ZDNet – Reporter name: Danny Palmer

The number of network infections generated by some of the most prolific forms of malware — such as Locky, Dridex, and Angler — has suddenly declined. Instances of malware and ransomware infection have risen massively this year, but cybersecurity researchers at Symantec have noticed a huge decline in activity during June, with new infections of some forms of malicious software almost at the point where they’ve completely ceased to exist.


A $50 Million Hack Just Showed That the DAO Was All Too Human – Publication: WIRED- Reporter name: Klint Finley

Sometime in the wee hours Friday, a thief made off with $50 million of virtual currency. The victims are investors in a strange fund called the DAO, or Decentralized Autonomous Organization, who poured more than $150 million of a bitcoin-style currency called Ether into the project.


New RAA ransomware written in JavaScript discovered – Publication: SC Magazine UK – Reporter name: Doug Olenick

A new variety of ransomware called RAA has been discovered that has the somewhat unusual attribution of being coded in JavaScript instead of one of the more standard programming languages making it more effective in certain situations.

10Fold – Security Never Sleeps – 96

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Russian police have arrested 50 members of an alleged cyber-crime ring that stole more than 3 billion rubles ($45 million) from banks, the country’s biggest ever crackdown on financial hackers. Newly discovered malware ‘IronGate’ is targeting industrial control systems has the researchers who discovered it intrigued and hungry for help from the ICS community to further unravel it. Today, Yahoo became the first company to go public about NSLs it has received without needing to duke it out with the feds in court. Cisco spent $1.4 billion to acquire Jasper in February in its largest acquisition since Robbins took over as CEO. The former Sequoia-backed startup runs the largest commercial network for managing IoT devices.

Russia Detains 50 Suspected Hackers for Malware Bank Attacks – Publication: Bloomberg – Reporter name: Gavin Finch

The gang used malware to create networks of infected computers to launch 18 targeted attacks against Russian banks and state entities over the past year, the Interior Ministry said in a statement on its website.  Police were able to prevent another 2.3 billion rubles of losses, it said. The individual banks weren’t identified.


Shades Of Stuxnet Spotted In Newly Found ICS/SCADA Malware – Publication: Dark Reading – Reporter name: Kelly Jackson Higgins

FireEye researchers today detailed their findings on the so-called Irongate ICS/SCADA malware, which targets a Siemens PLC simulation (SIM) environment—not an operational one—via a man-in-the middle attack on a specific piece of custom PLC SIM code. SIM environments are where engineers test out their PLC code, which means Irongate as-is represents no actual threat to ICS operations, according to FireEye, and there’s been no sign of any attacks or attempts thus far.


Yahoo Publishes National Security Letters After FBI Drops Gag Orders – Publication: WIRED- Reporter name: Kim Zetter

Yahoo received letters in 2013 and 2015 and published redacted versions of them today. Two of the NSLs were sent to Yahoo from a special agent in the bureau’s Dallas office; the third NSL came from an agent in the bureau’s Charlotte, North Carolina office. It’s not clear whether the NSLs involve closed cases or ongoing ones for which disclosure is no longer a problem.  The letters offer no insight into the investigations behind them, and offer little else except a description of the kinds of records the FBI sought. In each case, the FBI wanted the name, address, length of service, activity logs and activity/transaction records for a specific user account.


Cisco is tracking 28 million devices on its IoT network and most of them are cars – Publication: Re/Code – Reporter name: Arik Hesseldahl

And it’s not just cars on Jasper. “It’s robots, it’s EKG machines” and other health care gear, and also robots used in manufacturing. And while the IoT is often criticized for being more hype than useful, Robbins said that Cisco has zeroed in on one significant use: Fixing things before they break. Last year Cisco teamed up with FANUC, a Japanese company building industrial robots, to keep track of how often robots in factories need maintenance. Preventive maintenance on the robots saves money by eliminating costly and unexpected downtime. “It’s turned out to be the killer app” for IoT, he said. “The savings from preventive maintenance is enough to justify the investment.”

10Fold – Security Never Sleeps – 95

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Security researchers at Sophos say that the Myspace hack could be the largest data breach of all time, easily topping the whopping 117 million LinkedIn emails and passwords that recently surfaced online from a 2012 hack. Cyber sleuths at security firm Trustwave have uncovered chatter on a Russian underground malware forum discussing a zero-day vulnerability in “every version” of Windows that is being openly sold for $90,000. A congressional committee has launched an investigation into the Federal Reserve Bank of New York’s handling of the heist of more than $80 million from accounts it maintains for the central bank of Bangladesh. Amazon and Goldman Sachs have become the latest investors to back Ionic Security, as the cyber security start-up looks to expand its reach beyond large companies.

Recently confirmed Myspace hack could be the largest yet – Publication: TechCrunch – Reporter name: Sarah Perez

“We take the security and privacy of customer data and information extremely seriously—especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common,” said Myspace’s CFO Jeff Bairstow, in a statement. “Our information security and privacy teams are doing everything we can to support the Myspace team.” However, while the hack itself and the resulting data set may be old, there could still be repercussions. Because so many online users simply reuse their same passwords on multiple sites, a hacker who is able to associate a given username or email with a password could crack users’ current accounts on other sites.


Windows zero-day flaw that impacts ‘every version’ being sold on Russian forum for $90,000 – Publication: International Business Times – Reporter name: Jason Murdock

According to analysis released by researchers with SpiderLabs, a team of penetration testers and ethical hackers at Trustwave, the security flaw being sold allows attackers to upgrade any Windows user level account to an administrator account, giving them access to install malicious software, gain access to other machines and change user settings. In hacking circles, zero-day vulnerabilities are much sought-after pieces of code previously unknown to anyone that can be exploited to infiltrate or attack a computer system without warning. Previously, a number of these bugs were uncovered in Adobe Flash software after the now-infamous breach at Hacking Team.


Congress launches probe of NY Fed over handling of $80M cyberheist – Publication: CNBC- Reporter name: Eamon Javers

In a letter to New York Fed President William Dudley on Tuesday, House Science Committee Chairman Lamar Smith, R-Texas, asked for “all documents and communications” related to the cyberheist from the Bank of Bangladesh account. The committee also wants to know what oversight the Fed has conducted of the SWIFT system, an international electronic messaging system used by banks worldwide to authorize billions of dollars a day in money transfers.


Goldman and Amazon back cyber security start-up Ionic Security – Publication: Financial Times – Reporter name: Hannah Kuchler

Amazon is becoming an equity holder via a partnership that will also allow customers of Amazon Web Services, its fast-growing cloud data center business, to use Ionic’s technology to secure data in the cloud and on their own on-premise servers. Adam Ghetti, chief executive of Ionic Security, said the company had already seen “tremendous interest” in its partnership with AWS in Europe. Companies on the continent have become increasingly nervous about which country has sovereignty over their data since leaks by Edward Snowden, a former contractor to the US National Security Agency, exposed a mass surveillance program in 2013.

10Fold – Security Never Sleeps – 93

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Hackers appear to have made off with the equivalent of $2 million in digital currencies from Gatecoin, according to a notice posted on the exchange’s website. The cyberattack that knocked hundreds of school networks offline in Japan last week had at least one novel feature: It was allegedly instigated by a student. DMA Locker fixes known flaws and adopts new exploit kit-based distribution model.

Hackers Steal $2 Million From Bitcoin Exchange In Hong Kong, Bounty Offered To Recover Funds – Publication: Forbes – Reporter name: Robert Olson

Gatecoin is an exchange and trading platform for a range of digital currencies. It was cofounded in July 2013 by Menant, a former investment banker with Societe Generale, J.P. Morgan and BNP Paribas . Menant is also a founding member of the Bitcoin Association of Hong Kong, which seeks to foster and promote Bitcoin and its technology. “Criminals understand cryptocurrency better than almost anyone, which probably helps explain some of their success in this area,” Bryce Boland, Chief Technology for Asia Pacific at FireEye, said in an e-mail. “Unfortunately we’re going to see many more of these incidents before things get better.”


Who’s hacking schools now? The students – Publication: CNBC – Reporter name: Harriet Taylor

In the U.S., Rutgers, Arizona State University and the University of Georgia have had denial-of-service attacks in the past year. These attacks are often so effective that they completely overwhelm networks and prevent students, teachers and administrators from being able to log on. This wreaks havoc on large administrations and results in delays, for example, in class registration and final exams.


New DMA Locker ransomware is ramping up for widespread attacks – Publication: CSO – Reporter name: Lucian Constantin

Previous DMA Locker versions did not use a command-and-control server so the RSA private key was either stored locally on the computer and could be recovered by reverse-engineering, or the same public-private key pair was used for an entire campaign. This meant that if someone paid for the private RSA key, that same key would work on multiple computers and could be shared with other victims.


4 Ways to Protect Against the Very Real Threat of Ransomware – Publication: Wired – Reporter name: Kim Zetter

Any company or organization that depends on daily access to critical data—and can’t afford to lose access to it during the time it would take to respond to an attack—should be most worried about ransomware. That means banks, hospitals, Congress, police departments, and airlines and airports should all be on guard. But any large corporation or government agency is also at risk, including critical infrastructure, to a degree. Ransomware, for example, could affect the Windows systems that power and water plants use to monitor and configure operations, says Robert M. Lee, CEO at critical infrastructure security firm Dragos Security. The slightly relieving news is that ransomware, or at least the variants we know about to date, wouldn’t be able to infect the industrial control systems that actually run critical operations.

10Fold – Security Never Sleeps – 91

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: DNI head James Clapper told a Washington audience Wednesday that the intelligence community is grappling with the “internet of things” — devices and appliances that can be wirelessly connected to the web and can provide access for hackers or foreign spies. Updates released by Cisco for the AsyncOS operating system powering the company’s Web Security Appliance (WSA) address several high severity denial-of-service (DoS) vulnerabilities. Researchers at MIT and Oxford University have shown that the location stamps on just a handful of Twitter posts can be enough to let even a low-tech snooper find out where you live and work. A senior lawmaker Wednesday hinted that nations not doing enough to stop ransomware groups from operating within their countries should be treated in the same way that the US treats countries that sponsor terror groups.

Clapper: My hearing aids needed security clearance – Publication: CNN – Reporter name: Nicole Gauette

The intelligence community is trying to figure out how it should operate on a wireless basis, Clapper said, in ways that are secure. It’s a particular challenge “in terms of dealing with millennials who are quite used to that,” he added. “We’re trying to come up with a policy on this, some governance that is consistent across the enterprise, that at the same time will allow for latitude for technology to change — because it will,” he said. The country’s top intelligence official said that as the internet of things grows more common, the 10.3 billion end points now in existence are expected to mushroom to 29.5 billion by 2020 in an industry that will be worth $1.7 trillion.


Cisco Patches Serious Flaws in Web Security Appliance – Publication: SecurityWeek – Reporter name: Eduard Kovacs

One of the vulnerabilities (CVE-2016-1380) is caused by the lack of proper input validation for packets in an HTTP POST request. A remote, unauthenticated attacker can cause the appliance to reload by sending it a specially crafted HTTP POST request. The second security hole (CVE-2016-1383) is related to how the operating system handles certain HTTP response code. An unauthenticated attacker can remotely cause a DoS condition by sending a specially crafted HTTP request to the targeted device, causing it to run out of memory.


Got privacy? If you use Twitter or a smartphone, maybe not so much – Publication: CIO – Reporter name: Katherine Noyes

The researchers set out to fill what they consider knowledge gaps within the National Security Agency’s current phone metadata program. Currently, U.S. law gives more privacy protections to call content and makes it easier for government agencies to obtain metadata, in part because policymakers assume that it shouldn’t be possible to infer specific sensitive details about people based on metadata alone. This study, reported in the Proceedings of the National Academy of Sciences, suggests otherwise. Preliminary versions of the work have already played a role in federal surveillance policy debates and have been cited in litigation filings and letters to legislators in both the U.S. and abroad.


Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says – Publication: Dark Reading – Reporter name: Jai Vijayan

Richard Downing, deputy attorney general at the US Department of Justice and one of the witnesses at the hearing, characterized the scope of the ransomware problem as “staggering.” One of his recommendations is for Congress to enact legislation that will close loopholes in existing laws and make it easier for FBI and law enforcement in general to pursue and prosecute those involved in ransomware schemes. Current statutes such as the Computer Fraud and Abuse Act (CFAA) already make it a crime for people to create botnets by breaking into computers or using a botnet to carry out ransomware attacks. But the law is less clear on the implications for people who might be renting or selling a botnet but are not actually using it, he said.

10Fold – Security Never Sleeps – 90

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Another data set from the 2012 LinkedIn hack, which contains over 100 million LinkedIn members’ emails and passwords, has now been released. Washington US District Judge Robert Bryan has thrown out Mozilla’s request for the security flaw’s details. Cybercriminals can call on an extensive network of specialists for “business” expertise, including people who train and recruit, launder money, and provide escrow services, according to HPE. RunKeeper announced Tuesday that it had found a bug in its Android code that resulted in the leaking of users’ location data to an unnamed third-party advertising service.

117 million LinkedIn emails and passwords from a 2012 hack just got posted online – Publication: TechCrunch- Reporter name: Sarah Perez

As you may or may not recall, given how much time has passed, hackers broke into LinkedIn’s network back in 2012, stole some 6.5 million encrypted passwords, and posted them onto a Russian hacker forum. Because the passwords were stored as unsalted SHA-1 hashes, hundreds of thousands were quickly cracked. Now, according to a new report from Motherboard, a hacker going by the name of “Peace” is trying to sell the emails and passwords of 117 million LinkedIn members on a dark web illegal marketplace for around $2,200, payable in bitcoin. In total, the data set includes 167 million accounts, but of those, only 117 million or so have both emails and encrypted passwords.


Mozilla fails to get the details on the FBI’s malware hack – Publication: Engadget – Reporter name: Mariella Moon

If you’ll recall, the FBI seized the server of a child porn website on the Tor network called Playpen in early 2015. They then used a flaw in the Tor browser, which is based on Mozilla Firefox, to install malware that pointed agents to users’ locations. They nabbed over a hundred people from that sting, including a defendant in one of Bryan’s cases. Mozilla asked for the vulnerability’s details when Bryan ordered prosecutors to disclose the flaw to that defendant’s lawyers.


Cybercriminals are launching their own HR departments – Publication: PC World- Reporter name: Grant Gross

Cybercriminals are increasingly taking a business-based approach toward their activities, with some organizations developing in-house training, disaster recovery, and other business functions, and others contracting for those services in the underground marketplace, said Shogo Cottrell, a security strategist with HPE Security. Cybercrime is maturing as a business model, he added. Some criminal hacking businesses offer 24-by-seven telephone support, others offer money-back guarantees on their products, Cottrell said.


RunKeeper acknowledges location data leak to ad service, pushes updates – Publication: Ars Technica – Reporter name: Cyrus Farivar

Like other Android apps, when the Runkeeper app is in the background, it can be awakened by the device when certain events occur (like when the device receives a Runkeeper push notification). When such events awakened the app, the bug inadvertently caused the app to send location data to the third-party service.

10Fold – Security Never Sleeps – 87

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Vanguard Cybersecurity owner David Michael Levin was charged with three counts of unauthorized access to a computer, network, or electronic device of a Florida county and released on $15,000 bond–the reason for this is because he leveraged pilfered credentials of the county’s supervisor of elections to show security concerns of the county’s elections website. Researchers at security firm Check Point discovered a new Android malware that will automatically join the smartphone to a botnet which disguise ad clicks to generate money. Investigations by the FBI has led to evidence that at least one employee of Bangladesh’s central bank was involved in the theft of $81 million from the bank. However, bank officials still partly blame the SWIFT financial network that allegedly left loopholes for hackers.

How a security pro’s ill-advised hack of a Florida elections site backfired – Publication: Ars Technica – Reporter name: Dan Goodin

A Florida man has been slapped with felony criminal hacking charges after gaining unauthorized access to poorly secured computer systems belonging to a Florida county elections supervisor.


New Android malware poses as popular game, but enlists phones into botnet – Publication: ZDNet – Reporter name: Zack Whittaker

Tens of thousands of Android users are thought to have fallen victim to a newly-discovered malware, which enlists devices as part of a hacker-controlled botnet. The malware is dubbed “Viking Horde,” after one of the popular apps it poses as. The sophisticated malware campaign consists of a number of games and apps that are readily available through Google Play, the app store for Android devices.


Bangladesh central bank hack may be an insider job, says FBI – Publication: ComputerWorld – Reporter name: John Ribeiro

The U.S. Federal Bureau of Investigation has found evidence that at least one employee of Bangladesh’s central bank was involved in the theft of $81 million from the bank through a complex hack, according to a newspaper report.

10Fold – Security Never Sleeps – 86

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Starting today Google will start sending out notifications to employees about a data breach that occurred at a third party company that they do business with for their benefit management services. Babycare retailer Kiddicare has warned customers that personal data shared with the store has been stolen by hackers. Cyber Security Breaches Survey 2016 reveals that of those hit by cyberattacks, a quarter experience a repeated breach at least one a month. Experts are skeptical over the alleged 272 million credentials that were discovered last week, both Google and a Russia-based e-mail service unveiled analyses that call into question the validity of the security firm’s entire report.

Google suffers data breach via benefits provider – Publication: CSO – Reporter name: Dave Lewis

In the Google case, the whoops factor was curtailed and the damage was limited. There were names and Social Insurance Numbers in the document in question but, that didn’t leak beyond that immediate parties according to the breach notification letter which is due out today. Even though the issue was contained, Google is providing credit monitoring for affected parties.


Babycare e-tailer Kiddicare admits customer data breach – Publication: The Register – Reporter name: John Leyden

The compromised data is restricted to name, delivery address, telephone number and email address, according to Kiddicare, which is keen to stress that customer payment details or credit/debit card information has not been accessed.


Two thirds of large businesses have suffered a data breach in the past year – Publication: ZDNet- Reporter name: Danny Palmer

The proportion of businesses that have suffered a breach declines as the organization gets smaller: 51 percent of medium firms said they’d been the victim of an attack, compared to 33 percent of small firms, while just 17 percent of micro firms say they’d suffered a data breach. This could be because smaller firms are less attractive targets to hackers, or perhaps because they lack the skills to recognize a breach has taken place.


Garbage in, garbage out: Why Ars ignored this week’s massive password breach – Publication: Ars Technica – Reporter name: Dan Goodin

What has been clear all along to anyone paying attention is that the plaintext credentials recovered by Hold Security almost certainly didn’t come from hacks on the e-mail providers. Instead, they most likely were collected by hackers who hit dozens, hundreds or thousands of third-party Web services over the years and dumped the account databases into a single list.

10Fold – Security Never Sleeps – 85

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Cybersecurity professionals warn that anyone with a personal email account might want to change their passwords following revelations of a massive cache of stolen usernames and passwords being offered for sale on the Internet. Fiat Chrysler Automobiles Chief Executive Sergio Marchionne said Friday FCA and Alphabet Inc’s Google have yet to determine who will own data collected in their collaboration on testing self-driving vehicles. Hackers caused disruption to a Locky campaign after they breached one of the attackers’ server and replaced the real ransomware with a harmless file containing the string “Stupid Locky.” For the past five years, a vulnerability in many Android phones has left users’ text messages, call histories, and possibly other sensitive data open to snooping, security researchers said Thursday.

Cyber Experts: Change Passwords After Massive Hack – Publication: NBC News – Reporter name: Tom Costello

The thefts involved some of the biggest email providers in the world such as Google, Yahoo, Hotmail and Microsoft. The bulk of the stolen accounts—some 272.3 million—include Russia’s Mail.ru users, according to Alex Holden, founder and chief information security officer of Hold Security who discovered the theft. “We know he’s a young man in central Russia who collected this information from multiple sources,” Holden told NBC News. “We don’t know the way he did it or the reason why he did it.” The user names and passwords were being offered for sale on the so-called “dark web” where hackers hock their goods.


Fiat Chrysler CEO: Data ownership unclear in working with Google – Publication: Reuters- Reporter name: Bernie Woodall

Earlier this week, FCA and Google announced that they would align to fit 100 of the Pacifica minivans made at Windsor for Google’s self-driving test fleet. Marchionne said there are many aspects of the project with Google that have yet to be determined, such as whether the two will develop an open-source software platform that could be shared with others. Marchionne said that what has been agreed so far with Google is limited, but he suggested that the alliance could evolve.


Hackers Disrupt Locky Ransomware Campaign – Publication: SecurityWeek – Reporter name: Eduard Kovacs

According to Avira researcher Sven Carlsen, the attack started with a spam email designed to trick recipients into opening an attachment by informing them of an unpaid fine. The attached file is actually a malware downloader configured to fetch the Locky ransomware from a server whose location is determined based on a domain generation algorithm (DGA). The downloader then executes the file. However, in the attack analyzed by Avira, the downloader did not fetch Locky and instead it downloaded a 12Kb executable containing the message “STUPID LOCKY.” Since the file did not have a valid structure, the downloader failed to execute it, resulting in an error message being displayed.


Critical Qualcomm security bug leaves many phones open to attack – Publication: Ars Technica – Reporter name: Dan Goodin

The flaw, which is most severe in Android versions 4.3 and earlier, allows low-privileged apps to access sensitive data that’s supposed to be off-limits, according to a blog post published by security firm FireEye. But instead, the data is available by invoking permissions that are already requested by millions of apps available in Google Play. Company researchers said the vulnerability can also be exploited by adversaries who gain physical access to an unlocked handset. Indexed as CVE-2016-2060, the bug was first introduced when mobile chipmaker Qualcomm released a set of programming interfaces for a system service known as the “network_manager” and later the “netd” daemon.