Tag Archives: linux

10Fold- Security Never Sleeps- 157

Hackers Are Using NSA’s DoublePulsar Backdoor in Attacks

“‘Equation Group’ threat actor exposed”

 Alleged NSA hacking tool has been used on public users over the past week. ‘DoublePulsar,’ a backdoor program constructed by ‘Shadow Brokers’ hacking group on Friday, contains a password protected archive of even further exploit kits to be used by cybercriminals. Microsoft has commented on the release of this program, announcing that up to date systems are unlikely to be exposed to any risk.

Webroot deletes Windows files and causes serious problems for users

“Manual fix released to address issue”

Webroot consumers had an unfortunate surprise Monday morning when their product began flagging Windows files as harmful. Over 14 pages concerning the issue appeared as comments on the Webroot community forum, prompting a manual fix to be developed by Webroot that has yet to remedy the situation for many affected.

Hipchat resets user passwords 

“Security issues prompt concerns”

HipChat has automatically reset its users passwords after a possible breach may have exposed names, email addresses, and hashed password information. Particular cases may have gained access to message content, although this happened in less than 0.05% of cases.

Hackers uncork experimental Linux-targeting malware

“Four different protocols used”

Cybercriminals are now using a new malware program that attacks Linux systems, dubbed Linux/Shishiga. It uses SSH, Telnet, HTTP, and BitTorrent according to online security researcheres at ESET.

Hard Target: Fileless Malware

“The future of online threat is fileless”

Fileless malware attacks are on the rise. Malware that is either fileless or in-memory pose threats to businesses that are both difficult to recognize and destroy.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 124

Personal email is becoming less personal as hackers, government eye access

“Stakes are higher than ever for data security”

Privacy expert Claire Gartland has been warning of increased risks towards user data of electronic messaging services, most recently with her appearance on CNBC’s ‘On The Money.’ Under the context of the recent United States Presidential Election season, Gartland emphasized the exponential increase in the hacking of public figure hacks and leaks of sensitive information.

Millions exposed to malvertising that hid attack code in banner pixels

“Millions exposed to potential danger”

Malicious ads attacking embed codes in banner pixels have left many mainstream website users at risk of fraud and security concerns. The script remains concealed in the alpha channel that defines the transparency of the pixels. This makes it very difficult for even experienced ad networks to detect. After the malware assesses that adequate security measures are not in use that can detect its presence, the script can redirect the browser to sites that host exploitation in the users security.

Security News This Week: A Botnet Takes Down Nearly a Million German Routers

“New variant detected”

The same botnet malware that temporarily took down several popular websites just a few weeks ago, dubbed Mirai, has returned this week with devastating results. Over 900,000 routers from customers of German ISP Deutsche Telekom were affected and cut off from access to the web. This fuels growing concerns over a new reality of cyber-attacks that may not be preventable.

Latest Android security update fixes Dirty COW, GPS vulnerabilities

“Provides attack mitigation”

Per the monthly updates Android releases, serious security concerns have been addressed for customers. The most recent of these is a privilege escalation vulnerabilities that has been exploitable for over nine years (The Dirty COW, or copy-on-write), since the creation of Linux.

10Fold – Security Never Sleeps – 32

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  Amazon will officially launch is “replenishment” service that will launch on Tuesday. A new linux malware has been discovered that takes a screenshot every 30 seconds. Lastly, two informative articles about the state of bitcoin and Network security vs. app security.

Printer, Washer Automatically Order From Amazon – Publication: USA Today – Reporter name: Elizabeth Weise

The day your house automatically orders whatever you’re running low on came a step closer Tuesday, with Amazon’ launch of what it calls a “replenishment” service. A printer, a washing machine and a blood glucose monitor are the first three products that will automatically order more supplies when they’re close to running out. Beginning Tuesday, selected Brother printer models will track their toner usage and consumption patterns and then – if the user has selected the service – automatically order more from Amazon when levels dip.

Linux Trojan Takes Screenshots Every 30 Seconds – Publication: Security Week – Reporter name: Eduard Kovacs

Detected by Dr. Web products as Linux.Ekoms.1, the malware takes screenshots every 30 seconds and saves them to a temporary folder in the JPEG format using the extension .sst. If the screenshot cannot be saved as a JPEG, Ekoms attempts to save it in the BMP image format. An analysis of the Trojan revealed that its developers are also working on a feature designed to record audio and save the recording in WAV format in a file with the .aat extension in the same temporary folder. While the sound recording feature exists, it’s not active in the Ekoms variant analyzed by Dr. Web.

Network Security VS. App Security: What’s The Diference, And Why Does It Matter? – Publication: CSO – Reporter name: Kacy Zurkus

The risk for that enterprise is in backups, disaster recovery, incident response and any other outsourced unedited, unencrypted, and unaudited connections. Paula Musich, research director, NSS Labs said, “Historically, network security has been focused on ports and protocols, and it has relied on the ability to scan network traffic—typically at the perimeter of the enterprise network.”

R.I.P. Bitcoin. It’s Time To Move On – Publication: Washington Post – Reporter name: Vivek Wadhwa

Not long ago, venture capitalists were talking about how Bitcoin was going to transform the global currency system and render governments powerless to police monetary transactions.  Now the cryptocurrency is fighting for survival.  The reality came to light on Jan. 14, when its influential developer, Mike Hearn, declared Bitcoin a failure and disclosed that he had sold all of his Bitcoins.  The price of Bitcoin fell 10 percent in a single day on the news, a sad result for those who are losing money on it.