Tag Archives: mac

10Fold- Security Never Sleeps- 160

And Now a Ransomware Tool That Charges Based On Where You Live

“Fatboy making rounds on Crimeware forums”

Recorded Future has been monitoring malware and its effects in less developed nations, reporting the discrepancies between charges made on victims living in wealthier countries.

Software Download Mirror Distributes Mac Malware

“Distributes a RAT for Mac devices”

The download mirror server for HandBrake, a video converting tool, was recenty compromised to distribute a RAT to Mac computers. Security alerts were posted on the firms website, announcing that between Tuesday and Saturday of last week Mac users may have downloaded compromised software. HandBrake suggests all users verify any downloads before running them.  

Google Researchers Say They Found A ‘Crazy Bad’ Windows Bug

“Weaknesses observed in Edge and Internet Explorer browsers”

Many popular browsers and antivirus programs have weaknesses, recently reported by Project Zero. Natalie Silvanovich, former security researcher at BlackBerry, leaked the story via Twitter over the weekend.

Phishing Scams Cost American Businesses Half A Billion Dollars A Year

“Over 22,000 incidents in the last three years”

Since October of 2013 more than $1.6 billion has been scammed from American firms. All states have been affected, and there does not see to be any obserable trend in the specific type of firms targeted.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 159

TrickerBot Trojan Targets Private Banking

“New Trojan software focuses on banking”

IBM’s X-Force security team have confirmed the existence of a new TrickBot malware program that has been attacking business banking accounts. Many incidents have been seen in the UK, Australia, and other advanced economies that have many private banks and wealth management firms.

New Mac malware spies on your web traffic

“Capable of operating on all versions of OS currently”

OSX.Dok, a new Mac malware that can spy on a victims web traffic, has been observed on all versions of OS. The virus is still capable of avoiding detection by VirusTotal and was only until recently associated with a certified Apple developer that is authenticated by Apple. Apple has since revoked the certification.

IBM warns of malware on USB drives shipped to customers

“Storwize storage systems may contain malware”

IBM has directed all customers that have purchased any USB flash drives with the Storwize installation tool to destroy the product, as they likely contain an unspecified malware code. The devices include any flash drives utilizing the V3500, V3700, and V5000 Gen 1 systems.

info potentially compromised after Victoria University data breach

“Students and faculty info at risk”

Wellington’s Victoria University appears to have been hacked, potentially leaving the sensitive information of both students and staff available to cybercriminals. The National Cyber Security Centre and other security consultants have begun to assess the extent of the damage done, but recommend all who may have been affected to immediately revise their passwords.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 146

WikiLeaks releases ‘entire hacking capacity of the CIA’

“Over 8,000 pages disclosed”

WikiLeaks has released what is being called the entire hacking capacity of the CIA in a large data dump on Tuesday. Within the 8,761 documents included in ‘Vault 7’ were acquired from a ‘high-security’ CIA network from the Center of Cyber Intelligence in Virginia. The group of data had been “circulated among former U.S. government hackers and contractors,” and was released to WikiLeaks by one of these contractors.

StoneDrill wiper malware finds new targets

“European and Middle Eastern hard drives affected”

Wiper malware has made a huge come back from it’s 2012 debut, attacking several targets in multiple continents. Security experts worry over the maware’s past, citing the Shamoon attack against Saudi Aramco which resulted in the loss of 30,000 workstations and their data. “Dark Seoul Gang” have more recently used the software to attack South Korean bank hard drives and facilities maintaining broadcasting and financial services.

macOS RAT Uses 0-Day for Root Access

“Unpatched zero-day vulnerability used to gain remote access to devices”

Currently being advertised in one of the leading underground markets, the RAT Proton was found on a cloned Russian cybercrime message board. Sixgill researchers report that it is being offered for two bitcoins, or roughly $2,500 for single installations, a cause for concern among those that use MacOS products.

Why email is safer in Office 365 than on your Exchange server

“Running your own servers doesn’t do much for security it seems”

Bypassing the complicated management and monitoring of private servers isn’t the only plus to a cloud service application. The sheer scale of cloud-based mail providers, such as Office 365, have the capabilities to prevent advanced malware and phishing attempts making them easier to spot, along with other protections.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 134

Attackers start wiping data from CouchDB and Hadoop databases

“Ransomware groups affect data storage firms”

The inevitable attack from ransomware organizations occurred over the last week, most recently with a data wipe from the databases of MongoDB and Elasticsearch clusters. Hadoop and CouchDB are also experiencing similar attacks.

New Mac malware uses ‘ancient’ code 

“New strain targets biomedical facilities with OS X”

An antiquated strain of malware ‘Quimitchin’ has been discovered by Malwarebytes after unusual outgoing traffic from an outdated Mac operating system was spotted by an IT admin. The research team commented that “in existence, undetected, for some time.”

Billion-dollar Hacker Gang Abuses Google Services To Control Malware

“Over $1 billion stolen from banks globally”

A new Forcepoint report indicates that operators of Carbanak have implemented a new system that allows the cyber-criminals to deliver commands to computers that have suffered from the infection. The infections often spreads through unprotected Google Spreadsheets and Google Forms.

Mobile Security Gap Threatens Enterprises

“New mobile tech causing security concerns”

Two new surveys of IT experts show that malicious software is on the hotlist for researchers. A Ponemon Institute study on behalf of IBM and Arxan found that nearly 84% of IT security practitioners believe that mobile applications are vulnerable to malware threats. IoT application researchers share the concerns at 66%, although at a lower rate.

10Fold – Security Never Sleeps – 30

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  New information released on the Hyatt data breach shows that 250 hotels worldwide and 100 US hotels were infected with the point of sale malware from July all the way to December 2015. Updates on the Mac vulnerability, gatekeeper, shows that it is still an ongoing threat to macs because of how easy the malware workaround is. EU court ruling declared that employees private messages can be accessed and read by the employer completely legally. Lastly, a blog written by Brian Krebs that  illustrated the threat that ransomware has on cloud services and those who hold all their information in the cloud face.

Hyatt Says 250 Hotels Had Malware Last Year – Publication: ABC News – Reporter name: Joseph Pisani

Hyatt said Thursday that it found malicious software in about 250 of its hotels that may have exposed customers’ credit- and debit-card numbers and other information to hackers. It’s the first time the hotel operator has listed the hotels affected since it announced it found malware at its hotels in December. Hyatt said the malware was found at many of its brands, including the Park Hyatt, Hyatt Regency and Andaz. About 100 of the hotels affected were in the U.S. The rest were abroad in cities including London, Paris and Shanghai.

How Malware Developers Could Bypass Mac’s Gatekeeper Without Really Trying – Publication: Ars Technica – Reporter name: Dan Goodin

In September, Ars reported a drop-dead simple exploit that completely bypassed an OS X security feature known as Gatekeeper. Apple shipped a fix, but now the security researcher who discovered the original vulnerability said he found an equally obvious work-around. Patrick Wardle said the security fix consisted of blacklisting a small number of known files he privately reported to Apple that could be repackaged to install malicious software on Macs, even when Gatekeeper is set to its most restrictive setting. Wardle was able to revive his attack with little effort by finding a new Apple trusted file that hadn’t been blocked by the Apple update.

EU Bosses Can Snoop On Your Private Messages At Work – Publication: Forbes – Reporter name: Theo Priestly

Employers in the European Union can read employees’ private messages sent via online chat and webmail accounts during working hours, EU judges have ruled. The European Court of Human Rights (ECHR) said that a Romanian employer firm that read a worker’s Yahoo Messenger chats sent while he was at work was within its rights. According to the BBC, the employee, an engineer, “had hoped the court would rule that his employer had breached his right to confidential correspondence when it accessed his messages and subsequently sacked him in 2007.”

Ransomware A Threat To Cloud Services, Too – Publication: Krebs on Security – Reporter name: Brian Krebs

Ransomware — malicious software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services. More importantly, the malware that scrambled their files — a strain of ransomware called TeslaCrypt, contained a coding weakness that has allowed security and antivirus firms to help victims decrypt the files without paying the ransom. Users over at the computer help forum BleepingComputer have created TeslaDecoder, which allows victims to decrypt files locked by TeslaCrypt.