Tag Archives: malware

10Fold- Security Never Sleeps- 136

Virulent Android malware returns

“Over 2 million downloads on Google Play”

A strain of malware that had infected over 10 million Android devices in 2016 has been making the rounds again, embedding itself in Google Play applications that may have affected nearly 12 million users. Professionally developed, HummingWhale is a variant of a researcher documented strain hitting the Google store last July.

Court denies U.S. government appeal in Microsoft case

“Appeals court not reconsidering DOJ request for email handover”

An appeals court has refused the Department of Justice’s request to force Microsoft to release thousands of customer emails held outside of the United States. A 4-4 decision by the Second Circuit court refused to rehear a July decision that denied access to a suspected drug dealers account stored on a server based in Ireland. DOJ requests are not new to Microsoft, having been in consistent battles for email requests since early 2013.

Cisco’s web meeting plugin for Chrome has a whopping flaw

“Extension may need security patch”

Users of the Cisco WebEx extension would be keen on ensuring they have installed the 1.03 patch, as security experts have been claiming earlier versions leave considerable vulnerabilities in a users device. Filippo Valsorda (@FiloSottile) has recently tweeted on the matter “…any website could just install malware on your machine silently.”

10Fold- Security Never Sleeps- 122

Hospital info thief malware puts itself into a coma to avoid IT bods

“Healthcare specifically targeted by new Trojan software”

US healthcare organizations have growing concerns over a new malware that can avoid detection by activating a sleep mode for long periods of time. Security researchers project that several thousand groups since 2012 have been hit by what has been termed the ‘Gatak Trojan’ by Symantec, with over 40% of evets occurring within the healthcare sector. Once reactivated, the malware is capable of spreading extensively through the targets network.

Hackers Are Using MailChimp to Spread Malware

“Hackers upping malware distribution techniques”

Email newsletter service MailChimp has been co-opted by many spam and malware distributors to spread various malicious softwares. This is indicative of the ingenuity of those seeking to spread malware who take any opportunity to profit, and validate growing concerns of internet privacy.

Cyberspies Target Taiwan Government, Energy Sector

“’Tropic Trooper’ continues assault on national government”

Palo Alto Networks has reported on a largescale cyber espionage campaign directed towards the Taiwanese government and affiliated organizations. Trend Micro first observed the cybercriminal group in 2012, when Taiwanese officials and military institutions were attacked by the group. In accordance with the 2012 attacks, Trend Micro found that the malware Yahoyah was used to exploit the CVE 2012-0158 Microsoft Office vulnerabilities.

New Malware Lets Hackers Listen To Your Conversations Via Your Headphones

“New malware is capable of ultra-snooping on conversations”

Ben-Gurion University researchers have created “Speake(a)r,” a proof-of-concept code designed to display targeted computer audio and video systems regardless of accessory accessibility. The malware can activate alternative channels to turn on speakers and headphones, picking up vibrations and converting them into electromagnetic signals.

10Fold- Security Never Sleeps- 121

Software in Android Phones Can Send Data to China, Experts Warn

“Secret backdoor allows for information comprise”

Security firm Kryptowire has discovered a secret vulnerability in Android phone software that sends personal data to cybercriminals in China. Information that is sent to the unauthorized third-party is capable of collecting texts and even geographical location.

Flaws Found in Lynxspring SCADA Product

“Defects detected in operating software”

Researcher Maxim Rupp has uncovered glaring vulnerabilities in the automation and management solution providers JENEsys operating system. The BAS Bridge was found to be the most problematic, which connects integration efforts between Modbus TCP/RTU and BACnet IP. Ethernet devices.

New Android Spyware for Governments Found on the Internet

“Originated in Italy, has spread far further”

Malware hunters have observed a new high risk malware that was originally marketed to governments and police forces on the loose on the internet. Researchers released a report Monday that discusses the malicious software’s capabilities, which include recording of video and audio, toggle GPS functions, and steal data from nearly any desired area of the device.

PlayStation Hack Denied Following Complaints From Gamers

“Many players locked out of their accounts”

Over the last two days over one hundred PlayStation Network users have been locked out of their accounts and contacted the Sony Twitter account with complaints. Sony has released a statement to the BBC that PSN has not been compromised had not been hacked amid concerns that the accounts affected had been hijacked, saying; “We routinely monitor for irregular activity, and if such activity is detected, we may sometimes reset passwords of affected accounts to protect users and their account information.”

 

10Fold- Security Never Sleeps- 119

Some Yahoo Employees Knew of Massive Hack in 2014

“Will create more concern in Verizon acquisition”

Yahoo has now admitted that many employees were aware of a state-sponsored hacking attempt that resulted in a critical breach of its network. Personal information from at least half a billion accounts, what is considered to be the largest in history, involved over 200 million usernames and passwords being stolen from users and customers.

Possible Health Data Breach From Employee Laptop

“MGA Home Healthcare notifies patients of possible personal information theft”

Potential data breaches may have occurred with a vendor downloading information in an unauthorized manner while servicing homes. Over 3,000 patient and employee information blocks may have possibly been compromised, left vulnerable in an employee’s vehicle. Law enforcement has been notified and released a statement; “has been conducting a thorough review of the potentially affected records to confirm what information was exposed.”

IoT Worm Can Hack Smart Devices, Prompts Concerns

“Chain reaction can create chain reaction in other devices as well”

A proof-of-concept worm developed by Eyal Ronen, Adi Shamir, and Achi-Or Weingarten of Weizmann Institute of Science, and Colin O’Flynn of Dalhousie that can create insecure web-connected chain reaction hacks is exploiting universal encryption keys over ZigBee networks. This is then capable of moving to other devices via other devices universal keys, able to spread exponentially in what is described as a city-wide basis.

Major Cloud Malware Infested Says Researchers

“Concerns over difficulty identify mount”

Many computer experts are saying that repositories are supplying malware to users, creating a serious epidemic for those using cloud based technologies. Hundreds of buckets have possibly been compromised, says Xiaojing Liao, a graduate student at Georgia Tech who is leading a study that is addressing possible solutions to the issue.

Trump Victory Sparks Fears Over U.S. Encryption, Surveillance Policy

“Donald Trump’s surprise win has brought fears of rights violations, security”

Civil Libertarians and technology companies have voiced serious concern over some of Trump’s potential policies that call for closing down certain parts of the internet to fight Islamic terrorism. Trump won the election Tuesday night, a victory unforeseen by much of the media. The new President-Elect has been a vocal opponent of tech companies being uncooperative with the government on unlocking their technologies to assist with terrorist investigations.

10Fold- Security Never Sleeps- 115

‘Serious’ Windows Vulnerability Found by Google

“Adobe have issued fix, Windows has yet to issue its own patch”

Per Google’s new policy of exposing exploitative problems to the software creator, the firm has issued a public notice to Microsoft regarding sections of code that are capable of being appropriated by cyber criminals. The flaw, described as a “security sandbox escape,” bypasses cyber defense measures and allows malicious or dysfunctional programs to damage of collect sensitive information from the rest of the device. As of now Adobe’s patch for this issue, released October 21st, have been successful at resolving the issue. Microsoft itself has offered no security fix yet.

New Malware for Mirai Botnet Observed

“Coded partially with Tsunami/Kaiten protocol”

A new strain of malware that specifically targets IoT vulnerabilities and converts the into ‘slave’ devices has been released in the last few days by a collective of cybercriminals. ‘Linux/IRCTelnet’ is capable of conducting massive DDoS attacks, using common IoT appliances such as DVR’s, routers, lighting systems, and more, according to a research team on Malware Must Die.

Major ‘upgrade’ for Nymaim Malware

“Includes increased obfuscation and blacklisting softwares”

Verint researchers have observed several new events where the infamous Nymaim malware has been able to use new code based targets for phishing, rather than its original drive-by-download approach. This particular strain of malicious software has been in circulation since 2013, and has managed to stay ahead of threat researchers consistently with various upgrades that give it a leg up on those studying it. With this advantage, attacks have been seen to rise with use of the malware, with over 63 percent more incidents observed over the last year.

UK commits £1.9B to Cyber Security, Many Firms Contracted

“Recent threats from international actor’s prompts concern”

Just over £1.9B has been committed to increasing British cyber security measures after threats against the United States have been made in recent months. Giving new advantages to both defensive and offensive strategies, the new cyber defense plan will contract with both public and private firms to ensure top of the line systems within the next few years.

10Fold- Security Never Sleeps- 112

Chinese firm admits hacked products were behind Friday’s Internet Abnormalities

“Hangzhou Xiongmai Technology vulnerabilities led to attack”

Electronic component manufacturer based in China Hangzhou Xiongmai Technologies has conceded that hackers used its technologies to conduct a massive cyberattack on several substantial United States headquartered internet sites. Mostly known for its production on DVR’s and cameras connected to the internet, weak default passwords of users is noted as a major contributing factor to their vulnerabilities. Security researchers have claimed that the notorious malware Mirai has been infiltrating and using them as a jump off point for Friday’s DDoS attack.

 

DDoS Attack Shows Vulnerable Underbelly Cloud Technologies

“Can a DDoS attack break the internet?”

Friday saw a massive DDoS attack, which commentators have said led to the internet ‘breaking’ for several hours over the course of the early day. Vital corporate applications, business functions and inability to use big name sites, causing public outrage and firm loss. Dyn going offline brought the shutdown of the DNS server, the component that allows users to find sites without directly inputting the IP address.

Beware of Fraudulent BSOD Scammers’ Malware

“Microsoft notifies public of fake installer for Security Essentials”

Tech support scammers have added a new weapon in the cybercriminal bag of tools, now utilizing fake ‘Severe Warning’ notifications and blue screens of death in Windows devices. Hicurdismos, the nickname given to this new malware, disables Task Manager and hides the cursor to deceive the user and suggests the user to call a bogus call center and hoaxes users to give up sensitive information the scammer will exploit for profit.

$7,500 IoT Cannon Sold, Capable of Bringing Down The Web Again

“Worse DDoS attacks expected in the future”

The attacks we got a taste of Friday was bad, but experts are saying these disruptions will get worse in intensity and probably more frequent. This is due to hackers selling access to hacked IoT devices which give their customers the ability to launch cyber events comparable or potentially bigger than what the world had witnessed. Early October also saw the advertisement of a botnet cybercriminals had put up for sale on an underground market forum, a trend that before recently had been quite uncommon. To see a malware program for sale of that caliber has researchers predicting a growth in its usage and security concerns in the future.

 

 

10Fold- Security Never Sleeps- 110

Another Samsung Pay vulnerability discovered

“Security concerns pile on safety concerns”

Samsung now faces critical failures in its security measures to prevent hacking. In August Salvatore Mendoza was able to exploit this security failure, monitor a payment transaction, and make a payment with the stolen information.  This news further damages the brand after news that its new Galaxy Note 7 devices have been reportedly blowing up inexplicably.

Malware Attacks Increasingly Dangerous in New Intel Chips

“Attacks could cause massive damage if failure not patched”

Researchers have developed a formula that can side step critical security measures in the majority of Intel operating systems. It works by randomizing locations in computer memory, allowing hackers to exploit specific groups of code and managing system shutdown to a basic crash instead of serious system failure.

Banks Urged to Install Tougher Security Standards

“Objective to ward off cyber-attacks”

The United States bank regulators are pushing for leading financial institutions to upgrade security systems to a point of complete recovery within two hours of an attack. These new regulations will be finalized after industry talks are completed, aimed at making this a top priority to each firm’s executives. Each institution with over $50 billion worth of assets are targeted for these reforms, as reported by the Federal Reserve.

Election Night Cyber Attack Feared by Media

“Newsrooms vulnerable to attack”

Leading United States news site, including BuzzFeed, Newsweek, and Brian Krebs have recently been vandalized or knocked offline by hackers, showing their susceptibility to malicious hackers that may try to influence the election outcomes. Federal law enforcement agencies are investigating several of these recent attacks, while also lending advice to those in the industry who have yet to be hit.

10Fold- Security Never Sleeps- 109

UK Government Agencies Illegally Spied On Citizens For 17 Years

“Senior judges rule against government and expose programs”

The Investagory Powers Tribunal has investigated a complaint from the Privacy International organization. The Tribunal concluded that the collection that various British intelligence agencies had been engaged in- including the tracking of medical, tax, phone and web records for over 15 years- was not justified under its 1984 Telecommunications Act. The legislation was originally intended to be used as a national security bill, set in place to monitor dangerous criminals, and failed to meet the qualifications to continue the covert surveillance.

‘Dyre’ Re-Surfaces as ‘TrickBot’, Australian Financial services Targeted

“Possibly one of the worst Trojan viruses used against banks”

Australian users are currently being targeted by malicious software Dyre. The virus, now showing itself in the form of a TrickBot, is notorious for the millions in damages it caused since mid-2014 in Western financial circles. While the original malware disappeared in late 2015, it has reappeared with code upgrades that are now making available various stolen bank credentials to access wire transfers to steal from businesses and banks alike.

Magento Malware Hides Stolen Card Data in Image Files

“Innocent looking images become platform for data theft”

Cybercriminals have been running malicious programs through compromised websites on the Magneto platform. Sucuri and RiskIQ have both observed several dozen attacks that ended with the theft of card swiping data and several malicious PHP dumps of data into an image file.

10Fold- Security Never Sleeps- 108

Vulnerabe IBM Code Pulled After Insistence From Security Experts

“Potential to affect several versions of WebSphere”

A researcher who was able to successfully exploit a proof of concept code able to affect WebSphere versions 7, 8, 8.5, and 9 was censored without major damages occurring. Maurizio Aggazini was cooperating with IBM to responsibly patch and censor vulnerabilities experienced in the firm’s products. These include the deserialization of untrusted data sources, causing DoS issues and allowing re,ote execution of hacking.

Half of Androids Able to be Compromised to Seemingly Outdated Malware

“Ghost Push capable on infecting Androids up to version 5”

A fairly dated yet successful malware program known as Ghost Push is reportedly still one of the most widely effective software’s used to exploit unsuspecting users. Cheetah Mobile experts say that the majority of the infections are received from application downloads not installed through the Google Play store. The Trojan program is capable of preventing third parties from gaining root privilege.

UK Firms Could Face Huge Increase in Data Breach Fines in 2018

“New EU legislations could enact harsh penalties”

PCI Security Standards Council is recommending technology companies to bypass extremely increased costs of fines that new legislation from the European Union is poised to enact. In 2015 90% of large scale firms and 74% of SME’s had reported at least one security breach, reaching just about 1.4 billion pounds worth of consumer protection fines. The EU General Data Protection Regulation is set to put harsher regulations into place that will affect firms that will instill penalties of up to €20m.

Hackers Successfully Infiltrate Senate GOP Committee

“Accelerates fears of security vulnerabilities”

While news reports of Democratic Party server hacks run rampant through the press, Republicans have been hit with a particularly devastating cyberattack by Russian operatives. For the last six months, cybercriminals have allegedly been siphoning credit card information from customers in the web storefront of the National Republican Senatorial Committee, selling the data in the black market.

 

10Fold- Security Never Sleeps- 106

Clinton Aide Email Dump from WikiLeaks

“Messages to and from John Podesta released to public”

Despite accusations of Russian influence of the United States presidential elections, WikiLeaks has gone ahead. Over 2,000 emails from Hillary Clinton’s campaign chairman John Podesta have been made public, creating negative press and attacks from political opponents on the former Secretary of State’s campaign. Was released on Friday, the same day several U.S. intelligence agencies blamed Russia for email and election server hacks.

SWIFT Users Targeted by Hackers, Symantec warns

“Second hacking group attempts scams”

Symantec, a cyber-security group, has observed many recent attempts to steal from banks via fraudulent SWIFT messages. This same method had appropriated about $81 million dollars from the Bangladesh central bank in February of this year, constituting a very serious threat to financial security. Malware is used to infect customers and hide fraudulent requests for transfers. Chief Executive of SWIFT Gottfried Leibbrandt informed the public of three attacks and issued a warning that central banks are threatened consistently by such hacks.

Financial Sector Security Guidelines Set by G7

“Intended to protect from cyber-attacks”

A three-page document was released by the Group of seven industrial powers that outlined several concerns and security measures that regulators will begin to enforce on their financial sectors. The recommendations outline new cooperative measures that nations with share, including notification of breaches and basic standards that all firms must meet. The news comes in the wake of policymakers concerns over many high-level hacks plaguing the banking and financial sectors of developed markets.

Malware Abuses Windows Troubleshooting Platform

“Longtime malware infects many firms worldwide”

A malicious backdoor in operation since 2013 has been largely distrivuted through the Windows Troubleshooting Platform, as warned by Proofpoint researchers. ‘LatentBot,’ the name given to the software, was idientified earlier this year and allows cybercriminals to surveil, steal information and gain administration access remotely.