Tag Archives: malware

10Fold-Security Never Sleeps- 185

Dow Jones is the latest company to expose customer records on a cloud server

“2.2 million records left unsecured”

DowJones & Co. are the latest in a sequence of large firms to leave massive amounts of private customer data on unsecured cloud servers. Similar to the Verizon error recently, Dow Jones consumer data was found publicly in an Amazon Web Service S3 bucket discovered by Chris Guard of UpGuard Inc.

GhostCtrl malware silently haunts Android users, hijacking functionality

“Versatile remote access Trojan growing in infection”

Researchers have found GhostCtrl, a highly adaptable trojan malware that steals sensitive information and is capable of performing ransomware attacks. The backdoor is part of a massive campaign that involves RETADUP.A, according to Trend Micro.

A Single Extreme Cyberattack Could Cost the U.S. More than Hurricane Katrina

“U.S. Economy incredibly vulnerable”

An increase in global ransomware attacks has prompted Lloyds of London to publish a report on the state of danger that the U.S. faces in regards to cybersecurity. Published with Cyence, the report speculates that the U.S. stands to lose as much as $121.4 billion.

The best of Black Hat: The consequential, the controversial, the canceled

“Review of the acclaimed conference”

Black Hat has gained a reputation over two decades as a conference that demonstrates much of the cutting-edge research in information security and industry trends that began in Las Vegas and has extended to annual events globally. This year, the event also had its share of controversy stemming from last minute cancellations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 177

More than half of major malware attack’s victims are industrial targets

“Petya intended effects examined”

Kaspersky Labs has released a new report with some grand insights in the Petya malware attack. First appearing as a widespread ransomware attack, it became clear later into the ordeal that the spread was more intended for destruction rather than financial gain. Kaspersky reported specifically that financial sectors were the most affected, as well as manufacturing or oil mechanisms.

Hacking Factory Robot Arms for Sabotage, Fun & Profit

“Could open a new world of ‘Subtle Blackmail'”

Black Hat talk will discuss how cybercriminals could manipulate robotic arms and create defects in vital products. Security researchers have been accumulating cache’s of big discoveries about IIoT vulnerabilities, and Black Hat is planning on continuing their release to raise awareness of critical flaws in infrastructure, power grids, and gas pipeline controls.

General Data Protection Regulation (GDPR) requirements, deadlines and facts

“EU legislation lowdown” 

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states, and non-compliance could cost companies dearly. This article details what every company that does business in Europe needs to know about GDPR.

Online fraud costs public billions but is still not a police priority, says watchdog

“Policing institutions not enforcing rules effectively”

The National Audit Office has claimed that various policing and regulatory agencies were insufficiently addressing the issue of online fraud. The NAO says that for most police forces the incidents are: “not yet a priority” and the problem had been overlooked by government, law enforcement and industry.

10Fold- Security Never Sleeps- 136

Virulent Android malware returns

“Over 2 million downloads on Google Play”

A strain of malware that had infected over 10 million Android devices in 2016 has been making the rounds again, embedding itself in Google Play applications that may have affected nearly 12 million users. Professionally developed, HummingWhale is a variant of a researcher documented strain hitting the Google store last July.

Court denies U.S. government appeal in Microsoft case

“Appeals court not reconsidering DOJ request for email handover”

An appeals court has refused the Department of Justice’s request to force Microsoft to release thousands of customer emails held outside of the United States. A 4-4 decision by the Second Circuit court refused to rehear a July decision that denied access to a suspected drug dealers account stored on a server based in Ireland. DOJ requests are not new to Microsoft, having been in consistent battles for email requests since early 2013.

Cisco’s web meeting plugin for Chrome has a whopping flaw

“Extension may need security patch”

Users of the Cisco WebEx extension would be keen on ensuring they have installed the 1.03 patch, as security experts have been claiming earlier versions leave considerable vulnerabilities in a users device. Filippo Valsorda (@FiloSottile) has recently tweeted on the matter “…any website could just install malware on your machine silently.”

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 122

Hospital info thief malware puts itself into a coma to avoid IT bods

“Healthcare specifically targeted by new Trojan software”

US healthcare organizations have growing concerns over a new malware that can avoid detection by activating a sleep mode for long periods of time. Security researchers project that several thousand groups since 2012 have been hit by what has been termed the ‘Gatak Trojan’ by Symantec, with over 40% of evets occurring within the healthcare sector. Once reactivated, the malware is capable of spreading extensively through the targets network.

Hackers Are Using MailChimp to Spread Malware

“Hackers upping malware distribution techniques”

Email newsletter service MailChimp has been co-opted by many spam and malware distributors to spread various malicious softwares. This is indicative of the ingenuity of those seeking to spread malware who take any opportunity to profit, and validate growing concerns of internet privacy.

Cyberspies Target Taiwan Government, Energy Sector

“’Tropic Trooper’ continues assault on national government”

Palo Alto Networks has reported on a largescale cyber espionage campaign directed towards the Taiwanese government and affiliated organizations. Trend Micro first observed the cybercriminal group in 2012, when Taiwanese officials and military institutions were attacked by the group. In accordance with the 2012 attacks, Trend Micro found that the malware Yahoyah was used to exploit the CVE 2012-0158 Microsoft Office vulnerabilities.

New Malware Lets Hackers Listen To Your Conversations Via Your Headphones

“New malware is capable of ultra-snooping on conversations”

Ben-Gurion University researchers have created “Speake(a)r,” a proof-of-concept code designed to display targeted computer audio and video systems regardless of accessory accessibility. The malware can activate alternative channels to turn on speakers and headphones, picking up vibrations and converting them into electromagnetic signals.

10Fold- Security Never Sleeps- 121

Software in Android Phones Can Send Data to China, Experts Warn

“Secret backdoor allows for information comprise”

Security firm Kryptowire has discovered a secret vulnerability in Android phone software that sends personal data to cybercriminals in China. Information that is sent to the unauthorized third-party is capable of collecting texts and even geographical location.

Flaws Found in Lynxspring SCADA Product

“Defects detected in operating software”

Researcher Maxim Rupp has uncovered glaring vulnerabilities in the automation and management solution providers JENEsys operating system. The BAS Bridge was found to be the most problematic, which connects integration efforts between Modbus TCP/RTU and BACnet IP. Ethernet devices.

New Android Spyware for Governments Found on the Internet

“Originated in Italy, has spread far further”

Malware hunters have observed a new high risk malware that was originally marketed to governments and police forces on the loose on the internet. Researchers released a report Monday that discusses the malicious software’s capabilities, which include recording of video and audio, toggle GPS functions, and steal data from nearly any desired area of the device.

PlayStation Hack Denied Following Complaints From Gamers

“Many players locked out of their accounts”

Over the last two days over one hundred PlayStation Network users have been locked out of their accounts and contacted the Sony Twitter account with complaints. Sony has released a statement to the BBC that PSN has not been compromised had not been hacked amid concerns that the accounts affected had been hijacked, saying; “We routinely monitor for irregular activity, and if such activity is detected, we may sometimes reset passwords of affected accounts to protect users and their account information.”

 

10Fold- Security Never Sleeps- 119

Some Yahoo Employees Knew of Massive Hack in 2014

“Will create more concern in Verizon acquisition”

Yahoo has now admitted that many employees were aware of a state-sponsored hacking attempt that resulted in a critical breach of its network. Personal information from at least half a billion accounts, what is considered to be the largest in history, involved over 200 million usernames and passwords being stolen from users and customers.

Possible Health Data Breach From Employee Laptop

“MGA Home Healthcare notifies patients of possible personal information theft”

Potential data breaches may have occurred with a vendor downloading information in an unauthorized manner while servicing homes. Over 3,000 patient and employee information blocks may have possibly been compromised, left vulnerable in an employee’s vehicle. Law enforcement has been notified and released a statement; “has been conducting a thorough review of the potentially affected records to confirm what information was exposed.”

IoT Worm Can Hack Smart Devices, Prompts Concerns

“Chain reaction can create chain reaction in other devices as well”

A proof-of-concept worm developed by Eyal Ronen, Adi Shamir, and Achi-Or Weingarten of Weizmann Institute of Science, and Colin O’Flynn of Dalhousie that can create insecure web-connected chain reaction hacks is exploiting universal encryption keys over ZigBee networks. This is then capable of moving to other devices via other devices universal keys, able to spread exponentially in what is described as a city-wide basis.

Major Cloud Malware Infested Says Researchers

“Concerns over difficulty identify mount”

Many computer experts are saying that repositories are supplying malware to users, creating a serious epidemic for those using cloud based technologies. Hundreds of buckets have possibly been compromised, says Xiaojing Liao, a graduate student at Georgia Tech who is leading a study that is addressing possible solutions to the issue.

Trump Victory Sparks Fears Over U.S. Encryption, Surveillance Policy

“Donald Trump’s surprise win has brought fears of rights violations, security”

Civil Libertarians and technology companies have voiced serious concern over some of Trump’s potential policies that call for closing down certain parts of the internet to fight Islamic terrorism. Trump won the election Tuesday night, a victory unforeseen by much of the media. The new President-Elect has been a vocal opponent of tech companies being uncooperative with the government on unlocking their technologies to assist with terrorist investigations.

10Fold- Security Never Sleeps- 115

‘Serious’ Windows Vulnerability Found by Google

“Adobe have issued fix, Windows has yet to issue its own patch”

Per Google’s new policy of exposing exploitative problems to the software creator, the firm has issued a public notice to Microsoft regarding sections of code that are capable of being appropriated by cyber criminals. The flaw, described as a “security sandbox escape,” bypasses cyber defense measures and allows malicious or dysfunctional programs to damage of collect sensitive information from the rest of the device. As of now Adobe’s patch for this issue, released October 21st, have been successful at resolving the issue. Microsoft itself has offered no security fix yet.

New Malware for Mirai Botnet Observed

“Coded partially with Tsunami/Kaiten protocol”

A new strain of malware that specifically targets IoT vulnerabilities and converts the into ‘slave’ devices has been released in the last few days by a collective of cybercriminals. ‘Linux/IRCTelnet’ is capable of conducting massive DDoS attacks, using common IoT appliances such as DVR’s, routers, lighting systems, and more, according to a research team on Malware Must Die.

Major ‘upgrade’ for Nymaim Malware

“Includes increased obfuscation and blacklisting softwares”

Verint researchers have observed several new events where the infamous Nymaim malware has been able to use new code based targets for phishing, rather than its original drive-by-download approach. This particular strain of malicious software has been in circulation since 2013, and has managed to stay ahead of threat researchers consistently with various upgrades that give it a leg up on those studying it. With this advantage, attacks have been seen to rise with use of the malware, with over 63 percent more incidents observed over the last year.

UK commits £1.9B to Cyber Security, Many Firms Contracted

“Recent threats from international actor’s prompts concern”

Just over £1.9B has been committed to increasing British cyber security measures after threats against the United States have been made in recent months. Giving new advantages to both defensive and offensive strategies, the new cyber defense plan will contract with both public and private firms to ensure top of the line systems within the next few years.

10Fold- Security Never Sleeps- 112

Chinese firm admits hacked products were behind Friday’s Internet Abnormalities

“Hangzhou Xiongmai Technology vulnerabilities led to attack”

Electronic component manufacturer based in China Hangzhou Xiongmai Technologies has conceded that hackers used its technologies to conduct a massive cyberattack on several substantial United States headquartered internet sites. Mostly known for its production on DVR’s and cameras connected to the internet, weak default passwords of users is noted as a major contributing factor to their vulnerabilities. Security researchers have claimed that the notorious malware Mirai has been infiltrating and using them as a jump off point for Friday’s DDoS attack.

DDoS Attack Shows Vulnerable Underbelly Cloud Technologies

“Can a DDoS attack break the internet?”

Friday saw a massive DDoS attack, which commentators have said led to the internet ‘breaking’ for several hours over the course of the early day. Vital corporate applications, business functions and inability to use big name sites, causing public outrage and firm loss. Dyn going offline brought the shutdown of the DNS server, the component that allows users to find sites without directly inputting the IP address.

Beware of Fraudulent BSOD Scammers’ Malware

“Microsoft notifies public of fake installer for Security Essentials”

Tech support scammers have added a new weapon in the cybercriminal bag of tools, now utilizing fake ‘Severe Warning’ notifications and blue screens of death in Windows devices. Hicurdismos, the nickname given to this new malware, disables Task Manager and hides the cursor to deceive the user and suggests the user to call a bogus call center and hoaxes users to give up sensitive information the scammer will exploit for profit.

$7,500 IoT Cannon Sold, Capable of Bringing Down The Web Again

“Worse DDoS attacks expected in the future”

The attacks we got a taste of Friday was bad, but experts are saying these disruptions will get worse in intensity and probably more frequent. This is due to hackers selling access to hacked IoT devices which give their customers the ability to launch cyber events comparable or potentially bigger than what the world had witnessed. Early October also saw the advertisement of a botnet cybercriminals had put up for sale on an underground market forum, a trend that before recently had been quite uncommon. To see a malware program for sale of that caliber has researchers predicting a growth in its usage and security concerns in the future.

 

 

10Fold- Security Never Sleeps- 110

Another Samsung Pay vulnerability discovered

“Security concerns pile on safety concerns”

Samsung now faces critical failures in its security measures to prevent hacking. In August Salvatore Mendoza was able to exploit this security failure, monitor a payment transaction, and make a payment with the stolen information.  This news further damages the brand after news that its new Galaxy Note 7 devices have been reportedly blowing up inexplicably.

Malware Attacks Increasingly Dangerous in New Intel Chips

“Attacks could cause massive damage if failure not patched”

Researchers have developed a formula that can side step critical security measures in the majority of Intel operating systems. It works by randomizing locations in computer memory, allowing hackers to exploit specific groups of code and managing system shutdown to a basic crash instead of serious system failure.

Banks Urged to Install Tougher Security Standards

“Objective to ward off cyber-attacks”

The United States bank regulators are pushing for leading financial institutions to upgrade security systems to a point of complete recovery within two hours of an attack. These new regulations will be finalized after industry talks are completed, aimed at making this a top priority to each firm’s executives. Each institution with over $50 billion worth of assets are targeted for these reforms, as reported by the Federal Reserve.

Election Night Cyber Attack Feared by Media

“Newsrooms vulnerable to attack”

Leading United States news site, including BuzzFeed, Newsweek, and Brian Krebs have recently been vandalized or knocked offline by hackers, showing their susceptibility to malicious hackers that may try to influence the election outcomes. Federal law enforcement agencies are investigating several of these recent attacks, while also lending advice to those in the industry who have yet to be hit.

10Fold- Security Never Sleeps- 109

UK Government Agencies Illegally Spied On Citizens For 17 Years

“Senior judges rule against government and expose programs”

The Investagory Powers Tribunal has investigated a complaint from the Privacy International organization. The Tribunal concluded that the collection that various British intelligence agencies had been engaged in- including the tracking of medical, tax, phone and web records for over 15 years- was not justified under its 1984 Telecommunications Act. The legislation was originally intended to be used as a national security bill, set in place to monitor dangerous criminals, and failed to meet the qualifications to continue the covert surveillance.

‘Dyre’ Re-Surfaces as ‘TrickBot’, Australian Financial services Targeted

“Possibly one of the worst Trojan viruses used against banks”

Australian users are currently being targeted by malicious software Dyre. The virus, now showing itself in the form of a TrickBot, is notorious for the millions in damages it caused since mid-2014 in Western financial circles. While the original malware disappeared in late 2015, it has reappeared with code upgrades that are now making available various stolen bank credentials to access wire transfers to steal from businesses and banks alike.

Magento Malware Hides Stolen Card Data in Image Files

“Innocent looking images become platform for data theft”

Cybercriminals have been running malicious programs through compromised websites on the Magneto platform. Sucuri and RiskIQ have both observed several dozen attacks that ended with the theft of card swiping data and several malicious PHP dumps of data into an image file.