Cybercrime & Hacking – Page 7 – Computer Security Articles

CIA-made malware? Now antivirus vendors can find out

March 8, 2017 admin Android, Apple iOS, cyberattacks, Cybercrime & Hacking, Security

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 04:29:00 -0800

Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.

On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.

WikiLeaks has redacted the source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump — if real — still exposes some of the techniques that the CIA has allegedly been using.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

U.S. drops child porn case to avoid disclosing Tor exploit

March 6, 2017 admin Cybercrime & Hacking, Malware & Vulnerabilities, Security

Credit to Author: Lucian Constantin| Date: Mon, 06 Mar 2017 07:04:00 -0800

The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen, after a judge asked the government to disclose the hacking technique it used to gather evidence.

“The government must now choose between disclosure of classified information and dismissal of its indictment,” the DOJ said in a court filing Friday. “Disclosure is not currently an option.”

The case involves Jay Michaud, a school administrator from Vancouver, Wash., who was arrested in July 2015 for allegedly viewing child porn images on Playpen. Michaud’s case was one of at least 137 cases brought throughout the U.S. in relation to Playpen, a website that operated on the Tor anonymity network and which the FBI managed to seize in 2015.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

1.37 billion records leak after spammers forgot to password-protect backups

March 6, 2017 admin Cybercrime & Hacking, Security

Credit to Author: Darlene Storm| Date: Mon, 06 Mar 2017 06:19:00 -0800

Nearly 1.4 billion people are affected by a database records leak caused by spamming group River City Media (RCM) forgetting to password-protect their backups.

Last week, MacKeeper security researcher Chris Vickery promised a “1.4 billion identity leak story” would be made public on Monday. The actual number of people affected – 1,374,159,612 – is slightly lower than that, but is nothing to scoff at.

Teaser screenshot of that DB’s summary data: pic.twitter.com/PEnpJbDZRt
To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Dridex: First banking Trojan with AtomBombing to better evade detection

March 1, 2017 admin Cybercrime & Hacking, Malware & Vulnerabilities, Security

Credit to Author: Darlene Storm| Date: Wed, 01 Mar 2017 07:38:00 -0800

The Dridex Trojan, one of the most destructive banking Trojans, has been upgraded with a new injection method so the malware is even better at evading detection.

The newest version of Dridex, v4, is now the first banking Trojan to take advantage of AtomBombing, according to report by IBM X-Force. Unlike some of the more common code injection techniques, AtomBombing is meant to evade security solutions. Once one organized cybercrime gang successfully pulls off a slick trick, other cyber thugs are expected to adopt the method.

“In this release,” the researchers wrote, “we noted that special attention was given to dodging antivirus (AV) products and hindering research by adopting a series of enhanced anti-research and anti-AV capabilities.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

A better security strategy than ‘know your enemy’: Know your co-workers

February 28, 2017 admin Cybercrime & Hacking, Security

Credit to Author: Evan Schuman| Date: Tue, 28 Feb 2017 08:51:00 -0800

Cyberthieves today know that it’s better to be sneaky and crafty than forceful. To be even more blunt, they know that it’s better to trick you into doing their work than to break in and do it themselves.

That trickery starts with ever-more-subtle ways to get you to click on an email attachment. A recent attack used an employee accomplice who was to flag any meetings with multiple people and note who was presenting. Within 30 minutes of one meeting’s end, the crooks sent an email attachment to everyone on the original email thread, with fake headers so that it appeared to be from the presenter. The email said, “Sorry, everyone. Here is the updated version of the slides from our 2 PM meeting.” Even an especially security-conscious person could get pulled into clicking on that one.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Police arrest man suspected of building million-router German botnet

February 23, 2017 admin Cybercrime & Hacking, Malware & Vulnerabilities, Security

Credit to Author: Peter Sayer| Date: Thu, 23 Feb 2017 09:06:00 -0800

Last year, someone turned a German internet service provider into a million-router botnet. German police think they will soon have the culprit.

The U.K.’s National Crime Agency (NCA) made an arrest on Wednesday in connection with the November 2016 hack on Deutsche Telekom. The agency said it arrested a 29-year-old man at Luton airport, acting on a European Arrest Warrant issued by the public prosecutor’s office in Cologne, Germany.

The German Federal Criminal Police Office (Bundeskriminalamt, or BKA), which led the investigation, said it had worked with British law enforcement officials to arrest the man, a Briton.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

A hard drive's LED light can be used to covertly leak data

February 23, 2017 admin Cybercrime & Hacking, Security

Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 03:40:00 -0800

The seemingly harmless blinking lights on servers and desktop PCs may give away secrets if a hacker can hijack them with malware.

Researchers in Israel have come up with an innovative hack that turns a computer’s LED light into a signaling system that shows passwords and other sensitive data.

The researchers at Ben-Gurion University of the Negev demonstrated the hack in a YouTube video posted Wednesday. It shows a hacked computer broadcasting the data through a computer’s LED light, with a drone flying nearby reading the pattern.

The researchers designed the scheme to underscore vulnerabilities of air-gapped systems, or computers that have been intentionally disconnected from the internet.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Here’s how the U.S. government can bolster cybersecurity

February 17, 2017 admin cyberattacks, Cybercrime & Hacking, Security

Credit to Author: Michael Kan| Date: Fri, 17 Feb 2017 13:53:00 -0800

Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before Congress, warning of the dangers of the internet.

Unfortunately, the U.S. government is still struggling to act, Wysopal said. “You’re just going to keep ending up with the status quo,” he said, pointing to the U.S. government’s failure to regulate the tech industry or provide incentives for change.

It’s a feeling that was shared by the experts who attended this week’s RSA cybersecurity show in San Francisco. The U.S. government needs to do more on cybersecurity, but what?

To read this article in full or to leave a comment, please click here