Monday, November 4, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Malware & Vulnerabilities

ComputerWorld Independent 

Notorious iOS spyware, Pegasus, has an Android sibling

admin , ,

Credit to Author: Michael Kan| Date: Mon, 03 Apr 2017 17:56:00 -0700

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.

Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.

On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.

Fortunately, the spyware never hit the mainstream. It was installed less than three dozen times on victim devices, most of which were located in Israel, according to Google. Other victim devices resided in Georgia, Mexico and Turkey, among other countries.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

UEFI flaws can be exploited to install highly persistent ransomware

admin , ,

Credit to Author: Lucian Constantin| Date: Mon, 03 Apr 2017 11:31:00 -0700

Over the past few years, the world has seen ransomware threats advance from living inside browsers to operating systems, to the bootloader, and now to the low-level firmware that powers a computer’s hardware components.

Earlier this year, a team of researchers from security vendor Cylance demonstrated a proof-of-concept ransomware program that ran inside a motherboard’s Unified Extensible Firmware Interface (UEFI) — the modern BIOS.

On Friday, at the Black Hat Asia security conference, the team revealed how they did it: By exploiting vulnerabilities in the firmware of two models of ultra compact PCs from Taiwanese computer manufacturer Gigabyte Technology.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Latest WikiLeaks dump exposes CIA methods to mask malware

admin ,

Credit to Author: Michael Kan| Date: Fri, 31 Mar 2017 14:51:00 -0700

WikiLeaks may have dealt another blow to the CIA’s hacking operations by releasing files that allegedly show how the agency was masking its malware attacks.

On Friday, the site dumped the source code to the Marble Framework, a set of anti-forensic tools that WikiLeaks claims the CIA used last year.

The files do appear to show “obfuscation techniques” that can hide CIA-developed malicious coding from detection, said Jake Williams, a security researcher at Rendition InfoSec, who has been examining the files.

Every hacker, from the government-sponsored ones to amateurs, will use their own obfuscation techniques when developing malware, he said.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Open-source developers targeted in sophisticated malware attack

admin , ,

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 04:30:00 -0700

For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware.

The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers of payment for custom programming jobs.

The emails had .gz attachments that contained Word documents with malicious macro code attached. If allowed to execute, the macro code executed a PowerShell script that reached out to a remote server and downloaded a malware program known as Dimnie.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

New Mirai IoT variant launched 54-hour DDoS attack against a U.S. college

admin , ,

Credit to Author: Darlene Storm| Date: Wed, 29 Mar 2017 08:10:00 -0700

A new variant of the Mirai IoT malware was spotted in the wild when it launched a 54-hour DDoS attack against an unnamed U.S. college.

While the attack occurred on February 28, Imperva Incapsula is informing the world about it today. The researchers believe it is a new variant of Mirai, one that is “more adept at launching application layer assaults.”

The average traffic flow was 30,000 requests per second (RPS) and peaked at about 37,000 RPS, which the DDoS mitigation firm said was the most it has seen out of any Mirai botnet so far. “In total, the attack generated over 2.8 billion requests.”

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Trojan source code leak poised to spur new online banking attacks

admin ,

Credit to Author: Lucian Constantin| Date: Wed, 29 Mar 2017 10:55:00 -0700

The source code for a new Trojan program that targets banking services has been published online, offering an easy way for unskilled cybercriminals to launch potent malware attacks against users.

The Trojan is called Nuclear Bot and first appeared for sale on underground cybercrime forums in early December for $2,500. It can steal and inject information from and into websites opened in Mozilla Firefox, Internet Explorer and Google Chrome and can also open a local proxy or hidden remote desktop service.

These are all features commonly seen in banking Trojans, as they’re used by attackers to bypass the security checks of online bank websites to perform fraud. For example, the proxy and remote desktop functionality allows hackers to initiate rogue transactions through the victims’ browsers after they have been tricked into providing the second authentication factor.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

New Mirai IoT variant launched 54-hour DDoS attack against a US college

admin , ,

Credit to Author: Darlene Storm| Date: Wed, 29 Mar 2017 08:10:00 -0700

A new variant of the Mirai IoT malware was spotted in the wild when it launched a 54-hour DDoS attack against an unnamed US college.

While the attack occurred on February 28, Imperva Incapsula is informing the world about it today. The researchers believe it is a new variant of Mirai, one that is “more adept at launching application layer assaults.”

The average traffic flow was 30,000 requests per second (RPS) and peaked at about 37,000 RPS, which the DDoS mitigation firm said was the most it has seen out of any Mirai botnet so far. “In total, the attack generated over 2.8 billion requests.”

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Insecure security cameras sound like a joke, but aren’t

admin ,

Credit to Author: Evan Schuman| Date: Wed, 29 Mar 2017 04:00:00 -0700

Reports recently surfaced that Google was alerted to security holes in its IoT security camera products and declined to patch them. This was quite frightening for two reasons. First, the fix was apparently straightforward, and second, the hole was readily and easily available to burglars with even a modicum of tech savviness.

Meanwhile, eBay seems to be encouraging users to downgrade their security defenses by giving up the hardware tokens they use for two-factor authentication and relying on text messages instead. Yes, eBay suggested that users make themselves more vulnerable to identity thieves. With these two recent incidents, is it any wonder that IT is suspicious about whether major companies are taking security seriously?

To read this article in full or to leave a comment, please click here

Read more