Monday, November 4, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Malware & Vulnerabilities

ComputerWorld Independent 

Password-stealing flaws in LastPass Chrome and Firefox extensions

admin , ,

Credit to Author: Darlene Storm| Date: Wed, 22 Mar 2017 06:25:00 -0700

Tavis Ormandy, a security researcher on Google’s Project Zero team, warned of flaws in LastPass browser extensions, vulnerabilities which – if a person surfed to a malicious site – would allow the malicious site to steal passwords from the password manager.

LastPass said it patched the vulnerability in its Chrome extension and said it is working on a fix for the flaw in its Firefox add-on.

Ormandy originally said the LastPass bug affected 4.1.42 Chrome and Firefox browser extensions. He developed a working exploit for a Windows box running the LastPass Chrome extension, but said it “could be made to work on other platforms.” He sent the details to LastPass before adding:

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

String of fileless malware attacks possibly tied to single hacker group

admin ,

Credit to Author: Lucian Constantin| Date: Fri, 17 Mar 2017 11:56:00 -0700

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools, and fileless malware techniques might be the work of a single group of hackers.

An investigation started by security researchers from Morphisec into a recent email phishing attack against high-profile enterprises pointed to a group that uses techniques documented by several security companies in seemingly unconnected reports over the past two months.

“During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much-discussed attack campaigns,” Michael Gorelik, Morphisec’s vice president of research and development, said in a blog post. “Based on our findings, a single group of threat actors is responsible for many of the most sophisticated attacks on financial institutions, government organizations, and enterprises over the past few months.”

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Hackers use dangerous Petya ransomware in targeted attacks

admin , ,

Credit to Author: Lucian Constantin| Date: Tue, 14 Mar 2017 11:19:00 -0700

In a case of no honor among thieves, a group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators’ knowledge.

A computer Trojan dubbed PetrWrap, being used in attacks against enterprise networks, installs Petya on computers and then patches it on the fly to suit its needs, according to security researchers from antivirus vendor Kaspersky Lab.

The Trojan uses programmatic methods to trick Petya to use a different encryption key than the one its original creators have embedded inside its code. This ensures that only the PetrWrap attackers can restore the affected computers to their previous state.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Android devices coming with preinstalled malware

admin , , ,

Credit to Author: Darlene Storm| Date: Mon, 13 Mar 2017 07:52:00 -0700

The phone, given to you by your company, could be targeted at some point and end up with a malware infection, but you wouldn’t expect the malware to be preinstalled “somewhere along the supply chain.” Yet preinstalled malware is precisely what one security vendor found on 38 Android devices.

Check Point Software Technologies did not name the affected companies, saying only that the phones belonged to “a large telecommunications company” and “a multination technology company.” A good chunk of the infected phones were Samsung models, but phones by Lenovo, LG, Asus, ZTE, Vivo, Oppo and Xiaomi were also preinstalled with malware after leaving the manufacturers but before landing in the hands of the companies’ employees.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

After CIA leak, Intel Security releases detection tool for EFI rootkits

admin ,

Credit to Author: Lucian Constantin| Date: Thu, 09 Mar 2017 13:32:00 -0800

Intel Security has released a tool that allows users to check if their computer’s low-level system firmware has been modified and contains unauthorized code.

The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple’s Macbooks. A rootkit is a malicious program that runs with high privileges — typically in the kernel — and hides the existence of other malicious components and activities.

The documents from CIA’s Embedded Development Branch (EDB) mention an OS X “implant” called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Assange: CIA had lost control of its cyberweapon documents

admin , ,

Credit to Author: Grant Gross| Date: Thu, 09 Mar 2017 08:53:00 -0800

Information about purported CIA cyberattacks was “passed around” among members of the U.S. intelligence community and contractors before it was published by WikiLeaks this week, Julian Assange says.

The CIA “lost control of its entire cyberweapons arsenal,” the WikiLeaks editor-in-chief said during a press conference Thursday. “This is a historic act of devastating incompetence, to have created such an arsenal and stored all in one place and not secured it.”

Assange declined to name the source who gave the information to WikiLeaks, but he seemed to suggest the 8,700-plus documents, purportedly from an isolated CIA server, came from an insider source.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

admin ,

Credit to Author: Lucian Constantin| Date: Wed, 08 Mar 2017 12:40:00 -0800

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of the CIA’s own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

The Equation’s cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world, based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

CIA hacking tools targeting Windows

admin , , ,

Credit to Author: Darlene Storm| Date: Wed, 08 Mar 2017 08:22:00 -0800

By releasing information about CIA hacking tools, WikiLeaks has given a new meaning to March Madness.

The CIA’s project Fine Dining is intriguing, since it outlines DLL hijacks for Sandisk Secure, Skype, Notepad++, Sophos, Kaspersky, McAfee, Chrome, Opera, Thunderbird, LibreOffice, and some games such as 2048, which the CIA writer “got a good lol out of.” Yet I was curious about what the CIA does to targeted machines running Windows since so many people use the OS.

Nearly everything dealing with the CIA hacking arsenal and Windows is labeled as “secret.” Nicholas Weaver, a computer scientist at the University of California at Berkeley, told NPR that the Vault 7 release is not all that big of a deal, not too surprising the agency hacks. Yet if “Year Zero” was obtained by a non-government hacker compromising the CIA’s system, then that would be a big deal.

To read this article in full or to leave a comment, please click here

Read more