Malware & Vulnerabilities – Page 7 – Computer Security Articles

Credit to Author: Lucian Constantin| Date: Wed, 08 Mar 2017 06:35:00 -0800

The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency’s teams specializes in reusing bits of code and techniques from public malware samples.

According to the leaked documents the Umbrage team is part of the Remote Development Branch under the CIA’s Center for Cyber Intelligence. It maintains a library of techniques borrowed from in-the-wild malware that could be integrated into its own projects.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

U.S. drops child porn case to avoid disclosing Tor exploit

March 6, 2017 admin Cybercrime & Hacking, Malware & Vulnerabilities, Security

Credit to Author: Lucian Constantin| Date: Mon, 06 Mar 2017 07:04:00 -0800

The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen, after a judge asked the government to disclose the hacking technique it used to gather evidence.

“The government must now choose between disclosure of classified information and dismissal of its indictment,” the DOJ said in a court filing Friday. “Disclosure is not currently an option.”

The case involves Jay Michaud, a school administrator from Vancouver, Wash., who was arrested in July 2015 for allegedly viewing child porn images on Playpen. Michaud’s case was one of at least 137 cases brought throughout the U.S. in relation to Playpen, a website that operated on the Tor anonymity network and which the FBI managed to seize in 2015.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Fileless PowerShell malware uses DNS as covert channel

March 3, 2017 admin Malware & Vulnerabilities, Security

Credit to Author: Lucian Constantin| Date: Fri, 03 Mar 2017 09:20:00 -0800

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.

The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.

When opened, the file masquerades as a “protected document” secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the ‘enable content’ button in order to view the document’s content, but doing so will actually execute malicious scripting embedded within.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Free decryption tools now available for Dharma ransomware

March 2, 2017 admin encryption, Malware & Vulnerabilities, Security

Credit to Author: Lucian Constantin| Date: Thu, 02 Mar 2017 12:24:00 -0800

Computer users who have been affected by the Dharma ransomware and have held onto their encrypted files can now restore them for free. Researchers have created decryption tools for this ransomware strain after someone recently leaked the decryption keys.

Dharma first appeared in November and is based on an older ransomware program known as Crysis. It’s easy to recognize files affected by it because they will have the extension: .[email_address].dharma, where the email address is the one used by the attacker as a point of contact.

On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum. The post, he claimed, contained the decryption keys for all Dharma variants.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Dridex: First banking Trojan with AtomBombing to better evade detection

March 1, 2017 admin Cybercrime & Hacking, Malware & Vulnerabilities, Security

Credit to Author: Darlene Storm| Date: Wed, 01 Mar 2017 07:38:00 -0800

The Dridex Trojan, one of the most destructive banking Trojans, has been upgraded with a new injection method so the malware is even better at evading detection.

The newest version of Dridex, v4, is now the first banking Trojan to take advantage of AtomBombing, according to report by IBM X-Force. Unlike some of the more common code injection techniques, AtomBombing is meant to evade security solutions. Once one organized cybercrime gang successfully pulls off a slick trick, other cyber thugs are expected to adopt the method.

“In this release,” the researchers wrote, “we noted that special attention was given to dodging antivirus (AV) products and hindering research by adopting a series of enhanced anti-research and anti-AV capabilities.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Police arrest man suspected of building million-router German botnet

February 23, 2017 admin Cybercrime & Hacking, Malware & Vulnerabilities, Security

Credit to Author: Peter Sayer| Date: Thu, 23 Feb 2017 09:06:00 -0800

Last year, someone turned a German internet service provider into a million-router botnet. German police think they will soon have the culprit.

The U.K.’s National Crime Agency (NCA) made an arrest on Wednesday in connection with the November 2016 hack on Deutsche Telekom. The agency said it arrested a 29-year-old man at Luton airport, acting on a European Arrest Warrant issued by the public prosecutor’s office in Cologne, Germany.

The German Federal Criminal Police Office (Bundeskriminalamt, or BKA), which led the investigation, said it had worked with British law enforcement officials to arrest the man, a Briton.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

New macOS ransomware spotted in the wild

February 22, 2017 admin Apple Mac, encryption, MacOS, Malware & Vulnerabilities, Security

Credit to Author: Lucian Constantin| Date: Wed, 22 Feb 2017 11:09:00 -0800

A new file-encrypting ransomware program for macOS is being distributed through bit torrent websites, and users who fall victim to it won’t be able to recover their files — even if they pay.

Crypto ransomware programs for macOS are rare. This is the second such threat found in the wild so far, and it’s a poorly designed one. The program was named OSX/Filecoder.E by the malware researchers from antivirus vendor ESET who found it.

OSX/Filecoder.E masquerades as a cracking tool for commercial software like Adobe Premiere Pro CC and Microsoft Office for Mac. It is written in Apple’s Swift programming language by what appears to be an inexperienced developer, judging from the many mistakes made in its implementation.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

What’s up with Windows patching, Microsoft?

February 22, 2017 admin Malware & Vulnerabilities, Security, Windows 10

Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 22 Feb 2017 08:36:00 -0800

Well, here’s something different. Microsoft, for the first time since it started its monthly Patch Tuesdays in October 2003, has completely blown a deadline. There will be no major patch release in February. Instead, the patch package will be released on March 14.

Why? We don’t know and Microsoft isn’t saying.

Color me concerned.

I have reason to be. Greg Lambert, chairman of Qompat, who covers software patches like paint, had hoped Microsoft would delay the patches by only a week. After all, Lambert observed, “This month’s update cycle from Microsoft is especially important as a now critical zero-day vulnerability (CVE867968) has been reported related to how a component of the Microsoft SMB [Server Message Block] protocol handles traffic. This was initially reported as a denial of service attack, but now looks like to be rated as critical by Microsoft as it may lead to a more serious (RCE) remote code execution scenario.”

To read this article in full or to leave a comment, please click here