Malware & Vulnerabilities – Page 9 – Computer Security Articles

Credit to Author: Lucian Constantin| Date: Mon, 13 Feb 2017 09:43:00 -0800

Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organizations from more than 30 countries.

Researchers from Symantec and BAE Systems linked the malware used in the recently discovered Polish attack to similar attacks that have taken place since October in other countries. There are also similarities to tools previously used by a group of attackers known in the security industry as Lazarus.

The hackers compromised websites that were of interest to their ultimate targets, a technique known as watering-hole attacks. They then injected code into the websites that redirected visitors to a custom exploit kit.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Windows Trojan hacks into embedded devices to install Mirai

February 9, 2017 admin Android, Internet of Things, Malware & Vulnerabilities, Mobile Security, Security

Attackers have started to use Windows and Android malware to hack into embedded devices, dispelling the widely held belief that if such devices are not directly exposed to the Internet they’re less vulnerable.

Researchers from Russian antivirus vendor Doctor Web have recently come across a Windows Trojan program that was designed to gain access to embedded devices using brute-force methods and to install the Mirai malware on them.

Mirai is a malware program for Linux-based internet-of-things devices, such as routers, IP cameras, digital video recorders and others. It’s used primarily to launch distributed denial-of-service (DDoS) attacks and spreads over Telnet by using factory device credentials.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Hard-to-detect fileless attacks target banks, other organizations

February 8, 2017 admin Malware & Vulnerabilities, Security

A wave of attacks that have recently affected banks and other enterprises used open-source penetration testing tools loaded directly into memory instead of traditional malware, making their detection much harder.

Researchers from antivirus vendor Kaspersky Lab started investigating these attacks after the security team from an unnamed bank found Meterpreter in the random access memory (RAM) of a server that acted as the organization’s Windows domain controller.

Meterpreter is an in-memory attack payload that can inject itself into other running processes and is used to establish persistency on a compromised system. It is part of the Metasploit penetration testing framework, a popular tool used both by internal security teams and by malicious hackers.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

'Invisible' memory-based malware hit over 140 banks, telecoms and government agencies

February 8, 2017 admin Cybercrime & Hacking, Malware & Vulnerabilities, Security

Cybercriminals have hit more than 40 countries with hidden malware that steals passwords and financial data. The malware is not found on hard drives as it hides in the memory of compromised computers, making it almost “invisible” as criminals exfiltrate system administrators’ credentials and other sensitive data. When a targeted machine is rebooted, nearly all traces of the malware disappear.

Over 140 enterprise networks – banks, government organizations and telecommunication companies – from 40 countries have been hit, according to Kaspersky Lab. The cybercriminals are using methods and sophisticated malware previously used by nation-state attackers.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Mac malware, possibly made in Iran, targets U.S. defense industry

February 7, 2017 admin MacOS, Malware & Vulnerabilities, Security

Just because you’re using a Mac doesn’t mean you’re safe from hackers. That’s what two security researchers are warning, after finding a Mac-based malware that may be an attempt by Iranian hackers to target the U.S. defense industry.

The malware, called MacDownloader, was found on a website impersonating the U.S. aerospace company United Technologies, according to a report from Claudio Guarnieri and Collin Anderson, who are researching Iranian cyberespionage threats.

The fake site was previously used in a spear-phishing email attack to spread Windows malware and is believed to be maintained by Iranian hackers, the researchers claimed.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Polish banks on alert after mystery malware found on computers

February 7, 2017 admin Cybercrime & Hacking, Financial Services IT, Malware & Vulnerabilities, Security

The discovery of malware on computers and servers of several Polish banks has put the country’s financial sector on alert over potential compromises.

Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers.

It’s not clear what the malware’s end goal is, but in at least one case it was used to exfiltrate data from a bank’s computer to an external server. The nature of the stolen information could not be immediately determined because it was encrypted, Polish IT news blog Zaufana Trzecia Strona reported Friday.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Malware distributors switch to less suspicious file types

February 6, 2017 admin Enterprise Applications, Malware & Vulnerabilities, Security

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.

Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.

PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Mobile security firm offers cash to hackers for their old exploits

February 1, 2017 admin Android, Apple iOS, Malware & Vulnerabilities, Mobile & Wireless, Security

Mobile security firm Zimperium has launched an exploit acquisition program that aims to bring undisclosed attack code for already patched vulnerabilities out in the open.

Paying for old exploits might seem like a waste of money, but there are technical and business arguments to justify such an acquisition system and they ultimately have to do with the difference between exploits and vulnerabilities.

A vulnerability is a software defect with potential security implications, while an exploit is the actual code that takes advantage of that bug to achieve a specific malicious goal, often by bypassing other security barriers along the way.

In practice, many vulnerabilities that get reported to vendors are not accompanied by working exploits. Showing that a programming error can lead to memory corruption is typically enough for the vendor to understand its potential implications — for example, arbitrary code execution.

To read this article in full or to leave a comment, please click here