Welcome Guest | Sign In
TechNewsWorld.com
Gooligan Ransacks More Than 1M Android Accounts
December 2, 2016
More than 1 million Google accounts have been breached by Android malware dubbed "Gooligan," Check Point reported Wednesday. The malware roots infected devices and steals authentication tokens that can be used to access data from various Google apps including Gmail, Google Docs, G Suite and Google Drive. It potentially affects devices running Android 4 and 5.
Facebook Denies Ransomware Infiltration
November 29, 2016
Facebook has denied that its network and Messenger app were being used to spread ransomware to its users, contradicting the claims of a security firm. Two Check Point researchers last week reported they had discovered a new method for delivering malicious code to machines, which they dubbed "ImageGate." Threat actors had found a way to embed malicious code into an image, they said.
SF Muni Hack a Wake-Up Call for Public Systems
November 28, 2016
The San Francisco Municipal Transportation Authority, or SF MTA, was hacked on Friday. "You Hacked, All Data Encrypted," was the message reportedly displayed on computer screens at the authority's stations throughout the city. "Contact for Key (cryptom27@yandex.com)ID:681 , Enter." Fare payment machines at underground stations were out of order, resulting in free rides.
Google Clamps Down on Sneaky Malicious Sites
November 16, 2016
Sites that repeatedly violate Google's safe browsing policies will be classified as repeat offenders, the company said. A small number of websites take corrective actions after Google displays alerts on their landing pages warning visitors that they're harmful. However, they typically revert to violating the policies after Google verifies that they're safe and removes the warnings.
Defeating Malware With Its Own DNA
November 11, 2016
It's widely known that human DNA evidence has had a major impact in the criminal justice system. Now another kind of DNA may have a similar impact in the fight to eradicate malicious software. Malware DNA, also known as "malware provenance," is the art and science of attributing elements of one object to another object. The technique has applications outside information security -- for example, in genetics, or to test the authorship of student papers.
Election Day Cybershenanigans Highlight Need to Shore Up Security
November 10, 2016
Hackers last week launched DDoS attacks against both presidential candidates' campaign websites. The attacks were routed through HTTP Layer 7 of the OSI protocol. There were at least four 30-second attacks reported. "The websites were not penetrated by a cyberintrusion," said John Costello, a senior analyst at Flashpoint. The attackers were unsophisticated hackers and not a nation-state.
Bot Armies Boost Candidates' Popularity on Twitter
October 29, 2016
Internet bots have many useful online purposes, but they have a dark side, too, as three researchers demonstrated in their analysis of Twitter traffic during the first presidential debate between Hillary Clinton and Donald Trump. Bots are used to automate functions on the Net. For example, if you belong to several social networks, you could use a bot to post a photo to all of them at once.
Odinaff Trojan Targets Banks, Financial Firms Worldwide
October 12, 2016
Symantec on Tuesday reported on a malware campaign that has targeted financial organizations worldwide for the past 10 months. Dubbed "Trojan.Odinaff," it has infiltrated the banking, securities, trading and payroll sectors, as well as organizations that provide them with support services. Odinaff is used in the first stage of an attack, to get a foothold into a network.
IoT Could Become Playground for Botnets Gone Wild
October 6, 2016
The source code for Mirai, the malware behind the botnet that launched a massive attack on the Krebs on Security website -- the largest DDoS attack on record -- has been released in the wild, according to Brian Krebs. A hacker who goes by the handle "Anna-senpai," apparently because of increased scrutiny from the cybersec industry, last week announced the release on Hackforums, Krebs said.
Feds Probe Alleged Phone Hacks as Election Fears Surge
October 4, 2016
Federal authorities have been investigating reports that hackers targeted the mobile phones of a handful of Democratic Party staffers. The news follows a series of breaches in recent months that revealed emails and other personal information of party staffers and other Democratic officials. The FBI has launched an investigation into the attacks, which may be linked to Russia.
Hacking Elections Is Easy, Study Finds
September 30, 2016
It's no longer a question whether hackers will influence the 2016 U.S. elections -- only how much they'll be able to sway them. Leaked emails already have cost a Democratic Party chairperson her job, and the FBI last month issued a flash warning that foreign cyberadversaries had breached two state election databases. Those two states -- most likely Arizona and Illinois -- aren't alone.
Cisco Battles Shadow Broker Exploits
September 28, 2016
Cisco has swung into action to combat a hacker group's exploitation of vulnerabilities in its firmware. The group, known as the "Shadow Brokers," released online malware and other exploits possibly stolen from the Equation Group, which is believed to have ties to the U.S. National Security Agency. Cisco earlier this month disclosed the vulnerability, even though patches were not yet ready.
Project Shield Has Krebs on Security's Back
September 27, 2016
The website of prominent security blogger Brian Krebs is back online this week after sustaining one of the largest distributed denial of service attacks in Internet history. DDoS attacks typically disrupt service at a website by flooding it with junk traffic. In this case, garbage traffic assaulted Krebs' site at 620 gigabits per second. By comparison, consumer bandwidth is in the 10-15 megabit per second range; businesses, 100 Mbps to 1 Gbps.
Election Season Spawns Scams With Political Twist
August 30, 2016
Dirty tricks during political campaigns are nothing new, but the Internet and the proliferation of mobile devices have allowed tricksters to up their games a notch. It came to light last week, for example, that Donald Trump's campaign app was hoovering the address books on his supporters' phones. Trump's app wasn't doing anything illegal. It wasn't even trying to hide what it was doing.
Apple Speeds iOS Patch to Bring Down Pegasus
August 26, 2016
Apple on Thursday issued a patch that addresses three recently discovered critical iOS zero-day vulnerabilities, and advised users to update their systems immediately. State-sponsored actors exploited the flaws to target United Arab Emirates human rights defender Ahmed Mansoor, and a Mexican journalist who reported on government corruption. Researchers have dubbed the flaws "Trident."
Super-Sophisticated Spyware Spotted After 5-Year Run
August 16, 2016
Symantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated APT that had eluded security researchers for at least five years. A previously unknown group called "Strider" has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings.
Russia Plays the Cybervictim Card
August 11, 2016
Russia's FSB recently reported that it found a cyberspying virus in the computer networks of more than 20 state authorities and defense contractors. The claim that malware has infected various government and defense companies came in the midst of a flurry of accusations that Russia has engaged in cyberattacks against U.S. targets in an effort to impact the presidential election.
900 Million Androids Could Be Easy Prey for QuadRooter Exploits
August 9, 2016
Four newly identified vulnerabilities could affect 900 million Android devices, Check Point researchers disclosed. The vulnerabilities, which the researchers dubbed "QuadRooter," affect Android devices that use Qualcomm chipsets. They exist in the chipset software drivers. The drivers, which control communications between chipset components, are incorporated into Android builds.
Old Tech Can Create New Security Woes
August 3, 2016
"Patch your systems in a timely manner" is a mantra of security experts, but what happens when the patch well runs dry because a product's maker no longer supports it? That is a situation facing many large enterprises, and it's one that poses security risks. Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date.
Public-Private Team Leads Assault on Ransomware
July 28, 2016
Ransomware has become a scourge on the Internet -- but two information security companies, along with a pair of law enforcement agencies, this week launched an initiative to do something about it. No More Ransom is the centerpiece of a collaborative effort involving Kapersky Lab, Intel Security, the Dutch National Police and Europol. The new portal aims to educate the public about ransomware.
Civil Rights Office Issues Ransomware Guidance
July 22, 2016
Ransomware infections are on the rise, and healthcare organizations are ripe targets, which may be why the federal government addressed the subject last week. Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported. Many of those attacks are for small change, but some of the larger ones have been directed at healthcare providers.
The Internet of Medical Things, Part 3: Safety First
July 20, 2016
Though quick to capitalize on connected health devices and the coming Internet of Medical Things, hardware manufacturers may be moving too slowly when it comes to building the necessary protections into the back end. The National Security Agency last month told participants in a defense technology summit in Washington that it was looking into hacking connected medical devices.
Mobile Ransomware Has Mushroomed: Report
July 8, 2016
The number of mobile ransomware victims across the globe has increased fourfold compared to a year ago, suggests a Kaspersky Lab report. Kaspersky software protected 136,532 users targeted by ransomware from April 2015 to March 2016 -- up from 35,413. "The growth curve may be less than that seen for PC ransomware, but it is still significant enough to confirm a worrying trend," the report notes.
HummingBad Mucks Up Android's Works
July 6, 2016
More than 85 million Android devices worldwide have been taken over by the Yingmob, a group of China-based cybercriminals who created the HummingBad malware, according to Check Point. HummingBad establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps. HummingBad reportedly has been generating revenue of $300,000 a month.
Crime Pays: Ransomware Bosses Make $90K Annually
June 14, 2016
If crime doesn't pay, Russian ransomware bosses wouldn't know it. The average Russian ransomware boss makes $90,000 a year -- or 13 times the average income for citizens in the country who stick to the "straight and narrow," according to a recent Flashpoint study. What does a ransomware honcho do for those rubles? Basically, the job calls for supporting and maintaining the malware.
Twitter Users Snared in Dark Web's Brisk Password Trade
June 10, 2016
Data stolen from more than 32 million Twitter users has been offered for sale on the dark web for 10 bitcoin, or around $5,800, LeakedSource reported Wednesday. LeakedSource has added the account and email information to its searchable repository of compromised credentials. The data set came from someone who has been connected to other large collections of compromised data.
Banking Trojans Take Backseat to Ransomware
June 4, 2016
The banking trojan -- a type of malware used to steal credentials for bank accounts -- has been a staple of cyberthieves for years. However, ransomware, which has proven both easy to use and highly successful, has started eroding its popularity. In a typical banking trojan attack, a robber mounts a phishing campaign to entice a target to open an attachment or click on a link.
Gang Surrenders Key to TeslaCrypt Ransomware Kingdom
May 20, 2016
Eset on Wednesday announced that it has fashioned a free tool that victims of all variants of the TeslaCrypt ransomware can use to unlock affected files. After the criminal gang behind TeslaCrypt recently abandoned support of the malicious software, an Eset analyst contacted the group anonymously, using the channel offered to ransomware victims, and asked for the universal master decryption key.
Flaw Puts a Billion Wireless Mice at Risk
May 20, 2016
Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories -- especially untethered rodents -- also can create new threats for those who use them. One such threat is Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice.
Reddit Tech Forum May Ban Sites That Circumvent Ad Blockers
May 11, 2016
A forum on Reddit, /r/ Technology, on Monday announced it was considering blocking links to websites that require visitors to turn off their ad blockers before viewing content on the site. "It has come to our attention that many websites such as Forbes and Wired are now requiring users to disable ad blockers to view content," said creq, the moderator of the site. "We see this as a security risk."
See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS
What is your No. 1 priority for a new laptop?
Robust features and functionality
Form factor, including size and weight
A good selection of ports and drives
Flexibility to support a variety of uses
A brand name I can trust