Welcome Guest | Sign In
Gang Surrenders Key to TeslaCrypt Ransomware Kingdom
May 20, 2016
Eset on Wednesday announced that it has fashioned a free tool that victims of all variants of the TeslaCrypt ransomware can use to unlock affected files. After the criminal gang behind TeslaCrypt recently abandoned support of the malicious software, an Eset analyst contacted the group anonymously, using the channel offered to ransomware victims, and asked for the universal master decryption key.
Flaw Puts a Billion Wireless Mice at Risk
May 20, 2016
Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories -- especially untethered rodents -- also can create new threats for those who use them. One such threat is Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice.
Reddit Tech Forum May Ban Sites That Circumvent Ad Blockers
May 11, 2016
A forum on Reddit, /r/ Technology, on Monday announced it was considering blocking links to websites that require visitors to turn off their ad blockers before viewing content on the site. "It has come to our attention that many websites such as Forbes and Wired are now requiring users to disable ad blockers to view content," said creq, the moderator of the site. "We see this as a security risk."
Feds to Take a Hard Look at Mobile Device Patch Practices
May 11, 2016
The U.S. Federal Trade Commission and the Federal Communications Commission on Monday announced a joint investigation into the issue of mobile device security updates. The FTC issued an order requiring Apple, BlackBerry, Google, HTC America, LG Electronics USA, Microsoft, Motorola Mobility and Samsung Electronics America to provide information about how they issue security updates.
ISIS Cyberthreat: Puny but Gaining Power
May 5, 2016
The Islamic State group's cyberwar capabilities are unsophisticated, but they won't be that way for long. That was the conclusion of a 25-page report released last week by Flashpoint. The report, "Hacking for ISIS: The Emergent Cyber Threat Landscape," found that the Islamic State's "overall capabilities are neither advanced nor do they demonstrate sophisticated targeting."
Researchers Hijack Samsung's SmartThings IoT System
May 4, 2016
Researchers at the University of Michigan on Monday announced they had uncovered a series of vulnerabilities in the Samsung SmartThings home automation system that essentially could have allowed hackers to take control of various functions and break into a user's home. The researchers, working with Microsoft, were able to perform four proof-of-concept attacks.
Supreme Court Grants Federal Agents Broader Surveillance Authority
May 3, 2016
The U.S. Supreme Court has approved a series of amendments to the federal rules of criminal procedure that would let judges issue search warrants for computers located outside their jurisdiction. Chief Justice John Roberts announced the changes in the Court's interpretation of the rules. They would allow a judge to issue warrants to search for electronic evidence at remote sites, for example.
New Attack Technique Hides Spread of RATs in Asia
April 27, 2016
SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn't touch the victim's computer disk in an unencrypted state. Attackers remain hidden from antivirus and next-generation technologies that focus only on file-based threats.
Windows Users Warned to Dump QuickTime Pronto
April 16, 2016
The U.S. Department of Homeland Security on Thursday issued a warning to remove Apple's QuickTime for Windows. The alert came in response to Trend Micro's report of two security flaws in the software, which will never be patched because Apple has ended support for QuickTime for Windows. Computers running QuickTime are open to increased risk of malicious attack or data loss, US-CERT warned.
Adobe Issues Emergency Patch to Head Off Flash Ransomware Attacks
April 11, 2016
Adobe last week issued an emergency security patch to fix a vulnerability in Flash that could leave users vulnerable to a ransomware attack. The vulnerability exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Chrome operating systems. It can cause a crash and leave the computer vulnerable to attackers, the company said.
DC Healthcare Provider Limps On After Malware Attack
April 1, 2016
Despite its computer systems being infected with malware since Monday, MedStar Health, which operates 10 hospitals and more than 250 outpatient facilities in and around Washington, D.C., has continued to provide patient care at near normal levels, according to several updates released this week. Since the malware attack occurred, MedStar Health has treated an average of 3,380 patients a day.
Ransomware's Aftermath Can Be More Costly Than Ransom
March 24, 2016
Downtime caused by a ransomware attack can cost a company more than paying a ransom to recover data encrypted by the malware, according to a report released last week by Intermedia. Nearly three-quarters (72 percent) of companies infected with ransomware could not access their data for at least two days because of the incident, and 32 percent couldn't access their data for five days or more.
Malware Exploits Apple DRM to Infect iPhones
March 19, 2016
Security researchers at Palo Alto Networks Unit 42 on Wednesday announced they had discovered in the wild a method of infecting nonjailbroken iPhones with malware by exploiting design flaws in Apple's digital rights management technology. The flaw has been exploited since 2013 largely as a means to pirate iOS software, but this is the first time it's been used to infect iPhones with malware.
Apple Ransomware Reveals Cert Problem
March 17, 2016
Researchers last week discovered the first ransomware in the wild aimed at Apple's hardware platform. While the threat was subdued quickly, it exposed the weakness of digital certificates in authenticating software to devices. The ransomware appeared as a legitimate application because it contained a digital certificate stolen from a bona fide Mac developer in Turkey.
Ransomware Plague Spreads to Macs
March 8, 2016
Researchers at Palo Alto Networks last week announced that they had found the first ransomware in the wild aimed at Macintosh computers, but Apple and one of its developers quickly neutered it. The ransomware -- a malware program that scrambles data on a computer and won't unscramble it unless a ransom is paid -- was embedded in software for installing an OS X app for sharing files on BitTorrent.
Malvertisers Use Digital Fingerprints to Avoid Detection
March 4, 2016
In the world of computer security, fingerprints are found in more places than where the tips of hands touch. That's because the term is applied to any data set that can be used to make a unique identification. Antifraud programs online retailers use can identify customers by the structure of the files on their computers. In fact, the technique works so well, malicious actors use it.
Operation Blockbuster Brings the Fight to Sony Hackers
February 25, 2016
Operation Blockbuster, a coalition of security companies led by Novetta, on Wednesday published a report detailing the activities of the Lazarus Group, the organization responsible for the 2014 cyberattack against Sony Pictures Entertainment. Researchers last week published detection signatures to the companies' respective software in the hope of disrupting the group's activities.
The Downside of Linux Popularity
February 25, 2016
Popularity is becoming a two-edged sword for Linux. The open source operating system has become a key component of the Internet's infrastructure, and it's also the foundation for the world's largest mobile OS, Google's Android. Widespread use of the OS, though, has attracted the attention of hackers looking to transfer the dirty tricks previously aimed at Windows to Linux.
Hollywood Hospital Succumbs to Hacker Shakedown
February 19, 2016
Hollywood Presbyterian Medical Center on Wednesday announced that it paid approximately $17,000 to resume normal operations after digital extortionists knocked its computer systems offline. The Los Angeles hospital discovered its computer network infected with ransomware earlier this month. After paying the ransom, the hospital was able to bring its electronic medical record system online.
Hollywood Hospital Hacked Back to Paper Age
February 17, 2016
Hollywood Presbyterian Medical Center last week revealed its computer systems were offline after a ransomware attack scrambled the data on its systems. Ransomware is a form of malware that encrypts data and system files on a computer and demands a ransom payment to unscramble the files. Since the attack, HPMC medical personnel have resorted to faxes and handwritten charts to perform their tasks.
IRS Halts Hack Attack
February 11, 2016
The Internal Revenue Service on Tuesday said it recently discovered and halted an automated bot attack on its electronic filing PIN application website. Identity thieves used malware in an attempt to generate E-file PINs for 464,000 Social Security numbers stolen from another source, the IRS said. The hackers succeeded in accessing an E-file PIN for 101,000 of those numbers.
Old-Timey Mischief on Display at the Malware Museum
February 9, 2016
The Internet Archive on Friday cut the ribbon on its online Malware Museum, an online compendium of malware programs computer users in the 1980s and 1990s sometimes encountered. Everything old is new again, apparently. The museum presents examples of the viruses, complete with the messages or animations they would have shown when infecting a computer.
Europe, US Cut 11th Hour Safe Harbor Deal
February 3, 2016
Europe and the United States on Tuesday announced a new Safe Harbor agreement that neutralizes the threat of enforcement actions against domestic companies handling overseas data. The EU-US Privacy Shield aims to protect the privacy of data belonging to European citizens when it's handled by U.S. companies. It "will protect the fundamental rights of Europeans," said EU Commissioner Vera Jourová.
Samsung Answers Android Ad-Blocking Call
February 2, 2016
Samsung on Sunday released a version of its mobile browser that supports applications that block advertising on Web pages. The browser upgrade can be applied to devices running Android Lollipop and higher. Apple released similar support for the Safari mobile browser last year, but this is the first time a major maker of Android hardware has supported ad blocking.
Snap-Happy Trojan Targets Linux Servers
January 22, 2016
Security researchers at Dr.Web on Tuesday revealed details of the Trojan Linux.Ekoms.1, which takes screen shots and records audio to acquire sensitive and personal information, mostly from Linux servers. Malware for Linux is becoming more diverse and includes spyware programs, ransomware and Trojans designed to carry out distributed denial-of-service attacks, according to Dr.Web.
Digital Ad Fraud Could Top $7 Billion in 2016
January 20, 2016
Bot fraud will cost digital advertisers $7.2 billion worldwide this year, according to a report released Tuesday by the Association of National Advertisers. For the "2015 Bot Baseline" report, 49 ANA members deployed detection tags from White Ops on their digital ads to measure bot fraud over 61 days. Bot fraud impacted up to 37 percent of ads, compared to up to 22 percent in a study in 2014.
Ukraine Mounts Investigation of Kiev Airport Cyberattack
January 20, 2016
Ukrainian officials earlier this week said they had launched a probe into the source of a cyberattack that targeted a Kiev Airport. The attack may be related to the BlackEnergy malware attacks that recently targeted Ukrainian infrastructure facilities, apparently from Russia. CERT-UA on Monday warned system administrators to be on the alert for the presence of BlackEnergy malware.
Privacy as a Service Advocates Promise Better Data Protection
January 14, 2016
There's been a lot of wailing and gnashing of teeth about the Sisyphean task of protecting privacy in the Digital Age, but that hasn't stopped innovators from searching for ways to preserve it. One of the latest ideas to emerge in the field is Privacy as a Service. As with many emerging technologies, the definition of "PaaS" (not to be confused with Platform as a Service) is in flux.
Iranian Cyberattack on American Dam Viewed As Rarity
January 7, 2016
Just days before Christmas, a rare event occurred: the report of a successful intrusion into America's infrastructure by overseas hackers. The event -- penetration of the control system of a dam 20 miles from New York City -- happened more than two years ago but wasn't made until last month. Cloaking such incidents in secrecy is standard operating procedure for industries that use control systems.
Security Execs Sweat Insider Threats
December 31, 2015
Insider threats are becoming increasingly worrisome to corporate security executives. That is one of the findings in a survey of C-level businesspeople Nuix released last week. "The insider threat seems to be a bigger concern this year than it was in previous years," said Nuix's Keith Lowry. "People are recognizing that it is a significant weakness that has yet to be fully addressed."
See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS
What's your alarm level over cyberattacks on the Internet's infrastructure?
Red: A deadly cyberwar will occur -- It's when, not if.
Orange: A big one could be costly and threaten public safety.
Yellow: We need to improve cybersecurity at a faster pace.
Blue: Regional outages will become more frequent and more annoying.
Green: There's no way anyone could take out the entire Internet.