Wednesday, September 30, 2015

Feedly:. WinRAR affected by new zero-day vulnerability



from

A new remote code execution vulnerability affecting the compression utility is less dangerous than first believed.
Twitter Card Style: 
summary

WinRAR zero day.jpg

read more

Feedly:TrendLabs Security Intelligence Blog. 3,000 High-Profile Japanese Sites Hit By Massive Malvertising Campaign



from TrendLabs Security Intelligence Blog

Malvertising and exploit kits work hand-in-hand – and are an amazingly effective threat that keeps victimizing users over and over again. The latest victim? Users in Japan. Since the start of September, almost half a million users have been exposed to a malvertising campaign powered by the Angler exploit kit. This particular attack was highly targeted […]

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Thursday, October 1st 2015 http://ift.tt/1N2IJRm, (Thu, Oct 1st)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:SANS Internet Storm Center, InfoCON: green. Recent trends in Nuclear Exploit Kit activity, (Thu, Oct 1st)



from SANS Internet Storm Center, InfoCON: green

Introduction

Since mid-September 2015, Ive generated a great ...(more)...

Feedly:Fortinet Blog. A Quick Look at a Recent RIG Exploit Kit Sample



from Fortinet Blog

RIG Exploit Kit was upgraded to v3.0 a while back. While RIG EK was never as active as other exploit kits such as Angler or Nuclear, it is one of the more 'stable' EKs in terms of its near constant presence on the Internet. We will talk abou...

Feedly:The Citizen Lab. Irene Poetranto at Colombia’s Internet Governance Forum



from The Citizen Lab

Citizen Lab Communications Officer and Researcher Irene Poetranto will speak at a number of cybersecurity events in Latin America, including the second annual Colombian Internet Governance Forum.

The post Irene Poetranto at Colombia’s Internet Governance Forum appeared first on The Citizen Lab.

Feedly:. Apple’s “Gatekeeper” in Mac OS X vulnerable to simple bypass



from

Researcher Patrick Wardle details security weakness in Apple’s “Gatekeeper” in Mac OS X that could allow attackers to run unverified, unsigned code.
Twitter Card Style: 
summary

gatekeeper header.jpg

Tomorrow at the Virus Bulletin conference in Prague, researcher Patrick Wardle is set to highlight a security weakness in Apple’s Mac OS X “Gatekeeper” technology that could allow attackers to run unverified, unsigned code.

read more

Feedly:Threats RSS Feed - Symantec Corp.. Exp.CVE-2015-5539



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:SANS Internet Storm Center, InfoCON: green. Mistakenly-deployed test patch leads to suspicious Windows update , (Wed, Sep 30th)



from SANS Internet Storm Center, InfoCON: green

Earlier today, various sources reporteda highly-suspicious Windows update. According to Ars Techn ...(more)...

Feedly:Errata Security. Jeb Bush is a cyber-weenie



from Errata Security

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Uverat



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Threats RSS Feed - Symantec Corp.. Downloader.Sapaviro



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Darknet - The Darkside. WinRAR Vulnerability Is Complete Bullshit



from Darknet - The Darkside

Feedly:TrendLabs Security Intelligence Blog. New “Ghost Push” Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps



from TrendLabs Security Intelligence Blog

By Yang Yang, Jordan Pan Halloween is still a month from now and yet Android users are already being haunted by the previously reported “Ghost Push” malware, which roots devices and makes them download unwanted ads and apps. The malware is usually packaged with apps that users may download from third-party app stores. Further investigation of GhostPush […]

Feedly:We Live Security » Languages » English. Significant WinRAR vulnerability identified



from We Live Security » Languages » English

An expert says that the popular compression tool WinRAR contains a significant vulnerability that exposes it to an attack.

The post Significant WinRAR vulnerability identified appeared first on We Live Security.

Feedly:SANS Internet Storm Center, InfoCON: green. OUCH October Newsletter - Password Managers: http://ift.tt/1cdq9V8, (Wed, Sep 30th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:. How Android’s evolution has impacted the mobile threat landscape



from

Significant behavioral changes made to the Android mobile operating system have affected malware and how it applies to non-rooted devices.
Twitter Card Style: 
summary

Header-image60.jpg

read more

Feedly:We Live Security » Languages » English. Virtual skyscraper Cyphinx hopes to find cyber talent



from We Live Security » Languages » English

A 3D skyscraper has been developed to help the Cyber Security Challenge find the next generation of cyber talent.

The post Virtual skyscraper Cyphinx hopes to find cyber talent appeared first on We Live Security.

Feedly:We Live Security » Languages » English. UK parents ‘want minimum age for smartphone ownership’



from We Live Security » Languages » English

A survey has found that most parents in the UK are keen to see a minimum age introduced for smartphone ownership.

The post UK parents ‘want minimum age for smartphone ownership’ appeared first on We Live Security.

Tuesday, September 29, 2015

Feedly:Errata Security. Prez: Candidate synchronization



from Errata Security

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Wednesday, September 30th 2015 http://ift.tt/1MZoxji, (Wed, Sep 30th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:TaoSecurity. Attribution: OPM vs Sony



from TaoSecurity

Feedly:SANS Internet Storm Center, InfoCON: green. Tricks for DLL analysis, (Tue, Sep 29th)



from SANS Internet Storm Center, InfoCON: green

Very often I get questions on how to perform analysis on DLL files.

Feedly:Malwarebytes Unpacked. Latest WinRAR Vulnerability has Yet to be Patched



from Malwarebytes Unpacked

Warning about an unpatched vulnerability in the popular compression software WinRAR.

Categories:

Tags:

(Read more...)

Feedly:Malwarebytes Unpacked. This Instagram Account Preys on Your Trust Issues



from Malwarebytes Unpacked

We recently discovered an account that baits users with the lure of catching his/her potentially cheating partner red-handed using a “trusted” service. All he/she needs is the target’s phone number.

Categories:

Tags:

(Read more...)

Feedly:Malwarebytes Unpacked. Skype Hacking Tool: A Sting in the Tail…



from Malwarebytes Unpacked

Resist the temptation to try out this so-called "Skype Hacking Tool" or you may get more than you bargained for...

Categories:

Tags:

(Read more...)

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Identifying problems with national identifiers: Supposedly encrypted numbers can be easily decrypted



from Security News - Software vulnerabilities, data leaks, malware, viruses

In a pair of experiments that raise questions about the use of national identifying numbers, Harvard researchers have shown that Resident Registration Numbers (RRN) used in South Korea can be decrypted to reveal a host of personal information.

Feedly:We Live Security » Languages » English. Viruses, bulletins, surveys, and gender: hashtag #VB2015



from We Live Security » Languages » English

Virus Bulletin 2015 in Prague could be the biggest ever, a great place to discover the latest developments in malware protection and information security, and address issues like the infosec skills gap.

The post Viruses, bulletins, surveys, and gender: hashtag #VB2015 appeared first on We Live Security.

Feedly:Virus alerts. Warning: Malicious emails claiming to be from Doctor Web



from Virus alerts

September 29, 2015

Lately, some Internet users have received email messages claiming to be from Doctor Web. The messages having the “Hello [user name], we would like to invite you to become our Tester" header (“Здравствуйте, [имя пользователя], станьте нашим Тестером”) offer users to take part in testing of some tool called “Dr.Web CureIt 2”. At that, cybercriminals prompt the user to turn off their anti-virus software because it can be incompatible with the “tool”.

screen

One known case of this malicious mailing was registered on September 29, 2015, at 04:10 (Moscow time). The link from the message leads to a fraudulent website from which a Trojan, dubbed Trojan.PWS.Stealer.13052, gets downloaded to the victim's computer.

screen

This malicious program is designed to steal passwords and other confidential information stored on the compromised computer. Doctor Web would like to inform users that we are not conducting any tests of “Dr.Web CureIt 2”. Moreover, we strongly advise against installing and running any applications downloaded by opening links from such email messages.

The signature of Trojan.PWS.Stealer.13052 has been added to Dr.Web virus databases, and the fraudulent website has been added to the base of non-recommended websites. Do not, under any circumstances, disable your anti-virus software.

Feedly:Threats RSS Feed - Symantec Corp.. Infostealer.Centerpos



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:We Live Security » Languages » English. Vulnerable medical equipment details disclosed online



from We Live Security » Languages » English

Vulnerable hospital equipment details can be found online, two security researchers have found.

The post Vulnerable medical equipment details disclosed online appeared first on We Live Security.

Feedly:Virus alerts. Trojan sets up proxy servers on Linux computers



from Virus alerts

September 29, 2015

Linux.Ellipsis.1 is designed to set up a proxy server on the attacked machine. However, this sample is not like other malicious programs targeting Linux—its behavior was called “paranoid” by Doctor Web security researchers. It is already known that cybercriminals use such proxy servers to get anonymous access to devices hacked by another malicious program dubbed Linux.Ellipsis.2. The attack scheme looks as follows: using Linux.Ellipsis.2, cybercriminals get unauthorized access via SSH to any network device or computer and then use it to perform their malicious activities while maintaining anonymity thanks to Linux.Ellipsis.1.

Let us now have a closer look at Linux.Ellipsis.1.

Once launched on the infected machine, Linux.Ellipsis.1 removes its own working directory, clears the list of iptables rules, and attempts to “kill” processes of a number of running applications—for example, of programs used to log events and analyze traffic. After that, the Trojan replaces existing directories and system log files with folders under the same names—this makes creation of logs with identical names in future impossible.

Next, Linux.Ellipsis.1 modifies the "/etc/coyote/coyote.conf" configuration file by adding the alias passwd=cat\n string. Then it removes a number of system tools from /bin/, /sbin/, and /usr/bin/ and adds the immutable attribute to some files necessary for its operation. Moreover, the Trojan blocks subnet IP addresses specified in the configuration file or in the command received by the Trojan. At that, “blocking” means that after an appropriate iptables rule is created, a specific IP address is not allowed to send or receive packages over a specified port or protocol.

The main purpose of Linux.Ellipsis.1 is to set up a proxy server on the infected computer. For that, the Trojan monitors connections on a local address and port proxying all traffic transmitted via them.

Compared to other malicious programs, the behavior of Linux.Ellipsis.1 is rather unique—the Trojan encompasses a list of strings for which it searchers network traffic. If any of the strings is detected, the Trojan blocks data transfer to the corresponding remote server at the IP address. The list of forbidden words also has a part which changes in accordance with the contents of the incoming package. For example, if the incoming package contains the “User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)” string, the list is appended with the “eapmygev.” and “ascuviej.” values. Moreover, the Trojan uses the list of ignored and suspicious words too.

The “paranoid” behavior of Linux.Ellipsis.1 also lies in the fact that, apart from blocking remote nodes from the list, it checks all network connections and sends the remote server the IP address to which the connection is established. If the server responds with the “kill” command, the Trojan shuts down the application that established the connection and blocks the IP address using iptables. In the home directory, Linux.Ellipsis.1 creates the "ip.filtered" file, where "ip" is replaced with a string representation of the blocked IP address. The same check is applied to processes that contain "sshd" in their names. IP addresses from the lists are blocked forever, while other addresses are blocked just for 2 hours—once every half an hour, a separate malicious process scans the contents of the home directory looking for files that were created more than two hours ago and whose names start with an IP address. After that, these files are deleted and a corresponding rule in iptables is created.

Right after Linux.Ellipsis.1 was detected, Doctor Web security researchers traced Linux.Ellipsis.2 which is, judging by some of its features, a creation of the same virus writer and is designed to brute-force passwords. Like Linux.Ellipsis.1, this Trojan clears the list of iptables rules, removes applications that are “in its way”, creates folders to prevent the system from logging events, and refers for tasks to the server whose address it gets as an incoming argument on startup. Linux.Ellipsis.2 calculates the total number of scanning threads and SSH connections on the basis of the infected computer' processor frequency.

A task obtained from the server contains an IP address of a subnet that the malicious program scans for devices with open SSH connections on port 22. If such devices are detected, the Trojan tries to connect to them by going through all login:password pairs from a special list. If such an attempt is successful, the Trojan sends an appropriate message to the server controlled by cybercriminals.

Signatures of all the programs mentioned in this article have been added to Dr.Web virus database. Therefore, these Trojans pose no threat to Dr.Web users.

More about this Trojan

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Musicians Armin van Buuren, Luke Bryan most dangerous online



from Security News - Software vulnerabilities, data leaks, malware, viruses

If you're planning to look up Usher, Luke Bryan or producer Armin van Buuren on the web, take heed.

Feedly:Malwarebytes Unpacked. Crowdfunder Indiegogo Misused by Spammers



from Malwarebytes Unpacked

Spammers are misusing the services of Indiegogo with spammy project pages offering up a variety of so-called "deals"...

Categories:

Tags:

(Read more...)

Monday, September 28, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Tuesday, September 29th 2015 http://ift.tt/1iGz4CE, (Tue, Sep 29th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:Malwarebytes Unpacked. Malvertising Via Google AdWords Leads to Fake BSOD



from Malwarebytes Unpacked

Tech support scammers launch the infamous fake Blue Screen Of Death via a Google AdWords malvertising campaign.

Categories:

(Read more...)

Feedly:Darknet - The Darkside. FSFlow – A Social Engineering Call Flow Application



from Darknet - The Darkside

Feedly:The Citizen Lab. An Analysis of the International Code of Conduct for Information Security



from The Citizen Lab

As the United Nations General Assembly begins its milestone 70th session, international digital security is high on the agenda. One starting point for discussion is likely to be the International Code of Conduct for Information Security (the “Code”). This analysis explores how the Code has developed over time, impetus behind the changes made, and the potential impact of the Code on international human rights law and its application. It is accompanied by an interactive comparison of the 2015 and 2011 versions of the Code.

The post An Analysis of the International Code of Conduct for Information Security appeared first on The Citizen Lab.

Feedly:Malwarebytes Unpacked. Pornhub, YouPorn Latest Victims of Adult Malvertising Campaign



from Malwarebytes Unpacked

The malvertising campaign against adult sites continues, makes more victims.

Categories:

Tags:

(Read more...)

Feedly:TrendLabs Security Intelligence Blog. Moving Forward with EMV and Other Payment Technologies



from TrendLabs Security Intelligence Blog

October 1st ushers in a significant shift for merchants, banks, and consumers. It is deadline day for merchants in the United States to switch to EMV technology. EMV stands for Europay, MasterCard, and Visa, the three companies that created the EMV consortium in 1994 to develop new technologies to counteract payment card fraud. With this […]

Feedly:Malwarebytes Unpacked. Regaining control over Edge



from Malwarebytes Unpacked

With the public introduction of Windows 10 and its default browser, Edge, we have noticed that quite a few people have run into this predicament: If Edge is set to start with the same tabs that were open when it was last closed (Previous pages), and you happened to get redirected to a site that […]

Categories:

Tags:

(Read more...)

Feedly:Fortinet Blog. Detour Ahead...Please Engage Brain



from Fortinet Blog

It was a morning like lots of others...I was headed to the airport for a week in our home office, so I got an early start, checked on the sheep on the way out (yes, sheep), and got on the road. Aside from being ridiculously early, the ride was uneven...

Feedly:We Live Security » Languages » English. Compromised Uber accounts ‘being used in China’



from We Live Security » Languages » English

It has been reported that compromised Uber accounts are being used by criminals in China.

The post Compromised Uber accounts ‘being used in China’ appeared first on We Live Security.

Feedly:SANS Internet Storm Center, InfoCON: green. "Transport of London" Malicious E-Mail, (Mon, Sep 28th)



from SANS Internet Storm Center, InfoCON: green

This morning, I received several e-mails with the subject Email from Transport of London. The att ...(more)...

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Researchers study users to increase cyber security



from Security News - Software vulnerabilities, data leaks, malware, viruses

Missouri University of Science and Technology researchers are working to build a framework to study the online behavior of Internet users and how that behavior affects the safety of systems and networks.

Feedly:Securelist - Information about Viruses, Hackers and Spam. Gaza cybergang, where’s your IR team?



from Securelist - Information about Viruses, Hackers and Spam

Gaza cybergang is a politically motivated Arabic cybercriminal group operating in the MENA (Middle East North Africa) region, mainly Egypt, United Arab Emirates and Yemen. The group has been operating since 2012 and became particularly active in Q2 2015.

Feedly:TrendLabs Security Intelligence Blog. Two New PoS Malware Affecting US SMBs



from TrendLabs Security Intelligence Blog

Following the seemingly quiet state of point-of-sale (PoS) malware these past few months, we are now faced with two new PoS malware named Katrina and CenterPoS now available to cybercriminals. In our 2Q Security Roundup released in August, we reported new PoS malware discoveries, namely FighterPoS in April, MalumPoS in June, and GamaPoS a month […]

Saturday, September 26, 2015

Feedly:Darknet - The Darkside. EvilFOCA – Network Attack Toolkit



from Darknet - The Darkside

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Analysis: US-China agreement on cybertheft a first step



from Security News - Software vulnerabilities, data leaks, malware, viruses

China's pledge to help crack down on hackers who steal commercial secrets from the United States, even coming as it did amid a bit of arm-twisting by President Barack Obama, is a big breakthrough that could reduce U.S.-China tensions and end huge losses for American companies.

Friday, September 25, 2015

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Maldns!inf



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Malwarebytes Unpacked. Fake online Avast scanner



from Malwarebytes Unpacked

Thanks to a tip from a friend, we came across a fake online scanner that abuses the good name of Avast. The idea to get you to visit this site is by waiting for someone to make a typo and end up at facebooksecuryti(dot)com. The site shows a picture of a pornographic nature just long […]

Categories:

Tags:

(Read more...)

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. US and China agree to stop cyber-theft for profit



from Security News - Software vulnerabilities, data leaks, malware, viruses

The United States and China have agreed not to conduct or condone cyber attacks on each other's private sector for commercial gain, US President Barack Obama and his counterpart Xi Jinping said Friday.

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Tinba.C!gm



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Greendispenser



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Hackers have finally breached Apple's security but your iPhone's probably safe (for now)



from Security News - Software vulnerabilities, data leaks, malware, viruses

Cyber security experts recently discovered that the almost impenetrable Apple App Store had been hacked. While cyber break-ins have become routine news for many companies, Apple has long prided itself on providing technology for its phones and tablets that was incredibly secure.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Scientists stop and search malware hidden in shortened urls on Twitter



from Security News - Software vulnerabilities, data leaks, malware, viruses

Cyber-criminals are taking advantage of real-world events with high volumes of traffic on Twitter in order to post links to websites which contain malware.

Feedly:We Live Security » Languages » English. DHS working on ‘self-destructing’ security chip for smartphones



from We Live Security » Languages » English

A security chip that self-protects the device it is embedded in is being developed by the Department for Homeland Security.

The post DHS working on ‘self-destructing’ security chip for smartphones appeared first on We Live Security.

Feedly:We Live Security » Languages » English. Virus Bulletin small talk: Diversity in tech



from We Live Security » Languages » English

Ahead of next week's Virus Bulletin conference, ESET's Lysa Myers offers a teaser of what to expect of her "small talk" with colleague Stephen Cobb.

The post Virus Bulletin small talk: Diversity in tech appeared first on We Live Security.

Feedly:We Live Security » Languages » English. Why parents must teach their children about internet security



from We Live Security » Languages » English

Children as young as five are surfing the web on a daily basis, but are parents doing enough to educate them on the dangers of the online world? We investigate.

The post Why parents must teach their children about internet security appeared first on We Live Security.

Feedly:SANS Internet Storm Center, InfoCON: green. Mozilla Foundation Security Advisory 2015-112, (Fri, Sep 25th)



from SANS Internet Storm Center, InfoCON: green

Firefox has announced several vulnerabilities in Firefox and Firefox ESR which were reported byRo ...(more)...

Feedly:Threats RSS Feed - Symantec Corp.. W32.Mydoom.E



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Worm.

Feedly:Malwarebytes Unpacked. SSL Malvertising Campaign Targets Top Adult Sites



from Malwarebytes Unpacked

A long running malvertising campaign hits major adult sites with a carefully crafted advert.

Categories:

Tags:

(Read more...)

Feedly:We Live Security » Languages » English. iOS 9 security flaw lets attackers access device through Siri



from We Live Security » Languages » English

Apple’s iOS 9 contains a security flaw that lets cybercriminals gain limited access to a device through Siri.

The post iOS 9 security flaw lets attackers access device through Siri appeared first on We Live Security.

Thursday, September 24, 2015

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Audit finds slipshod cybersecurity at HealthCare.gov



from Security News - Software vulnerabilities, data leaks, malware, viruses

The government stored sensitive personal information on millions of health insurance customers in a computer system with basic security flaws, according to an official audit that uncovered slipshod practices.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Snowden on video at NYC forum to promote privacy treaty



from Security News - Software vulnerabilities, data leaks, malware, viruses

Domestic digital spying on ordinary citizens is an international threat that will only be slowed with measures like a proposed international treaty declaring privacy a basic human right, Edward Snowden said Thursday in a video appearance at a Manhattan forum.

Feedly:TrendLabs Security Intelligence Blog. Credit Card-Scraping Kasidet Builder Leads to Spike in Detections



from TrendLabs Security Intelligence Blog

By RonJay Caragay, Michael Marcos A commercialized builder of the Kasidet or Neutrino bot, which is infamous for its distributed denial-of-service (DDoS) capabilities, have been making the rounds recently after it was leaked in an underground forum in July (version 3.6). It included a previously unheard of feature for the bot: “ccsearch” or the scraping of payment card details […]

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Friday, September 25th 2015 http://ift.tt/1QC64qK, (Fri, Sep 25th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:Fortinet Blog. Closing The Gap On Mobile Security For SMBs



from Fortinet Blog

Not surprisingly, mobile security ranks among the top challenges IT faces when it comes to protecting small and mid-sized businesses. What is surprising, however, is that only 16% of SMBs worldwide responding to a recent Techaisle survey say they&rsq...

Feedly:TrendLabs Security Intelligence Blog. One Year After Shellshock, Are Your Servers and Devices Safer?



from TrendLabs Security Intelligence Blog

Security researchers were the first to respond during the Shellshock attacks of 2014. After news of the fatal flaw in the prevalent Bash (Bourne Again Shell)— found in most versions of the Unix and Linux operating systems as well as in Mac OSX —was released, researchers started looking into how it can be used against affected web […]

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Mentono



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Darknet - The Darkside. XcodeGhost iOS Trojan Infected Over 4000 Apps



from Darknet - The Darkside

Feedly:. Kovter malware learns from Poweliks with persistent fileless registry update



from

A variant of the Kovter malware is the first to use Trojan.Poweliks’ pioneering tricks by residing only in the registry to evade detection.
Twitter Card Style: 
summary

kovter-header-image.jpg

read more

Feedly:SANS Internet Storm Center, InfoCON: green. Tracking Privileged Accounts in Windows Environments, (Sun, Sep 20th)



from SANS Internet Storm Center, InfoCON: green

While speaking with a customer, he complained about the huge number of privileged users having do ...(more)...

Wednesday, September 23, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Thursday, September 24th 2015 http://ift.tt/1ixucQs, (Thu, Sep 24th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:The Citizen Lab. Jason Q. Ng speaks to the China Economic Review on UC Browser vulnerabilities



from The Citizen Lab

Citizen Lab Senior Research Fellow Jason Q. Ng spoke to the China Economic Review on the findings of the UC Browser report, and the impact of security vulnerabilities on users.

The post Jason Q. Ng speaks to the China Economic Review on UC Browser vulnerabilities appeared first on The Citizen Lab.

Feedly:Malwarebytes Unpacked. Imgur Abused in DDoS Attack Against 4Chan!



from Malwarebytes Unpacked

So a few of you might have noticed that we started blocking "Imgur.com" which is a popular image sharing website. The reason we did this is because of a vulnerability within their code that allowed cyber criminals to load malicious javascript code into the browsers of site users. This in turn was used to turn each system into a DDoS weapon.

Categories:

Tags:

(Read more...)

Feedly:SANS Internet Storm Center, InfoCON: green. Cisco IOS / IOS XE security advisories, (Wed, Sep 23rd)



from SANS Internet Storm Center, InfoCON: green

Cisco have released three patch bulletins today

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Agency: Millions more government fingerprints deemed stolen



from Security News - Software vulnerabilities, data leaks, malware, viruses

The Obama administration says the fingerprints of 5.6 million people who applied for or received a federal security clearance were stolen—not 1.1 million as first believed.

Feedly:We Live Security » Languages » English. Criminals, Linguistics, Literacy and Attribution



from We Live Security » Languages » English

In an article I wrote recently for Infosecurity Magazine – Spelling Bee (Input from the Hive Mind – I touched on the topic of textual analysis (in a rather loose sense). This was in response to some comments implying that it’s a good indicator of scamminess when a message uses US or UK spellings inappropriate to

The post Criminals, Linguistics, Literacy and Attribution appeared first on We Live Security.

Feedly:Threats RSS Feed - Symantec Corp.. Infostealer.Bebloh



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:We Live Security » Languages » English. Global information security spend grows by 5% in 2015



from We Live Security » Languages » English

Gartner reveals that spending on information security across the world will have increased by 4.7% by the end of this year.

The post Global information security spend grows by 5% in 2015 appeared first on We Live Security.

Feedly:We Live Security » Languages » English. UK businesses ‘need to protect themselves from cybercrime’



from We Live Security » Languages » English

UK businesses need to protect themselves from cybercrime, as government data reveals that up to 90 percent of major businesses in the country experienced an attack in 2014.

The post UK businesses ‘need to protect themselves from cybercrime’ appeared first on We Live Security.

Feedly:. Free Instagram followers: Compromised accounts, phishing sites and survey scams



from

Scammers are using compromised Instagram accounts to phish for login credentials and earn money through survey scams.
Twitter Card Style: 
summary

ig-free-followers-header.jpg

read more

Feedly:We Live Security » Languages » English. 7 years of Android: A painful journey to world dominance



from We Live Security » Languages » English

Exactly seven years ago to the day (September 23rd), after much speculation, Google finally lifted the lid on its secret project, one which would go onto change the mobile world.

The post 7 years of Android: A painful journey to world dominance appeared first on We Live Security.

Feedly:Malwarebytes Unpacked. Press H to Hack: Unsolicited Draft



from Malwarebytes Unpacked

We take a look at a game which lets you become a junk mail spammer.

Categories:

Tags:

(Read more...)

Tuesday, September 22, 2015

Feedly:TrendLabs Security Intelligence Blog. Businesses Held for Ransom: TorrentLocker and CryptoWall Change Tactics



from TrendLabs Security Intelligence Blog

Perpetrators behind ransomware have moved away from targeting consumers and tailored their attacks to extort small and medium-sized businesses (SMBs).This business segment make potentially good targets for ransomware since small businesses are less likely to have the sophisticated solutions that enterprises have. And at the same time, the owners often have the capacity to pay. […]

Feedly:Errata Security. I gave $10 to every presidential candidate



from Errata Security

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Wednesday, September 23rd 2015 http://ift.tt/1FsHiZQ, (Wed, Sep 23rd)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:SANS Internet Storm Center, InfoCON: green. Making our users unlearn what we taught them, (Wed, Sep 23rd)



from SANS Internet Storm Center, InfoCON: green

Remember back in the ancient days, when macro viruses were rampant, and we security ge ...(more)...

Feedly:SANS Internet Storm Center, InfoCON: green. TLS Everywhere: Upgrade Insecurity Requests Header, (Tue, Sep 22nd)



from SANS Internet Storm Center, InfoCON: green

TLS (I still have to get used to saying TLS instead of SSL) everywhere is a goal many sites attem ...(more)...

Feedly:Malwarebytes Unpacked. A Week in Security (Sep 13 – Sep 19)



from Malwarebytes Unpacked

A compilation of notable security news and blog posts from September 13 to 19.

Categories:

Tags:

(Read more...)

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Cyber security firm offers $1 million for Apple hack



from Security News - Software vulnerabilities, data leaks, malware, viruses

Computer security firm Zerodium on Tuesday offered a $1 million (890,000-euro) bounty to hackers who can find a way to breach Apple's latest iOS 9 mobile operating system.

Feedly:Malwarebytes Unpacked. Ghostery: A Tool that Stop Trackers



from Malwarebytes Unpacked

For those who feel that they are being watched by a “big brother”, there are several tools that will help you in stopping some of the online tracking that is going on. If you are using Firefox I would like to recommend this post about hardening Firefox. One of the options my colleague posted was […]

Categories:

Tags:

(Read more...)

Feedly:Malwarebytes Unpacked. Malvertising Attack Hits Realtor.com Visitors



from Malwarebytes Unpacked

People looking for a new house via real estate website realtor.com may have been exposed to malvertising.

Categories:

Tags:

(Read more...)

Feedly:Fortinet Blog. A Visualization Is Worth A Whole Lot Of Words When It Comes To Security



from Fortinet Blog

We all know the expression “a picture is worth a thousand words”. But those of us who have experienced the power of dynamic visualizations in big data analytics tools know that a good visualization can take countless words and huge datase...

Feedly:We Live Security » Languages » English. Google Drive security boost for paying customers



from We Live Security » Languages » English

Google has announced that organizations that pay for Google Drive will reap the benefits of a more secure platform.

The post Google Drive security boost for paying customers appeared first on We Live Security.

Feedly:Malwarebytes Unpacked. GTA 5 Money Generator Scams: They’re Wheelie Bad



from Malwarebytes Unpacked

We take a look at the current batch of Grand Theft Auto money generator sites.

Categories:

Tags:

(Read more...)

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Ranscrypt.U!gm



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:We Live Security » Languages » English. Android trojan drops in, despite Google’s bouncer



from We Live Security » Languages » English

ESET recently discovered an interesting stealth attack on Android users, an app that is a regular game but with an interesting addition: the application was bundled with another application.

The post Android trojan drops in, despite Google’s bouncer appeared first on We Live Security.

Feedly:TrendLabs Security Intelligence Blog. Follow the Data: Dissecting Data Breaches and Debunking the Myths



from TrendLabs Security Intelligence Blog

Data breaches are daily news items. Reports of data breaches affecting governments, hospitals, universities, financial institutions, retailers, and recently an extra-marital affairs site, so on dominate the news with increasing frequency. This is merely the tip of the data breach iceberg, with the vast majority of incidents remaining unreported and undisclosed. To better understand data […]

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Ransomcrypt.U



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Virus alerts. Dangerous adware distributes Trojans for OS X



from Virus alerts

September 22, 2015

The sample of Adware.Mac.WeDownload.1, analyzed in Doctor Web virus laboratory, is disguised as a distribution package of Adobe Flash Player containing the following digital signature: "Developer ID Application: Simon Max (GW6F4C87KX)". This downloader is distributed via an affiliate program focused on generating income from file downloads.

screen Adware.Mac.WeDownload.1 #drweb

Once launched, Adware.Mac.WeDownload.1 prompts the user to grant it administrator privileges and sends consecutive requests to three command and control servers, whose addresses are hard coded in its body, to get data for the main application window. If none of the servers responds, the downloader terminates its work. If Adware.Mac.WeDownload.1 gets a response, it sends the command and control server a POST request containing the downloader's configuration data in JSON format (JavaScript Object Notation). As a reply, the program receives an HTML page with the contents of the main window. The downloader adds a current time mark and a digital signature, which is generated based on a special algorithm, to all future GET and POST requests.

Once an appropriate request is sent, Adware.Mac.WeDownload.1 receives a list of applications that the user will be prompted to install. The list includes not only unwanted programs but also malicious ones, including Program.Unwanted.MacKeeper, Mac.Trojan.Crossrider, Mac.Trojan.Genieo, Mac.BackDoor.OpinionSpy, various Trojans belonging to the Trojan.Conduit family, and some other dangerous applications.

screen Adware.Mac.WeDownload.1 #drweb

The total number and types of programs depend on the victim's geolocation. If the list of applications is empty, the user will not be offered to install anything else except for their original choice.

Doctor Web security researchers would like to remind users of Apple computers to be careful and to download applications only from reliable sources. The signature of Adware.Mac.WeDownload.1 has been added to Dr.Web virus database for OS X, and, therefore, this downloader poses no threat to our users.

More about this downloader

Feedly:We Live Security » Languages » English. Update Flash now! Adobe releases patch, fixing critical security holes



from We Live Security » Languages » English

It's time to update Flash once again, and don't forget to reduce the attack surface by enabling "Click to Play"... or uninstall it altogether.

The post Update Flash now! Adobe releases patch, fixing critical security holes appeared first on We Live Security.

Monday, September 21, 2015

Feedly:TrendLabs Security Intelligence Blog. The XcodeGhost Plague – How Did It Happen?



from TrendLabs Security Intelligence Blog

The iOS app store has traditionally been viewed as a safe source of apps, thanks to Apple’s policing of its walled garden. However, that is no longer completely the case, thanks to the discovery of multiple legitimate apps in the iOS app store that contained malicious code, which was dubbed XcodeGhost. So, how did  XcodeGhost […]

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Tuesday, September 22nd 2015 http://ift.tt/1JlVSxb, (Tue, Sep 22nd)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:TrendLabs Security Intelligence Blog. How Exploit Kit Operators are Misusing Diffie-Hellman Key Exchange



from TrendLabs Security Intelligence Blog

By Brooks Li, Stanley Liu and Allen Wu Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to discover that the notorious Angler and Nuclear exploit kits have included the latest Flash vulnerability (CVE-2015-5560) in their regular update. This means that systems with Adobe Flash Player 18.0.0.209 and earlier are vulnerable; however users running the […]

Feedly:Errata Security. Zerodium's million dollar iOS9 bounty



from Errata Security

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Lawyer: US needs to present better data in encryption debate



from Security News - Software vulnerabilities, data leaks, malware, viruses

The federal government needs to be clearer about the importance of accessing encrypted smartphone evidence in order to prosecute criminals, a Justice Department lawyer acknowledged Monday.

Feedly:Darknet - The Darkside. peinjector – MITM PE File Injector



from Darknet - The Darkside

Feedly:Threats RSS Feed - Symantec Corp.. Packed.Vmpbad!gen37



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Tinba.C



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Malwarebytes Unpacked. XcodeGhost malware infiltrates App Store



from Malwarebytes Unpacked

In the largest breach of Apple's App Store history, a new malware called XcodeGhost has spread to 39 known apps in the iOS App Store.

Categories:

Tags:

(Read more...)

Feedly:Threats RSS Feed - Symantec Corp.. Infostealer.Odlanor



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. AI algorithm trained to predict what ISIL forces will do in different situations



from Security News - Software vulnerabilities, data leaks, malware, viruses

An elder tribesman in eastern Afghanistan was amazed by the precision of American drone strikes. He had seen attacks hit exactly where insurgents were sleeping. A room exploded and they were no longer there.

Feedly:We Live Security » Languages » English. Apple removes hundreds of malicious apps after major malware attack



from We Live Security » Languages » English

Apple has removed more than 300 malicious apps after confirming the first major breach to its iOS app store.

The post Apple removes hundreds of malicious apps after major malware attack appeared first on We Live Security.

Feedly:SANS Internet Storm Center, InfoCON: green. Detecting XCodeGhost Activity, (Mon, Sep 21st)



from SANS Internet Storm Center, InfoCON: green

End of last week, PaloAltoNetworks

Sunday, September 20, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Monday, September 21st 2015 http://ift.tt/1iqRCXC, (Mon, Sep 21st)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:SANS Internet Storm Center, InfoCON: green. Using testssl.sh , (Sun, Sep 20th)



from SANS Internet Storm Center, InfoCON: green

Testssl project has announced the release of testssl 2.6 ...(more)...

Feedly:The Citizen Lab. Researchers Find Major Security and Privacy Issues in Smart Sheriff Parental Monitoring Application



from The Citizen Lab

The Citizen Lab at the Munk School of Global Affairs, University of Toronto is releasing a new report, “Are the Kids Alright? Digital Risks to Minors from South Korea’s Smart Sheriff Application.” The report details results of two independent audits of the privacy and security of Smart Sheriff, a parental monitoring application that has been promoted by the South Korean government.

The post Researchers Find Major Security and Privacy Issues in Smart Sheriff Parental Monitoring Application appeared first on The Citizen Lab.

Feedly:The Citizen Lab. 시티즌랩 연구진, 한국의 청소년 유해정보 차단 앱에서 중요한 보안 및 프라이버시 문제점 발견



from The Citizen Lab

오늘 토론토 대학교 뭉크스쿨 글로벌상황연구소 산하 시티즌랩 (Munk School of Global Affairs, Citizen Lab)에서는 새로운 보고서 “우리의 아이들은 안전한가? 청소년들을 디지털 위험에 노출시키는 한국의 스마트보안관 앱(Are the Kids Alright? Digital Risks to Minors from South Korea’s Smart Sheriff Application)”을 발표한다. 동 보고서는 한국 정부가 권장하는 유해정보 차단 소프트웨어인 “스마트보안관”의 프라이버시 보호 정도 및 보안성에 대한 독립적인 두 건의 감사 결과를 상세하게 서술하고 있다.

The post 시티즌랩 연구진, 한국의 청소년 유해정보 차단 앱에서 중요한 보안 및 프라이버시 문제점 발견 appeared first on The Citizen Lab.

Feedly:The Citizen Lab. Are the Kids Alright? Digital Risks to Minors from South Korea’s Smart Sheriff Application



from The Citizen Lab

This report describes the results of two independent security audits of Smart Sheriff, one by researchers who collaborated at the 2015 Citizen Lab Summer Institute (held at the Munk School of Global Affairs, University of Toronto), and the other by the auditing firm Cure53. The combined audits identified twenty-six security vulnerabilities in recent versions of Smart Sheriff (versions 1.7.5 and under). These vulnerabilities could be leveraged by a malicious actor to take control of nearly all Smart Sheriff accounts and disrupt service operations.

The post Are the Kids Alright? Digital Risks to Minors from South Korea’s Smart Sheriff Application appeared first on The Citizen Lab.

Friday, September 18, 2015

Feedly:Fortinet Blog. Windows Journal Vulnerability Disclosed Plus A Weekend Bonus



from Fortinet Blog

FortiGuard Labs disclosed a heap overflow vulnerability earlier this week in Windows Journal, a notetaking application developed by Microsoft that is included in Windows XP Tablet PC Edition, Windows Vista, Windows 7, Windows 8, and Windows 10....

Feedly:Errata Security. Some notes on NSA's "vuln equities process"



from Errata Security

Feedly:Malwarebytes Unpacked. Unconventional Malvertising Attack Uses New Tricks



from Malwarebytes Unpacked

Cyber criminals are creative when using their creative, as seen in this malvertising campaign experimenting with new obfuscation tricks.

Categories:

Tags:

(Read more...)

Feedly:Malwarebytes Unpacked. Warning: Tax Credits Refund Phish



from Malwarebytes Unpacked

Tax credit changes are something of a big deal in the UK at the moment, with an expected impact on finances for millions of people. It's particularly cruel, then, to see scammers leap onto the bandwagon with promises of tax credit refunds.

Categories:

Tags:

(Read more...)

Feedly:Darknet - The Darkside. Weevely 3 – Weaponized PHP Web Shell



from Darknet - The Darkside

Feedly:Threats RSS Feed - Symantec Corp.. OSX.Codgost



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:We Live Security » Languages » English. UK’s NCA calls for global approach to cybercrime



from We Live Security » Languages » English

An international effort between security organisations is needed to fight cybercrime, says the UK’s National Crime Agency.

The post UK’s NCA calls for global approach to cybercrime appeared first on We Live Security.

Feedly:We Live Security » Languages » English. The evolution of ransomware: From PC Cyborg to a service for sale



from We Live Security » Languages » English

A look back at how ransomware – a type of malware used mostly for hijacking user data – has evolved from the days of PC Cyborg to today's service for sale.

The post The evolution of ransomware: From PC Cyborg to a service for sale appeared first on We Live Security.

Feedly:Malwarebytes Unpacked. “Your PC Is Infected” Round-up…



from Malwarebytes Unpacked

We take a look at a collection of websites claiming your PC has been infected.

Categories:

Tags:

(Read more...)

Thursday, September 17, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Friday, September 18th 2015 http://ift.tt/1YixVlz, (Fri, Sep 18th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. A new defense for Navy ships: Protection from cyber attacks



from Security News - Software vulnerabilities, data leaks, malware, viruses

For most people, the term "cyber security" calls to mind stories of data theft like the recent hacks of the OPM database, or network spying like the 2012 breach of the Navy-Marine Corps Intranet.

Feedly:Malwarebytes Unpacked. IRISSCON 2015 Presentation: “Bad Ads”



from Malwarebytes Unpacked

Malware Intelligence Analyst Chris Boyd will be giving a presentation on the subject of "Bad Ads" at this year's IRISSCON Security Conference.

Categories:

Tags:

(Read more...)

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Dutch nab hackers setting ransoms to unlock computers



from Security News - Software vulnerabilities, data leaks, malware, viruses

Dutch police revealed Thursday they have arrested two young hackers who infiltrated a type of malware known as "ransomware" to access thousands of computers worldwide, before demanding money to unlock the machines.

Feedly:SANS Internet Storm Center, InfoCON: green. A day in the life of a pentester, or is my job is too sexy for me?, (Thu, Sep 17th)



from SANS Internet Storm Center, InfoCON: green

As a professional penetration tester I often get asked questions like What are the top 10 tools y ...(more)...

Feedly:. AirDrop vulnerability poses threat to iPhone and Mac users



from

Apple users advised to update iOS and Mac OS X as successful exploit requires no user interaction.
Twitter Card Style: 
summary

AirDrop_Concept.jpg

read more

Web Analytics