Saturday, October 31, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. Ransomware & Entropy: Your Turn, (Fri, Oct 30th)



from SANS Internet Storm Center, InfoCON: green

A couple of people expressed interest in the

Feedly:Fortinet Blog. National Cyber Security Awareness Month Ends With Zero Days, Ransomware, and a Bit of Hope



from Fortinet Blog

It’s Friday night, tomorrow is Halloween, Daylight Saving Time ends this weekend, and it’s the end of National Cyber Security Awareness Month. This week has seen big breaches, teenagers arrested for hacking TalkTalk, escalating internatio...

Friday, October 30, 2015

Feedly:Errata Security. Prez: Rick Perry selling his mailing list



from Errata Security

Feedly:Errata Security. Prez: donation numbers



from Errata Security

Feedly:Malwarebytes Unpacked. Recent Flash Zero-Day Now Part of Exploit Kits



from Malwarebytes Unpacked

Exploit kits have added the latest Flash Player exploits to their arsenal.

Categories:

Tags:

(Read more...)

Feedly:Errata Security. Yes, the CNBC moderation was biased



from Errata Security

Feedly:Fortinet Blog. Oracle VirtualBox Remote Display Server DoS Vulnerability Disclosed by FortiGuard Labs



from Fortinet Blog

Overview Oracle VirtualBox is a powerful, freely available Type 2 hypervisor that runs on Windows, Mac, Linux, and Solaris operating systems. It is used in both enterprise and prosumer settings. Although it doesn’t enjoy the enterprise marke...

Feedly:Fortinet Blog. FortiGuard Labs Discloses XSS Vulnerability in MantisBT



from Fortinet Blog

Overview MantisBT is an open source issue tracker with nearly 110,000 downloads so far this year from its SourceForge repository. It is known for its ease of use and rapid collaboration capabilities.   Researchers with FortiGuard Labs have...

Feedly:Fortinet Blog. FortiGuard Labs Discloses Another Shockwave Vulnerability



from Fortinet Blog

Overview Despite a number of recent vulnerabilities discovered in Adobe Shockwave and a general move to other multimedia platforms, Adobe reports that over 450 million Internet-enabled computers have Adobe Shockwave installed.  Shockwave rem...

Feedly:Threats RSS Feed - Symantec Corp.. W32.Waledac.D!gen7



from Threats RSS Feed - Symantec Corp.

Risk Level: Low. Type: Worm.

Feedly:Darknet - The Darkside. DAMM – Differential Analysis of Malware in Memory



from Darknet - The Darkside

Feedly:We Live Security » Languages » English. European Parliament offers support to Edward Snowden



from We Live Security » Languages » English

Edward Snowden has been described as a “international human rights defender” by the European Parliament, which has called on all EU member states to back the whistleblower.

The post European Parliament offers support to Edward Snowden appeared first on We Live Security.

Feedly:SANS Internet Storm Center, InfoCON: green. This Article is Brought to You By the Letter , (Fri, Oct 30th)



from SANS Internet Storm Center, InfoCON: green

Recently, I managed to register the domain name comindex.jp ...(more)...

Feedly:We Live Security » Languages » English. Ransomware: To pay or not to pay?



from We Live Security » Languages » English

The recommendation by the FBI that victims of ransomware pay up to have their files decrypted created a buzz within IT folks of all kind. It’s time to ask: Should paying the ransom really be considered an option?

The post Ransomware: To pay or not to pay? appeared first on We Live Security.

Feedly:We Live Security » Languages » English. Trick or treat? Beware so a ransomware won’t end up between your Halloween sweets



from We Live Security » Languages » English

Ghosts, monsters and the living dead can all send a chill down one's spine. Ransomware, for some people, is just as spooky. This Halloween, we look at why.

The post Trick or treat? Beware so a ransomware won’t end up between your Halloween sweets appeared first on We Live Security.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. UK police arrest 16-year-old over Talk Talk telecoms hack



from Security News - Software vulnerabilities, data leaks, malware, viruses

British police have arrested a 16-year-old boy in London over a cyberattack on telecoms firm Talk Talk.

Feedly:Threats RSS Feed - Symantec Corp.. Exp.CVE-2015-5876



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Virus alerts. October 2015 mobile malware review from Doctor Web



from Virus alerts

October 30, 2015

PRINCIPAL TRENDS IN OCTOBER

  • Detection of a dangerous Trojan targeting iOS devices
  • Detection of yet another malicious program on Google Play
  • New cases of Android firmware being infected with malicious applications
  • Emergence of new banking Trojans

Number of entries for malicious and unwanted software targeting Android OS in Dr.Web virus database

September 2015 October 2015 Dynamics
14,033 15,135 +7.85%

Mobile threat of the month

At the beginning of October, security researchers detected a new Trojan targeting iOS. The program, dubbed IPhoneOS.Trojan.YiSpecter.2, was distributed as a harmless application mainly among users in China. In particular, if the user visited a website with adult content to view some videos, they were prompted to install a special video player that, although it had all the necessary features to play those videos, contained a Trojan. To spread this malicious program, cybercriminals employed a corporate software distribution method that allows iOS devices' owners to get applications from sources other than the App Store—at that, IPhoneOS.Trojan.YiSpecter.2 got installed on all smartphones and tablets regardless of whether they were “jailbroken” or not.

#drweb #drweb #drweb

IPhoneOS.Trojan.YiSpecter.2 has the following features:

  • Sends the command and control server information about the compromised mobile device.
  • Installs additional Trojan modules necessary for its operation.
  • Can uninstall programs or replace them with fake copies upon a command from the command and control server.
  • Can display advertisements on iOS devices.
  • If the user removes the Trojan or one of its components, a malicious module will reinstall them.

Trojans on Google Play

In October, security researchers detected yet another Trojan on Google Play. The Trojan, dubbed as Android.PWS.3, was disguised as an audio player that enabled Vkontakte (“ВКонтакте”) users to listen to audio content. Once launched, Android.PWS.3 prompted the potential victim to log in to their Vkontakte account displaying an appropriate authorization form. Once the user entered their login and password, the Trojan forwarded that information to cybercriminals. Moreover, after a connection to the command and control server was established, the Trojan received a list of Vkontakte groups where it automatically added users of compromised devices promoting the communities.

#drweb #drweb #drweb

Firmware Trojans

Almost every month Doctor Web security researchers register new cases of Android firmware being infected with malicious applications—the second autumn month did not become an exception. This time, several mobile devices had a preinstalled malicious program dubbed Android.Cooee.1. The malware is incorporated in a launching application (Android graphical shell) and contains a number of special modules responsible for showing advertisements. Moreover, the malware can download and run not only additional advertising packages but also other applications, including malicious ones—in particular, Android.DownLoader.225 designed to stealthily download various programs on the compromised device.

If the user removes the launching application containing Android.Cooee.1, next time the device is turned on, the operating system will not load. Therefore, before uninstalling the malicious program, users are recommended to install some other launching application and set it as default.

Banking Trojans

In October, a large number of various banking Trojans continued to target Android devices. One of such Trojans is Android.BankBot.80.origin that was detected at the end of the month and was disguised as an official banking application of a Russian financial organization. Once Android.BankBot.80.origin is installed and run, it prompts the user to grant it administrator privileges. After the consent is given, the malware scans the user's contact list sending all numbers SMS messages that look as follows: Hi! Vote for me http://ift.tt/1NcIrXs (“Привет, проголосуй за меня http://ift.tt/1NcIrXs”). The link from such a message leads to a fraudulent website supposedly related to some photo contest. From this website, a modification of the Trojan detected by Dr.Web as Android.SmsBot.472.origin gets downloaded to the victim's device. Moreover, the website offers owners of smartphones and tablets to install a special program for voting which is, in fact, another version of Android.BankBot.80.origin.

#drweb #drweb

The Trojan's features are as follows:

  • Is disguised as legitimate software, for example, as an official online banking application or a voting program.
  • Constantly asks the user to grant it administrator privileges displaying an appropriate prompt that prevents the victim from operating the device in a usual way.
  • Sends all user's contacts SMS messages with a link to a fraudulent website from which a modification of the Trojan gets downloaded to the victim's device.
  • Can steal money from mobile accounts, bank accounts, and payment system accounts.
  • Enables call forwarding to a specified number preventing the user from receiving incoming calls.

For more information about Android.BankBot.80.origin, refer to the news article published on our website.

The number of entries for banking Trojans of the Android.BankBot family in Dr.Web virus database:

September 2015 October 2015 Dynamics
142 148 +4.2%

The number of entries for multicomponent Trojans of the Android.SmsSend family in Dr.Web virus database:

September 2015 October 2015 Dynamics
520 550 +5.8%

Feedly:Virus alerts. October 2015 virus activity review from Doctor Web



from Virus alerts

October 30, 2015

October proved to be a quiet month in terms of information security events. However, over the course of the second autumn month, a number of popular Internet resources still fell victim to attacks of cybercriminals—the hacked websites were used to distribute a dangerous program disguised as an anti-virus utility created by a well-known developer. Moreover, October witnessed emergence of new Trojans for Android and iOS—in particular, Android.BankBot.80.origin that was spread as an official online banking application of a Russian financial organization and IPhoneOS.Trojan.YiSpecter.2 designed to display advertisements and stealthily download other programs to compromised devices.

PRINCIPAL TRENDS IN OCTOBER

  • A number of websites got hacked by cybercriminals to distribute malware
  • Emergence of a new Trojan designed to perform web injections
  • Distribution of new malicious programs for Android

Threat of the month

In the middle of October, Doctor Web security researchers registered several cases of websites being hacked by cybercriminals. Among those resources was a webpage dedicated to one popular Russian TV series. If the user opened the link to the website from Google search results, and if certain conditions were met, a new tab with a webpage opened in the browser window. A special malicious script incorporated into that webpage by cybercriminals prevented the user from closing it. If the victim pressed any key or clicked anywhere in the window, an annoying dialog was displayed prompting the victim to install a browser extension supposedly created by an anti-virus developer.

screen Trojan.BPLug.1041 #drweb

The extension detected by Dr.Web as Trojan.BPLug.1041 serves the purpose of injecting arbitrary content into webpages browsed by the user. Moreover, on all websites, the malicious program blocks third-party advertisements from any domains, except for those listed in the configuration file. If the user logs in to the Odnoklassniki (“Одноклассники”) social networking website, Trojan.BPLug.1041 will try to provide a certain application with access to the API of this website on behalf of the user. As a result, the victim's data can be used to promote groups, send spam messages, and influence some poll results. For more information regarding this malicious program, refer to the news article published by Doctor Web.

According to the statistics gathered by Dr.Web CureIt!

По данным статистики лечащей утилиты Dr.Web CureIt! #drweb

  • Trojan.Siggen6.33552

    A malicious program designed to install other dangerous software on the infected computer.
  • Trojan.Crossrider1.42770

    A Trojan designed to display various advertisements to Internet users.
  • Trojan.DownLoad3.35967

    A Trojan that can download other malicious programs from the Internet and install them on the infected computer.
  • Trojan.LoadMoney

    A family of downloader programs generated by servers belonging to the LoadMoney affiliate program. These applications download and install unwanted software on the victim's computer.

According to Doctor Web statistics servers

По данным серверов статистики «Доктор Веб» #drweb

  • Trojan.InstallCube

    A family of downloader programs designed to install unwanted and useless applications on the user’s computer.
  • Trojan.Siggen6.33552

    A malicious program designed to install other dangerous software on the infected computer.
  • Trojan.DownLoad3.35967

    A Trojan that can download other malicious programs from the Internet and install them on the infected computer.
  • Trojan.LoadMoney

    A family of downloader programs generated by servers belonging to the LoadMoney affiliate program. These applications download and install unwanted software on the victim's computer.

Statistics concerning malicious programs discovered in email traffic

Статистика вредоносных программ в почтовом трафике #drweb

  • Trojan.Encoder.567

    A malicious program belonging to the family of encryption ransomware Trojans that encrypt files and demand a ransom for decryption of compromised data. This program can encrypt important user files, for example, of the following types: .jpg, .jpeg, .doc, .docx, .xls, xlsx, .dbf, .1cd, .psd, .dwg, .xml, .zip, .rar, .db3, .pdf, .rtf, .7z, .kwm, .arj, .xlsm, .key, .cer, .accdb, .odt, .ppt, .mdb, .dt, .gsf, .ppsx, .pptx.
  • Trojan.PWS.Stealer

    A family of Trojans designed to steal passwords and other confidential information stored on the infected computer.
  • Trojan.DownLoader15.52331

    A Trojan that can download other malicious programs from the Internet and install them on the infected computer.

Botnets

Doctor Web security researchers continue to monitor botnets created by cybercriminals using the Win32.Rmnet.12 file infector. The average daily activity of these botnets is shown in the following graphs:

#drweb

#drweb

Rmnet is a family of viruses spread without any user intervention. They can embed content into loaded webpages (this theoretically allows cybercriminals to get access to the victim's bank account information), steal cookies and passwords stored by popular FTP clients, and execute other commands issued by cybercriminals.

The botnet consisting of computers infected with Win32.Sector is also still active. Its average daily activity can be seen in the following picture:

#drweb

The malware can perform the following actions:

  • Download various executable files via P2P networks and run them on infected machines.
  • Inject its code into running processes.
  • Prevent some anti-viruses from operating and block access to the websites of their respective developers.
  • Infect files on local disks, removable media (where the malware creates the autorun.inf file during the infection process), and in shared folders.

In October, cybercriminals controlling the Linux.BackDoor.Gates.5 botnet became considerably less active—in comparison with the previous month, the number of attacked IP addresses decreased by 33.29 per cent and was estimated 5,051. As before, most targets of the attacks were located in China, while the second and the third places were taken by France and the United States respectively.

#drweb

Encryption ransomware

The number of requests for decryption received by Doctor Web technical support service

September 2015 October 2015 Dynamics
1,310 1,471 +12.29%

The most common ransomware program in October 2015 was Trojan.Encoder.567.

Dr.Web Security Space 11.0 for Windows
protects against encryption ransomware

This feature is not available in Dr.Web Anti-virus for Windows

Data Loss Prevention
Превентивная защита Защита данных от потери

More information

Dangerous websites

During October 2015, 264,970 URLs of non-recommended websites were added to Dr.Web database.

September 2015 October 2015 Dynamics
+399,227 +264,970 -33.6%

Online stores selling some strange items or goods of questionable quality can be usually found among Internet resources added by Doctor Web analysts to the database of non-recommended websites over the course of a month. From time to time such websites become main “heroes” of news articles issued by our company, as resourceful fraudsters never cease to amaze security researchers constantly coming up with various mind-blowing ideas for new products. Read about threads protecting from evil eye, lip enhancers, and other “magical” goods sold in online stores in the news article published by Doctor Web.

Non-recommended websites

Malicious and unwanted programs for mobile devices

In October, cybercriminals continued to target mobile devices' users. In particular, at the beginning of the month, security researchers detected a new Trojan for iOS—at that, this malicious program could be installed on smartphones and tablets with or even without “jailbreak”. Moreover, yet another Trojan managed to bypass Google protection mechanisms and get into Google Play. In the middle of the month, Doctor Web specialists registered a new case of Android firmware being infected with a malicious application and, some time later, detected a new banking Trojan designed to steal money from owners of smartphones and tablets.

Among the most noticeable events related to mobile malware we can mention

  • Detection of a dangerous Trojan targeting iOS devices
  • Detection of yet another malicious program on Google Play
  • New case of Android firmware being infected with a malicious application
  • Distribution of new banking Trojans for Android

Learn more with Dr.Web

Virus statistics Virus descriptions Virus monthly reviews Laboratory-live

Thursday, October 29, 2015

Feedly:We Live Security » Languages » English. Using DroidJack to spy on an Android? Expect a visit from the police



from We Live Security » Languages » English

Law enforcement agencies across Europe have searched homes this week, as part of an international crackdown against users of a notorious piece of Android malware known as DroidJack.

The post Using DroidJack to spy on an Android? Expect a visit from the police appeared first on We Live Security.

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Friday, October 30th 2015 http://ift.tt/1kXn8Ok, (Fri, Oct 30th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:Threats RSS Feed - Symantec Corp.. Infostealer.Banload



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Threats RSS Feed - Symantec Corp.. Infostealer.Banload!g1



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Fortinet Blog. Collaborating on Threat Research: What We Learned from the Cyber Threat Alliance CryptoWall v3 Research Project



from Fortinet Blog

There is a greater mission on the part of every security vendor to make the world safer and more secure for people to interact, do business, and communicate ideas.    Today is a big day for us. Today the Cyber Threat Alliance, founded May...

Feedly:The Citizen Lab. EngageMedia and partners organize RightsCon Southeast Asia



from The Citizen Lab

Citizen Lab Cyber Stewards Network partner EngageMedia partnered with Access and the Foundation for Media Alternatives (FMA) to organize RightsCon Southeast Asia from March 24-25, 2015. The conference, held in Manila, brought together over 600 participants from the region and across the world.

The post EngageMedia and partners organize RightsCon Southeast Asia appeared first on The Citizen Lab.

Feedly:The Citizen Lab. EngageMedia co-hosted event on Thai Internet legislation



from The Citizen Lab

Citizen Lab Cyber Stewards Network partner EngageMedia co-hosted a public forum in Bangkok on October 17, together with the Foundation for Internet and Civic Culture, discussing the pending Internet laws in Thailand.

The post EngageMedia co-hosted event on Thai Internet legislation appeared first on The Citizen Lab.

Feedly:Fortinet Blog. Why the Cyber Threat Alliance And Their CryptoWall V3 Report Matter To You



from Fortinet Blog

Not long ago, ransomware was a problem for consumers. Early versions hit unsuspecting users as early as 2005 but, while alarming, weren’t especially difficult to defeat. Even 10 years ago, the enterprise was a very different place than it is to...

Feedly:The Citizen Lab. Citizen Lab and Cyber Stewards Network at the 2015 Internet Governance Forum (IGF)



from The Citizen Lab

November 9-13 - João Pessoa, Brazil

The post Citizen Lab and Cyber Stewards Network at the 2015 Internet Governance Forum (IGF) appeared first on The Citizen Lab.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. US court allows last month of phone spying program



from Security News - Software vulnerabilities, data leaks, malware, viruses

An appeals court Thursday upheld the US government's systematic surveillance of American telephone calls for the duration of a Congress-approved transition period that expires next month.

Feedly:Malwarebytes Unpacked. Advertising brokers; background information



from Malwarebytes Unpacked

Provides background information about advertisement brokers, the men and women that are in the middle of web advertising between sites and advertisers.

Categories:

Tags:

(Read more...)

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. German police stage raids against malware users



from Security News - Software vulnerabilities, data leaks, malware, viruses

German police have searched the homes of 13 people as part of an international swoop on users of the mobile phone malware DroidJack, authorities said Thursday.

Feedly:We Live Security » Languages » English. 11-year-old sets up cryptographically secure password business



from We Live Security » Languages » English

An 11-year-old girl from New York has set up her own business selling cryptographically secure passwords, using a technique known as diceware.

The post 11-year-old sets up cryptographically secure password business appeared first on We Live Security.

Feedly:We Live Security » Languages » English. The Internet of Things: Groundbreaking tech with security risks



from We Live Security » Languages » English

The Internet of Things (IoT) is the latest buzzword taking hold of the technology industry, but what does it mean exactly and how does it impact citizens and businesses? We take a closer look.

The post The Internet of Things: Groundbreaking tech with security risks appeared first on We Live Security.

Feedly:SANS Internet Storm Center, InfoCON: green. USB cleaning device for the masses, (Thu, Oct 29th)



from SANS Internet Storm Center, InfoCON: green

For so long, USB keys have been a nice out-of-bandinfection vector. People like goodies and peopl ...(more)...

Feedly:Fortinet Blog. Threat Intelligence Sharing At Work: Cyber Threat Alliance Tracks CryptoWall Version 3



from Fortinet Blog

CryptoWall and its variants are among the best-known types of ransomware, malware that encrypts files on end user hard drives and then prompts for payment of a ransom to decrypt the files. In many cases, if users don’t have recent backups, thei...

Feedly:We Live Security » Languages » English. The great car hacking debate



from We Live Security » Languages » English

Can cars be hacked remotely or is the idea of remotely hackable cars still only a hypothetical threat? Evidence is presented to help answer this question.

The post The great car hacking debate appeared first on We Live Security.

Feedly:Malwarebytes Unpacked. Imitation Putlocker Site Unlocks Path to PUP



from Malwarebytes Unpacked

Several popular sites are mimicked so that their duplicates can be used to lure unwary users. We've seen one for a known online video streaming site, and it prompts a Java update.

Categories:

Tags:

(Read more...)

Feedly:Malware don't need Coffee. CVE-2015-7645 (?) (Flash up to 19.0.0.207) and Exploit Kits



from Malware don't need Coffee

Wednesday, October 28, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Thursday, October 29th 2015 http://ift.tt/1NC0WD1, (Thu, Oct 29th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:Errata Security. OMG, the machines are breeding! Mankind is doomed! DOOMED!!!



from Errata Security

Feedly:Malwarebytes Unpacked. Leaving Laptops in Hotel Rooms: A Bad Idea



from Malwarebytes Unpacked

Do you keep the security of your devices in mind while out and about? Be aware of the risks, and behold a rare example of the so-called "Evil Maid" attack...

Categories:

Tags:

(Read more...)

Feedly:Lenny Zeltser. You Say Goodbye and I Say Hello: Face Recognition and Locking Your System



from Lenny Zeltser

windows-face-makling-sure-its-youPrivacy concerns aside, logging into personal devices and computers using biometrics is convenient and sufficiently secure for most people. However, if you’ve configured your system to unlock itself using facial recognition, you should be careful when locking the PC and stepping away from it. For instance, consider Windows Hello, which is the name bestowed upon the biometric authentication feature...

Read more

Feedly:Darknet - The Darkside. FBI Recommends Crypto Ransomware Victims Just Pay



from Darknet - The Darkside

Feedly:TaoSecurity. A Different Spin on the Air War Against IS



from TaoSecurity

Feedly:Threats RSS Feed - Symantec Corp.. Linux.HDRoot



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Researchers find vulnerabilities in use of certificates for Web security



from Security News - Software vulnerabilities, data leaks, malware, viruses

Consumers use the Internet for banking, emailing, shopping and much more nowadays. With so much personal and private information being transmitted over the Web, Internet users must be able to rely on and trust the sites they are accessing. For security purposes, websites use certificates to establish encrypted communications. When a site becomes compromised, its certificate should be revoked.

Feedly:We Live Security » Languages » English. ENISA to invest in emerging smart critical infrastructure security



from We Live Security » Languages » English

Enhancing security in emerging smart critical infrastructures will be a key focus areas for the European Union Agency for Network and Information Security in 2016.

The post ENISA to invest in emerging smart critical infrastructure security appeared first on We Live Security.

Feedly:Threat Research. Macros Galore



from Threat Research

Feedly:SANS Internet Storm Center, InfoCON: green. Victim of its own success and (ab)used by malwares, (Wed, Oct 28th)



from SANS Internet Storm Center, InfoCON: green

This morning, I faced an interesting case. We were notified that one of our computers was doing p ...(more)...

Feedly:We Live Security » Languages » English. The internet started with the transfer of two letters: Today it’s changing millions of lives



from We Live Security » Languages » English

Exactly 46 years ago today, on October 29th, 1969, the first bits of data were transmitted over a long distance between two computers … and the internet was born. International Internet Day present a great opportunity to remember how this global venture and its security have evolved.

The post The internet started with the transfer of two letters: Today it’s changing millions of lives appeared first on We Live Security.

Feedly:Securelist - Information about Viruses, Hackers and Spam. 0xHACKED: Brown University Accounts Distributing Phishing Emails



from Securelist - Information about Viruses, Hackers and Spam

Suspected spear phishing campaign attempting to steal users’ credentials by sending phishing emails masquerading as Google recovery.

Feedly:. MySQL servers hijacked with malware to perform DDoS attacks



from

Attackers are compromising MySQL servers with the Chikdos malware to force them to conduct DDoS attacks against other targets.
Twitter Card Style: 
summary

Zero-dayNew09_0.jpg

Contributor: Ayush Anand

read more

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Survey finds executive cybersecurity decisions are evolving from compliance to proactive cyber-risk management



from Security News - Software vulnerabilities, data leaks, malware, viruses

A new research study from SMU's Darwin Deason Institute for Cyber Security finds that executives are changing the way they manage and invest in cybersecurity, moving away from limited, reactive approaches and adopting systemic risk management frameworks that combine hardware, software and operations protocols to mitigate cyber risk.

Tuesday, October 27, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Wednesday, October 28th 2015 http://ift.tt/1ifnuxQ, (Wed, Oct 28th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:SANS Internet Storm Center, InfoCON: green. Adobe Releases Surprise Shockwave Player Patch, (Wed, Oct 28th)



from SANS Internet Storm Center, InfoCON: green

Adobe today released a surprise patch for Shockwave [1]. The patch fixes one vulnerability,CVE-20 ...(more)...

Feedly:Threat Research. Shim Shady: Live Investigations of the Application Compatibility Cache



from Threat Research

Feedly:SANS Internet Storm Center, InfoCON: green. We set up a simple test page to see how browsers deal with mixed language IDNs. Try it out: http://www.example.comノindex.jp . Test yours., (Tue, Oct 27th)



from SANS Internet Storm Center, InfoCON: green

---
Johannes B. Ullrich, Ph ...(more)...

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Cybersecurity: Senate poised to pass bill to push sharing



from Security News - Software vulnerabilities, data leaks, malware, viruses

The Senate is poised to pass a bill intended to improve cybersecurity by encouraging the sharing of threat information among companies and the U.S. government.

Feedly:Malwarebytes Unpacked. A Vintage Year for Free Wine Spam



from Malwarebytes Unpacked

Free wine? Free wine. That’s the claim currently bouncing around Facebook, at any rate. As with all things Internet, it requires a little digging around to get to the truth – and for wine lovers, that truth might be a little too sour to stomach. The current target of scammer’s affections is a well known […]

Categories:

Tags:

(Read more...)

Feedly:Malwarebytes Unpacked. What’s Patch Tuesday?



from Malwarebytes Unpacked

While the monthly Patch Tuesday has served as a reliable security fix for years, cyber criminals are finding ways to penetrate the system, exploiting vulnerabilities in a matter of days, if not hours.

Categories:

Tags:

(Read more...)

Feedly:We Live Security » Languages » English. TalkTalk cyberattack: The story so far



from We Live Security » Languages » English

The TalkTalk cyberattack has attracted a lot of media attention since it was first reported that a serious incident had taken place. We cut through the noise and offer a concise summary of what has transpired.

The post TalkTalk cyberattack: The story so far appeared first on We Live Security.

Feedly:We Live Security » Languages » English. 5 top tips on buying online in a safe and secure way



from We Live Security » Languages » English

The world wide web has made shopping an altogether more pleasant, cost-effective and user-friendly experience. However, buying online has its risks. Here are five top tips to stay safe and secure.

The post 5 top tips on buying online in a safe and secure way appeared first on We Live Security.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. CIA director says hack of his email epitomizes cyber threat



from Security News - Software vulnerabilities, data leaks, malware, viruses

CIA Director John Brennan says the hack of his personal email account underscores that everyone is vulnerable to the compromise of personal information on the Internet.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Cyberattacks can be time bombs that may tick a while before being triggered



from Security News - Software vulnerabilities, data leaks, malware, viruses

Cyberattacks such as that recently suffered by telecoms firm TalkTalk can result in hair-raisingly large losses: TalkTalk may have lost the details of 4m customers, while in just the last few months Carphone Warehouse lost 2m, Experian lost 15m T-Mobile customers' details, and dating website Ashley Madison lost 32m users' details. The impression is that all this data is a danger to us in the wrong hands, but where does it end up, how is it used, and by whom?

Feedly:TrendLabs Security Intelligence Blog. 2016 Predictions: The Fine Line Between Business and Personal



from TrendLabs Security Intelligence Blog

Like any other year, 2015 had its mix of ups and downs in the world of security. A fine line exists between the threats that we face and the solutions we have at our disposal; any slip-up on the part of defenders can make an existing problem that much worse. The coming year will not...

Feedly:SANS Internet Storm Center, InfoCON: green. The "Yes, but..." syndrome, (Tue, Oct 27th)



from SANS Internet Storm Center, InfoCON: green

This weekend, I worked on a pentest report that was already pending for a while. Im honest: Im la ...(more)...

Monday, October 26, 2015

Feedly:Darknet - The Darkside. Infernal Twin – Automatic Wifi Hacking Tool



from Darknet - The Darkside

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Tuesday, October 27th 2015 http://ift.tt/207PjKQ, (Tue, Oct 27th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. US trial convicts trio of high-tech exports to Russia



from Security News - Software vulnerabilities, data leaks, malware, viruses

A US federal judge convicted two men and a woman in New York on Monday of illegally exporting high-tech electronics from Texas to Russian military and spy agencies.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. 15-year-old arrested over British cyber attack



from Security News - Software vulnerabilities, data leaks, malware, viruses

Police arrested a 15-year-old boy over a cyber attack on telephone and internet provider TalkTalk, feared to have breached the data of millions of Britons, Scotland Yard said on Monday.

Feedly:SANS Internet Storm Center, InfoCON: green. Typo Squatting Charities for Fake Tech Support Schemes, (Mon, Oct 26th)



from SANS Internet Storm Center, InfoCON: green

Joe wrote this weekend that:

A customer called me yesterday to make me aw ...(more)...

Feedly:TrendLabs Security Intelligence Blog. Pornographic-themed Malware Hits Android Users in China, Taiwan, Japan



from TrendLabs Security Intelligence Blog

Sex sells, and nowhere is that more true than the Chinese mobile landscape. Porn-themed malware has been hitting Android users in China, Japan, and Taiwan in recent weeks. These malicious apps are distributed via SEO-optimized fake websites, with keywords targeting hot scandals and affairs used. These sites pretend to be porn video websites, and all lead to various malicious apps being downloaded.

Feedly:Malwarebytes Unpacked. The Art of Data Wiping on Mobile Devices



from Malwarebytes Unpacked

Electronics sellers, especially of handheld computing devices, must exercise vigilance in removing their personal files before putting them in the online market. We can show you how.

Categories:

Tags:

(Read more...)

Feedly:Malwarebytes Unpacked. Is Mac malware on the rise?



from Malwarebytes Unpacked

There's five times more malware for OS X in 2015 than during the previous five years combined. Their findings are interesting, but are not well understood by many Mac users. Some have reacted with disbelief, others with great fear for this dangerous new future.

Categories:

Tags:

(Read more...)

Feedly:Fortinet Blog. Even IT Heroes Need Cyber Threat Assessment Help



from Fortinet Blog

Fall is here, and with it crisp weather, warm spice-flavored drinks and the annual EDUCAUSE Conference. This conference brings together the best thinkers and doers in higher education and consistently delivers engaging, innovative content. It’s...

Feedly:We Live Security » Languages » English. Walgreens ‘halts’ Theranos partnership following WSJ technology expose



from We Live Security » Languages » English

The fallout from a Wall Street Journal technology expose that claims Theranos has been less than transparent over its blood tests continues with Walgreens putting its partnership with the company “up for discussion”.

The post Walgreens ‘halts’ Theranos partnership following WSJ technology expose appeared first on We Live Security.

Feedly:. Duuzer back door Trojan targets South Korea to take over computers



from

Backdoor.Duuzer targets South Korean organizations to gain full control of computers. The threat is linked to W32.Brambul and Backdoor.Joanap, which have also been affecting the region.
Twitter Card Style: 
summary

south-korean-header.jpg

read more

Sunday, October 25, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Monday, October 26th 2015 http://ift.tt/1H3DJVe, (Mon, Oct 26th)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Talk Talk says cyberattack data theft not as bad as feared



from Security News - Software vulnerabilities, data leaks, malware, viruses

British telecoms company Talk Talk says a cyberattack feared to have put 4 million customers' details at risk is not as bad as initially thought.

Friday, October 23, 2015

Feedly:Errata Security. Dumb, dumber, and cybersecurity



from Errata Security

Feedly:Errata Security. Ethics of killing Hitler



from Errata Security

Feedly:Fortinet Blog. Responsible Disclosure and IoT



from Fortinet Blog

Fortinet, like most members of the security community, understands that we’re entering uncharted territory as the Internet of Things becomes a mainstream phenomenon. To that end, Fortinet invests significant resources into threat intelligence a...

Feedly:Malwarebytes Unpacked. Am I Being Phished?



from Malwarebytes Unpacked

Phishing attacks are a common occurrence in our modern era of connectivity, and cyber criminals know that the best way to get around technical protections is to exploit the user.

Categories:

Tags:

(Read more...)

Feedly:Darknet - The Darkside. WP Security Audit Log – A Complete Audit Log Plugin For WordPress



from Darknet - The Darkside

Feedly:SANS Internet Storm Center, InfoCON: green. Botnets spreading Dridex still active, (Fri, Oct 23rd)



from SANS Internet Storm Center, InfoCON: green

Introduction

In early September 2015, we started seeing repor ...(more)...

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Russia 'tried to hack MH17 inquiry system'



from Security News - Software vulnerabilities, data leaks, malware, viruses

Russian spies likely tried to hack into the Dutch Safety Board's computer systems to access a sensitive final report into the shooting down of flight MH17 over Ukraine, experts said Friday.

Feedly:SANS Internet Storm Center, InfoCON: green. OS X 10.11.1 (El Capitan) File System Deep Directory Buffer Overflow, (Fri, Oct 23rd)



from SANS Internet Storm Center, InfoCON: green

Maksymilian Arciemowicz of CXSECURITY released an advisory showing an unpatched buffer overflow i ...(more)...

Feedly:We Live Security » Languages » English. Police force blames hacker after #CyberAware tweet sent out containing bogus security advice



from We Live Security » Languages » English

Organisations of all sizes need to do more to protect their social media accounts from being hijacked.

The post Police force blames hacker after #CyberAware tweet sent out containing bogus security advice appeared first on We Live Security.

Feedly:Malwarebytes Unpacked. Furor Over IoT Dangers Could Fuel Innovative Security Measures



from Malwarebytes Unpacked

Privacy and safety concerns associated with the billions of connected devices known as the Internet of Things could prompt some innovative approaches to data protection, attack prevention and antifraud measures.

Categories:

Tags:

(Read more...)

Feedly:Malwarebytes Unpacked. Bizarre Essex Police #cyberaware Tweet Mystery



from Malwarebytes Unpacked

The official Essex Police Twitter feed experienced some weirdness earlier today...

Categories:

Tags:

(Read more...)

Feedly:We Live Security » Languages » English. TalkTalk ‘receives ransom’ for cyberattack



from We Live Security » Languages » English

TalkTalk’s chief executive has confirmed that she has received a ransom from an individual or group claiming responsibility for the cyberattack.

The post TalkTalk ‘receives ransom’ for cyberattack appeared first on We Live Security.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Britain runs the risk that Chinese state-owned nuclear firms have more in mind than just business



from Security News - Software vulnerabilities, data leaks, malware, viruses

Chinese president Xi Jinping will return to Beijing with good reason to think his first trip to the UK was a roaring success. Feted by a UK government more concerned with cash than with China's domestic human rights record, Xi will arrive home with a keen overseas partner and a fistful of contracts.

Feedly:Securelist - Information about Viruses, Hackers and Spam. On the trail of Stagefright 2



from Securelist - Information about Viruses, Hackers and Spam

In early October, it was announced that a critical vulnerability had been found in the libutils library. Although exploits for newly discovered vulnerabilities take a while to appear 'in the wild', we believe we should be prepared to detect them even if there have been no reports, as yet, of any such exploits being found. Because of this, we decided to do the research and generate a PoC file on our own.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Research studies cyberattacks through the lens of EEG and eye tracking



from Security News - Software vulnerabilities, data leaks, malware, viruses

University of Alabama at Birmingham researchers have conducted a study that provides new insights on users' susceptibility to, and capability to detect, cyber-criminal attacks such as malware and phishing attacks.

Feedly:Threats RSS Feed - Symantec Corp.. W32.Belvira



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Worm.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Benefits and risks of the 'Internet of Things'



from Security News - Software vulnerabilities, data leaks, malware, viruses

Technology publications call 2015 "the year of the car hack."

Feedly:We Live Security » Languages » English. TalkTalk experiences ‘significant and sustained cyberattack’



from We Live Security » Languages » English

It has been revealed that TalkTalk has been subject to a “significant and sustained cyberattack”, with criminals likely to have accessed personal and banking details belonging to its customers.

The post TalkTalk experiences ‘significant and sustained cyberattack’ appeared first on We Live Security.

Thursday, October 22, 2015

Feedly:SANS Internet Storm Center, InfoCON: green. ISC StormCast for Friday, October 23rd 2015 http://ift.tt/1LQho3b, (Fri, Oct 23rd)



from SANS Internet Storm Center, InfoCON: green

...(more)...

Feedly:Threats RSS Feed - Symantec Corp.. Trojan.Plugfakeav



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Heur.C!g1



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Heur.C!g2



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Heur.C!g3



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Heur.C!g8



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Heur.C!g4



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Carberp!gen1



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Limitail!gen2



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.MalTraffic!gen3



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Breut!gen2



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Limitail!gen3



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.PUA!Traffic



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.PUA!DNSUnlock



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.Ransomlock.G!g1



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.SillyFDC!gen1



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.SillyFDC!gen3



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Threats RSS Feed - Symantec Corp.. SONAR.TCP!gen1



from Threats RSS Feed - Symantec Corp.

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Feedly:Malwarebytes Unpacked. Beware of DOC! A look on malicious macros



from Malwarebytes Unpacked

In this post we will reveal the true mission of a DOC file delivered in a spam.

Categories:

Tags:

(Read more...)

Feedly:TrendLabs Security Intelligence Blog. Pawn Storm Targets MH17 Investigation Team



from TrendLabs Security Intelligence Blog

Pawn Storm has a long history of targeting government agencies and private organizations to steal sensitive information. Our most recent findings show that they targeted the international investigation team of the MH17 plane crash from different sides. The Dutch Safety Board (known as Onderzoeksraad) became a target of the cyber-espionage group before and after the safety...

Feedly:Fortinet Blog. Fortinet Fitbit Threat Research Statement



from Fortinet Blog

The Internet of Things and proliferation of wireless devices is creating opportunities for threat actors to employ new attack strategies. Fortinet’s threat researchers proactively work to discover new vulnerabilities and properly communicate fi...

Feedly:Errata Security. Car hacking is as fake as the moonlanding



from Errata Security

Feedly:Malwarebytes Unpacked. This isn’t the Java I ordered!



from Malwarebytes Unpacked

Probably triggered by the critical patch update that was released by Oracle there are some sites that use this opportunity to lure users with Java prompt lookalikes or bundled installers

Categories:

Tags:

(Read more...)

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Cybersecurity: US Senate takes first step to bill's passage



from Security News - Software vulnerabilities, data leaks, malware, viruses

The Senate has taken an initial step toward passing a bill aimed at improving cybersecurity. The bill is intended to encourage the sharing of threat information among companies and the U.S. government.

Feedly:Security News - Software vulnerabilities, data leaks, malware, viruses. Popular US prepaid debit card hit by days-long glitch



from Security News - Software vulnerabilities, data leaks, malware, viruses

A prepaid debit card founded by hip hop pioneer Russell Simmons and popular with poor Americans has experienced days-long problems that has left many low-income customers in the lurch.

Feedly:Malwarebytes Unpacked. Steer Clear of this Apple Invoice Phish



from Malwarebytes Unpacked

A fake Apple Store email claims you bought something, but they're happy to process a refund if you didn't authorise the purchase. What could possibly go wrong...

Categories:

Tags:

(Read more...)

Web Analytics