Viry a Červi

Man turns shed into top rated restaurant on TripAdvisor

Sophos Naked Security - 7 Prosinec, 2017 - 19:12
...without ever serving food from it.

Mr. Robot eps3.8_stage3.torrent – the security review

Sophos Naked Security - 7 Prosinec, 2017 - 18:53
We're looking at the security concepts in this week's Mr Robot

NiceHash cryptomining exchange hacked; everything’s gone

Sophos Naked Security - 7 Prosinec, 2017 - 18:32
Reports say that the Bitcoin was worth $58m at the time. As of Thursday morning, the value had soared to $80m.

HMS <i>Queen Lizzie</i> formally joins the Royal Navy

The Register - Anti-Virus - 7 Prosinec, 2017 - 16:33
At least one part of the 'Year of the Navy' went to plan

Britain’s biggest ever aircraft carrier, HMS Queen Elizabeth, has been formally commissioned into the Royal Navy, with Her Majesty attending the ceremony in person.…

Kategorie: Viry a Červi

US gov says it can break your encryption without a court order

Sophos Naked Security - 7 Prosinec, 2017 - 15:52
The encryption battle between the FBI and Apple is all octopus ink, if you go by what the government says

Meow! Facial recognition reaches pet doors

Sophos Naked Security - 7 Prosinec, 2017 - 12:59
It takes mere seconds to recognize a cat, thereby avoiding confused pets. Microsoft, who built it, didn't address pre-confused pets or hacker squirrels.

Toucan play that game: Talking toy bird hacked

The Register - Anti-Virus - 7 Prosinec, 2017 - 12:57
Parroting Cayla... if she were a bit more sweary

The same researchers whose hack on the My Friend Cayla doll prompted regulatory action have followed up with a hack on a talking toy robot bird.…

Kategorie: Viry a Červi

VB2017 paper: Modern reconnaissance phase on APT – protection layer

Virus Bulletin News - 7 Prosinec, 2017 - 11:46
During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid, two of those researchers, Paul Rascagneres and Warren Mercer, presented a paper detailing five case studies that demonstrate how the infection vector is evolving. Today we publish both Paul and Warren's paper and the recording of their presentation.

Read more
Kategorie: Viry a Červi

VB2017 paper: Modern reconnaissance phase on APT – protection layer

Virus Bulletin News - 7 Prosinec, 2017 - 11:46
During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid, two of those researchers, Paul Rascagneres and Warren Mercer, presented a paper detailing five case studies that demonstrate how the infection vector is evolving. Today we publish both Paul and Warren's paper and the recording of their presentation.

Read more
Kategorie: Viry a Červi

NiceHash diced up by hackers, thousands of Bitcoin pilfered

The Register - Anti-Virus - 7 Prosinec, 2017 - 00:03
Mining outfit says its entire wallet gone, estimated $62m

Cryptocurrency mining market NiceHash says it has fallen victim to a hacking attack that may have resulted in the loss of its entire Bitcoin wallet.…

Kategorie: Viry a Červi

Google Patches Critical Encryption Bug Impacting Pixel, Nexus Phones - 6 Prosinec, 2017 - 20:48
As part of its December Android and Pixel/Nexus security updates, Google has issued patches addressing a bevy of flaws, 11 of which are rated critical.
Kategorie: Viry a Červi

Net Neutrality comments “deeply corrupted” – NY Attorney General

Sophos Naked Security - 6 Prosinec, 2017 - 19:36
Eric Schneiderman called for the postponement, declaring that the public comment process in advance of the vote.

Questions linger as data breach trading site LeakBase disappears

Sophos Naked Security - 6 Prosinec, 2017 - 17:32
On 2 December LeakBase started redirecting to Troy Hunt’s campaigning breach site Have I Been Pwned? (HIBP), but why?

Intel Management Engine pwned by buffer overflow

The Register - Anti-Virus - 6 Prosinec, 2017 - 17:30
Security researchers lift lid on snafu at Black Hat Europe

On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.…

Kategorie: Viry a Červi

Former US State Department cyber man: We didn’t see the Russian threat coming

The Register - Anti-Virus - 6 Prosinec, 2017 - 16:35
Cyber no longer domain of techies, says ex-diplomat

Black Hat  Cyber threats have evolved from been a solely technical issues to core issues of government policy, according to a senior US lawyer and former cyber diplomat.…

Kategorie: Viry a Červi

Hacker who tried to free inmate early may soon join him in jail

Sophos Naked Security - 6 Prosinec, 2017 - 15:53
He used a mix of phishing, typosquatting and social engineering to weasel his way into the county network.

Cayla doll too eavesdroppy to put under the Christmas tree, says France

Sophos Naked Security - 6 Prosinec, 2017 - 14:20
That Bluetooth Cayla doll and i-Que surveillance robot can be taken over by any creep within 9 meters who wants to talk to your kid.

Google and pals rush to repair Android dev tools, block backdoor risks

The Register - Anti-Virus - 6 Prosinec, 2017 - 12:32
Involves big hitter Android Studio, APKTool and more

Security researchers have found several flaws in the developer tools and environments used by Android programmers.…

Kategorie: Viry a Červi

Cybercriminals vs financial institutions in 2018: what to expect

Kaspersky Securelist - 6 Prosinec, 2017 - 10:00

ul li {margin-bottom:2.4rem;} Introduction – key events in 2017

2017 was a year of great changes in the world of cyberthreats facing financial organizations.

Firstly, in 2017 we witnessed a continuation of cyberattacks targeting systems running SWIFT — a fundamental part of the world’s financial ecosystem. Attackers were able to use malware in financial institutions to manipulate applications responsible for cross-border transactions, making it possible to withdraw money from any financial organization in the world, because SWIFT software is unified and used by almost all the major players in the financial market. Victims of these attacks included several banks in more than 10 countries around the world.

Secondly, in 2017 we saw the range of financial organizations that cybercriminals have been trying to penetrate, expand significantly. Different cybercriminal groups penetrated bank infrastructure, e-money systems, cryptocurrency exchanges, capital management funds, and even casinos. Their main goal was to withdraw very large sums of money.

To complete their cybercriminal activities, attackers rely on proven schemes of monetizing network access. In addition to their attacks on SWIFT systems, cybercriminals have been actively using ATM infections, including those on financial institution’s own networks, as well as wielding RB (remote banking) systems, PoS terminal networks, and making changes in banks’ databases to ‘play’ with card balances.

Attacks on ATMs are worth mentioning separately. This kind of robbery became so popular that 2017 saw the first ATM malware-as-a-service: with cybercriminals providing on underground forums all necessary malicious programs and video instructions to gain access to ATMs. Those who bought a subscription only needed to choose an ATM, open it following the instructions, and pay the service organizers for activating the malicious program on the ATM, after which the money withdrawal process started. Schemes like this significantly increased the number of cybercriminals, even making cybercrime accessible to non-professionals.

We saw the interception of bank customers’ electronic operations through the hijacking of bank domains. Thus, customers did not have access to their bank’s real infrastructure, but to a fake one created by intruders. For several hours, criminals were therefore able to perform phishing attacks, install malicious code and wield the operations of customers who were using online banking services at the time.

It’s worth noting that, in some countries, banks have forgotten about the most “unimportant” thing – physical security. This has made attacks on banks’ financial assets possible. In some cases, this was due to easy access to cable lines, to which small Raspberry Pi devices were then connected. For several months these devices passively collected information about bank networks and sent intercepted data over LTE connections to the servers of intruders.

Predictions for 2018
  • Attacks via the underlying blockchain technologies of financial systems

Almost all of the world’s large financial organizations are actively investing in systems based on blockchain technology. Any new technology has its advantages, but also a number of new risks. Financial systems based on blockchain do not exist autonomously, therefore vulnerabilities and errors in blockchain implementation can enable attackers to earn money and disrupt the work of a financial institution. For instance, in 2016-2017, a number of vulnerabilities and errors were discovered in smart contracts, on which a number of financial institution’s services have been built.

  • More supply chain attacks in the financial sphere

Large financial organizations invest considerable resources in cybersecurity, thus the penetration of their infrastructure is not an easy task. However, a threat vector that is likely to be actively used by cybercriminals in the coming year is attacks on software vendors supplying financial organizations. Such vendors, for the most part, have a weak level of protection compared to the financial organizations themselves. Last year, we witnessed a number of attacks like this: including against  NetSarang, CCleaner, and MeDoc. As we can see, attackers replaced or modified updates for very different types of software. In the next year, we can expect cybercriminals to perform attacks via software designed specifically for financial organizations, including software for ATMs and PoS terminals. A few months ago we registered the first attempts of this kind, when attackers embedded a malicious module into a firmware installation file, and placed it on the official website of one of the American ATM software vendors.

  • Mass media (in general, including Twitter accounts, Facebook pages, Telegram, etc.) hacks and manipulation for getting financial profit through stock/crypto exchange trade

2017 will be remembered as the year of ‘fake news’. Besides the manipulation of public opinion, this phrase can also mean a dishonest way of earning money. While stock exchange trading is mostly carried out by robots manipulating source data, which is used to make certain transactions, it can also lead to enormous changes in the price of goods, financial instruments and cryptocurrencies. In fact, just one tweet from an influencer, or a wave of messages on a social network created with the help of fake accounts, can drive the markets. And this method will certainly be used by intruders. With this approach, it’s almost impossible to find out which of the beneficiaries is the customer of the attack.

  • ATM malware automation

The first malware for ATMs appeared in 2009, and since then these devices have received constant attention from cyber-fraudsters. There has been a continuous evolution of this type of attack. The past year saw the emergence of ATM malware-as-a-service, and the next step will be the full automation of such attacks – a mini-computer will be connected automatically to an ATM, leading to malware installation and jackpotting or card data collection. This will significantly shorten the time needed for intruders to commit their crime.

  • More attacks on crypto exchange platforms

For the past year, cryptocurrencies have attracted a huge number of investors, which in turn has led to a boom in new services for trading various coins and tokens. Traditional players in the financial market, with highly developed cybersecurity protection, haven’t rushed to enter this field.

This situation provides attackers with an ideal opportunity to target cryptocurrency exchanges. On the one hand, new companies haven’t managed to test their security systems properly. On the other hand, the entire cryptocurrency exchange business, technically speaking, is built on well-known principles and technologies. Thus, attackers know, as well as have, the necessary toolkit to penetrate the infrastructure of new sites and services working with cryptocurrencies.

  • Traditional card fraud will spike due to the huge data breaches of the previous year

Big personal data leaks – including the recent Equifax case, which resulted in more than 140 million U.S. residents’ data being leaked to cybercriminals, and the Uber case, when the data of another 57 million customers was leaked – has created a situation where traditional banking security can seriously fail, because it’s based on the analysis of data about current or potential customers.

For example, detailed knowledge of a victim’s personal data can allow attackers to pose as a banking customer, and extract their victim’s money or security information, while to the bank concerned, their request looks legitimate. Therefore, the coming year may be marked by a spike in quite traditional fraud schemes, with the big data that has been collected (but not properly protected) by organizations about their customers for years, set to help attackers in the successful realization of their fraud schemes.

  • More nation-state sponsored attacks against financial organizations

The infamous Lazarus group, which is likely to be North-Korean state-sponsored, has attacked a number of banks in different parts of the world in the last few years. These have included banks in countries in Latin America, Europe, Asia and Oceania. Their main purpose has been to withdraw large sums of money, amounting to hundreds of millions of dollars. In addition, the data released by the Shadow Brokers indicates that experienced state-sponsored APT-groups are targeting financial institutions in order to learn more about cash flows. It is very likely that, next year other APT groups from countries that have just joined the cyber-spy game will follow this approach – both to earn money and to obtain information about customers, the flow of funds and the internal procedures of financial organizations.

  • Fintechs’ inclusion and mobile only-users: a fall in the number of traditional PC-oriented internet-banking Trojans. Novice mobile banking users will be a new prime target for criminals

Digital banks will continue revolutionizing the financial sector on a global scale, especially in emerging markets. For example, in Brazil and Mexico, these banks are gaining more and more momentum and this, of course, has attracted cybercriminal attention. We are sure that the world of cybercrime will see increasing attacks against this type of banks and their customers. Their main feature is the complete absence of branches and traditional customer service. All communication between the bank and its customers actually occur through a mobile application. This can have several consequences.

The first is a decrease in the number of Windows Trojans, aimed at stealing money through traditional internet banking. The second is that the growing number of digital financial institutions will lead to organic growth in the number of users that are easy targets for cybercriminals: people without any mobile banking experience, but with banking applications installed on their mobile devices. These people will be the main targets for both malware attacks, such as Svpeng, and schemes completely built on social engineering. Persuading a customer to transfer money through a mobile application is much easier than forcing them to go to a physical bank and make a transaction.


During the past few years, the number and quality of attacks aimed at financial sector organizations has grown continuously. These are attacks on the infrastructure of an organization and its employees, not its customers.

The financial institutions that have not already thought about cybersecurity will soon face the consequences of hacker attacks. And these consequences will be incompatible with the continuation of these businesses: they will lead to a complete halt in operations as well as extreme losses.

To prevent situations like this from happening, it is necessary to constantly adapt security systems to new emerging threats. This is impossible without analyzing data and information about the most important and relevant cyberattacks aimed at financial organizations.

An effective approach to combating attacks will be for banks to choose the right security solutions, but also to use specialized intelligence reports on attacks as these contain information that must be implemented immediately into overall protection systems. For example, using YARA-rules and IOCs (indicators of compromise), will become vital for financial organizations in the coming months.

Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

The Register - Anti-Virus - 6 Prosinec, 2017 - 08:01
Message client vendors have had 25 years to get RFC 1342 right

Penetration tester Sabri Haddouche has reintroduced the world to email source spoofing, bypassing spam filters and protections like Domain-based Message Authentication, Reporting and Conformance (DMARC), thereby posing a risk to anyone running a vulnerable and unpatched mail client.…

Kategorie: Viry a Červi
Syndikovat obsah