Viry a Červi

Beware the IDEs of Android: three biggies have vulnerabilities

The Register - Anti-Virus - 6 Prosinec, 2017 - 05:54
Android Studio, Eclipse, and IntelliJ IDEA stabbed in the back by an XML parser

Developers using the Android Studio, Eclipse, and IntelliJ IDEA have been advised to update their IDEs against serious and easily-exploitable vulnerabilities.…

Kategorie: Viry a Červi

TeamViewer Rushes Fix for Permissions Bug

VirusList.com - 5 Prosinec, 2017 - 22:04
TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission.
Kategorie: Viry a Červi

Data-slurping keyboard app makes Mongo mistake with user data

The Register - Anti-Virus - 5 Prosinec, 2017 - 21:59
Ai.type leaves wealth of personal info open to all

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you’re giving up with some apps.…

Kategorie: Viry a Červi

Developers Targeted in ‘ParseDroid’ PoC Attack

VirusList.com - 5 Prosinec, 2017 - 18:27
A proof of concept attack developed by researchers target users of the development platforms for Android and Java.
Kategorie: Viry a Červi

Politicians boast about sharing passwords, bask in blissful ignorance

Sophos Naked Security - 5 Prosinec, 2017 - 17:27
'Staff use my login every day!', 'I have to ask staff members my own password when I forget it!", and other stories...

High schooler hacks his way to a higher GPA

Sophos Naked Security - 5 Prosinec, 2017 - 17:02
You’d think students smart enough to hack into their school’s IT system and change their grades wouldn’t need to hack into their school’s IT system and change their grades.

Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

The Register - Anti-Virus - 5 Prosinec, 2017 - 16:07
It's 2017: Is the splinternet nearer than ever?

Analysis  Barclays has stopped offering free Kaspersky Lab products to new users in a move that shows, like Best Buy, commercial firms can be swayed by governmental stances on dealing with the Russian software firm.…

Kategorie: Viry a Červi

Facebook brings Messenger to kids as young as 6

Sophos Naked Security - 5 Prosinec, 2017 - 13:54
Do kids that young "need" a parent-sanctioned chat app? Facebook thinks so.

Once again, UK doesn't rule out buying F-35A fighter jets

The Register - Anti-Virus - 5 Prosinec, 2017 - 13:52
It'd be more expensive than just buying Bs. Why do this?

The United Kingdom is edging ever closer to buying F-35As, instead of the B model needed to fly from the Navy’s new aircraft carriers, as a senior officer once again refused to rule out a future F-35A purchase.…

Kategorie: Viry a Červi

PayPal’s TIO Networks breached; PII of 1.6 million users affected

Sophos Naked Security - 5 Prosinec, 2017 - 13:16
No worries, PayPal says: Tio Networks' systems are completely separate from PayPal's. Phew!

Kaspersky Security Bulletin: Review of the Year 2017

Kaspersky Securelist - 5 Prosinec, 2017 - 11:00

ul li {margin-bottom:2.4rem;} Introduction

The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat landscape.

Looking back over 2017, what stands out most is the growing number of blurred boundaries: between different types of threat and different types of threat actor.  Examples of this trend include the headline-making ExPetr attack in June. At first sight, this seemed to be yet another ransomware program, but it turned out to be a targeted, destructive data wiper. Another example is the dumping of code by the Shadow Brokers group, which placed advanced exploits allegedly developed by the NSA at the disposal of criminal groups that would otherwise not have had access to such sophisticated code. Yet another is the emergence of advanced targeted threat (APT) campaigns focused not on cyberespionage, but on theft,  stealing money to finance other activities the APT group is involved in. It will be interesting to see how this trend evolves over 2018.

Highlights of 2017
  • The defining cyber-moments of 2017 were, without doubt, the WannaCry, ExPetr and BadRabbit ransomware attacks. The infamous Lazarus threat actor is believed to have been behind WannaCry, which spread at staggering speed and is now believed to have claimed around 700,000 victims worldwide. ExPetr was more targeted, hitting businesses including many well-known global brands through infected business software.  Maersk, the world’s largest container ship and supply vessel company has declared anticipated losses of between $200 mln. and $300 mln. as a result of ‘significant business interruption’ caused by the attack; while FedEx/TNT has announced around $300 mln. in lost earnings.
  • Elsewhere, the world’s big cyberespionage threat actors continued to do what they do, but with new, harder-to-detect tools and approaches. We reported on a wide range of campaigns, including the historically significant Moonlight Maze, believed to be related to Turla, as well as another Turla-related APT we call WhiteBear. We also uncovered the most recent toolkit of the Lamberts, an advanced threat actor that can be compared with Duqu, Equation, Regin or ProjectSauron in terms of complexity, and more technical details about the Spring Dragon group. In October, our advanced exploit prevention systems identified a new Adobe Flash zero-day exploit used in the wild against our customers, delivered through a Microsoft Office document.  We can confidently link this attack to an actor we track as BlackOasis.  For a more detailed summary of APT activity during 2017, you can view our annual APT review webinar here.
  • In 2017 we also observed a resurgence of targeted attacks designed to destroy data, either instead of, or as well as data theft, for example Shamoon 2.0 and StoneDrill. We also uncovered threat actors achieving success, sometimes for years, with simple and poorly executed campaigns. The EyePyramid attack in Italy was a good example of this. Microcin provided another instance of how cybercriminals can achieve their goals by using cheap tools and selecting their targets with care.
  • 2017 also revealed the extent to which advanced threat actors were diversifying into common theft to fund their expensive operations. We reported on BlueNoroff a subset of the infamous Lazarus group and responsible for the generation of illegal profits. BlueNoroff targeted financial institutions, casinos, companies developing financial trade software and those in the crypto-currency business, among others. One of the most notable BlueNoroff campaigns was its attacks on financial institutions in Poland.
  • Attacks on ATMs continued to rise in 2017, with attackers targeting bank infrastructure and payment systems using sophisticated fileless malware, as well as by the more rudimentary methods of taping over CCTVs and drilling holes. More recently, we discovered a new targeted attack on financial institutions – mainly banks in Russia, but also some in Malaysia and Armenia. The attackers behind this Silence Trojan used a similar approach to Carbanak.
  • Supply chain attacks appear to be the new ‘watering holes’ when it comes to targeting business victims. An emerging threat in 2017, seen in ExPetr and ShadowPad, which looks set to increase further in 2018.
  • A year on from the Mirai botnet in 2016, the Hajime botnet was able to compromise 300,000 connected devices – and it was just one of many campaigns focused on connected devices and systems.
  • 2017 also saw a number of massive data breaches, with millions of records exposed overall –  these include Avanti Markets, Election Systems & Software, Dow Jones, America’s Job Link Alliance and Equifax. The Uber data breach which took place in October 2016 and exposed the data of 57 million customers and drivers was only made public in November 2017.
  • The mobile malware landscape also evolved in 2017, and Trojanized mobile apps were downloaded in their tens of thousands or more, resulting in victims being swamped with aggressive advertising, hit with ransomware or facing theft through SMS and WAP billing. Mobile malware added new tricks to avoid detection, bypass security and exploit new services. As in 2016, many such apps were readily available through reputable sources such as the Google Play Store. Trojans particularly prevalent in 2017 included the Ztorg Trojan, Svpeng, Dvmap, Asacub and Faketoken.
Conclusion

2017 was a year when many things turned out to be very different from what they initially seemed to be. Ransomware was a wiper; legitimate business software was a weapon; advanced threat actors made use of simple tools while attackers farther down the food chain got their hands on highly sophisticated ones. These shifting sands of the cyberthreat landscape represent a growing challenge for security defenders.

For more information on these trends and advice on staying safe, please see the full Review of the Year 2017.

 Download the Kaspersky Security Bulletin: Review of the Year 2017

Turns out Leakbase <i>can</i> keep a secret: It has shut down with zero info

The Register - Anti-Virus - 5 Prosinec, 2017 - 08:03
Stolen-creds-for-cash site disappears, unmourned

Stolen-creds-for-sale site Leakbase has gone dark and started redirecting to Troy Hunt's HaveIBeenPwned.…

Kategorie: Viry a Červi

Google prepares 47 Android bug fixes, ten of them rated Critical

The Register - Anti-Virus - 5 Prosinec, 2017 - 07:02
Nexus and Pixel owners get their fixes on US Tuesday. The rest of us peasants have to wait

Google has teased 47 Android patches for Nexus and Pixel devices.…

Kategorie: Viry a Červi

Infosys names a new CEO: welcome to the hot-seat Salil S. Parekh

The Register - Anti-Virus - 5 Prosinec, 2017 - 04:32
Former CapGemini man steps in after last CEO bailed after nasty sniping

Infosys has named its next leader: Salil S. Parekh will become as CEO an managing director as of January 2nd, 2018, and has been appointed for five years.…

Kategorie: Viry a Červi

Dentist-turned bug-biter given a taste of freedom

The Register - Anti-Virus - 5 Prosinec, 2017 - 02:58
Just did an eight month bit without bail for chewing the FBI's ear

Justin Shafer, who last year sparked a complaint to the FBI for discovering a dental software vendor's unprotected FTP server, will walk free until his trial begins.…

Kategorie: Viry a Červi

International team takes down virus-spewing Andromeda botnet

The Register - Anti-Virus - 5 Prosinec, 2017 - 01:46
Infections spread across over 200 regions

Police and private companies have taken down a massive botnet used to move malware onto compromised PCs.…

Kategorie: Viry a Červi

SEC's cyber-cops cyber-file cyber-first cyber-fraud cyber-charges

The Register - Anti-Virus - 5 Prosinec, 2017 - 01:30
Securities watchdog puts the freeze on dodgy ICO

The SEC's new online crime unit says it has frozen what officials believe to be a fraudulent cryptocurrency.…

Kategorie: Viry a Červi

Smile, you’re on hidden webcam Airbnb TV!

Sophos Naked Security - 4 Prosinec, 2017 - 22:03
Webcams can be tucked into anything from smoke alarms to air fresheners, in Airbnbs AND hotel rooms. Here's how to spot them, and what to do if you find one.

Prison hacker who tried to free friend now likely to join him inside

The Register - Anti-Virus - 4 Prosinec, 2017 - 22:00
But he got oh so close

A Michigan man who hacked into his local prison's computing system to gain early release for a friend is facing his own time inside after getting caught.…

Kategorie: Viry a Červi

Google Cracks Down On Nosy Android Apps

VirusList.com - 4 Prosinec, 2017 - 21:28
Google beefs up privacy protections on apps distributed via third-party Android marketplaces and Google Play that that collect personal data without user consent.
Kategorie: Viry a Červi
Syndikovat obsah