Tag: security

NSA Links WannaCry To North Korea

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300, 000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with “moderate confidence” to North Korea’s spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that “cyber actors” suspected to be “sponsored by” the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called “the Lazarus Group, ” a name used by private-sector researchers. Read more of this story at Slashdot.

Visit link:
NSA Links WannaCry To North Korea

Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could’ve registered the domain and installed malicious apps on the phones. Read more of this story at Slashdot.

Originally posted here:
Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

Malware downloader infects your PC without a mouse click

You think you’re safe from malware since you never click suspicious-looking links, then somebody finds a way to infect your PC anyway. Security researchers have discovered that cybercriminals have recently started using a malware downloader that installs a banking Trojan to your computer even if you don’t click anything. All it takes to trigger the download is to hover your mouse pointer over a hyperlink in a carrier PowerPoint file. According to researchers from Trend Micro and Dodge This Security the technique was used by a recent spam email campaign targeting companies and organizations in Europe, the Middle East and Africa. The emails’ subjects were mostly finance-related, such as “Invoice” and “Order #, ” with an attached PowerPoint presentation. [Image credit: Trend Micro] The PowerPoint file has a single hyperlink in the center that says “Loading… please wait” that has an embedded malicious PowerShell script. When you hover your mouse pointer over the link, it executes the script. If you’re running a newer version of Microsoft Office, though, you’ll still need to approve the malware’s download before it infects your PC. That’s because the more modern versions of the suite has Protected View, which will show a prompt warning you about a “potential security concern” when the script starts running. Just click Disable, and you’ll be fine. However, older versions of the suite don’t have that extra layer of security. The downloader can install a Trojan virus into your system to steal your credentials and bank account information the moment your mouse pointer hovers over the link. [Image credit: Trend Micro] The good news is that the spam emails died down back on May 29th after peaking on the 25th with 1, 444 detections by Trend Micro. Still, it’s better to steer clear of similar emails, since it’s always possible that the campaign in May was just a test run for a bigger one. Via: Ars Technica Source: Trend Micro , Dodge This Security

Continue Reading:
Malware downloader infects your PC without a mouse click

Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls

An anonymous reader writes: Microsoft’s security team has come across a malware family that uses Intel’s Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. The problem with Intel AMT SOL is that it’s part of Intel’s ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. Inside Intel’s ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won’t detected malware using AMT SOL to exfiltrate data. The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer. Details about PLATINUM’s recent targets and attacks are available in a report [PDF] Microsoft released yesterday. Read more of this story at Slashdot.

View the original here:
Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls

Russian Malware Communicates Using Britney Spears’s Instagram Account

JustAnotherOldGuy writes: A key weakness in malicious software is the “Command and Control” (C&C) system — a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server’s address, and then shut it down. Turla is an “advanced persistent threat” hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests. A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears’ Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears’s image posts. The compromised systems check in with Spears’ Instagram whenever they need to know where the C&C server is currently residing. Read more of this story at Slashdot.

Continue reading here:
Russian Malware Communicates Using Britney Spears’s Instagram Account

Microsoft Leak Reveals New Windows 10 Workstation Edition For Power Users

Upon close inspection of the Windows 10 build that Microsoft accidentally pushed to insiders last week, several users are reporting discovering the reference of a new Windows 10 SKU. From a report: In a leaked slide, Microsoft describes the edition as “Windows 10 Pro for Workstation” with four main capabilities: 1. Workstation mode: Microsoft plans to optimize the OS by identifying “typical compute and graphics intensive workloads” to provide peak performance and reliability when Workstation mode is enabled. 2. Resilient file system: Microsoft’s file system successor to NTFS, dubbed ReFS, is enabled in this new version, with support for fault-tolerance, optimized for large data volumes, and auto-correcting. 3. Faster file handling: As workstation machines are typically used for large data volumes across networks, Microsoft is including the SMBDirect protocol for file sharing and high throughput, low latency, and low CPU utilization when accessing network shares. 4. Expanded hardware support: Microsoft is also planning to allow Windows 10 Pro for Workstation on machines with up to 4 CPUs and a memory limit of 6TB. Windows 10 Pro currently only supports 2 CPUs. Read more of this story at Slashdot.

Read this article:
Microsoft Leak Reveals New Windows 10 Workstation Edition For Power Users

Java 9 Delayed Due To Modularity Controversy

An anonymous reader quotes InfoWorld: Java 9 won’t be released on July 27 after all. Oracle has proposed that Java 9 Standard Edition be delayed until September 21 so the open source community that is finalizing Java 9 can address the ongoing controversy over a planned but later rejected approach to modularity, said Georges Saab, vice president of software development in the Java platform group at Oracle and chairman of the OpenJDK governing board… The [Java Platform Module System] measure was sent back to the proposal’s expert group for further discussion. Since then, the group has reached consensus on addressing the modularity concerns, Saab said. But they cannot rework Java 9 in time for the original July 27 release date… If the revised JSR 376 approved, as expected, work can proceed on implementing it in the official version of Java 9 SE. This setback for Java 9s upcoming upgrade, however, should just be temporary, with Oracle expecting a more rapid cadence of Java SE releases going forward, Saab said. Read more of this story at Slashdot.

View original post here:
Java 9 Delayed Due To Modularity Controversy

Wikipedia’s Switch To HTTPS Has Successfully Fought Government Censorship

Determining how to prevent acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption. From a report: HTTPS prevents governments and others from seeing the specific page users are visiting. For example, a government could tell that a user is browsing Wikipedia, but couldn’t tell that the user is specifically reading the page about Tiananmen Square. Up until 2015, Wikipedia offered its service using both HTTP and HTTPS, which meant that when countries like Pakistan or Iran blocked the certain articles on the HTTP version of Wikipedia, the full version would still be available using HTTPS. But in June 2015, Wikipedia decided to axe HTTP access and only offer access to its site with HTTPS. The Harvard researchers began by deploying an algorithm which detected unusual changes in Wikipedia’s global server traffic for a year beginning in May 2015. This data was then combined with a historical analysis of the daily request histories for some 1.7 million articles in 286 different languages from 2011 to 2016 in order to determine possible censorship events. After a painstakingly long process of manual analysis of potential censorship events, the researchers found that, globally, Wikipedia’s switch to HTTPS had a positive effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015. Read more of this story at Slashdot.

See more here:
Wikipedia’s Switch To HTTPS Has Successfully Fought Government Censorship

Chipotle finds malware exposed credit card info across the US

Hackers stole credit card information from customers at Chipotle restaurants across the United States between March 24th and April 18th, the company announced today. Chipotle revealed in April that it had been the victim of an attack, and today it shared details about the type of information stolen from customers, which covered “cardholder name in addition to card number, expiration date, and internal verification code.” No other information was compromised, Chipotle said. The attack pulled data off the magnetic strips of credit cards used in physical Chipotle locations around the US. The company has not said how many customers were affected, though it offered a searchable list of locations that were actually hit in the attack, including the dates each restaurant was vulnerable. Some were compromised for about a week, and others for the full four weeks. If you swiped a credit card at a Chipotle in March or April, check out the list of affected restaurants right here . “Because of the nature of the incident and the type of data involved, we do not know how many unique payment cards may have been involved, ” Chipotle spokesperson Chris Arnold told Engadget. As Reuters notes, Chipotle is not offering credit monitoring services to compromised customers. The company said monitoring services don’t alert customers when a fraudulent charge is made in their name. “Chipotle takes this kind of issue very seriously, and we regret any inconvenience or concern it may have caused, ” Arnold told Engadget. “To help prevent a similar incident from recurring, we have resolved the issue and continue to work with cyber security firms to evaluate ways to enhance our security measures.” Source: Chipotle

View original post here:
Chipotle finds malware exposed credit card info across the US

Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn

Millions of people risk having their devices and systems compromised by malicious subtitles, according to a new research published by security firm Check Point. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes and in some cases, working on it. From a report: While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users. Researchers from Check Point, who uncovered the problem, describe the subtitle ‘attack vector’ as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. “By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device, ” they write. Read more of this story at Slashdot.

More:
Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn