Nastiest Malware 2023
News, Announcements, Tech Discussions
[b]By [url=http://www.securityweek.com/authors/securityweek-news]SecurityWeek News[/url] on July 07, 2016[/b] [b]A new version of the Kovter ad Trojan was recently observed to pose as a Firefox update while abusing a legitimate certificate to ensure successful infection. [/b] Historically, [b]Kovter[/b] has been observed employing a variety of techniques to ensure that it can successfully compromise computers and can avoid detection at the same time. Last year, researchers noticed that [u][url=http://www.securityweek.com/ad-fraud-trojan-kovter-patches-flash-player-ie-keep-other-malware-out]the malware was patching[/url][/u] the Adobe Flash Player and Microsoft Internet Explorer applications on the infected systems, to ensure that other threats are kept out. [u][url=http://www.securityweek.com/fileless-trojan-kovter-poses-firefox-update]Full Article[/url][/u]
[b][url=https://www.helpnetsecurity.com/author/zeljkazorz/]Zeljka Zorz[/url] - July 5, 2016[/b] Technical details about a serious vulnerability affecting all but the latest version of the GNU wget software have been released online, along with PoC exploit scenarios. [img]https://www.helpnetsecurity.com/images/posts/broken.jpg[/img] Unearthed by security researcher Dawid Golunski, the flaw (CVE-2016-4971) was reported to the software’s developer through Beyond Security’s SecuriTeam, and has been [u][url=http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html]fixed[/url][/u] in version 1.18 of the popular utility for retrieving content from web servers. [u][url=https://www.helpnetsecurity.com/2016/07/05/exploit-gnu-wget-rce-flaw/]Full
[b]By [url=http://www.securityweek.com/authors/eduard-kovacs]Eduard Kovacs[/url] on June 10, 2016 [/b] [b]VMware has released updates for some of its products to address several vulnerabilities, including an information disclosure issue rated critical.[/b] In an advisory published on Thursday, the company revealed that VMware NSX and vCloud Networking and Security (vCNS) are plagued by a critical input validation flaw ([u][url=http://www.vmware.com/security/advisories/VMSA-2016-0007.html]CVE-2016-2079[/url][/u]). The vulnerability can be exploited by a remote attacker to gain access to sensitive information. The flaw affects NSX Edge 6.1 and 6.2, and vCNS Edge 5.5. Users have been advised to update to versions 6.1.7, 6.2.3 and 5.5.4.3, respectively. [u][url=http://www.securityweek.com/vmware-patches-critical-flaw-nsx-vcns-products]Full Article[/url][/u]
[b]By [url=http://www.esecurityplanet.com/author/2010/Jeff-Goldman]Jeff Goldman[/url] | Posted June 13, 2016 [/b] When employees leave a company and take sensitive data with them, intentionally or not, the repercussions can be massive. In February of this year, an employee leaving the FDIC exposed [url=http://www.esecurityplanet.com/network-security/fdic-suffers-insider-breach.html]44,000 FDIC customers’ personal information[/url] when she downloaded the data to her personal storage device. Later the same month, a former employee of UK regulator Ofcom offered his new employer [url=http://www.esecurityplanet.com/network-security/uk-regulator-ofcom-suffers-massive-insider-breach.html]as much as six years of sensitive data[/url] provided to the regulator by television companies. A recent survey of 400 employees by Veriato, a provider of employee monitoring software, found that a third of respondents believe they own or share ownership of the corporate data they wo
[h2]Hack can be carried out by operators of Wi-Fi hotspots, where HTTPs is needed most.[/h2][b][url=http://arstechnica.com/author/dan-goodin/]Dan Goodin[/url] - 7/26/2016[/b] A key guarantee provided by HTTPS encryption is that the addresses of visited websites aren't visible to attackers who may be monitoring an end user's network traffic. Now, researchers have devised an attack that breaks this protection. The attack can be carried out by operators of just about any type of network, including public Wi-Fi networks, which arguably are the places where Web surfers need HTTPS the most. It works by abusing a feature known as WPAD—short for [u][url=https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol]Web Proxy Autodisovery[/url][/u]—in a way that exposes certain browser requests to attacker-controlled code. The attacker then gets to see the entire URL of every site the target visits. The exploit works against virtually all browsers and operating systems. It will be
[b]By [url=http://www.securityweek.com/authors/eduard-kovacs]Eduard Kovacs[/url] on June 24, 2016 [/b] [b]Trojan known as “Marcher” has increased considerably over the past period, but PhishLabs researchers said the latest samples they have analyzed don’t target the United States.[/b] Marcher, a threat offered on Russian underground forums since late 2013, currently retails for roughly $5,000. The malware initially focused on banks in Germany, but the list of targets was later expanded to include France, Poland, Turkey, the United States, Australia, Spain, Austria and others. IBM Security reported in early June that nine major [url=http://www.securityweek.com/improved-marcher-banking-trojan-targets-uk]banks in the United Kingdom [/url]had also been added to the list of targets. Samples analyzed by PhishLabs this month target the customers of 66 companies, including 62 banks, Google email services and PayPal. IBM reported earlier this month that the United States was the six
[h2]Users are urged to update their devices as soon as possible[/h2] [img]http://i1-news.softpedia-static.com/images/fitted/340x180/apple-outs-ios-9-3-4-for-iphone-ipad-ipod-to-fix-an-important-security-issue.jpg[/img] [b]Aug 4, 2016 21:20 GMT · By [url=http://news.softpedia.com/editors/browse/marius-nestor]Marius Nestor[/url] [/b] [b]Today, August 4, 2016, Apple has released the fourth maintenance update to the iOS 9.3 stable series of mobile operating systems for iPhone, iPad, and iPod touch devices.[/b] iOS 9.3.4 comes approximately two weeks after the release of the third maintenance update, iOS 9.3.3, to only fix an important security issues that was used by the Pangu Team to jailbreak iPhone, iPad, and iPod touch devices running iOS 9.2 to iOS 9.3.3. [u][u
[b][/b] Android malware has found its way into security industry news again in the past several days. First, Trend Micro reported last week that the so-called “[url=http://blog.trendmicro.com/trendlabs-security-intelligence/godless-mobile-malware-uses-multiple-exploits-root-devices/]Godless[/url]” mobile malware can target any Android running Android 5.1 (Lollipop) or earlier. The company said the malware has affected more than 850,000 devices worldwide and can be found in prominent app stores such as Google Play. Then on Wednesday, Cheetah Mobile estimated that a Chinese hacking organization was making $500,000 a day via a Trojan dubbed “[url=http://www.cmcm.com/blog/en/security/2016-06-29/995.html]Hummer[/url].” Calling it the most prolific Trojan in history, the company reported that during the first half of 2016 alone, Hummer infected nearly 1.4 million devices worldwide. In China alone there were 63,000 infections a day. Despite Google’s attempts over the past several years to do
[b]24 Jun 2016 by [url=https://nakedsecurity.sophos.com/author/nslisavaas/]Lisa Vaas[/url][/b] [b] [img]https://sophosnews.files.wordpress.com/2016/06/shutterstock_405351559.jpg?w=780&h=408&crop=1[/img][/b] Email exchanges [u][url=http://www.judicialwatch.org/press-room/press-releases/judicial-watch-releases-state-department-inspector-general-investigation-records-related-hillary-clinton-emails/]released[/url][/u] on Wednesday by Judicial Watch, a conservative advocacy group, show that in December 2010, filters were blocking messages from then US Secretary of State Hillary Clinton and her staff, sending them to the spam folder or making them bounce. So the State Department turned them off. The department’s IT staff
[b]By [url=http://www.itproportal.com/staff/anthonyspadafora/]Anthony Spadafora[/url][/b] With cyber attacks on the rise, organizations are facing pressure to beef up their security to avoid falling victim to such an attack. However, a recent IT security report from Spiceworks shows that 80 percent of organizations were affected by at least one security incident during 2015. To compile its report, the company surveyed over 600 IT professionals from the US and UK. Shockingly, Spiceworks discovered that few organizations have either an in-house or third-party cyber security expert on call. According to the survey only 29 percent of organizations have such an expert working in their IT department and 23 percent contract outside experts to handle security situations. However, 55 percent of the organizations surveyed said that they do not have regular access to in-house or third-party IT security experts. Spiceworks also found that the number of IT professionals with security c
[h2]Phishers are now showing you the correct links in the browser link preview tooltip, but redirecting you to the wrong URL[/h2] [b]Jun 15, 2016 21:20 GMT · By [url=http://news.softpedia.com/editors/browse/catalin-cimpanu]Catalin Cimpanu[/url][/b] [b]Hovering links to see their true location may be a useless security tip in the near future if phishers get smart about their mode of operation and follow the example of a recent crook that managed to bypass this browser built-in security feature.[/b] Usually, phishing emails contain links that redirect users to Web pages crafted to look like the real service they're imitating. Users have always been instructed to hover links in the emails they receive or the buttons on a suspicious page to detect if any of the links lead them back to a trusted domain, or just a look-alike URL. [u][url=http://news.softpedia.com/news/hidden-javascript-redirect-makes-phishing-pages-harder-to-detect-505295.shtml]Full Articl
[i]See Also - [url=https://community.webroot.com/t5/Security-Industry-News/Distributors-of-Dridex-Banking-Trojan-Take-a-Break-Deliver/m-p/240152/highlight/true#M22691][u]Distributors of Dridex Banking Trojan Take a Break, Deliver Ransomware Instead[/u] [/url][/i] [b]By [url=https://www.grahamcluley.com/author/grahamcluley/]Graham Cluley[/url] | July 14, 2016[/b] F-Secure is warning computer users about a significant increase in sightings of the Locky ransomware, typically spammed out posing as invoices or profiles for positions at your company. Here is how researcher Päivi Tynninen described the scale of the malware campaign: [quote]Yesterday, Tuesday, we saw two new campaigns with a totally different magnitude: more than 120,000 spam hits per hour. In other words, over 200 times more than on normal days, and 4 times more than on last week’s campaigns. [/quote] [u][url=https://www.grahamcluley.com/2016/07/careful-inbox-massive-locky-ransomware-campaign-underway/]Fu
[h2]Someone pressed the wrong button in portal redesign[/h2]16 Jul 2016 at 00:10, [url=http://www.theregister.co.uk/Author/2395]Iain Thomson[/url] [img]https://regmedia.co.uk/2016/07/15/mistake.jpg?x=648&y=348&crop=1[/img] [i]"Weird emails from Samsung to third-party developers containing usernames and passwords had some worried that the chaebol had been hacked. But the electronics giant says it's nothing to worry about.[/i] [i]Earlier in the week, several Reg readers got in touch after they each received an email from Sammy titled "Your Login Information for SDP," which contained their [url=http://developer.samsung.com/home.do]Samsung Developer Program website[/url] username and a new password. A "login" link below this information led to a dead page, leading some to assume that there was something phishy going on.[/i] [i]A day later and a second email arrived, this time apologizing for the earlier missive and saying the mailing had occurred "a
[h2]Million dollar scam club flubs, cops get lion but no cubs[/h2] [img]https://regmedia.co.uk/2016/02/01/arrest_45646675675656567567674.jpg?x=648&y=348&crop=1[/img] [b] 21 Jun 2016 at 07:05, [url=http://www.theregister.co.uk/Author/2823]Darren Pauli[/url][/b] The Russian ringleader of a carding group has pled guilty to selling US$1.6 million (£1.1 million, A$2.1 million) worth of tickets to major events, bought using credit cards stolen from StubHub accounts. Vadim Polyakov, 32, led a group that broke into StubHub accounts using the access to buy tickets to premiere music, sports, and theatre events. The group then sold those tickets for profit, some fetching US$1,000 (£683, A$1,337) each. Prosecutors say more than 1,000 StubHub accounts were compromised to purchase over 350
